projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Create l2cap_chan_send()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
57
bb58f747 58int disable_ertm;
f0709e03 59
47ec1dcd 60static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 61static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 62
1890d36b
GP		 63static struct workqueue_struct *_busy_wq;
64
23691d75
GP		 65LIST_HEAD(chan_list);
66DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1890d36b
GP		 68static void l2cap_busy_work(struct work_struct *work);
69
1da177e4
LT		 70static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 72static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
73 void *data);
710f9b0a 74static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 75static void l2cap_send_disconn_req(struct l2cap_conn *conn,
76 struct l2cap_chan *chan, int err);
1da177e4 77
218bb9df
GP		 78static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
79
0139418c 80/* ---- L2CAP channels ---- */
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
48454079 83 struct l2cap_chan *c;
baa7e1fa
GP		 84
85 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 86 if (c->dcid == cid)
baa7e1fa 87 return c;
0139418c 88 }
baa7e1fa
GP		 89 return NULL;
90
0139418c
MH		 91}
92
baa7e1fa 93static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 94{
48454079 95 struct l2cap_chan *c;
baa7e1fa
GP		 96
97 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 98 if (c->scid == cid)
baa7e1fa 99 return c;
0139418c 100 }
baa7e1fa 101 return NULL;
0139418c
MH		 102}
103
104/* Find channel with given SCID.
105 * Returns locked socket */
baa7e1fa 106static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 107{
48454079 108 struct l2cap_chan *c;
baa7e1fa
GP		 109
110 read_lock(&conn->chan_lock);
111 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 112 if (c)
113 bh_lock_sock(c->sk);
baa7e1fa 114 read_unlock(&conn->chan_lock);
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
48454079 120 struct l2cap_chan *c;
baa7e1fa
GP		 121
122 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 123 if (c->ident == ident)
baa7e1fa 124 return c;
0139418c 125 }
baa7e1fa 126 return NULL;
0139418c
MH		 127}
128
baa7e1fa 129static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 130{
48454079 131 struct l2cap_chan *c;
baa7e1fa
GP		 132
133 read_lock(&conn->chan_lock);
134 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 135 if (c)
136 bh_lock_sock(c->sk);
baa7e1fa 137 read_unlock(&conn->chan_lock);
48454079 138 return c;
0139418c
MH		 139}
140
23691d75 141static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 142{
23691d75 143 struct l2cap_chan *c;
9e4425ff 144
23691d75
GP		 145 list_for_each_entry(c, &chan_list, global_l) {
146 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 147 goto found;
148 }
149
23691d75 150 c = NULL;
9e4425ff 151found:
23691d75 152 return c;
9e4425ff
GP		 153}
154
155int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
156{
73b2ec18
GP		 157 int err;
158
23691d75 159 write_lock_bh(&chan_list_lock);
9e4425ff 160
23691d75 161 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 162 err = -EADDRINUSE;
163 goto done;
9e4425ff
GP		 164 }
165
73b2ec18
GP		 166 if (psm) {
167 chan->psm = psm;
168 chan->sport = psm;
169 err = 0;
170 } else {
171 u16 p;
172
173 err = -EINVAL;
174 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 175 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 176 chan->psm = cpu_to_le16(p);
177 chan->sport = cpu_to_le16(p);
178 err = 0;
179 break;
180 }
181 }
9e4425ff 182
73b2ec18 183done:
23691d75 184 write_unlock_bh(&chan_list_lock);
73b2ec18 185 return err;
9e4425ff
GP		 186}
187
188int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
189{
23691d75 190 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 191
192 chan->scid = scid;
193
23691d75 194 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 195
196 return 0;
197}
198
baa7e1fa 199static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 200{
8db4dc46 201 u16 cid = L2CAP_CID_DYN_START;
0139418c 202
8db4dc46 203 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 204 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 205 return cid;
206 }
207
208 return 0;
209}
210
23691d75 211struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 212{
213 struct l2cap_chan *chan;
214
215 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
216 if (!chan)
217 return NULL;
218
219 chan->sk = sk;
220
23691d75
GP		 221 write_lock_bh(&chan_list_lock);
222 list_add(&chan->global_l, &chan_list);
223 write_unlock_bh(&chan_list_lock);
224
48454079
GP		 225 return chan;
226}
227
23691d75 228void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 229{
23691d75
GP		 230 write_lock_bh(&chan_list_lock);
231 list_del(&chan->global_l);
232 write_unlock_bh(&chan_list_lock);
233
6ff5abbf
GP		 234 kfree(chan);
235}
236
48454079 237static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 238{
48454079 239 struct sock *sk = chan->sk;
0139418c 240
af05b30b 241 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 242 chan->psm, chan->dcid);
0139418c 243
2950f21a
MH		 244 conn->disc_reason = 0x13;
245
8c1d787b 246 chan->conn = conn;
0139418c 247
bd3c9e25 248 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
b62f328b
VT		 249 if (conn->hcon->type == LE_LINK) {
250 /* LE connection */
0c1bc5c6 251 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 252 chan->scid = L2CAP_CID_LE_DATA;
253 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 254 } else {
255 /* Alloc CID for connection-oriented socket */
fe4128e0 256 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 257 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 258 }
0139418c
MH		 259 } else if (sk->sk_type == SOCK_DGRAM) {
260 /* Connectionless socket */
fe4128e0
GP		 261 chan->scid = L2CAP_CID_CONN_LESS;
262 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 263 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 264 } else {
265 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 266 chan->scid = L2CAP_CID_SIGNALING;
267 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 268 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 269 }
270
baa7e1fa
GP		 271 sock_hold(sk);
272
273 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 274}
275
8e87d142 276/* Delete channel.
0139418c 277 * Must be called on the locked socket. */
4519de9a 278static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 279{
48454079 280 struct sock *sk = chan->sk;
8c1d787b 281 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 282 struct sock *parent = bt_sk(sk)->parent;
283
284 l2cap_sock_clear_timer(sk);
285
49208c9c 286 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 287
8e87d142 288 if (conn) {
baa7e1fa
GP		 289 /* Delete from channel list */
290 write_lock_bh(&conn->chan_lock);
291 list_del(&chan->list);
292 write_unlock_bh(&conn->chan_lock);
293 __sock_put(sk);
294
8c1d787b 295 chan->conn = NULL;
0139418c
MH		 296 hci_conn_put(conn->hcon);
297 }
298
b1235d79 299 sk->sk_state = BT_CLOSED;
0139418c
MH		 300 sock_set_flag(sk, SOCK_ZAPPED);
301
302 if (err)
303 sk->sk_err = err;
304
305 if (parent) {
306 bt_accept_unlink(sk);
307 parent->sk_data_ready(parent, 0);
308 } else
309 sk->sk_state_change(sk);
c13ffa62 310
b4450035
GP		 311 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
312 chan->conf_state & L2CAP_CONF_INPUT_DONE))
6ff5abbf 313 return;
2ead70b8 314
58d35f87 315 skb_queue_purge(&chan->tx_q);
c13ffa62 316
0c1bc5c6 317 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 318 struct srej_list *l, *tmp;
319
e92c8e70
GP		 320 del_timer(&chan->retrans_timer);
321 del_timer(&chan->monitor_timer);
322 del_timer(&chan->ack_timer);
c13ffa62 323
f1c6775b
GP		 324 skb_queue_purge(&chan->srej_q);
325 skb_queue_purge(&chan->busy_q);
c13ffa62 326
39d5a3ee 327 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 328 list_del(&l->list);
329 kfree(l);
330 }
331 }
0139418c
MH		 332}
333
4519de9a
GP		 334/* Must be called on unlocked socket. */
335static void l2cap_chan_close(struct sock *sk)
336{
337 l2cap_sock_clear_timer(sk);
338 lock_sock(sk);
339 __l2cap_chan_close(l2cap_pi(sk)->chan, ECONNRESET);
340 release_sock(sk);
341 l2cap_sock_kill(sk);
342}
343
344static void l2cap_chan_cleanup_listen(struct sock *parent)
345{
346 struct sock *sk;
347
348 BT_DBG("parent %p", parent);
349
350 /* Close not yet accepted channels */
351 while ((sk = bt_accept_dequeue(parent, NULL)))
352 l2cap_chan_close(sk);
353
354 parent->sk_state = BT_CLOSED;
355 sock_set_flag(parent, SOCK_ZAPPED);
356}
357
358void __l2cap_chan_close(struct l2cap_chan *chan, int reason)
359{
360 struct l2cap_conn *conn = chan->conn;
361 struct sock *sk = chan->sk;
362
363 BT_DBG("chan %p state %d socket %p", chan, sk->sk_state, sk->sk_socket);
364
365 switch (sk->sk_state) {
366 case BT_LISTEN:
367 l2cap_chan_cleanup_listen(sk);
368 break;
369
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 if ((sk->sk_type == SOCK_SEQPACKET ||
373 sk->sk_type == SOCK_STREAM) &&
374 conn->hcon->type == ACL_LINK) {
375 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
376 l2cap_send_disconn_req(conn, chan, reason);
377 } else
378 l2cap_chan_del(chan, reason);
379 break;
380
381 case BT_CONNECT2:
382 if ((sk->sk_type == SOCK_SEQPACKET ||
383 sk->sk_type == SOCK_STREAM) &&
384 conn->hcon->type == ACL_LINK) {
385 struct l2cap_conn_rsp rsp;
386 __u16 result;
387
388 if (bt_sk(sk)->defer_setup)
389 result = L2CAP_CR_SEC_BLOCK;
390 else
391 result = L2CAP_CR_BAD_PSM;
392
393 rsp.scid = cpu_to_le16(chan->dcid);
394 rsp.dcid = cpu_to_le16(chan->scid);
395 rsp.result = cpu_to_le16(result);
396 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
397 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
398 sizeof(rsp), &rsp);
399 }
400
401 l2cap_chan_del(chan, reason);
402 break;
403
404 case BT_CONNECT:
405 case BT_DISCONN:
406 l2cap_chan_del(chan, reason);
407 break;
408
409 default:
410 sock_set_flag(sk, SOCK_ZAPPED);
411 break;
412 }
413}
414
4343478f 415static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 416{
4343478f
GP		 417 struct sock *sk = chan->sk;
418
8556edd3 419 if (sk->sk_type == SOCK_RAW) {
4343478f 420 switch (chan->sec_level) {
8556edd3
JH		 421 case BT_SECURITY_HIGH:
422 return HCI_AT_DEDICATED_BONDING_MITM;
423 case BT_SECURITY_MEDIUM:
424 return HCI_AT_DEDICATED_BONDING;
425 default:
426 return HCI_AT_NO_BONDING;
427 }
fe4128e0 428 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 429 if (chan->sec_level == BT_SECURITY_LOW)
430 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 431
4343478f 432 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 433 return HCI_AT_NO_BONDING_MITM;
00ae4af9 434 else
8556edd3 435 return HCI_AT_NO_BONDING;
00ae4af9 436 } else {
4343478f 437 switch (chan->sec_level) {
00ae4af9 438 case BT_SECURITY_HIGH:
8556edd3 439 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 440 case BT_SECURITY_MEDIUM:
8556edd3 441 return HCI_AT_GENERAL_BONDING;
00ae4af9 442 default:
8556edd3 443 return HCI_AT_NO_BONDING;
00ae4af9 444 }
0684e5f9 445 }
8556edd3
JH		 446}
447
448/* Service level security */
4343478f 449static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 450{
8c1d787b 451 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 452 __u8 auth_type;
453
4343478f 454 auth_type = l2cap_get_auth_type(chan);
79d554a6 455
4343478f 456 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 457}
458
68983259 459u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 460{
461 u8 id;
462
463 /* Get next available identificator.
464 * 1 - 128 are used by kernel.
465 * 129 - 199 are reserved.
466 * 200 - 254 are used by utilities like l2ping, etc.
467 */
468
469 spin_lock_bh(&conn->lock);
470
471 if (++conn->tx_ident > 128)
472 conn->tx_ident = 1;
473
474 id = conn->tx_ident;
475
476 spin_unlock_bh(&conn->lock);
477
478 return id;
479}
480
4519de9a 481static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 482{
483 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 484 u8 flags;
4e8402a3
MH		 485
486 BT_DBG("code 0x%2.2x", code);
487
488 if (!skb)
9a9c6a34 489 return;
4e8402a3 490
e702112f
AE		 491 if (lmp_no_flush_capable(conn->hcon->hdev))
492 flags = ACL_START_NO_FLUSH;
493 else
494 flags = ACL_START;
495
496 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 497}
498
525cd185 499static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 500{
501 struct sk_buff *skb;
502 struct l2cap_hdr *lh;
525cd185 503 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
8c1d787b 504 struct l2cap_conn *conn = chan->conn;
c13ffa62 505 struct sock *sk = (struct sock *)pi;
fcc203c3 506 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 507 u8 flags;
fcc203c3 508
c13ffa62
GP		 509 if (sk->sk_state != BT_CONNECTED)
510 return;
511
47d1ec61 512 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 513 hlen += 2;
1c2acffb 514
49208c9c 515 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 516
fcc203c3 517 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 518 control |= L2CAP_CTRL_FRAME_TYPE;
519
525cd185 520 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
9e917af1 521 control |= L2CAP_CTRL_FINAL;
525cd185 522 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
9e917af1
GP		 523 }
524
525cd185 525 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
f0946ccf 526 control |= L2CAP_CTRL_POLL;
525cd185 527 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
f0946ccf
GP		 528 }
529
1c2acffb
GP		 530 skb = bt_skb_alloc(count, GFP_ATOMIC);
531 if (!skb)
9a9c6a34 532 return;
1c2acffb
GP		 533
534 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 535 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 536 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 537 put_unaligned_le16(control, skb_put(skb, 2));
538
47d1ec61 539 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 540 u16 fcs = crc16(0, (u8 *)lh, count - 2);
541 put_unaligned_le16(fcs, skb_put(skb, 2));
542 }
543
e702112f
AE		 544 if (lmp_no_flush_capable(conn->hcon->hdev))
545 flags = ACL_START_NO_FLUSH;
546 else
547 flags = ACL_START;
548
8c1d787b 549 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 550}
551
525cd185 552static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 553{
525cd185 554 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
7e743090 555 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 556 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1890d36b 557 } else
7e743090
GP		 558 control |= L2CAP_SUPER_RCV_READY;
559
42e5c802 560 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2ab25cdd 561
525cd185 562 l2cap_send_sframe(chan, control);
7e743090
GP		 563}
564
b4450035 565static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 566{
b4450035 567 return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND);
e501d055
AE		 568}
569
fc7f8a7e 570static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 571{
8c1d787b 572 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 573
574 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 575 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
576 return;
577
4343478f
GP		 578 if (l2cap_check_security(chan) &&
579 __l2cap_no_conn_pending(chan)) {
b1235d79 580 struct l2cap_conn_req req;
fe4128e0
GP		 581 req.scid = cpu_to_le16(chan->scid);
582 req.psm = chan->psm;
79d554a6 583
fc7f8a7e 584 chan->ident = l2cap_get_ident(conn);
b4450035 585 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
79d554a6 586
fc7f8a7e
GP		 587 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
588 sizeof(req), &req);
b1235d79 589 }
79d554a6
MH		 590 } else {
591 struct l2cap_info_req req;
592 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
593
594 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
595 conn->info_ident = l2cap_get_ident(conn);
596
597 mod_timer(&conn->info_timer, jiffies +
598 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
599
600 l2cap_send_cmd(conn, conn->info_ident,
601 L2CAP_INFO_REQ, sizeof(req), &req);
602 }
603}
604
cf6c2c0b
GP		 605static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
606{
607 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 608 if (!disable_ertm)
cf6c2c0b
GP		 609 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
610
611 switch (mode) {
612 case L2CAP_MODE_ERTM:
613 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
614 case L2CAP_MODE_STREAMING:
615 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
616 default:
617 return 0x00;
618 }
619}
620
4519de9a 621static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 622{
e92c8e70 623 struct sock *sk;
22121fc9
GP		 624 struct l2cap_disconn_req req;
625
c13ffa62
GP		 626 if (!conn)
627 return;
628
e92c8e70
GP		 629 sk = chan->sk;
630
0c1bc5c6 631 if (chan->mode == L2CAP_MODE_ERTM) {
e92c8e70
GP		 632 del_timer(&chan->retrans_timer);
633 del_timer(&chan->monitor_timer);
634 del_timer(&chan->ack_timer);
c13ffa62
GP		 635 }
636
fe4128e0
GP		 637 req.dcid = cpu_to_le16(chan->dcid);
638 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 639 l2cap_send_cmd(conn, l2cap_get_ident(conn),
640 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62
GP		 641
642 sk->sk_state = BT_DISCONN;
9b108fc0 643 sk->sk_err = err;
22121fc9
GP		 644}
645
1da177e4 646/* ---- L2CAP connections ---- */
4e8402a3
MH		 647static void l2cap_conn_start(struct l2cap_conn *conn)
648{
820ffdb3 649 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 650
651 BT_DBG("conn %p", conn);
652
baa7e1fa 653 read_lock(&conn->chan_lock);
4e8402a3 654
820ffdb3 655 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 656 struct sock *sk = chan->sk;
baa7e1fa 657
4e8402a3
MH		 658 bh_lock_sock(sk);
659
bd3c9e25
GP		 660 if (sk->sk_type != SOCK_SEQPACKET &&
661 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 662 bh_unlock_sock(sk);
663 continue;
664 }
665
666 if (sk->sk_state == BT_CONNECT) {
47731de7 667 struct l2cap_conn_req req;
79d554a6 668
4343478f 669 if (!l2cap_check_security(chan) ||
b4450035 670 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 671 bh_unlock_sock(sk);
672 continue;
673 }
79d554a6 674
0c1bc5c6 675 if (!l2cap_mode_supported(chan->mode,
47731de7 676 conn->feat_mask)
b4450035 677 && chan->conf_state &
47731de7 678 L2CAP_CONF_STATE2_DEVICE) {
4519de9a 679 /* __l2cap_chan_close() calls list_del(chan)
820ffdb3
GP		 680 * so release the lock */
681 read_unlock_bh(&conn->chan_lock);
4519de9a 682 __l2cap_chan_close(chan, ECONNRESET);
820ffdb3 683 read_lock_bh(&conn->chan_lock);
47731de7
GP		 684 bh_unlock_sock(sk);
685 continue;
b1235d79 686 }
47731de7 687
fe4128e0
GP		 688 req.scid = cpu_to_le16(chan->scid);
689 req.psm = chan->psm;
47731de7 690
fc7f8a7e 691 chan->ident = l2cap_get_ident(conn);
b4450035 692 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
47731de7 693
fc7f8a7e
GP		 694 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
695 sizeof(req), &req);
47731de7 696
79d554a6
MH		 697 } else if (sk->sk_state == BT_CONNECT2) {
698 struct l2cap_conn_rsp rsp;
e9aeb2dd 699 char buf[128];
fe4128e0
GP		 700 rsp.scid = cpu_to_le16(chan->dcid);
701 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 702
4343478f 703 if (l2cap_check_security(chan)) {
f66dc81f
MH		 704 if (bt_sk(sk)->defer_setup) {
705 struct sock *parent = bt_sk(sk)->parent;
706 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
707 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
708 parent->sk_data_ready(parent, 0);
709
710 } else {
711 sk->sk_state = BT_CONFIG;
712 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
713 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
714 }
79d554a6
MH		 715 } else {
716 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
717 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
718 }
719
fc7f8a7e
GP		 720 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
721 sizeof(rsp), &rsp);
e9aeb2dd 722
b4450035 723 if (chan->conf_state & L2CAP_CONF_REQ_SENT ||
e9aeb2dd
GP		 724 rsp.result != L2CAP_CR_SUCCESS) {
725 bh_unlock_sock(sk);
726 continue;
727 }
728
b4450035 729 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 730 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 731 l2cap_build_conf_req(chan, buf), buf);
732 chan->num_conf_req++;
4e8402a3
MH		 733 }
734
735 bh_unlock_sock(sk);
736 }
737
baa7e1fa 738 read_unlock(&conn->chan_lock);
4e8402a3
MH		 739}
740
b62f328b
VT		 741/* Find socket with cid and source bdaddr.
