projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Adds set_default function in L2CAP setup
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
eb939922 59bool disable_ertm;
f0709e03 60
47ec1dcd 61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 62static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 63
b5ad8b7f
JB		 64static LIST_HEAD(chan_list);
65static DEFINE_RWLOCK(chan_list_lock);
1da177e4 66
1da177e4
LT		 67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 69static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
70 void *data);
710f9b0a 71static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 72static void l2cap_send_disconn_req(struct l2cap_conn *conn,
73 struct l2cap_chan *chan, int err);
1da177e4 74
0139418c 75/* ---- L2CAP channels ---- */
71ba0e56 76
baa7e1fa 77static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 78{
3df91ea2 79 struct l2cap_chan *c;
3d57dc68 80
3df91ea2
AE		 81 list_for_each_entry(c, &conn->chan_l, list) {
82 if (c->dcid == cid)
83 return c;
0139418c 84 }
3df91ea2 85 return NULL;
0139418c
MH		 86}
87
baa7e1fa 88static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 89{
3df91ea2 90 struct l2cap_chan *c;
3d57dc68 91
3df91ea2
AE		 92 list_for_each_entry(c, &conn->chan_l, list) {
93 if (c->scid == cid)
94 return c;
0139418c 95 }
3df91ea2 96 return NULL;
0139418c
MH		 97}
98
99/* Find channel with given SCID.
100 * Returns locked socket */
baa7e1fa 101static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 102{
48454079 103 struct l2cap_chan *c;
baa7e1fa 104
3df91ea2 105 mutex_lock(&conn->chan_lock);
baa7e1fa 106 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 107 mutex_unlock(&conn->chan_lock);
108
48454079 109 return c;
0139418c
MH		 110}
111
baa7e1fa 112static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 113{
3df91ea2 114 struct l2cap_chan *c;
3d57dc68 115
3df91ea2
AE		 116 list_for_each_entry(c, &conn->chan_l, list) {
117 if (c->ident == ident)
118 return c;
0139418c 119 }
3df91ea2 120 return NULL;
0139418c
MH		 121}
122
baa7e1fa 123static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 124{
48454079 125 struct l2cap_chan *c;
baa7e1fa 126
3df91ea2 127 mutex_lock(&conn->chan_lock);
baa7e1fa 128 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 129 mutex_unlock(&conn->chan_lock);
130
48454079 131 return c;
0139418c
MH		 132}
133
23691d75 134static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 135{
23691d75 136 struct l2cap_chan *c;
9e4425ff 137
23691d75
GP		 138 list_for_each_entry(c, &chan_list, global_l) {
139 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 140 return c;
9e4425ff 141 }
250938cb 142 return NULL;
9e4425ff
GP		 143}
144
145int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
146{
73b2ec18
GP		 147 int err;
148
333055f2 149 write_lock(&chan_list_lock);
9e4425ff 150
23691d75 151 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 152 err = -EADDRINUSE;
153 goto done;
9e4425ff
GP		 154 }
155
73b2ec18
GP		 156 if (psm) {
157 chan->psm = psm;
158 chan->sport = psm;
159 err = 0;
160 } else {
161 u16 p;
162
163 err = -EINVAL;
164 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 165 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 166 chan->psm = cpu_to_le16(p);
167 chan->sport = cpu_to_le16(p);
168 err = 0;
169 break;
170 }
171 }
9e4425ff 172
73b2ec18 173done:
333055f2 174 write_unlock(&chan_list_lock);
73b2ec18 175 return err;
9e4425ff
GP		 176}
177
178int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
179{
333055f2 180 write_lock(&chan_list_lock);
9e4425ff
GP		 181
182 chan->scid = scid;
183
333055f2 184 write_unlock(&chan_list_lock);
9e4425ff
GP		 185
186 return 0;
187}
188
baa7e1fa 189static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 190{
8db4dc46 191 u16 cid = L2CAP_CID_DYN_START;
0139418c 192
8db4dc46 193 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 194 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 195 return cid;
196 }
197
198 return 0;
199}
200
0e587be7 201static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 202{
42d2d87c 203 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 204 state_to_string(state));
205
89bc500e
GP		 206 chan->state = state;
207 chan->ops->state_change(chan->data, state);
208}
209
0e587be7
AE		 210static void l2cap_state_change(struct l2cap_chan *chan, int state)
211{
212 struct sock *sk = chan->sk;
213
214 lock_sock(sk);
215 __l2cap_state_change(chan, state);
216 release_sock(sk);
217}
218
2e0052e4
AE		 219static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
220{
221 struct sock *sk = chan->sk;
222
223 sk->sk_err = err;
224}
225
226static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
227{
228 struct sock *sk = chan->sk;
229
230 lock_sock(sk);
231 __l2cap_chan_set_err(chan, err);
232 release_sock(sk);
233}
234
721c4181 235static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 236{
721c4181
GP		 237 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
238 chan_timer.work);
3df91ea2 239 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 240 int reason;
241
e05dcc32 242 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 243
3df91ea2 244 mutex_lock(&conn->chan_lock);
6be36555 245 l2cap_chan_lock(chan);
ab07801d 246
89bc500e 247 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 248 reason = ECONNREFUSED;
89bc500e 249 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 250 chan->sec_level != BT_SECURITY_SDP)
251 reason = ECONNREFUSED;
252 else
253 reason = ETIMEDOUT;
254
0f852724 255 l2cap_chan_close(chan, reason);
ab07801d 256
6be36555 257 l2cap_chan_unlock(chan);
ab07801d 258
ba3bd0ee 259 chan->ops->close(chan->data);
3df91ea2
AE		 260 mutex_unlock(&conn->chan_lock);
261
371fd835 262 l2cap_chan_put(chan);
ab07801d
GP		 263}
264
eef1d9b6 265struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 266{
267 struct l2cap_chan *chan;
268
269 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
270 if (!chan)
271 return NULL;
272
c03b355e
AE		 273 mutex_init(&chan->lock);
274
333055f2 275 write_lock(&chan_list_lock);
23691d75 276 list_add(&chan->global_l, &chan_list);
333055f2 277 write_unlock(&chan_list_lock);
23691d75 278
721c4181 279 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 280
89bc500e
GP		 281 chan->state = BT_OPEN;
282
71ba0e56
GP		 283 atomic_set(&chan->refcnt, 1);
284
eef1d9b6 285 BT_DBG("chan %p", chan);
abc545b8 286
48454079
GP		 287 return chan;
288}
289
23691d75 290void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 291{
333055f2 292 write_lock(&chan_list_lock);
23691d75 293 list_del(&chan->global_l);
333055f2 294 write_unlock(&chan_list_lock);
23691d75 295
371fd835 296 l2cap_chan_put(chan);
6ff5abbf
GP		 297}
298
bd4b1653
AE		 299void l2cap_chan_set_defaults(struct l2cap_chan *chan)
300{
301 chan->fcs = L2CAP_FCS_CRC16;
302 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
303 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
304 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
305 chan->sec_level = BT_SECURITY_LOW;
306
307 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
308}
309
14a28491 310static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 311{
af05b30b 312 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 313 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 314
9f5a0d7b 315 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 316
8c1d787b 317 chan->conn = conn;
0139418c 318
5491120e
AE		 319 switch (chan->chan_type) {
320 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 321 if (conn->hcon->type == LE_LINK) {
322 /* LE connection */
0c1bc5c6 323 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 324 chan->scid = L2CAP_CID_LE_DATA;
325 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 326 } else {
327 /* Alloc CID for connection-oriented socket */
fe4128e0 328 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 329 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 330 }
5491120e
AE		 331 break;
332
333 case L2CAP_CHAN_CONN_LESS:
0139418c 334 /* Connectionless socket */
fe4128e0
GP		 335 chan->scid = L2CAP_CID_CONN_LESS;
336 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 337 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 338 break;
339
340 default:
0139418c 341 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 342 chan->scid = L2CAP_CID_SIGNALING;
343 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 344 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 345 }
346
8f7975b1
AE		 347 chan->local_id = L2CAP_BESTEFFORT_ID;
348 chan->local_stype = L2CAP_SERV_BESTEFFORT;
349 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
350 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
351 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
352 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
353
371fd835 354 l2cap_chan_hold(chan);
baa7e1fa 355
3df91ea2 356 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 357}
358
14a28491 359static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 360{
361 mutex_lock(&conn->chan_lock);
362 __l2cap_chan_add(conn, chan);
3df91ea2 363 mutex_unlock(&conn->chan_lock);
0139418c
MH		 364}
365
4519de9a 366static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 367{
48454079 368 struct sock *sk = chan->sk;
8c1d787b 369 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 370 struct sock *parent = bt_sk(sk)->parent;
371
c9b66675 372 __clear_chan_timer(chan);
0139418c 373
49208c9c 374 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 375
8e87d142 376 if (conn) {
baa7e1fa 377 /* Delete from channel list */
3df91ea2 378 list_del(&chan->list);
3d57dc68 379
371fd835 380 l2cap_chan_put(chan);
baa7e1fa 381
8c1d787b 382 chan->conn = NULL;
0139418c
MH		 383 hci_conn_put(conn->hcon);
384 }
385
6be36555
AE		 386 lock_sock(sk);
387
0e587be7 388 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 389 sock_set_flag(sk, SOCK_ZAPPED);
390
391 if (err)
2e0052e4 392 __l2cap_chan_set_err(chan, err);
0139418c
MH		 393
394 if (parent) {
395 bt_accept_unlink(sk);
396 parent->sk_data_ready(parent, 0);
397 } else
398 sk->sk_state_change(sk);
c13ffa62 399
6be36555
AE		 400 release_sock(sk);
401
c1360a1c
GP		 402 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
403 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 404 return;
2ead70b8 405
58d35f87 406 skb_queue_purge(&chan->tx_q);
c13ffa62 407
0c1bc5c6 408 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 409 struct srej_list *l, *tmp;
410
1a09bcb9
GP		 411 __clear_retrans_timer(chan);
412 __clear_monitor_timer(chan);
413 __clear_ack_timer(chan);
c13ffa62 414
f1c6775b 415 skb_queue_purge(&chan->srej_q);
c13ffa62 416
39d5a3ee 417 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 418 list_del(&l->list);
419 kfree(l);
420 }
421 }
0139418c
MH		 422}
423
4519de9a
GP		 424static void l2cap_chan_cleanup_listen(struct sock *parent)
425{
426 struct sock *sk;
427
428 BT_DBG("parent %p", parent);
429
430 /* Close not yet accepted channels */
0f852724 431 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 432 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 433
6be36555 434 l2cap_chan_lock(chan);
c9b66675 435 __clear_chan_timer(chan);
ba3bd0ee 436 l2cap_chan_close(chan, ECONNRESET);
6be36555 437 l2cap_chan_unlock(chan);
3df91ea2 438
ba3bd0ee 439 chan->ops->close(chan->data);
0f852724 440 }
4519de9a
GP		 441}
442
0f852724 443void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 444{
445 struct l2cap_conn *conn = chan->conn;
446 struct sock *sk = chan->sk;
447
e05dcc32
AE		 448 BT_DBG("chan %p state %s sk %p", chan,
449 state_to_string(chan->state), sk);
4519de9a 450
89bc500e 451 switch (chan->state) {
4519de9a 452 case BT_LISTEN:
6be36555 453 lock_sock(sk);
4519de9a 454 l2cap_chan_cleanup_listen(sk);
89bc500e 455
0e587be7 456 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 457 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 458 release_sock(sk);
4519de9a
GP		 459 break;
460
461 case BT_CONNECTED:
462 case BT_CONFIG:
715ec005 463 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 464 conn->hcon->type == ACL_LINK) {
c9b66675 465 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 466 l2cap_send_disconn_req(conn, chan, reason);
467 } else
468 l2cap_chan_del(chan, reason);
469 break;
470
471 case BT_CONNECT2:
715ec005 472 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 473 conn->hcon->type == ACL_LINK) {
474 struct l2cap_conn_rsp rsp;
475 __u16 result;
476
477 if (bt_sk(sk)->defer_setup)
478 result = L2CAP_CR_SEC_BLOCK;
479 else
480 result = L2CAP_CR_BAD_PSM;
89bc500e 481 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 482
483 rsp.scid = cpu_to_le16(chan->dcid);
484 rsp.dcid = cpu_to_le16(chan->scid);
485 rsp.result = cpu_to_le16(result);
486 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
487 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
488 sizeof(rsp), &rsp);
489 }
490
491 l2cap_chan_del(chan, reason);
492 break;
493
494 case BT_CONNECT:
495 case BT_DISCONN:
496 l2cap_chan_del(chan, reason);
497 break;
498
499 default:
6be36555 500 lock_sock(sk);
4519de9a 501 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 502 release_sock(sk);
4519de9a
GP		 503 break;
504 }
505}
506
4343478f 507static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 508{
715ec005 509 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 510 switch (chan->sec_level) {
8556edd3
JH		 511 case BT_SECURITY_HIGH:
512 return HCI_AT_DEDICATED_BONDING_MITM;
513 case BT_SECURITY_MEDIUM:
514 return HCI_AT_DEDICATED_BONDING;
515 default:
516 return HCI_AT_NO_BONDING;
517 }
fe4128e0 518 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 519 if (chan->sec_level == BT_SECURITY_LOW)
520 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 521
4343478f 522 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 523 return HCI_AT_NO_BONDING_MITM;
00ae4af9 524 else
8556edd3 525 return HCI_AT_NO_BONDING;
00ae4af9 526 } else {
4343478f 527 switch (chan->sec_level) {
00ae4af9 528 case BT_SECURITY_HIGH:
8556edd3 529 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 530 case BT_SECURITY_MEDIUM:
8556edd3 531 return HCI_AT_GENERAL_BONDING;
00ae4af9 532 default:
8556edd3 533 return HCI_AT_NO_BONDING;
00ae4af9 534 }
0684e5f9 535 }
8556edd3
JH		 536}
537
538/* Service level security */
d45fc423 539int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 540{
8c1d787b 541 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 542 __u8 auth_type;
543
4343478f 544 auth_type = l2cap_get_auth_type(chan);
79d554a6 545
4343478f 546 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 547}
548
b5ad8b7f 549static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 550{
551 u8 id;
552
553 /* Get next available identificator.
554 * 1 - 128 are used by kernel.
555 * 129 - 199 are reserved.
556 * 200 - 254 are used by utilities like l2ping, etc.
