projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: EWS: rewrite handling POLL (P) bit
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
bb58f747 59int disable_ertm;
a5fd6f30 60int enable_hs;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 63static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
218bb9df
GP		 76static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
77
0139418c 78/* ---- L2CAP channels ---- */
71ba0e56
GP		 79
80static inline void chan_hold(struct l2cap_chan *c)
81{
82 atomic_inc(&c->refcnt);
83}
84
85static inline void chan_put(struct l2cap_chan *c)
86{
87 if (atomic_dec_and_test(&c->refcnt))
88 kfree(c);
89}
90
baa7e1fa 91static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 92{
48454079 93 struct l2cap_chan *c;
baa7e1fa
GP		 94
95 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 96 if (c->dcid == cid)
baa7e1fa 97 return c;
0139418c 98 }
baa7e1fa
GP		 99 return NULL;
100
0139418c
MH		 101}
102
baa7e1fa 103static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 104{
48454079 105 struct l2cap_chan *c;
baa7e1fa
GP		 106
107 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 108 if (c->scid == cid)
baa7e1fa 109 return c;
0139418c 110 }
baa7e1fa 111 return NULL;
0139418c
MH		 112}
113
114/* Find channel with given SCID.
115 * Returns locked socket */
baa7e1fa 116static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 117{
48454079 118 struct l2cap_chan *c;
baa7e1fa
GP		 119
120 read_lock(&conn->chan_lock);
121 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 122 if (c)
123 bh_lock_sock(c->sk);
baa7e1fa 124 read_unlock(&conn->chan_lock);
48454079 125 return c;
0139418c
MH		 126}
127
baa7e1fa 128static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 129{
48454079 130 struct l2cap_chan *c;
baa7e1fa
GP		 131
132 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 133 if (c->ident == ident)
baa7e1fa 134 return c;
0139418c 135 }
baa7e1fa 136 return NULL;
0139418c
MH		 137}
138
baa7e1fa 139static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 140{
48454079 141 struct l2cap_chan *c;
baa7e1fa
GP		 142
143 read_lock(&conn->chan_lock);
144 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 145 if (c)
146 bh_lock_sock(c->sk);
baa7e1fa 147 read_unlock(&conn->chan_lock);
48454079 148 return c;
0139418c
MH		 149}
150
23691d75 151static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 152{
23691d75 153 struct l2cap_chan *c;
9e4425ff 154
23691d75
GP		 155 list_for_each_entry(c, &chan_list, global_l) {
156 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 157 goto found;
158 }
159
23691d75 160 c = NULL;
9e4425ff 161found:
23691d75 162 return c;
9e4425ff
GP		 163}
164
165int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
166{
73b2ec18
GP		 167 int err;
168
23691d75 169 write_lock_bh(&chan_list_lock);
9e4425ff 170
23691d75 171 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 172 err = -EADDRINUSE;
173 goto done;
9e4425ff
GP		 174 }
175
73b2ec18
GP		 176 if (psm) {
177 chan->psm = psm;
178 chan->sport = psm;
179 err = 0;
180 } else {
181 u16 p;
182
183 err = -EINVAL;
184 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 185 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 186 chan->psm = cpu_to_le16(p);
187 chan->sport = cpu_to_le16(p);
188 err = 0;
189 break;
190 }
191 }
9e4425ff 192
73b2ec18 193done:
23691d75 194 write_unlock_bh(&chan_list_lock);
73b2ec18 195 return err;
9e4425ff
GP		 196}
197
198int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
199{
23691d75 200 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 201
202 chan->scid = scid;
203
23691d75 204 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 205
206 return 0;
207}
208
baa7e1fa 209static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 210{
8db4dc46 211 u16 cid = L2CAP_CID_DYN_START;
0139418c 212
8db4dc46 213 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 214 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 215 return cid;
216 }
217
218 return 0;
219}
220
c9b66675 221static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout)
ab07801d 222{
774e5651 223 BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout);
89bc500e 224
942ecc9c 225 if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout)))
774e5651 226 chan_hold(chan);
ab07801d
GP		 227}
228
c9b66675 229static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer)
ab07801d 230{
774e5651 231 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d 232
774e5651