742 * Returns closest match, locked.
743 */
23691d75 744static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 745{
23691d75 746 struct l2cap_chan *c, *c1 = NULL;
b62f328b 747
23691d75 748 read_lock(&chan_list_lock);
b62f328b 749
23691d75
GP		 750 list_for_each_entry(c, &chan_list, global_l) {
751 struct sock *sk = c->sk;
fe4128e0 752
b62f328b
VT		 753 if (state && sk->sk_state != state)
754 continue;
755
23691d75 756 if (c->scid == cid) {
b62f328b 757 /* Exact match. */
23691d75
GP		 758 if (!bacmp(&bt_sk(sk)->src, src)) {
759 read_unlock(&chan_list_lock);
760 return c;
761 }
b62f328b
VT		 762
763 /* Closest match */
764 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 765 c1 = c;
b62f328b
VT		 766 }
767 }
280f294f 768
23691d75 769 read_unlock(&chan_list_lock);
b62f328b 770
23691d75 771 return c1;
b62f328b
VT		 772}
773
774static void l2cap_le_conn_ready(struct l2cap_conn *conn)
775{
c916fbe4 776 struct sock *parent, *sk;
23691d75 777 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 778
779 BT_DBG("");
780
781 /* Check if we have socket listening on cid */
23691d75 782 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 783 conn->src);
23691d75 784 if (!pchan)
b62f328b
VT		 785 return;
786
23691d75
GP		 787 parent = pchan->sk;
788
62f3a2cf
GP		 789 bh_lock_sock(parent);
790
b62f328b
VT		 791 /* Check for backlog size */
792 if (sk_acceptq_is_full(parent)) {
793 BT_DBG("backlog full %d", parent->sk_ack_backlog);
794 goto clean;
795 }
796
797 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
798 if (!sk)
799 goto clean;
800
23691d75 801 chan = l2cap_chan_create(sk);
48454079
GP		 802 if (!chan) {
803 l2cap_sock_kill(sk);
804 goto clean;
805 }
806
5d41ce1d
GP		 807 l2cap_pi(sk)->chan = chan;
808
baa7e1fa 809 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 810
811 hci_conn_hold(conn->hcon);
812
813 l2cap_sock_init(sk, parent);
baa7e1fa 814
b62f328b
VT		 815 bacpy(&bt_sk(sk)->src, conn->src);
816 bacpy(&bt_sk(sk)->dst, conn->dst);
817
d1010240
GP		 818 bt_accept_enqueue(parent, sk);
819
48454079
GP		 820 __l2cap_chan_add(conn, chan);
821
b62f328b
VT		 822 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
823
824 sk->sk_state = BT_CONNECTED;
825 parent->sk_data_ready(parent, 0);
826
baa7e1fa 827 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 828
829clean:
830 bh_unlock_sock(parent);
831}
832
4e8402a3
MH		 833static void l2cap_conn_ready(struct l2cap_conn *conn)
834{
48454079 835 struct l2cap_chan *chan;
4e8402a3 836
79d554a6 837 BT_DBG("conn %p", conn);
4e8402a3 838
b62f328b
VT		 839 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
840 l2cap_le_conn_ready(conn);
841
baa7e1fa 842 read_lock(&conn->chan_lock);
4e8402a3 843
baa7e1fa 844 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 845 struct sock *sk = chan->sk;
baa7e1fa 846
79d554a6 847 bh_lock_sock(sk);
4e8402a3 848
acd7d370
VT		 849 if (conn->hcon->type == LE_LINK) {
850 l2cap_sock_clear_timer(sk);
851 sk->sk_state = BT_CONNECTED;
852 sk->sk_state_change(sk);
853 }
854
bd3c9e25
GP		 855 if (sk->sk_type != SOCK_SEQPACKET &&
856 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 857 l2cap_sock_clear_timer(sk);
858 sk->sk_state = BT_CONNECTED;
859 sk->sk_state_change(sk);
860 } else if (sk->sk_state == BT_CONNECT)
fc7f8a7e 861 l2cap_do_start(chan);
4e8402a3 862
79d554a6 863 bh_unlock_sock(sk);
4e8402a3 864 }
79d554a6 865
baa7e1fa 866 read_unlock(&conn->chan_lock);
4e8402a3
MH		 867}
868
869/* Notify sockets that we cannot guaranty reliability anymore */
870static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
871{
48454079 872 struct l2cap_chan *chan;
4e8402a3
MH		 873
874 BT_DBG("conn %p", conn);
875
baa7e1fa 876 read_lock(&conn->chan_lock);
4e8402a3 877
baa7e1fa 878 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 879 struct sock *sk = chan->sk;
baa7e1fa 880
4343478f 881 if (chan->force_reliable)
4e8402a3
MH		 882 sk->sk_err = err;
883 }
884
baa7e1fa 885 read_unlock(&conn->chan_lock);
4e8402a3
MH		 886}
887
888static void l2cap_info_timeout(unsigned long arg)
889{
890 struct l2cap_conn *conn = (void *) arg;
891
984947dc 892 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 893 conn->info_ident = 0;
984947dc 894
4e8402a3
MH		 895 l2cap_conn_start(conn);
896}
897
1da177e4
LT		 898static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
899{
0139418c 900 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 901
0139418c 902 if (conn || status)
1da177e4
LT		 903 return conn;
904
0139418c
MH		 905 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
906 if (!conn)
1da177e4 907 return NULL;
1da177e4
LT		 908
909 hcon->l2cap_data = conn;
910 conn->hcon = hcon;
911
0139418c
MH		 912 BT_DBG("hcon %p conn %p", hcon, conn);
913
acd7d370
VT		 914 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
915 conn->mtu = hcon->hdev->le_mtu;
916 else
917 conn->mtu = hcon->hdev->acl_mtu;
918
1da177e4
LT		 919 conn->src = &hcon->hdev->bdaddr;
920 conn->dst = &hcon->dst;
921
4e8402a3
MH		 922 conn->feat_mask = 0;
923
1da177e4 924 spin_lock_init(&conn->lock);
baa7e1fa
GP		 925 rwlock_init(&conn->chan_lock);
926
927 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 928
b62f328b
VT		 929 if (hcon->type != LE_LINK)
930 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 931 (unsigned long) conn);
932
2950f21a
MH		 933 conn->disc_reason = 0x13;
934
1da177e4
LT		 935 return conn;
936}
937
0139418c 938static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 939{
0139418c 940 struct l2cap_conn *conn = hcon->l2cap_data;
baa7e1fa 941 struct l2cap_chan *chan, *l;
1da177e4
LT		 942 struct sock *sk;
943
0139418c
MH		 944 if (!conn)
945 return;
1da177e4
LT		 946
947 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
948
7585b97a 949 kfree_skb(conn->rx_skb);
1da177e4
LT		 950
951 /* Kill channels */
baa7e1fa 952 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
48454079 953 sk = chan->sk;
1da177e4 954 bh_lock_sock(sk);
48454079 955 l2cap_chan_del(chan, err);
1da177e4
LT		 956 bh_unlock_sock(sk);
957 l2cap_sock_kill(sk);
958 }
959
8e8440f5
DY		 960 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
961 del_timer_sync(&conn->info_timer);
3ab22731 962
1da177e4
LT		 963 hcon->l2cap_data = NULL;
964 kfree(conn);
1da177e4
LT		 965}
966
48454079 967static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 968{
baa7e1fa 969 write_lock_bh(&conn->chan_lock);
48454079 970 __l2cap_chan_add(conn, chan);
baa7e1fa 971 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 972}
973
1da177e4 974/* ---- Socket interface ---- */
1da177e4
LT		 975
976/* Find socket with psm and source bdaddr.
977 * Returns closest match.
978 */
23691d75 979static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 980{
23691d75 981 struct l2cap_chan *c, *c1 = NULL;
1da177e4 982
23691d75 983 read_lock(&chan_list_lock);
e0f0cb56 984
23691d75
GP		 985 list_for_each_entry(c, &chan_list, global_l) {
986 struct sock *sk = c->sk;
fe4128e0 987
1da177e4
LT		 988 if (state && sk->sk_state != state)
989 continue;
990
23691d75 991 if (c->psm == psm) {
1da177e4 992 /* Exact match. */
23691d75 993 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 994 read_unlock(&chan_list_lock);
23691d75
GP		 995 return c;
996 }
1da177e4
LT		 997
998 /* Closest match */
999 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1000 c1 = c;
1da177e4
LT		 1001 }
1002 }
1da177e4 1003
23691d75 1004 read_unlock(&chan_list_lock);
e0f0cb56 1005
23691d75 1006 return c1;
1da177e4
LT		 1007}
1008
77a74c7e 1009int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1010{
5d41ce1d 1011 struct sock *sk = chan->sk;
1da177e4
LT		 1012 bdaddr_t *src = &bt_sk(sk)->src;
1013 bdaddr_t *dst = &bt_sk(sk)->dst;
1014 struct l2cap_conn *conn;
1015 struct hci_conn *hcon;
1016 struct hci_dev *hdev;
09ab6f4c 1017 __u8 auth_type;
44d0e48e 1018 int err;
1da177e4 1019
f29972de 1020 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1021 chan->psm);
1da177e4 1022
af05b30b
GP		 1023 hdev = hci_get_route(dst, src);
1024 if (!hdev)
1da177e4
LT		 1025 return -EHOSTUNREACH;
1026
1027 hci_dev_lock_bh(hdev);
1028
4343478f 1029 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1030
fe4128e0 1031 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1032 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1033 chan->sec_level, auth_type);
acd7d370
VT		 1034 else
1035 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1036 chan->sec_level, auth_type);
acd7d370 1037
30e76272
VT		 1038 if (IS_ERR(hcon)) {
1039 err = PTR_ERR(hcon);
1da177e4 1040 goto done;
30e76272 1041 }
1da177e4
LT		 1042
1043 conn = l2cap_conn_add(hcon, 0);
1044 if (!conn) {
1045 hci_conn_put(hcon);
30e76272 1046 err = -ENOMEM;
1da177e4
LT		 1047 goto done;
1048 }
1049
1da177e4
LT		 1050 /* Update source addr of the socket */
1051 bacpy(src, conn->src);
1052
48454079
GP		 1053 l2cap_chan_add(conn, chan);
1054
1da177e4
LT		 1055 sk->sk_state = BT_CONNECT;
1056 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1057
1058 if (hcon->state == BT_CONNECTED) {
bd3c9e25
GP		 1059 if (sk->sk_type != SOCK_SEQPACKET &&
1060 sk->sk_type != SOCK_STREAM) {
1da177e4 1061 l2cap_sock_clear_timer(sk);
4343478f 1062 if (l2cap_check_security(chan))
d00ef24f 1063 sk->sk_state = BT_CONNECTED;
79d554a6 1064 } else
fc7f8a7e 1065 l2cap_do_start(chan);
1da177e4
LT		 1066 }
1067
30e76272
VT		 1068 err = 0;
1069
1da177e4
LT		 1070done:
1071 hci_dev_unlock_bh(hdev);
1072 hci_dev_put(hdev);
1073 return err;
1074}
1075
dcba0dba 1076int __l2cap_wait_ack(struct sock *sk)
6161c038 1077{
8c1d787b 1078 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1079 DECLARE_WAITQUEUE(wait, current);
1080 int err = 0;
1081 int timeo = HZ/5;
1082
2b0b05dd 1083 add_wait_queue(sk_sleep(sk), &wait);
8c1d787b 1084 while ((chan->unacked_frames > 0 && chan->conn)) {
6161c038
GP		 1085 set_current_state(TASK_INTERRUPTIBLE);
1086
1087 if (!timeo)
1088 timeo = HZ/5;
1089
1090 if (signal_pending(current)) {
1091 err = sock_intr_errno(timeo);
1092 break;
1093 }
1094
1095 release_sock(sk);
1096 timeo = schedule_timeout(timeo);
1097 lock_sock(sk);
1098
1099 err = sock_error(sk);
1100 if (err)
1101 break;
1102 }
1103 set_current_state(TASK_RUNNING);
2b0b05dd 1104 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1105 return err;
1106}
1107
e90bac06
GP		 1108static void l2cap_monitor_timeout(unsigned long arg)
1109{
525cd185
GP		 1110 struct l2cap_chan *chan = (void *) arg;
1111 struct sock *sk = chan->sk;
e90bac06 1112
525cd185 1113 BT_DBG("chan %p", chan);
0e98958d 1114
e686219a 1115 bh_lock_sock(sk);
2c03a7a4 1116 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1117 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1118 bh_unlock_sock(sk);
e90bac06
GP		 1119 return;
1120 }
1121
6a026610 1122 chan->retry_count++;
e90bac06
GP		 1123 __mod_monitor_timer();
1124
525cd185 1125 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1126 bh_unlock_sock(sk);
e90bac06
GP		 1127}
1128
1129static void l2cap_retrans_timeout(unsigned long arg)
1130{
525cd185
GP		 1131 struct l2cap_chan *chan = (void *) arg;
1132 struct sock *sk = chan->sk;
e90bac06 1133
49208c9c 1134 BT_DBG("chan %p", chan);
0e98958d 1135
e686219a 1136 bh_lock_sock(sk);
6a026610 1137 chan->retry_count = 1;
e90bac06
GP		 1138 __mod_monitor_timer();
1139
525cd185 1140 chan->conn_state |= L2CAP_CONN_WAIT_F;
e90bac06 1141
525cd185 1142 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1143 bh_unlock_sock(sk);
e90bac06
GP		 1144}
1145
42e5c802 1146static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1147{
1c2acffb 1148 struct sk_buff *skb;
1da177e4 1149
58d35f87 1150 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1151 chan->unacked_frames) {
42e5c802 1152 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1153 break;
1da177e4 1154
58d35f87 1155 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1156 kfree_skb(skb);
1da177e4 1157
6a026610 1158 chan->unacked_frames--;
1c2acffb 1159 }
1da177e4 1160
6a026610 1161 if (!chan->unacked_frames)
e92c8e70 1162 del_timer(&chan->retrans_timer);
1c2acffb 1163}
1da177e4 1164
4343478f 1165void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1166{
8c1d787b 1167 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1168 u16 flags;
1c2acffb 1169
4343478f 1170 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1171
4343478f 1172 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1173 flags = ACL_START_NO_FLUSH;
1174 else
1175 flags = ACL_START;
1176
1177 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1178}
1179
42e5c802 1180void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1181{
ccbb84af 1182 struct sk_buff *skb;
fcc203c3 1183 u16 control, fcs;
6840ed07 1184
58d35f87 1185 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1186 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
42e5c802 1187 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 1188 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1189
47d1ec61 1190 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1191 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1192 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1193 }
1194
4343478f 1195 l2cap_do_send(chan, skb);
6840ed07 1196
42e5c802 1197 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1198 }