557 */
558
333055f2 559 spin_lock(&conn->lock);
4e8402a3
MH		 560
561 if (++conn->tx_ident > 128)
562 conn->tx_ident = 1;
563
564 id = conn->tx_ident;
565
333055f2 566 spin_unlock(&conn->lock);
4e8402a3
MH		 567
568 return id;
569}
570
4519de9a 571static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 572{
573 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 574 u8 flags;
4e8402a3
MH		 575
576 BT_DBG("code 0x%2.2x", code);
577
578 if (!skb)
9a9c6a34 579 return;
4e8402a3 580
e702112f
AE		 581 if (lmp_no_flush_capable(conn->hcon->hdev))
582 flags = ACL_START_NO_FLUSH;
583 else
584 flags = ACL_START;
585
14b12d0b 586 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 587 skb->priority = HCI_PRIO_MAX;
14b12d0b 588
73d80deb
LAD		 589 hci_send_acl(conn->hchan, skb, flags);
590}
591
592static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
593{
594 struct hci_conn *hcon = chan->conn->hcon;
595 u16 flags;
596
597 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
598 skb->priority);
599
600 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
601 lmp_no_flush_capable(hcon->hdev))
602 flags = ACL_START_NO_FLUSH;
603 else
604 flags = ACL_START;
14b12d0b 605
73d80deb
LAD		 606 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
607 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 608}
609
88843ab0 610static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 611{
612 struct sk_buff *skb;
613 struct l2cap_hdr *lh;
8c1d787b 614 struct l2cap_conn *conn = chan->conn;
e4ca6d98 615 int count, hlen;
fcc203c3 616
89bc500e 617 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 618 return;
619
e4ca6d98
AE		 620 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
621 hlen = L2CAP_EXT_HDR_SIZE;
622 else
623 hlen = L2CAP_ENH_HDR_SIZE;
624
47d1ec61 625 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 626 hlen += L2CAP_FCS_SIZE;
1c2acffb 627
88843ab0 628 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 629
fcc203c3 630 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 631
632 control |= __set_sframe(chan);
1c2acffb 633
e2ab4353 634 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 635 control |= __set_ctrl_final(chan);
9e917af1 636
e2ab4353 637 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 638 control |= __set_ctrl_poll(chan);
f0946ccf 639
1c2acffb
GP		 640 skb = bt_skb_alloc(count, GFP_ATOMIC);
641 if (!skb)
9a9c6a34 642 return;
1c2acffb
GP		 643
644 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 645 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 646 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 647
648 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 649
47d1ec61 650 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 651 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
652 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 653 }
654
73d80deb
LAD		 655 skb->priority = HCI_PRIO_MAX;
656 l2cap_do_send(chan, skb);
1c2acffb
GP		 657}
658
88843ab0 659static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 660{
e2ab4353 661 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 662 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 663 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 664 } else
ab784b73 665 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 666
0b209fae 667 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 668
525cd185 669 l2cap_send_sframe(chan, control);
7e743090
GP		 670}
671
b4450035 672static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 673{
c1360a1c 674 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 675}
676
9b27f350
AE		 677static void l2cap_send_conn_req(struct l2cap_chan *chan)
678{
679 struct l2cap_conn *conn = chan->conn;
680 struct l2cap_conn_req req;
681
682 req.scid = cpu_to_le16(chan->scid);
683 req.psm = chan->psm;
684
685 chan->ident = l2cap_get_ident(conn);
686
687 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
688
689 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
690}
691
fc7f8a7e 692static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 693{
8c1d787b 694 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 695
696 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 697 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
698 return;
699
d45fc423 700 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 701 __l2cap_no_conn_pending(chan))
702 l2cap_send_conn_req(chan);
79d554a6
MH		 703 } else {
704 struct l2cap_info_req req;
705 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
706
707 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
708 conn->info_ident = l2cap_get_ident(conn);
709
ba13ccd9 710 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 711
712 l2cap_send_cmd(conn, conn->info_ident,
713 L2CAP_INFO_REQ, sizeof(req), &req);
714 }
715}
716
cf6c2c0b
GP		 717static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
718{
719 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 720 if (!disable_ertm)
cf6c2c0b
GP		 721 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
722
723 switch (mode) {
724 case L2CAP_MODE_ERTM:
725 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
726 case L2CAP_MODE_STREAMING:
727 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
728 default:
729 return 0x00;
730 }
731}
732
4519de9a 733static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 734{
6be36555 735 struct sock *sk = chan->sk;
22121fc9
GP		 736 struct l2cap_disconn_req req;
737
c13ffa62
GP		 738 if (!conn)
739 return;
740
0c1bc5c6 741 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 742 __clear_retrans_timer(chan);
743 __clear_monitor_timer(chan);
744 __clear_ack_timer(chan);
c13ffa62
GP		 745 }
746
fe4128e0
GP		 747 req.dcid = cpu_to_le16(chan->dcid);
748 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 749 l2cap_send_cmd(conn, l2cap_get_ident(conn),
750 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 751
6be36555 752 lock_sock(sk);
0e587be7 753 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 754 __l2cap_chan_set_err(chan, err);
6be36555 755 release_sock(sk);
22121fc9
GP		 756}
757
1da177e4 758/* ---- L2CAP connections ---- */
4e8402a3
MH		 759static void l2cap_conn_start(struct l2cap_conn *conn)
760{
3df91ea2 761 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 762
763 BT_DBG("conn %p", conn);
764
3df91ea2 765 mutex_lock(&conn->chan_lock);
4e8402a3 766
3df91ea2 767 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 768 struct sock *sk = chan->sk;
baa7e1fa 769
6be36555 770 l2cap_chan_lock(chan);
4e8402a3 771
715ec005 772 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 773 l2cap_chan_unlock(chan);
79d554a6
MH		 774 continue;
775 }
776
89bc500e 777 if (chan->state == BT_CONNECT) {
d45fc423 778 if (!l2cap_chan_check_security(chan) ||
b4450035 779 !__l2cap_no_conn_pending(chan)) {
6be36555 780 l2cap_chan_unlock(chan);
47731de7
GP		 781 continue;
782 }
79d554a6 783
c1360a1c
GP		 784 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
785 && test_bit(CONF_STATE2_DEVICE,
786 &chan->conf_state)) {
89bc500e 787 l2cap_chan_close(chan, ECONNRESET);
6be36555 788 l2cap_chan_unlock(chan);
47731de7 789 continue;
b1235d79 790 }
47731de7 791
9b27f350 792 l2cap_send_conn_req(chan);
47731de7 793
89bc500e 794 } else if (chan->state == BT_CONNECT2) {
79d554a6 795 struct l2cap_conn_rsp rsp;
e9aeb2dd 796 char buf[128];
fe4128e0
GP		 797 rsp.scid = cpu_to_le16(chan->dcid);
798 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 799
d45fc423 800 if (l2cap_chan_check_security(chan)) {
6be36555 801 lock_sock(sk);
f66dc81f
MH		 802 if (bt_sk(sk)->defer_setup) {
803 struct sock *parent = bt_sk(sk)->parent;
804 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
805 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 806 if (parent)
807 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 808
809 } else {
0e587be7 810 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 811 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
812 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
813 }
6be36555 814 release_sock(sk);
79d554a6
MH		 815 } else {
816 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
817 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
818 }
819
fc7f8a7e
GP		 820 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
821 sizeof(rsp), &rsp);
e9aeb2dd 822
c1360a1c 823 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 824 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 825 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 826 continue;
827 }
828
c1360a1c 829 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 831 l2cap_build_conf_req(chan, buf), buf);
832 chan->num_conf_req++;
4e8402a3
MH		 833 }
834
6be36555 835 l2cap_chan_unlock(chan);
4e8402a3
MH		 836 }
837
3df91ea2 838 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 839}
840
b62f328b
VT		 841/* Find socket with cid and source bdaddr.
842 * Returns closest match, locked.
843 */
d9b88702
AE		 844static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
845 bdaddr_t *src)
b62f328b 846{
23691d75 847 struct l2cap_chan *c, *c1 = NULL;
b62f328b 848
23691d75 849 read_lock(&chan_list_lock);
b62f328b 850
23691d75
GP		 851 list_for_each_entry(c, &chan_list, global_l) {
852 struct sock *sk = c->sk;
fe4128e0 853
89bc500e 854 if (state && c->state != state)
b62f328b
VT		 855 continue;
856
23691d75 857 if (c->scid == cid) {
b62f328b 858 /* Exact match. */
23691d75
GP		 859 if (!bacmp(&bt_sk(sk)->src, src)) {
860 read_unlock(&chan_list_lock);
861 return c;
862 }
b62f328b
VT		 863
864 /* Closest match */
865 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 866 c1 = c;
b62f328b
VT		 867 }
868 }
280f294f 869
23691d75 870 read_unlock(&chan_list_lock);
b62f328b 871
23691d75 872 return c1;
b62f328b
VT		 873}
874
875static void l2cap_le_conn_ready(struct l2cap_conn *conn)
876{
c916fbe4 877 struct sock *parent, *sk;
23691d75 878 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 879
880 BT_DBG("");
881
882 /* Check if we have socket listening on cid */
23691d75 883 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 884 conn->src);
23691d75 885 if (!pchan)
b62f328b
VT		 886 return;
887
23691d75
GP		 888 parent = pchan->sk;
889
aa2ac881 890 lock_sock(parent);
62f3a2cf 891
b62f328b
VT		 892 /* Check for backlog size */
893 if (sk_acceptq_is_full(parent)) {
894 BT_DBG("backlog full %d", parent->sk_ack_backlog);
895 goto clean;
896 }
897
80808e43
GP		 898 chan = pchan->ops->new_connection(pchan->data);
899 if (!chan)
b62f328b
VT		 900 goto clean;
901
80808e43 902 sk = chan->sk;
5d41ce1d 903
b62f328b
VT		 904 hci_conn_hold(conn->hcon);
905
b62f328b
VT		 906 bacpy(&bt_sk(sk)->src, conn->src);
907 bacpy(&bt_sk(sk)->dst, conn->dst);
908
d1010240
GP		 909 bt_accept_enqueue(parent, sk);
910
3d57dc68 911 l2cap_chan_add(conn, chan);
48454079 912
c9b66675 913 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 914
0e587be7 915 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 916 parent->sk_data_ready(parent, 0);
917
b62f328b 918clean:
aa2ac881 919 release_sock(parent);
b62f328b
VT		 920}
921
cf4cd009 922static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 923{
cf4cd009 924 struct sock *sk = chan->sk;
6be36555
AE		 925 struct sock *parent;
926
927 lock_sock(sk);
928
929 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 930
931 BT_DBG("sk %p, parent %p", sk, parent);
932
933 chan->conf_state = 0;
934 __clear_chan_timer(chan);
935
0e587be7 936 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 937 sk->sk_state_change(sk);
938
939 if (parent)
940 parent->sk_data_ready(parent, 0);
6be36555
AE		 941
942 release_sock(sk);
f1cb9af5
VCG		 943}
944
4e8402a3
MH		 945static void l2cap_conn_ready(struct l2cap_conn *conn)
946{
48454079 947 struct l2cap_chan *chan;
4e8402a3 948
79d554a6 949 BT_DBG("conn %p", conn);
4e8402a3 950
b62f328b
VT		 951 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
952 l2cap_le_conn_ready(conn);
953
160dc6ac
VCG		 954 if (conn->hcon->out && conn->hcon->type == LE_LINK)
955 smp_conn_security(conn, conn->hcon->pending_sec_level);
956
3df91ea2 957 mutex_lock(&conn->chan_lock);
4e8402a3 958
3df91ea2 959 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 960
6be36555 961 l2cap_chan_lock(chan);
4e8402a3 962
63128451 963 if (conn->hcon->type == LE_LINK) {
b501d6a1 964 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 965 l2cap_chan_ready(chan);
acd7d370 966
63128451 967 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 968 struct sock *sk = chan->sk;
c9b66675 969 __clear_chan_timer(chan);
6be36555 970 lock_sock(sk);
0e587be7 971 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 972 sk->sk_state_change(sk);
6be36555 973 release_sock(sk);
b501d6a1 974
89bc500e 975 } else if (chan->state == BT_CONNECT)
fc7f8a7e 976 l2cap_do_start(chan);
4e8402a3 977
6be36555 978 l2cap_chan_unlock(chan);
4e8402a3 979 }
79d554a6 980
3df91ea2 981 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 982}
983
984/* Notify sockets that we cannot guaranty reliability anymore */
985static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
986{
48454079 987 struct l2cap_chan *chan;
4e8402a3
MH		 988
989 BT_DBG("conn %p", conn);
990
3df91ea2 991 mutex_lock(&conn->chan_lock);
4e8402a3 992
3df91ea2 993 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 994 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 995 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 996 }
997
3df91ea2 998 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 999}
1000
f878fcad 1001static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1002{
f878fcad 1003 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1004 info_timer.work);
4e8402a3 1005
984947dc 1006 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1007 conn->info_ident = 0;
984947dc 1008
4e8402a3
MH		 1009 l2cap_conn_start(conn);
1010}
1011
5d3de7df
VCG		 1012static void l2cap_conn_del(struct hci_conn *hcon, int err)
1013{
1014 struct l2cap_conn *conn = hcon->l2cap_data;
1015 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1016
1017 if (!conn)
1018 return;
1019
1020 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1021
1022 kfree_skb(conn->rx_skb);
1023
3df91ea2
AE		 1024 mutex_lock(&conn->chan_lock);
1025
5d3de7df
VCG		 1026 /* Kill channels */
1027 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1028 l2cap_chan_lock(chan);
1029
5d3de7df 1030 l2cap_chan_del(chan, err);
6be36555
AE		 1031
1032 l2cap_chan_unlock(chan);
1033
5d3de7df
VCG		 1034 chan->ops->close(chan->data);
1035 }
1036
3df91ea2
AE		 1037 mutex_unlock(&conn->chan_lock);
1038
73d80deb
LAD		 1039 hci_chan_del(conn->hchan);
1040
5d3de7df 1041 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1042 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1043
51a8efd7 1044 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1045 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1046 smp_chan_destroy(conn);
d26a2345 1047 }
5d3de7df
VCG		 1048
1049 hcon->l2cap_data = NULL;
1050 kfree(conn);
1051}
1052
6c9d42a1 1053static void security_timeout(struct work_struct *work)
5d3de7df 1054{
6c9d42a1
GP		 1055 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1056 security_timer.work);
5d3de7df
VCG		 1057
1058 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1059}
1060
1da177e4
LT		 1061static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1062{
0139418c 1063 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1064 struct hci_chan *hchan;
1da177e4 1065
0139418c 1066 if (conn || status)
1da177e4
LT		 1067 return conn;
1068
73d80deb
LAD		 1069 hchan = hci_chan_create(hcon);
1070 if (!hchan)
1071 return NULL;
1072
0139418c 1073 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1074 if (!conn) {
1075 hci_chan_del(hchan);
1da177e4 1076 return NULL;
73d80deb 1077 }
1da177e4
LT		 1078
1079 hcon->l2cap_data = conn;
1080 conn->hcon = hcon;
73d80deb 1081 conn->hchan = hchan;
1da177e4 1082
73d80deb 1083 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1084
acd7d370
VT		 1085 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1086 conn->mtu = hcon->hdev->le_mtu;
1087 else
1088 conn->mtu = hcon->hdev->acl_mtu;
1089
1da177e4
LT		 1090 conn->src = &hcon->hdev->bdaddr;
1091 conn->dst = &hcon->dst;
1092
4e8402a3
MH		 1093 conn->feat_mask = 0;
1094
1da177e4 1095 spin_lock_init(&conn->lock);
3df91ea2 1096 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1097
1098 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1099
5d3de7df 1100 if (hcon->type == LE_LINK)
6c9d42a1 1101 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1102 else
030013d8 1103 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1104
9f5a0d7b 1105 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1106
1da177e4
LT		 1107 return conn;
1108}
1109
1da177e4 1110/* ---- Socket interface ---- */
1da177e4
LT		 1111
1112/* Find socket with psm and source bdaddr.
1113 * Returns closest match.
