projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor l2cap_send_sframe
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
422e925b 7 Copyright (c) 2012 Code Aurora Forum. All rights reserved.
1da177e4
LT		 8
9 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License version 2 as
13 published by the Free Software Foundation;
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
18 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 19 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 22 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23
8e87d142
YH		 24 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
25 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 26 SOFTWARE IS DISCLAIMED.
27*/
28
bb58f747 29/* Bluetooth L2CAP core. */
1da177e4 30
1da177e4
LT		 31#include <linux/module.h>
32
33#include <linux/types.h>
4fc268d2 34#include <linux/capability.h>
1da177e4
LT		 35#include <linux/errno.h>
36#include <linux/kernel.h>
1da177e4
LT		 37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
1da177e4 45#include <linux/list.h>
be9d1227 46#include <linux/device.h>
aef7d97c
MH		 47#include <linux/debugfs.h>
48#include <linux/seq_file.h>
af05b30b 49#include <linux/uaccess.h>
fcc203c3 50#include <linux/crc16.h>
1da177e4
LT		 51#include <net/sock.h>
52
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
b191e031 60bool disable_ertm = 1;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
c5daa683 74 struct l2cap_chan *chan, int err);
1da177e4 75
608bcc6d
MM		 76static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
77 struct sk_buff_head *skbs, u8 event);
78
0139418c 79/* ---- L2CAP channels ---- */
71ba0e56 80
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
3df91ea2 83 struct l2cap_chan *c;
3d57dc68 84
3df91ea2
AE		 85 list_for_each_entry(c, &conn->chan_l, list) {
86 if (c->dcid == cid)
87 return c;
0139418c 88 }
3df91ea2 89 return NULL;
0139418c
MH		 90}
91
baa7e1fa 92static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 93{
3df91ea2 94 struct l2cap_chan *c;
3d57dc68 95
3df91ea2
AE		 96 list_for_each_entry(c, &conn->chan_l, list) {
97 if (c->scid == cid)
98 return c;
0139418c 99 }
3df91ea2 100 return NULL;
0139418c
MH		 101}
102
103/* Find channel with given SCID.
ef191ade 104 * Returns locked channel. */
baa7e1fa 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 106{
48454079 107 struct l2cap_chan *c;
baa7e1fa 108
3df91ea2 109 mutex_lock(&conn->chan_lock);
baa7e1fa 110 c = __l2cap_get_chan_by_scid(conn, cid);
ef191ade
MM		 111 if (c)
112 l2cap_chan_lock(c);
3df91ea2
AE		 113 mutex_unlock(&conn->chan_lock);
114
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
3df91ea2 120 struct l2cap_chan *c;
3d57dc68 121
3df91ea2
AE		 122 list_for_each_entry(c, &conn->chan_l, list) {
123 if (c->ident == ident)
124 return c;
0139418c 125 }
3df91ea2 126 return NULL;
0139418c
MH		 127}
128
23691d75 129static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 130{
23691d75 131 struct l2cap_chan *c;
9e4425ff 132
23691d75
GP		 133 list_for_each_entry(c, &chan_list, global_l) {
134 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 135 return c;
9e4425ff 136 }
250938cb 137 return NULL;
9e4425ff
GP		 138}
139
140int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
141{
73b2ec18
GP		 142 int err;
143
333055f2 144 write_lock(&chan_list_lock);
9e4425ff 145
23691d75 146 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 147 err = -EADDRINUSE;
148 goto done;
9e4425ff
GP		 149 }
150
73b2ec18
GP		 151 if (psm) {
152 chan->psm = psm;
153 chan->sport = psm;
154 err = 0;
155 } else {
156 u16 p;
157
158 err = -EINVAL;
159 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 160 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 161 chan->psm = cpu_to_le16(p);
162 chan->sport = cpu_to_le16(p);
163 err = 0;
164 break;
165 }
166 }
9e4425ff 167
73b2ec18 168done:
333055f2 169 write_unlock(&chan_list_lock);
73b2ec18 170 return err;
9e4425ff
GP		 171}
172
173int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
174{
333055f2 175 write_lock(&chan_list_lock);
9e4425ff
GP		 176
177 chan->scid = scid;
178
333055f2 179 write_unlock(&chan_list_lock);
9e4425ff
GP		 180
181 return 0;
182}
183
baa7e1fa 184static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 185{
8db4dc46 186 u16 cid = L2CAP_CID_DYN_START;
0139418c 187
8db4dc46 188 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 189 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 190 return cid;
191 }
192
193 return 0;
194}
195
0e587be7 196static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 197{
42d2d87c 198 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 199 state_to_string(state));
200
89bc500e
GP		 201 chan->state = state;
202 chan->ops->state_change(chan->data, state);
203}
204
0e587be7
AE		 205static void l2cap_state_change(struct l2cap_chan *chan, int state)
206{
207 struct sock *sk = chan->sk;
208
209 lock_sock(sk);
210 __l2cap_state_change(chan, state);
211 release_sock(sk);
212}
213
2e0052e4
AE		 214static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
215{
216 struct sock *sk = chan->sk;
217
218 sk->sk_err = err;
219}
220
221static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
222{
223 struct sock *sk = chan->sk;
224
225 lock_sock(sk);
226 __l2cap_chan_set_err(chan, err);
227 release_sock(sk);
228}
229
608bcc6d
MM		 230static struct sk_buff *l2cap_ertm_seq_in_queue(struct sk_buff_head *head,
231 u16 seq)
232{
233 struct sk_buff *skb;
234
235 skb_queue_walk(head, skb) {
236 if (bt_cb(skb)->control.txseq == seq)
237 return skb;
238 }
239
240 return NULL;
241}
242
3c588192
MM		 243/* ---- L2CAP sequence number lists ---- */
244
245/* For ERTM, ordered lists of sequence numbers must be tracked for
246 * SREJ requests that are received and for frames that are to be
247 * retransmitted. These seq_list functions implement a singly-linked
248 * list in an array, where membership in the list can also be checked
249 * in constant time. Items can also be added to the tail of the list
250 * and removed from the head in constant time, without further memory
251 * allocs or frees.
252 */
253
254static int l2cap_seq_list_init(struct l2cap_seq_list *seq_list, u16 size)
255{
256 size_t alloc_size, i;
257
258 /* Allocated size is a power of 2 to map sequence numbers
259 * (which may be up to 14 bits) in to a smaller array that is
260 * sized for the negotiated ERTM transmit windows.
261 */
262 alloc_size = roundup_pow_of_two(size);
263
264 seq_list->list = kmalloc(sizeof(u16) * alloc_size, GFP_KERNEL);
265 if (!seq_list->list)
266 return -ENOMEM;
267
268 seq_list->mask = alloc_size - 1;
269 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
270 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
271 for (i = 0; i < alloc_size; i++)
272 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
273
274 return 0;
275}
276
277static inline void l2cap_seq_list_free(struct l2cap_seq_list *seq_list)
278{
279 kfree(seq_list->list);
280}
281
282static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list,
283 u16 seq)
284{
285 /* Constant-time check for list membership */
286 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR;
287}
288
289static u16 l2cap_seq_list_remove(struct l2cap_seq_list *seq_list, u16 seq)
290{
291 u16 mask = seq_list->mask;
292
293 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) {
294 /* In case someone tries to pop the head of an empty list */
295 return L2CAP_SEQ_LIST_CLEAR;
296 } else if (seq_list->head == seq) {
297 /* Head can be removed in constant time */
298 seq_list->head = seq_list->list[seq & mask];
299 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
300
301 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) {
302 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
303 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
304 }
305 } else {
306 /* Walk the list to find the sequence number */
307 u16 prev = seq_list->head;
308 while (seq_list->list[prev & mask] != seq) {
309 prev = seq_list->list[prev & mask];
310 if (prev == L2CAP_SEQ_LIST_TAIL)
311 return L2CAP_SEQ_LIST_CLEAR;
312 }
313
314 /* Unlink the number from the list and clear it */
315 seq_list->list[prev & mask] = seq_list->list[seq & mask];
316 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
317 if (seq_list->tail == seq)
318 seq_list->tail = prev;
319 }
320 return seq;
321}
322
323static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list)
324{
325 /* Remove the head in constant time */
326 return l2cap_seq_list_remove(seq_list, seq_list->head);
327}
328
329static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list)
330{
f522ae36 331 u16 i;
3c588192 332
f522ae36
GP		 333 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR)
334 return;
335
336 for (i = 0; i <= seq_list->mask; i++)
337 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
338
339 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
340 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
3c588192
MM		 341}
342
343static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
344{
345 u16 mask = seq_list->mask;
346
347 /* All appends happen in constant time */
348
f522ae36
GP		 349 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR)
350 return;
3c588192 351
f522ae36
GP		 352 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR)
353 seq_list->head = seq;
354 else
355 seq_list->list[seq_list->tail & mask] = seq;
356
357 seq_list->tail = seq;
358 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL;
3c588192
MM		 359}
360
721c4181 361static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 362{
721c4181
GP		 363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work);
3df91ea2 365 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 366 int reason;
367
e05dcc32 368 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 369
3df91ea2 370 mutex_lock(&conn->chan_lock);
6be36555 371 l2cap_chan_lock(chan);
ab07801d 372
89bc500e 373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 374 reason = ECONNREFUSED;
89bc500e 375 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 376 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED;
378 else
379 reason = ETIMEDOUT;
380
0f852724 381 l2cap_chan_close(chan, reason);
ab07801d 382
6be36555 383 l2cap_chan_unlock(chan);
ab07801d 384
ba3bd0ee 385 chan->ops->close(chan->data);
3df91ea2
AE		 386 mutex_unlock(&conn->chan_lock);
387
371fd835 388 l2cap_chan_put(chan);
ab07801d
GP		 389}
390
eef1d9b6 391struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 392{
393 struct l2cap_chan *chan;
394
395 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
396 if (!chan)
397 return NULL;
398
c03b355e
AE		 399 mutex_init(&chan->lock);
400
333055f2 401 write_lock(&chan_list_lock);
23691d75 402 list_add(&chan->global_l, &chan_list);
333055f2 403 write_unlock(&chan_list_lock);
23691d75 404
721c4181 405 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 406
89bc500e
GP		 407 chan->state = BT_OPEN;
408
71ba0e56
GP		 409 atomic_set(&chan->refcnt, 1);
410
2827011f
MM		 411 /* This flag is cleared in l2cap_chan_ready() */
412 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
413
eef1d9b6 414 BT_DBG("chan %p", chan);
abc545b8 415
48454079
GP		 416 return chan;
417}
418
23691d75 419void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 420{
333055f2 421 write_lock(&chan_list_lock);
23691d75 422 list_del(&chan->global_l);
333055f2 423 write_unlock(&chan_list_lock);
23691d75 424
371fd835 425 l2cap_chan_put(chan);
6ff5abbf
GP		 426}
427
bd4b1653
AE		 428void l2cap_chan_set_defaults(struct l2cap_chan *chan)
429{
430 chan->fcs = L2CAP_FCS_CRC16;
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW;
435
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
437}
438
14a28491 439static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 440{
af05b30b 441 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 442 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 443
9f5a0d7b 444 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 445
8c1d787b 446 chan->conn = conn;
0139418c 447
5491120e
AE		 448 switch (chan->chan_type) {
449 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 450 if (conn->hcon->type == LE_LINK) {
451 /* LE connection */
0c1bc5c6 452 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 453 chan->scid = L2CAP_CID_LE_DATA;
454 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 455 } else {
456 /* Alloc CID for connection-oriented socket */
fe4128e0 457 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 458 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 459 }
5491120e
AE		 460 break;
461
462 case L2CAP_CHAN_CONN_LESS:
0139418c 463 /* Connectionless socket */
fe4128e0
GP		 464 chan->scid = L2CAP_CID_CONN_LESS;
465 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 466 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 467 break;
468
469 default:
0139418c 470 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 471 chan->scid = L2CAP_CID_SIGNALING;
472 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 473 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 474 }
475
8f7975b1
AE		 476 chan->local_id = L2CAP_BESTEFFORT_ID;
477 chan->local_stype = L2CAP_SERV_BESTEFFORT;
478 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
479 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
480 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
481 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
482
371fd835 483 l2cap_chan_hold(chan);
baa7e1fa 484
3df91ea2 485 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 486}
487
14a28491 488static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 489{
490 mutex_lock(&conn->chan_lock);
491 __l2cap_chan_add(conn, chan);
3df91ea2 492 mutex_unlock(&conn->chan_lock);
0139418c
MH		 493}
494
4519de9a 495static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 496{
48454079 497 struct sock *sk = chan->sk;
8c1d787b 498 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 499 struct sock *parent = bt_sk(sk)->parent;
500
c9b66675 501 __clear_chan_timer(chan);
0139418c 502
49208c9c 503 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 504
8e87d142 505 if (conn) {
baa7e1fa 506 /* Delete from channel list */
3df91ea2 507 list_del(&chan->list);
3d57dc68 508
371fd835 509 l2cap_chan_put(chan);
baa7e1fa 510
8c1d787b 511 chan->conn = NULL;
0139418c
MH		 512 hci_conn_put(conn->hcon);
513 }
514
6be36555
AE		 515 lock_sock(sk);
516
0e587be7 517 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 518 sock_set_flag(sk, SOCK_ZAPPED);
519
520 if (err)
2e0052e4 521 __l2cap_chan_set_err(chan, err);
0139418c
MH		 522
523 if (parent) {
524 bt_accept_unlink(sk);
525 parent->sk_data_ready(parent, 0);
526 } else
527 sk->sk_state_change(sk);
c13ffa62 528
6be36555
AE		 529 release_sock(sk);
530
2827011f 531 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
6ff5abbf 532 return;
2ead70b8 533
58d35f87 534 skb_queue_purge(&chan->tx_q);
c13ffa62 535
0c1bc5c6 536 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 537 struct srej_list *l, *tmp;
538
1a09bcb9
GP		 539 __clear_retrans_timer(chan);
540 __clear_monitor_timer(chan);
541 __clear_ack_timer(chan);
c13ffa62 542
f1c6775b 543 skb_queue_purge(&chan->srej_q);
c13ffa62 544
3c588192
MM		 545 l2cap_seq_list_free(&chan->srej_list);
546 l2cap_seq_list_free(&chan->retrans_list);
39d5a3ee 547 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 548 list_del(&l->list);
549 kfree(l);
550 }
551 }
0139418c
MH		 552}
553
4519de9a
GP		 554static void l2cap_chan_cleanup_listen(struct sock *parent)
555{
556 struct sock *sk;
557
558 BT_DBG("parent %p", parent);
559
560 /* Close not yet accepted channels */
0f852724 561 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 562 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 563
6be36555 564 l2cap_chan_lock(chan);
c9b66675 565 __clear_chan_timer(chan);
ba3bd0ee 566 l2cap_chan_close(chan, ECONNRESET);
6be36555 567 l2cap_chan_unlock(chan);
3df91ea2 568
ba3bd0ee 569 chan->ops->close(chan->data);
0f852724 570 }
4519de9a
GP		 571}
572
0f852724 573void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 574{
575 struct l2cap_conn *conn = chan->conn;
576 struct sock *sk = chan->sk;
577
e05dcc32
AE		 578 BT_DBG("chan %p state %s sk %p", chan,
579 state_to_string(chan->state), sk);
4519de9a 580
89bc500e 581 switch (chan->state) {
4519de9a 582 case BT_LISTEN:
6be36555 583 lock_sock(sk);
4519de9a 584 l2cap_chan_cleanup_listen(sk);
89bc500e 585
0e587be7 586 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 587 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 588 release_sock(sk);
4519de9a
GP		 589 break;
590
591 case BT_CONNECTED:
592 case BT_CONFIG:
715ec005 593 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 594 conn->hcon->type == ACL_LINK) {
c9b66675 595 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 596 l2cap_send_disconn_req(conn, chan, reason);
597 } else
598 l2cap_chan_del(chan, reason);
599 break;
600
601 case BT_CONNECT2:
715ec005 602 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 603 conn->hcon->type == ACL_LINK) {
604 struct l2cap_conn_rsp rsp;
605 __u16 result;
606
c5daa683 607 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
4519de9a
GP		 608 result = L2CAP_CR_SEC_BLOCK;
609 else
610 result = L2CAP_CR_BAD_PSM;
89bc500e 611 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 612
613 rsp.scid = cpu_to_le16(chan->dcid);
614 rsp.dcid = cpu_to_le16(chan->scid);
615 rsp.result = cpu_to_le16(result);
616 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
617 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
618 sizeof(rsp), &rsp);
619 }
620
621 l2cap_chan_del(chan, reason);
622 break;
623
624 case BT_CONNECT:
625 case BT_DISCONN:
626 l2cap_chan_del(chan, reason);
627 break;
628
629 default:
6be36555 630 lock_sock(sk);
4519de9a 631 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 632 release_sock(sk);
4519de9a
GP		 633 break;
634 }
635}
636
4343478f 637static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 638{
715ec005 639 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 640 switch (chan->sec_level) {
8556edd3
JH		 641 case BT_SECURITY_HIGH:
642 return HCI_AT_DEDICATED_BONDING_MITM;
643 case BT_SECURITY_MEDIUM:
644 return HCI_AT_DEDICATED_BONDING;
645 default:
646 return HCI_AT_NO_BONDING;
647 }
fe4128e0 648 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 649 if (chan->sec_level == BT_SECURITY_LOW)
650 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 651
4343478f 652 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 653 return HCI_AT_NO_BONDING_MITM;
00ae4af9 654 else
8556edd3 655 return HCI_AT_NO_BONDING;
00ae4af9 656 } else {
4343478f 657 switch (chan->sec_level) {
00ae4af9 658 case BT_SECURITY_HIGH:
8556edd3 659 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 660 case BT_SECURITY_MEDIUM:
8556edd3 661 return HCI_AT_GENERAL_BONDING;
00ae4af9 662 default:
8556edd3 663 return HCI_AT_NO_BONDING;
00ae4af9 664 }
0684e5f9 665 }
8556edd3
JH		 666}
667
668/* Service level security */
d45fc423 669int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 670{
8c1d787b 671 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 672 __u8 auth_type;
673
4343478f 674 auth_type = l2cap_get_auth_type(chan);
79d554a6 675
4343478f 676 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 677}
678
b5ad8b7f 679static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 680{
681 u8 id;
682
683 /* Get next available identificator.
684 * 1 - 128 are used by kernel.
685 * 129 - 199 are reserved.
686 * 200 - 254 are used by utilities like l2ping, etc.