6840ed07
GP		 1199}
1200
525cd185 1201static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 1202{
8f17154f
GP		 1203 struct sk_buff *skb, *tx_skb;
1204 u16 control, fcs;
8f17154f 1205
58d35f87 1206 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1207 if (!skb)
1208 return;
8f17154f 1209
f11d676d
GP		 1210 do {
1211 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1212 break;
8f17154f 1213
58d35f87 1214 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1215 return;
8f17154f 1216
58d35f87 1217 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1218
2c03a7a4
GP		 1219 if (chan->remote_max_tx &&
1220 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1221 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1222 return;
1223 }
1224
1225 tx_skb = skb_clone(skb, GFP_ATOMIC);
1226 bt_cb(skb)->retries++;
1227 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
a429b519 1228 control &= L2CAP_CTRL_SAR;
3cb123d1 1229
525cd185 1230 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
3cb123d1 1231 control |= L2CAP_CTRL_FINAL;
525cd185 1232 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3cb123d1 1233 }
95ffa978 1234
42e5c802 1235 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
f11d676d 1236 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1237
f11d676d
GP		 1238 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1239
47d1ec61 1240 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1241 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1242 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1243 }
1244
4343478f 1245 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1246}
1247
525cd185 1248int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1249{
1250 struct sk_buff *skb, *tx_skb;
525cd185 1251 struct sock *sk = chan->sk;
fcc203c3 1252 u16 control, fcs;
9a9c6a34 1253 int nsent = 0;
1c2acffb 1254
c13ffa62
GP		 1255 if (sk->sk_state != BT_CONNECTED)
1256 return -ENOTCONN;
e90bac06 1257
58d35f87 1258 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1259
2c03a7a4
GP		 1260 if (chan->remote_max_tx &&
1261 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1262 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1263 break;
1264 }
1265
e420aba3
AE		 1266 tx_skb = skb_clone(skb, GFP_ATOMIC);
1267
e90bac06
GP		 1268 bt_cb(skb)->retries++;
1269
1c2acffb 1270 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1271 control &= L2CAP_CTRL_SAR;
1272
525cd185 1273 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
d5392c8f 1274 control |= L2CAP_CTRL_FINAL;
525cd185 1275 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
d5392c8f 1276 }
42e5c802
GP		 1277 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1278 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1c2acffb
GP		 1279 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1280
e90bac06 1281
47d1ec61 1282 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1283 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1284 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1285 }
1286
4343478f 1287 l2cap_do_send(chan, tx_skb);
9a9c6a34 1288
e90bac06 1289 __mod_retrans_timer();
1c2acffb 1290
42e5c802
GP		 1291 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1292 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1293
23e9fde2 1294 if (bt_cb(skb)->retries == 1)
6a026610 1295 chan->unacked_frames++;
23e9fde2 1296
6a026610 1297 chan->frames_sent++;
1c2acffb 1298
58d35f87
GP		 1299 if (skb_queue_is_last(&chan->tx_q, skb))
1300 chan->tx_send_head = NULL;
1c2acffb 1301 else
58d35f87 1302 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1303
1304 nsent++;
1c2acffb
GP		 1305 }
1306
9e917af1
GP		 1307 return nsent;
1308}
1309
525cd185 1310static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1311{
dfc909be
GP		 1312 int ret;
1313
58d35f87
GP		 1314 if (!skb_queue_empty(&chan->tx_q))
1315 chan->tx_send_head = chan->tx_q.next;
dfc909be 1316
42e5c802 1317 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1318 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1319 return ret;
1320}
1321
525cd185 1322static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1323{
9e917af1
GP		 1324 u16 control = 0;
1325
42e5c802 1326 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
9e917af1 1327
525cd185 1328 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
9e917af1 1329 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185
GP		 1330 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1331 l2cap_send_sframe(chan, control);
9a9c6a34 1332 return;
9e917af1 1333 }
dfc909be 1334
525cd185 1335 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1336 return;
1337
1338 control |= L2CAP_SUPER_RCV_READY;
525cd185 1339 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1340}
1341
525cd185 1342static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1343{
1344 struct srej_list *tail;
1345 u16 control;
1346
1347 control = L2CAP_SUPER_SELECT_REJECT;
1348 control |= L2CAP_CTRL_FINAL;
1349
39d5a3ee 1350 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
99b0d4b7
GP		 1351 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1352
525cd185 1353 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1354}
1355
1c2acffb
GP		 1356static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1357{
8c1d787b 1358 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1359 struct sk_buff **frag;
1360 int err, sent = 0;
1da177e4 1361
59203a21 1362 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1363 return -EFAULT;
1da177e4
LT		 1364
1365 sent += count;
1366 len -= count;
1367
1368 /* Continuation fragments (no L2CAP header) */
1369 frag = &skb_shinfo(skb)->frag_list;
1370 while (len) {
1371 count = min_t(unsigned int, conn->mtu, len);
1372
1373 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1374 if (!*frag)
0175d629 1375 return err;
1c2acffb
GP		 1376 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1377 return -EFAULT;
1da177e4
LT		 1378
1379 sent += count;
1380 len -= count;
1381
1382 frag = &(*frag)->next;
1383 }
1da177e4
LT		 1384
1385 return sent;
1c2acffb 1386}
1da177e4 1387
fe4128e0 1388struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1389{
fe4128e0 1390 struct sock *sk = chan->sk;
8c1d787b 1391 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1392 struct sk_buff *skb;
1393 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1394 struct l2cap_hdr *lh;
1395
1396 BT_DBG("sk %p len %d", sk, (int)len);
1397
1398 count = min_t(unsigned int, (conn->mtu - hlen), len);
1399 skb = bt_skb_send_alloc(sk, count + hlen,
1400 msg->msg_flags & MSG_DONTWAIT, &err);
1401 if (!skb)
0175d629 1402 return ERR_PTR(err);
1c2acffb
GP		 1403
1404 /* Create L2CAP header */
1405 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1406 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1407 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1408 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1409
1410 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1411 if (unlikely(err < 0)) {
1412 kfree_skb(skb);
1413 return ERR_PTR(err);
1414 }
1415 return skb;
1416}
1417
fe4128e0 1418struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1419{
fe4128e0 1420 struct sock *sk = chan->sk;
8c1d787b 1421 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1422 struct sk_buff *skb;
1423 int err, count, hlen = L2CAP_HDR_SIZE;
1424 struct l2cap_hdr *lh;
1425
1426 BT_DBG("sk %p len %d", sk, (int)len);
1427
1428 count = min_t(unsigned int, (conn->mtu - hlen), len);
1429 skb = bt_skb_send_alloc(sk, count + hlen,
1430 msg->msg_flags & MSG_DONTWAIT, &err);
1431 if (!skb)
0175d629 1432 return ERR_PTR(err);
1c2acffb
GP		 1433
1434 /* Create L2CAP header */
1435 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1436 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1437 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1438
1439 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1440 if (unlikely(err < 0)) {
1441 kfree_skb(skb);
1442 return ERR_PTR(err);
1443 }
1444 return skb;
1445}
1446
47d1ec61 1447struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1c2acffb 1448{
47d1ec61 1449 struct sock *sk = chan->sk;
8c1d787b 1450 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1451 struct sk_buff *skb;
1452 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1453 struct l2cap_hdr *lh;
1454
1455 BT_DBG("sk %p len %d", sk, (int)len);
1456
0ee0d208
GP		 1457 if (!conn)
1458 return ERR_PTR(-ENOTCONN);
1459
c74e560c
GP		 1460 if (sdulen)
1461 hlen += 2;
1462
47d1ec61 1463 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1464 hlen += 2;
1465
1c2acffb
GP		 1466 count = min_t(unsigned int, (conn->mtu - hlen), len);
1467 skb = bt_skb_send_alloc(sk, count + hlen,
1468 msg->msg_flags & MSG_DONTWAIT, &err);
1469 if (!skb)
0175d629 1470 return ERR_PTR(err);
1c2acffb
GP		 1471
1472 /* Create L2CAP header */
1473 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1474 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1475 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1476 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1477 if (sdulen)
1478 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1479
1480 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1481 if (unlikely(err < 0)) {
1482 kfree_skb(skb);
1483 return ERR_PTR(err);
1484 }
e90bac06 1485
47d1ec61 1486 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1487 put_unaligned_le16(0, skb_put(skb, 2));
1488
e90bac06 1489 bt_cb(skb)->retries = 0;
1c2acffb 1490 return skb;
1da177e4
LT		 1491}
1492
2c03a7a4 1493int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1494{
c74e560c
GP		 1495 struct sk_buff *skb;
1496 struct sk_buff_head sar_queue;
1497 u16 control;
1498 size_t size = 0;
1499
ff12fd64 1500 skb_queue_head_init(&sar_queue);
c74e560c 1501 control = L2CAP_SDU_START;
47d1ec61 1502 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1503 if (IS_ERR(skb))
1504 return PTR_ERR(skb);
1505
1506 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1507 len -= chan->remote_mps;
1508 size += chan->remote_mps;
c74e560c
GP		 1509
1510 while (len > 0) {
1511 size_t buflen;
1512
2c03a7a4 1513 if (len > chan->remote_mps) {
44651b85 1514 control = L2CAP_SDU_CONTINUE;
2c03a7a4 1515 buflen = chan->remote_mps;
c74e560c 1516 } else {
44651b85 1517 control = L2CAP_SDU_END;
c74e560c
GP		 1518 buflen = len;
1519 }
1520
47d1ec61 1521 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1522 if (IS_ERR(skb)) {
1523 skb_queue_purge(&sar_queue);
1524 return PTR_ERR(skb);
1525 }
1526
1527 __skb_queue_tail(&sar_queue, skb);
1528 len -= buflen;
1529 size += buflen;
c74e560c 1530 }
58d35f87
GP		 1531 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1532 if (chan->tx_send_head == NULL)
1533 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1534
1535 return size;
1536}
1537
9a91a04a
GP		 1538int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1539{
1540 struct sock *sk = chan->sk;
1541 struct sk_buff *skb;
1542 u16 control;
1543 int err;
1544
1545 /* Connectionless channel */
1546 if (sk->sk_type == SOCK_DGRAM) {
1547 skb = l2cap_create_connless_pdu(chan, msg, len);
1548 if (IS_ERR(skb))
1549 return PTR_ERR(skb);
1550
1551 l2cap_do_send(chan, skb);
1552 return len;
1553 }
1554
1555 switch (chan->mode) {
1556 case L2CAP_MODE_BASIC:
1557 /* Check outgoing MTU */
1558 if (len > chan->omtu)
1559 return -EMSGSIZE;
1560
1561 /* Create a basic PDU */
1562 skb = l2cap_create_basic_pdu(chan, msg, len);
1563 if (IS_ERR(skb))
1564 return PTR_ERR(skb);
1565
1566 l2cap_do_send(chan, skb);
1567 err = len;
1568 break;
1569
1570 case L2CAP_MODE_ERTM:
1571 case L2CAP_MODE_STREAMING:
1572 /* Entire SDU fits into one PDU */
1573 if (len <= chan->remote_mps) {
1574 control = L2CAP_SDU_UNSEGMENTED;
1575 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1576 0);
1577 if (IS_ERR(skb))
1578 return PTR_ERR(skb);
1579
1580 __skb_queue_tail(&chan->tx_q, skb);
1581
1582 if (chan->tx_send_head == NULL)
1583 chan->tx_send_head = skb;
1584
1585 } else {
1586 /* Segment SDU into multiples PDUs */
1587 err = l2cap_sar_segment_sdu(chan, msg, len);
1588 if (err < 0)
1589 return err;
1590 }
1591
1592 if (chan->mode == L2CAP_MODE_STREAMING) {
1593 l2cap_streaming_send(chan);
1594 err = len;
1595 break;
1596 }
1597
1598 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
1599 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
1600 err = len;
1601 break;
1602 }
1603
1604 err = l2cap_ertm_send(chan);
1605 if (err >= 0)
1606 err = len;
1607
1608 break;
1609
1610 default:
1611 BT_DBG("bad state %1.1x", chan->mode);
1612 err = -EBADFD;
1613 }
1614
1615 return err;
1616}
1617
1da177e4
LT		 1618static void l2cap_chan_ready(struct sock *sk)
1619{
1620 struct sock *parent = bt_sk(sk)->parent;
b4450035 1621 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1da177e4
LT		 1622
1623 BT_DBG("sk %p, parent %p", sk, parent);
1624
b4450035 1625 chan->conf_state = 0;
1da177e4
LT		 1626 l2cap_sock_clear_timer(sk);
1627
1628 if (!parent) {
1629 /* Outgoing channel.
1630 * Wake up socket sleeping on connect.
1631 */
1632 sk->sk_state = BT_CONNECTED;
1633 sk->sk_state_change(sk);
1634 } else {
1635 /* Incoming channel.
1636 * Wake up socket sleeping on accept.