1114 */
23691d75 1115static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1116{
23691d75 1117 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1118
23691d75 1119 read_lock(&chan_list_lock);
e0f0cb56 1120
23691d75
GP		 1121 list_for_each_entry(c, &chan_list, global_l) {
1122 struct sock *sk = c->sk;
fe4128e0 1123
89bc500e 1124 if (state && c->state != state)
1da177e4
LT		 1125 continue;
1126
23691d75 1127 if (c->psm == psm) {
1da177e4 1128 /* Exact match. */
23691d75 1129 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1130 read_unlock(&chan_list_lock);
23691d75
GP		 1131 return c;
1132 }
1da177e4
LT		 1133
1134 /* Closest match */
1135 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1136 c1 = c;
1da177e4
LT		 1137 }
1138 }
1da177e4 1139
23691d75 1140 read_unlock(&chan_list_lock);
e0f0cb56 1141
23691d75 1142 return c1;
1da177e4
LT		 1143}
1144
cbe8fed4 1145int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1146{
5d41ce1d 1147 struct sock *sk = chan->sk;
1da177e4 1148 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1149 struct l2cap_conn *conn;
1150 struct hci_conn *hcon;
1151 struct hci_dev *hdev;
09ab6f4c 1152 __u8 auth_type;
44d0e48e 1153 int err;
1da177e4 1154
f29972de 1155 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
097db76c 1156 __le16_to_cpu(chan->psm));
1da177e4 1157
af05b30b
GP		 1158 hdev = hci_get_route(dst, src);
1159 if (!hdev)
1da177e4
LT		 1160 return -EHOSTUNREACH;
1161
09fd0de5 1162 hci_dev_lock(hdev);
1da177e4 1163
6be36555 1164 l2cap_chan_lock(chan);
03a00194
GP		 1165
1166 /* PSM must be odd and lsb of upper byte must be 0 */
1167 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1168 chan->chan_type != L2CAP_CHAN_RAW) {
1169 err = -EINVAL;
1170 goto done;
1171 }
1172
1173 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1174 err = -EINVAL;
1175 goto done;
1176 }
1177
1178 switch (chan->mode) {
1179 case L2CAP_MODE_BASIC:
1180 break;
1181 case L2CAP_MODE_ERTM:
1182 case L2CAP_MODE_STREAMING:
1183 if (!disable_ertm)
1184 break;
1185 /* fall through */
1186 default:
1187 err = -ENOTSUPP;
1188 goto done;
1189 }
1190
6be36555
AE		 1191 lock_sock(sk);
1192
03a00194
GP		 1193 switch (sk->sk_state) {
1194 case BT_CONNECT:
1195 case BT_CONNECT2:
1196 case BT_CONFIG:
1197 /* Already connecting */
1198 err = 0;
6be36555 1199 release_sock(sk);
03a00194
GP		 1200 goto done;
1201
1202 case BT_CONNECTED:
1203 /* Already connected */
1204 err = -EISCONN;
6be36555 1205 release_sock(sk);
03a00194
GP		 1206 goto done;
1207
1208 case BT_OPEN:
1209 case BT_BOUND:
1210 /* Can connect */
1211 break;
1212
1213 default:
1214 err = -EBADFD;
6be36555 1215 release_sock(sk);
03a00194
GP		 1216 goto done;
1217 }
1218
1219 /* Set destination address and psm */
9219b2a0 1220 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1221
1222 release_sock(sk);
1223
03a00194
GP		 1224 chan->psm = psm;
1225 chan->dcid = cid;
1da177e4 1226
4343478f 1227 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1228
fe4128e0 1229 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1230 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1231 chan->sec_level, auth_type);
acd7d370
VT		 1232 else
1233 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1234 chan->sec_level, auth_type);
acd7d370 1235
30e76272
VT		 1236 if (IS_ERR(hcon)) {
1237 err = PTR_ERR(hcon);
1da177e4 1238 goto done;
30e76272 1239 }
1da177e4
LT		 1240
1241 conn = l2cap_conn_add(hcon, 0);
1242 if (!conn) {
1243 hci_conn_put(hcon);
30e76272 1244 err = -ENOMEM;
1da177e4
LT		 1245 goto done;
1246 }
1247
1da177e4
LT		 1248 /* Update source addr of the socket */
1249 bacpy(src, conn->src);
1250
6be36555 1251 l2cap_chan_unlock(chan);
48454079 1252 l2cap_chan_add(conn, chan);
6be36555 1253 l2cap_chan_lock(chan);
48454079 1254
6be36555 1255 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1256 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1257
1258 if (hcon->state == BT_CONNECTED) {
715ec005 1259 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1260 __clear_chan_timer(chan);
d45fc423 1261 if (l2cap_chan_check_security(chan))
6be36555 1262 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1263 } else
fc7f8a7e 1264 l2cap_do_start(chan);
1da177e4
LT		 1265 }
1266
30e76272
VT		 1267 err = 0;
1268
1da177e4 1269done:
6be36555 1270 l2cap_chan_unlock(chan);
09fd0de5 1271 hci_dev_unlock(hdev);
1da177e4
LT		 1272 hci_dev_put(hdev);
1273 return err;
1274}
1275
dcba0dba 1276int __l2cap_wait_ack(struct sock *sk)
6161c038 1277{
8c1d787b 1278 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1279 DECLARE_WAITQUEUE(wait, current);
1280 int err = 0;
1281 int timeo = HZ/5;
1282
2b0b05dd 1283 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1284 set_current_state(TASK_INTERRUPTIBLE);
1285 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1286 if (!timeo)
1287 timeo = HZ/5;
1288
1289 if (signal_pending(current)) {
1290 err = sock_intr_errno(timeo);
1291 break;
1292 }
1293
1294 release_sock(sk);
1295 timeo = schedule_timeout(timeo);
1296 lock_sock(sk);
a71a0cf4 1297 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1298
1299 err = sock_error(sk);
1300 if (err)
1301 break;
1302 }
1303 set_current_state(TASK_RUNNING);
2b0b05dd 1304 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1305 return err;
1306}
1307
721c4181 1308static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1309{
721c4181
GP		 1310 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1311 monitor_timer.work);
e90bac06 1312
525cd185 1313 BT_DBG("chan %p", chan);
0e98958d 1314
6be36555
AE		 1315 l2cap_chan_lock(chan);
1316
2c03a7a4 1317 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1318 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1319 l2cap_chan_unlock(chan);
8d7e1c7f 1320 l2cap_chan_put(chan);
e90bac06
GP		 1321 return;
1322 }
1323
6a026610 1324 chan->retry_count++;
1a09bcb9 1325 __set_monitor_timer(chan);
e90bac06 1326
525cd185 1327 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1328 l2cap_chan_unlock(chan);
8d7e1c7f 1329 l2cap_chan_put(chan);
e90bac06
GP		 1330}
1331
721c4181 1332static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1333{
721c4181
GP		 1334 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1335 retrans_timer.work);
e90bac06 1336
49208c9c 1337 BT_DBG("chan %p", chan);
0e98958d 1338
6be36555
AE		 1339 l2cap_chan_lock(chan);
1340
6a026610 1341 chan->retry_count = 1;
1a09bcb9 1342 __set_monitor_timer(chan);
e90bac06 1343
e2ab4353 1344 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1345
525cd185 1346 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1347
1348 l2cap_chan_unlock(chan);
8d7e1c7f 1349 l2cap_chan_put(chan);
e90bac06
GP		 1350}
1351
42e5c802 1352static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1353{
1c2acffb 1354 struct sk_buff *skb;
1da177e4 1355
58d35f87 1356 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1357 chan->unacked_frames) {
42e5c802 1358 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1359 break;
1da177e4 1360
58d35f87 1361 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1362 kfree_skb(skb);
1da177e4 1363
6a026610 1364 chan->unacked_frames--;
1c2acffb 1365 }
1da177e4 1366
6a026610 1367 if (!chan->unacked_frames)
1a09bcb9 1368 __clear_retrans_timer(chan);
1c2acffb 1369}
1da177e4 1370
67c9e840 1371static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1372{
ccbb84af 1373 struct sk_buff *skb;
88843ab0
AE		 1374 u32 control;
1375 u16 fcs;
6840ed07 1376
58d35f87 1377 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1378 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1379 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1380 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1381
47d1ec61 1382 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1383 fcs = crc16(0, (u8 *)skb->data,
1384 skb->len - L2CAP_FCS_SIZE);
1385 put_unaligned_le16(fcs,
1386 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1387 }
1388
4343478f 1389 l2cap_do_send(chan, skb);
6840ed07 1390
836be934 1391 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1392 }
6840ed07
GP		 1393}
1394
fb45de7d 1395static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1396{
8f17154f 1397 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1398 u16 fcs;
1399 u32 control;
8f17154f 1400
58d35f87 1401 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1402 if (!skb)
1403 return;
8f17154f 1404
d1726b6d 1405 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1406 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1407 return;
8f17154f 1408
d1726b6d
SJ		 1409 skb = skb_queue_next(&chan->tx_q, skb);
1410 }
8f17154f 1411
2c03a7a4
GP		 1412 if (chan->remote_max_tx &&
1413 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1414 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1415 return;
1416 }
1417
1418 tx_skb = skb_clone(skb, GFP_ATOMIC);
1419 bt_cb(skb)->retries++;
88843ab0
AE		 1420
1421 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1422 control &= __get_sar_mask(chan);
3cb123d1 1423
e2ab4353 1424 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1425 control |= __set_ctrl_final(chan);
95ffa978 1426
0b209fae 1427 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1428 control |= __set_txseq(chan, tx_seq);
3cb123d1 1429
88843ab0 1430 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1431
47d1ec61 1432 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1433 fcs = crc16(0, (u8 *)tx_skb->data,
1434 tx_skb->len - L2CAP_FCS_SIZE);
1435 put_unaligned_le16(fcs,
1436 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1437 }
1438
4343478f 1439 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1440}
1441
67c9e840 1442static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1443{
1444 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1445 u16 fcs;
1446 u32 control;
9a9c6a34 1447 int nsent = 0;
1c2acffb 1448
89bc500e 1449 if (chan->state != BT_CONNECTED)
c13ffa62 1450 return -ENOTCONN;
e90bac06 1451
58d35f87 1452 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1453
2c03a7a4
GP		 1454 if (chan->remote_max_tx &&
1455 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1456 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1457 break;
1458 }
1459
e420aba3
AE		 1460 tx_skb = skb_clone(skb, GFP_ATOMIC);
1461
e90bac06
GP		 1462 bt_cb(skb)->retries++;
1463
88843ab0 1464 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1465 control &= __get_sar_mask(chan);
95ffa978 1466
e2ab4353 1467 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1468 control |= __set_ctrl_final(chan);
e2ab4353 1469
0b209fae 1470 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1471 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1472
88843ab0 1473 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1474
47d1ec61 1475 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1476 fcs = crc16(0, (u8 *)skb->data,
1477 tx_skb->len - L2CAP_FCS_SIZE);
1478 put_unaligned_le16(fcs, skb->data +
1479 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1480 }
1481
4343478f 1482 l2cap_do_send(chan, tx_skb);
9a9c6a34 1483
1a09bcb9 1484 __set_retrans_timer(chan);
1c2acffb 1485
42e5c802 1486 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1487
1488 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1489
8ed7a0ae 1490 if (bt_cb(skb)->retries == 1) {
6a026610 1491 chan->unacked_frames++;
930fa4ae
SJ		 1492
1493 if (!nsent++)
1494 __clear_ack_timer(chan);
8ed7a0ae 1495 }
23e9fde2 1496
6a026610 1497 chan->frames_sent++;
1c2acffb 1498
58d35f87
GP		 1499 if (skb_queue_is_last(&chan->tx_q, skb))
1500 chan->tx_send_head = NULL;
1c2acffb 1501 else
58d35f87 1502 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1503 }
1504
9e917af1
GP		 1505 return nsent;
1506}
1507
525cd185 1508static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1509{
dfc909be
GP		 1510 int ret;
1511
58d35f87
GP		 1512 if (!skb_queue_empty(&chan->tx_q))
1513 chan->tx_send_head = chan->tx_q.next;
dfc909be 1514
42e5c802 1515 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1516 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1517 return ret;
1518}
1519
b17e73bb 1520static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1521{
88843ab0 1522 u32 control = 0;
9e917af1 1523
0b209fae 1524 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1525
e2ab4353 1526 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1527 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1528 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1529 l2cap_send_sframe(chan, control);
9a9c6a34 1530 return;
9e917af1 1531 }
dfc909be 1532
525cd185 1533 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1534 return;
1535
ab784b73 1536 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1537 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1538}
1539
b17e73bb
SJ		 1540static void l2cap_send_ack(struct l2cap_chan *chan)
1541{
1542 __clear_ack_timer(chan);
1543 __l2cap_send_ack(chan);
1544}
1545
525cd185 1546static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1547{
1548 struct srej_list *tail;
88843ab0 1549 u32 control;
99b0d4b7 1550
ab784b73 1551 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1552 control |= __set_ctrl_final(chan);
99b0d4b7 1553
39d5a3ee 1554 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1555 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1556
525cd185 1557 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1558}
1559
04124681
GP		 1560static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1561 struct msghdr *msg, int len,
1562 int count, struct sk_buff *skb)
1c2acffb 1563{
0952a57a 1564 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1565 struct sk_buff **frag;
1566 int err, sent = 0;
1da177e4 1567
59203a21 1568 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1569 return -EFAULT;
1da177e4
LT		 1570
1571 sent += count;
1572 len -= count;
1573
1574 /* Continuation fragments (no L2CAP header) */
1575 frag = &skb_shinfo(skb)->frag_list;
1576 while (len) {
1577 count = min_t(unsigned int, conn->mtu, len);
1578
2f7719ce 1579 *frag = chan->ops->alloc_skb(chan, count,
04124681
GP		 1580 msg->msg_flags & MSG_DONTWAIT,
1581 &err);
2f7719ce 1582
1da177e4 1583 if (!*frag)
0175d629 1584 return err;
1c2acffb
GP		 1585 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1586 return -EFAULT;
1da177e4 1587
5e59b791
LAD		 1588 (*frag)->priority = skb->priority;
1589
1da177e4
LT		 1590 sent += count;
1591 len -= count;
1592
1593 frag = &(*frag)->next;
1594 }
1da177e4
LT		 1595
1596 return sent;
1c2acffb 1597}
1da177e4 1598
5e59b791
LAD		 1599static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1600 struct msghdr *msg, size_t len,
1601 u32 priority)
1c2acffb 1602{
8c1d787b 1603 struct l2cap_conn *conn = chan->conn;
1c2acffb 1604 struct sk_buff *skb;
03a51213 1605 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1606 struct l2cap_hdr *lh;
1607
6d5922b0 1608 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1609
1610 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1611
1612 skb = chan->ops->alloc_skb(chan, count + hlen,
04124681 1613 msg->msg_flags & MSG_DONTWAIT, &err);
2f7719ce 1614
1c2acffb 1615 if (!skb)
0175d629 1616 return ERR_PTR(err);
1c2acffb 1617
5e59b791
LAD		 1618 skb->priority = priority;
1619
1c2acffb
GP		 1620 /* Create L2CAP header */
1621 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1622 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1623 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
097db76c 1624 put_unaligned(chan->psm, skb_put(skb, 2));
1c2acffb 1625
0952a57a 1626 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1627 if (unlikely(err < 0)) {
1628 kfree_skb(skb);
1629 return ERR_PTR(err);
1630 }
1631 return skb;
1632}
1633
5e59b791
LAD		 1634static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1635 struct msghdr *msg, size_t len,
1636 u32 priority)
1c2acffb 1637{
8c1d787b 1638 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1639 struct sk_buff *skb;
1640 int err, count, hlen = L2CAP_HDR_SIZE;
1641 struct l2cap_hdr *lh;
1642
6d5922b0 1643 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1644
1645 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1646
1647 skb = chan->ops->alloc_skb(chan, count + hlen,
04124681 1648 msg->msg_flags & MSG_DONTWAIT, &err);
2f7719ce 1649
1c2acffb 1650 if (!skb)
0175d629 1651 return ERR_PTR(err);
1c2acffb 1652
5e59b791
LAD		 1653 skb->priority = priority;
1654
1c2acffb
GP		 1655 /* Create L2CAP header */
1656 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1657 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1658 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1659
0952a57a 1660 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1661 if (unlikely(err < 0)) {
1662 kfree_skb(skb);
1663 return ERR_PTR(err);
1664 }
1665 return skb;
1666}
1667
ab0ff76d
LAD		 1668static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1669 struct msghdr *msg, size_t len,
88843ab0 1670 u32 control, u16 sdulen)
1c2acffb 1671{
8c1d787b 1672 struct l2cap_conn *conn = chan->conn;
1c2acffb 1673 struct sk_buff *skb;
e4ca6d98 1674 int err, count, hlen;
1c2acffb
GP		 1675 struct l2cap_hdr *lh;
1676
6d5922b0 1677 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1678
0ee0d208
GP		 1679 if (!conn)
1680 return ERR_PTR(-ENOTCONN);
1681
e4ca6d98
AE		 1682 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1683 hlen = L2CAP_EXT_HDR_SIZE;
1684 else
1685 hlen = L2CAP_ENH_HDR_SIZE;
1686
c74e560c 1687 if (sdulen)
03a51213 1688 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1689