687 */
688
333055f2 689 spin_lock(&conn->lock);
4e8402a3
MH		 690
691 if (++conn->tx_ident > 128)
692 conn->tx_ident = 1;
693
694 id = conn->tx_ident;
695
333055f2 696 spin_unlock(&conn->lock);
4e8402a3
MH		 697
698 return id;
699}
700
4519de9a 701static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 702{
703 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 704 u8 flags;
4e8402a3
MH		 705
706 BT_DBG("code 0x%2.2x", code);
707
708 if (!skb)
9a9c6a34 709 return;
4e8402a3 710
e702112f
AE		 711 if (lmp_no_flush_capable(conn->hcon->hdev))
712 flags = ACL_START_NO_FLUSH;
713 else
714 flags = ACL_START;
715
14b12d0b 716 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 717 skb->priority = HCI_PRIO_MAX;
14b12d0b 718
73d80deb
LAD		 719 hci_send_acl(conn->hchan, skb, flags);
720}
721
722static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
723{
724 struct hci_conn *hcon = chan->conn->hcon;
725 u16 flags;
726
727 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
728 skb->priority);
729
730 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
731 lmp_no_flush_capable(hcon->hdev))
732 flags = ACL_START_NO_FLUSH;
733 else
734 flags = ACL_START;
14b12d0b 735
73d80deb
LAD		 736 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
737 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 738}
739
b76bbd66
MM		 740static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control)
741{
742 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT;
743 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT;
744
745 if (enh & L2CAP_CTRL_FRAME_TYPE) {
746 /* S-Frame */
747 control->sframe = 1;
748 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT;
749 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT;
750
751 control->sar = 0;
752 control->txseq = 0;
753 } else {
754 /* I-Frame */
755 control->sframe = 0;
756 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT;
757 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT;
758
759 control->poll = 0;
760 control->super = 0;
761 }
762}
763
b76bbd66
MM		 764static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control)
765{
766 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT;
767 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT;
768
769 if (ext & L2CAP_EXT_CTRL_FRAME_TYPE) {
770 /* S-Frame */
771 control->sframe = 1;
772 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT;
773 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT;
774
775 control->sar = 0;
776 control->txseq = 0;
777 } else {
778 /* I-Frame */
779 control->sframe = 0;
780 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT;
781 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT;
782
783 control->poll = 0;
784 control->super = 0;
785 }
786}
787
788static inline void __unpack_control(struct l2cap_chan *chan,
789 struct sk_buff *skb)
790{
791 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
792 __unpack_extended_control(get_unaligned_le32(skb->data),
793 &bt_cb(skb)->control);
794 } else {
795 __unpack_enhanced_control(get_unaligned_le16(skb->data),
796 &bt_cb(skb)->control);
797 }
798}
799
b5c6aaed
MM		 800static u32 __pack_extended_control(struct l2cap_ctrl *control)
801{
802 u32 packed;
803
804 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT;
805 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT;
806
807 if (control->sframe) {
808 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT;
809 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT;
810 packed |= L2CAP_EXT_CTRL_FRAME_TYPE;
811 } else {
812 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT;
813 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT;
814 }
815
816 return packed;
817}
818
819static u16 __pack_enhanced_control(struct l2cap_ctrl *control)
820{
821 u16 packed;
822
823 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT;
824 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT;
825
826 if (control->sframe) {
827 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT;
828 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT;
829 packed |= L2CAP_CTRL_FRAME_TYPE;
830 } else {
831 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT;
832 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT;
833 }
834
835 return packed;
836}
837
b76bbd66
MM		 838static inline void __pack_control(struct l2cap_chan *chan,
839 struct l2cap_ctrl *control,
840 struct sk_buff *skb)
841{
842 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
843 put_unaligned_le32(__pack_extended_control(control),
844 skb->data + L2CAP_HDR_SIZE);
845 } else {
846 put_unaligned_le16(__pack_enhanced_control(control),
847 skb->data + L2CAP_HDR_SIZE);
848 }
849}
850
a67d7f6f
MM		 851static struct sk_buff *l2cap_create_sframe_pdu(struct l2cap_chan *chan,
852 u32 control)
b5c6aaed
MM		 853{
854 struct sk_buff *skb;
855 struct l2cap_hdr *lh;
a67d7f6f 856 int hlen;
b5c6aaed
MM		 857
858 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
859 hlen = L2CAP_EXT_HDR_SIZE;
860 else
861 hlen = L2CAP_ENH_HDR_SIZE;
862
863 if (chan->fcs == L2CAP_FCS_CRC16)
864 hlen += L2CAP_FCS_SIZE;
865
a67d7f6f 866 skb = bt_skb_alloc(hlen, GFP_KERNEL);
b5c6aaed 867
b5c6aaed 868 if (!skb)
a67d7f6f 869 return ERR_PTR(-ENOMEM);
b5c6aaed
MM		 870
871 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
872 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
873 lh->cid = cpu_to_le16(chan->dcid);
874
a67d7f6f
MM		 875 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
876 put_unaligned_le32(control, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
877 else
878 put_unaligned_le16(control, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
b5c6aaed
MM		 879
880 if (chan->fcs == L2CAP_FCS_CRC16) {
a67d7f6f 881 u16 fcs = crc16(0, (u8 *)skb->data, skb->len);
b5c6aaed
MM		 882 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
883 }
884
885 skb->priority = HCI_PRIO_MAX;
a67d7f6f
MM		 886 return skb;
887}
888
889static void l2cap_send_sframe(struct l2cap_chan *chan,
890 struct l2cap_ctrl *control)
891{
892 struct sk_buff *skb;
893 u32 control_field;
894
895 BT_DBG("chan %p, control %p", chan, control);
896
897 if (!control->sframe)
898 return;
899
900 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
901 !control->poll)
902 control->final = 1;
903
904 if (control->super == L2CAP_SUPER_RR)
905 clear_bit(CONN_RNR_SENT, &chan->conn_state);
906 else if (control->super == L2CAP_SUPER_RNR)
907 set_bit(CONN_RNR_SENT, &chan->conn_state);
908
909 if (control->super != L2CAP_SUPER_SREJ) {
910 chan->last_acked_seq = control->reqseq;
911 __clear_ack_timer(chan);
912 }
913
914 BT_DBG("reqseq %d, final %d, poll %d, super %d", control->reqseq,
915 control->final, control->poll, control->super);
916
917 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
918 control_field = __pack_extended_control(control);
919 else
920 control_field = __pack_enhanced_control(control);
921
922 skb = l2cap_create_sframe_pdu(chan, control_field);
923 if (!IS_ERR(skb))
924 l2cap_do_send(chan, skb);
b5c6aaed
MM		 925}
926
927static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
928{
929 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
930 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
931 set_bit(CONN_RNR_SENT, &chan->conn_state);
932 } else
933 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
934
935 control |= __set_reqseq(chan, chan->buffer_seq);
b5c6aaed
MM		 936}
937
b4450035 938static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 939{
c1360a1c 940 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 941}
942
9b27f350
AE		 943static void l2cap_send_conn_req(struct l2cap_chan *chan)
944{
945 struct l2cap_conn *conn = chan->conn;
946 struct l2cap_conn_req req;
947
948 req.scid = cpu_to_le16(chan->scid);
949 req.psm = chan->psm;
950
951 chan->ident = l2cap_get_ident(conn);
952
953 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
954
955 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
956}
957
9f0caeb1
VCG		 958static void l2cap_chan_ready(struct l2cap_chan *chan)
959{
960 struct sock *sk = chan->sk;
961 struct sock *parent;
962
963 lock_sock(sk);
964
965 parent = bt_sk(sk)->parent;
966
967 BT_DBG("sk %p, parent %p", sk, parent);
968
2827011f 969 /* This clears all conf flags, including CONF_NOT_COMPLETE */
9f0caeb1
VCG		 970 chan->conf_state = 0;
971 __clear_chan_timer(chan);
972
973 __l2cap_state_change(chan, BT_CONNECTED);
974 sk->sk_state_change(sk);
975
976 if (parent)
977 parent->sk_data_ready(parent, 0);
978
979 release_sock(sk);
980}
981
fc7f8a7e 982static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 983{
8c1d787b 984 struct l2cap_conn *conn = chan->conn;
79d554a6 985
9f0caeb1
VCG		 986 if (conn->hcon->type == LE_LINK) {
987 l2cap_chan_ready(chan);
988 return;
989 }
990
79d554a6 991 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 992 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
993 return;
994
d45fc423 995 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 996 __l2cap_no_conn_pending(chan))
997 l2cap_send_conn_req(chan);
79d554a6
MH		 998 } else {
999 struct l2cap_info_req req;
1000 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1001
1002 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1003 conn->info_ident = l2cap_get_ident(conn);
1004
ba13ccd9 1005 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 1006
1007 l2cap_send_cmd(conn, conn->info_ident,
1008 L2CAP_INFO_REQ, sizeof(req), &req);
1009 }
1010}
1011
cf6c2c0b
GP		 1012static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1013{
1014 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 1015 if (!disable_ertm)
cf6c2c0b
GP		 1016 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
1017
1018 switch (mode) {
1019 case L2CAP_MODE_ERTM:
1020 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
1021 case L2CAP_MODE_STREAMING:
1022 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
1023 default:
1024 return 0x00;
1025 }
1026}
1027
4519de9a 1028static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 1029{
6be36555 1030 struct sock *sk = chan->sk;
22121fc9
GP		 1031 struct l2cap_disconn_req req;
1032
c13ffa62
GP		 1033 if (!conn)
1034 return;
1035
0c1bc5c6 1036 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 1037 __clear_retrans_timer(chan);
1038 __clear_monitor_timer(chan);
1039 __clear_ack_timer(chan);
c13ffa62
GP		 1040 }
1041
fe4128e0
GP		 1042 req.dcid = cpu_to_le16(chan->dcid);
1043 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 1044 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1045 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 1046
6be36555 1047 lock_sock(sk);
0e587be7 1048 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 1049 __l2cap_chan_set_err(chan, err);
6be36555 1050 release_sock(sk);
22121fc9
GP		 1051}
1052
1da177e4 1053/* ---- L2CAP connections ---- */
4e8402a3
MH		 1054static void l2cap_conn_start(struct l2cap_conn *conn)
1055{
3df91ea2 1056 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 1057
1058 BT_DBG("conn %p", conn);
1059
3df91ea2 1060 mutex_lock(&conn->chan_lock);
4e8402a3 1061
3df91ea2 1062 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 1063 struct sock *sk = chan->sk;
baa7e1fa 1064
6be36555 1065 l2cap_chan_lock(chan);
4e8402a3 1066
715ec005 1067 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1068 l2cap_chan_unlock(chan);
79d554a6
MH		 1069 continue;
1070 }
1071
89bc500e 1072 if (chan->state == BT_CONNECT) {
d45fc423 1073 if (!l2cap_chan_check_security(chan) ||
b4450035 1074 !__l2cap_no_conn_pending(chan)) {
6be36555 1075 l2cap_chan_unlock(chan);
47731de7
GP		 1076 continue;
1077 }
79d554a6 1078
c1360a1c
GP		 1079 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1080 && test_bit(CONF_STATE2_DEVICE,
1081 &chan->conf_state)) {
89bc500e 1082 l2cap_chan_close(chan, ECONNRESET);
6be36555 1083 l2cap_chan_unlock(chan);
47731de7 1084 continue;
b1235d79 1085 }
47731de7 1086
9b27f350 1087 l2cap_send_conn_req(chan);
47731de7 1088
89bc500e 1089 } else if (chan->state == BT_CONNECT2) {
79d554a6 1090 struct l2cap_conn_rsp rsp;
e9aeb2dd 1091 char buf[128];
fe4128e0
GP		 1092 rsp.scid = cpu_to_le16(chan->dcid);
1093 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 1094
d45fc423 1095 if (l2cap_chan_check_security(chan)) {
6be36555 1096 lock_sock(sk);
c5daa683
GP		 1097 if (test_bit(BT_SK_DEFER_SETUP,
1098 &bt_sk(sk)->flags)) {
f66dc81f
MH		 1099 struct sock *parent = bt_sk(sk)->parent;
1100 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1101 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 1102 if (parent)
1103 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 1104
1105 } else {
0e587be7 1106 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 1107 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1108 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1109 }
6be36555 1110 release_sock(sk);
79d554a6
MH		 1111 } else {
1112 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1113 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
1114 }
1115
fc7f8a7e
GP		 1116 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1117 sizeof(rsp), &rsp);
e9aeb2dd 1118
c1360a1c 1119 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 1120 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 1121 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 1122 continue;
1123 }
1124
c1360a1c 1125 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 1126 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 1127 l2cap_build_conf_req(chan, buf), buf);
1128 chan->num_conf_req++;
4e8402a3
MH		 1129 }
1130
6be36555 1131 l2cap_chan_unlock(chan);
4e8402a3
MH		 1132 }
1133
3df91ea2 1134 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1135}
1136
c2287681 1137/* Find socket with cid and source/destination bdaddr.
b62f328b
VT		 1138 * Returns closest match, locked.
1139 */
d9b88702 1140static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
c2287681
IY		 1141 bdaddr_t *src,
1142 bdaddr_t *dst)
b62f328b 1143{
23691d75 1144 struct l2cap_chan *c, *c1 = NULL;
b62f328b 1145
23691d75 1146 read_lock(&chan_list_lock);
b62f328b 1147
23691d75
GP		 1148 list_for_each_entry(c, &chan_list, global_l) {
1149 struct sock *sk = c->sk;
fe4128e0 1150
89bc500e 1151 if (state && c->state != state)
b62f328b
VT		 1152 continue;
1153
23691d75 1154 if (c->scid == cid) {
c2287681
IY		 1155 int src_match, dst_match;
1156 int src_any, dst_any;
1157
b62f328b 1158 /* Exact match. */
c2287681
IY		 1159 src_match = !bacmp(&bt_sk(sk)->src, src);
1160 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1161 if (src_match && dst_match) {
23691d75
GP		 1162 read_unlock(&chan_list_lock);
1163 return c;
1164 }
b62f328b
VT		 1165
1166 /* Closest match */
c2287681
IY		 1167 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1168 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1169 if ((src_match && dst_any) || (src_any && dst_match) ||
1170 (src_any && dst_any))
23691d75 1171 c1 = c;
b62f328b
VT		 1172 }
1173 }
280f294f 1174
23691d75 1175 read_unlock(&chan_list_lock);
b62f328b 1176
23691d75 1177 return c1;
b62f328b
VT		 1178}
1179
1180static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1181{
c916fbe4 1182 struct sock *parent, *sk;
23691d75 1183 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 1184
1185 BT_DBG("");
1186
1187 /* Check if we have socket listening on cid */
23691d75 1188 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
c2287681 1189 conn->src, conn->dst);
23691d75 1190 if (!pchan)
b62f328b
VT		 1191 return;
1192
23691d75
GP		 1193 parent = pchan->sk;
1194
aa2ac881 1195 lock_sock(parent);
62f3a2cf 1196
b62f328b
VT		 1197 /* Check for backlog size */
1198 if (sk_acceptq_is_full(parent)) {
1199 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1200 goto clean;
1201 }
1202
80808e43
GP		 1203 chan = pchan->ops->new_connection(pchan->data);
1204 if (!chan)
b62f328b
VT		 1205 goto clean;
1206
80808e43 1207 sk = chan->sk;
5d41ce1d 1208
b62f328b
VT		 1209 hci_conn_hold(conn->hcon);
1210
b62f328b
VT		 1211 bacpy(&bt_sk(sk)->src, conn->src);
1212 bacpy(&bt_sk(sk)->dst, conn->dst);
1213
d1010240
GP		 1214 bt_accept_enqueue(parent, sk);
1215
3d57dc68 1216 l2cap_chan_add(conn, chan);
48454079 1217
c9b66675 1218 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 1219
0e587be7 1220 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 1221 parent->sk_data_ready(parent, 0);
1222
b62f328b 1223clean:
aa2ac881 1224 release_sock(parent);
b62f328b
VT		 1225}
1226
4e8402a3
MH		 1227static void l2cap_conn_ready(struct l2cap_conn *conn)
1228{
48454079 1229 struct l2cap_chan *chan;
4e8402a3 1230
79d554a6 1231 BT_DBG("conn %p", conn);
4e8402a3 1232
b62f328b
VT		 1233 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
1234 l2cap_le_conn_ready(conn);
1235
160dc6ac
VCG		 1236 if (conn->hcon->out && conn->hcon->type == LE_LINK)
1237 smp_conn_security(conn, conn->hcon->pending_sec_level);
1238
3df91ea2 1239 mutex_lock(&conn->chan_lock);
4e8402a3 1240
3df91ea2 1241 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 1242
6be36555 1243 l2cap_chan_lock(chan);
4e8402a3 1244
63128451 1245 if (conn->hcon->type == LE_LINK) {
b501d6a1 1246 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 1247 l2cap_chan_ready(chan);
acd7d370 1248
63128451 1249 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1250 struct sock *sk = chan->sk;
c9b66675 1251 __clear_chan_timer(chan);
6be36555 1252 lock_sock(sk);
0e587be7 1253 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1254 sk->sk_state_change(sk);
6be36555 1255 release_sock(sk);
b501d6a1 1256
89bc500e 1257 } else if (chan->state == BT_CONNECT)
fc7f8a7e 1258 l2cap_do_start(chan);
4e8402a3 1259
6be36555 1260 l2cap_chan_unlock(chan);
4e8402a3 1261 }
79d554a6 1262
3df91ea2 1263 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1264}
1265
1266/* Notify sockets that we cannot guaranty reliability anymore */
1267static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1268{
48454079 1269 struct l2cap_chan *chan;
4e8402a3
MH		 1270
1271 BT_DBG("conn %p", conn);
1272
3df91ea2 1273 mutex_lock(&conn->chan_lock);
4e8402a3 1274
3df91ea2 1275 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 1276 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 1277 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 1278 }
1279
3df91ea2 1280 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1281}
1282
f878fcad 1283static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1284{
f878fcad 1285 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1286 info_timer.work);
4e8402a3 1287
984947dc 1288 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1289 conn->info_ident = 0;
984947dc 1290
4e8402a3
MH		 1291 l2cap_conn_start(conn);
1292}
1293
5d3de7df
VCG		 1294static void l2cap_conn_del(struct hci_conn *hcon, int err)
1295{
1296 struct l2cap_conn *conn = hcon->l2cap_data;
1297 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1298
1299 if (!conn)
1300 return;
1301
1302 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1303
1304 kfree_skb(conn->rx_skb);
1305
3df91ea2
AE		 1306 mutex_lock(&conn->chan_lock);
1307
5d3de7df
VCG		 1308 /* Kill channels */
1309 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
61d6ef3e 1310 l2cap_chan_hold(chan);
6be36555
AE		 1311 l2cap_chan_lock(chan);
1312
5d3de7df 1313 l2cap_chan_del(chan, err);
6be36555
AE		 1314
1315 l2cap_chan_unlock(chan);
1316
5d3de7df 1317 chan->ops->close(chan->data);
61d6ef3e 1318 l2cap_chan_put(chan);
5d3de7df
VCG		 1319 }
1320
3df91ea2
AE		 1321 mutex_unlock(&conn->chan_lock);
1322
73d80deb
LAD		 1323 hci_chan_del(conn->hchan);
1324
5d3de7df 1325 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1326 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1327
51a8efd7 1328 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1329 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1330 smp_chan_destroy(conn);
d26a2345 1331 }
5d3de7df
VCG		 1332
1333 hcon->l2cap_data = NULL;
1334 kfree(conn);
1335}
1336
6c9d42a1 1337static void security_timeout(struct work_struct *work)
5d3de7df 1338{
6c9d42a1
GP		 1339 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1340 security_timer.work);
5d3de7df
VCG		 1341
1342 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1343}
1344
1da177e4
LT		 1345static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1346{
0139418c 1347 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1348 struct hci_chan *hchan;
1da177e4 1349
0139418c 1350 if (conn || status)
1da177e4
LT		 1351 return conn;
1352
73d80deb
LAD		 1353 hchan = hci_chan_create(hcon);
1354 if (!hchan)
1355 return NULL;
1356
0139418c 1357 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1358 if (!conn) {
1359 hci_chan_del(hchan);
1da177e4 1360 return NULL;
73d80deb 1361 }
1da177e4
LT		 1362
1363 hcon->l2cap_data = conn;
1364 conn->hcon = hcon;
73d80deb 1365 conn->hchan = hchan;
1da177e4 1366
73d80deb 1367 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1368
acd7d370
VT		 1369 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1370 conn->mtu = hcon->hdev->le_mtu;
1371 else
1372 conn->mtu = hcon->hdev->acl_mtu;
1373
1da177e4
LT		 1374 conn->src = &hcon->hdev->bdaddr;
1375 conn->dst = &hcon->dst;
1376
4e8402a3
MH		 1377 conn->feat_mask = 0;
1378
1da177e4 1379 spin_lock_init(&conn->lock);
3df91ea2 1380 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1381
1382 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1383
5d3de7df 1384 if (hcon->type == LE_LINK)
6c9d42a1 1385 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1386 else
030013d8 1387 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1388
9f5a0d7b 1389 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1390
1da177e4
LT		 1391 return conn;
1392}
1393
1da177e4 1394/* ---- Socket interface ---- */
1da177e4 1395
c2287681 1396/* Find socket with psm and source / destination bdaddr.
1da177e4
LT		 1397 * Returns closest match.