1637 */
1638 parent->sk_data_ready(parent, 0);
1639 }
1640}
1641
1642/* Copy frame to all raw sockets on that connection */
1643static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1644{
1da177e4 1645 struct sk_buff *nskb;
48454079 1646 struct l2cap_chan *chan;
1da177e4
LT		 1647
1648 BT_DBG("conn %p", conn);
1649
baa7e1fa
GP		 1650 read_lock(&conn->chan_lock);
1651 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1652 struct sock *sk = chan->sk;
1da177e4
LT		 1653 if (sk->sk_type != SOCK_RAW)
1654 continue;
1655
1656 /* Don't send frame to the socket it came from */
1657 if (skb->sk == sk)
1658 continue;
af05b30b
GP		 1659 nskb = skb_clone(skb, GFP_ATOMIC);
1660 if (!nskb)
1da177e4
LT		 1661 continue;
1662
1663 if (sock_queue_rcv_skb(sk, nskb))
1664 kfree_skb(nskb);
1665 }
baa7e1fa 1666 read_unlock(&conn->chan_lock);
1da177e4
LT		 1667}
1668
1669/* ---- L2CAP signalling commands ---- */
1670static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1671 u8 code, u8 ident, u16 dlen, void *data)
1672{
1673 struct sk_buff *skb, **frag;
1674 struct l2cap_cmd_hdr *cmd;
1675 struct l2cap_hdr *lh;
1676 int len, count;
1677
af05b30b
GP		 1678 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1679 conn, code, ident, dlen);
1da177e4
LT		 1680
1681 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1682 count = min_t(unsigned int, conn->mtu, len);
1683
1684 skb = bt_skb_alloc(count, GFP_ATOMIC);
1685 if (!skb)
1686 return NULL;
1687
1688 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1689 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1690
1691 if (conn->hcon->type == LE_LINK)
1692 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1693 else
1694 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1695
1696 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1697 cmd->code = code;
1698 cmd->ident = ident;
aca3192c 1699 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1700
1701 if (dlen) {
1702 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1703 memcpy(skb_put(skb, count), data, count);
1704 data += count;
1705 }
1706
1707 len -= skb->len;
1708
1709 /* Continuation fragments (no L2CAP header) */
1710 frag = &skb_shinfo(skb)->frag_list;
1711 while (len) {
1712 count = min_t(unsigned int, conn->mtu, len);
1713
1714 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1715 if (!*frag)
1716 goto fail;
1717
1718 memcpy(skb_put(*frag, count), data, count);
1719
1720 len -= count;
1721 data += count;
1722
1723 frag = &(*frag)->next;
1724 }
1725
1726 return skb;
1727
1728fail:
1729 kfree_skb(skb);
1730 return NULL;
1731}
1732
1733static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1734{
1735 struct l2cap_conf_opt *opt = *ptr;
1736 int len;
1737
1738 len = L2CAP_CONF_OPT_SIZE + opt->len;
1739 *ptr += len;
1740
1741 *type = opt->type;
1742 *olen = opt->len;
1743
1744 switch (opt->len) {
1745 case 1:
1746 *val = *((u8 *) opt->val);
1747 break;
1748
1749 case 2:
bfaaeb3e 1750 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1751 break;
1752
1753 case 4:
bfaaeb3e 1754 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1755 break;
1756
1757 default:
1758 *val = (unsigned long) opt->val;
1759 break;
1760 }
1761
1762 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1763 return len;
1764}
1765
1da177e4
LT		 1766static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1767{
1768 struct l2cap_conf_opt *opt = *ptr;
1769
1770 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1771
1772 opt->type = type;
1773 opt->len = len;
1774
1775 switch (len) {
1776 case 1:
1777 *((u8 *) opt->val) = val;
1778 break;
1779
1780 case 2:
4f8b691c 1781 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1782 break;
1783
1784 case 4:
4f8b691c 1785 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1786 break;
1787
1788 default:
1789 memcpy(opt->val, (void *) val, len);
1790 break;
1791 }
1792
1793 *ptr += L2CAP_CONF_OPT_SIZE + len;
1794}
1795
c1b4f43b
GP		 1796static void l2cap_ack_timeout(unsigned long arg)
1797{
525cd185 1798 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1799
525cd185
GP		 1800 bh_lock_sock(chan->sk);
1801 l2cap_send_ack(chan);
1802 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1803}
1804
525cd185 1805static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1806{
525cd185
GP		 1807 struct sock *sk = chan->sk;
1808
42e5c802 1809 chan->expected_ack_seq = 0;
6a026610 1810 chan->unacked_frames = 0;
42e5c802 1811 chan->buffer_seq = 0;
6a026610
GP		 1812 chan->num_acked = 0;
1813 chan->frames_sent = 0;
0565c1c2 1814
e92c8e70
GP		 1815 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1816 (unsigned long) chan);
1817 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1818 (unsigned long) chan);
1819 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1820
f1c6775b
GP		 1821 skb_queue_head_init(&chan->srej_q);
1822 skb_queue_head_init(&chan->busy_q);
1890d36b 1823
39d5a3ee
GP		 1824 INIT_LIST_HEAD(&chan->srej_l);
1825
311bb895 1826 INIT_WORK(&chan->busy_work, l2cap_busy_work);
218bb9df
GP		 1827
1828 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1829}
1830
f2fcfcd6
GP		 1831static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1832{
1833 switch (mode) {
1834 case L2CAP_MODE_STREAMING:
1835 case L2CAP_MODE_ERTM:
1836 if (l2cap_mode_supported(mode, remote_feat_mask))
1837 return mode;
1838 /* fall through */
1839 default:
1840 return L2CAP_MODE_BASIC;
1841 }
1842}
1843
710f9b0a 1844static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1845{
1da177e4 1846 struct l2cap_conf_req *req = data;
0c1bc5c6 1847 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1848 void *ptr = req->data;
1849
49208c9c 1850 BT_DBG("chan %p", chan);
1da177e4 1851
73ffa904 1852 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1853 goto done;
1854
0c1bc5c6 1855 switch (chan->mode) {
f2fcfcd6
GP		 1856 case L2CAP_MODE_STREAMING:
1857 case L2CAP_MODE_ERTM:
b4450035 1858 if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE)
85eb53c6 1859 break;
85eb53c6 1860
2ba13ed6 1861 /* fall through */
f2fcfcd6 1862 default:
8c1d787b 1863 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1864 break;
1865 }
1866
1867done:
0c1bc5c6
GP		 1868 if (chan->imtu != L2CAP_DEFAULT_MTU)
1869 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1870
0c1bc5c6 1871 switch (chan->mode) {
65c7c491 1872 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1873 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1874 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1875 break;
1876
62547752
GP		 1877 rfc.mode = L2CAP_MODE_BASIC;
1878 rfc.txwin_size = 0;
1879 rfc.max_transmit = 0;
1880 rfc.retrans_timeout = 0;
1881 rfc.monitor_timeout = 0;
1882 rfc.max_pdu_size = 0;
1883
63406504
GP		 1884 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1885 (unsigned long) &rfc);
65c7c491
MH		 1886 break;
1887
1888 case L2CAP_MODE_ERTM:
1889 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61
GP		 1890 rfc.txwin_size = chan->tx_win;
1891 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1892 rfc.retrans_timeout = 0;
1893 rfc.monitor_timeout = 0;
c74e560c 1894 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1895 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1896 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1897
63406504
GP		 1898 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1899 (unsigned long) &rfc);
1900
8c1d787b 1901 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1902 break;
1903
47d1ec61 1904 if (chan->fcs == L2CAP_FCS_NONE ||
b4450035 1905 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
47d1ec61
GP		 1906 chan->fcs = L2CAP_FCS_NONE;
1907 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1908 }
f2fcfcd6
GP		 1909 break;
1910
1911 case L2CAP_MODE_STREAMING:
1912 rfc.mode = L2CAP_MODE_STREAMING;
1913 rfc.txwin_size = 0;
1914 rfc.max_transmit = 0;
1915 rfc.retrans_timeout = 0;
1916 rfc.monitor_timeout = 0;
c74e560c 1917 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1918 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1919 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 1920
63406504
GP		 1921 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1922 (unsigned long) &rfc);
1923
8c1d787b 1924 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1925 break;
1926
47d1ec61 1927 if (chan->fcs == L2CAP_FCS_NONE ||
b4450035 1928 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
47d1ec61
GP		 1929 chan->fcs = L2CAP_FCS_NONE;
1930 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1931 }
65c7c491
MH		 1932 break;
1933 }
1da177e4 1934
fe4128e0 1935 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 1936 req->flags = cpu_to_le16(0);
1da177e4
LT		 1937
1938 return ptr - data;
1939}
1940
73ffa904 1941static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1942{
5dee9e7c
MH		 1943 struct l2cap_conf_rsp *rsp = data;
1944 void *ptr = rsp->data;
73ffa904
GP		 1945 void *req = chan->conf_req;
1946 int len = chan->conf_len;
5dee9e7c
MH		 1947 int type, hint, olen;
1948 unsigned long val;
6464f35f 1949 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1950 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1951 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1952
73ffa904 1953 BT_DBG("chan %p", chan);
820ae1b8 1954
5dee9e7c
MH		 1955 while (len >= L2CAP_CONF_OPT_SIZE) {
1956 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1957
589d2746 1958 hint = type & L2CAP_CONF_HINT;
47ec1dcd 1959 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 1960
1961 switch (type) {
1962 case L2CAP_CONF_MTU:
861d6882 1963 mtu = val;
5dee9e7c
MH		 1964 break;
1965
1966 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 1967 chan->flush_to = val;
5dee9e7c
MH		 1968 break;
1969
1970 case L2CAP_CONF_QOS:
1971 break;
1972
6464f35f
MH		 1973 case L2CAP_CONF_RFC:
1974 if (olen == sizeof(rfc))
1975 memcpy(&rfc, (void *) val, olen);
1976 break;
1977
fcc203c3
GP		 1978 case L2CAP_CONF_FCS:
1979 if (val == L2CAP_FCS_NONE)
b4450035 1980 chan->conf_state |= L2CAP_CONF_NO_FCS_RECV;
fcc203c3
GP		 1981
1982 break;
1983
5dee9e7c
MH		 1984 default:
1985 if (hint)
1986 break;
1987
1988 result = L2CAP_CONF_UNKNOWN;
1989 *((u8 *) ptr++) = type;
1990 break;
1991 }
1992 }
1993
73ffa904 1994 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 1995 goto done;
1996
0c1bc5c6 1997 switch (chan->mode) {
f2fcfcd6
GP		 1998 case L2CAP_MODE_STREAMING:
1999 case L2CAP_MODE_ERTM:
b4450035 2000 if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
0c1bc5c6 2001 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2002 chan->conn->feat_mask);
85eb53c6
GP		 2003 break;
2004 }
2005
0c1bc5c6 2006 if (chan->mode != rfc.mode)
f2fcfcd6 2007 return -ECONNREFUSED;
742e519b 2008
f2fcfcd6 2009 break;
f2fcfcd6
GP		 2010 }
2011
2012done:
0c1bc5c6 2013 if (chan->mode != rfc.mode) {
f2fcfcd6 2014 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2015 rfc.mode = chan->mode;
f2fcfcd6 2016
73ffa904 2017 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2018 return -ECONNREFUSED;
2019
2020 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2021 sizeof(rfc), (unsigned long) &rfc);
2022 }
2023
2024
5dee9e7c
MH		 2025 if (result == L2CAP_CONF_SUCCESS) {
2026 /* Configure output options and let the other side know
2027 * which ones we don't like. */
2028
f2fcfcd6
GP		 2029 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2030 result = L2CAP_CONF_UNACCEPT;
2031 else {
0c1bc5c6 2032 chan->omtu = mtu;
b4450035 2033 chan->conf_state |= L2CAP_CONF_MTU_DONE;
f2fcfcd6 2034 }
0c1bc5c6 2035 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2036
f2fcfcd6
GP		 2037 switch (rfc.mode) {
2038 case L2CAP_MODE_BASIC:
47d1ec61 2039 chan->fcs = L2CAP_FCS_NONE;
b4450035 2040 chan->conf_state |= L2CAP_CONF_MODE_DONE;
f2fcfcd6
GP		 2041 break;
2042
2043 case L2CAP_MODE_ERTM:
2c03a7a4
GP		 2044 chan->remote_tx_win = rfc.txwin_size;
2045 chan->remote_max_tx = rfc.max_transmit;
86b1b263 2046
8c1d787b
GP		 2047 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2048 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2049
2c03a7a4 2050 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2051
10467e9e
GP		 2052 rfc.retrans_timeout =
2053 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2054 rfc.monitor_timeout =
2055 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2056
b4450035 2057 chan->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 2058
2059 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2060 sizeof(rfc), (unsigned long) &rfc);
2061
f2fcfcd6
GP		 2062 break;
2063
2064 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 2065 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2066 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2067
2c03a7a4 2068 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2069
b4450035 2070 chan->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 2071
2072 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2073 sizeof(rfc), (unsigned long) &rfc);
2074
f2fcfcd6
GP		 2075 break;
2076
2077 default:
5dee9e7c 2078 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2079
6464f35f 2080 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2081 rfc.mode = chan->mode;
f2fcfcd6 2082 }
6464f35f 2083
f2fcfcd6 2084 if (result == L2CAP_CONF_SUCCESS)
b4450035 2085 chan->conf_state |= L2CAP_CONF_OUTPUT_DONE;
f2fcfcd6 2086 }
fe4128e0 2087 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2088 rsp->result = cpu_to_le16(result);
2089 rsp->flags = cpu_to_le16(0x0000);
2090
2091 return ptr - data;
1da177e4
LT		 2092}
2093
b4450035 2094static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2095{
f2fcfcd6
GP		 2096 struct l2cap_conf_req *req = data;
2097 void *ptr = req->data;
2098 int type, olen;
2099 unsigned long val;
2100 struct l2cap_conf_rfc rfc;
2101
fe4128e0 2102 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2103
2104 while (len >= L2CAP_CONF_OPT_SIZE) {
2105 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2106
2107 switch (type) {
2108 case L2CAP_CONF_MTU:
2109 if (val < L2CAP_DEFAULT_MIN_MTU) {
2110 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2111 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2112 } else
0c1bc5c6
GP		 2113 chan->imtu = val;
2114 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2115 break;
2116
2117 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2118 chan->flush_to = val;
f2fcfcd6 2119 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2120 2, chan->flush_to);
f2fcfcd6
GP		 2121 break;
2122
2123 case L2CAP_CONF_RFC:
2124 if (olen == sizeof(rfc))
2125 memcpy(&rfc, (void *)val, olen);
2126
b4450035 2127 if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
0c1bc5c6 2128 rfc.mode != chan->mode)
f2fcfcd6
GP		 2129 return -ECONNREFUSED;
2130
47d1ec61 2131 chan->fcs = 0;
f2fcfcd6
GP		 2132
2133 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2134 sizeof(rfc), (unsigned long) &rfc);
2135 break;
2136 }
2137 }
2138
0c1bc5c6 2139 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2140 return -ECONNREFUSED;
2141
0c1bc5c6 2142 chan->mode = rfc.mode;
6c2ea7a8 2143
f2fcfcd6
GP		 2144 if (*result == L2CAP_CONF_SUCCESS) {
2145 switch (rfc.mode) {
2146 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2147 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2148 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2149 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2150 break;
2151 case L2CAP_MODE_STREAMING:
47d1ec61 2152 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2153 }
2154 }
2155
fe4128e0 2156 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2157 req->flags = cpu_to_le16(0x0000);
2158
2159 return ptr - data;
2160}
2161
fe4128e0 2162static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2163{
2164 struct l2cap_conf_rsp *rsp = data;
2165 void *ptr = rsp->data;
1da177e4 2166
fe4128e0 2167 BT_DBG("chan %p", chan);
1da177e4 2168
fe4128e0 2169 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2170 rsp->result = cpu_to_le16(result);
aca3192c 2171 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2172
2173 return ptr - data;
2174}
2175
8c1d787b 2176void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2177{
2178 struct l2cap_conn_rsp rsp;
8c1d787b 2179 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2180 u8 buf[128];
2181
fe4128e0
GP		 2182 rsp.scid = cpu_to_le16(chan->dcid);
2183 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2184 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2185 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2186 l2cap_send_cmd(conn, chan->ident,
2187 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2188
b4450035 2189 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
710f9b0a
GP		 2190 return;
2191
b4450035 2192 chan->conf_state |= L2CAP_CONF_REQ_SENT;
710f9b0a
GP		 2193 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2194 l2cap_build_conf_req(chan, buf), buf);
2195 chan->num_conf_req++;
2196}
2197
47d1ec61 2198static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2199{
7b1c0049
GP		 2200 int type, olen;
2201 unsigned long val;
2202 struct l2cap_conf_rfc rfc;
2203