47d1ec61 1690 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1691 hlen += L2CAP_FCS_SIZE;
fcc203c3 1692
1c2acffb 1693 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1694
1695 skb = chan->ops->alloc_skb(chan, count + hlen,
1696 msg->msg_flags & MSG_DONTWAIT, &err);
1697
1c2acffb 1698 if (!skb)
0175d629 1699 return ERR_PTR(err);
1c2acffb
GP		 1700
1701 /* Create L2CAP header */
1702 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1703 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1704 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1705
1706 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1707
c74e560c 1708 if (sdulen)
03a51213 1709 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1710
0952a57a 1711 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1712 if (unlikely(err < 0)) {
1713 kfree_skb(skb);
1714 return ERR_PTR(err);
1715 }
e90bac06 1716
47d1ec61 1717 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1718 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1719
e90bac06 1720 bt_cb(skb)->retries = 0;
1c2acffb 1721 return skb;
1da177e4
LT		 1722}
1723
67c9e840 1724static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1725{
c74e560c
GP		 1726 struct sk_buff *skb;
1727 struct sk_buff_head sar_queue;
88843ab0 1728 u32 control;
c74e560c
GP		 1729 size_t size = 0;
1730
ff12fd64 1731 skb_queue_head_init(&sar_queue);
7e0ef6ee 1732 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1733 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1734 if (IS_ERR(skb))
1735 return PTR_ERR(skb);
1736
1737 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1738 len -= chan->remote_mps;
1739 size += chan->remote_mps;
c74e560c
GP		 1740
1741 while (len > 0) {
1742 size_t buflen;
1743
2c03a7a4 1744 if (len > chan->remote_mps) {
7e0ef6ee 1745 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1746 buflen = chan->remote_mps;
c74e560c 1747 } else {
7e0ef6ee 1748 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1749 buflen = len;
1750 }
1751
47d1ec61 1752 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1753 if (IS_ERR(skb)) {
1754 skb_queue_purge(&sar_queue);
1755 return PTR_ERR(skb);
1756 }
1757
1758 __skb_queue_tail(&sar_queue, skb);
1759 len -= buflen;
1760 size += buflen;
c74e560c 1761 }
58d35f87
GP		 1762 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1763 if (chan->tx_send_head == NULL)
1764 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1765
1766 return size;
1767}
1768
5e59b791
LAD		 1769int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1770 u32 priority)
9a91a04a 1771{
9a91a04a 1772 struct sk_buff *skb;
88843ab0 1773 u32 control;
9a91a04a
GP		 1774 int err;
1775
1776 /* Connectionless channel */
715ec005 1777 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1778 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1779 if (IS_ERR(skb))
1780 return PTR_ERR(skb);
1781
1782 l2cap_do_send(chan, skb);
1783 return len;
1784 }
1785
1786 switch (chan->mode) {
1787 case L2CAP_MODE_BASIC:
1788 /* Check outgoing MTU */
1789 if (len > chan->omtu)
1790 return -EMSGSIZE;
1791
1792 /* Create a basic PDU */
5e59b791 1793 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1794 if (IS_ERR(skb))
1795 return PTR_ERR(skb);
1796
1797 l2cap_do_send(chan, skb);
1798 err = len;
1799 break;
1800
1801 case L2CAP_MODE_ERTM:
1802 case L2CAP_MODE_STREAMING:
1803 /* Entire SDU fits into one PDU */
1804 if (len <= chan->remote_mps) {
7e0ef6ee 1805 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1806 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1807 0);
1808 if (IS_ERR(skb))
1809 return PTR_ERR(skb);
1810
1811 __skb_queue_tail(&chan->tx_q, skb);
1812
1813 if (chan->tx_send_head == NULL)
1814 chan->tx_send_head = skb;
1815
1816 } else {
1817 /* Segment SDU into multiples PDUs */
1818 err = l2cap_sar_segment_sdu(chan, msg, len);
1819 if (err < 0)
1820 return err;
1821 }
1822
1823 if (chan->mode == L2CAP_MODE_STREAMING) {
1824 l2cap_streaming_send(chan);
1825 err = len;
1826 break;
1827 }
1828
e2ab4353
GP		 1829 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1830 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1831 err = len;
1832 break;
1833 }
1834
1835 err = l2cap_ertm_send(chan);
1836 if (err >= 0)
1837 err = len;
1838
1839 break;
1840
1841 default:
1842 BT_DBG("bad state %1.1x", chan->mode);
1843 err = -EBADFD;
1844 }
1845
1846 return err;
1847}
1848
1da177e4
LT		 1849/* Copy frame to all raw sockets on that connection */
1850static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1851{
1da177e4 1852 struct sk_buff *nskb;
48454079 1853 struct l2cap_chan *chan;
1da177e4
LT		 1854
1855 BT_DBG("conn %p", conn);
1856
3df91ea2 1857 mutex_lock(&conn->chan_lock);
3d57dc68 1858
3df91ea2 1859 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1860 struct sock *sk = chan->sk;
715ec005 1861 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1862 continue;
1863
1864 /* Don't send frame to the socket it came from */
1865 if (skb->sk == sk)
1866 continue;
af05b30b
GP		 1867 nskb = skb_clone(skb, GFP_ATOMIC);
1868 if (!nskb)
1da177e4
LT		 1869 continue;
1870
23070494 1871 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1872 kfree_skb(nskb);
1873 }
3d57dc68 1874
3df91ea2 1875 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1876}
1877
1878/* ---- L2CAP signalling commands ---- */
1879static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1880 u8 code, u8 ident, u16 dlen, void *data)
1881{
1882 struct sk_buff *skb, **frag;
1883 struct l2cap_cmd_hdr *cmd;
1884 struct l2cap_hdr *lh;
1885 int len, count;
1886
af05b30b
GP		 1887 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1888 conn, code, ident, dlen);
1da177e4
LT		 1889
1890 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1891 count = min_t(unsigned int, conn->mtu, len);
1892
1893 skb = bt_skb_alloc(count, GFP_ATOMIC);
1894 if (!skb)
1895 return NULL;
1896
1897 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1898 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1899
1900 if (conn->hcon->type == LE_LINK)
1901 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1902 else
1903 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1904
1905 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1906 cmd->code = code;
1907 cmd->ident = ident;
aca3192c 1908 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1909
1910 if (dlen) {
1911 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1912 memcpy(skb_put(skb, count), data, count);
1913 data += count;
1914 }
1915
1916 len -= skb->len;
1917
1918 /* Continuation fragments (no L2CAP header) */
1919 frag = &skb_shinfo(skb)->frag_list;
1920 while (len) {
1921 count = min_t(unsigned int, conn->mtu, len);
1922
1923 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1924 if (!*frag)
1925 goto fail;
1926
1927 memcpy(skb_put(*frag, count), data, count);
1928
1929 len -= count;
1930 data += count;
1931
1932 frag = &(*frag)->next;
1933 }
1934
1935 return skb;
1936
1937fail:
1938 kfree_skb(skb);
1939 return NULL;
1940}
1941
1942static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1943{
1944 struct l2cap_conf_opt *opt = *ptr;
1945 int len;
1946
1947 len = L2CAP_CONF_OPT_SIZE + opt->len;
1948 *ptr += len;
1949
1950 *type = opt->type;
1951 *olen = opt->len;
1952
1953 switch (opt->len) {
1954 case 1:
1955 *val = *((u8 *) opt->val);
1956 break;
1957
1958 case 2:
bfaaeb3e 1959 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1960 break;
1961
1962 case 4:
bfaaeb3e 1963 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1964 break;
1965
1966 default:
1967 *val = (unsigned long) opt->val;
1968 break;
1969 }
1970
1971 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1972 return len;
1973}
1974
1da177e4
LT		 1975static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1976{
1977 struct l2cap_conf_opt *opt = *ptr;
1978
1979 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1980
1981 opt->type = type;
1982 opt->len = len;
1983
1984 switch (len) {
1985 case 1:
1986 *((u8 *) opt->val) = val;
1987 break;
1988
1989 case 2:
4f8b691c 1990 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1991 break;
1992
1993 case 4:
4f8b691c 1994 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1995 break;
1996
1997 default:
1998 memcpy(opt->val, (void *) val, len);
1999 break;
2000 }
2001
2002 *ptr += L2CAP_CONF_OPT_SIZE + len;
2003}
2004
f89cef09
AE		 2005static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2006{
2007 struct l2cap_conf_efs efs;
2008
1ec918ce 2009 switch (chan->mode) {
f89cef09
AE		 2010 case L2CAP_MODE_ERTM:
2011 efs.id = chan->local_id;
2012 efs.stype = chan->local_stype;
2013 efs.msdu = cpu_to_le16(chan->local_msdu);
2014 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2015 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2016 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2017 break;
2018
2019 case L2CAP_MODE_STREAMING:
2020 efs.id = 1;
2021 efs.stype = L2CAP_SERV_BESTEFFORT;
2022 efs.msdu = cpu_to_le16(chan->local_msdu);
2023 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2024 efs.acc_lat = 0;
2025 efs.flush_to = 0;
2026 break;
2027
2028 default:
2029 return;
2030 }
2031
2032 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2033 (unsigned long) &efs);
2034}
2035
721c4181 2036static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2037{
721c4181
GP		 2038 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2039 ack_timer.work);
c1b4f43b 2040
2fb9b3d4
GP		 2041 BT_DBG("chan %p", chan);
2042
6be36555
AE		 2043 l2cap_chan_lock(chan);
2044
b17e73bb 2045 __l2cap_send_ack(chan);
6be36555
AE		 2046
2047 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2048
2049 l2cap_chan_put(chan);
c1b4f43b
GP		 2050}
2051
525cd185 2052static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2053{
42e5c802 2054 chan->expected_ack_seq = 0;
6a026610 2055 chan->unacked_frames = 0;
42e5c802 2056 chan->buffer_seq = 0;
6a026610
GP		 2057 chan->num_acked = 0;
2058 chan->frames_sent = 0;
0565c1c2 2059
721c4181
GP		 2060 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2061 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2062 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2063
f1c6775b 2064 skb_queue_head_init(&chan->srej_q);
1890d36b 2065
39d5a3ee 2066 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2067}
2068
f2fcfcd6
GP		 2069static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2070{
2071 switch (mode) {
2072 case L2CAP_MODE_STREAMING:
2073 case L2CAP_MODE_ERTM:
2074 if (l2cap_mode_supported(mode, remote_feat_mask))
2075 return mode;
2076 /* fall through */
2077 default:
2078 return L2CAP_MODE_BASIC;
2079 }
2080}
2081
6327eb98
AE		 2082static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2083{
2084 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2085}
2086
f89cef09
AE		 2087static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2088{
2089 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2090}
2091
6327eb98
AE		 2092static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2093{
2094 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2095 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2096 /* use extended control field */
2097 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2098 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2099 } else {
6327eb98
AE		 2100 chan->tx_win = min_t(u16, chan->tx_win,
2101 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2102 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2103 }
6327eb98
AE		 2104}
2105
710f9b0a 2106static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2107{
1da177e4 2108 struct l2cap_conf_req *req = data;
0c1bc5c6 2109 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2110 void *ptr = req->data;
c8f79162 2111 u16 size;
1da177e4 2112
49208c9c 2113 BT_DBG("chan %p", chan);
1da177e4 2114
73ffa904 2115 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2116 goto done;
2117
0c1bc5c6 2118 switch (chan->mode) {
f2fcfcd6
GP		 2119 case L2CAP_MODE_STREAMING:
2120 case L2CAP_MODE_ERTM:
c1360a1c 2121 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2122 break;
85eb53c6 2123
f89cef09
AE		 2124 if (__l2cap_efs_supported(chan))
2125 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2126
2ba13ed6 2127 /* fall through */
f2fcfcd6 2128 default:
8c1d787b 2129 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2130 break;
2131 }
2132
2133done:
0c1bc5c6
GP		 2134 if (chan->imtu != L2CAP_DEFAULT_MTU)
2135 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2136
0c1bc5c6 2137 switch (chan->mode) {
65c7c491 2138 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2139 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2140 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2141 break;
2142
62547752
GP		 2143 rfc.mode = L2CAP_MODE_BASIC;
2144 rfc.txwin_size = 0;
2145 rfc.max_transmit = 0;
2146 rfc.retrans_timeout = 0;
2147 rfc.monitor_timeout = 0;
2148 rfc.max_pdu_size = 0;
2149
63406504
GP		 2150 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2151 (unsigned long) &rfc);
65c7c491
MH		 2152 break;
2153
2154 case L2CAP_MODE_ERTM:
2155 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2156 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2157 rfc.retrans_timeout = 0;
2158 rfc.monitor_timeout = 0;
c8f79162
AE		 2159
2160 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2161 L2CAP_EXT_HDR_SIZE -
2162 L2CAP_SDULEN_SIZE -
2163 L2CAP_FCS_SIZE);
2164 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2165
6327eb98
AE		 2166 l2cap_txwin_setup(chan);
2167
2168 rfc.txwin_size = min_t(u16, chan->tx_win,
2169 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2170
63406504
GP		 2171 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2172 (unsigned long) &rfc);
2173
f89cef09
AE		 2174 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2175 l2cap_add_opt_efs(&ptr, chan);
2176
8c1d787b 2177 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2178 break;
2179
47d1ec61 2180 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2181 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2182 chan->fcs = L2CAP_FCS_NONE;
2183 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2184 }
6327eb98
AE		 2185
2186 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2187 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2188 chan->tx_win);
f2fcfcd6
GP		 2189 break;
2190
2191 case L2CAP_MODE_STREAMING:
2192 rfc.mode = L2CAP_MODE_STREAMING;
2193 rfc.txwin_size = 0;
2194 rfc.max_transmit = 0;
2195 rfc.retrans_timeout = 0;
2196 rfc.monitor_timeout = 0;
c8f79162
AE		 2197
2198 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2199 L2CAP_EXT_HDR_SIZE -
2200 L2CAP_SDULEN_SIZE -
2201 L2CAP_FCS_SIZE);
2202 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2203
63406504
GP		 2204 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2205 (unsigned long) &rfc);
2206
f89cef09
AE		 2207 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2208 l2cap_add_opt_efs(&ptr, chan);
2209
8c1d787b 2210 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2211 break;
2212
47d1ec61 2213 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2214 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2215 chan->fcs = L2CAP_FCS_NONE;
2216 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2217 }
65c7c491
MH		 2218 break;
2219 }
1da177e4 2220
fe4128e0 2221 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2222 req->flags = cpu_to_le16(0);
1da177e4
LT		 2223
2224 return ptr - data;
2225}
2226
73ffa904 2227static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2228{
5dee9e7c
MH		 2229 struct l2cap_conf_rsp *rsp = data;
2230 void *ptr = rsp->data;
73ffa904
GP		 2231 void *req = chan->conf_req;
2232 int len = chan->conf_len;
5dee9e7c
MH		 2233 int type, hint, olen;
2234 unsigned long val;
6464f35f 2235 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2236 struct l2cap_conf_efs efs;
2237 u8 remote_efs = 0;
861d6882 2238 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2239 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2240 u16 size;
1da177e4 2241
73ffa904 2242 BT_DBG("chan %p", chan);
820ae1b8 2243
5dee9e7c
MH		 2244 while (len >= L2CAP_CONF_OPT_SIZE) {
2245 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2246
589d2746 2247 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2248 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2249
2250 switch (type) {
2251 case L2CAP_CONF_MTU:
861d6882 2252 mtu = val;
5dee9e7c
MH		 2253 break;
2254
2255 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2256 chan->flush_to = val;
5dee9e7c
MH		 2257 break;
2258
2259 case L2CAP_CONF_QOS:
2260 break;
2261
6464f35f
MH		 2262 case L2CAP_CONF_RFC:
2263 if (olen == sizeof(rfc))
2264 memcpy(&rfc, (void *) val, olen);
2265 break;
2266
fcc203c3
GP		 2267 case L2CAP_CONF_FCS:
2268 if (val == L2CAP_FCS_NONE)
c1360a1c 2269 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2270 break;
fcc203c3 2271
42dceae2
AE		 2272 case L2CAP_CONF_EFS:
2273 remote_efs = 1;
2274 if (olen == sizeof(efs))
2275 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2276 break;
2277
6327eb98
AE		 2278 case L2CAP_CONF_EWS:
2279 if (!enable_hs)
2280 return -ECONNREFUSED;
fcc203c3 2281
6327eb98
AE		 2282 set_bit(FLAG_EXT_CTRL, &chan->flags);
2283 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2284 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2285 chan->remote_tx_win = val;
fcc203c3
GP		 2286 break;
2287
5dee9e7c
MH		 2288 default:
2289 if (hint)
2290 break;
2291
2292 result = L2CAP_CONF_UNKNOWN;
2293 *((u8 *) ptr++) = type;
2294 break;
2295 }
2296 }
2297
73ffa904 2298 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2299 goto done;