1398 */
c2287681
IY		 1399static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1400 bdaddr_t *src,
1401 bdaddr_t *dst)
1da177e4 1402{
23691d75 1403 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1404
23691d75 1405 read_lock(&chan_list_lock);
e0f0cb56 1406
23691d75
GP		 1407 list_for_each_entry(c, &chan_list, global_l) {
1408 struct sock *sk = c->sk;
fe4128e0 1409
89bc500e 1410 if (state && c->state != state)
1da177e4
LT		 1411 continue;
1412
23691d75 1413 if (c->psm == psm) {
c2287681
IY		 1414 int src_match, dst_match;
1415 int src_any, dst_any;
1416
1da177e4 1417 /* Exact match. */
c2287681
IY		 1418 src_match = !bacmp(&bt_sk(sk)->src, src);
1419 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1420 if (src_match && dst_match) {
a7567b20 1421 read_unlock(&chan_list_lock);
23691d75
GP		 1422 return c;
1423 }
1da177e4
LT		 1424
1425 /* Closest match */
c2287681
IY		 1426 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1427 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1428 if ((src_match && dst_any) || (src_any && dst_match) ||
1429 (src_any && dst_any))
23691d75 1430 c1 = c;
1da177e4
LT		 1431 }
1432 }
1da177e4 1433
23691d75 1434 read_unlock(&chan_list_lock);
e0f0cb56 1435
23691d75 1436 return c1;
1da177e4
LT		 1437}
1438
8e9f9892
AG		 1439int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1440 bdaddr_t *dst, u8 dst_type)
1da177e4 1441{
5d41ce1d 1442 struct sock *sk = chan->sk;
1da177e4 1443 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1444 struct l2cap_conn *conn;
1445 struct hci_conn *hcon;
1446 struct hci_dev *hdev;
09ab6f4c 1447 __u8 auth_type;
44d0e48e 1448 int err;
1da177e4 1449
8e9f9892
AG		 1450 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst),
1451 dst_type, __le16_to_cpu(chan->psm));
1da177e4 1452
af05b30b
GP		 1453 hdev = hci_get_route(dst, src);
1454 if (!hdev)
1da177e4
LT		 1455 return -EHOSTUNREACH;
1456
09fd0de5 1457 hci_dev_lock(hdev);
1da177e4 1458
6be36555 1459 l2cap_chan_lock(chan);
03a00194
GP		 1460
1461 /* PSM must be odd and lsb of upper byte must be 0 */
1462 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1463 chan->chan_type != L2CAP_CHAN_RAW) {
1464 err = -EINVAL;
1465 goto done;
1466 }
1467
1468 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1469 err = -EINVAL;
1470 goto done;
1471 }
1472
1473 switch (chan->mode) {
1474 case L2CAP_MODE_BASIC:
1475 break;
1476 case L2CAP_MODE_ERTM:
1477 case L2CAP_MODE_STREAMING:
1478 if (!disable_ertm)
1479 break;
1480 /* fall through */
1481 default:
1482 err = -ENOTSUPP;
1483 goto done;
1484 }
1485
6be36555
AE		 1486 lock_sock(sk);
1487
03a00194
GP		 1488 switch (sk->sk_state) {
1489 case BT_CONNECT:
1490 case BT_CONNECT2:
1491 case BT_CONFIG:
1492 /* Already connecting */
1493 err = 0;
6be36555 1494 release_sock(sk);
03a00194
GP		 1495 goto done;
1496
1497 case BT_CONNECTED:
1498 /* Already connected */
1499 err = -EISCONN;
6be36555 1500 release_sock(sk);
03a00194
GP		 1501 goto done;
1502
1503 case BT_OPEN:
1504 case BT_BOUND:
1505 /* Can connect */
1506 break;
1507
1508 default:
1509 err = -EBADFD;
6be36555 1510 release_sock(sk);
03a00194
GP		 1511 goto done;
1512 }
1513
1514 /* Set destination address and psm */
9219b2a0 1515 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1516
1517 release_sock(sk);
1518
03a00194
GP		 1519 chan->psm = psm;
1520 chan->dcid = cid;
1da177e4 1521
4343478f 1522 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1523
fe4128e0 1524 if (chan->dcid == L2CAP_CID_LE_DATA)
8e9f9892 1525 hcon = hci_connect(hdev, LE_LINK, dst, dst_type,
b12f62cf 1526 chan->sec_level, auth_type);
acd7d370 1527 else
8e9f9892 1528 hcon = hci_connect(hdev, ACL_LINK, dst, dst_type,
b12f62cf 1529 chan->sec_level, auth_type);
acd7d370 1530
30e76272
VT		 1531 if (IS_ERR(hcon)) {
1532 err = PTR_ERR(hcon);
1da177e4 1533 goto done;
30e76272 1534 }
1da177e4
LT		 1535
1536 conn = l2cap_conn_add(hcon, 0);
1537 if (!conn) {
1538 hci_conn_put(hcon);
30e76272 1539 err = -ENOMEM;
1da177e4
LT		 1540 goto done;
1541 }
1542
9f0caeb1
VCG		 1543 if (hcon->type == LE_LINK) {
1544 err = 0;
1545
1546 if (!list_empty(&conn->chan_l)) {
1547 err = -EBUSY;
1548 hci_conn_put(hcon);
1549 }
1550
1551 if (err)
1552 goto done;
1553 }
1554
1da177e4
LT		 1555 /* Update source addr of the socket */
1556 bacpy(src, conn->src);
1557
6be36555 1558 l2cap_chan_unlock(chan);
48454079 1559 l2cap_chan_add(conn, chan);
6be36555 1560 l2cap_chan_lock(chan);
48454079 1561
6be36555 1562 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1563 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1564
1565 if (hcon->state == BT_CONNECTED) {
715ec005 1566 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1567 __clear_chan_timer(chan);
d45fc423 1568 if (l2cap_chan_check_security(chan))
6be36555 1569 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1570 } else
fc7f8a7e 1571 l2cap_do_start(chan);
1da177e4
LT		 1572 }
1573
30e76272
VT		 1574 err = 0;
1575
1da177e4 1576done:
6be36555 1577 l2cap_chan_unlock(chan);
09fd0de5 1578 hci_dev_unlock(hdev);
1da177e4
LT		 1579 hci_dev_put(hdev);
1580 return err;
1581}
1582
dcba0dba 1583int __l2cap_wait_ack(struct sock *sk)
6161c038 1584{
8c1d787b 1585 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1586 DECLARE_WAITQUEUE(wait, current);
1587 int err = 0;
1588 int timeo = HZ/5;
1589
2b0b05dd 1590 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1591 set_current_state(TASK_INTERRUPTIBLE);
1592 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1593 if (!timeo)
1594 timeo = HZ/5;
1595
1596 if (signal_pending(current)) {
1597 err = sock_intr_errno(timeo);
1598 break;
1599 }
1600
1601 release_sock(sk);
1602 timeo = schedule_timeout(timeo);
1603 lock_sock(sk);
a71a0cf4 1604 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1605
1606 err = sock_error(sk);
1607 if (err)
1608 break;
1609 }
1610 set_current_state(TASK_RUNNING);
2b0b05dd 1611 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1612 return err;
1613}
1614
721c4181 1615static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1616{
721c4181
GP		 1617 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1618 monitor_timer.work);
e90bac06 1619
525cd185 1620 BT_DBG("chan %p", chan);
0e98958d 1621
6be36555
AE		 1622 l2cap_chan_lock(chan);
1623
2c03a7a4 1624 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1625 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1626 l2cap_chan_unlock(chan);
8d7e1c7f 1627 l2cap_chan_put(chan);
e90bac06
GP		 1628 return;
1629 }
1630
6a026610 1631 chan->retry_count++;
1a09bcb9 1632 __set_monitor_timer(chan);
e90bac06 1633
525cd185 1634 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1635 l2cap_chan_unlock(chan);
8d7e1c7f 1636 l2cap_chan_put(chan);
e90bac06
GP		 1637}
1638
721c4181 1639static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1640{
721c4181
GP		 1641 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1642 retrans_timer.work);
e90bac06 1643
49208c9c 1644 BT_DBG("chan %p", chan);
0e98958d 1645
6be36555
AE		 1646 l2cap_chan_lock(chan);
1647
6a026610 1648 chan->retry_count = 1;
1a09bcb9 1649 __set_monitor_timer(chan);
e90bac06 1650
e2ab4353 1651 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1652
525cd185 1653 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1654
1655 l2cap_chan_unlock(chan);
8d7e1c7f 1656 l2cap_chan_put(chan);
e90bac06
GP		 1657}
1658
42e5c802 1659static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1660{
1c2acffb 1661 struct sk_buff *skb;
1da177e4 1662
58d35f87 1663 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1664 chan->unacked_frames) {
3ce3514f 1665 if (bt_cb(skb)->control.txseq == chan->expected_ack_seq)
1c2acffb 1666 break;
1da177e4 1667
58d35f87 1668 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1669 kfree_skb(skb);
1da177e4 1670
6a026610 1671 chan->unacked_frames--;
1c2acffb 1672 }
1da177e4 1673
6a026610 1674 if (!chan->unacked_frames)
1a09bcb9 1675 __clear_retrans_timer(chan);
1c2acffb 1676}
1da177e4 1677
3733937d
MM		 1678static int l2cap_streaming_send(struct l2cap_chan *chan,
1679 struct sk_buff_head *skbs)
6840ed07 1680{
ccbb84af 1681 struct sk_buff *skb;
3733937d 1682 struct l2cap_ctrl *control;
6840ed07 1683
3733937d
MM		 1684 BT_DBG("chan %p, skbs %p", chan, skbs);
1685
1686 if (chan->state != BT_CONNECTED)
1687 return -ENOTCONN;
1688
1689 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1690
1691 while (!skb_queue_empty(&chan->tx_q)) {
1692
1693 skb = skb_dequeue(&chan->tx_q);
1694
1695 bt_cb(skb)->control.retries = 1;
1696 control = &bt_cb(skb)->control;
1697
1698 control->reqseq = 0;
1699 control->txseq = chan->next_tx_seq;
1700
1701 __pack_control(chan, control, skb);
6840ed07 1702
47d1ec61 1703 if (chan->fcs == L2CAP_FCS_CRC16) {
3733937d
MM		 1704 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1705 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1706 }
1707
4343478f 1708 l2cap_do_send(chan, skb);
6840ed07 1709
3733937d
MM		 1710 BT_DBG("Sent txseq %d", (int)control->txseq);
1711
836be934 1712 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
3733937d 1713 chan->frames_sent++;
6840ed07 1714 }
3733937d
MM		 1715
1716 return 0;
6840ed07
GP		 1717}
1718
fb45de7d 1719static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1720{
8f17154f 1721 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1722 u16 fcs;
1723 u32 control;
8f17154f 1724
58d35f87 1725 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1726 if (!skb)
1727 return;
8f17154f 1728
3ce3514f 1729 while (bt_cb(skb)->control.txseq != tx_seq) {
58d35f87 1730 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1731 return;
8f17154f 1732
d1726b6d
SJ		 1733 skb = skb_queue_next(&chan->tx_q, skb);
1734 }
8f17154f 1735
3ce3514f
MM		 1736 if (bt_cb(skb)->control.retries == chan->remote_max_tx &&
1737 chan->remote_max_tx) {
8c1d787b 1738 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1739 return;
1740 }
1741
1742 tx_skb = skb_clone(skb, GFP_ATOMIC);
3ce3514f 1743 bt_cb(skb)->control.retries++;
88843ab0
AE		 1744
1745 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1746 control &= __get_sar_mask(chan);
3cb123d1 1747
e2ab4353 1748 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1749 control |= __set_ctrl_final(chan);
95ffa978 1750
0b209fae 1751 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1752 control |= __set_txseq(chan, tx_seq);
3cb123d1 1753
88843ab0 1754 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1755
47d1ec61 1756 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1757 fcs = crc16(0, (u8 *)tx_skb->data,
1758 tx_skb->len - L2CAP_FCS_SIZE);
1759 put_unaligned_le16(fcs,
1760 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1761 }
1762
4343478f 1763 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1764}
1765
67c9e840 1766static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1767{
1768 struct sk_buff *skb, *tx_skb;
18a48e76
MM		 1769 struct l2cap_ctrl *control;
1770 int sent = 0;
1771
1772 BT_DBG("chan %p", chan);
1c2acffb 1773
89bc500e 1774 if (chan->state != BT_CONNECTED)
c13ffa62 1775 return -ENOTCONN;
e90bac06 1776
94122bbe
MM		 1777 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1778 return 0;
1779
18a48e76
MM		 1780 while (chan->tx_send_head &&
1781 chan->unacked_frames < chan->remote_tx_win &&
1782 chan->tx_state == L2CAP_TX_STATE_XMIT) {
e420aba3 1783
18a48e76 1784 skb = chan->tx_send_head;
e90bac06 1785
18a48e76
MM		 1786 bt_cb(skb)->control.retries = 1;
1787 control = &bt_cb(skb)->control;
95ffa978 1788
e2ab4353 1789 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
18a48e76 1790 control->final = 1;
e2ab4353 1791
18a48e76
MM		 1792 control->reqseq = chan->buffer_seq;
1793 chan->last_acked_seq = chan->buffer_seq;
1794 control->txseq = chan->next_tx_seq;
1c2acffb 1795
18a48e76 1796 __pack_control(chan, control, skb);
e90bac06 1797
47d1ec61 1798 if (chan->fcs == L2CAP_FCS_CRC16) {
18a48e76
MM		 1799 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1800 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1801 }
1802
18a48e76
MM		 1803 /* Clone after data has been modified. Data is assumed to be
1804 read-only (for locking purposes) on cloned sk_buffs.
1805 */
1806 tx_skb = skb_clone(skb, GFP_KERNEL);
9a9c6a34 1807
18a48e76
MM		 1808 if (!tx_skb)
1809 break;
1c2acffb 1810
18a48e76 1811 __set_retrans_timer(chan);
836be934
AE		 1812
1813 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
18a48e76 1814 chan->unacked_frames++;
6a026610 1815 chan->frames_sent++;
18a48e76 1816 sent++;
1c2acffb 1817
58d35f87
GP		 1818 if (skb_queue_is_last(&chan->tx_q, skb))
1819 chan->tx_send_head = NULL;
1c2acffb 1820 else
58d35f87 1821 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
18a48e76
MM		 1822
1823 l2cap_do_send(chan, tx_skb);
1824 BT_DBG("Sent txseq %d", (int)control->txseq);
1c2acffb
GP		 1825 }
1826
18a48e76
MM		 1827 BT_DBG("Sent %d, %d unacked, %d in ERTM queue", sent,
1828 (int) chan->unacked_frames, skb_queue_len(&chan->tx_q));
1829
1830 return sent;
9e917af1
GP		 1831}
1832
525cd185 1833static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1834{
dfc909be
GP		 1835 int ret;
1836
58d35f87
GP		 1837 if (!skb_queue_empty(&chan->tx_q))
1838 chan->tx_send_head = chan->tx_q.next;
dfc909be 1839
42e5c802 1840 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1841 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1842 return ret;
1843}
1844
b17e73bb 1845static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1846{
88843ab0 1847 u32 control = 0;
9e917af1 1848
0b209fae 1849 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1850
e2ab4353 1851 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1852 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1853 set_bit(CONN_RNR_SENT, &chan->conn_state);
9a9c6a34 1854 return;
9e917af1 1855 }
dfc909be 1856
525cd185 1857 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1858 return;
1859
ab784b73 1860 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
1c2acffb
GP		 1861}
1862
b17e73bb
SJ		 1863static void l2cap_send_ack(struct l2cap_chan *chan)
1864{
1865 __clear_ack_timer(chan);
1866 __l2cap_send_ack(chan);
1867}
1868
525cd185 1869static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1870{
1871 struct srej_list *tail;
88843ab0 1872 u32 control;
99b0d4b7 1873
ab784b73 1874 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1875 control |= __set_ctrl_final(chan);
99b0d4b7 1876
39d5a3ee 1877 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1878 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7
GP		 1879}
1880
04124681
GP		 1881static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1882 struct msghdr *msg, int len,
1883 int count, struct sk_buff *skb)
1c2acffb 1884{
0952a57a 1885 struct l2cap_conn *conn = chan->conn;
1c2acffb 1886 struct sk_buff **frag;
90338947 1887 int sent = 0;
1da177e4 1888
59203a21 1889 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1890 return -EFAULT;
1da177e4
LT		 1891
1892 sent += count;
1893 len -= count;
1894
1895 /* Continuation fragments (no L2CAP header) */
1896 frag = &skb_shinfo(skb)->frag_list;
1897 while (len) {
fbe00700
GP		 1898 struct sk_buff *tmp;
1899
1da177e4
LT		 1900 count = min_t(unsigned int, conn->mtu, len);
1901
fbe00700
GP		 1902 tmp = chan->ops->alloc_skb(chan, count,
1903 msg->msg_flags & MSG_DONTWAIT);
1904 if (IS_ERR(tmp))
1905 return PTR_ERR(tmp);
1906
1907 *frag = tmp;
2f7719ce 1908
1c2acffb
GP		 1909 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1910 return -EFAULT;
1da177e4 1911
5e59b791
LAD		 1912 (*frag)->priority = skb->priority;
1913
1da177e4
LT		 1914 sent += count;
1915 len -= count;
1916
2d0ed3d5
GP		 1917 skb->len += (*frag)->len;
1918 skb->data_len += (*frag)->len;
1919
1da177e4
LT		 1920 frag = &(*frag)->next;
1921 }
1da177e4
LT		 1922
1923 return sent;
1c2acffb 1924}
1da177e4 1925
5e59b791
LAD		 1926static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1927 struct msghdr *msg, size_t len,
1928 u32 priority)
1c2acffb 1929{
8c1d787b 1930 struct l2cap_conn *conn = chan->conn;
1c2acffb 1931 struct sk_buff *skb;
03a51213 1932 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1933 struct l2cap_hdr *lh;
1934
6d5922b0 1935 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1936
1937 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1938
1939 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1940 msg->msg_flags & MSG_DONTWAIT);
1941 if (IS_ERR(skb))
1942 return skb;
1c2acffb 1943
5e59b791
LAD		 1944 skb->priority = priority;
1945
1c2acffb
GP		 1946 /* Create L2CAP header */
1947 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1948 lh->cid = cpu_to_le16(chan->dcid);
daf6a78c
AE		 1949 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
1950 put_unaligned(chan->psm, skb_put(skb, L2CAP_PSMLEN_SIZE));
1c2acffb 1951
0952a57a 1952 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1953 if (unlikely(err < 0)) {
1954 kfree_skb(skb);
1955 return ERR_PTR(err);
1956 }
1957 return skb;
1958}
1959
5e59b791
LAD		 1960static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1961 struct msghdr *msg, size_t len,
1962 u32 priority)
1c2acffb 1963{
8c1d787b 1964 struct l2cap_conn *conn = chan->conn;
1c2acffb 1965 struct sk_buff *skb;
f2ba7fae 1966 int err, count;
1c2acffb
GP		 1967 struct l2cap_hdr *lh;
1968
6d5922b0 1969 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1970
f2ba7fae 1971 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
2f7719ce 1972
f2ba7fae 1973 skb = chan->ops->alloc_skb(chan, count + L2CAP_HDR_SIZE,
90338947
GP		 1974 msg->msg_flags & MSG_DONTWAIT);
1975 if (IS_ERR(skb))
1976 return skb;
1c2acffb 1977
5e59b791
LAD		 1978 skb->priority = priority;
1979
1c2acffb
GP		 1980 /* Create L2CAP header */
1981 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1982 lh->cid = cpu_to_le16(chan->dcid);
6ff9b5ef 1983 lh->len = cpu_to_le16(len);
1c2acffb 1984
0952a57a 1985 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1986 if (unlikely(err < 0)) {
1987 kfree_skb(skb);
1988 return ERR_PTR(err);
1989 }
1990 return skb;
1991}
1992
ab0ff76d
LAD		 1993static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1994 struct msghdr *msg, size_t len,
94122bbe 1995 u16 sdulen)
1c2acffb 1996{
8c1d787b 1997 struct l2cap_conn *conn = chan->conn;
1c2acffb 1998 struct sk_buff *skb;
e4ca6d98 1999 int err, count, hlen;
1c2acffb
GP		 2000 struct l2cap_hdr *lh;
2001
6d5922b0 2002 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 2003
0ee0d208
GP		 2004 if (!conn)
2005 return ERR_PTR(-ENOTCONN);
2006
e4ca6d98
AE		 2007 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2008 hlen = L2CAP_EXT_HDR_SIZE;
2009 else
2010 hlen = L2CAP_ENH_HDR_SIZE;
2011
c74e560c 2012 if (sdulen)
03a51213 2013 hlen += L2CAP_SDULEN_SIZE;
c74e560c 2014
47d1ec61 2015 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 2016 hlen += L2CAP_FCS_SIZE;
fcc203c3 2017
1c2acffb 2018 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 2019
2020 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 2021 msg->msg_flags & MSG_DONTWAIT);
2022 if (IS_ERR(skb))
2023 return skb;
1c2acffb
GP		 2024
2025 /* Create L2CAP header */
2026 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 2027 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 2028 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0 2029
18a48e76
MM		 2030 /* Control header is populated later */
2031 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2032 put_unaligned_le32(0, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
2033 else
2034 put_unaligned_le16(0, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
88843ab0 2035
c74e560c 2036 if (sdulen)
03a51213 2037 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 2038
0952a57a 2039 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2040 if (unlikely(err < 0)) {
2041 kfree_skb(skb);
2042 return ERR_PTR(err);
2043 }
e90bac06 2044
18a48e76 2045 bt_cb(skb)->control.fcs = chan->fcs;
3ce3514f 2046 bt_cb(skb)->control.retries = 0;
1c2acffb 2047 return skb;
1da177e4
LT		 2048}
2049
94122bbe
MM		 2050static int l2cap_segment_sdu(struct l2cap_chan *chan,
2051 struct sk_buff_head *seg_queue,
2052 struct msghdr *msg, size_t len)
c74e560c 2053{
c74e560c 2054 struct sk_buff *skb;
94122bbe
MM		 2055 u16 sdu_len;
2056 size_t pdu_len;
2057 int err = 0;
2058 u8 sar;
c74e560c 2059
94122bbe 2060 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len);
c74e560c 2061
94122bbe
MM		 2062 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2063 * so fragmented skbs are not used. The HCI layer's handling
2064 * of fragmented skbs is not compatible with ERTM's queueing.