MM		 233 if (timer_pending(timer) && del_timer(timer))
234 chan_put(chan);
ab07801d
GP		 235}
236
89bc500e
GP		 237static void l2cap_state_change(struct l2cap_chan *chan, int state)
238{
239 chan->state = state;
240 chan->ops->state_change(chan->data, state);
241}
242
ab07801d
GP		 243static void l2cap_chan_timeout(unsigned long arg)
244{
245 struct l2cap_chan *chan = (struct l2cap_chan *) arg;
246 struct sock *sk = chan->sk;
247 int reason;
248
89bc500e 249 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d
GP		 250
251 bh_lock_sock(sk);
252
253 if (sock_owned_by_user(sk)) {
254 /* sk is owned by user. Try again later */
c9b66675 255 __set_chan_timer(chan, HZ / 5);
ab07801d 256 bh_unlock_sock(sk);
71ba0e56 257 chan_put(chan);
ab07801d
GP		 258 return;
259 }
260
89bc500e 261 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 262 reason = ECONNREFUSED;
89bc500e 263 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 264 chan->sec_level != BT_SECURITY_SDP)
265 reason = ECONNREFUSED;
266 else
267 reason = ETIMEDOUT;
268
0f852724 269 l2cap_chan_close(chan, reason);
ab07801d
GP		 270
271 bh_unlock_sock(sk);
272
ba3bd0ee 273 chan->ops->close(chan->data);
71ba0e56 274 chan_put(chan);
ab07801d
GP		 275}
276
23691d75 277struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 278{
279 struct l2cap_chan *chan;
280
281 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
282 if (!chan)
283 return NULL;
284
285 chan->sk = sk;
286
23691d75
GP		 287 write_lock_bh(&chan_list_lock);
288 list_add(&chan->global_l, &chan_list);
289 write_unlock_bh(&chan_list_lock);
290
ab07801d
GP		 291 setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan);
292
89bc500e
GP		 293 chan->state = BT_OPEN;
294
71ba0e56
GP		 295 atomic_set(&chan->refcnt, 1);
296
48454079
GP		 297 return chan;
298}
299
23691d75 300void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 301{
23691d75
GP		 302 write_lock_bh(&chan_list_lock);
303 list_del(&chan->global_l);
304 write_unlock_bh(&chan_list_lock);
305
71ba0e56 306 chan_put(chan);
6ff5abbf
GP		 307}
308
48454079 309static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 310{
af05b30b 311 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 312 chan->psm, chan->dcid);
0139418c 313
2950f21a
MH		 314 conn->disc_reason = 0x13;
315
8c1d787b 316 chan->conn = conn;
0139418c 317
715ec005 318 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
b62f328b
VT		 319 if (conn->hcon->type == LE_LINK) {
320 /* LE connection */
0c1bc5c6 321 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 322 chan->scid = L2CAP_CID_LE_DATA;
323 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 324 } else {
325 /* Alloc CID for connection-oriented socket */
fe4128e0 326 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 327 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 328 }
715ec005 329 } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
0139418c 330 /* Connectionless socket */
fe4128e0
GP		 331 chan->scid = L2CAP_CID_CONN_LESS;
332 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 333 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 334 } else {
335 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 336 chan->scid = L2CAP_CID_SIGNALING;
337 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 338 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 339 }
340
71ba0e56 341 chan_hold(chan);
baa7e1fa
GP		 342
343 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 344}
345
8e87d142 346/* Delete channel.
0139418c 347 * Must be called on the locked socket. */
4519de9a 348static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 349{
48454079 350 struct sock *sk = chan->sk;
8c1d787b 351 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 352 struct sock *parent = bt_sk(sk)->parent;
353
c9b66675 354 __clear_chan_timer(chan);
0139418c 355
49208c9c 356 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 357
8e87d142 358 if (conn) {
baa7e1fa
GP		 359 /* Delete from channel list */
360 write_lock_bh(&conn->chan_lock);
361 list_del(&chan->list);
362 write_unlock_bh(&conn->chan_lock);
71ba0e56 363 chan_put(chan);
baa7e1fa 364
8c1d787b 365 chan->conn = NULL;
0139418c
MH		 366 hci_conn_put(conn->hcon);
367 }
368
89bc500e 369 l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 370 sock_set_flag(sk, SOCK_ZAPPED);
371
372 if (err)
373 sk->sk_err = err;
374
375 if (parent) {
376 bt_accept_unlink(sk);
377 parent->sk_data_ready(parent, 0);
378 } else
379 sk->sk_state_change(sk);
c13ffa62 380