2300
0c1bc5c6 2301 switch (chan->mode) {
f2fcfcd6
GP		 2302 case L2CAP_MODE_STREAMING:
2303 case L2CAP_MODE_ERTM:
c1360a1c 2304 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2305 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2306 chan->conn->feat_mask);
85eb53c6
GP		 2307 break;
2308 }
2309
42dceae2
AE		 2310 if (remote_efs) {
2311 if (__l2cap_efs_supported(chan))
2312 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2313 else
2314 return -ECONNREFUSED;
2315 }
2316
0c1bc5c6 2317 if (chan->mode != rfc.mode)
f2fcfcd6 2318 return -ECONNREFUSED;
742e519b 2319
f2fcfcd6 2320 break;
f2fcfcd6
GP		 2321 }
2322
2323done:
0c1bc5c6 2324 if (chan->mode != rfc.mode) {
f2fcfcd6 2325 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2326 rfc.mode = chan->mode;
f2fcfcd6 2327
73ffa904 2328 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2329 return -ECONNREFUSED;
2330
2331 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2332 sizeof(rfc), (unsigned long) &rfc);
2333 }
2334
5dee9e7c
MH		 2335 if (result == L2CAP_CONF_SUCCESS) {
2336 /* Configure output options and let the other side know
2337 * which ones we don't like. */
2338
f2fcfcd6
GP		 2339 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2340 result = L2CAP_CONF_UNACCEPT;
2341 else {
0c1bc5c6 2342 chan->omtu = mtu;
c1360a1c 2343 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2344 }
0c1bc5c6 2345 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2346
42dceae2
AE		 2347 if (remote_efs) {
2348 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2349 efs.stype != L2CAP_SERV_NOTRAFIC &&
2350 efs.stype != chan->local_stype) {
2351
2352 result = L2CAP_CONF_UNACCEPT;
2353
2354 if (chan->num_conf_req >= 1)
2355 return -ECONNREFUSED;
2356
2357 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2358 sizeof(efs),
42dceae2 2359 (unsigned long) &efs);
0e8b207e 2360 } else {
3e6b3b95 2361 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2362 result = L2CAP_CONF_PENDING;
2363 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2364 }
2365 }
2366
f2fcfcd6
GP		 2367 switch (rfc.mode) {
2368 case L2CAP_MODE_BASIC:
47d1ec61 2369 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2370 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2371 break;
2372
2373 case L2CAP_MODE_ERTM:
6327eb98
AE		 2374 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2375 chan->remote_tx_win = rfc.txwin_size;
2376 else
2377 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2378
2c03a7a4 2379 chan->remote_max_tx = rfc.max_transmit;
1c762159 2380
c8f79162
AE		 2381 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2382 chan->conn->mtu -
2383 L2CAP_EXT_HDR_SIZE -
2384 L2CAP_SDULEN_SIZE -
2385 L2CAP_FCS_SIZE);
2386 rfc.max_pdu_size = cpu_to_le16(size);
2387 chan->remote_mps = size;
f2fcfcd6 2388
10467e9e 2389 rfc.retrans_timeout =
4fd21a88 2390 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 2391 rfc.monitor_timeout =
4fd21a88 2392 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2393
c1360a1c 2394 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2395
2396 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2397 sizeof(rfc), (unsigned long) &rfc);
2398
42dceae2
AE		 2399 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2400 chan->remote_id = efs.id;
2401 chan->remote_stype = efs.stype;
2402 chan->remote_msdu = le16_to_cpu(efs.msdu);
2403 chan->remote_flush_to =
2404 le32_to_cpu(efs.flush_to);
2405 chan->remote_acc_lat =
2406 le32_to_cpu(efs.acc_lat);
2407 chan->remote_sdu_itime =
2408 le32_to_cpu(efs.sdu_itime);
2409 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2410 sizeof(efs), (unsigned long) &efs);
2411 }
f2fcfcd6
GP		 2412 break;
2413
2414 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2415 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2416 chan->conn->mtu -
2417 L2CAP_EXT_HDR_SIZE -
2418 L2CAP_SDULEN_SIZE -
2419 L2CAP_FCS_SIZE);
2420 rfc.max_pdu_size = cpu_to_le16(size);
2421 chan->remote_mps = size;
f2fcfcd6 2422
c1360a1c 2423 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2424
2425 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2426 sizeof(rfc), (unsigned long) &rfc);
2427
f2fcfcd6
GP		 2428 break;
2429
2430 default:
5dee9e7c 2431 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2432
6464f35f 2433 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2434 rfc.mode = chan->mode;
f2fcfcd6 2435 }
6464f35f 2436
f2fcfcd6 2437 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2438 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2439 }
fe4128e0 2440 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2441 rsp->result = cpu_to_le16(result);
2442 rsp->flags = cpu_to_le16(0x0000);
2443
2444 return ptr - data;
1da177e4
LT		 2445}
2446
b4450035 2447static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2448{
f2fcfcd6
GP		 2449 struct l2cap_conf_req *req = data;
2450 void *ptr = req->data;
2451 int type, olen;
2452 unsigned long val;
36e999a8 2453 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2454 struct l2cap_conf_efs efs;
f2fcfcd6 2455
fe4128e0 2456 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2457
2458 while (len >= L2CAP_CONF_OPT_SIZE) {
2459 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2460
2461 switch (type) {
2462 case L2CAP_CONF_MTU:
2463 if (val < L2CAP_DEFAULT_MIN_MTU) {
2464 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2465 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2466 } else
0c1bc5c6
GP		 2467 chan->imtu = val;
2468 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2469 break;
2470
2471 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2472 chan->flush_to = val;
f2fcfcd6 2473 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2474 2, chan->flush_to);
f2fcfcd6
GP		 2475 break;
2476
2477 case L2CAP_CONF_RFC:
2478 if (olen == sizeof(rfc))
2479 memcpy(&rfc, (void *)val, olen);
2480
c1360a1c 2481 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2482 rfc.mode != chan->mode)
f2fcfcd6
GP		 2483 return -ECONNREFUSED;
2484
47d1ec61 2485 chan->fcs = 0;
f2fcfcd6
GP		 2486
2487 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2488 sizeof(rfc), (unsigned long) &rfc);
2489 break;
6327eb98
AE		 2490
2491 case L2CAP_CONF_EWS:
2492 chan->tx_win = min_t(u16, val,
2493 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2494 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2495 chan->tx_win);
6327eb98 2496 break;
66af7aaf
AE		 2497
2498 case L2CAP_CONF_EFS:
2499 if (olen == sizeof(efs))
2500 memcpy(&efs, (void *)val, olen);
2501
2502 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2503 efs.stype != L2CAP_SERV_NOTRAFIC &&
2504 efs.stype != chan->local_stype)
2505 return -ECONNREFUSED;
2506
2507 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2508 sizeof(efs), (unsigned long) &efs);
2509 break;
f2fcfcd6
GP		 2510 }
2511 }
2512
0c1bc5c6 2513 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2514 return -ECONNREFUSED;
2515
0c1bc5c6 2516 chan->mode = rfc.mode;
6c2ea7a8 2517
0e8b207e 2518 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2519 switch (rfc.mode) {
2520 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2521 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2522 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2523 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2524
2525 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2526 chan->local_msdu = le16_to_cpu(efs.msdu);
2527 chan->local_sdu_itime =
2528 le32_to_cpu(efs.sdu_itime);
2529 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2530 chan->local_flush_to =
2531 le32_to_cpu(efs.flush_to);
2532 }
f2fcfcd6 2533 break;
66af7aaf 2534
f2fcfcd6 2535 case L2CAP_MODE_STREAMING:
47d1ec61 2536 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2537 }
2538 }
2539
fe4128e0 2540 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2541 req->flags = cpu_to_le16(0x0000);
2542
2543 return ptr - data;
2544}
2545
fe4128e0 2546static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2547{
2548 struct l2cap_conf_rsp *rsp = data;
2549 void *ptr = rsp->data;
1da177e4 2550
fe4128e0 2551 BT_DBG("chan %p", chan);
1da177e4 2552
fe4128e0 2553 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2554 rsp->result = cpu_to_le16(result);
aca3192c 2555 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2556
2557 return ptr - data;
2558}
2559
8c1d787b 2560void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2561{
2562 struct l2cap_conn_rsp rsp;
8c1d787b 2563 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2564 u8 buf[128];
2565
fe4128e0
GP		 2566 rsp.scid = cpu_to_le16(chan->dcid);
2567 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2568 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2569 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2570 l2cap_send_cmd(conn, chan->ident,
2571 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2572
c1360a1c 2573 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2574 return;
2575
710f9b0a
GP		 2576 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2577 l2cap_build_conf_req(chan, buf), buf);
2578 chan->num_conf_req++;
2579}
2580
47d1ec61 2581static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2582{
7b1c0049
GP		 2583 int type, olen;
2584 unsigned long val;
2585 struct l2cap_conf_rfc rfc;
2586
47d1ec61 2587 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2588
0c1bc5c6 2589 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2590 return;
2591
2592 while (len >= L2CAP_CONF_OPT_SIZE) {
2593 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2594
2595 switch (type) {
2596 case L2CAP_CONF_RFC:
2597 if (olen == sizeof(rfc))
2598 memcpy(&rfc, (void *)val, olen);
2599 goto done;
2600 }
2601 }
2602
36e999a8
MM		 2603 /* Use sane default values in case a misbehaving remote device
2604 * did not send an RFC option.
2605 */
2606 rfc.mode = chan->mode;
2607 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2608 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2609 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2610
2611 BT_ERR("Expected RFC option was not found, using defaults");
2612
7b1c0049
GP		 2613done:
2614 switch (rfc.mode) {
2615 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2616 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2617 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2618 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2619 break;
2620 case L2CAP_MODE_STREAMING:
47d1ec61 2621 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2622 }
2623}
2624
4e8402a3
MH		 2625static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2626{
e2fd318e 2627 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2628
e2fd318e 2629 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2630 return 0;
2631
2632 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2633 cmd->ident == conn->info_ident) {
17cd3f37 2634 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2635
2636 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2637 conn->info_ident = 0;
984947dc 2638
4e8402a3
MH		 2639 l2cap_conn_start(conn);
2640 }
2641
2642 return 0;
2643}
2644
1da177e4
LT		 2645static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2646{
1da177e4
LT		 2647 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2648 struct l2cap_conn_rsp rsp;
23691d75 2649 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2650 struct sock *parent, *sk = NULL;
e7c29cb1 2651 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2652
2653 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2654 __le16 psm = req->psm;
1da177e4 2655
097db76c 2656 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 2657
2658 /* Check if we have socket listening on psm */
23691d75
GP		 2659 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2660 if (!pchan) {
1da177e4
LT		 2661 result = L2CAP_CR_BAD_PSM;
2662 goto sendresp;
2663 }
2664
23691d75
GP		 2665 parent = pchan->sk;
2666
3df91ea2 2667 mutex_lock(&conn->chan_lock);
aa2ac881 2668 lock_sock(parent);
e0f0cb56 2669
e7c29cb1
MH		 2670 /* Check if the ACL is secure enough (if not SDP) */
2671 if (psm != cpu_to_le16(0x0001) &&
2672 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2673 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2674 result = L2CAP_CR_SEC_BLOCK;
2675 goto response;
2676 }
2677
1da177e4
LT		 2678 result = L2CAP_CR_NO_MEM;
2679
2680 /* Check for backlog size */
2681 if (sk_acceptq_is_full(parent)) {
8e87d142 2682 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2683 goto response;
2684 }
2685
80808e43
GP		 2686 chan = pchan->ops->new_connection(pchan->data);
2687 if (!chan)
1da177e4
LT		 2688 goto response;
2689
80808e43
GP		 2690 sk = chan->sk;
2691
1da177e4 2692 /* Check if we already have channel with that dcid */
baa7e1fa 2693 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2694 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2695 chan->ops->close(chan->data);
1da177e4
LT		 2696 goto response;
2697 }
2698
2699 hci_conn_hold(conn->hcon);
2700
1da177e4
LT		 2701 bacpy(&bt_sk(sk)->src, conn->src);
2702 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2703 chan->psm = psm;
2704 chan->dcid = scid;
1da177e4 2705
d1010240
GP		 2706 bt_accept_enqueue(parent, sk);
2707
6be36555 2708 __l2cap_chan_add(conn, chan);
48454079 2709
fe4128e0 2710 dcid = chan->scid;
1da177e4 2711
c9b66675 2712 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2713
fc7f8a7e 2714 chan->ident = cmd->ident;
1da177e4 2715
984947dc 2716 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2717 if (l2cap_chan_check_security(chan)) {
f66dc81f 2718 if (bt_sk(sk)->defer_setup) {
0e587be7 2719 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2720 result = L2CAP_CR_PEND;
2721 status = L2CAP_CS_AUTHOR_PEND;
2722 parent->sk_data_ready(parent, 0);
2723 } else {
0e587be7 2724 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2725 result = L2CAP_CR_SUCCESS;
2726 status = L2CAP_CS_NO_INFO;
2727 }
79d554a6 2728 } else {
0e587be7 2729 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2730 result = L2CAP_CR_PEND;
2731 status = L2CAP_CS_AUTHEN_PEND;
2732 }
2733 } else {
0e587be7 2734 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2735 result = L2CAP_CR_PEND;
2736 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2737 }
2738
1da177e4 2739response:
aa2ac881 2740 release_sock(parent);
3df91ea2 2741 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2742
2743sendresp:
aca3192c
YH		 2744 rsp.scid = cpu_to_le16(scid);
2745 rsp.dcid = cpu_to_le16(dcid);
2746 rsp.result = cpu_to_le16(result);
2747 rsp.status = cpu_to_le16(status);
1da177e4 2748 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2749
2750 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2751 struct l2cap_info_req info;
2752 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2753
2754 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2755 conn->info_ident = l2cap_get_ident(conn);
2756
ba13ccd9 2757 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 2758
2759 l2cap_send_cmd(conn, conn->info_ident,
2760 L2CAP_INFO_REQ, sizeof(info), &info);
2761 }
2762
c1360a1c 2763 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2764 result == L2CAP_CR_SUCCESS) {
2765 u8 buf[128];
c1360a1c 2766 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2767 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2768 l2cap_build_conf_req(chan, buf), buf);
2769 chan->num_conf_req++;
e9aeb2dd
GP		 2770 }
2771
1da177e4
LT		 2772 return 0;
2773}
2774
2775static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2776{
2777 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2778 u16 scid, dcid, result, status;
48454079 2779 struct l2cap_chan *chan;
1da177e4 2780 u8 req[128];
3df91ea2 2781 int err;
1da177e4
LT		 2782
2783 scid = __le16_to_cpu(rsp->scid);
2784 dcid = __le16_to_cpu(rsp->dcid);
2785 result = __le16_to_cpu(rsp->result);
2786 status = __le16_to_cpu(rsp->status);
2787
1b009c98
AE		 2788 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2789 dcid, scid, result, status);
1da177e4 2790
3df91ea2
AE		 2791 mutex_lock(&conn->chan_lock);
2792
1da177e4 2793 if (scid) {
3df91ea2
AE		 2794 chan = __l2cap_get_chan_by_scid(conn, scid);
2795 if (!chan) {
2796 err = -EFAULT;
2797 goto unlock;
2798 }
1da177e4 2799 } else {
3df91ea2
AE		 2800 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2801 if (!chan) {
2802 err = -EFAULT;
2803 goto unlock;
2804 }
1da177e4
LT		 2805 }
2806
3df91ea2
AE		 2807 err = 0;
2808
6be36555 2809 l2cap_chan_lock(chan);
48454079 2810
1da177e4
LT		 2811 switch (result) {
2812 case L2CAP_CR_SUCCESS:
89bc500e 2813 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2814 chan->ident = 0;
fe4128e0 2815 chan->dcid = dcid;
c1360a1c 2816 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2817
c1360a1c 2818 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2819 break;
2820
1da177e4 2821 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2822 l2cap_build_conf_req(chan, req), req);
2823 chan->num_conf_req++;
1da177e4
LT		 2824 break;
2825
2826 case L2CAP_CR_PEND:
c1360a1c 2827 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2828 break;
2829
2830 default:
48454079 2831 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2832 break;
2833 }
2834
6be36555 2835 l2cap_chan_unlock(chan);
3df91ea2
AE		 2836
2837unlock:
2838 mutex_unlock(&conn->chan_lock);
2839
2840 return err;
1da177e4
LT		 2841}
2842
47d1ec61 2843static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2844{
2845 /* FCS is enabled only in ERTM or streaming mode, if one or both
2846 * sides request it.