47d1ec61 2204 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2205
0c1bc5c6 2206 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2207 return;
2208
2209 while (len >= L2CAP_CONF_OPT_SIZE) {
2210 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2211
2212 switch (type) {
2213 case L2CAP_CONF_RFC:
2214 if (olen == sizeof(rfc))
2215 memcpy(&rfc, (void *)val, olen);
2216 goto done;
2217 }
2218 }
2219
2220done:
2221 switch (rfc.mode) {
2222 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2223 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2224 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2225 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2226 break;
2227 case L2CAP_MODE_STREAMING:
47d1ec61 2228 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2229 }
2230}
2231
4e8402a3
MH		 2232static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2233{
2234 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2235
2236 if (rej->reason != 0x0000)
2237 return 0;
2238
2239 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2240 cmd->ident == conn->info_ident) {
4e8402a3 2241 del_timer(&conn->info_timer);
984947dc
MH		 2242
2243 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2244 conn->info_ident = 0;
984947dc 2245
4e8402a3
MH		 2246 l2cap_conn_start(conn);
2247 }
2248
2249 return 0;
2250}
2251
1da177e4
LT		 2252static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2253{
1da177e4
LT		 2254 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2255 struct l2cap_conn_rsp rsp;
23691d75 2256 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2257 struct sock *parent, *sk = NULL;
e7c29cb1 2258 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2259
2260 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2261 __le16 psm = req->psm;
1da177e4
LT		 2262
2263 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2264
2265 /* Check if we have socket listening on psm */
23691d75
GP		 2266 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2267 if (!pchan) {
1da177e4
LT		 2268 result = L2CAP_CR_BAD_PSM;
2269 goto sendresp;
2270 }
2271
23691d75
GP		 2272 parent = pchan->sk;
2273
e0f0cb56
GP		 2274 bh_lock_sock(parent);
2275
e7c29cb1
MH		 2276 /* Check if the ACL is secure enough (if not SDP) */
2277 if (psm != cpu_to_le16(0x0001) &&
2278 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2279 conn->disc_reason = 0x05;
e7c29cb1
MH		 2280 result = L2CAP_CR_SEC_BLOCK;
2281 goto response;
2282 }
2283
1da177e4
LT		 2284 result = L2CAP_CR_NO_MEM;
2285
2286 /* Check for backlog size */
2287 if (sk_acceptq_is_full(parent)) {
8e87d142 2288 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2289 goto response;
2290 }
2291
3b1e0a65 2292 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 2293 if (!sk)
2294 goto response;
2295
23691d75 2296 chan = l2cap_chan_create(sk);
48454079
GP		 2297 if (!chan) {
2298 l2cap_sock_kill(sk);
2299 goto response;
2300 }
2301
5d41ce1d
GP		 2302 l2cap_pi(sk)->chan = chan;
2303
baa7e1fa 2304 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2305
2306 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2307 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2308 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2309 sock_set_flag(sk, SOCK_ZAPPED);
2310 l2cap_sock_kill(sk);
2311 goto response;
2312 }
2313
2314 hci_conn_hold(conn->hcon);
2315
2316 l2cap_sock_init(sk, parent);
2317 bacpy(&bt_sk(sk)->src, conn->src);
2318 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2319 chan->psm = psm;
2320 chan->dcid = scid;
1da177e4 2321
d1010240
GP		 2322 bt_accept_enqueue(parent, sk);
2323
48454079
GP		 2324 __l2cap_chan_add(conn, chan);
2325
fe4128e0 2326 dcid = chan->scid;
1da177e4
LT		 2327
2328 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2329
fc7f8a7e 2330 chan->ident = cmd->ident;
1da177e4 2331
984947dc 2332 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2333 if (l2cap_check_security(chan)) {
f66dc81f
MH		 2334 if (bt_sk(sk)->defer_setup) {
2335 sk->sk_state = BT_CONNECT2;
2336 result = L2CAP_CR_PEND;
2337 status = L2CAP_CS_AUTHOR_PEND;
2338 parent->sk_data_ready(parent, 0);
2339 } else {
2340 sk->sk_state = BT_CONFIG;
2341 result = L2CAP_CR_SUCCESS;
2342 status = L2CAP_CS_NO_INFO;
2343 }
79d554a6
MH		 2344 } else {
2345 sk->sk_state = BT_CONNECT2;
2346 result = L2CAP_CR_PEND;
2347 status = L2CAP_CS_AUTHEN_PEND;
2348 }
2349 } else {
2350 sk->sk_state = BT_CONNECT2;
2351 result = L2CAP_CR_PEND;
2352 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2353 }
2354
baa7e1fa 2355 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2356
2357response:
2358 bh_unlock_sock(parent);
2359
2360sendresp:
aca3192c
YH		 2361 rsp.scid = cpu_to_le16(scid);
2362 rsp.dcid = cpu_to_le16(dcid);
2363 rsp.result = cpu_to_le16(result);
2364 rsp.status = cpu_to_le16(status);
1da177e4 2365 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2366
2367 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2368 struct l2cap_info_req info;
2369 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2370
2371 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2372 conn->info_ident = l2cap_get_ident(conn);
2373
2374 mod_timer(&conn->info_timer, jiffies +
2375 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2376
2377 l2cap_send_cmd(conn, conn->info_ident,
2378 L2CAP_INFO_REQ, sizeof(info), &info);
2379 }
2380
b4450035 2381 if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) &&
e9aeb2dd
GP		 2382 result == L2CAP_CR_SUCCESS) {
2383 u8 buf[128];
b4450035 2384 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 2385 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2386 l2cap_build_conf_req(chan, buf), buf);
2387 chan->num_conf_req++;
e9aeb2dd
GP		 2388 }
2389
1da177e4
LT		 2390 return 0;
2391}
2392
2393static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2394{
2395 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2396 u16 scid, dcid, result, status;
48454079 2397 struct l2cap_chan *chan;
1da177e4
LT		 2398 struct sock *sk;
2399 u8 req[128];
2400
2401 scid = __le16_to_cpu(rsp->scid);
2402 dcid = __le16_to_cpu(rsp->dcid);
2403 result = __le16_to_cpu(rsp->result);
2404 status = __le16_to_cpu(rsp->status);
2405
2406 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2407
2408 if (scid) {
baa7e1fa 2409 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2410 if (!chan)
57d3b22b 2411 return -EFAULT;
1da177e4 2412 } else {
baa7e1fa 2413 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2414 if (!chan)
57d3b22b 2415 return -EFAULT;
1da177e4
LT		 2416 }
2417
48454079
GP		 2418 sk = chan->sk;
2419
1da177e4
LT		 2420 switch (result) {
2421 case L2CAP_CR_SUCCESS:
2422 sk->sk_state = BT_CONFIG;
fc7f8a7e 2423 chan->ident = 0;
fe4128e0 2424 chan->dcid = dcid;
b4450035 2425 chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
6a8d3010 2426
b4450035 2427 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
e9aeb2dd
GP		 2428 break;
2429
b4450035 2430 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 2431
1da177e4 2432 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2433 l2cap_build_conf_req(chan, req), req);
2434 chan->num_conf_req++;
1da177e4
LT		 2435 break;
2436
2437 case L2CAP_CR_PEND:
b4450035 2438 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4
LT		 2439 break;
2440
2441 default:
a49184c2
AE		 2442 /* don't delete l2cap channel if sk is owned by user */
2443 if (sock_owned_by_user(sk)) {
2444 sk->sk_state = BT_DISCONN;
2445 l2cap_sock_clear_timer(sk);
2446 l2cap_sock_set_timer(sk, HZ / 5);
2447 break;
2448 }
2449
48454079 2450 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2451 break;
2452 }
2453
2454 bh_unlock_sock(sk);
2455 return 0;
2456}
2457
47d1ec61 2458static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60 2459{
47d1ec61
GP		 2460 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2461
8c462b60
MM		 2462 /* FCS is enabled only in ERTM or streaming mode, if one or both
2463 * sides request it.
2464 */
0c1bc5c6 2465 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2466 chan->fcs = L2CAP_FCS_NONE;
b4450035 2467 else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))
47d1ec61 2468 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2469}
2470
88219a0f 2471static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2472{
2473 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2474 u16 dcid, flags;
2475 u8 rsp[64];
48454079 2476 struct l2cap_chan *chan;
1da177e4 2477 struct sock *sk;
5dee9e7c 2478 int len;
1da177e4
LT		 2479
2480 dcid = __le16_to_cpu(req->dcid);
2481 flags = __le16_to_cpu(req->flags);
2482
2483 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2484
baa7e1fa 2485 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2486 if (!chan)
1da177e4
LT		 2487 return -ENOENT;
2488
48454079
GP		 2489 sk = chan->sk;
2490
df6bd743
GP		 2491 if (sk->sk_state != BT_CONFIG) {
2492 struct l2cap_cmd_rej rej;
2493
2494 rej.reason = cpu_to_le16(0x0002);
2495 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2496 sizeof(rej), &rej);
354f60a9 2497 goto unlock;
df6bd743 2498 }
354f60a9 2499
5dee9e7c 2500 /* Reject if config buffer is too small. */
88219a0f 2501 len = cmd_len - sizeof(*req);
73ffa904 2502 if (chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2503 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2504 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2505 L2CAP_CONF_REJECT, flags), rsp);
2506 goto unlock;
2507 }
2508
2509 /* Store config. */
73ffa904
GP		 2510 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2511 chan->conf_len += len;
1da177e4
LT		 2512
2513 if (flags & 0x0001) {
2514 /* Incomplete config. Send empty response. */
2515 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2516 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2517 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2518 goto unlock;
2519 }
2520
2521 /* Complete config. */
73ffa904 2522 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2523 if (len < 0) {
e92c8e70 2524 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2525 goto unlock;
f2fcfcd6 2526 }
1da177e4 2527
5dee9e7c 2528 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2529 chan->num_conf_rsp++;
5dee9e7c 2530
5dee9e7c 2531 /* Reset config buffer. */
73ffa904 2532 chan->conf_len = 0;
5dee9e7c 2533
b4450035 2534 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE))
876d9484
MH		 2535 goto unlock;
2536
b4450035 2537 if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {
47d1ec61 2538 set_default_fcs(chan);
fcc203c3 2539
1da177e4 2540 sk->sk_state = BT_CONNECTED;
e90bac06 2541
42e5c802
GP		 2542 chan->next_tx_seq = 0;
2543 chan->expected_tx_seq = 0;
58d35f87 2544 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2545 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2546 l2cap_ertm_init(chan);
0565c1c2 2547
1da177e4 2548 l2cap_chan_ready(sk);
876d9484
MH		 2549 goto unlock;
2550 }
2551
b4450035 2552 if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2553 u8 buf[64];
b4450035 2554 chan->conf_state |= L2CAP_CONF_REQ_SENT;
1da177e4 2555 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2556 l2cap_build_conf_req(chan, buf), buf);
2557 chan->num_conf_req++;
1da177e4
LT		 2558 }
2559
2560unlock:
2561 bh_unlock_sock(sk);
2562 return 0;
2563}
2564
2565static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2566{
2567 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2568 u16 scid, flags, result;
48454079 2569 struct l2cap_chan *chan;
1da177e4 2570 struct sock *sk;
7b1c0049 2571 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2572
2573 scid = __le16_to_cpu(rsp->scid);
2574 flags = __le16_to_cpu(rsp->flags);
2575 result = __le16_to_cpu(rsp->result);
2576
af05b30b
GP		 2577 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2578 scid, flags, result);
1da177e4 2579
baa7e1fa 2580 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2581 if (!chan)
1da177e4
LT		 2582 return 0;
2583
48454079
GP		 2584 sk = chan->sk;
2585
1da177e4
LT		 2586 switch (result) {
2587 case L2CAP_CONF_SUCCESS:
47d1ec61 2588 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2589 break;
2590
2591 case L2CAP_CONF_UNACCEPT:
73ffa904 2592 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2593 char req[64];
2594
c2c77ec8 2595 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2596 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2597 goto done;
2598 }
2599
f2fcfcd6
GP		 2600 /* throw out any old stored conf requests */
2601 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2602 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2603 req, &result);
f2fcfcd6 2604 if (len < 0) {
e92c8e70 2605 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2606 goto done;
2607 }
2608
2609 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2610 L2CAP_CONF_REQ, len, req);
73ffa904 2611 chan->num_conf_req++;
f2fcfcd6
GP		 2612 if (result != L2CAP_CONF_SUCCESS)
2613 goto done;
2614 break;
1da177e4
LT		 2615 }
2616
8e87d142 2617 default:
b1235d79 2618 sk->sk_err = ECONNRESET;
1da177e4 2619 l2cap_sock_set_timer(sk, HZ * 5);
e92c8e70 2620 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2621 goto done;
2622 }
2623
2624 if (flags & 0x01)
2625 goto done;
2626
b4450035 2627 chan->conf_state |= L2CAP_CONF_INPUT_DONE;
1da177e4 2628
b4450035 2629 if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {
47d1ec61 2630 set_default_fcs(chan);
fcc203c3 2631
1da177e4 2632 sk->sk_state = BT_CONNECTED;
42e5c802
GP		 2633 chan->next_tx_seq = 0;
2634 chan->expected_tx_seq = 0;
58d35f87 2635 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2636 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2637 l2cap_ertm_init(chan);
0565c1c2 2638
1da177e4
LT		 2639 l2cap_chan_ready(sk);
2640 }
2641
2642done:
2643 bh_unlock_sock(sk);
2644 return 0;
2645}
2646
2647static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2648{
2649 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2650 struct l2cap_disconn_rsp rsp;
2651 u16 dcid, scid;
48454079 2652 struct l2cap_chan *chan;
1da177e4
LT		 2653 struct sock *sk;
2654
2655 scid = __le16_to_cpu(req->scid);
2656 dcid = __le16_to_cpu(req->dcid);
2657
2658 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2659
baa7e1fa 2660 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2661 if (!chan)
1da177e4
LT		 2662 return 0;
2663
48454079
GP		 2664 sk = chan->sk;
2665
fe4128e0
GP		 2666 rsp.dcid = cpu_to_le16(chan->scid);
2667 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2668 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2669
2670 sk->sk_shutdown = SHUTDOWN_MASK;
2671
a49184c2
AE		 2672 /* don't delete l2cap channel if sk is owned by user */
2673 if (sock_owned_by_user(sk)) {
2674 sk->sk_state = BT_DISCONN;
2675 l2cap_sock_clear_timer(sk);
2676 l2cap_sock_set_timer(sk, HZ / 5);
2677 bh_unlock_sock(sk);
2678 return 0;
2679 }
2680
48454079 2681 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2682 bh_unlock_sock(sk);
2683
2684 l2cap_sock_kill(sk);
2685 return 0;
2686}
2687
2688static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2689{
2690 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2691 u16 dcid, scid;
48454079 2692 struct l2cap_chan *chan;
1da177e4
LT		 2693 struct sock *sk;
2694
2695 scid = __le16_to_cpu(rsp->scid);
2696 dcid = __le16_to_cpu(rsp->dcid);
2697
2698 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2699
baa7e1fa 2700 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2701 if (!chan)
1da177e4
LT		 2702 return 0;
2703
48454079
GP		 2704 sk = chan->sk;
2705
a49184c2
AE		 2706 /* don't delete l2cap channel if sk is owned by user */
2707 if (sock_owned_by_user(sk)) {
2708 sk->sk_state = BT_DISCONN;
2709 l2cap_sock_clear_timer(sk);
2710 l2cap_sock_set_timer(sk, HZ / 5);
2711 bh_unlock_sock(sk);
2712 return 0;
2713 }
2714
48454079 2715 l2cap_chan_del(chan, 0);
1da177e4
LT		 2716 bh_unlock_sock(sk);
2717
2718 l2cap_sock_kill(sk);
2719 return 0;
2720}
2721
2722static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2723{
2724 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2725 u16 type;
2726
2727 type = __le16_to_cpu(req->type);
2728
2729 BT_DBG("type 0x%4.4x", type);
2730
f0709e03
MH		 2731 if (type == L2CAP_IT_FEAT_MASK) {
2732 u8 buf[8];
44dd46de 2733 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2734 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2735 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2736 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2737 if (!disable_ertm)
fcc203c3
GP		 2738 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2739 | L2CAP_FEAT_FCS;
1b7bf4ed 2740 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2741 l2cap_send_cmd(conn, cmd->ident,
2742 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2743 } else if (type == L2CAP_IT_FIXED_CHAN) {
2744 u8 buf[12];
2745 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2746 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2747 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2748 memcpy(buf + 4, l2cap_fixed_chan, 8);
2749 l2cap_send_cmd(conn, cmd->ident,
2750 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2751 } else {
2752 struct l2cap_info_rsp rsp;