2065 */
c74e560c 2066
94122bbe
MM		 2067 /* PDU size is derived from the HCI MTU */
2068 pdu_len = chan->conn->mtu;
c74e560c 2069
94122bbe
MM		 2070 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
2071
2072 /* Adjust for largest possible L2CAP overhead. */
2073 pdu_len -= L2CAP_EXT_HDR_SIZE + L2CAP_FCS_SIZE;
2074
2075 /* Remote device may have requested smaller PDUs */
2076 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2077
2078 if (len <= pdu_len) {
2079 sar = L2CAP_SAR_UNSEGMENTED;
2080 sdu_len = 0;
2081 pdu_len = len;
2082 } else {
2083 sar = L2CAP_SAR_START;
2084 sdu_len = len;
2085 pdu_len -= L2CAP_SDULEN_SIZE;
2086 }
2087
2088 while (len > 0) {
2089 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
c74e560c 2090
c74e560c 2091 if (IS_ERR(skb)) {
94122bbe 2092 __skb_queue_purge(seg_queue);
c74e560c
GP		 2093 return PTR_ERR(skb);
2094 }
2095
94122bbe
MM		 2096 bt_cb(skb)->control.sar = sar;
2097 __skb_queue_tail(seg_queue, skb);
2098
2099 len -= pdu_len;
2100 if (sdu_len) {
2101 sdu_len = 0;
2102 pdu_len += L2CAP_SDULEN_SIZE;
2103 }
2104
2105 if (len <= pdu_len) {
2106 sar = L2CAP_SAR_END;
2107 pdu_len = len;
2108 } else {
2109 sar = L2CAP_SAR_CONTINUE;
2110 }
c74e560c 2111 }
c74e560c 2112
94122bbe 2113 return err;
c74e560c
GP		 2114}
2115
5e59b791
LAD		 2116int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2117 u32 priority)
9a91a04a 2118{
9a91a04a 2119 struct sk_buff *skb;
9a91a04a 2120 int err;
94122bbe 2121 struct sk_buff_head seg_queue;
9a91a04a
GP		 2122
2123 /* Connectionless channel */
715ec005 2124 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 2125 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 2126 if (IS_ERR(skb))
2127 return PTR_ERR(skb);
2128
2129 l2cap_do_send(chan, skb);
2130 return len;
2131 }
2132
2133 switch (chan->mode) {
2134 case L2CAP_MODE_BASIC:
2135 /* Check outgoing MTU */
2136 if (len > chan->omtu)
2137 return -EMSGSIZE;
2138
2139 /* Create a basic PDU */
5e59b791 2140 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 2141 if (IS_ERR(skb))
2142 return PTR_ERR(skb);
2143
2144 l2cap_do_send(chan, skb);
2145 err = len;
2146 break;
2147
2148 case L2CAP_MODE_ERTM:
2149 case L2CAP_MODE_STREAMING:
94122bbe
MM		 2150 /* Check outgoing MTU */
2151 if (len > chan->omtu) {
2152 err = -EMSGSIZE;
2153 break;
2154 }
9a91a04a 2155
94122bbe 2156 __skb_queue_head_init(&seg_queue);
9a91a04a 2157
94122bbe
MM		 2158 /* Do segmentation before calling in to the state machine,
2159 * since it's possible to block while waiting for memory
2160 * allocation.
2161 */
2162 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
9a91a04a 2163
94122bbe
MM		 2164 /* The channel could have been closed while segmenting,
2165 * check that it is still connected.
2166 */
2167 if (chan->state != BT_CONNECTED) {
2168 __skb_queue_purge(&seg_queue);
2169 err = -ENOTCONN;
9a91a04a
GP		 2170 }
2171
94122bbe 2172 if (err)
9a91a04a 2173 break;
9a91a04a 2174
3733937d 2175 if (chan->mode == L2CAP_MODE_ERTM)
608bcc6d
MM		 2176 err = l2cap_tx(chan, 0, &seg_queue,
2177 L2CAP_EV_DATA_REQUEST);
3733937d
MM		 2178 else
2179 err = l2cap_streaming_send(chan, &seg_queue);
9a91a04a 2180
608bcc6d 2181 if (!err)
9a91a04a
GP		 2182 err = len;
2183
94122bbe
MM		 2184 /* If the skbs were not queued for sending, they'll still be in
2185 * seg_queue and need to be purged.
2186 */
2187 __skb_queue_purge(&seg_queue);
9a91a04a
GP		 2188 break;
2189
2190 default:
2191 BT_DBG("bad state %1.1x", chan->mode);
2192 err = -EBADFD;
2193 }
2194
2195 return err;
2196}
2197
608bcc6d
MM		 2198static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2199{
2200 struct sk_buff *acked_skb;
2201 u16 ackseq;
2202
2203 BT_DBG("chan %p, reqseq %d", chan, reqseq);
2204
2205 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2206 return;
2207
2208 BT_DBG("expected_ack_seq %d, unacked_frames %d",
2209 chan->expected_ack_seq, chan->unacked_frames);
2210
2211 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2212 ackseq = __next_seq(chan, ackseq)) {
2213
2214 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2215 if (acked_skb) {
2216 skb_unlink(acked_skb, &chan->tx_q);
2217 kfree_skb(acked_skb);
2218 chan->unacked_frames--;
2219 }
2220 }
2221
2222 chan->expected_ack_seq = reqseq;
2223
2224 if (chan->unacked_frames == 0)
2225 __clear_retrans_timer(chan);
2226
2227 BT_DBG("unacked_frames %d", (int) chan->unacked_frames);
2228}
2229
2230static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2231{
2232 BT_DBG("chan %p", chan);
2233
2234 chan->expected_tx_seq = chan->buffer_seq;
2235 l2cap_seq_list_clear(&chan->srej_list);
2236 skb_queue_purge(&chan->srej_q);
2237 chan->rx_state = L2CAP_RX_STATE_RECV;
2238}
2239
2240static int l2cap_tx_state_xmit(struct l2cap_chan *chan,
2241 struct l2cap_ctrl *control,
2242 struct sk_buff_head *skbs, u8 event)
2243{
2244 int err = 0;
2245
2246 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2247 event);
2248
2249 switch (event) {
2250 case L2CAP_EV_DATA_REQUEST:
2251 if (chan->tx_send_head == NULL)
2252 chan->tx_send_head = skb_peek(skbs);
2253
2254 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2255 l2cap_ertm_send(chan);
2256 break;
2257 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2258 BT_DBG("Enter LOCAL_BUSY");
2259 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2260
2261 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2262 /* The SREJ_SENT state must be aborted if we are to
2263 * enter the LOCAL_BUSY state.
2264 */
2265 l2cap_abort_rx_srej_sent(chan);
2266 }
2267
2268 l2cap_send_ack(chan);
2269
2270 break;
2271 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2272 BT_DBG("Exit LOCAL_BUSY");
2273 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2274
2275 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2276 struct l2cap_ctrl local_control;
2277
2278 memset(&local_control, 0, sizeof(local_control));
2279 local_control.sframe = 1;
2280 local_control.super = L2CAP_SUPER_RR;
2281 local_control.poll = 1;
2282 local_control.reqseq = chan->buffer_seq;
a67d7f6f 2283 l2cap_send_sframe(chan, &local_control);
608bcc6d
MM		 2284
2285 chan->retry_count = 1;
2286 __set_monitor_timer(chan);
2287 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2288 }
2289 break;
2290 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2291 l2cap_process_reqseq(chan, control->reqseq);
2292 break;
2293 case L2CAP_EV_EXPLICIT_POLL:
2294 l2cap_send_rr_or_rnr(chan, 1);
2295 chan->retry_count = 1;
2296 __set_monitor_timer(chan);
2297 __clear_ack_timer(chan);
2298 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2299 break;
2300 case L2CAP_EV_RETRANS_TO:
2301 l2cap_send_rr_or_rnr(chan, 1);
2302 chan->retry_count = 1;
2303 __set_monitor_timer(chan);
2304 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2305 break;
2306 case L2CAP_EV_RECV_FBIT:
2307 /* Nothing to process */
2308 break;
2309 default:
2310 break;
2311 }
2312
2313 return err;
2314}
2315
2316static int l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2317 struct l2cap_ctrl *control,
2318 struct sk_buff_head *skbs, u8 event)
2319{
2320 int err = 0;
2321
2322 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2323 event);
2324
2325 switch (event) {
2326 case L2CAP_EV_DATA_REQUEST:
2327 if (chan->tx_send_head == NULL)
2328 chan->tx_send_head = skb_peek(skbs);
2329 /* Queue data, but don't send. */
2330 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2331 break;
2332 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2333 BT_DBG("Enter LOCAL_BUSY");
2334 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2335
2336 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2337 /* The SREJ_SENT state must be aborted if we are to
2338 * enter the LOCAL_BUSY state.
2339 */
2340 l2cap_abort_rx_srej_sent(chan);
2341 }
2342
2343 l2cap_send_ack(chan);
2344
2345 break;
2346 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2347 BT_DBG("Exit LOCAL_BUSY");
2348 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2349
2350 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2351 struct l2cap_ctrl local_control;
2352 memset(&local_control, 0, sizeof(local_control));
2353 local_control.sframe = 1;
2354 local_control.super = L2CAP_SUPER_RR;
2355 local_control.poll = 1;
2356 local_control.reqseq = chan->buffer_seq;
a67d7f6f 2357 l2cap_send_sframe(chan, &local_control);
608bcc6d
MM		 2358
2359 chan->retry_count = 1;
2360 __set_monitor_timer(chan);
2361 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2362 }
2363 break;
2364 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2365 l2cap_process_reqseq(chan, control->reqseq);
2366
2367 /* Fall through */
2368
2369 case L2CAP_EV_RECV_FBIT:
2370 if (control && control->final) {
2371 __clear_monitor_timer(chan);
2372 if (chan->unacked_frames > 0)
2373 __set_retrans_timer(chan);
2374 chan->retry_count = 0;
2375 chan->tx_state = L2CAP_TX_STATE_XMIT;
2376 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2377 }
2378 break;
2379 case L2CAP_EV_EXPLICIT_POLL:
2380 /* Ignore */
2381 break;
2382 case L2CAP_EV_MONITOR_TO:
2383 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2384 l2cap_send_rr_or_rnr(chan, 1);
2385 __set_monitor_timer(chan);
2386 chan->retry_count++;
2387 } else {
2388 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
2389 }
2390 break;
2391 default:
2392 break;
2393 }
2394
2395 return err;
2396}
2397
2398static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2399 struct sk_buff_head *skbs, u8 event)
2400{
2401 int err = 0;
2402
2403 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2404 chan, control, skbs, event, chan->tx_state);
2405
2406 switch (chan->tx_state) {
2407 case L2CAP_TX_STATE_XMIT:
2408 err = l2cap_tx_state_xmit(chan, control, skbs, event);
2409 break;
2410 case L2CAP_TX_STATE_WAIT_F:
2411 err = l2cap_tx_state_wait_f(chan, control, skbs, event);
2412 break;
2413 default:
2414 /* Ignore event */
2415 break;
2416 }
2417
2418 return err;
2419}
2420
1da177e4
LT		 2421/* Copy frame to all raw sockets on that connection */
2422static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2423{
1da177e4 2424 struct sk_buff *nskb;
48454079 2425 struct l2cap_chan *chan;
1da177e4
LT		 2426
2427 BT_DBG("conn %p", conn);
2428
3df91ea2 2429 mutex_lock(&conn->chan_lock);
3d57dc68 2430
3df91ea2 2431 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 2432 struct sock *sk = chan->sk;
715ec005 2433 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 2434 continue;
2435
2436 /* Don't send frame to the socket it came from */
2437 if (skb->sk == sk)
2438 continue;
af05b30b
GP		 2439 nskb = skb_clone(skb, GFP_ATOMIC);
2440 if (!nskb)
1da177e4
LT		 2441 continue;
2442
23070494 2443 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 2444 kfree_skb(nskb);
2445 }
3d57dc68 2446
3df91ea2 2447 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2448}
2449
2450/* ---- L2CAP signalling commands ---- */
2451static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2452 u8 code, u8 ident, u16 dlen, void *data)
2453{
2454 struct sk_buff *skb, **frag;
2455 struct l2cap_cmd_hdr *cmd;
2456 struct l2cap_hdr *lh;
2457 int len, count;
2458
af05b30b
GP		 2459 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2460 conn, code, ident, dlen);
1da177e4
LT		 2461
2462 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2463 count = min_t(unsigned int, conn->mtu, len);
2464
2465 skb = bt_skb_alloc(count, GFP_ATOMIC);
2466 if (!skb)
2467 return NULL;
2468
2469 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 2470 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 2471
2472 if (conn->hcon->type == LE_LINK)
2473 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
2474 else
2475 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 2476
2477 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2478 cmd->code = code;
2479 cmd->ident = ident;
aca3192c 2480 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 2481
2482 if (dlen) {
2483 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2484 memcpy(skb_put(skb, count), data, count);
2485 data += count;
2486 }
2487
2488 len -= skb->len;
2489
2490 /* Continuation fragments (no L2CAP header) */
2491 frag = &skb_shinfo(skb)->frag_list;
2492 while (len) {
2493 count = min_t(unsigned int, conn->mtu, len);
2494
2495 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2496 if (!*frag)
2497 goto fail;
2498
2499 memcpy(skb_put(*frag, count), data, count);
2500
2501 len -= count;
2502 data += count;
2503
2504 frag = &(*frag)->next;
2505 }
2506
2507 return skb;
2508
2509fail:
2510 kfree_skb(skb);
2511 return NULL;
2512}
2513
2514static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2515{
2516 struct l2cap_conf_opt *opt = *ptr;
2517 int len;
2518
2519 len = L2CAP_CONF_OPT_SIZE + opt->len;
2520 *ptr += len;
2521
2522 *type = opt->type;
2523 *olen = opt->len;
2524
2525 switch (opt->len) {
2526 case 1:
2527 *val = *((u8 *) opt->val);
2528 break;
2529
2530 case 2:
bfaaeb3e 2531 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 2532 break;
2533
2534 case 4:
bfaaeb3e 2535 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 2536 break;
2537
2538 default:
2539 *val = (unsigned long) opt->val;
2540 break;
2541 }
2542
2543 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2544 return len;
2545}
2546
1da177e4
LT		 2547static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2548{
2549 struct l2cap_conf_opt *opt = *ptr;
2550
2551 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2552
2553 opt->type = type;
2554 opt->len = len;
2555
2556 switch (len) {
2557 case 1:
2558 *((u8 *) opt->val) = val;
2559 break;
2560
2561 case 2:
4f8b691c 2562 put_unaligned_le16(val, opt->val);
1da177e4
LT		 2563 break;
2564
2565 case 4:
4f8b691c 2566 put_unaligned_le32(val, opt->val);
1da177e4
LT		 2567 break;
2568
2569 default:
2570 memcpy(opt->val, (void *) val, len);
2571 break;
2572 }
2573
2574 *ptr += L2CAP_CONF_OPT_SIZE + len;
2575}
2576
f89cef09
AE		 2577static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2578{
2579 struct l2cap_conf_efs efs;
2580
1ec918ce 2581 switch (chan->mode) {
f89cef09
AE		 2582 case L2CAP_MODE_ERTM:
2583 efs.id = chan->local_id;
2584 efs.stype = chan->local_stype;
2585 efs.msdu = cpu_to_le16(chan->local_msdu);
2586 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2587 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2588 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2589 break;
2590
2591 case L2CAP_MODE_STREAMING:
2592 efs.id = 1;
2593 efs.stype = L2CAP_SERV_BESTEFFORT;
2594 efs.msdu = cpu_to_le16(chan->local_msdu);
2595 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2596 efs.acc_lat = 0;
2597 efs.flush_to = 0;
2598 break;
2599
2600 default:
2601 return;
2602 }
2603
2604 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2605 (unsigned long) &efs);
2606}
2607
721c4181 2608static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2609{
721c4181
GP		 2610 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2611 ack_timer.work);
c1b4f43b 2612
2fb9b3d4
GP		 2613 BT_DBG("chan %p", chan);
2614
6be36555
AE		 2615 l2cap_chan_lock(chan);
2616
b17e73bb 2617 __l2cap_send_ack(chan);
6be36555
AE		 2618
2619 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2620
2621 l2cap_chan_put(chan);
c1b4f43b
GP		 2622}
2623
3c588192 2624static inline int l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2625{
3c588192
MM		 2626 int err;
2627
105bdf9e
MM		 2628 chan->next_tx_seq = 0;
2629 chan->expected_tx_seq = 0;
42e5c802 2630 chan->expected_ack_seq = 0;
6a026610 2631 chan->unacked_frames = 0;
42e5c802 2632 chan->buffer_seq = 0;
6a026610
GP		 2633 chan->num_acked = 0;
2634 chan->frames_sent = 0;
105bdf9e
MM		 2635 chan->last_acked_seq = 0;
2636 chan->sdu = NULL;
2637 chan->sdu_last_frag = NULL;
2638 chan->sdu_len = 0;
2639
d34c34fb
MM		 2640 skb_queue_head_init(&chan->tx_q);
2641
105bdf9e
MM		 2642 if (chan->mode != L2CAP_MODE_ERTM)
2643 return 0;
2644
2645 chan->rx_state = L2CAP_RX_STATE_RECV;
2646 chan->tx_state = L2CAP_TX_STATE_XMIT;
0565c1c2 2647
721c4181
GP		 2648 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2649 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2650 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2651
f1c6775b 2652 skb_queue_head_init(&chan->srej_q);
1890d36b 2653
39d5a3ee 2654 INIT_LIST_HEAD(&chan->srej_l);
3c588192
MM		 2655 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
2656 if (err < 0)
2657 return err;
2658
9dc9affc
MM		 2659 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
2660 if (err < 0)
2661 l2cap_seq_list_free(&chan->srej_list);
2662
2663 return err;
0565c1c2
GP		 2664}
2665
f2fcfcd6
GP		 2666static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2667{
2668 switch (mode) {
2669 case L2CAP_MODE_STREAMING:
2670 case L2CAP_MODE_ERTM:
2671 if (l2cap_mode_supported(mode, remote_feat_mask))
2672 return mode;
2673 /* fall through */
2674 default:
2675 return L2CAP_MODE_BASIC;
2676 }
2677}
2678
6327eb98
AE		 2679static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2680{
2681 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2682}
2683
f89cef09
AE		 2684static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2685{
2686 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2687}
2688
6327eb98
AE		 2689static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2690{
2691 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2692 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2693 /* use extended control field */
2694 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2695 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2696 } else {
6327eb98
AE		 2697 chan->tx_win = min_t(u16, chan->tx_win,
2698 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2699 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2700 }
6327eb98
AE		 2701}
2702
710f9b0a 2703static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2704{
1da177e4 2705 struct l2cap_conf_req *req = data;
0c1bc5c6 2706 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2707 void *ptr = req->data;
c8f79162 2708 u16 size;
1da177e4 2709
49208c9c 2710 BT_DBG("chan %p", chan);
1da177e4 2711
73ffa904 2712 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2713 goto done;
2714
0c1bc5c6 2715 switch (chan->mode) {
f2fcfcd6
GP		 2716 case L2CAP_MODE_STREAMING:
2717 case L2CAP_MODE_ERTM:
c1360a1c 2718 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2719 break;
85eb53c6 2720
f89cef09
AE		 2721 if (__l2cap_efs_supported(chan))
2722 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2723
2ba13ed6 2724 /* fall through */
f2fcfcd6 2725 default:
8c1d787b 2726 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2727 break;
2728 }
2729
2730done:
0c1bc5c6
GP		 2731 if (chan->imtu != L2CAP_DEFAULT_MTU)
2732 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2733
0c1bc5c6 2734 switch (chan->mode) {
65c7c491 2735 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2736 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2737 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2738 break;
2739
62547752
GP		 2740 rfc.mode = L2CAP_MODE_BASIC;
2741 rfc.txwin_size = 0;
2742 rfc.max_transmit = 0;
2743 rfc.retrans_timeout = 0;
2744 rfc.monitor_timeout = 0;
2745 rfc.max_pdu_size = 0;
2746
63406504
GP		 2747 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2748 (unsigned long) &rfc);
65c7c491
MH		 2749 break;
2750
2751 case L2CAP_MODE_ERTM:
2752 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2753 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2754 rfc.retrans_timeout = 0;
2755 rfc.monitor_timeout = 0;
c8f79162
AE		 2756
2757 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2758 L2CAP_EXT_HDR_SIZE -
2759 L2CAP_SDULEN_SIZE -
2760 L2CAP_FCS_SIZE);
2761 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2762
6327eb98
AE		 2763 l2cap_txwin_setup(chan);
2764
2765 rfc.txwin_size = min_t(u16, chan->tx_win,
2766 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2767
63406504
GP		 2768 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2769 (unsigned long) &rfc);
2770
f89cef09
AE		 2771 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2772 l2cap_add_opt_efs(&ptr, chan);
2773
8c1d787b 2774 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2775 break;
2776
47d1ec61 2777 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2778 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2779 chan->fcs = L2CAP_FCS_NONE;
2780 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2781 }
6327eb98
AE		 2782
2783 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2784 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2785 chan->tx_win);
f2fcfcd6
GP		 2786 break;
2787
2788 case L2CAP_MODE_STREAMING:
2789 rfc.mode = L2CAP_MODE_STREAMING;
2790 rfc.txwin_size = 0;
2791 rfc.max_transmit = 0;
2792 rfc.retrans_timeout = 0;