2847 */
0c1bc5c6 2848 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2849 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2850 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2851 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2852}
2853
88219a0f 2854static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2855{
2856 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2857 u16 dcid, flags;
2858 u8 rsp[64];
48454079 2859 struct l2cap_chan *chan;
5dee9e7c 2860 int len;
1da177e4
LT		 2861
2862 dcid = __le16_to_cpu(req->dcid);
2863 flags = __le16_to_cpu(req->flags);
2864
2865 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2866
baa7e1fa 2867 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2868 if (!chan)
1da177e4
LT		 2869 return -ENOENT;
2870
6be36555 2871 l2cap_chan_lock(chan);
48454079 2872
033b1142 2873 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2874 struct l2cap_cmd_rej_cid rej;
2875
2876 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2877 rej.scid = cpu_to_le16(chan->scid);
2878 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2879
df6bd743
GP		 2880 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2881 sizeof(rej), &rej);
354f60a9 2882 goto unlock;
df6bd743 2883 }
354f60a9 2884
5dee9e7c 2885 /* Reject if config buffer is too small. */
88219a0f 2886 len = cmd_len - sizeof(*req);
7ac28817 2887 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2888 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2889 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2890 L2CAP_CONF_REJECT, flags), rsp);
2891 goto unlock;
2892 }
2893
2894 /* Store config. */
73ffa904
GP		 2895 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2896 chan->conf_len += len;
1da177e4
LT		 2897
2898 if (flags & 0x0001) {
2899 /* Incomplete config. Send empty response. */
2900 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2901 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2902 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2903 goto unlock;
2904 }
2905
2906 /* Complete config. */
73ffa904 2907 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2908 if (len < 0) {
e92c8e70 2909 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2910 goto unlock;
f2fcfcd6 2911 }
1da177e4 2912
5dee9e7c 2913 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2914 chan->num_conf_rsp++;
5dee9e7c 2915
5dee9e7c 2916 /* Reset config buffer. */
73ffa904 2917 chan->conf_len = 0;
5dee9e7c 2918
c1360a1c 2919 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2920 goto unlock;
2921
c1360a1c 2922 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2923 set_default_fcs(chan);
fcc203c3 2924
89bc500e 2925 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2926
42e5c802
GP		 2927 chan->next_tx_seq = 0;
2928 chan->expected_tx_seq = 0;
58d35f87 2929 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2930 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2931 l2cap_ertm_init(chan);
0565c1c2 2932
cf4cd009 2933 l2cap_chan_ready(chan);
876d9484
MH		 2934 goto unlock;
2935 }
2936
c1360a1c 2937 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2938 u8 buf[64];
1da177e4 2939 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2940 l2cap_build_conf_req(chan, buf), buf);
2941 chan->num_conf_req++;
1da177e4
LT		 2942 }
2943
0e8b207e
AE		 2944 /* Got Conf Rsp PENDING from remote side and asume we sent
2945 Conf Rsp PENDING in the code above */
2946 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2947 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2948
2949 /* check compatibility */
2950
2951 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2952 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2953
2954 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2955 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2956 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2957 }
2958
1da177e4 2959unlock:
6be36555 2960 l2cap_chan_unlock(chan);
1da177e4
LT		 2961 return 0;
2962}
2963
2964static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2965{
2966 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2967 u16 scid, flags, result;
48454079 2968 struct l2cap_chan *chan;
61386cba 2969 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
1da177e4
LT		 2970
2971 scid = __le16_to_cpu(rsp->scid);
2972 flags = __le16_to_cpu(rsp->flags);
2973 result = __le16_to_cpu(rsp->result);
2974
61386cba
AE		 2975 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
2976 result, len);
1da177e4 2977
baa7e1fa 2978 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2979 if (!chan)
1da177e4
LT		 2980 return 0;
2981
6be36555 2982 l2cap_chan_lock(chan);
48454079 2983
1da177e4
LT		 2984 switch (result) {
2985 case L2CAP_CONF_SUCCESS:
47d1ec61 2986 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2987 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2988 break;
2989
0e8b207e
AE		 2990 case L2CAP_CONF_PENDING:
2991 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2992
2993 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2994 char buf[64];
2995
2996 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2997 buf, &result);
2998 if (len < 0) {
2999 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3000 goto done;
3001 }
3002
3003 /* check compatibility */
3004
3005 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3006 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3007
3008 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3009 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3010 L2CAP_CONF_SUCCESS, 0x0000), buf);
3011 }
3012 goto done;
3013
1da177e4 3014 case L2CAP_CONF_UNACCEPT:
73ffa904 3015 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3016 char req[64];
3017
c2c77ec8 3018 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3019 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3020 goto done;
3021 }
3022
f2fcfcd6
GP		 3023 /* throw out any old stored conf requests */
3024 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3025 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3026 req, &result);
f2fcfcd6 3027 if (len < 0) {
e92c8e70 3028 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3029 goto done;
3030 }
3031
3032 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3033 L2CAP_CONF_REQ, len, req);
73ffa904 3034 chan->num_conf_req++;
f2fcfcd6
GP		 3035 if (result != L2CAP_CONF_SUCCESS)
3036 goto done;
3037 break;
1da177e4
LT		 3038 }
3039
8e87d142 3040 default:
6be36555 3041 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3042
ba13ccd9 3043 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3044 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3045 goto done;
3046 }
3047
3048 if (flags & 0x01)
3049 goto done;
3050
c1360a1c 3051 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3052
c1360a1c 3053 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3054 set_default_fcs(chan);
fcc203c3 3055
89bc500e 3056 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3057 chan->next_tx_seq = 0;
3058 chan->expected_tx_seq = 0;
58d35f87 3059 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3060 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3061 l2cap_ertm_init(chan);
0565c1c2 3062
cf4cd009 3063 l2cap_chan_ready(chan);
1da177e4
LT		 3064 }
3065
3066done:
6be36555 3067 l2cap_chan_unlock(chan);
1da177e4
LT		 3068 return 0;
3069}
3070
3071static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3072{
3073 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3074 struct l2cap_disconn_rsp rsp;
3075 u16 dcid, scid;
48454079 3076 struct l2cap_chan *chan;
1da177e4
LT		 3077 struct sock *sk;
3078
3079 scid = __le16_to_cpu(req->scid);
3080 dcid = __le16_to_cpu(req->dcid);
3081
3082 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3083
3df91ea2
AE		 3084 mutex_lock(&conn->chan_lock);
3085
3086 chan = __l2cap_get_chan_by_scid(conn, dcid);
3087 if (!chan) {
3088 mutex_unlock(&conn->chan_lock);
1da177e4 3089 return 0;
3df91ea2 3090 }
1da177e4 3091
6be36555
AE		 3092 l2cap_chan_lock(chan);
3093
48454079
GP		 3094 sk = chan->sk;
3095
fe4128e0
GP		 3096 rsp.dcid = cpu_to_le16(chan->scid);
3097 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3098 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3099
6be36555 3100 lock_sock(sk);
1da177e4 3101 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3102 release_sock(sk);
1da177e4 3103
48454079 3104 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3105
3106 l2cap_chan_unlock(chan);
1da177e4 3107
ba3bd0ee 3108 chan->ops->close(chan->data);
3df91ea2
AE		 3109
3110 mutex_unlock(&conn->chan_lock);
3111
1da177e4
LT		 3112 return 0;
3113}
3114
3115static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3116{
3117 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3118 u16 dcid, scid;
48454079 3119 struct l2cap_chan *chan;
1da177e4
LT		 3120
3121 scid = __le16_to_cpu(rsp->scid);
3122 dcid = __le16_to_cpu(rsp->dcid);
3123
3124 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3125
3df91ea2
AE		 3126 mutex_lock(&conn->chan_lock);
3127
3128 chan = __l2cap_get_chan_by_scid(conn, scid);
3129 if (!chan) {
3130 mutex_unlock(&conn->chan_lock);
1da177e4 3131 return 0;
3df91ea2 3132 }
1da177e4 3133
6be36555 3134 l2cap_chan_lock(chan);
48454079 3135
48454079 3136 l2cap_chan_del(chan, 0);
6be36555
AE		 3137
3138 l2cap_chan_unlock(chan);
1da177e4 3139
ba3bd0ee 3140 chan->ops->close(chan->data);
3df91ea2
AE		 3141
3142 mutex_unlock(&conn->chan_lock);
3143
1da177e4
LT		 3144 return 0;
3145}
3146
3147static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3148{
3149 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3150 u16 type;
3151
3152 type = __le16_to_cpu(req->type);
3153
3154 BT_DBG("type 0x%4.4x", type);
3155
f0709e03
MH		 3156 if (type == L2CAP_IT_FEAT_MASK) {
3157 u8 buf[8];
44dd46de 3158 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3159 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3160 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3161 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3162 if (!disable_ertm)
fcc203c3
GP		 3163 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3164 | L2CAP_FEAT_FCS;
a5fd6f30 3165 if (enable_hs)
6327eb98
AE		 3166 feat_mask |= L2CAP_FEAT_EXT_FLOW
3167 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3168
1b7bf4ed 3169 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3170 l2cap_send_cmd(conn, cmd->ident,
3171 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3172 } else if (type == L2CAP_IT_FIXED_CHAN) {
3173 u8 buf[12];
3174 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3175
3176 if (enable_hs)
3177 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3178 else
3179 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3180
e1027a7c
MH		 3181 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3182 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3183 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3184 l2cap_send_cmd(conn, cmd->ident,
3185 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3186 } else {
3187 struct l2cap_info_rsp rsp;
3188 rsp.type = cpu_to_le16(type);
3189 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3190 l2cap_send_cmd(conn, cmd->ident,
3191 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3192 }
1da177e4
LT		 3193
3194 return 0;
3195}
3196
3197static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3198{
3199 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3200 u16 type, result;
3201
3202 type = __le16_to_cpu(rsp->type);
3203 result = __le16_to_cpu(rsp->result);
3204
3205 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3206
e90165be
AE		 3207 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3208 if (cmd->ident != conn->info_ident ||
3209 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3210 return 0;
3211
17cd3f37 3212 cancel_delayed_work(&conn->info_timer);
4e8402a3 3213
adb08ede
VT		 3214 if (result != L2CAP_IR_SUCCESS) {
3215 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3216 conn->info_ident = 0;
3217
3218 l2cap_conn_start(conn);
3219
3220 return 0;
3221 }
3222
978c93b9
AE		 3223 switch (type) {
3224 case L2CAP_IT_FEAT_MASK:
83985319 3225 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3226
47ec1dcd 3227 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3228 struct l2cap_info_req req;
3229 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3230
3231 conn->info_ident = l2cap_get_ident(conn);
3232
3233 l2cap_send_cmd(conn, conn->info_ident,
3234 L2CAP_INFO_REQ, sizeof(req), &req);
3235 } else {
3236 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3237 conn->info_ident = 0;
3238
3239 l2cap_conn_start(conn);
3240 }
978c93b9
AE		 3241 break;
3242
3243 case L2CAP_IT_FIXED_CHAN:
3244 conn->fixed_chan_mask = rsp->data[0];
984947dc 3245 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3246 conn->info_ident = 0;
984947dc
MH		 3247
3248 l2cap_conn_start(conn);
978c93b9 3249 break;
984947dc 3250 }
4e8402a3 3251
1da177e4
LT		 3252 return 0;
3253}
3254
f94ff6ff
MM		 3255static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3256 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3257 void *data)
3258{
3259 struct l2cap_create_chan_req *req = data;
3260 struct l2cap_create_chan_rsp rsp;
3261 u16 psm, scid;
3262
3263 if (cmd_len != sizeof(*req))
3264 return -EPROTO;
3265
3266 if (!enable_hs)
3267 return -EINVAL;
3268
3269 psm = le16_to_cpu(req->psm);
3270 scid = le16_to_cpu(req->scid);
3271
3272 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3273
3274 /* Placeholder: Always reject */
3275 rsp.dcid = 0;
3276 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 3277 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
3278 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 3279
3280 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3281 sizeof(rsp), &rsp);
3282
3283 return 0;
3284}
3285
3286static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3287 struct l2cap_cmd_hdr *cmd, void *data)
3288{
3289 BT_DBG("conn %p", conn);
3290
3291 return l2cap_connect_rsp(conn, cmd, data);
3292}
3293
8d5a04a1
MM		 3294static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3295 u16 icid, u16 result)
3296{
3297 struct l2cap_move_chan_rsp rsp;
3298
3299 BT_DBG("icid %d, result %d", icid, result);
3300
3301 rsp.icid = cpu_to_le16(icid);
3302 rsp.result = cpu_to_le16(result);
3303
3304 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3305}
3306
3307static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3308 struct l2cap_chan *chan, u16 icid, u16 result)
3309{
3310 struct l2cap_move_chan_cfm cfm;
3311 u8 ident;
3312
3313 BT_DBG("icid %d, result %d", icid, result);
3314
3315 ident = l2cap_get_ident(conn);
3316 if (chan)
3317 chan->ident = ident;
3318
3319 cfm.icid = cpu_to_le16(icid);
3320 cfm.result = cpu_to_le16(result);
3321
3322 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3323}
3324
3325static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3326 u16 icid)
3327{
3328 struct l2cap_move_chan_cfm_rsp rsp;
3329
3330 BT_DBG("icid %d", icid);
3331
3332 rsp.icid = cpu_to_le16(icid);
3333 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3334}
3335
3336static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3337 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3338{
3339 struct l2cap_move_chan_req *req = data;
3340 u16 icid = 0;
3341 u16 result = L2CAP_MR_NOT_ALLOWED;
3342
3343 if (cmd_len != sizeof(*req))
3344 return -EPROTO;
3345
3346 icid = le16_to_cpu(req->icid);
3347
3348 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3349
3350 if (!enable_hs)
3351 return -EINVAL;
3352
3353 /* Placeholder: Always refuse */
3354 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3355
3356 return 0;
3357}
3358
3359static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3360 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3361{
3362 struct l2cap_move_chan_rsp *rsp = data;
3363 u16 icid, result;
3364
3365 if (cmd_len != sizeof(*rsp))
3366 return -EPROTO;
3367
3368 icid = le16_to_cpu(rsp->icid);
3369 result = le16_to_cpu(rsp->result);
3370
3371 BT_DBG("icid %d, result %d", icid, result);
3372
3373 /* Placeholder: Always unconfirmed */
3374 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3375
3376 return 0;
3377}
3378
3379static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3380 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3381{
3382 struct l2cap_move_chan_cfm *cfm = data;
3383 u16 icid, result;
3384
3385 if (cmd_len != sizeof(*cfm))
3386 return -EPROTO;
3387
3388 icid = le16_to_cpu(cfm->icid);
3389 result = le16_to_cpu(cfm->result);
3390
3391 BT_DBG("icid %d, result %d", icid, result);
3392
3393 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3394
3395 return 0;
3396}
3397
3398static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3399 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3400{
3401 struct l2cap_move_chan_cfm_rsp *rsp = data;
3402 u16 icid;
3403
3404 if (cmd_len != sizeof(*rsp))
3405 return -EPROTO;
3406
3407 icid = le16_to_cpu(rsp->icid);
3408
3409 BT_DBG("icid %d", icid);
3410
3411 return 0;
3412}
3413
e2174ca4 3414static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3415 u16 to_multiplier)
3416{
3417 u16 max_latency;
3418
3419 if (min > max || min < 6 || max > 3200)
3420 return -EINVAL;
3421
3422 if (to_multiplier < 10 || to_multiplier > 3200)
3423 return -EINVAL;
3424
3425 if (max >= to_multiplier * 8)
3426 return -EINVAL;
3427
3428 max_latency = (to_multiplier * 8 / max) - 1;
3429 if (latency > 499 || latency > max_latency)
3430 return -EINVAL;
3431
3432 return 0;
3433}
3434
3435static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3436 struct l2cap_cmd_hdr *cmd, u8 *data)
3437{
3438 struct hci_conn *hcon = conn->hcon;
3439 struct l2cap_conn_param_update_req *req;
3440 struct l2cap_conn_param_update_rsp rsp;
3441 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3442 int err;
de73115a
CT		 3443
3444 if (!(hcon->link_mode & HCI_LM_MASTER))
3445 return -EINVAL;
3446
3447 cmd_len = __le16_to_cpu(cmd->len);
3448 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3449 return -EPROTO;
3450
3451 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3452 min = __le16_to_cpu(req->min);
3453 max = __le16_to_cpu(req->max);
de73115a
CT		 3454 latency = __le16_to_cpu(req->latency);
3455 to_multiplier = __le16_to_cpu(req->to_multiplier);
3456
3457 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3458 min, max, latency, to_multiplier);
3459
3460 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3461
3462 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3463 if (err)
de73115a
CT		 3464 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3465 else
3466 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3467
3468 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3469 sizeof(rsp), &rsp);
3470
2ce603eb
CT		 3471 if (!err)
3472 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3473
de73115a
CT		 3474 return 0;
3475}
3476
3300d9a9
CT		 3477static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3478 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3479{
3480 int err = 0;
3481
3482 switch (cmd->code) {
3483 case L2CAP_COMMAND_REJ:
3484 l2cap_command_rej(conn, cmd, data);
3485 break;
3486
3487 case L2CAP_CONN_REQ:
3488 err = l2cap_connect_req(conn, cmd, data);
3489 break;
3490
3491 case L2CAP_CONN_RSP:
3492 err = l2cap_connect_rsp(conn, cmd, data);
3493 break;
3494
3495 case L2CAP_CONF_REQ:
3496 err = l2cap_config_req(conn, cmd, cmd_len, data);
3497 break;
3498
3499 case L2CAP_CONF_RSP:
3500 err = l2cap_config_rsp(conn, cmd, data);
3501 break;
3502
3503 case L2CAP_DISCONN_REQ:
3504 err = l2cap_disconnect_req(conn, cmd, data);
3505 break;
3506
3507 case L2CAP_DISCONN_RSP:
3508 err = l2cap_disconnect_rsp(conn, cmd, data);
3509 break;
3510
3511 case L2CAP_ECHO_REQ:
3512 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3513 break;
3514
3515 case L2CAP_ECHO_RSP:
3516 break;
3517
3518 case L2CAP_INFO_REQ:
3519 err = l2cap_information_req(conn, cmd, data);
3520 break;
3521
3522 case L2CAP_INFO_RSP:
3523 err = l2cap_information_rsp(conn, cmd, data);
3524 break;
3525
f94ff6ff
MM		 3526 case L2CAP_CREATE_CHAN_REQ:
3527 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3528 break;
3529
3530 case L2CAP_CREATE_CHAN_RSP:
3531 err = l2cap_create_channel_rsp(conn, cmd, data);
3532 break;
3533
8d5a04a1
MM		 3534 case L2CAP_MOVE_CHAN_REQ:
3535 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3536 break;
3537
3538 case L2CAP_MOVE_CHAN_RSP:
3539 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3540 break;
3541
3542 case L2CAP_MOVE_CHAN_CFM:
3543 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3544 break;
3545
3546 case L2CAP_MOVE_CHAN_CFM_RSP:
3547 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3548 break;
3549
3300d9a9
CT		 3550 default:
3551 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3552 err = -EINVAL;
3553 break;
3554 }
3555
3556 return err;
3557}
3558
3559static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3560 struct l2cap_cmd_hdr *cmd, u8 *data)
3561{
3562 switch (cmd->code) {
3563 case L2CAP_COMMAND_REJ:
3564 return 0;
3565
3566 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3567 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3568
3569 case L2CAP_CONN_PARAM_UPDATE_RSP:
3570 return 0;
3571
3572 default:
3573 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3574 return -EINVAL;
3575 }
3576}
3577
3578static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3579 struct sk_buff *skb)