c1360a1c
GP		 381 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
382 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 383 return;
2ead70b8 384
58d35f87 385 skb_queue_purge(&chan->tx_q);
c13ffa62 386
0c1bc5c6 387 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 388 struct srej_list *l, *tmp;
389
1a09bcb9
GP		 390 __clear_retrans_timer(chan);
391 __clear_monitor_timer(chan);
392 __clear_ack_timer(chan);
c13ffa62 393
f1c6775b 394 skb_queue_purge(&chan->srej_q);
c13ffa62 395
39d5a3ee 396 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 397 list_del(&l->list);
398 kfree(l);
399 }
400 }
0139418c
MH		 401}
402
4519de9a
GP		 403static void l2cap_chan_cleanup_listen(struct sock *parent)
404{
405 struct sock *sk;
406
407 BT_DBG("parent %p", parent);
408
409 /* Close not yet accepted channels */
0f852724 410 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 411 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
c9b66675 412 __clear_chan_timer(chan);
0f852724 413 lock_sock(sk);
ba3bd0ee 414 l2cap_chan_close(chan, ECONNRESET);
0f852724 415 release_sock(sk);
ba3bd0ee 416 chan->ops->close(chan->data);
0f852724 417 }
4519de9a
GP		 418}
419
0f852724 420void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 421{
422 struct l2cap_conn *conn = chan->conn;
423 struct sock *sk = chan->sk;
424
89bc500e 425 BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket);
4519de9a 426
89bc500e 427 switch (chan->state) {
4519de9a
GP		 428 case BT_LISTEN:
429 l2cap_chan_cleanup_listen(sk);
89bc500e
GP		 430
431 l2cap_state_change(chan, BT_CLOSED);
432 sock_set_flag(sk, SOCK_ZAPPED);
4519de9a
GP		 433 break;
434
435 case BT_CONNECTED:
436 case BT_CONFIG:
715ec005 437 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 438 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 439 __clear_chan_timer(chan);
440 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 441 l2cap_send_disconn_req(conn, chan, reason);
442 } else
443 l2cap_chan_del(chan, reason);
444 break;
445
446 case BT_CONNECT2:
715ec005 447 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 448 conn->hcon->type == ACL_LINK) {
449 struct l2cap_conn_rsp rsp;
450 __u16 result;
451
452 if (bt_sk(sk)->defer_setup)
453 result = L2CAP_CR_SEC_BLOCK;
454 else
455 result = L2CAP_CR_BAD_PSM;
89bc500e 456 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 457
458 rsp.scid = cpu_to_le16(chan->dcid);
459 rsp.dcid = cpu_to_le16(chan->scid);
460 rsp.result = cpu_to_le16(result);
461 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
462 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
463 sizeof(rsp), &rsp);
464 }
465
466 l2cap_chan_del(chan, reason);
467 break;
468
469 case BT_CONNECT:
470 case BT_DISCONN:
471 l2cap_chan_del(chan, reason);
472 break;
473
474 default:
475 sock_set_flag(sk, SOCK_ZAPPED);
476 break;
477 }
478}
479
4343478f 480static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 481{
715ec005 482 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 483 switch (chan->sec_level) {
8556edd3
JH		 484 case BT_SECURITY_HIGH:
485 return HCI_AT_DEDICATED_BONDING_MITM;
486 case BT_SECURITY_MEDIUM:
487 return HCI_AT_DEDICATED_BONDING;
488 default:
489 return HCI_AT_NO_BONDING;
490 }
fe4128e0 491 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 492 if (chan->sec_level == BT_SECURITY_LOW)
493 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 494
4343478f 495 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 496 return HCI_AT_NO_BONDING_MITM;
00ae4af9 497 else
8556edd3 498 return HCI_AT_NO_BONDING;
00ae4af9 499 } else {
4343478f 500 switch (chan->sec_level) {
00ae4af9 501 case BT_SECURITY_HIGH:
8556edd3 502 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 503 case BT_SECURITY_MEDIUM:
8556edd3 504 return HCI_AT_GENERAL_BONDING;
00ae4af9 505 default:
8556edd3 506 return HCI_AT_NO_BONDING;
00ae4af9 507 }
0684e5f9 508 }
8556edd3
JH		 509}
510
511/* Service level security */
4343478f 512static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 513{
8c1d787b 514 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 515 __u8 auth_type;
516
4343478f 517 auth_type = l2cap_get_auth_type(chan);
79d554a6 518
4343478f 519 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 520}
521
b5ad8b7f 522static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 523{
524 u8 id;
525
526 /* Get next available identificator.
527 * 1 - 128 are used by kernel.
528 * 129 - 199 are reserved.
529 * 200 - 254 are used by utilities like l2ping, etc.