2793 rfc.monitor_timeout = 0;
c8f79162
AE		 2794
2795 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2796 L2CAP_EXT_HDR_SIZE -
2797 L2CAP_SDULEN_SIZE -
2798 L2CAP_FCS_SIZE);
2799 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2800
63406504
GP		 2801 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2802 (unsigned long) &rfc);
2803
f89cef09
AE		 2804 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2805 l2cap_add_opt_efs(&ptr, chan);
2806
8c1d787b 2807 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2808 break;
2809
47d1ec61 2810 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2811 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2812 chan->fcs = L2CAP_FCS_NONE;
2813 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2814 }
65c7c491
MH		 2815 break;
2816 }
1da177e4 2817
fe4128e0 2818 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2819 req->flags = cpu_to_le16(0);
1da177e4
LT		 2820
2821 return ptr - data;
2822}
2823
73ffa904 2824static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2825{
5dee9e7c
MH		 2826 struct l2cap_conf_rsp *rsp = data;
2827 void *ptr = rsp->data;
73ffa904
GP		 2828 void *req = chan->conf_req;
2829 int len = chan->conf_len;
5dee9e7c
MH		 2830 int type, hint, olen;
2831 unsigned long val;
6464f35f 2832 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2833 struct l2cap_conf_efs efs;
2834 u8 remote_efs = 0;
861d6882 2835 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2836 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2837 u16 size;
1da177e4 2838
73ffa904 2839 BT_DBG("chan %p", chan);
820ae1b8 2840
5dee9e7c
MH		 2841 while (len >= L2CAP_CONF_OPT_SIZE) {
2842 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2843
589d2746 2844 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2845 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2846
2847 switch (type) {
2848 case L2CAP_CONF_MTU:
861d6882 2849 mtu = val;
5dee9e7c
MH		 2850 break;
2851
2852 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2853 chan->flush_to = val;
5dee9e7c
MH		 2854 break;
2855
2856 case L2CAP_CONF_QOS:
2857 break;
2858
6464f35f
MH		 2859 case L2CAP_CONF_RFC:
2860 if (olen == sizeof(rfc))
2861 memcpy(&rfc, (void *) val, olen);
2862 break;
2863
fcc203c3
GP		 2864 case L2CAP_CONF_FCS:
2865 if (val == L2CAP_FCS_NONE)
c1360a1c 2866 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2867 break;
fcc203c3 2868
42dceae2
AE		 2869 case L2CAP_CONF_EFS:
2870 remote_efs = 1;
2871 if (olen == sizeof(efs))
2872 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2873 break;
2874
6327eb98
AE		 2875 case L2CAP_CONF_EWS:
2876 if (!enable_hs)
2877 return -ECONNREFUSED;
fcc203c3 2878
6327eb98
AE		 2879 set_bit(FLAG_EXT_CTRL, &chan->flags);
2880 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2881 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2882 chan->remote_tx_win = val;
fcc203c3
GP		 2883 break;
2884
5dee9e7c
MH		 2885 default:
2886 if (hint)
2887 break;
2888
2889 result = L2CAP_CONF_UNKNOWN;
2890 *((u8 *) ptr++) = type;
2891 break;
2892 }
2893 }
2894
73ffa904 2895 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2896 goto done;
2897
0c1bc5c6 2898 switch (chan->mode) {
f2fcfcd6
GP		 2899 case L2CAP_MODE_STREAMING:
2900 case L2CAP_MODE_ERTM:
c1360a1c 2901 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2902 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2903 chan->conn->feat_mask);
85eb53c6
GP		 2904 break;
2905 }
2906
42dceae2
AE		 2907 if (remote_efs) {
2908 if (__l2cap_efs_supported(chan))
2909 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2910 else
2911 return -ECONNREFUSED;
2912 }
2913
0c1bc5c6 2914 if (chan->mode != rfc.mode)
f2fcfcd6 2915 return -ECONNREFUSED;
742e519b 2916
f2fcfcd6 2917 break;
f2fcfcd6
GP		 2918 }
2919
2920done:
0c1bc5c6 2921 if (chan->mode != rfc.mode) {
f2fcfcd6 2922 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2923 rfc.mode = chan->mode;
f2fcfcd6 2924
73ffa904 2925 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2926 return -ECONNREFUSED;
2927
2928 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2929 sizeof(rfc), (unsigned long) &rfc);
2930 }
2931
5dee9e7c
MH		 2932 if (result == L2CAP_CONF_SUCCESS) {
2933 /* Configure output options and let the other side know
2934 * which ones we don't like. */
2935
f2fcfcd6
GP		 2936 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2937 result = L2CAP_CONF_UNACCEPT;
2938 else {
0c1bc5c6 2939 chan->omtu = mtu;
c1360a1c 2940 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2941 }
0c1bc5c6 2942 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2943
42dceae2
AE		 2944 if (remote_efs) {
2945 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2946 efs.stype != L2CAP_SERV_NOTRAFIC &&
2947 efs.stype != chan->local_stype) {
2948
2949 result = L2CAP_CONF_UNACCEPT;
2950
2951 if (chan->num_conf_req >= 1)
2952 return -ECONNREFUSED;
2953
2954 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2955 sizeof(efs),
42dceae2 2956 (unsigned long) &efs);
0e8b207e 2957 } else {
3e6b3b95 2958 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2959 result = L2CAP_CONF_PENDING;
2960 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2961 }
2962 }
2963
f2fcfcd6
GP		 2964 switch (rfc.mode) {
2965 case L2CAP_MODE_BASIC:
47d1ec61 2966 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2967 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2968 break;
2969
2970 case L2CAP_MODE_ERTM:
6327eb98
AE		 2971 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2972 chan->remote_tx_win = rfc.txwin_size;
2973 else
2974 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2975
2c03a7a4 2976 chan->remote_max_tx = rfc.max_transmit;
1c762159 2977
c8f79162
AE		 2978 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2979 chan->conn->mtu -
2980 L2CAP_EXT_HDR_SIZE -
2981 L2CAP_SDULEN_SIZE -
2982 L2CAP_FCS_SIZE);
2983 rfc.max_pdu_size = cpu_to_le16(size);
2984 chan->remote_mps = size;
f2fcfcd6 2985
10467e9e 2986 rfc.retrans_timeout =
4fd21a88 2987 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 2988 rfc.monitor_timeout =
4fd21a88 2989 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2990
c1360a1c 2991 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2992
2993 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2994 sizeof(rfc), (unsigned long) &rfc);
2995
42dceae2
AE		 2996 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2997 chan->remote_id = efs.id;
2998 chan->remote_stype = efs.stype;
2999 chan->remote_msdu = le16_to_cpu(efs.msdu);
3000 chan->remote_flush_to =
3001 le32_to_cpu(efs.flush_to);
3002 chan->remote_acc_lat =
3003 le32_to_cpu(efs.acc_lat);
3004 chan->remote_sdu_itime =
3005 le32_to_cpu(efs.sdu_itime);
3006 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3007 sizeof(efs), (unsigned long) &efs);
3008 }
f2fcfcd6
GP		 3009 break;
3010
3011 case L2CAP_MODE_STREAMING:
c8f79162
AE		 3012 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3013 chan->conn->mtu -
3014 L2CAP_EXT_HDR_SIZE -
3015 L2CAP_SDULEN_SIZE -
3016 L2CAP_FCS_SIZE);
3017 rfc.max_pdu_size = cpu_to_le16(size);
3018 chan->remote_mps = size;
f2fcfcd6 3019
c1360a1c 3020 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 3021
3022 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3023 sizeof(rfc), (unsigned long) &rfc);
3024
f2fcfcd6
GP		 3025 break;
3026
3027 default:
5dee9e7c 3028 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 3029
6464f35f 3030 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 3031 rfc.mode = chan->mode;
f2fcfcd6 3032 }
6464f35f 3033
f2fcfcd6 3034 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 3035 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 3036 }
fe4128e0 3037 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 3038 rsp->result = cpu_to_le16(result);
3039 rsp->flags = cpu_to_le16(0x0000);
3040
3041 return ptr - data;
1da177e4
LT		 3042}
3043
b4450035 3044static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 3045{
f2fcfcd6
GP		 3046 struct l2cap_conf_req *req = data;
3047 void *ptr = req->data;
3048 int type, olen;
3049 unsigned long val;
36e999a8 3050 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 3051 struct l2cap_conf_efs efs;
f2fcfcd6 3052
fe4128e0 3053 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 3054
3055 while (len >= L2CAP_CONF_OPT_SIZE) {
3056 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3057
3058 switch (type) {
3059 case L2CAP_CONF_MTU:
3060 if (val < L2CAP_DEFAULT_MIN_MTU) {
3061 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 3062 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 3063 } else
0c1bc5c6
GP		 3064 chan->imtu = val;
3065 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 3066 break;
3067
3068 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 3069 chan->flush_to = val;
f2fcfcd6 3070 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 3071 2, chan->flush_to);
f2fcfcd6
GP		 3072 break;
3073
3074 case L2CAP_CONF_RFC:
3075 if (olen == sizeof(rfc))
3076 memcpy(&rfc, (void *)val, olen);
3077
c1360a1c 3078 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 3079 rfc.mode != chan->mode)
f2fcfcd6
GP		 3080 return -ECONNREFUSED;
3081
47d1ec61 3082 chan->fcs = 0;
f2fcfcd6
GP		 3083
3084 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3085 sizeof(rfc), (unsigned long) &rfc);
3086 break;
6327eb98
AE		 3087
3088 case L2CAP_CONF_EWS:
3089 chan->tx_win = min_t(u16, val,
3090 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 3091 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3092 chan->tx_win);
6327eb98 3093 break;
66af7aaf
AE		 3094
3095 case L2CAP_CONF_EFS:
3096 if (olen == sizeof(efs))
3097 memcpy(&efs, (void *)val, olen);
3098
3099 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3100 efs.stype != L2CAP_SERV_NOTRAFIC &&
3101 efs.stype != chan->local_stype)
3102 return -ECONNREFUSED;
3103
3104 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3105 sizeof(efs), (unsigned long) &efs);
3106 break;
f2fcfcd6
GP		 3107 }
3108 }
3109
0c1bc5c6 3110 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 3111 return -ECONNREFUSED;
3112
0c1bc5c6 3113 chan->mode = rfc.mode;
6c2ea7a8 3114
0e8b207e 3115 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 3116 switch (rfc.mode) {
3117 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3118 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3119 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3120 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 3121
3122 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3123 chan->local_msdu = le16_to_cpu(efs.msdu);
3124 chan->local_sdu_itime =
3125 le32_to_cpu(efs.sdu_itime);
3126 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3127 chan->local_flush_to =
3128 le32_to_cpu(efs.flush_to);
3129 }
f2fcfcd6 3130 break;
66af7aaf 3131
f2fcfcd6 3132 case L2CAP_MODE_STREAMING:
47d1ec61 3133 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 3134 }
3135 }
3136
fe4128e0 3137 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 3138 req->flags = cpu_to_le16(0x0000);
3139
3140 return ptr - data;
3141}
3142
fe4128e0 3143static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 3144{
3145 struct l2cap_conf_rsp *rsp = data;
3146 void *ptr = rsp->data;
1da177e4 3147
fe4128e0 3148 BT_DBG("chan %p", chan);
1da177e4 3149
fe4128e0 3150 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 3151 rsp->result = cpu_to_le16(result);
aca3192c 3152 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 3153
3154 return ptr - data;
3155}
3156
8c1d787b 3157void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 3158{
3159 struct l2cap_conn_rsp rsp;
8c1d787b 3160 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 3161 u8 buf[128];
3162
fe4128e0
GP		 3163 rsp.scid = cpu_to_le16(chan->dcid);
3164 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 3165 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
3166 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3167 l2cap_send_cmd(conn, chan->ident,
3168 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3169
c1360a1c 3170 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 3171 return;
3172
710f9b0a
GP		 3173 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3174 l2cap_build_conf_req(chan, buf), buf);
3175 chan->num_conf_req++;
3176}
3177
47d1ec61 3178static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 3179{
7b1c0049
GP		 3180 int type, olen;
3181 unsigned long val;
3182 struct l2cap_conf_rfc rfc;
3183
47d1ec61 3184 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 3185
0c1bc5c6 3186 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 3187 return;
3188
3189 while (len >= L2CAP_CONF_OPT_SIZE) {
3190 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3191
3192 switch (type) {
3193 case L2CAP_CONF_RFC:
3194 if (olen == sizeof(rfc))
3195 memcpy(&rfc, (void *)val, olen);
3196 goto done;
3197 }
3198 }
3199
36e999a8
MM		 3200 /* Use sane default values in case a misbehaving remote device
3201 * did not send an RFC option.
3202 */
3203 rfc.mode = chan->mode;
3204 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3205 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3206 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3207
3208 BT_ERR("Expected RFC option was not found, using defaults");
3209
7b1c0049
GP		 3210done:
3211 switch (rfc.mode) {
3212 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3213 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3214 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3215 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3216 break;
3217 case L2CAP_MODE_STREAMING:
47d1ec61 3218 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3219 }
3220}
3221
4e8402a3
MH		 3222static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3223{
e2fd318e 3224 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 3225
e2fd318e 3226 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 3227 return 0;
3228
3229 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3230 cmd->ident == conn->info_ident) {
17cd3f37 3231 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 3232
3233 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3234 conn->info_ident = 0;
984947dc 3235
4e8402a3
MH		 3236 l2cap_conn_start(conn);
3237 }
3238
3239 return 0;
3240}
3241
1da177e4
LT		 3242static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3243{
1da177e4
LT		 3244 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3245 struct l2cap_conn_rsp rsp;
23691d75 3246 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 3247 struct sock *parent, *sk = NULL;
e7c29cb1 3248 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3249
3250 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 3251 __le16 psm = req->psm;
1da177e4 3252
097db76c 3253 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 3254
3255 /* Check if we have socket listening on psm */
c2287681 3256 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src, conn->dst);
23691d75 3257 if (!pchan) {
1da177e4
LT		 3258 result = L2CAP_CR_BAD_PSM;
3259 goto sendresp;
3260 }
3261
23691d75
GP		 3262 parent = pchan->sk;
3263
3df91ea2 3264 mutex_lock(&conn->chan_lock);
aa2ac881 3265 lock_sock(parent);
e0f0cb56 3266
e7c29cb1
MH		 3267 /* Check if the ACL is secure enough (if not SDP) */
3268 if (psm != cpu_to_le16(0x0001) &&
3269 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 3270 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 3271 result = L2CAP_CR_SEC_BLOCK;
3272 goto response;
3273 }
3274
1da177e4
LT		 3275 result = L2CAP_CR_NO_MEM;
3276
3277 /* Check for backlog size */
3278 if (sk_acceptq_is_full(parent)) {
8e87d142 3279 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 3280 goto response;
3281 }
3282
80808e43
GP		 3283 chan = pchan->ops->new_connection(pchan->data);
3284 if (!chan)
1da177e4
LT		 3285 goto response;
3286
80808e43
GP		 3287 sk = chan->sk;
3288
1da177e4 3289 /* Check if we already have channel with that dcid */
baa7e1fa 3290 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 3291 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 3292 chan->ops->close(chan->data);
1da177e4
LT		 3293 goto response;
3294 }
3295
3296 hci_conn_hold(conn->hcon);
3297
1da177e4
LT		 3298 bacpy(&bt_sk(sk)->src, conn->src);
3299 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 3300 chan->psm = psm;
3301 chan->dcid = scid;
1da177e4 3302
d1010240
GP		 3303 bt_accept_enqueue(parent, sk);
3304
6be36555 3305 __l2cap_chan_add(conn, chan);
48454079 3306
fe4128e0 3307 dcid = chan->scid;
1da177e4 3308
c9b66675 3309 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 3310
fc7f8a7e 3311 chan->ident = cmd->ident;
1da177e4 3312
984947dc 3313 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 3314 if (l2cap_chan_check_security(chan)) {
c5daa683 3315 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0e587be7 3316 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 3317 result = L2CAP_CR_PEND;
3318 status = L2CAP_CS_AUTHOR_PEND;
3319 parent->sk_data_ready(parent, 0);
3320 } else {
0e587be7 3321 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 3322 result = L2CAP_CR_SUCCESS;
3323 status = L2CAP_CS_NO_INFO;
3324 }
79d554a6 3325 } else {
0e587be7 3326 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3327 result = L2CAP_CR_PEND;
3328 status = L2CAP_CS_AUTHEN_PEND;
3329 }
3330 } else {
0e587be7 3331 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3332 result = L2CAP_CR_PEND;
3333 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3334 }
3335
1da177e4 3336response:
aa2ac881 3337 release_sock(parent);
3df91ea2 3338 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 3339
3340sendresp:
aca3192c
YH		 3341 rsp.scid = cpu_to_le16(scid);
3342 rsp.dcid = cpu_to_le16(dcid);
3343 rsp.result = cpu_to_le16(result);
3344 rsp.status = cpu_to_le16(status);
1da177e4 3345 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 3346
3347 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3348 struct l2cap_info_req info;
3349 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3350
3351 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3352 conn->info_ident = l2cap_get_ident(conn);
3353
ba13ccd9 3354 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 3355
3356 l2cap_send_cmd(conn, conn->info_ident,
3357 L2CAP_INFO_REQ, sizeof(info), &info);
3358 }
3359
c1360a1c 3360 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 3361 result == L2CAP_CR_SUCCESS) {
3362 u8 buf[128];
c1360a1c 3363 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 3364 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3365 l2cap_build_conf_req(chan, buf), buf);
3366 chan->num_conf_req++;
e9aeb2dd
GP		 3367 }
3368
1da177e4
LT		 3369 return 0;
3370}
3371
3372static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3373{
3374 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3375 u16 scid, dcid, result, status;
48454079 3376 struct l2cap_chan *chan;
1da177e4 3377 u8 req[128];
3df91ea2 3378 int err;
1da177e4
LT		 3379
3380 scid = __le16_to_cpu(rsp->scid);
3381 dcid = __le16_to_cpu(rsp->dcid);
3382 result = __le16_to_cpu(rsp->result);
3383 status = __le16_to_cpu(rsp->status);
3384
1b009c98
AE		 3385 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3386 dcid, scid, result, status);
1da177e4 3387
3df91ea2
AE		 3388 mutex_lock(&conn->chan_lock);
3389
1da177e4 3390 if (scid) {
3df91ea2
AE		 3391 chan = __l2cap_get_chan_by_scid(conn, scid);
3392 if (!chan) {
3393 err = -EFAULT;
3394 goto unlock;
3395 }
1da177e4 3396 } else {
3df91ea2
AE		 3397 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3398 if (!chan) {
3399 err = -EFAULT;
3400 goto unlock;
3401 }
1da177e4
LT		 3402 }
3403
3df91ea2
AE		 3404 err = 0;
3405
6be36555 3406 l2cap_chan_lock(chan);
48454079 3407
1da177e4
LT		 3408 switch (result) {
3409 case L2CAP_CR_SUCCESS:
89bc500e 3410 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 3411 chan->ident = 0;
fe4128e0 3412 chan->dcid = dcid;
c1360a1c 3413 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 3414
c1360a1c 3415 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 3416 break;
3417
1da177e4 3418 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3419 l2cap_build_conf_req(chan, req), req);
3420 chan->num_conf_req++;
1da177e4
LT		 3421 break;
3422
3423 case L2CAP_CR_PEND:
c1360a1c 3424 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 3425 break;
3426
3427 default:
48454079 3428 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 3429 break;
3430 }
3431
6be36555 3432 l2cap_chan_unlock(chan);
3df91ea2
AE		 3433
3434unlock:
3435 mutex_unlock(&conn->chan_lock);
3436
3437 return err;
1da177e4
LT		 3438}
3439
47d1ec61 3440static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 3441{
3442 /* FCS is enabled only in ERTM or streaming mode, if one or both
3443 * sides request it.