1da177e4
LT		 3580{
3581 u8 *data = skb->data;
3582 int len = skb->len;
3583 struct l2cap_cmd_hdr cmd;
3300d9a9 3584 int err;
1da177e4
LT		 3585
3586 l2cap_raw_recv(conn, skb);
3587
3588 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3589 u16 cmd_len;
1da177e4
LT		 3590 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3591 data += L2CAP_CMD_HDR_SIZE;
3592 len -= L2CAP_CMD_HDR_SIZE;
3593
88219a0f 3594 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3595
88219a0f 3596 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3597
88219a0f 3598 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3599 BT_DBG("corrupted command");
3600 break;
3601 }
3602
3300d9a9
CT		 3603 if (conn->hcon->type == LE_LINK)
3604 err = l2cap_le_sig_cmd(conn, &cmd, data);
3605 else
3606 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3607
3608 if (err) {
e2fd318e 3609 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3610
3611 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3612
3613 /* FIXME: Map err to a valid reason */
e2fd318e 3614 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3615 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3616 }
3617
88219a0f
AV		 3618 data += cmd_len;
3619 len -= cmd_len;
1da177e4
LT		 3620 }
3621
3622 kfree_skb(skb);
3623}
3624
47d1ec61 3625static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3626{
3627 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3628 int hdr_size;
3629
3630 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3631 hdr_size = L2CAP_EXT_HDR_SIZE;
3632 else
3633 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3634
47d1ec61 3635 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3636 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3637 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3638 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3639
3640 if (our_fcs != rcv_fcs)
7a560e5c 3641 return -EBADMSG;
fcc203c3
GP		 3642 }
3643 return 0;
3644}
3645
525cd185 3646static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3647{
88843ab0 3648 u32 control = 0;
d5392c8f 3649
6a026610 3650 chan->frames_sent = 0;
d5392c8f 3651
0b209fae 3652 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3653
e2ab4353 3654 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3655 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3656 l2cap_send_sframe(chan, control);
e2ab4353 3657 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3658 }
3659
e2ab4353 3660 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3661 l2cap_retransmit_frames(chan);
d5392c8f 3662
525cd185 3663 l2cap_ertm_send(chan);
d5392c8f 3664
e2ab4353 3665 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3666 chan->frames_sent == 0) {
ab784b73 3667 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3668 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3669 }
3670}
3671
fb45de7d 3672static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3673{
3674 struct sk_buff *next_skb;
bfbacc11 3675 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3676
3677 bt_cb(skb)->tx_seq = tx_seq;
3678 bt_cb(skb)->sar = sar;
3679
f1c6775b 3680 next_skb = skb_peek(&chan->srej_q);
8f17154f 3681
836be934 3682 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3683
039d9572 3684 while (next_skb) {
9b53350d
JPRV		 3685 if (bt_cb(next_skb)->tx_seq == tx_seq)
3686 return -EINVAL;
3687
836be934
AE		 3688 next_tx_seq_offset = __seq_offset(chan,
3689 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3690
3691 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3692 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3693 return 0;
8f17154f
GP		 3694 }
3695
f1c6775b 3696 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3697 next_skb = NULL;
3698 else
3699 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3700 }
8f17154f 3701
f1c6775b 3702 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3703
3704 return 0;
8f17154f
GP		 3705}
3706
84084a31
MM		 3707static void append_skb_frag(struct sk_buff *skb,
3708 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3709{
84084a31
MM		 3710 /* skb->len reflects data in skb as well as all fragments
3711 * skb->data_len reflects only data in fragments
3712 */
3713 if (!skb_has_frag_list(skb))
3714 skb_shinfo(skb)->frag_list = new_frag;
3715
3716 new_frag->next = NULL;
3717
3718 (*last_frag)->next = new_frag;
3719 *last_frag = new_frag;
3720
3721 skb->len += new_frag->len;
3722 skb->data_len += new_frag->len;
3723 skb->truesize += new_frag->truesize;
3724}
3725
88843ab0 3726static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3727{
3728 int err = -EINVAL;
18778a63 3729
7e0ef6ee
AE		 3730 switch (__get_ctrl_sar(chan, control)) {
3731 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3732 if (chan->sdu)
3733 break;
18778a63 3734
84084a31
MM		 3735 err = chan->ops->recv(chan->data, skb);
3736 break;
18778a63 3737
7e0ef6ee 3738 case L2CAP_SAR_START:
84084a31
MM		 3739 if (chan->sdu)
3740 break;
18778a63 3741
6f61fd47 3742 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3743 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3744
84084a31
MM		 3745 if (chan->sdu_len > chan->imtu) {
3746 err = -EMSGSIZE;
3747 break;
3748 }
1890d36b 3749
84084a31
MM		 3750 if (skb->len >= chan->sdu_len)
3751 break;
18778a63 3752
84084a31
MM		 3753 chan->sdu = skb;
3754 chan->sdu_last_frag = skb;
18778a63 3755
84084a31
MM		 3756 skb = NULL;
3757 err = 0;
18778a63
GP		 3758 break;
3759
7e0ef6ee 3760 case L2CAP_SAR_CONTINUE:
6f61fd47 3761 if (!chan->sdu)
84084a31 3762 break;
18778a63 3763
84084a31
MM		 3764 append_skb_frag(chan->sdu, skb,
3765 &chan->sdu_last_frag);
3766 skb = NULL;
18778a63 3767
84084a31
MM		 3768 if (chan->sdu->len >= chan->sdu_len)
3769 break;
4178ba46 3770
84084a31 3771 err = 0;
18778a63
GP		 3772 break;
3773
7e0ef6ee 3774 case L2CAP_SAR_END:
6f61fd47 3775 if (!chan->sdu)
84084a31 3776 break;
18778a63 3777
84084a31
MM		 3778 append_skb_frag(chan->sdu, skb,
3779 &chan->sdu_last_frag);
3780 skb = NULL;
4178ba46 3781
84084a31
MM		 3782 if (chan->sdu->len != chan->sdu_len)
3783 break;
18778a63 3784
84084a31 3785 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3786
84084a31
MM		 3787 if (!err) {
3788 /* Reassembly complete */
3789 chan->sdu = NULL;
3790 chan->sdu_last_frag = NULL;
3791 chan->sdu_len = 0;
1890d36b 3792 }
18778a63
GP		 3793 break;
3794 }
3795
84084a31
MM		 3796 if (err) {
3797 kfree_skb(skb);
3798 kfree_skb(chan->sdu);
3799 chan->sdu = NULL;
3800 chan->sdu_last_frag = NULL;
3801 chan->sdu_len = 0;
3802 }
18778a63 3803
84084a31 3804 return err;
18778a63
GP		 3805}
3806
26f880d2 3807static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3808{
26f880d2 3809 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3810
26f880d2
MM		 3811 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3812
77f918bc 3813 __set_ack_timer(chan);
26f880d2
MM		 3814}
3815
3816static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3817{
88843ab0 3818 u32 control;
712132eb 3819
e2ab4353 3820 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3821 goto done;
3822
0b209fae 3823 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3824 control |= __set_ctrl_poll(chan);
ab784b73 3825 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3826 l2cap_send_sframe(chan, control);
6a026610 3827 chan->retry_count = 1;
712132eb 3828
1a09bcb9
GP		 3829 __clear_retrans_timer(chan);
3830 __set_monitor_timer(chan);
712132eb 3831
e2ab4353 3832 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3833
3834done:
e2ab4353
GP		 3835 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3836 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3837
49208c9c 3838 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3839}
3840
e328140f 3841void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3842{
e328140f
MM		 3843 if (chan->mode == L2CAP_MODE_ERTM) {
3844 if (busy)
3845 l2cap_ertm_enter_local_busy(chan);
3846 else
3847 l2cap_ertm_exit_local_busy(chan);
1890d36b 3848 }
1890d36b
GP		 3849}
3850
fb45de7d 3851static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3852{
3853 struct sk_buff *skb;
88843ab0 3854 u32 control;
8f17154f 3855
e328140f
MM		 3856 while ((skb = skb_peek(&chan->srej_q)) &&
3857 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3858 int err;
3859
8f17154f
GP		 3860 if (bt_cb(skb)->tx_seq != tx_seq)
3861 break;
3862
f1c6775b 3863 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3864 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3865 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3866
3867 if (err < 0) {
3868 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3869 break;
3870 }
3871
836be934
AE		 3872 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3873 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3874 }
3875}
3876
fb45de7d 3877static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3878{
8f17154f 3879 struct srej_list *l, *tmp;
88843ab0 3880 u32 control;
8f17154f 3881
39d5a3ee 3882 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3883 if (l->tx_seq == tx_seq) {
3884 list_del(&l->list);
3885 kfree(l);
3886 return;
3887 }
ab784b73 3888 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3889 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3890 l2cap_send_sframe(chan, control);
8f17154f 3891 list_del(&l->list);
39d5a3ee 3892 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3893 }
3894}
3895
aef89f21 3896static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3897{
8f17154f 3898 struct srej_list *new;
88843ab0 3899 u32 control;
8f17154f 3900
42e5c802 3901 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3902 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3903 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3904 l2cap_send_sframe(chan, control);
8f17154f
GP		 3905
3906 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3907 if (!new)
3908 return -ENOMEM;
3909
42e5c802 3910 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3911
3912 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3913
39d5a3ee 3914 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3915 }
836be934
AE		 3916
3917 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3918
3919 return 0;
8f17154f
GP		 3920}
3921
88843ab0 3922static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3923{
fb45de7d 3924 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3925 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3926 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3927 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3928 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3929 int err = 0;
3930
88843ab0 3931 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3932 tx_seq, rx_control);
1c2acffb 3933
03f6715d 3934 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3935 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3936 __clear_monitor_timer(chan);
6a026610 3937 if (chan->unacked_frames > 0)
1a09bcb9 3938 __set_retrans_timer(chan);
e2ab4353 3939 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3940 }
3941
42e5c802
GP		 3942 chan->expected_ack_seq = req_seq;
3943 l2cap_drop_acked_frames(chan);
9f121a5a 3944
836be934 3945 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3946
3947 /* invalid tx_seq */
47d1ec61 3948 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3949 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3950 goto drop;
3951 }
3952
77f918bc
SJ		 3953 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3954 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3955 l2cap_send_ack(chan);
1890d36b 3956 goto drop;
77f918bc 3957 }
1890d36b 3958
02f1b641
MM		 3959 if (tx_seq == chan->expected_tx_seq)
3960 goto expected;
3961
e2ab4353 3962 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3963 struct srej_list *first;
30afb5b2 3964
39d5a3ee 3965 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3966 struct srej_list, list);
3967 if (tx_seq == first->tx_seq) {
42e5c802 3968 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3969 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3970
3971 list_del(&first->list);
3972 kfree(first);
3973
39d5a3ee 3974 if (list_empty(&chan->srej_l)) {
42e5c802 3975 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3976 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3977 l2cap_send_ack(chan);
49208c9c 3978 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3979 }
3980 } else {
3981 struct srej_list *l;
9b53350d
JPRV		 3982
3983 /* duplicated tx_seq */
42e5c802 3984 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3985 goto drop;
8f17154f 3986
39d5a3ee 3987 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3988 if (l->tx_seq == tx_seq) {
525cd185 3989 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3990 return 0;
3991 }
3992 }
aef89f21
SJ		 3993
3994 err = l2cap_send_srejframe(chan, tx_seq);
3995 if (err < 0) {
3996 l2cap_send_disconn_req(chan->conn, chan, -err);
3997 return err;
3998 }
30afb5b2
GP		 3999 }
4000 } else {
836be934
AE		 4001 expected_tx_seq_offset = __seq_offset(chan,
4002 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4003
4004 /* duplicated tx_seq */
4005 if (tx_seq_offset < expected_tx_seq_offset)
4006 goto drop;
4007
e2ab4353 4008 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4009
49208c9c 4010 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4011
39d5a3ee 4012 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4013 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4014
f1c6775b 4015 __skb_queue_head_init(&chan->srej_q);
42e5c802 4016 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4017
0ef3ef0f
SJ		 4018 /* Set P-bit only if there are some I-frames to ack. */
4019 if (__clear_ack_timer(chan))
4020 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4021
aef89f21
SJ		 4022 err = l2cap_send_srejframe(chan, tx_seq);
4023 if (err < 0) {
4024 l2cap_send_disconn_req(chan->conn, chan, -err);
4025 return err;
4026 }
1c2acffb 4027 }
30afb5b2
GP		 4028 return 0;
4029
8f17154f 4030expected:
836be934 4031 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4032
e2ab4353 4033 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4034 bt_cb(skb)->tx_seq = tx_seq;
4035 bt_cb(skb)->sar = sar;
f1c6775b 4036 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4037 return 0;
4038 }
4039
84084a31 4040 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4041 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4042
e328140f
MM		 4043 if (err < 0) {
4044 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4045 return err;
4046 }
2ece3684 4047
03f6715d 4048 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4049 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4050 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4051 }
4052
c1b4f43b 4053
6a026610
GP		 4054 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4055 if (chan->num_acked == num_to_ack - 1)
525cd185 4056 l2cap_send_ack(chan);
4d611e4d
GP		 4057 else
4058 __set_ack_timer(chan);
9e917af1 4059
8f17154f 4060 return 0;
9b53350d
JPRV		 4061
4062drop:
4063 kfree_skb(skb);
4064 return 0;
1c2acffb
GP		 4065}
4066
88843ab0 4067static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4068{
88843ab0 4069 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4070 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4071
0b209fae 4072 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4073 l2cap_drop_acked_frames(chan);
1c2acffb 4074
e3781735 4075 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4076 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4077 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4078 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4079 (chan->unacked_frames > 0))
1a09bcb9 4080 __set_retrans_timer(chan);
05fbd89d 4081
e2ab4353 4082 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4083 l2cap_send_srejtail(chan);
05fbd89d 4084 } else {
525cd185 4085 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4086 }
1d8f5d16 4087
03f6715d 4088 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4089 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4090
e2ab4353 4091 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4092 l2cap_retransmit_frames(chan);
2246b2f1 4093
e072745f 4094 } else {
e2ab4353 4095 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4096 (chan->unacked_frames > 0))
1a09bcb9 4097 __set_retrans_timer(chan);
1c2acffb 4098
e2ab4353
GP		 4099 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4100 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4101 l2cap_send_ack(chan);
894718a6 4102 else
525cd185 4103 l2cap_ertm_send(chan);
e072745f
GP		 4104 }
4105}
2246b2f1 4106
88843ab0 4107static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4108{
0b209fae 4109 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4110
88843ab0 4111 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4112
e2ab4353 4113 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4114
42e5c802
GP		 4115 chan->expected_ack_seq = tx_seq;
4116 l2cap_drop_acked_frames(chan);
e072745f 4117
03f6715d 4118 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4119 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4120 l2cap_retransmit_frames(chan);
e072745f 4121 } else {
525cd185 4122 l2cap_retransmit_frames(chan);
30afb5b2 4123
e2ab4353
GP		 4124 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4125 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4126 }
4127}
88843ab0 4128static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4129{
0b209fae 4130 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4131
88843ab0 4132 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4133
e2ab4353 4134 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4135
e3781735 4136 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4137 chan->expected_ack_seq = tx_seq;
4138 l2cap_drop_acked_frames(chan);
3cb123d1 4139
e2ab4353 4140 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4141 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4142
525cd185 4143 l2cap_ertm_send(chan);
dfc909be 4144
e2ab4353 4145 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4146 chan->srej_save_reqseq = tx_seq;
e2ab4353 4147 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4148 }
03f6715d 4149 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4150 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4151 chan->srej_save_reqseq == tx_seq)
e2ab4353 4152 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4153 else
525cd185 4154 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4155 } else {
525cd185 4156 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4157 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4158 chan->srej_save_reqseq = tx_seq;
e2ab4353 4159 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4160 }
e072745f
GP		 4161 }
4162}
4163
88843ab0 4164static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4165{
0b209fae 4166 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4167
88843ab0 4168 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4169
e2ab4353 4170 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4171 chan->expected_ack_seq = tx_seq;
4172 l2cap_drop_acked_frames(chan);
e072745f 4173
e3781735 4174 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4175 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4176
e2ab4353 4177 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4178 __clear_retrans_timer(chan);
e3781735 4179 if (__is_ctrl_poll(chan, rx_control))
525cd185 4180 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4181 return;
e072745f 4182 }
99b0d4b7 4183
e3781735 4184 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4185 l2cap_send_srejtail(chan);
ab784b73
AE		 4186 } else {
4187 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4188 l2cap_send_sframe(chan, rx_control);
4189 }
e072745f
GP		 4190}
4191
88843ab0 4192static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4193{
88843ab0 4194 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4195
03f6715d 4196 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4197 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4198 __clear_monitor_timer(chan);
6a026610 4199 if (chan->unacked_frames > 0)
1a09bcb9 4200 __set_retrans_timer(chan);
e2ab4353 4201 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4202 }
4203
ab784b73
AE		 4204 switch (__get_ctrl_super(chan, rx_control)) {
4205 case L2CAP_SUPER_RR:
525cd185 4206 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4207 break;
4208
ab784b73 4209 case L2CAP_SUPER_REJ:
525cd185 4210 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4211 break;
2246b2f1 4212
ab784b73 4213 case L2CAP_SUPER_SREJ:
525cd185 4214 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4215 break;
4216
ab784b73 4217 case L2CAP_SUPER_RNR:
525cd185 4218 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4219 break;
4220 }
4221
faaebd19 4222 kfree_skb(skb);
1c2acffb
GP		 4223 return 0;
4224}
4225
cad8f1d0 4226static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4227{
88843ab0 4228 u32 control;
0b209fae 4229 u16 req_seq;
218bb9df
GP		 4230 int len, next_tx_seq_offset, req_seq_offset;
4231
88843ab0
AE		 4232 control = __get_control(chan, skb->data);
4233 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4234 len = skb->len;
4235
4236 /*
4237 * We can just drop the corrupted I-frame here.
4238 * Receiver will miss it and start proper recovery
4239 * procedures and ask retransmission.