530 */
531
532 spin_lock_bh(&conn->lock);
533
534 if (++conn->tx_ident > 128)
535 conn->tx_ident = 1;
536
537 id = conn->tx_ident;
538
539 spin_unlock_bh(&conn->lock);
540
541 return id;
542}
543
4519de9a 544static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 545{
546 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 547 u8 flags;
4e8402a3
MH		 548
549 BT_DBG("code 0x%2.2x", code);
550
551 if (!skb)
9a9c6a34 552 return;
4e8402a3 553
e702112f
AE		 554 if (lmp_no_flush_capable(conn->hcon->hdev))
555 flags = ACL_START_NO_FLUSH;
556 else
557 flags = ACL_START;
558
14b12d0b
JG		 559 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
560
e702112f 561 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 562}
563
525cd185 564static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 565{
566 struct sk_buff *skb;
567 struct l2cap_hdr *lh;
8c1d787b 568 struct l2cap_conn *conn = chan->conn;
fcc203c3 569 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 570 u8 flags;
fcc203c3 571
89bc500e 572 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 573 return;
574
47d1ec61 575 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 576 hlen += 2;
1c2acffb 577
49208c9c 578 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 579
fcc203c3 580 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 581
582 control |= __set_sframe(chan);
1c2acffb 583
e2ab4353 584 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 585 control |= __set_ctrl_final(chan);
9e917af1 586
e2ab4353 587 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 588 control |= __set_ctrl_poll(chan);
f0946ccf 589
1c2acffb
GP		 590 skb = bt_skb_alloc(count, GFP_ATOMIC);
591 if (!skb)
9a9c6a34 592 return;
1c2acffb
GP		 593
594 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 595 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 596 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 597 put_unaligned_le16(control, skb_put(skb, 2));
598
47d1ec61 599 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 600 u16 fcs = crc16(0, (u8 *)lh, count - 2);
601 put_unaligned_le16(fcs, skb_put(skb, 2));
602 }
603
e702112f
AE		 604 if (lmp_no_flush_capable(conn->hcon->hdev))
605 flags = ACL_START_NO_FLUSH;
606 else
607 flags = ACL_START;
608
15770b1a 609 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b 610
8c1d787b 611 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 612}
613
525cd185 614static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 615{
e2ab4353 616 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 617 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 618 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 619 } else
ab784b73 620 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 621
0b209fae 622 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 623
525cd185 624 l2cap_send_sframe(chan, control);
7e743090
GP		 625}
626
b4450035 627static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 628{
c1360a1c 629 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 630}
631
fc7f8a7e 632static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 633{
8c1d787b 634 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 635
636 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 637 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
638 return;
639
4343478f
GP		 640 if (l2cap_check_security(chan) &&
641 __l2cap_no_conn_pending(chan)) {
b1235d79 642 struct l2cap_conn_req req;
fe4128e0
GP		 643 req.scid = cpu_to_le16(chan->scid);
644 req.psm = chan->psm;
79d554a6 645
fc7f8a7e 646 chan->ident = l2cap_get_ident(conn);
c1360a1c 647 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 648
fc7f8a7e
GP		 649 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
650 sizeof(req), &req);
b1235d79 651 }
79d554a6
MH		 652 } else {
653 struct l2cap_info_req req;
654 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
655
656 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
657 conn->info_ident = l2cap_get_ident(conn);
658
659 mod_timer(&conn->info_timer, jiffies +
660 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
661
662 l2cap_send_cmd(conn, conn->info_ident,
663 L2CAP_INFO_REQ, sizeof(req), &req);
664 }
665}
666
cf6c2c0b
GP		 667static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
668{
669 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 670 if (!disable_ertm)