3444 */
0c1bc5c6 3445 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 3446 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 3447 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 3448 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 3449}
3450
88219a0f 3451static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 3452{
3453 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3454 u16 dcid, flags;
3455 u8 rsp[64];
48454079 3456 struct l2cap_chan *chan;
3c588192 3457 int len, err = 0;
1da177e4
LT		 3458
3459 dcid = __le16_to_cpu(req->dcid);
3460 flags = __le16_to_cpu(req->flags);
3461
3462 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3463
baa7e1fa 3464 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 3465 if (!chan)
1da177e4
LT		 3466 return -ENOENT;
3467
033b1142 3468 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 3469 struct l2cap_cmd_rej_cid rej;
3470
3471 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
3472 rej.scid = cpu_to_le16(chan->scid);
3473 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 3474
df6bd743
GP		 3475 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3476 sizeof(rej), &rej);
354f60a9 3477 goto unlock;
df6bd743 3478 }
354f60a9 3479
5dee9e7c 3480 /* Reject if config buffer is too small. */
88219a0f 3481 len = cmd_len - sizeof(*req);
7ac28817 3482 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 3483 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3484 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 3485 L2CAP_CONF_REJECT, flags), rsp);
3486 goto unlock;
3487 }
3488
3489 /* Store config. */
73ffa904
GP		 3490 memcpy(chan->conf_req + chan->conf_len, req->data, len);
3491 chan->conf_len += len;
1da177e4
LT		 3492
3493 if (flags & 0x0001) {
3494 /* Incomplete config. Send empty response. */
3495 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3496 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 3497 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 3498 goto unlock;
3499 }
3500
3501 /* Complete config. */
73ffa904 3502 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 3503 if (len < 0) {
e92c8e70 3504 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 3505 goto unlock;
f2fcfcd6 3506 }
1da177e4 3507
5dee9e7c 3508 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 3509 chan->num_conf_rsp++;
5dee9e7c 3510
5dee9e7c 3511 /* Reset config buffer. */
73ffa904 3512 chan->conf_len = 0;
5dee9e7c 3513
c1360a1c 3514 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 3515 goto unlock;
3516
c1360a1c 3517 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 3518 set_default_fcs(chan);
fcc203c3 3519
89bc500e 3520 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 3521
105bdf9e
MM		 3522 if (chan->mode == L2CAP_MODE_ERTM ||
3523 chan->mode == L2CAP_MODE_STREAMING)
3c588192
MM		 3524 err = l2cap_ertm_init(chan);
3525
3526 if (err < 0)
3527 l2cap_send_disconn_req(chan->conn, chan, -err);
3528 else
3529 l2cap_chan_ready(chan);
0565c1c2 3530
876d9484
MH		 3531 goto unlock;
3532 }
3533
c1360a1c 3534 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 3535 u8 buf[64];
1da177e4 3536 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3537 l2cap_build_conf_req(chan, buf), buf);
3538 chan->num_conf_req++;
1da177e4
LT		 3539 }
3540
0e8b207e
AE		 3541 /* Got Conf Rsp PENDING from remote side and asume we sent
3542 Conf Rsp PENDING in the code above */
3543 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3544 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3545
3546 /* check compatibility */
3547
3548 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3549 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3550
3551 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3552 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 3553 L2CAP_CONF_SUCCESS, 0x0000), rsp);
3554 }
3555
1da177e4 3556unlock:
6be36555 3557 l2cap_chan_unlock(chan);
3c588192 3558 return err;
1da177e4
LT		 3559}
3560
3561static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3562{
3563 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3564 u16 scid, flags, result;
48454079 3565 struct l2cap_chan *chan;
61386cba 3566 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
3c588192 3567 int err = 0;
1da177e4
LT		 3568
3569 scid = __le16_to_cpu(rsp->scid);
3570 flags = __le16_to_cpu(rsp->flags);
3571 result = __le16_to_cpu(rsp->result);
3572
61386cba
AE		 3573 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
3574 result, len);
1da177e4 3575
baa7e1fa 3576 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 3577 if (!chan)
1da177e4
LT		 3578 return 0;
3579
3580 switch (result) {
3581 case L2CAP_CONF_SUCCESS:
47d1ec61 3582 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 3583 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 3584 break;
3585
0e8b207e
AE		 3586 case L2CAP_CONF_PENDING:
3587 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
3588
3589 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3590 char buf[64];
3591
3592 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3593 buf, &result);
3594 if (len < 0) {
3595 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3596 goto done;
3597 }
3598
3599 /* check compatibility */
3600
3601 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3602 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3603
3604 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3605 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3606 L2CAP_CONF_SUCCESS, 0x0000), buf);
3607 }
3608 goto done;
3609
1da177e4 3610 case L2CAP_CONF_UNACCEPT:
73ffa904 3611 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3612 char req[64];
3613
c2c77ec8 3614 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3615 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3616 goto done;
3617 }
3618
f2fcfcd6
GP		 3619 /* throw out any old stored conf requests */
3620 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3621 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3622 req, &result);
f2fcfcd6 3623 if (len < 0) {
e92c8e70 3624 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3625 goto done;
3626 }
3627
3628 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3629 L2CAP_CONF_REQ, len, req);
73ffa904 3630 chan->num_conf_req++;
f2fcfcd6
GP		 3631 if (result != L2CAP_CONF_SUCCESS)
3632 goto done;
3633 break;
1da177e4
LT		 3634 }
3635
8e87d142 3636 default:
6be36555 3637 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3638
ba13ccd9 3639 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3640 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3641 goto done;
3642 }
3643
3644 if (flags & 0x01)
3645 goto done;
3646
c1360a1c 3647 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3648
c1360a1c 3649 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3650 set_default_fcs(chan);
fcc203c3 3651
89bc500e 3652 l2cap_state_change(chan, BT_CONNECTED);
105bdf9e
MM		 3653 if (chan->mode == L2CAP_MODE_ERTM ||
3654 chan->mode == L2CAP_MODE_STREAMING)
3c588192 3655 err = l2cap_ertm_init(chan);
0565c1c2 3656
3c588192
MM		 3657 if (err < 0)
3658 l2cap_send_disconn_req(chan->conn, chan, -err);
3659 else
3660 l2cap_chan_ready(chan);
1da177e4
LT		 3661 }
3662
3663done:
6be36555 3664 l2cap_chan_unlock(chan);
3c588192 3665 return err;
1da177e4
LT		 3666}
3667
3668static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3669{
3670 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3671 struct l2cap_disconn_rsp rsp;
3672 u16 dcid, scid;
48454079 3673 struct l2cap_chan *chan;
1da177e4
LT		 3674 struct sock *sk;
3675
3676 scid = __le16_to_cpu(req->scid);
3677 dcid = __le16_to_cpu(req->dcid);
3678
3679 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3680
3df91ea2
AE		 3681 mutex_lock(&conn->chan_lock);
3682
3683 chan = __l2cap_get_chan_by_scid(conn, dcid);
3684 if (!chan) {
3685 mutex_unlock(&conn->chan_lock);
1da177e4 3686 return 0;
3df91ea2 3687 }
1da177e4 3688
6be36555
AE		 3689 l2cap_chan_lock(chan);
3690
48454079
GP		 3691 sk = chan->sk;
3692
fe4128e0
GP		 3693 rsp.dcid = cpu_to_le16(chan->scid);
3694 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3695 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3696
6be36555 3697 lock_sock(sk);
1da177e4 3698 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3699 release_sock(sk);
1da177e4 3700
61d6ef3e 3701 l2cap_chan_hold(chan);
48454079 3702 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3703
3704 l2cap_chan_unlock(chan);
1da177e4 3705
ba3bd0ee 3706 chan->ops->close(chan->data);
61d6ef3e 3707 l2cap_chan_put(chan);
3df91ea2
AE		 3708
3709 mutex_unlock(&conn->chan_lock);
3710
1da177e4
LT		 3711 return 0;
3712}
3713
3714static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3715{
3716 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3717 u16 dcid, scid;
48454079 3718 struct l2cap_chan *chan;
1da177e4
LT		 3719
3720 scid = __le16_to_cpu(rsp->scid);
3721 dcid = __le16_to_cpu(rsp->dcid);
3722
3723 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3724
3df91ea2
AE		 3725 mutex_lock(&conn->chan_lock);
3726
3727 chan = __l2cap_get_chan_by_scid(conn, scid);
3728 if (!chan) {
3729 mutex_unlock(&conn->chan_lock);
1da177e4 3730 return 0;
3df91ea2 3731 }
1da177e4 3732
6be36555 3733 l2cap_chan_lock(chan);
48454079 3734
61d6ef3e 3735 l2cap_chan_hold(chan);
48454079 3736 l2cap_chan_del(chan, 0);
6be36555
AE		 3737
3738 l2cap_chan_unlock(chan);
1da177e4 3739
ba3bd0ee 3740 chan->ops->close(chan->data);
61d6ef3e 3741 l2cap_chan_put(chan);
3df91ea2
AE		 3742
3743 mutex_unlock(&conn->chan_lock);
3744
1da177e4
LT		 3745 return 0;
3746}
3747
3748static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3749{
3750 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3751 u16 type;
3752
3753 type = __le16_to_cpu(req->type);
3754
3755 BT_DBG("type 0x%4.4x", type);
3756
f0709e03
MH		 3757 if (type == L2CAP_IT_FEAT_MASK) {
3758 u8 buf[8];
44dd46de 3759 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3760 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3761 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3762 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3763 if (!disable_ertm)
fcc203c3
GP		 3764 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3765 | L2CAP_FEAT_FCS;
a5fd6f30 3766 if (enable_hs)
6327eb98
AE		 3767 feat_mask |= L2CAP_FEAT_EXT_FLOW
3768 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3769
1b7bf4ed 3770 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3771 l2cap_send_cmd(conn, cmd->ident,
3772 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3773 } else if (type == L2CAP_IT_FIXED_CHAN) {
3774 u8 buf[12];
3775 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3776
3777 if (enable_hs)
3778 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3779 else
3780 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3781
e1027a7c
MH		 3782 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3783 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3784 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3785 l2cap_send_cmd(conn, cmd->ident,
3786 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3787 } else {
3788 struct l2cap_info_rsp rsp;
3789 rsp.type = cpu_to_le16(type);
3790 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3791 l2cap_send_cmd(conn, cmd->ident,
3792 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3793 }
1da177e4
LT		 3794
3795 return 0;
3796}
3797
3798static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3799{
3800 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3801 u16 type, result;
3802
3803 type = __le16_to_cpu(rsp->type);
3804 result = __le16_to_cpu(rsp->result);
3805
3806 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3807
e90165be
AE		 3808 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3809 if (cmd->ident != conn->info_ident ||
3810 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3811 return 0;
3812
17cd3f37 3813 cancel_delayed_work(&conn->info_timer);
4e8402a3 3814
adb08ede
VT		 3815 if (result != L2CAP_IR_SUCCESS) {
3816 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3817 conn->info_ident = 0;
3818
3819 l2cap_conn_start(conn);
3820
3821 return 0;
3822 }
3823
978c93b9
AE		 3824 switch (type) {
3825 case L2CAP_IT_FEAT_MASK:
83985319 3826 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3827
47ec1dcd 3828 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3829 struct l2cap_info_req req;
3830 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3831
3832 conn->info_ident = l2cap_get_ident(conn);
3833
3834 l2cap_send_cmd(conn, conn->info_ident,
3835 L2CAP_INFO_REQ, sizeof(req), &req);
3836 } else {
3837 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3838 conn->info_ident = 0;
3839
3840 l2cap_conn_start(conn);
3841 }
978c93b9
AE		 3842 break;
3843
3844 case L2CAP_IT_FIXED_CHAN:
3845 conn->fixed_chan_mask = rsp->data[0];
984947dc 3846 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3847 conn->info_ident = 0;
984947dc
MH		 3848
3849 l2cap_conn_start(conn);
978c93b9 3850 break;
984947dc 3851 }
4e8402a3 3852
1da177e4
LT		 3853 return 0;
3854}
3855
f94ff6ff
MM		 3856static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3857 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3858 void *data)
3859{
3860 struct l2cap_create_chan_req *req = data;
3861 struct l2cap_create_chan_rsp rsp;
3862 u16 psm, scid;
3863
3864 if (cmd_len != sizeof(*req))
3865 return -EPROTO;
3866
3867 if (!enable_hs)
3868 return -EINVAL;
3869
3870 psm = le16_to_cpu(req->psm);
3871 scid = le16_to_cpu(req->scid);
3872
3873 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3874
3875 /* Placeholder: Always reject */
3876 rsp.dcid = 0;
3877 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 3878 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
3879 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 3880
3881 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3882 sizeof(rsp), &rsp);
3883
3884 return 0;
3885}
3886
3887static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3888 struct l2cap_cmd_hdr *cmd, void *data)
3889{
3890 BT_DBG("conn %p", conn);
3891
3892 return l2cap_connect_rsp(conn, cmd, data);
3893}
3894
8d5a04a1
MM		 3895static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3896 u16 icid, u16 result)
3897{
3898 struct l2cap_move_chan_rsp rsp;
3899
3900 BT_DBG("icid %d, result %d", icid, result);
3901
3902 rsp.icid = cpu_to_le16(icid);
3903 rsp.result = cpu_to_le16(result);
3904
3905 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3906}
3907
3908static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3909 struct l2cap_chan *chan, u16 icid, u16 result)
3910{
3911 struct l2cap_move_chan_cfm cfm;
3912 u8 ident;
3913
3914 BT_DBG("icid %d, result %d", icid, result);
3915
3916 ident = l2cap_get_ident(conn);
3917 if (chan)
3918 chan->ident = ident;
3919
3920 cfm.icid = cpu_to_le16(icid);
3921 cfm.result = cpu_to_le16(result);
3922
3923 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3924}
3925
3926static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3927 u16 icid)
3928{
3929 struct l2cap_move_chan_cfm_rsp rsp;
3930
3931 BT_DBG("icid %d", icid);
3932
3933 rsp.icid = cpu_to_le16(icid);
3934 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3935}
3936
3937static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3938 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3939{
3940 struct l2cap_move_chan_req *req = data;
3941 u16 icid = 0;
3942 u16 result = L2CAP_MR_NOT_ALLOWED;
3943
3944 if (cmd_len != sizeof(*req))
3945 return -EPROTO;
3946
3947 icid = le16_to_cpu(req->icid);
3948
3949 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3950
3951 if (!enable_hs)
3952 return -EINVAL;
3953
3954 /* Placeholder: Always refuse */
3955 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3956
3957 return 0;
3958}
3959
3960static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3961 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3962{
3963 struct l2cap_move_chan_rsp *rsp = data;
3964 u16 icid, result;
3965
3966 if (cmd_len != sizeof(*rsp))
3967 return -EPROTO;
3968
3969 icid = le16_to_cpu(rsp->icid);
3970 result = le16_to_cpu(rsp->result);
3971
3972 BT_DBG("icid %d, result %d", icid, result);
3973
3974 /* Placeholder: Always unconfirmed */
3975 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3976
3977 return 0;
3978}
3979
3980static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3981 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3982{
3983 struct l2cap_move_chan_cfm *cfm = data;
3984 u16 icid, result;
3985
3986 if (cmd_len != sizeof(*cfm))
3987 return -EPROTO;
3988
3989 icid = le16_to_cpu(cfm->icid);
3990 result = le16_to_cpu(cfm->result);
3991
3992 BT_DBG("icid %d, result %d", icid, result);
3993
3994 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3995
3996 return 0;
3997}
3998
3999static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4000 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
4001{
4002 struct l2cap_move_chan_cfm_rsp *rsp = data;
4003 u16 icid;
4004
4005 if (cmd_len != sizeof(*rsp))
4006 return -EPROTO;
4007
4008 icid = le16_to_cpu(rsp->icid);
4009
4010 BT_DBG("icid %d", icid);
4011
4012 return 0;
4013}
4014
e2174ca4 4015static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 4016 u16 to_multiplier)
4017{
4018 u16 max_latency;
4019
4020 if (min > max || min < 6 || max > 3200)
4021 return -EINVAL;
4022
4023 if (to_multiplier < 10 || to_multiplier > 3200)
4024 return -EINVAL;
4025
4026 if (max >= to_multiplier * 8)
4027 return -EINVAL;
4028
4029 max_latency = (to_multiplier * 8 / max) - 1;
4030 if (latency > 499 || latency > max_latency)
4031 return -EINVAL;
4032
4033 return 0;
4034}
4035
4036static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4037 struct l2cap_cmd_hdr *cmd, u8 *data)
4038{
4039 struct hci_conn *hcon = conn->hcon;
4040 struct l2cap_conn_param_update_req *req;
4041 struct l2cap_conn_param_update_rsp rsp;
4042 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 4043 int err;
de73115a
CT		 4044
4045 if (!(hcon->link_mode & HCI_LM_MASTER))
4046 return -EINVAL;
4047
4048 cmd_len = __le16_to_cpu(cmd->len);
4049 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
4050 return -EPROTO;
4051
4052 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 4053 min = __le16_to_cpu(req->min);
4054 max = __le16_to_cpu(req->max);
de73115a
CT		 4055 latency = __le16_to_cpu(req->latency);
4056 to_multiplier = __le16_to_cpu(req->to_multiplier);
4057
4058 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4059 min, max, latency, to_multiplier);
4060
4061 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 4062
4063 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
4064 if (err)
de73115a
CT		 4065 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
4066 else
4067 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4068
4069 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4070 sizeof(rsp), &rsp);
4071
2ce603eb
CT		 4072 if (!err)
4073 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
4074
de73115a
CT		 4075 return 0;
4076}
4077
3300d9a9
CT		 4078static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4079 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
4080{
4081 int err = 0;
4082
4083 switch (cmd->code) {
4084 case L2CAP_COMMAND_REJ:
4085 l2cap_command_rej(conn, cmd, data);
4086 break;
4087
4088 case L2CAP_CONN_REQ:
4089 err = l2cap_connect_req(conn, cmd, data);
4090 break;
4091
4092 case L2CAP_CONN_RSP:
4093 err = l2cap_connect_rsp(conn, cmd, data);
4094 break;
4095
4096 case L2CAP_CONF_REQ:
4097 err = l2cap_config_req(conn, cmd, cmd_len, data);
4098 break;
4099
4100 case L2CAP_CONF_RSP:
4101 err = l2cap_config_rsp(conn, cmd, data);
4102 break;
4103
4104 case L2CAP_DISCONN_REQ:
4105 err = l2cap_disconnect_req(conn, cmd, data);
4106 break;
4107
4108 case L2CAP_DISCONN_RSP:
4109 err = l2cap_disconnect_rsp(conn, cmd, data);
4110 break;
4111
4112 case L2CAP_ECHO_REQ:
4113 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
4114 break;
4115
4116 case L2CAP_ECHO_RSP:
4117 break;
4118
4119 case L2CAP_INFO_REQ:
4120 err = l2cap_information_req(conn, cmd, data);
4121 break;
4122
4123 case L2CAP_INFO_RSP:
4124 err = l2cap_information_rsp(conn, cmd, data);
4125 break;
4126
f94ff6ff
MM		 4127 case L2CAP_CREATE_CHAN_REQ:
4128 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4129 break;
4130
4131 case L2CAP_CREATE_CHAN_RSP:
4132 err = l2cap_create_channel_rsp(conn, cmd, data);
4133 break;
4134
8d5a04a1
MM		 4135 case L2CAP_MOVE_CHAN_REQ:
4136 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4137 break;
4138
4139 case L2CAP_MOVE_CHAN_RSP:
4140 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
4141 break;
4142
4143 case L2CAP_MOVE_CHAN_CFM:
4144 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
4145 break;
4146
4147 case L2CAP_MOVE_CHAN_CFM_RSP:
4148 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
4149 break;
4150
3300d9a9
CT		 4151 default:
4152 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
4153 err = -EINVAL;
4154 break;
4155 }
4156
4157 return err;
4158}
4159
4160static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4161 struct l2cap_cmd_hdr *cmd, u8 *data)
4162{
4163 switch (cmd->code) {
4164 case L2CAP_COMMAND_REJ:
4165 return 0;
4166
4167 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 4168 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 4169
4170 case L2CAP_CONN_PARAM_UPDATE_RSP:
4171 return 0;
4172
4173 default:
4174 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
4175 return -EINVAL;
4176 }
4177}
4178