2753 rsp.type = cpu_to_le16(type);
2754 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2755 l2cap_send_cmd(conn, cmd->ident,
2756 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2757 }
1da177e4
LT		 2758
2759 return 0;
2760}
2761
2762static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2763{
2764 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2765 u16 type, result;
2766
2767 type = __le16_to_cpu(rsp->type);
2768 result = __le16_to_cpu(rsp->result);
2769
2770 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2771
e90165be
AE		 2772 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2773 if (cmd->ident != conn->info_ident ||
2774 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2775 return 0;
2776
4e8402a3
MH		 2777 del_timer(&conn->info_timer);
2778
adb08ede
VT		 2779 if (result != L2CAP_IR_SUCCESS) {
2780 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2781 conn->info_ident = 0;
2782
2783 l2cap_conn_start(conn);
2784
2785 return 0;
2786 }
2787
984947dc 2788 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2789 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2790
47ec1dcd 2791 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2792 struct l2cap_info_req req;
2793 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2794
2795 conn->info_ident = l2cap_get_ident(conn);
2796
2797 l2cap_send_cmd(conn, conn->info_ident,
2798 L2CAP_INFO_REQ, sizeof(req), &req);
2799 } else {
2800 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2801 conn->info_ident = 0;
2802
2803 l2cap_conn_start(conn);
2804 }
2805 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2806 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2807 conn->info_ident = 0;
984947dc
MH		 2808
2809 l2cap_conn_start(conn);
2810 }
4e8402a3 2811
1da177e4
LT		 2812 return 0;
2813}
2814
e2174ca4 2815static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2816 u16 to_multiplier)
2817{
2818 u16 max_latency;
2819
2820 if (min > max || min < 6 || max > 3200)
2821 return -EINVAL;
2822
2823 if (to_multiplier < 10 || to_multiplier > 3200)
2824 return -EINVAL;
2825
2826 if (max >= to_multiplier * 8)
2827 return -EINVAL;
2828
2829 max_latency = (to_multiplier * 8 / max) - 1;
2830 if (latency > 499 || latency > max_latency)
2831 return -EINVAL;
2832
2833 return 0;
2834}
2835
2836static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2837 struct l2cap_cmd_hdr *cmd, u8 *data)
2838{
2839 struct hci_conn *hcon = conn->hcon;
2840 struct l2cap_conn_param_update_req *req;
2841 struct l2cap_conn_param_update_rsp rsp;
2842 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2843 int err;
de73115a
CT		 2844
2845 if (!(hcon->link_mode & HCI_LM_MASTER))
2846 return -EINVAL;
2847
2848 cmd_len = __le16_to_cpu(cmd->len);
2849 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2850 return -EPROTO;
2851
2852 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2853 min = __le16_to_cpu(req->min);
2854 max = __le16_to_cpu(req->max);
de73115a
CT		 2855 latency = __le16_to_cpu(req->latency);
2856 to_multiplier = __le16_to_cpu(req->to_multiplier);
2857
2858 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2859 min, max, latency, to_multiplier);
2860
2861 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2862
2863 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2864 if (err)
de73115a
CT		 2865 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2866 else
2867 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2868
2869 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2870 sizeof(rsp), &rsp);
2871
2ce603eb
CT		 2872 if (!err)
2873 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2874
de73115a
CT		 2875 return 0;
2876}
2877
3300d9a9
CT		 2878static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2879 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2880{
2881 int err = 0;
2882
2883 switch (cmd->code) {
2884 case L2CAP_COMMAND_REJ:
2885 l2cap_command_rej(conn, cmd, data);
2886 break;
2887
2888 case L2CAP_CONN_REQ:
2889 err = l2cap_connect_req(conn, cmd, data);
2890 break;
2891
2892 case L2CAP_CONN_RSP:
2893 err = l2cap_connect_rsp(conn, cmd, data);
2894 break;
2895
2896 case L2CAP_CONF_REQ:
2897 err = l2cap_config_req(conn, cmd, cmd_len, data);
2898 break;
2899
2900 case L2CAP_CONF_RSP:
2901 err = l2cap_config_rsp(conn, cmd, data);
2902 break;
2903
2904 case L2CAP_DISCONN_REQ:
2905 err = l2cap_disconnect_req(conn, cmd, data);
2906 break;
2907
2908 case L2CAP_DISCONN_RSP:
2909 err = l2cap_disconnect_rsp(conn, cmd, data);
2910 break;
2911
2912 case L2CAP_ECHO_REQ:
2913 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2914 break;
2915
2916 case L2CAP_ECHO_RSP:
2917 break;
2918
2919 case L2CAP_INFO_REQ:
2920 err = l2cap_information_req(conn, cmd, data);
2921 break;
2922
2923 case L2CAP_INFO_RSP:
2924 err = l2cap_information_rsp(conn, cmd, data);
2925 break;
2926
2927 default:
2928 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2929 err = -EINVAL;
2930 break;
2931 }
2932
2933 return err;
2934}
2935
2936static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2937 struct l2cap_cmd_hdr *cmd, u8 *data)
2938{
2939 switch (cmd->code) {
2940 case L2CAP_COMMAND_REJ:
2941 return 0;
2942
2943 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 2944 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 2945
2946 case L2CAP_CONN_PARAM_UPDATE_RSP:
2947 return 0;
2948
2949 default:
2950 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
2951 return -EINVAL;
2952 }
2953}
2954
2955static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2956 struct sk_buff *skb)
1da177e4
LT		 2957{
2958 u8 *data = skb->data;
2959 int len = skb->len;
2960 struct l2cap_cmd_hdr cmd;
3300d9a9 2961 int err;
1da177e4
LT		 2962
2963 l2cap_raw_recv(conn, skb);
2964
2965 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2966 u16 cmd_len;
1da177e4
LT		 2967 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2968 data += L2CAP_CMD_HDR_SIZE;
2969 len -= L2CAP_CMD_HDR_SIZE;
2970
88219a0f 2971 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2972
88219a0f 2973 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2974
88219a0f 2975 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2976 BT_DBG("corrupted command");
2977 break;
2978 }
2979
3300d9a9
CT		 2980 if (conn->hcon->type == LE_LINK)
2981 err = l2cap_le_sig_cmd(conn, &cmd, data);
2982 else
2983 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 2984
2985 if (err) {
2986 struct l2cap_cmd_rej rej;
2c6d1a2e
GP		 2987
2988 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 2989
2990 /* FIXME: Map err to a valid reason */
aca3192c 2991 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2992 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2993 }
2994
88219a0f
AV		 2995 data += cmd_len;
2996 len -= cmd_len;
1da177e4
LT		 2997 }
2998
2999 kfree_skb(skb);
3000}
3001
47d1ec61 3002static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3003{
3004 u16 our_fcs, rcv_fcs;
3005 int hdr_size = L2CAP_HDR_SIZE + 2;
3006
47d1ec61 3007 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 3008 skb_trim(skb, skb->len - 2);
3009 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3010 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3011
3012 if (our_fcs != rcv_fcs)
7a560e5c 3013 return -EBADMSG;
fcc203c3
GP		 3014 }
3015 return 0;
3016}
3017
525cd185 3018static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3019{
d5392c8f
GP		 3020 u16 control = 0;
3021
6a026610 3022 chan->frames_sent = 0;
d5392c8f 3023
42e5c802 3024 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
d5392c8f 3025
525cd185 3026 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
64988868 3027 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185
GP		 3028 l2cap_send_sframe(chan, control);
3029 chan->conn_state |= L2CAP_CONN_RNR_SENT;
d5392c8f
GP		 3030 }
3031
525cd185
GP		 3032 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
3033 l2cap_retransmit_frames(chan);
d5392c8f 3034
525cd185 3035 l2cap_ertm_send(chan);
d5392c8f 3036
525cd185 3037 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
6a026610 3038 chan->frames_sent == 0) {
d5392c8f 3039 control |= L2CAP_SUPER_RCV_READY;
525cd185 3040 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3041 }
3042}
3043
42e5c802 3044static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 3045{
3046 struct sk_buff *next_skb;
bfbacc11 3047 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3048
3049 bt_cb(skb)->tx_seq = tx_seq;
3050 bt_cb(skb)->sar = sar;
3051
f1c6775b 3052 next_skb = skb_peek(&chan->srej_q);
8f17154f 3053 if (!next_skb) {
f1c6775b 3054 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 3055 return 0;
8f17154f
GP		 3056 }
3057
42e5c802 3058 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 3059 if (tx_seq_offset < 0)
3060 tx_seq_offset += 64;
3061
8f17154f 3062 do {
9b53350d
JPRV		 3063 if (bt_cb(next_skb)->tx_seq == tx_seq)
3064 return -EINVAL;
3065
bfbacc11 3066 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 3067 chan->buffer_seq) % 64;
bfbacc11
JPRV		 3068 if (next_tx_seq_offset < 0)
3069 next_tx_seq_offset += 64;
3070
3071 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3072 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3073 return 0;
8f17154f
GP		 3074 }
3075
f1c6775b 3076 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 3077 break;
3078
f1c6775b 3079 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3080
f1c6775b 3081 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3082
3083 return 0;
8f17154f
GP		 3084}
3085
525cd185 3086static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
18778a63 3087{
18778a63 3088 struct sk_buff *_skb;
1890d36b 3089 int err;
18778a63
GP		 3090
3091 switch (control & L2CAP_CTRL_SAR) {
3092 case L2CAP_SDU_UNSEGMENTED:
525cd185 3093 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
18778a63
GP		 3094 goto drop;
3095
224f8af0 3096 return sock_queue_rcv_skb(chan->sk, skb);
18778a63
GP		 3097
3098 case L2CAP_SDU_START:
525cd185 3099 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
18778a63
GP		 3100 goto drop;
3101
6f61fd47 3102 chan->sdu_len = get_unaligned_le16(skb->data);
18778a63 3103
0c1bc5c6 3104 if (chan->sdu_len > chan->imtu)
18778a63
GP		 3105 goto disconnect;
3106
6f61fd47
GP		 3107 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3108 if (!chan->sdu)
1890d36b
GP		 3109 return -ENOMEM;
3110
3111 /* pull sdu_len bytes only after alloc, because of Local Busy
3112 * condition we have to be sure that this will be executed
3113 * only once, i.e., when alloc does not fail */
3114 skb_pull(skb, 2);
18778a63 3115
6f61fd47 3116 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
18778a63 3117
525cd185 3118 chan->conn_state |= L2CAP_CONN_SAR_SDU;
6f61fd47 3119 chan->partial_sdu_len = skb->len;
18778a63
GP		 3120 break;
3121
3122 case L2CAP_SDU_CONTINUE:
525cd185 3123 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
18778a63
GP		 3124 goto disconnect;
3125
6f61fd47 3126 if (!chan->sdu)
18778a63
GP		 3127 goto disconnect;
3128
6f61fd47
GP		 3129 chan->partial_sdu_len += skb->len;
3130 if (chan->partial_sdu_len > chan->sdu_len)
18778a63
GP		 3131 goto drop;
3132
6f61fd47 3133 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
4178ba46 3134
18778a63
GP		 3135 break;
3136
3137 case L2CAP_SDU_END:
525cd185 3138 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
18778a63
GP		 3139 goto disconnect;
3140
6f61fd47 3141 if (!chan->sdu)
18778a63
GP		 3142 goto disconnect;
3143
525cd185 3144 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
6f61fd47 3145 chan->partial_sdu_len += skb->len;
18778a63 3146
0c1bc5c6 3147 if (chan->partial_sdu_len > chan->imtu)
1890d36b 3148 goto drop;
18778a63 3149
6f61fd47 3150 if (chan->partial_sdu_len != chan->sdu_len)
1890d36b 3151 goto drop;
4178ba46 3152
6f61fd47 3153 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
1890d36b 3154 }
18778a63 3155
6f61fd47 3156 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
1890d36b 3157 if (!_skb) {
525cd185 3158 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
1890d36b
GP		 3159 return -ENOMEM;
3160 }
3161
525cd185 3162 err = sock_queue_rcv_skb(chan->sk, _skb);
1890d36b 3163 if (err < 0) {
18778a63 3164 kfree_skb(_skb);
525cd185 3165 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
1890d36b
GP		 3166 return err;
3167 }
3168
525cd185
GP		 3169 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3170 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
18778a63 3171
6f61fd47 3172 kfree_skb(chan->sdu);
18778a63
GP		 3173 break;
3174 }
3175
3176 kfree_skb(skb);
1890d36b 3177 return 0;
18778a63
GP		 3178
3179drop:
6f61fd47
GP		 3180 kfree_skb(chan->sdu);
3181 chan->sdu = NULL;
18778a63
GP		 3182
3183disconnect:
8c1d787b 3184 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
18778a63
GP		 3185 kfree_skb(skb);
3186 return 0;
3187}
3188
525cd185 3189static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
712132eb 3190{
712132eb
GP		 3191 struct sk_buff *skb;
3192 u16 control;
3193 int err;
3194
f1c6775b 3195 while ((skb = skb_dequeue(&chan->busy_q))) {
712132eb 3196 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
525cd185 3197 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
712132eb 3198 if (err < 0) {
f1c6775b 3199 skb_queue_head(&chan->busy_q, skb);
712132eb
GP		 3200 return -EBUSY;
3201 }
3202
42e5c802 3203 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
712132eb
GP		 3204 }
3205
525cd185 3206 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
712132eb
GP		 3207 goto done;
3208
42e5c802 3209 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
712132eb 3210 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
525cd185 3211 l2cap_send_sframe(chan, control);
6a026610 3212 chan->retry_count = 1;
712132eb 3213
e92c8e70 3214 del_timer(&chan->retrans_timer);
712132eb
GP		 3215 __mod_monitor_timer();
3216
525cd185 3217 chan->conn_state |= L2CAP_CONN_WAIT_F;
712132eb
GP		 3218
3219done:
525cd185
GP		 3220 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3221 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
712132eb 3222
49208c9c 3223 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3224
3225 return 0;
3226}
3227
1890d36b
GP		 3228static void l2cap_busy_work(struct work_struct *work)
3229{
3230 DECLARE_WAITQUEUE(wait, current);
311bb895
GP		 3231 struct l2cap_chan *chan =
3232 container_of(work, struct l2cap_chan, busy_work);
3233 struct sock *sk = chan->sk;
1890d36b
GP		 3234 int n_tries = 0, timeo = HZ/5, err;
3235 struct sk_buff *skb;
1890d36b
GP		 3236
3237 lock_sock(sk);
3238
2b0b05dd 3239 add_wait_queue(sk_sleep(sk), &wait);
311bb895 3240 while ((skb = skb_peek(&chan->busy_q))) {
1890d36b
GP		 3241 set_current_state(TASK_INTERRUPTIBLE);
3242
3243 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3244 err = -EBUSY;
8c1d787b 3245 l2cap_send_disconn_req(chan->conn, chan, EBUSY);
712132eb 3246 break;
1890d36b
GP		 3247 }
3248
3249 if (!timeo)
3250 timeo = HZ/5;
3251
3252 if (signal_pending(current)) {
3253 err = sock_intr_errno(timeo);
712132eb 3254 break;
1890d36b
GP		 3255 }
3256
3257 release_sock(sk);
3258 timeo = schedule_timeout(timeo);
3259 lock_sock(sk);
3260
3261 err = sock_error(sk);
3262 if (err)
712132eb 3263 break;
1890d36b 3264
311bb895 3265 if (l2cap_try_push_rx_skb(chan) == 0)
1890d36b
GP		 3266 break;
3267 }
3268
1890d36b 3269 set_current_state(TASK_RUNNING);
2b0b05dd 3270 remove_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 3271
3272 release_sock(sk);
3273}
3274
525cd185 3275static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
1890d36b 3276{
1890d36b
GP		 3277 int sctrl, err;
3278
525cd185 3279 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1890d36b 3280 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
f1c6775b 3281 __skb_queue_tail(&chan->busy_q, skb);
525cd185 3282 return l2cap_try_push_rx_skb(chan);
712132eb
GP		 3283
3284
1890d36b
GP		 3285 }
3286
525cd185 3287 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
1890d36b 3288 if (err >= 0) {
42e5c802 3289 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
1890d36b
GP		 3290 return err;
3291 }
3292
3293 /* Busy Condition */
311bb895 3294 BT_DBG("chan %p, Enter local busy", chan);
0e98958d 3295
525cd185 3296 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
1890d36b 3297 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
f1c6775b 3298 __skb_queue_tail(&chan->busy_q, skb);
1890d36b 3299
42e5c802 3300 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1890d36b 3301 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 3302 l2cap_send_sframe(chan, sctrl);
1890d36b 3303
525cd185 3304 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1890d36b 3305
e92c8e70 3306 del_timer(&chan->ack_timer);
7fe9b298 3307
311bb895 3308 queue_work(_busy_wq, &chan->busy_work);
1890d36b
GP		 3309
3310 return err;
3311}
3312
525cd185 3313static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
c74e560c 3314{
c74e560c
GP		 3315 struct sk_buff *_skb;
3316 int err = -EINVAL;
3317
18778a63
GP		 3318 /*
3319 * TODO: We have to notify the userland if some data is lost with the
3320 * Streaming Mode.