cf6c2c0b
GP		 671 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
672
673 switch (mode) {
674 case L2CAP_MODE_ERTM:
675 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
676 case L2CAP_MODE_STREAMING:
677 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
678 default:
679 return 0x00;
680 }
681}
682
4519de9a 683static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 684{
e92c8e70 685 struct sock *sk;
22121fc9
GP		 686 struct l2cap_disconn_req req;
687
c13ffa62
GP		 688 if (!conn)
689 return;
690
e92c8e70
GP		 691 sk = chan->sk;
692
0c1bc5c6 693 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 694 __clear_retrans_timer(chan);
695 __clear_monitor_timer(chan);
696 __clear_ack_timer(chan);
c13ffa62
GP		 697 }
698
fe4128e0
GP		 699 req.dcid = cpu_to_le16(chan->dcid);
700 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 701 l2cap_send_cmd(conn, l2cap_get_ident(conn),
702 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 703
89bc500e 704 l2cap_state_change(chan, BT_DISCONN);
9b108fc0 705 sk->sk_err = err;
22121fc9
GP		 706}
707
1da177e4 708/* ---- L2CAP connections ---- */
4e8402a3
MH		 709static void l2cap_conn_start(struct l2cap_conn *conn)
710{
820ffdb3 711 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 712
713 BT_DBG("conn %p", conn);
714
baa7e1fa 715 read_lock(&conn->chan_lock);
4e8402a3 716
820ffdb3 717 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 718 struct sock *sk = chan->sk;
baa7e1fa 719
4e8402a3
MH		 720 bh_lock_sock(sk);
721
715ec005 722 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
79d554a6
MH		 723 bh_unlock_sock(sk);
724 continue;
725 }
726
89bc500e 727 if (chan->state == BT_CONNECT) {
47731de7 728 struct l2cap_conn_req req;
79d554a6 729
4343478f 730 if (!l2cap_check_security(chan) ||
b4450035 731 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 732 bh_unlock_sock(sk);
733 continue;
734 }
79d554a6 735
c1360a1c
GP		 736 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
737 && test_bit(CONF_STATE2_DEVICE,
738 &chan->conf_state)) {
0f852724 739 /* l2cap_chan_close() calls list_del(chan)
820ffdb3 740 * so release the lock */
2461daac 741 read_unlock(&conn->chan_lock);
89bc500e 742 l2cap_chan_close(chan, ECONNRESET);
2461daac 743 read_lock(&conn->chan_lock);
47731de7
GP		 744 bh_unlock_sock(sk);
745 continue;
b1235d79 746 }
47731de7 747
fe4128e0
GP		 748 req.scid = cpu_to_le16(chan->scid);
749 req.psm = chan->psm;
47731de7 750
fc7f8a7e 751 chan->ident = l2cap_get_ident(conn);
c1360a1c 752 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 753
fc7f8a7e
GP		 754 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
755 sizeof(req), &req);
47731de7 756
89bc500e 757 } else if (chan->state == BT_CONNECT2) {
79d554a6 758 struct l2cap_conn_rsp rsp;
e9aeb2dd 759 char buf[128];
fe4128e0
GP		 760 rsp.scid = cpu_to_le16(chan->dcid);
761 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 762
4343478f 763 if (l2cap_check_security(chan)) {
f66dc81f
MH		 764 if (bt_sk(sk)->defer_setup) {
765 struct sock *parent = bt_sk(sk)->parent;
766 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
767 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 768 if (parent)
769 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 770
771 } else {
89bc500e 772 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 773 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
774 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
775 }
79d554a6
MH		 776 } else {
777 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
778 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
779 }
780
fc7f8a7e
GP		 781 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
782 sizeof(rsp), &rsp);
e9aeb2dd 783
c1360a1c 784 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd
GP		 785 rsp.result != L2CAP_CR_SUCCESS) {
786 bh_unlock_sock(sk);
787 continue;
788 }
789
c1360a1c 790 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 791 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 792 l2cap_build_conf_req(chan, buf), buf);
793 chan->num_conf_req++;
4e8402a3
MH		 794 }
795
796 bh_unlock_sock(sk);
797 }
798
baa7e1fa 799 read_unlock(&conn->chan_lock);
4e8402a3
MH		 800}
801
b62f328b
VT		 802/* Find socket with cid and source bdaddr.
803 * Returns closest match, locked.