4179static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4180 struct sk_buff *skb)
1da177e4
LT		 4181{
4182 u8 *data = skb->data;
4183 int len = skb->len;
4184 struct l2cap_cmd_hdr cmd;
3300d9a9 4185 int err;
1da177e4
LT		 4186
4187 l2cap_raw_recv(conn, skb);
4188
4189 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 4190 u16 cmd_len;
1da177e4
LT		 4191 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
4192 data += L2CAP_CMD_HDR_SIZE;
4193 len -= L2CAP_CMD_HDR_SIZE;
4194
88219a0f 4195 cmd_len = le16_to_cpu(cmd.len);
1da177e4 4196
88219a0f 4197 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 4198
88219a0f 4199 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 4200 BT_DBG("corrupted command");
4201 break;
4202 }
4203
3300d9a9
CT		 4204 if (conn->hcon->type == LE_LINK)
4205 err = l2cap_le_sig_cmd(conn, &cmd, data);
4206 else
4207 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 4208
4209 if (err) {
e2fd318e 4210 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 4211
4212 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 4213
4214 /* FIXME: Map err to a valid reason */
e2fd318e 4215 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 4216 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
4217 }
4218
88219a0f
AV		 4219 data += cmd_len;
4220 len -= cmd_len;
1da177e4
LT		 4221 }
4222
4223 kfree_skb(skb);
4224}
4225
47d1ec61 4226static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 4227{
4228 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 4229 int hdr_size;
4230
4231 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
4232 hdr_size = L2CAP_EXT_HDR_SIZE;
4233 else
4234 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 4235
47d1ec61 4236 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 4237 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 4238 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
4239 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
4240
4241 if (our_fcs != rcv_fcs)
7a560e5c 4242 return -EBADMSG;
fcc203c3
GP		 4243 }
4244 return 0;
4245}
4246
525cd185 4247static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 4248{
88843ab0 4249 u32 control = 0;
d5392c8f 4250
6a026610 4251 chan->frames_sent = 0;
d5392c8f 4252
0b209fae 4253 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 4254
e2ab4353 4255 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 4256 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 4257 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 4258 }
4259
e2ab4353 4260 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 4261 l2cap_retransmit_frames(chan);
d5392c8f 4262
525cd185 4263 l2cap_ertm_send(chan);
d5392c8f 4264
e2ab4353 4265 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 4266 chan->frames_sent == 0) {
ab784b73 4267 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
d5392c8f
GP		 4268 }
4269}
4270
fb45de7d 4271static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 4272{
4273 struct sk_buff *next_skb;
bfbacc11 4274 int tx_seq_offset, next_tx_seq_offset;
8f17154f 4275
3ce3514f
MM		 4276 bt_cb(skb)->control.txseq = tx_seq;
4277 bt_cb(skb)->control.sar = sar;
8f17154f 4278
f1c6775b 4279 next_skb = skb_peek(&chan->srej_q);
8f17154f 4280
836be934 4281 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 4282
039d9572 4283 while (next_skb) {
3ce3514f 4284 if (bt_cb(next_skb)->control.txseq == tx_seq)
9b53350d
JPRV		 4285 return -EINVAL;
4286
836be934 4287 next_tx_seq_offset = __seq_offset(chan,
3ce3514f 4288 bt_cb(next_skb)->control.txseq, chan->buffer_seq);
bfbacc11
JPRV		 4289
4290 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 4291 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 4292 return 0;
8f17154f
GP		 4293 }
4294
f1c6775b 4295 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 4296 next_skb = NULL;
4297 else
4298 next_skb = skb_queue_next(&chan->srej_q, next_skb);
4299 }
8f17154f 4300
f1c6775b 4301 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 4302
4303 return 0;
8f17154f
GP		 4304}
4305
84084a31
MM		 4306static void append_skb_frag(struct sk_buff *skb,
4307 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 4308{
84084a31
MM		 4309 /* skb->len reflects data in skb as well as all fragments
4310 * skb->data_len reflects only data in fragments
4311 */
4312 if (!skb_has_frag_list(skb))
4313 skb_shinfo(skb)->frag_list = new_frag;
4314
4315 new_frag->next = NULL;
4316
4317 (*last_frag)->next = new_frag;
4318 *last_frag = new_frag;
4319
4320 skb->len += new_frag->len;
4321 skb->data_len += new_frag->len;
4322 skb->truesize += new_frag->truesize;
4323}
4324
88843ab0 4325static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 4326{
4327 int err = -EINVAL;
18778a63 4328
7e0ef6ee
AE		 4329 switch (__get_ctrl_sar(chan, control)) {
4330 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 4331 if (chan->sdu)
4332 break;
18778a63 4333
84084a31
MM		 4334 err = chan->ops->recv(chan->data, skb);
4335 break;
18778a63 4336
7e0ef6ee 4337 case L2CAP_SAR_START:
84084a31
MM		 4338 if (chan->sdu)
4339 break;
18778a63 4340
6f61fd47 4341 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 4342 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 4343
84084a31
MM		 4344 if (chan->sdu_len > chan->imtu) {
4345 err = -EMSGSIZE;
4346 break;
4347 }
1890d36b 4348
84084a31
MM		 4349 if (skb->len >= chan->sdu_len)
4350 break;
18778a63 4351
84084a31
MM		 4352 chan->sdu = skb;
4353 chan->sdu_last_frag = skb;
18778a63 4354
84084a31
MM		 4355 skb = NULL;
4356 err = 0;
18778a63
GP		 4357 break;
4358
7e0ef6ee 4359 case L2CAP_SAR_CONTINUE:
6f61fd47 4360 if (!chan->sdu)
84084a31 4361 break;
18778a63 4362
84084a31
MM		 4363 append_skb_frag(chan->sdu, skb,
4364 &chan->sdu_last_frag);
4365 skb = NULL;
18778a63 4366
84084a31
MM		 4367 if (chan->sdu->len >= chan->sdu_len)
4368 break;
4178ba46 4369
84084a31 4370 err = 0;
18778a63
GP		 4371 break;
4372
7e0ef6ee 4373 case L2CAP_SAR_END:
6f61fd47 4374 if (!chan->sdu)
84084a31 4375 break;
18778a63 4376
84084a31
MM		 4377 append_skb_frag(chan->sdu, skb,
4378 &chan->sdu_last_frag);
4379 skb = NULL;
4178ba46 4380
84084a31
MM		 4381 if (chan->sdu->len != chan->sdu_len)
4382 break;
18778a63 4383
84084a31 4384 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 4385
84084a31
MM		 4386 if (!err) {
4387 /* Reassembly complete */
4388 chan->sdu = NULL;
4389 chan->sdu_last_frag = NULL;
4390 chan->sdu_len = 0;
1890d36b 4391 }
18778a63
GP		 4392 break;
4393 }
4394
84084a31
MM		 4395 if (err) {
4396 kfree_skb(skb);
4397 kfree_skb(chan->sdu);
4398 chan->sdu = NULL;
4399 chan->sdu_last_frag = NULL;
4400 chan->sdu_len = 0;
4401 }
18778a63 4402
84084a31 4403 return err;
18778a63
GP		 4404}
4405
26f880d2 4406static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 4407{
26f880d2 4408 BT_DBG("chan %p, Enter local busy", chan);
712132eb 4409
26f880d2 4410 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3c588192 4411 l2cap_seq_list_clear(&chan->srej_list);
26f880d2 4412
77f918bc 4413 __set_ack_timer(chan);
26f880d2
MM		 4414}
4415
4416static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
4417{
88843ab0 4418 u32 control;
712132eb 4419
e2ab4353 4420 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 4421 goto done;
4422
0b209fae 4423 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 4424 control |= __set_ctrl_poll(chan);
ab784b73 4425 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
6a026610 4426 chan->retry_count = 1;
712132eb 4427
1a09bcb9
GP		 4428 __clear_retrans_timer(chan);
4429 __set_monitor_timer(chan);
712132eb 4430
e2ab4353 4431 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 4432
4433done:
e2ab4353
GP		 4434 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
4435 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 4436
49208c9c 4437 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 4438}
4439
e328140f 4440void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 4441{
e328140f
MM		 4442 if (chan->mode == L2CAP_MODE_ERTM) {
4443 if (busy)
4444 l2cap_ertm_enter_local_busy(chan);
4445 else
4446 l2cap_ertm_exit_local_busy(chan);
1890d36b 4447 }
1890d36b
GP		 4448}
4449
fb45de7d 4450static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 4451{
4452 struct sk_buff *skb;
88843ab0 4453 u32 control;
8f17154f 4454
e328140f
MM		 4455 while ((skb = skb_peek(&chan->srej_q)) &&
4456 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4457 int err;
4458
3ce3514f 4459 if (bt_cb(skb)->control.txseq != tx_seq)
8f17154f
GP		 4460 break;
4461
f1c6775b 4462 skb = skb_dequeue(&chan->srej_q);
3ce3514f 4463 control = __set_ctrl_sar(chan, bt_cb(skb)->control.sar);
84084a31 4464 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 4465
4466 if (err < 0) {
4467 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4468 break;
4469 }
4470
836be934
AE		 4471 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
4472 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 4473 }
4474}
4475
fb45de7d 4476static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4477{
8f17154f 4478 struct srej_list *l, *tmp;
88843ab0 4479 u32 control;
8f17154f 4480
39d5a3ee 4481 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 4482 if (l->tx_seq == tx_seq) {
4483 list_del(&l->list);
4484 kfree(l);
4485 return;
4486 }
ab784b73 4487 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4488 control |= __set_reqseq(chan, l->tx_seq);
8f17154f 4489 list_del(&l->list);
39d5a3ee 4490 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 4491 }
4492}
4493
aef89f21 4494static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4495{
8f17154f 4496 struct srej_list *new;
88843ab0 4497 u32 control;
8f17154f 4498
42e5c802 4499 while (tx_seq != chan->expected_tx_seq) {
ab784b73 4500 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4501 control |= __set_reqseq(chan, chan->expected_tx_seq);
3c588192 4502 l2cap_seq_list_append(&chan->srej_list, chan->expected_tx_seq);
8f17154f
GP		 4503
4504 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 4505 if (!new)
4506 return -ENOMEM;
4507
42e5c802 4508 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 4509
4510 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
4511
39d5a3ee 4512 list_add_tail(&new->list, &chan->srej_l);
8f17154f 4513 }
836be934
AE		 4514
4515 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 4516
4517 return 0;
8f17154f
GP		 4518}
4519
88843ab0 4520static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 4521{
fb45de7d 4522 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 4523 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 4524 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 4525 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 4526 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 4527 int err = 0;
4528
88843ab0 4529 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 4530 tx_seq, rx_control);
1c2acffb 4531
03f6715d 4532 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4533 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4534 __clear_monitor_timer(chan);
6a026610 4535 if (chan->unacked_frames > 0)
1a09bcb9 4536 __set_retrans_timer(chan);
e2ab4353 4537 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 4538 }
4539
42e5c802
GP		 4540 chan->expected_ack_seq = req_seq;
4541 l2cap_drop_acked_frames(chan);
9f121a5a 4542
836be934 4543 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4544
4545 /* invalid tx_seq */
47d1ec61 4546 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 4547 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 4548 goto drop;
4549 }
4550
77f918bc
SJ		 4551 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4552 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
4553 l2cap_send_ack(chan);
1890d36b 4554 goto drop;
77f918bc 4555 }
1890d36b 4556
02f1b641
MM		 4557 if (tx_seq == chan->expected_tx_seq)
4558 goto expected;
4559
e2ab4353 4560 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 4561 struct srej_list *first;
30afb5b2 4562
39d5a3ee 4563 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 4564 struct srej_list, list);
4565 if (tx_seq == first->tx_seq) {
42e5c802 4566 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 4567 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 4568
4569 list_del(&first->list);
4570 kfree(first);
4571
39d5a3ee 4572 if (list_empty(&chan->srej_l)) {
42e5c802 4573 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 4574 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 4575 l2cap_send_ack(chan);
49208c9c 4576 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 4577 }
4578 } else {
4579 struct srej_list *l;
9b53350d
JPRV		 4580
4581 /* duplicated tx_seq */
42e5c802 4582 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 4583 goto drop;
8f17154f 4584
39d5a3ee 4585 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 4586 if (l->tx_seq == tx_seq) {
525cd185 4587 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 4588 return 0;
4589 }
4590 }
aef89f21
SJ		 4591
4592 err = l2cap_send_srejframe(chan, tx_seq);
4593 if (err < 0) {
4594 l2cap_send_disconn_req(chan->conn, chan, -err);
4595 return err;
4596 }
30afb5b2
GP		 4597 }
4598 } else {
836be934
AE		 4599 expected_tx_seq_offset = __seq_offset(chan,
4600 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4601
4602 /* duplicated tx_seq */
4603 if (tx_seq_offset < expected_tx_seq_offset)
4604 goto drop;
4605
e2ab4353 4606 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4607
49208c9c 4608 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4609
39d5a3ee 4610 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4611 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4612
f1c6775b 4613 __skb_queue_head_init(&chan->srej_q);
42e5c802 4614 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4615
0ef3ef0f
SJ		 4616 /* Set P-bit only if there are some I-frames to ack. */
4617 if (__clear_ack_timer(chan))
4618 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4619
aef89f21
SJ		 4620 err = l2cap_send_srejframe(chan, tx_seq);
4621 if (err < 0) {
4622 l2cap_send_disconn_req(chan->conn, chan, -err);
4623 return err;
4624 }
1c2acffb 4625 }
30afb5b2
GP		 4626 return 0;
4627
8f17154f 4628expected:
836be934 4629 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4630
e2ab4353 4631 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3ce3514f
MM		 4632 bt_cb(skb)->control.txseq = tx_seq;
4633 bt_cb(skb)->control.sar = sar;
f1c6775b 4634 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4635 return 0;
4636 }
4637
84084a31 4638 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4639 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4640
e328140f
MM		 4641 if (err < 0) {
4642 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4643 return err;
4644 }
2ece3684 4645
03f6715d 4646 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4647 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4648 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4649 }
4650
c1b4f43b 4651
6a026610
GP		 4652 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4653 if (chan->num_acked == num_to_ack - 1)
525cd185 4654 l2cap_send_ack(chan);
4d611e4d
GP		 4655 else
4656 __set_ack_timer(chan);
9e917af1 4657
8f17154f 4658 return 0;
9b53350d
JPRV		 4659
4660drop:
4661 kfree_skb(skb);
4662 return 0;
1c2acffb
GP		 4663}
4664
88843ab0 4665static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4666{
88843ab0 4667 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4668 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4669
0b209fae 4670 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4671 l2cap_drop_acked_frames(chan);
1c2acffb 4672
e3781735 4673 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4674 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4675 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4676 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4677 (chan->unacked_frames > 0))
1a09bcb9 4678 __set_retrans_timer(chan);
05fbd89d 4679
e2ab4353 4680 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4681 l2cap_send_srejtail(chan);
05fbd89d 4682 } else {
525cd185 4683 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4684 }
1d8f5d16 4685
03f6715d 4686 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4687 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4688
e2ab4353 4689 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4690 l2cap_retransmit_frames(chan);
2246b2f1 4691
e072745f 4692 } else {
e2ab4353 4693 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4694 (chan->unacked_frames > 0))
1a09bcb9 4695 __set_retrans_timer(chan);
1c2acffb 4696
e2ab4353
GP		 4697 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4698 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4699 l2cap_send_ack(chan);
894718a6 4700 else
525cd185 4701 l2cap_ertm_send(chan);
e072745f
GP		 4702 }
4703}
2246b2f1 4704
88843ab0 4705static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4706{
0b209fae 4707 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4708
88843ab0 4709 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4710
e2ab4353 4711 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4712
42e5c802
GP		 4713 chan->expected_ack_seq = tx_seq;
4714 l2cap_drop_acked_frames(chan);
e072745f 4715
03f6715d 4716 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4717 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4718 l2cap_retransmit_frames(chan);
e072745f 4719 } else {
525cd185 4720 l2cap_retransmit_frames(chan);
30afb5b2 4721
e2ab4353
GP		 4722 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4723 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4724 }
4725}
88843ab0 4726static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4727{
0b209fae 4728 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4729
88843ab0 4730 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4731
e2ab4353 4732 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4733
e3781735 4734 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4735 chan->expected_ack_seq = tx_seq;
4736 l2cap_drop_acked_frames(chan);
3cb123d1 4737
e2ab4353 4738 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4739 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4740
525cd185 4741 l2cap_ertm_send(chan);
dfc909be 4742
e2ab4353 4743 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4744 chan->srej_save_reqseq = tx_seq;
e2ab4353 4745 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4746 }
03f6715d 4747 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4748 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4749 chan->srej_save_reqseq == tx_seq)
e2ab4353 4750 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4751 else
525cd185 4752 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4753 } else {
525cd185 4754 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4755 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4756 chan->srej_save_reqseq = tx_seq;
e2ab4353 4757 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4758 }
e072745f
GP		 4759 }
4760}
4761
88843ab0 4762static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4763{
0b209fae 4764 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4765
88843ab0 4766 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4767
e2ab4353 4768 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4769 chan->expected_ack_seq = tx_seq;
4770 l2cap_drop_acked_frames(chan);
e072745f 4771
e3781735 4772 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4773 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4774
e2ab4353 4775 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4776 __clear_retrans_timer(chan);
e3781735 4777 if (__is_ctrl_poll(chan, rx_control))
525cd185 4778 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4779 return;
e072745f 4780 }
99b0d4b7 4781
e3781735 4782 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4783 l2cap_send_srejtail(chan);
ab784b73
AE		 4784 } else {
4785 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
ab784b73 4786 }
e072745f
GP		 4787}
4788
88843ab0 4789static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4790{
88843ab0 4791 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4792
03f6715d 4793 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4794 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4795 __clear_monitor_timer(chan);
6a026610 4796 if (chan->unacked_frames > 0)
1a09bcb9 4797 __set_retrans_timer(chan);
e2ab4353 4798 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4799 }
4800
ab784b73
AE		 4801 switch (__get_ctrl_super(chan, rx_control)) {
4802 case L2CAP_SUPER_RR:
525cd185 4803 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4804 break;
4805
ab784b73 4806 case L2CAP_SUPER_REJ:
525cd185 4807 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4808 break;
2246b2f1 4809
ab784b73 4810 case L2CAP_SUPER_SREJ:
525cd185 4811 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4812 break;
4813
ab784b73 4814 case L2CAP_SUPER_RNR:
525cd185 4815 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4816 break;
4817 }
4818
faaebd19 4819 kfree_skb(skb);
1c2acffb
GP		 4820 return 0;
4821}
4822
cad8f1d0 4823static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4824{
88843ab0 4825 u32 control;
0b209fae 4826 u16 req_seq;
218bb9df
GP		 4827 int len, next_tx_seq_offset, req_seq_offset;
4828
b76bbd66
MM		 4829 __unpack_control(chan, skb);
4830
88843ab0
AE		 4831 control = __get_control(chan, skb->data);
4832 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4833 len = skb->len;
4834
4835 /*
4836 * We can just drop the corrupted I-frame here.