4240 */
47d1ec61 4241 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4242 goto drop;
4243
793c2f1c 4244 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4245 len -= L2CAP_SDULEN_SIZE;
218bb9df 4246
47d1ec61 4247 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4248 len -= L2CAP_FCS_SIZE;
218bb9df 4249
47d1ec61 4250 if (len > chan->mps) {
8c1d787b 4251 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4252 goto drop;
4253 }
4254
0b209fae 4255 req_seq = __get_reqseq(chan, control);
218bb9df 4256
836be934
AE		 4257 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4258
4259 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4260 chan->expected_ack_seq);
218bb9df
GP		 4261
4262 /* check for invalid req-seq */
4263 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4264 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4265 goto drop;
4266 }
4267
793c2f1c 4268 if (!__is_sframe(chan, control)) {
218bb9df 4269 if (len < 0) {
8c1d787b 4270 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4271 goto drop;
4272 }
4273
525cd185 4274 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4275 } else {
4276 if (len != 0) {
4277 BT_ERR("%d", len);
8c1d787b 4278 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4279 goto drop;
4280 }
4281
525cd185 4282 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4283 }
4284
4285 return 0;
4286
4287drop:
4288 kfree_skb(skb);
4289 return 0;
4290}
4291
1da177e4
LT		 4292static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4293{
48454079 4294 struct l2cap_chan *chan;
88843ab0 4295 u32 control;
fb45de7d 4296 u16 tx_seq;
218bb9df 4297 int len;
1da177e4 4298
baa7e1fa 4299 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4300 if (!chan) {
1da177e4 4301 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4302 /* Drop packet and return */
3379013b 4303 kfree_skb(skb);
6be36555 4304 return 0;
1da177e4
LT		 4305 }
4306
6be36555 4307 l2cap_chan_lock(chan);
6840ed07 4308
49208c9c 4309 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4310
89bc500e 4311 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4312 goto drop;
4313
0c1bc5c6 4314 switch (chan->mode) {
1c2acffb
GP		 4315 case L2CAP_MODE_BASIC:
4316 /* If socket recv buffers overflows we drop data here
4317 * which is *bad* because L2CAP has to be reliable.
4318 * But we don't have any other choice. L2CAP doesn't
4319 * provide flow control mechanism. */
1da177e4 4320
0c1bc5c6 4321 if (chan->imtu < skb->len)
1c2acffb 4322 goto drop;
1da177e4 4323
23070494 4324 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4325 goto done;
4326 break;
4327
4328 case L2CAP_MODE_ERTM:
5ef8cb9e 4329 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4330
fcafde2e 4331 goto done;
1c2acffb 4332
6840ed07 4333 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4334 control = __get_control(chan, skb->data);
4335 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4336 len = skb->len;
4337
47d1ec61 4338 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4339 goto drop;
4340
7e0ef6ee 4341 if (__is_sar_start(chan, control))
03a51213 4342 len -= L2CAP_SDULEN_SIZE;
6840ed07 4343
47d1ec61 4344 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4345 len -= L2CAP_FCS_SIZE;
fcc203c3 4346
793c2f1c 4347 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4348 goto drop;
4349
fb45de7d 4350 tx_seq = __get_txseq(chan, control);
6840ed07 4351
84084a31
MM		 4352 if (chan->expected_tx_seq != tx_seq) {
4353 /* Frame(s) missing - must discard partial SDU */
4354 kfree_skb(chan->sdu);
4355 chan->sdu = NULL;
4356 chan->sdu_last_frag = NULL;
4357 chan->sdu_len = 0;
6840ed07 4358
84084a31
MM		 4359 /* TODO: Notify userland of missing data */
4360 }
4361
836be934 4362 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4363
4364 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4365 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4366
4367 goto done;
4368
1c2acffb 4369 default:
0c1bc5c6 4370 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4371 break;
4372 }
1da177e4
LT		 4373
4374drop:
4375 kfree_skb(skb);
4376
4377done:
6be36555 4378 l2cap_chan_unlock(chan);
0139418c 4379
1da177e4
LT		 4380 return 0;
4381}
4382
8e036fc3 4383static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4384{
23691d75 4385 struct l2cap_chan *chan;
1da177e4 4386
23691d75
GP		 4387 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4388 if (!chan)
1da177e4
LT		 4389 goto drop;
4390
5b4cedaa 4391 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4392
89bc500e 4393 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4394 goto drop;
4395
e13e21dc 4396 if (chan->imtu < skb->len)
1da177e4
LT		 4397 goto drop;
4398
23070494 4399 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4400 return 0;
1da177e4
LT		 4401
4402drop:
4403 kfree_skb(skb);
4404
1da177e4
LT		 4405 return 0;
4406}
4407
d9b88702
AE		 4408static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
4409 struct sk_buff *skb)
9f69bda6 4410{
23691d75 4411 struct l2cap_chan *chan;
9f69bda6 4412
23691d75
GP		 4413 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4414 if (!chan)
9f69bda6
GP		 4415 goto drop;
4416
5b4cedaa 4417 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 4418
89bc500e 4419 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4420 goto drop;
4421
e13e21dc 4422 if (chan->imtu < skb->len)
9f69bda6
GP		 4423 goto drop;
4424
23070494 4425 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4426 return 0;
9f69bda6
GP		 4427
4428drop:
4429 kfree_skb(skb);
4430
9f69bda6
GP		 4431 return 0;
4432}
4433
1da177e4
LT		 4434static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4435{
4436 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4437 u16 cid, len;
4438 __le16 psm;
1da177e4
LT		 4439
4440 skb_pull(skb, L2CAP_HDR_SIZE);
4441 cid = __le16_to_cpu(lh->cid);
4442 len = __le16_to_cpu(lh->len);
4443
1c2acffb
GP		 4444 if (len != skb->len) {
4445 kfree_skb(skb);
4446 return;
4447 }
4448
1da177e4
LT		 4449 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4450
4451 switch (cid) {
3300d9a9 4452 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4453 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4454 l2cap_sig_channel(conn, skb);
4455 break;
4456
8db4dc46 4457 case L2CAP_CID_CONN_LESS:
097db76c 4458 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 4459 skb_pull(skb, 2);
4460 l2cap_conless_channel(conn, psm, skb);
4461 break;
4462
9f69bda6
GP		 4463 case L2CAP_CID_LE_DATA:
4464 l2cap_att_channel(conn, cid, skb);
4465 break;
4466
b501d6a1
AB		 4467 case L2CAP_CID_SMP:
4468 if (smp_sig_channel(conn, skb))
4469 l2cap_conn_del(conn->hcon, EACCES);
4470 break;
4471
1da177e4
LT		 4472 default:
4473 l2cap_data_channel(conn, cid, skb);
4474 break;
4475 }
4476}
4477
4478/* ---- L2CAP interface with lower layer (HCI) ---- */
4479
686ebf28 4480int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4481{
4482 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4483 struct l2cap_chan *c;
1da177e4 4484
1da177e4
LT		 4485 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4486
4487 /* Find listening sockets and check their link_mode */
23691d75
GP		 4488 read_lock(&chan_list_lock);
4489 list_for_each_entry(c, &chan_list, global_l) {
4490 struct sock *sk = c->sk;
4343478f 4491
89bc500e 4492 if (c->state != BT_LISTEN)
1da177e4
LT		 4493 continue;
4494
4495 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4496 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4497 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4498 lm1 |= HCI_LM_MASTER;
1da177e4 4499 exact++;
2af6b9d5
MH		 4500 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4501 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4502 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4503 lm2 |= HCI_LM_MASTER;
4504 }
1da177e4 4505 }
23691d75 4506 read_unlock(&chan_list_lock);
1da177e4
LT		 4507
4508 return exact ? lm1 : lm2;
4509}
4510
686ebf28 4511int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4512{
0139418c
MH		 4513 struct l2cap_conn *conn;
4514
1da177e4
LT		 4515 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4516
1da177e4 4517 if (!status) {
1da177e4
LT		 4518 conn = l2cap_conn_add(hcon, status);
4519 if (conn)
4520 l2cap_conn_ready(conn);
0139418c 4521 } else
e175072f 4522 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4523
4524 return 0;
4525}
4526
686ebf28 4527int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4528{
4529 struct l2cap_conn *conn = hcon->l2cap_data;
4530
4531 BT_DBG("hcon %p", hcon);
4532
686ebf28 4533 if (!conn)
9f5a0d7b 4534 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4535 return conn->disc_reason;
4536}
4537
686ebf28 4538int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4539{
4540 BT_DBG("hcon %p reason %d", hcon, reason);
4541
e175072f 4542 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4543 return 0;
4544}
4545
4343478f 4546static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4547{
715ec005 4548 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4549 return;
4550
f62e4323 4551 if (encrypt == 0x00) {
4343478f 4552 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 4553 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 4554 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4555 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4556 } else {
4343478f 4557 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4558 __clear_chan_timer(chan);
f62e4323
MH		 4559 }
4560}
4561
686ebf28 4562int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4563{
0139418c 4564 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4565 struct l2cap_chan *chan;
1da177e4 4566
0139418c 4567 if (!conn)
1da177e4 4568 return 0;
0139418c 4569
1da177e4
LT		 4570 BT_DBG("conn %p", conn);
4571
160dc6ac
VCG		 4572 if (hcon->type == LE_LINK) {
4573 smp_distribute_keys(conn, 0);
17cd3f37 4574 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4575 }
4576
3df91ea2 4577 mutex_lock(&conn->chan_lock);
1da177e4 4578
3df91ea2 4579 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4580 l2cap_chan_lock(chan);
1da177e4 4581
f1cb9af5
VCG		 4582 BT_DBG("chan->scid %d", chan->scid);
4583
4584 if (chan->scid == L2CAP_CID_LE_DATA) {
4585 if (!status && encrypt) {
4586 chan->sec_level = hcon->sec_level;
cf4cd009 4587 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4588 }
4589
6be36555 4590 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4591 continue;
4592 }
4593
c1360a1c 4594 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4595 l2cap_chan_unlock(chan);
6a8d3010
MH		 4596 continue;
4597 }
4598
89bc500e
GP		 4599 if (!status && (chan->state == BT_CONNECTED ||
4600 chan->state == BT_CONFIG)) {
4343478f 4601 l2cap_check_encryption(chan, encrypt);
6be36555 4602 l2cap_chan_unlock(chan);
9719f8af
MH		 4603 continue;
4604 }
4605
89bc500e 4606 if (chan->state == BT_CONNECT) {
b1235d79 4607 if (!status) {
9b27f350 4608 l2cap_send_conn_req(chan);
b1235d79 4609 } else {
ba13ccd9 4610 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 4611 }
89bc500e 4612 } else if (chan->state == BT_CONNECT2) {
6be36555 4613 struct sock *sk = chan->sk;
b1235d79 4614 struct l2cap_conn_rsp rsp;
df3c3931 4615 __u16 res, stat;
1da177e4 4616
6be36555
AE		 4617 lock_sock(sk);
4618
b1235d79 4619 if (!status) {
df3c3931
JH		 4620 if (bt_sk(sk)->defer_setup) {
4621 struct sock *parent = bt_sk(sk)->parent;
4622 res = L2CAP_CR_PEND;
4623 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4624 if (parent)
4625 parent->sk_data_ready(parent, 0);
df3c3931 4626 } else {
0e587be7 4627 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4628 res = L2CAP_CR_SUCCESS;
4629 stat = L2CAP_CS_NO_INFO;
4630 }
b1235d79 4631 } else {
0e587be7 4632 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 4633 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 4634 res = L2CAP_CR_SEC_BLOCK;
4635 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4636 }
4637
6be36555
AE		 4638 release_sock(sk);
4639
fe4128e0
GP		 4640 rsp.scid = cpu_to_le16(chan->dcid);
4641 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4642 rsp.result = cpu_to_le16(res);
4643 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4644 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4645 sizeof(rsp), &rsp);
b1235d79 4646 }
1da177e4 4647
6be36555 4648 l2cap_chan_unlock(chan);
1da177e4
LT		 4649 }
4650
3df91ea2 4651 mutex_unlock(&conn->chan_lock);
b1235d79 4652
1da177e4
LT		 4653 return 0;
4654}
4655
686ebf28 4656int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4657{
4658 struct l2cap_conn *conn = hcon->l2cap_data;
4659
5a08ecce
AE		 4660 if (!conn)
4661 conn = l2cap_conn_add(hcon, 0);
4662
4663 if (!conn)
1da177e4
LT		 4664 goto drop;
4665
4666 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4667
e702112f 4668 if (!(flags & ACL_CONT)) {
1da177e4 4669 struct l2cap_hdr *hdr;
48454079 4670 struct l2cap_chan *chan;
89794813 4671 u16 cid;
1da177e4
LT		 4672 int len;
4673
4674 if (conn->rx_len) {
4675 BT_ERR("Unexpected start frame (len %d)", skb->len);
4676 kfree_skb(conn->rx_skb);
4677 conn->rx_skb = NULL;
4678 conn->rx_len = 0;
4679 l2cap_conn_unreliable(conn, ECOMM);
4680 }
4681
aae7fe22
AE		 4682 /* Start fragment always begin with Basic L2CAP header */
4683 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4684 BT_ERR("Frame is too short (len %d)", skb->len);
4685 l2cap_conn_unreliable(conn, ECOMM);
4686 goto drop;
4687 }
4688
4689 hdr = (struct l2cap_hdr *) skb->data;
4690 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4691 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4692
4693 if (len == skb->len) {
4694 /* Complete frame received */
4695 l2cap_recv_frame(conn, skb);
4696 return 0;
4697 }
4698
4699 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4700
4701 if (skb->len > len) {
4702 BT_ERR("Frame is too long (len %d, expected len %d)",
4703 skb->len, len);
4704 l2cap_conn_unreliable(conn, ECOMM);
4705 goto drop;
4706 }
4707
baa7e1fa 4708 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4709
48454079
GP		 4710 if (chan && chan->sk) {
4711 struct sock *sk = chan->sk;
3df91ea2 4712 lock_sock(sk);
89794813 4713
0c1bc5c6 4714 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4715 BT_ERR("Frame exceeding recv MTU (len %d, "
4716 "MTU %d)", len,
0c1bc5c6 4717 chan->imtu);
aa2ac881 4718 release_sock(sk);
48454079
GP		 4719 l2cap_conn_unreliable(conn, ECOMM);
4720 goto drop;
4721 }
aa2ac881 4722 release_sock(sk);
48454079 4723 }
89794813 4724
1da177e4 4725 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4726 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4727 if (!conn->rx_skb)
1da177e4
LT		 4728 goto drop;
4729
d626f62b 4730 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4731 skb->len);
1da177e4
LT		 4732 conn->rx_len = len - skb->len;
4733 } else {
4734 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4735
4736 if (!conn->rx_len) {
4737 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4738 l2cap_conn_unreliable(conn, ECOMM);
4739 goto drop;
4740 }
4741
4742 if (skb->len > conn->rx_len) {
4743 BT_ERR("Fragment is too long (len %d, expected %d)",
4744 skb->len, conn->rx_len);
4745 kfree_skb(conn->rx_skb);
4746 conn->rx_skb = NULL;
4747 conn->rx_len = 0;
4748 l2cap_conn_unreliable(conn, ECOMM);
4749 goto drop;
4750 }
4751
d626f62b 4752 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4753 skb->len);
1da177e4
LT		 4754 conn->rx_len -= skb->len;
4755
4756 if (!conn->rx_len) {
4757 /* Complete frame received */
4758 l2cap_recv_frame(conn, conn->rx_skb);
4759 conn->rx_skb = NULL;
4760 }
4761 }
4762
4763drop:
4764 kfree_skb(skb);
4765 return 0;
4766}
4767
aef7d97c 4768static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4769{
23691d75 4770 struct l2cap_chan *c;
1da177e4 4771
333055f2 4772 read_lock(&chan_list_lock);
1da177e4 4773
23691d75
GP		 4774 list_for_each_entry(c, &chan_list, global_l) {
4775 struct sock *sk = c->sk;
101545f6 4776
903d343e 4777 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4778 batostr(&bt_sk(sk)->src),
4779 batostr(&bt_sk(sk)->dst),
89bc500e 4780 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4781 c->scid, c->dcid, c->imtu, c->omtu,
4782 c->sec_level, c->mode);
61e1b4b7 4783 }
1da177e4 4784
333055f2 4785 read_unlock(&chan_list_lock);
1da177e4 4786
aef7d97c 4787 return 0;
1da177e4
LT		 4788}
4789
aef7d97c
MH		 4790static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4791{
4792 return single_open(file, l2cap_debugfs_show, inode->i_private);
4793}
4794
4795static const struct file_operations l2cap_debugfs_fops = {
4796 .open = l2cap_debugfs_open,
4797 .read = seq_read,
4798 .llseek = seq_lseek,
4799 .release = single_release,
4800};
4801
4802static struct dentry *l2cap_debugfs;
1da177e4 4803
64274518 4804int __init l2cap_init(void)
1da177e4
LT		 4805{
4806 int err;
be9d1227 4807
bb58f747 4808 err = l2cap_init_sockets();
1da177e4
LT		 4809 if (err < 0)
4810 return err;
4811
aef7d97c
MH		 4812 if (bt_debugfs) {
4813 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4814 bt_debugfs, NULL, &l2cap_debugfs_fops);
4815 if (!l2cap_debugfs)
4816 BT_ERR("Failed to create L2CAP debug file");
4817 }
1da177e4 4818
1da177e4 4819 return 0;
1da177e4
LT		 4820}
4821
64274518 4822void l2cap_exit(void)
1da177e4 4823{
aef7d97c 4824 debugfs_remove(l2cap_debugfs);
bb58f747 4825 l2cap_cleanup_sockets();
1da177e4
LT		 4826}
4827
d1c4a17d
GP		 4828module_param(disable_ertm, bool, 0644);
4829MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)