804 */
23691d75 805static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 806{
23691d75 807 struct l2cap_chan *c, *c1 = NULL;
b62f328b 808
23691d75 809 read_lock(&chan_list_lock);
b62f328b 810
23691d75
GP		 811 list_for_each_entry(c, &chan_list, global_l) {
812 struct sock *sk = c->sk;
fe4128e0 813
89bc500e 814 if (state && c->state != state)
b62f328b
VT		 815 continue;
816
23691d75 817 if (c->scid == cid) {
b62f328b 818 /* Exact match. */
23691d75
GP		 819 if (!bacmp(&bt_sk(sk)->src, src)) {
820 read_unlock(&chan_list_lock);
821 return c;
822 }
b62f328b
VT		 823
824 /* Closest match */
825 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 826 c1 = c;
b62f328b
VT		 827 }
828 }
280f294f 829
23691d75 830 read_unlock(&chan_list_lock);
b62f328b 831
23691d75 832 return c1;
b62f328b
VT		 833}
834
835static void l2cap_le_conn_ready(struct l2cap_conn *conn)
836{
c916fbe4 837 struct sock *parent, *sk;
23691d75 838 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 839
840 BT_DBG("");
841
842 /* Check if we have socket listening on cid */
23691d75 843 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 844 conn->src);
23691d75 845 if (!pchan)
b62f328b
VT		 846 return;
847
23691d75
GP		 848 parent = pchan->sk;
849
62f3a2cf
GP		 850 bh_lock_sock(parent);
851
b62f328b
VT		 852 /* Check for backlog size */
853 if (sk_acceptq_is_full(parent)) {
854 BT_DBG("backlog full %d", parent->sk_ack_backlog);
855 goto clean;
856 }
857
80808e43
GP		 858 chan = pchan->ops->new_connection(pchan->data);
859 if (!chan)
b62f328b
VT		 860 goto clean;
861
80808e43 862 sk = chan->sk;
5d41ce1d 863
baa7e1fa 864 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 865
866 hci_conn_hold(conn->hcon);
867
b62f328b
VT		 868 bacpy(&bt_sk(sk)->src, conn->src);
869 bacpy(&bt_sk(sk)->dst, conn->dst);
870
d1010240
GP		 871 bt_accept_enqueue(parent, sk);
872
48454079
GP		 873 __l2cap_chan_add(conn, chan);
874
c9b66675 875 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 876
89bc500e 877 l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 878 parent->sk_data_ready(parent, 0);
879
baa7e1fa 880 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 881
882clean:
883 bh_unlock_sock(parent);
884}
885
f1cb9af5
VCG		 886static void l2cap_chan_ready(struct sock *sk)
887{
888 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
889 struct sock *parent = bt_sk(sk)->parent;
890
891 BT_DBG("sk %p, parent %p", sk, parent);
892
893 chan->conf_state = 0;
894 __clear_chan_timer(chan);
895
43f3dc41 896 l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 897 sk->sk_state_change(sk);
898
899 if (parent)
900 parent->sk_data_ready(parent, 0);
901}
902
4e8402a3
MH		 903static void l2cap_conn_ready(struct l2cap_conn *conn)
904{
48454079 905 struct l2cap_chan *chan;
4e8402a3 906
79d554a6 907 BT_DBG("conn %p", conn);
4e8402a3 908
b62f328b
VT		 909 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
910 l2cap_le_conn_ready(conn);
911
160dc6ac
VCG		 912 if (conn->hcon->out && conn->hcon->type == LE_LINK)
913 smp_conn_security(conn, conn->hcon->pending_sec_level);
914
baa7e1fa 915 read_lock(&conn->chan_lock);
4e8402a3 916
baa7e1fa 917 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 918 struct sock *sk = chan->sk;
baa7e1fa 919
79d554a6 920 bh_lock_sock(sk);
4e8402a3 921
63128451 922 if (conn->hcon->type == LE_LINK) {
b501d6a1 923 if (smp_conn_security(conn, chan->sec_level))
f1cb9af5 924 l2cap_chan_ready(sk);
acd7d370 925
63128451 926 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 927 __clear_chan_timer(chan);
89bc500e 928 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 929 sk->sk_state_change(sk);
b501d6a1 930
89bc500e 931 } else if (chan->state == BT_CONNECT)
fc7f8a7e 932 l2cap_do_start(chan);
4e8402a3 933
79d554a6 934 bh_unlock_sock(sk);
4e8402a3 935 }
79d554a6 936
baa7e1fa 937 read_unlock(&conn->chan_lock);
4e8402a3
MH		 938}
939
940/* Notify sockets that we cannot guaranty reliability anymore */
941static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
942{
48454079 943 struct l2cap_chan *chan;
4e8402a3
MH		 944
945 BT_DBG("conn %p", conn);
946
baa7e1fa 947 read_lock(&conn->chan_lock);
4e8402a3 948
baa7e1fa 949 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 950 struct sock *sk = chan->sk;
baa7e1fa 951