4837 * Receiver will miss it and start proper recovery
4838 * procedures and ask retransmission.
4839 */
47d1ec61 4840 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4841 goto drop;
4842
793c2f1c 4843 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4844 len -= L2CAP_SDULEN_SIZE;
218bb9df 4845
47d1ec61 4846 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4847 len -= L2CAP_FCS_SIZE;
218bb9df 4848
47d1ec61 4849 if (len > chan->mps) {
8c1d787b 4850 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4851 goto drop;
4852 }
4853
0b209fae 4854 req_seq = __get_reqseq(chan, control);
218bb9df 4855
836be934
AE		 4856 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4857
4858 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4859 chan->expected_ack_seq);
218bb9df
GP		 4860
4861 /* check for invalid req-seq */
4862 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4863 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4864 goto drop;
4865 }
4866
793c2f1c 4867 if (!__is_sframe(chan, control)) {
218bb9df 4868 if (len < 0) {
8c1d787b 4869 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4870 goto drop;
4871 }
4872
525cd185 4873 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4874 } else {
4875 if (len != 0) {
4876 BT_ERR("%d", len);
8c1d787b 4877 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4878 goto drop;
4879 }
4880
525cd185 4881 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4882 }
4883
4884 return 0;
4885
4886drop:
4887 kfree_skb(skb);
4888 return 0;
4889}
4890
1da177e4
LT		 4891static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4892{
48454079 4893 struct l2cap_chan *chan;
88843ab0 4894 u32 control;
fb45de7d 4895 u16 tx_seq;
218bb9df 4896 int len;
1da177e4 4897
baa7e1fa 4898 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4899 if (!chan) {
1da177e4 4900 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4901 /* Drop packet and return */
3379013b 4902 kfree_skb(skb);
6be36555 4903 return 0;
1da177e4
LT		 4904 }
4905
49208c9c 4906 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4907
89bc500e 4908 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4909 goto drop;
4910
0c1bc5c6 4911 switch (chan->mode) {
1c2acffb
GP		 4912 case L2CAP_MODE_BASIC:
4913 /* If socket recv buffers overflows we drop data here
4914 * which is *bad* because L2CAP has to be reliable.
4915 * But we don't have any other choice. L2CAP doesn't
4916 * provide flow control mechanism. */
1da177e4 4917
0c1bc5c6 4918 if (chan->imtu < skb->len)
1c2acffb 4919 goto drop;
1da177e4 4920
23070494 4921 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4922 goto done;
4923 break;
4924
4925 case L2CAP_MODE_ERTM:
5ef8cb9e 4926 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4927
fcafde2e 4928 goto done;
1c2acffb 4929
6840ed07 4930 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4931 control = __get_control(chan, skb->data);
4932 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4933 len = skb->len;
4934
47d1ec61 4935 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4936 goto drop;
4937
7e0ef6ee 4938 if (__is_sar_start(chan, control))
03a51213 4939 len -= L2CAP_SDULEN_SIZE;
6840ed07 4940
47d1ec61 4941 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4942 len -= L2CAP_FCS_SIZE;
fcc203c3 4943
793c2f1c 4944 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4945 goto drop;
4946
fb45de7d 4947 tx_seq = __get_txseq(chan, control);
6840ed07 4948
84084a31
MM		 4949 if (chan->expected_tx_seq != tx_seq) {
4950 /* Frame(s) missing - must discard partial SDU */
4951 kfree_skb(chan->sdu);
4952 chan->sdu = NULL;
4953 chan->sdu_last_frag = NULL;
4954 chan->sdu_len = 0;
6840ed07 4955
84084a31
MM		 4956 /* TODO: Notify userland of missing data */
4957 }
4958
836be934 4959 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4960
4961 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4962 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4963
4964 goto done;
4965
1c2acffb 4966 default:
0c1bc5c6 4967 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4968 break;
4969 }
1da177e4
LT		 4970
4971drop:
4972 kfree_skb(skb);
4973
4974done:
6be36555 4975 l2cap_chan_unlock(chan);
0139418c 4976
1da177e4
LT		 4977 return 0;
4978}
4979
8e036fc3 4980static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4981{
23691d75 4982 struct l2cap_chan *chan;
1da177e4 4983
c2287681 4984 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst);
23691d75 4985 if (!chan)
1da177e4
LT		 4986 goto drop;
4987
5b4cedaa 4988 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4989
89bc500e 4990 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4991 goto drop;
4992
e13e21dc 4993 if (chan->imtu < skb->len)
1da177e4
LT		 4994 goto drop;
4995
23070494 4996 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4997 return 0;
1da177e4
LT		 4998
4999drop:
5000 kfree_skb(skb);
5001
1da177e4
LT		 5002 return 0;
5003}
5004
d9b88702
AE		 5005static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
5006 struct sk_buff *skb)
9f69bda6 5007{
23691d75 5008 struct l2cap_chan *chan;
9f69bda6 5009
c2287681 5010 chan = l2cap_global_chan_by_scid(0, cid, conn->src, conn->dst);
23691d75 5011 if (!chan)
9f69bda6
GP		 5012 goto drop;
5013
5b4cedaa 5014 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 5015
89bc500e 5016 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 5017 goto drop;
5018
e13e21dc 5019 if (chan->imtu < skb->len)
9f69bda6
GP		 5020 goto drop;
5021
23070494 5022 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 5023 return 0;
9f69bda6
GP		 5024
5025drop:
5026 kfree_skb(skb);
5027
9f69bda6
GP		 5028 return 0;
5029}
5030
1da177e4
LT		 5031static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
5032{
5033 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 5034 u16 cid, len;
5035 __le16 psm;
1da177e4
LT		 5036
5037 skb_pull(skb, L2CAP_HDR_SIZE);
5038 cid = __le16_to_cpu(lh->cid);
5039 len = __le16_to_cpu(lh->len);
5040
1c2acffb
GP		 5041 if (len != skb->len) {
5042 kfree_skb(skb);
5043 return;
5044 }
5045
1da177e4
LT		 5046 BT_DBG("len %d, cid 0x%4.4x", len, cid);
5047
5048 switch (cid) {
3300d9a9 5049 case L2CAP_CID_LE_SIGNALING:
8db4dc46 5050 case L2CAP_CID_SIGNALING:
1da177e4
LT		 5051 l2cap_sig_channel(conn, skb);
5052 break;
5053
8db4dc46 5054 case L2CAP_CID_CONN_LESS:
097db76c 5055 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 5056 skb_pull(skb, 2);
5057 l2cap_conless_channel(conn, psm, skb);
5058 break;
5059
9f69bda6
GP		 5060 case L2CAP_CID_LE_DATA:
5061 l2cap_att_channel(conn, cid, skb);
5062 break;
5063
b501d6a1
AB		 5064 case L2CAP_CID_SMP:
5065 if (smp_sig_channel(conn, skb))
5066 l2cap_conn_del(conn->hcon, EACCES);
5067 break;
5068
1da177e4
LT		 5069 default:
5070 l2cap_data_channel(conn, cid, skb);
5071 break;
5072 }
5073}
5074
5075/* ---- L2CAP interface with lower layer (HCI) ---- */
5076
686ebf28 5077int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 5078{
5079 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 5080 struct l2cap_chan *c;
1da177e4 5081
1da177e4
LT		 5082 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
5083
5084 /* Find listening sockets and check their link_mode */
23691d75
GP		 5085 read_lock(&chan_list_lock);
5086 list_for_each_entry(c, &chan_list, global_l) {
5087 struct sock *sk = c->sk;
4343478f 5088
89bc500e 5089 if (c->state != BT_LISTEN)
1da177e4
LT		 5090 continue;
5091
5092 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 5093 lm1 |= HCI_LM_ACCEPT;
43bd0f32 5094 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 5095 lm1 |= HCI_LM_MASTER;
1da177e4 5096 exact++;
2af6b9d5
MH		 5097 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
5098 lm2 |= HCI_LM_ACCEPT;
43bd0f32 5099 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 5100 lm2 |= HCI_LM_MASTER;
5101 }
1da177e4 5102 }
23691d75 5103 read_unlock(&chan_list_lock);
1da177e4
LT		 5104
5105 return exact ? lm1 : lm2;
5106}
5107
686ebf28 5108int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 5109{
0139418c
MH		 5110 struct l2cap_conn *conn;
5111
1da177e4
LT		 5112 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
5113
1da177e4 5114 if (!status) {
1da177e4
LT		 5115 conn = l2cap_conn_add(hcon, status);
5116 if (conn)
5117 l2cap_conn_ready(conn);
0139418c 5118 } else
e175072f 5119 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 5120
5121 return 0;
5122}
5123
686ebf28 5124int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 5125{
5126 struct l2cap_conn *conn = hcon->l2cap_data;
5127
5128 BT_DBG("hcon %p", hcon);
5129
686ebf28 5130 if (!conn)
9f5a0d7b 5131 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 5132 return conn->disc_reason;
5133}
5134
686ebf28 5135int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 5136{
5137 BT_DBG("hcon %p reason %d", hcon, reason);
5138
e175072f 5139 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 5140 return 0;
5141}
5142
4343478f 5143static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 5144{
715ec005 5145 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 5146 return;
5147
f62e4323 5148 if (encrypt == 0x00) {
4343478f 5149 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 5150 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 5151 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 5152 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 5153 } else {
4343478f 5154 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 5155 __clear_chan_timer(chan);
f62e4323
MH		 5156 }
5157}
5158
686ebf28 5159int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 5160{
0139418c 5161 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 5162 struct l2cap_chan *chan;
1da177e4 5163
0139418c 5164 if (!conn)
1da177e4 5165 return 0;
0139418c 5166
1da177e4
LT		 5167 BT_DBG("conn %p", conn);
5168
160dc6ac 5169 if (hcon->type == LE_LINK) {
35d4adcc
HG		 5170 if (!status && encrypt)
5171 smp_distribute_keys(conn, 0);
17cd3f37 5172 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 5173 }
5174
3df91ea2 5175 mutex_lock(&conn->chan_lock);
1da177e4 5176
3df91ea2 5177 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 5178 l2cap_chan_lock(chan);
1da177e4 5179
f1cb9af5
VCG		 5180 BT_DBG("chan->scid %d", chan->scid);
5181
5182 if (chan->scid == L2CAP_CID_LE_DATA) {
5183 if (!status && encrypt) {
5184 chan->sec_level = hcon->sec_level;
cf4cd009 5185 l2cap_chan_ready(chan);
f1cb9af5
VCG		 5186 }
5187
6be36555 5188 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 5189 continue;
5190 }
5191
c1360a1c 5192 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 5193 l2cap_chan_unlock(chan);
6a8d3010
MH		 5194 continue;
5195 }
5196
89bc500e
GP		 5197 if (!status && (chan->state == BT_CONNECTED ||
5198 chan->state == BT_CONFIG)) {
a7d7723a
GP		 5199 struct sock *sk = chan->sk;
5200
c5daa683 5201 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 5202 sk->sk_state_change(sk);
5203
4343478f 5204 l2cap_check_encryption(chan, encrypt);
6be36555 5205 l2cap_chan_unlock(chan);
9719f8af
MH		 5206 continue;
5207 }
5208
89bc500e 5209 if (chan->state == BT_CONNECT) {
b1235d79 5210 if (!status) {
9b27f350 5211 l2cap_send_conn_req(chan);
b1235d79 5212 } else {
ba13ccd9 5213 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 5214 }
89bc500e 5215 } else if (chan->state == BT_CONNECT2) {
6be36555 5216 struct sock *sk = chan->sk;
b1235d79 5217 struct l2cap_conn_rsp rsp;
df3c3931 5218 __u16 res, stat;
1da177e4 5219
6be36555
AE		 5220 lock_sock(sk);
5221
b1235d79 5222 if (!status) {
c5daa683
GP		 5223 if (test_bit(BT_SK_DEFER_SETUP,
5224 &bt_sk(sk)->flags)) {
df3c3931
JH		 5225 struct sock *parent = bt_sk(sk)->parent;
5226 res = L2CAP_CR_PEND;
5227 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 5228 if (parent)
5229 parent->sk_data_ready(parent, 0);
df3c3931 5230 } else {
0e587be7 5231 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 5232 res = L2CAP_CR_SUCCESS;
5233 stat = L2CAP_CS_NO_INFO;
5234 }
b1235d79 5235 } else {
0e587be7 5236 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 5237 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 5238 res = L2CAP_CR_SEC_BLOCK;
5239 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 5240 }
5241
6be36555
AE		 5242 release_sock(sk);
5243
fe4128e0
GP		 5244 rsp.scid = cpu_to_le16(chan->dcid);
5245 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 5246 rsp.result = cpu_to_le16(res);
5247 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 5248 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5249 sizeof(rsp), &rsp);
b1235d79 5250 }
1da177e4 5251
6be36555 5252 l2cap_chan_unlock(chan);
1da177e4
LT		 5253 }
5254
3df91ea2 5255 mutex_unlock(&conn->chan_lock);
b1235d79 5256
1da177e4
LT		 5257 return 0;
5258}
5259
686ebf28 5260int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 5261{
5262 struct l2cap_conn *conn = hcon->l2cap_data;
5263
5a08ecce
AE		 5264 if (!conn)
5265 conn = l2cap_conn_add(hcon, 0);
5266
5267 if (!conn)
1da177e4
LT		 5268 goto drop;
5269
5270 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5271
e702112f 5272 if (!(flags & ACL_CONT)) {
1da177e4
LT		 5273 struct l2cap_hdr *hdr;
5274 int len;
5275
5276 if (conn->rx_len) {
5277 BT_ERR("Unexpected start frame (len %d)", skb->len);
5278 kfree_skb(conn->rx_skb);
5279 conn->rx_skb = NULL;
5280 conn->rx_len = 0;
5281 l2cap_conn_unreliable(conn, ECOMM);
5282 }
5283
aae7fe22
AE		 5284 /* Start fragment always begin with Basic L2CAP header */
5285 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 5286 BT_ERR("Frame is too short (len %d)", skb->len);
5287 l2cap_conn_unreliable(conn, ECOMM);
5288 goto drop;
5289 }
5290
5291 hdr = (struct l2cap_hdr *) skb->data;
5292 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
5293
5294 if (len == skb->len) {
5295 /* Complete frame received */
5296 l2cap_recv_frame(conn, skb);
5297 return 0;
5298 }
5299
5300 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
5301
5302 if (skb->len > len) {
5303 BT_ERR("Frame is too long (len %d, expected len %d)",
5304 skb->len, len);
5305 l2cap_conn_unreliable(conn, ECOMM);
5306 goto drop;
5307 }
5308
5309 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 5310 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
5311 if (!conn->rx_skb)
1da177e4
LT		 5312 goto drop;
5313
d626f62b 5314 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5315 skb->len);
1da177e4
LT		 5316 conn->rx_len = len - skb->len;
5317 } else {
5318 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5319
5320 if (!conn->rx_len) {
5321 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
5322 l2cap_conn_unreliable(conn, ECOMM);
5323 goto drop;
5324 }
5325
5326 if (skb->len > conn->rx_len) {
5327 BT_ERR("Fragment is too long (len %d, expected %d)",
5328 skb->len, conn->rx_len);
5329 kfree_skb(conn->rx_skb);
5330 conn->rx_skb = NULL;
5331 conn->rx_len = 0;
5332 l2cap_conn_unreliable(conn, ECOMM);
5333 goto drop;
5334 }
5335
d626f62b 5336 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5337 skb->len);
1da177e4
LT		 5338 conn->rx_len -= skb->len;
5339
5340 if (!conn->rx_len) {
5341 /* Complete frame received */
5342 l2cap_recv_frame(conn, conn->rx_skb);
5343 conn->rx_skb = NULL;
5344 }
5345 }
5346
5347drop:
5348 kfree_skb(skb);
5349 return 0;
5350}
5351
aef7d97c 5352static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 5353{
23691d75 5354 struct l2cap_chan *c;
1da177e4 5355
333055f2 5356 read_lock(&chan_list_lock);
1da177e4 5357
23691d75
GP		 5358 list_for_each_entry(c, &chan_list, global_l) {
5359 struct sock *sk = c->sk;
101545f6 5360
903d343e 5361 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 5362 batostr(&bt_sk(sk)->src),
5363 batostr(&bt_sk(sk)->dst),
89bc500e 5364 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 5365 c->scid, c->dcid, c->imtu, c->omtu,
5366 c->sec_level, c->mode);
61e1b4b7 5367 }
1da177e4 5368
333055f2 5369 read_unlock(&chan_list_lock);
1da177e4 5370
aef7d97c 5371 return 0;
1da177e4
LT		 5372}
5373
aef7d97c
MH		 5374static int l2cap_debugfs_open(struct inode *inode, struct file *file)
5375{
5376 return single_open(file, l2cap_debugfs_show, inode->i_private);
5377}
5378
5379static const struct file_operations l2cap_debugfs_fops = {
5380 .open = l2cap_debugfs_open,
5381 .read = seq_read,
5382 .llseek = seq_lseek,
5383 .release = single_release,
5384};
5385
5386static struct dentry *l2cap_debugfs;
1da177e4 5387
64274518 5388int __init l2cap_init(void)
1da177e4
LT		 5389{
5390 int err;
be9d1227 5391
bb58f747 5392 err = l2cap_init_sockets();
1da177e4
LT		 5393 if (err < 0)
5394 return err;
5395
aef7d97c
MH		 5396 if (bt_debugfs) {
5397 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
5398 bt_debugfs, NULL, &l2cap_debugfs_fops);
5399 if (!l2cap_debugfs)
5400 BT_ERR("Failed to create L2CAP debug file");
5401 }
1da177e4 5402
1da177e4 5403 return 0;
1da177e4
LT		 5404}
5405
64274518 5406void l2cap_exit(void)
1da177e4 5407{
aef7d97c 5408 debugfs_remove(l2cap_debugfs);
bb58f747 5409 l2cap_cleanup_sockets();
1da177e4
LT		 5410}
5411
d1c4a17d
GP		 5412module_param(disable_ertm, bool, 0644);
5413MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)