3321 */
3322
c74e560c
GP		 3323 switch (control & L2CAP_CTRL_SAR) {
3324 case L2CAP_SDU_UNSEGMENTED:
525cd185 3325 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
6f61fd47 3326 kfree_skb(chan->sdu);
c74e560c
GP		 3327 break;
3328 }
3329
525cd185 3330 err = sock_queue_rcv_skb(chan->sk, skb);
c74e560c
GP		 3331 if (!err)
3332 return 0;
3333
3334 break;
3335
3336 case L2CAP_SDU_START:
525cd185 3337 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
6f61fd47 3338 kfree_skb(chan->sdu);
c74e560c
GP		 3339 break;
3340 }
3341
6f61fd47 3342 chan->sdu_len = get_unaligned_le16(skb->data);
c74e560c
GP		 3343 skb_pull(skb, 2);
3344
0c1bc5c6 3345 if (chan->sdu_len > chan->imtu) {
052897ca
GP		 3346 err = -EMSGSIZE;
3347 break;
3348 }
3349
6f61fd47
GP		 3350 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3351 if (!chan->sdu) {
c74e560c
GP		 3352 err = -ENOMEM;
3353 break;
3354 }
3355
6f61fd47 3356 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3357
525cd185 3358 chan->conn_state |= L2CAP_CONN_SAR_SDU;
6f61fd47 3359 chan->partial_sdu_len = skb->len;
c74e560c
GP		 3360 err = 0;
3361 break;
3362
3363 case L2CAP_SDU_CONTINUE:
525cd185 3364 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
c74e560c
GP		 3365 break;
3366
6f61fd47 3367 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3368
6f61fd47
GP		 3369 chan->partial_sdu_len += skb->len;
3370 if (chan->partial_sdu_len > chan->sdu_len)
3371 kfree_skb(chan->sdu);
c74e560c
GP		 3372 else
3373 err = 0;
3374
3375 break;
3376
3377 case L2CAP_SDU_END:
525cd185 3378 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
c74e560c
GP		 3379 break;
3380
6f61fd47 3381 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3382
525cd185 3383 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
6f61fd47 3384 chan->partial_sdu_len += skb->len;
c74e560c 3385
0c1bc5c6 3386 if (chan->partial_sdu_len > chan->imtu)
36f2fd58
GP		 3387 goto drop;
3388
6f61fd47
GP		 3389 if (chan->partial_sdu_len == chan->sdu_len) {
3390 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
525cd185 3391 err = sock_queue_rcv_skb(chan->sk, _skb);
c74e560c
GP		 3392 if (err < 0)
3393 kfree_skb(_skb);
3394 }
c74e560c
GP		 3395 err = 0;
3396
36f2fd58 3397drop:
6f61fd47 3398 kfree_skb(chan->sdu);
c74e560c
GP		 3399 break;
3400 }
3401
3402 kfree_skb(skb);
3403 return err;
3404}
3405
525cd185 3406static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
8f17154f
GP		 3407{
3408 struct sk_buff *skb;
afefdbc4 3409 u16 control;
8f17154f 3410
f1c6775b 3411 while ((skb = skb_peek(&chan->srej_q))) {
8f17154f
GP		 3412 if (bt_cb(skb)->tx_seq != tx_seq)
3413 break;
3414
f1c6775b 3415 skb = skb_dequeue(&chan->srej_q);
afefdbc4 3416 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
525cd185 3417 l2cap_ertm_reassembly_sdu(chan, skb, control);
42e5c802
GP		 3418 chan->buffer_seq_srej =
3419 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3420 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3421 }
3422}
3423
525cd185 3424static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3425{
8f17154f
GP		 3426 struct srej_list *l, *tmp;
3427 u16 control;
3428
39d5a3ee 3429 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3430 if (l->tx_seq == tx_seq) {
3431 list_del(&l->list);
3432 kfree(l);
3433 return;
3434 }
3435 control = L2CAP_SUPER_SELECT_REJECT;
3436 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3437 l2cap_send_sframe(chan, control);
8f17154f 3438 list_del(&l->list);
39d5a3ee 3439 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3440 }
3441}
3442
525cd185 3443static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3444{
8f17154f
GP		 3445 struct srej_list *new;
3446 u16 control;
3447
42e5c802 3448 while (tx_seq != chan->expected_tx_seq) {
8f17154f 3449 control = L2CAP_SUPER_SELECT_REJECT;
42e5c802 3450 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3451 l2cap_send_sframe(chan, control);
8f17154f
GP		 3452
3453 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3454 new->tx_seq = chan->expected_tx_seq;
3455 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3456 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3457 }
42e5c802 3458 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3459}
3460
525cd185 3461static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3462{
1c2acffb 3463 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3464 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3465 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3466 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3467 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3468 int err = 0;
3469
525cd185
GP		 3470 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3471 tx_seq, rx_control);
1c2acffb 3472
9b16dc65 3473 if (L2CAP_CTRL_FINAL & rx_control &&
525cd185 3474 chan->conn_state & L2CAP_CONN_WAIT_F) {
e92c8e70 3475 del_timer(&chan->monitor_timer);
6a026610 3476 if (chan->unacked_frames > 0)
1d8f5d16 3477 __mod_retrans_timer();
525cd185 3478 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
1d8f5d16
GP		 3479 }
3480
42e5c802
GP		 3481 chan->expected_ack_seq = req_seq;
3482 l2cap_drop_acked_frames(chan);
9f121a5a 3483
42e5c802 3484 if (tx_seq == chan->expected_tx_seq)
8f17154f 3485 goto expected;
1c2acffb 3486
42e5c802 3487 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3488 if (tx_seq_offset < 0)
3489 tx_seq_offset += 64;
3490
3491 /* invalid tx_seq */
47d1ec61 3492 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3493 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3494 goto drop;
3495 }
3496
525cd185 3497 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
1890d36b
GP		 3498 goto drop;
3499
525cd185 3500 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
8f17154f 3501 struct srej_list *first;
30afb5b2 3502
39d5a3ee 3503 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3504 struct srej_list, list);
3505 if (tx_seq == first->tx_seq) {
42e5c802 3506 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3507 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3508
3509 list_del(&first->list);
3510 kfree(first);
3511
39d5a3ee 3512 if (list_empty(&chan->srej_l)) {
42e5c802 3513 chan->buffer_seq = chan->buffer_seq_srej;
525cd185
GP		 3514 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3515 l2cap_send_ack(chan);
49208c9c 3516 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3517 }
3518 } else {
3519 struct srej_list *l;
9b53350d
JPRV		 3520
3521 /* duplicated tx_seq */
42e5c802 3522 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3523 goto drop;
8f17154f 3524
39d5a3ee 3525 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3526 if (l->tx_seq == tx_seq) {
525cd185 3527 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3528 return 0;
3529 }
3530 }
525cd185 3531 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3532 }
3533 } else {
9b53350d 3534 expected_tx_seq_offset =
42e5c802 3535 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3536 if (expected_tx_seq_offset < 0)
3537 expected_tx_seq_offset += 64;
3538
3539 /* duplicated tx_seq */
3540 if (tx_seq_offset < expected_tx_seq_offset)
3541 goto drop;
3542
525cd185 3543 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
1c2acffb 3544
49208c9c 3545 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3546
39d5a3ee 3547 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3548 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3549
f1c6775b
GP		 3550 __skb_queue_head_init(&chan->srej_q);
3551 __skb_queue_head_init(&chan->busy_q);
42e5c802 3552 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3553
525cd185 3554 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
ef54fd93 3555
525cd185 3556 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3557
e92c8e70 3558 del_timer(&chan->ack_timer);
1c2acffb 3559 }
30afb5b2
GP		 3560 return 0;
3561
8f17154f 3562expected:
42e5c802 3563 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3564
525cd185 3565 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3b1a9f3f
GP		 3566 bt_cb(skb)->tx_seq = tx_seq;
3567 bt_cb(skb)->sar = sar;
f1c6775b 3568 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3569 return 0;
3570 }
3571
525cd185 3572 err = l2cap_push_rx_skb(chan, skb, rx_control);
2ece3684
GP		 3573 if (err < 0)
3574 return 0;
3575
4ec10d97 3576 if (rx_control & L2CAP_CTRL_FINAL) {
525cd185
GP		 3577 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3578 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3579 else
525cd185 3580 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3581 }
3582
c1b4f43b
GP		 3583 __mod_ack_timer();
3584
6a026610
GP		 3585 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3586 if (chan->num_acked == num_to_ack - 1)
525cd185 3587 l2cap_send_ack(chan);
9e917af1 3588
8f17154f 3589 return 0;
9b53350d
JPRV		 3590
3591drop:
3592 kfree_skb(skb);
3593 return 0;
1c2acffb
GP		 3594}
3595
525cd185 3596static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3597{
49208c9c 3598 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
0e98958d
GP		 3599 rx_control);
3600
42e5c802
GP		 3601 chan->expected_ack_seq = __get_reqseq(rx_control);
3602 l2cap_drop_acked_frames(chan);
1c2acffb 3603
e072745f 3604 if (rx_control & L2CAP_CTRL_POLL) {
525cd185
GP		 3605 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3606 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3607 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
6a026610 3608 (chan->unacked_frames > 0))
05fbd89d
GP		 3609 __mod_retrans_timer();
3610
525cd185
GP		 3611 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3612 l2cap_send_srejtail(chan);
05fbd89d 3613 } else {
525cd185 3614 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3615 }
1d8f5d16 3616
e072745f 3617 } else if (rx_control & L2CAP_CTRL_FINAL) {
525cd185 3618 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4ec10d97 3619
525cd185
GP		 3620 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3621 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3622 else
525cd185 3623 l2cap_retransmit_frames(chan);
2246b2f1 3624
e072745f 3625 } else {
525cd185 3626 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
6a026610 3627 (chan->unacked_frames > 0))
e072745f 3628 __mod_retrans_timer();
1c2acffb 3629
525cd185
GP		 3630 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3631 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3632 l2cap_send_ack(chan);
894718a6 3633 else
525cd185 3634 l2cap_ertm_send(chan);
e072745f
GP		 3635 }
3636}
2246b2f1 3637
525cd185 3638static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3639{
e072745f 3640 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3641
525cd185 3642 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3643
525cd185 3644 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
e072745f 3645
42e5c802
GP		 3646 chan->expected_ack_seq = tx_seq;
3647 l2cap_drop_acked_frames(chan);
e072745f
GP		 3648
3649 if (rx_control & L2CAP_CTRL_FINAL) {
525cd185
GP		 3650 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3651 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3652 else
525cd185 3653 l2cap_retransmit_frames(chan);
e072745f 3654 } else {
525cd185 3655 l2cap_retransmit_frames(chan);
30afb5b2 3656
525cd185
GP		 3657 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3658 chan->conn_state |= L2CAP_CONN_REJ_ACT;
e072745f
GP		 3659 }
3660}
525cd185 3661static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3662{
e072745f 3663 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3664
525cd185 3665 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3666
525cd185 3667 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
2246b2f1 3668
e072745f 3669 if (rx_control & L2CAP_CTRL_POLL) {
42e5c802
GP		 3670 chan->expected_ack_seq = tx_seq;
3671 l2cap_drop_acked_frames(chan);
3cb123d1 3672
525cd185
GP		 3673 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3674 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3675
525cd185 3676 l2cap_ertm_send(chan);
dfc909be 3677
525cd185 3678 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
6a026610 3679 chan->srej_save_reqseq = tx_seq;
525cd185 3680 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3681 }
e072745f 3682 } else if (rx_control & L2CAP_CTRL_FINAL) {
525cd185 3683 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
6a026610 3684 chan->srej_save_reqseq == tx_seq)
525cd185 3685 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
e072745f 3686 else
525cd185 3687 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3688 } else {
525cd185
GP		 3689 l2cap_retransmit_one_frame(chan, tx_seq);
3690 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
6a026610 3691 chan->srej_save_reqseq = tx_seq;
525cd185 3692 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3693 }
e072745f
GP		 3694 }
3695}
3696
525cd185 3697static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3698{
e072745f
GP		 3699 u8 tx_seq = __get_reqseq(rx_control);
3700
525cd185 3701 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3702
525cd185 3703 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
42e5c802
GP		 3704 chan->expected_ack_seq = tx_seq;
3705 l2cap_drop_acked_frames(chan);
e072745f 3706
3cb123d1 3707 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3708 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3cb123d1 3709
525cd185 3710 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
e92c8e70 3711 del_timer(&chan->retrans_timer);
a2e12a2a 3712 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3713 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3714 return;
e072745f 3715 }
99b0d4b7
GP		 3716
3717 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3718 l2cap_send_srejtail(chan);
99b0d4b7 3719 else
525cd185 3720 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3721}
3722
525cd185 3723static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3724{
525cd185 3725 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3726
9b16dc65 3727 if (L2CAP_CTRL_FINAL & rx_control &&
525cd185 3728 chan->conn_state & L2CAP_CONN_WAIT_F) {
e92c8e70 3729 del_timer(&chan->monitor_timer);
6a026610 3730 if (chan->unacked_frames > 0)
e072745f 3731 __mod_retrans_timer();
525cd185 3732 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
e072745f
GP		 3733 }
3734
3735 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3736 case L2CAP_SUPER_RCV_READY:
525cd185 3737 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3738 break;
3739
e072745f 3740 case L2CAP_SUPER_REJECT:
525cd185 3741 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3742 break;
2246b2f1 3743
e072745f 3744 case L2CAP_SUPER_SELECT_REJECT:
525cd185 3745 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3746 break;
3747
3748 case L2CAP_SUPER_RCV_NOT_READY:
525cd185 3749 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3750 break;
3751 }
3752
faaebd19 3753 kfree_skb(skb);
1c2acffb
GP		 3754 return 0;
3755}
3756
218bb9df
GP		 3757static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3758{
525cd185 3759 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df
GP		 3760 u16 control;
3761 u8 req_seq;
3762 int len, next_tx_seq_offset, req_seq_offset;
3763
3764 control = get_unaligned_le16(skb->data);
3765 skb_pull(skb, 2);
3766 len = skb->len;
3767
3768 /*
3769 * We can just drop the corrupted I-frame here.
3770 * Receiver will miss it and start proper recovery
3771 * procedures and ask retransmission.
3772 */
47d1ec61 3773 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3774 goto drop;
3775
3776 if (__is_sar_start(control) && __is_iframe(control))
3777 len -= 2;
3778
47d1ec61 3779 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3780 len -= 2;
3781
47d1ec61 3782 if (len > chan->mps) {
8c1d787b 3783 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3784 goto drop;
3785 }
3786
3787 req_seq = __get_reqseq(control);
42e5c802 3788 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3789 if (req_seq_offset < 0)
3790 req_seq_offset += 64;
3791
3792 next_tx_seq_offset =
42e5c802 3793 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3794 if (next_tx_seq_offset < 0)
3795 next_tx_seq_offset += 64;
3796
3797 /* check for invalid req-seq */
3798 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3799 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3800 goto drop;
3801 }
3802
3803 if (__is_iframe(control)) {
3804 if (len < 0) {
8c1d787b 3805 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3806 goto drop;
3807 }
3808
525cd185 3809 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3810 } else {
3811 if (len != 0) {
3812 BT_ERR("%d", len);
8c1d787b 3813 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3814 goto drop;
3815 }
3816
525cd185 3817 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3818 }
3819
3820 return 0;
3821
3822drop:
3823 kfree_skb(skb);
3824 return 0;
3825}
3826
1da177e4
LT		 3827static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3828{
48454079 3829 struct l2cap_chan *chan;
bf734843 3830 struct sock *sk = NULL;
51893f88 3831 u16 control;
218bb9df
GP		 3832 u8 tx_seq;
3833 int len;
1da177e4 3834
baa7e1fa 3835 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3836 if (!chan) {
1da177e4
LT		 3837 BT_DBG("unknown cid 0x%4.4x", cid);
3838 goto drop;
3839 }
3840
48454079 3841 sk = chan->sk;
6840ed07 3842
49208c9c 3843 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4
LT		 3844
3845 if (sk->sk_state != BT_CONNECTED)
3846 goto drop;
3847
0c1bc5c6 3848 switch (chan->mode) {
1c2acffb
GP		 3849 case L2CAP_MODE_BASIC:
3850 /* If socket recv buffers overflows we drop data here
3851 * which is *bad* because L2CAP has to be reliable.