ecf61bdb 952 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
4e8402a3
MH		 953 sk->sk_err = err;
954 }
955
baa7e1fa 956 read_unlock(&conn->chan_lock);
4e8402a3
MH		 957}
958
959static void l2cap_info_timeout(unsigned long arg)
960{
961 struct l2cap_conn *conn = (void *) arg;
962
984947dc 963 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 964 conn->info_ident = 0;
984947dc 965
4e8402a3
MH		 966 l2cap_conn_start(conn);
967}
968
5d3de7df
VCG		 969static void l2cap_conn_del(struct hci_conn *hcon, int err)
970{
971 struct l2cap_conn *conn = hcon->l2cap_data;
972 struct l2cap_chan *chan, *l;
973 struct sock *sk;
974
975 if (!conn)
976 return;
977
978 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
979
980 kfree_skb(conn->rx_skb);
981
982 /* Kill channels */
983 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
984 sk = chan->sk;
985 bh_lock_sock(sk);
986 l2cap_chan_del(chan, err);
987 bh_unlock_sock(sk);
988 chan->ops->close(chan->data);
989 }
990
991 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
992 del_timer_sync(&conn->info_timer);
993
d26a2345 994 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) {
5d3de7df 995 del_timer(&conn->security_timer);
8aab4757 996 smp_chan_destroy(conn);
d26a2345 997 }
5d3de7df
VCG		 998
999 hcon->l2cap_data = NULL;
1000 kfree(conn);
1001}
1002
1003static void security_timeout(unsigned long arg)
1004{
1005 struct l2cap_conn *conn = (void *) arg;
1006
1007 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1008}
1009
1da177e4
LT		 1010static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1011{
0139418c 1012 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 1013
0139418c 1014 if (conn || status)
1da177e4
LT		 1015 return conn;
1016
0139418c
MH		 1017 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
1018 if (!conn)
1da177e4 1019 return NULL;
1da177e4
LT		 1020
1021 hcon->l2cap_data = conn;
1022 conn->hcon = hcon;
1023
0139418c
MH		 1024 BT_DBG("hcon %p conn %p", hcon, conn);
1025
acd7d370
VT		 1026 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1027 conn->mtu = hcon->hdev->le_mtu;
1028 else
1029 conn->mtu = hcon->hdev->acl_mtu;
1030
1da177e4
LT		 1031 conn->src = &hcon->hdev->bdaddr;
1032 conn->dst = &hcon->dst;
1033
4e8402a3
MH		 1034 conn->feat_mask = 0;
1035
1da177e4 1036 spin_lock_init(&conn->lock);
baa7e1fa
GP		 1037 rwlock_init(&conn->chan_lock);
1038
1039 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1040
5d3de7df
VCG		 1041 if (hcon->type == LE_LINK)
1042 setup_timer(&conn->security_timer, security_timeout,
1043 (unsigned long) conn);
1044 else
b62f328b 1045 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 1046 (unsigned long) conn);
1047
2950f21a
MH		 1048 conn->disc_reason = 0x13;
1049
1da177e4
LT		 1050 return conn;
1051}
1052
48454079 1053static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 1054{
baa7e1fa 1055 write_lock_bh(&conn->chan_lock);
48454079 1056 __l2cap_chan_add(conn, chan);
baa7e1fa 1057 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 1058}
1059
1da177e4 1060/* ---- Socket interface ---- */
1da177e4
LT		 1061
1062/* Find socket with psm and source bdaddr.
1063 * Returns closest match.
1064 */
23691d75 1065static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1066{
23691d75 1067 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1068
23691d75 1069 read_lock(&chan_list_lock);
e0f0cb56 1070
23691d75
GP		 1071 list_for_each_entry(c, &chan_list, global_l) {
1072 struct sock *sk = c->sk;
fe4128e0 1073
89bc500e 1074 if (state && c->state != state)
1da177e4
LT		 1075 continue;
1076
23691d75 1077 if (c->psm == psm) {
1da177e4 1078 /* Exact match. */
23691d75 1079 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1080 read_unlock(&chan_list_lock);
23691d75
GP		 1081 return c;
1082 }
1da177e4
LT		 1083
1084 /* Closest match */
1085 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1086 c1 = c;
1da177e4
LT		 1087 }
1088 }
1da177e4 1089
23691d75 1090 read_unlock(&chan_list_lock);
e0f0cb56 1091
23691d75 1092 return c1;
1da177e4
LT		 1093}
1094
77a74c7e 1095int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1096{
5d41ce1d 1097 struct sock *sk = chan->sk;
1da177e4
LT		 1098 bdaddr_t *src = &bt_sk(sk)->src;
1099 bdaddr_t *dst = &bt_sk(sk)->dst;
1100 struct l2cap_conn *conn;
1101 struct hci_conn *hcon;