3852 * But we don't have any other choice. L2CAP doesn't
3853 * provide flow control mechanism. */
1da177e4 3854
0c1bc5c6 3855 if (chan->imtu < skb->len)
1c2acffb 3856 goto drop;
1da177e4 3857
1c2acffb
GP		 3858 if (!sock_queue_rcv_skb(sk, skb))
3859 goto done;
3860 break;
3861
3862 case L2CAP_MODE_ERTM:
218bb9df
GP		 3863 if (!sock_owned_by_user(sk)) {
3864 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3865 } else {
218bb9df 3866 if (sk_add_backlog(sk, skb))
277ffbe3 3867 goto drop;
277ffbe3 3868 }
1c2acffb 3869
fcafde2e 3870 goto done;
1c2acffb 3871
6840ed07
GP		 3872 case L2CAP_MODE_STREAMING:
3873 control = get_unaligned_le16(skb->data);
3874 skb_pull(skb, 2);
3875 len = skb->len;
3876
47d1ec61 3877 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3878 goto drop;
3879
6840ed07
GP		 3880 if (__is_sar_start(control))
3881 len -= 2;
3882
47d1ec61 3883 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3884 len -= 2;
3885
47d1ec61 3886 if (len > chan->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3887 goto drop;
3888
3889 tx_seq = __get_txseq(control);
3890
42e5c802
GP		 3891 if (chan->expected_tx_seq == tx_seq)
3892 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
6840ed07 3893 else
42e5c802 3894 chan->expected_tx_seq = (tx_seq + 1) % 64;
6840ed07 3895
525cd185 3896 l2cap_streaming_reassembly_sdu(chan, skb, control);
6840ed07
GP		 3897
3898 goto done;
3899
1c2acffb 3900 default:
0c1bc5c6 3901 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3902 break;
3903 }
1da177e4
LT		 3904
3905drop:
3906 kfree_skb(skb);
3907
3908done:
0139418c
MH		 3909 if (sk)
3910 bh_unlock_sock(sk);
3911
1da177e4
LT		 3912 return 0;
3913}
3914
8e036fc3 3915static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3916{
6dcae1ea 3917 struct sock *sk = NULL;
23691d75 3918 struct l2cap_chan *chan;
1da177e4 3919
23691d75
GP		 3920 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3921 if (!chan)
1da177e4
LT		 3922 goto drop;
3923
23691d75
GP		 3924 sk = chan->sk;
3925
e0f0cb56
GP		 3926 bh_lock_sock(sk);
3927
1da177e4
LT		 3928 BT_DBG("sk %p, len %d", sk, skb->len);
3929
3930 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3931 goto drop;
3932
0c1bc5c6 3933 if (l2cap_pi(sk)->chan->imtu < skb->len)
1da177e4
LT		 3934 goto drop;
3935
3936 if (!sock_queue_rcv_skb(sk, skb))
3937 goto done;
3938
3939drop:
3940 kfree_skb(skb);
3941
3942done:
af05b30b
GP		 3943 if (sk)
3944 bh_unlock_sock(sk);
1da177e4
LT		 3945 return 0;
3946}
3947
9f69bda6
GP		 3948static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3949{
6dcae1ea 3950 struct sock *sk = NULL;
23691d75 3951 struct l2cap_chan *chan;
9f69bda6 3952
23691d75
GP		 3953 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3954 if (!chan)
9f69bda6
GP		 3955 goto drop;
3956
23691d75
GP		 3957 sk = chan->sk;
3958
9f69bda6
GP		 3959 bh_lock_sock(sk);
3960
3961 BT_DBG("sk %p, len %d", sk, skb->len);
3962
3963 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3964 goto drop;
3965
0c1bc5c6 3966 if (l2cap_pi(sk)->chan->imtu < skb->len)
9f69bda6
GP		 3967 goto drop;
3968
3969 if (!sock_queue_rcv_skb(sk, skb))
3970 goto done;
3971
3972drop:
3973 kfree_skb(skb);
3974
3975done:
3976 if (sk)
3977 bh_unlock_sock(sk);
3978 return 0;
3979}
3980
1da177e4
LT		 3981static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3982{
3983 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3984 u16 cid, len;
3985 __le16 psm;
1da177e4
LT		 3986
3987 skb_pull(skb, L2CAP_HDR_SIZE);
3988 cid = __le16_to_cpu(lh->cid);
3989 len = __le16_to_cpu(lh->len);
3990
1c2acffb
GP		 3991 if (len != skb->len) {
3992 kfree_skb(skb);
3993 return;
3994 }
3995
1da177e4
LT		 3996 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3997
3998 switch (cid) {
3300d9a9 3999 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4000 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4001 l2cap_sig_channel(conn, skb);
4002 break;
4003
8db4dc46 4004 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4005 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4006 skb_pull(skb, 2);
4007 l2cap_conless_channel(conn, psm, skb);
4008 break;
4009
9f69bda6
GP		 4010 case L2CAP_CID_LE_DATA:
4011 l2cap_att_channel(conn, cid, skb);
4012 break;
4013
1da177e4
LT		 4014 default:
4015 l2cap_data_channel(conn, cid, skb);
4016 break;
4017 }
4018}
4019
4020/* ---- L2CAP interface with lower layer (HCI) ---- */
4021
4022static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4023{
4024 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4025 struct l2cap_chan *c;
1da177e4
LT		 4026
4027 if (type != ACL_LINK)
963cf687 4028 return -EINVAL;
1da177e4
LT		 4029
4030 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4031
4032 /* Find listening sockets and check their link_mode */
23691d75
GP		 4033 read_lock(&chan_list_lock);
4034 list_for_each_entry(c, &chan_list, global_l) {
4035 struct sock *sk = c->sk;
4343478f 4036
1da177e4
LT		 4037 if (sk->sk_state != BT_LISTEN)
4038 continue;
4039
4040 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4041 lm1 |= HCI_LM_ACCEPT;
23691d75 4042 if (c->role_switch)
2af6b9d5 4043 lm1 |= HCI_LM_MASTER;
1da177e4 4044 exact++;
2af6b9d5
MH		 4045 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4046 lm2 |= HCI_LM_ACCEPT;
23691d75 4047 if (c->role_switch)
2af6b9d5
MH		 4048 lm2 |= HCI_LM_MASTER;
4049 }
1da177e4 4050 }
23691d75 4051 read_unlock(&chan_list_lock);
1da177e4
LT		 4052
4053 return exact ? lm1 : lm2;
4054}
4055
4056static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4057{
0139418c
MH		 4058 struct l2cap_conn *conn;
4059
1da177e4
LT		 4060 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4061
acd7d370 4062 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4063 return -EINVAL;
1da177e4
LT		 4064
4065 if (!status) {
1da177e4
LT		 4066 conn = l2cap_conn_add(hcon, status);
4067 if (conn)
4068 l2cap_conn_ready(conn);
0139418c 4069 } else
1da177e4
LT		 4070 l2cap_conn_del(hcon, bt_err(status));
4071
4072 return 0;
4073}
4074
2950f21a
MH		 4075static int l2cap_disconn_ind(struct hci_conn *hcon)
4076{
4077 struct l2cap_conn *conn = hcon->l2cap_data;
4078
4079 BT_DBG("hcon %p", hcon);
4080
4081 if (hcon->type != ACL_LINK || !conn)
4082 return 0x13;
4083
4084 return conn->disc_reason;
4085}
4086
4087static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4088{
4089 BT_DBG("hcon %p reason %d", hcon, reason);
4090
acd7d370 4091 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4092 return -EINVAL;
1da177e4
LT		 4093
4094 l2cap_conn_del(hcon, bt_err(reason));
0139418c 4095
1da177e4
LT		 4096 return 0;
4097}
4098
4343478f 4099static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4100{
4343478f
GP		 4101 struct sock *sk = chan->sk;
4102
bd3c9e25 4103 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
255c7601
MH		 4104 return;
4105
f62e4323 4106 if (encrypt == 0x00) {
4343478f 4107 if (chan->sec_level == BT_SECURITY_MEDIUM) {
f62e4323
MH		 4108 l2cap_sock_clear_timer(sk);
4109 l2cap_sock_set_timer(sk, HZ * 5);
4343478f 4110 } else if (chan->sec_level == BT_SECURITY_HIGH)
4519de9a 4111 __l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4112 } else {
4343478f 4113 if (chan->sec_level == BT_SECURITY_MEDIUM)
f62e4323
MH		 4114 l2cap_sock_clear_timer(sk);
4115 }
4116}
4117
8c1b2355 4118static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4119{
0139418c 4120 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4121 struct l2cap_chan *chan;
1da177e4 4122
0139418c 4123 if (!conn)
1da177e4 4124 return 0;
0139418c 4125
1da177e4
LT		 4126 BT_DBG("conn %p", conn);
4127
baa7e1fa 4128 read_lock(&conn->chan_lock);
1da177e4 4129
baa7e1fa 4130 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4131 struct sock *sk = chan->sk;
baa7e1fa 4132
1da177e4
LT		 4133 bh_lock_sock(sk);
4134
b4450035 4135 if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) {
6a8d3010
MH		 4136 bh_unlock_sock(sk);
4137 continue;
4138 }
4139
f62e4323 4140 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 4141 sk->sk_state == BT_CONFIG)) {
4343478f 4142 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4143 bh_unlock_sock(sk);
4144 continue;
4145 }
4146
b1235d79
MH		 4147 if (sk->sk_state == BT_CONNECT) {
4148 if (!status) {
4149 struct l2cap_conn_req req;
fe4128e0
GP		 4150 req.scid = cpu_to_le16(chan->scid);
4151 req.psm = chan->psm;
1da177e4 4152
fc7f8a7e 4153 chan->ident = l2cap_get_ident(conn);
b4450035 4154 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4 4155
fc7f8a7e 4156 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4157 L2CAP_CONN_REQ, sizeof(req), &req);
4158 } else {
4159 l2cap_sock_clear_timer(sk);
4160 l2cap_sock_set_timer(sk, HZ / 10);
4161 }
4162 } else if (sk->sk_state == BT_CONNECT2) {
4163 struct l2cap_conn_rsp rsp;
4164 __u16 result;
1da177e4 4165
b1235d79
MH		 4166 if (!status) {
4167 sk->sk_state = BT_CONFIG;
4168 result = L2CAP_CR_SUCCESS;
4169 } else {
4170 sk->sk_state = BT_DISCONN;
4171 l2cap_sock_set_timer(sk, HZ / 10);
4172 result = L2CAP_CR_SEC_BLOCK;
4173 }
4174
fe4128e0
GP		 4175 rsp.scid = cpu_to_le16(chan->dcid);
4176 rsp.dcid = cpu_to_le16(chan->scid);
b1235d79 4177 rsp.result = cpu_to_le16(result);
e7c29cb1 4178 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
fc7f8a7e
GP		 4179 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4180 sizeof(rsp), &rsp);
b1235d79 4181 }
1da177e4
LT		 4182
4183 bh_unlock_sock(sk);
4184 }
4185
baa7e1fa 4186 read_unlock(&conn->chan_lock);
b1235d79 4187
1da177e4
LT		 4188 return 0;
4189}
4190
4191static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4192{
4193 struct l2cap_conn *conn = hcon->l2cap_data;
4194
5a08ecce
AE		 4195 if (!conn)
4196 conn = l2cap_conn_add(hcon, 0);
4197
4198 if (!conn)
1da177e4
LT		 4199 goto drop;
4200
4201 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4202
e702112f 4203 if (!(flags & ACL_CONT)) {
1da177e4 4204 struct l2cap_hdr *hdr;
48454079 4205 struct l2cap_chan *chan;
89794813 4206 u16 cid;
1da177e4
LT		 4207 int len;
4208
4209 if (conn->rx_len) {
4210 BT_ERR("Unexpected start frame (len %d)", skb->len);
4211 kfree_skb(conn->rx_skb);
4212 conn->rx_skb = NULL;
4213 conn->rx_len = 0;
4214 l2cap_conn_unreliable(conn, ECOMM);
4215 }
4216
aae7fe22
AE		 4217 /* Start fragment always begin with Basic L2CAP header */
4218 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4219 BT_ERR("Frame is too short (len %d)", skb->len);
4220 l2cap_conn_unreliable(conn, ECOMM);
4221 goto drop;
4222 }
4223
4224 hdr = (struct l2cap_hdr *) skb->data;
4225 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4226 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4227
4228 if (len == skb->len) {
4229 /* Complete frame received */
4230 l2cap_recv_frame(conn, skb);
4231 return 0;
4232 }
4233
4234 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4235
4236 if (skb->len > len) {
4237 BT_ERR("Frame is too long (len %d, expected len %d)",
4238 skb->len, len);
4239 l2cap_conn_unreliable(conn, ECOMM);
4240 goto drop;
4241 }
4242
baa7e1fa 4243 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4244
48454079
GP		 4245 if (chan && chan->sk) {
4246 struct sock *sk = chan->sk;
89794813 4247
0c1bc5c6 4248 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4249 BT_ERR("Frame exceeding recv MTU (len %d, "
4250 "MTU %d)", len,
0c1bc5c6 4251 chan->imtu);
48454079
GP		 4252 bh_unlock_sock(sk);
4253 l2cap_conn_unreliable(conn, ECOMM);
4254 goto drop;
4255 }
89794813 4256 bh_unlock_sock(sk);
48454079 4257 }
89794813 4258
1da177e4 4259 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4260 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4261 if (!conn->rx_skb)
1da177e4
LT		 4262 goto drop;
4263
d626f62b 4264 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4265 skb->len);
1da177e4
LT		 4266 conn->rx_len = len - skb->len;
4267 } else {
4268 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4269
4270 if (!conn->rx_len) {
4271 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4272 l2cap_conn_unreliable(conn, ECOMM);
4273 goto drop;
4274 }
4275
4276 if (skb->len > conn->rx_len) {
4277 BT_ERR("Fragment is too long (len %d, expected %d)",
4278 skb->len, conn->rx_len);
4279 kfree_skb(conn->rx_skb);
4280 conn->rx_skb = NULL;
4281 conn->rx_len = 0;
4282 l2cap_conn_unreliable(conn, ECOMM);
4283 goto drop;
4284 }
4285
d626f62b 4286 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4287 skb->len);
1da177e4
LT		 4288 conn->rx_len -= skb->len;
4289
4290 if (!conn->rx_len) {
4291 /* Complete frame received */
4292 l2cap_recv_frame(conn, conn->rx_skb);
4293 conn->rx_skb = NULL;
4294 }
4295 }
4296
4297drop:
4298 kfree_skb(skb);
4299 return 0;
4300}
4301
aef7d97c 4302static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4303{
23691d75 4304 struct l2cap_chan *c;
1da177e4 4305
23691d75 4306 read_lock_bh(&chan_list_lock);
1da177e4 4307
23691d75
GP		 4308 list_for_each_entry(c, &chan_list, global_l) {
4309 struct sock *sk = c->sk;
101545f6 4310
903d343e 4311 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4312 batostr(&bt_sk(sk)->src),
4313 batostr(&bt_sk(sk)->dst),
23691d75
GP		 4314 sk->sk_state, __le16_to_cpu(c->psm),
4315 c->scid, c->dcid, c->imtu, c->omtu,
4316 c->sec_level, c->mode);
be9d1227 4317 }
1da177e4 4318
23691d75 4319 read_unlock_bh(&chan_list_lock);
1da177e4 4320
aef7d97c 4321 return 0;
1da177e4
LT		 4322}
4323
aef7d97c
MH		 4324static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4325{
4326 return single_open(file, l2cap_debugfs_show, inode->i_private);
4327}
4328
4329static const struct file_operations l2cap_debugfs_fops = {
4330 .open = l2cap_debugfs_open,
4331 .read = seq_read,
4332 .llseek = seq_lseek,
4333 .release = single_release,
4334};
4335
4336static struct dentry *l2cap_debugfs;
1da177e4 4337
1da177e4
LT		 4338static struct hci_proto l2cap_hci_proto = {
4339 .name = "L2CAP",
4340 .id = HCI_PROTO_L2CAP,
4341 .connect_ind = l2cap_connect_ind,
4342 .connect_cfm = l2cap_connect_cfm,
4343 .disconn_ind = l2cap_disconn_ind,
2950f21a 4344 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4345 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4346 .recv_acldata = l2cap_recv_acldata
4347};
4348
64274518 4349int __init l2cap_init(void)
1da177e4
LT		 4350{
4351 int err;
be9d1227 4352
bb58f747 4353 err = l2cap_init_sockets();
1da177e4
LT		 4354 if (err < 0)
4355 return err;
4356
1890d36b 4357 _busy_wq = create_singlethread_workqueue("l2cap");
b78d7b4f 4358 if (!_busy_wq) {
bb58f747 4359 err = -ENOMEM;
1da177e4
LT		 4360 goto error;
4361 }
4362
4363 err = hci_register_proto(&l2cap_hci_proto);
4364 if (err < 0) {
4365 BT_ERR("L2CAP protocol registration failed");
4366 bt_sock_unregister(BTPROTO_L2CAP);
4367 goto error;
4368 }
4369
aef7d97c
MH		 4370 if (bt_debugfs) {
4371 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4372 bt_debugfs, NULL, &l2cap_debugfs_fops);
4373 if (!l2cap_debugfs)
4374 BT_ERR("Failed to create L2CAP debug file");
4375 }
1da177e4 4376
1da177e4
LT		 4377 return 0;
4378
4379error:
b78d7b4f 4380 destroy_workqueue(_busy_wq);
bb58f747 4381 l2cap_cleanup_sockets();
1da177e4
LT		 4382 return err;
4383}
4384
64274518 4385void l2cap_exit(void)
1da177e4 4386{
aef7d97c 4387 debugfs_remove(l2cap_debugfs);
1da177e4 4388
1890d36b
GP		 4389 flush_workqueue(_busy_wq);
4390 destroy_workqueue(_busy_wq);
4391
1da177e4
LT		 4392 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4393 BT_ERR("L2CAP protocol unregistration failed");
4394
bb58f747 4395 l2cap_cleanup_sockets();
1da177e4
LT		 4396}
4397
d1c4a17d
GP		 4398module_param(disable_ertm, bool, 0644);
4399MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)