1102 struct hci_dev *hdev;
09ab6f4c 1103 __u8 auth_type;
44d0e48e 1104 int err;
1da177e4 1105
f29972de 1106 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1107 chan->psm);
1da177e4 1108
af05b30b
GP		 1109 hdev = hci_get_route(dst, src);
1110 if (!hdev)
1da177e4
LT		 1111 return -EHOSTUNREACH;
1112
1113 hci_dev_lock_bh(hdev);
1114
4343478f 1115 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1116
fe4128e0 1117 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1118 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1119 chan->sec_level, auth_type);
acd7d370
VT		 1120 else
1121 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1122 chan->sec_level, auth_type);
acd7d370 1123
30e76272
VT		 1124 if (IS_ERR(hcon)) {
1125 err = PTR_ERR(hcon);
1da177e4 1126 goto done;
30e76272 1127 }
1da177e4
LT		 1128
1129 conn = l2cap_conn_add(hcon, 0);
1130 if (!conn) {
1131 hci_conn_put(hcon);
30e76272 1132 err = -ENOMEM;
1da177e4
LT		 1133 goto done;
1134 }
1135
1da177e4
LT		 1136 /* Update source addr of the socket */
1137 bacpy(src, conn->src);
1138
48454079
GP		 1139 l2cap_chan_add(conn, chan);
1140
89bc500e 1141 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1142 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1143
1144 if (hcon->state == BT_CONNECTED) {
715ec005 1145 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1146 __clear_chan_timer(chan);
4343478f 1147 if (l2cap_check_security(chan))
89bc500e 1148 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1149 } else
fc7f8a7e 1150 l2cap_do_start(chan);
1da177e4
LT		 1151 }
1152
30e76272
VT		 1153 err = 0;
1154
1da177e4
LT		 1155done:
1156 hci_dev_unlock_bh(hdev);
1157 hci_dev_put(hdev);
1158 return err;
1159}
1160
dcba0dba 1161int __l2cap_wait_ack(struct sock *sk)
6161c038 1162{
8c1d787b 1163 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1164 DECLARE_WAITQUEUE(wait, current);
1165 int err = 0;
1166 int timeo = HZ/5;
1167
2b0b05dd 1168 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1169 set_current_state(TASK_INTERRUPTIBLE);
1170 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1171 if (!timeo)
1172 timeo = HZ/5;
1173
1174 if (signal_pending(current)) {
1175 err = sock_intr_errno(timeo);
1176 break;
1177 }
1178
1179 release_sock(sk);
1180 timeo = schedule_timeout(timeo);
1181 lock_sock(sk);
a71a0cf4 1182 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1183
1184 err = sock_error(sk);
1185 if (err)
1186 break;
1187 }
1188 set_current_state(TASK_RUNNING);
2b0b05dd 1189 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1190 return err;
1191}
1192
e90bac06
GP		 1193static void l2cap_monitor_timeout(unsigned long arg)
1194{
525cd185
GP		 1195 struct l2cap_chan *chan = (void *) arg;
1196 struct sock *sk = chan->sk;
e90bac06 1197
525cd185 1198 BT_DBG("chan %p", chan);
0e98958d 1199
e686219a 1200 bh_lock_sock(sk);
2c03a7a4 1201 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1202 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1203 bh_unlock_sock(sk);
e90bac06
GP		 1204 return;
1205 }
1206
6a026610 1207 chan->retry_count++;
1a09bcb9 1208 __set_monitor_timer(chan);
e90bac06 1209
525cd185 1210 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1211 bh_unlock_sock(sk);
e90bac06
GP		 1212}
1213
1214static void l2cap_retrans_timeout(unsigned long arg)
1215{
525cd185
GP		 1216 struct l2cap_chan *chan = (void *) arg;
1217 struct sock *sk = chan->sk;
e90bac06 1218
49208c9c 1219 BT_DBG("chan %p", chan);
0e98958d 1220
e686219a 1221 bh_lock_sock(sk);
6a026610 1222 chan->retry_count = 1;
1a09bcb9 1223 __set_monitor_timer(chan);
e90bac06 1224
e2ab4353 1225 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1226
525cd185 1227 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1228 bh_unlock_sock(sk);
e90bac06
GP		 1229}
1230
42e5c802 1231static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1232{
1c2acffb 1233 struct sk_buff *skb;
1da177e4 1234
58d35f87 1235 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1236 chan->unacked_frames) {
42e5c802 1237 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1238 break;
1da177e4 1239
58d35f87 1240 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1241 kfree_skb(skb);
1da177e4 1242
6a026610 1243 chan->unacked_frames--;
1c2acffb 1244 }
1da177e4 1245
6a026610 1246 if (!chan->unacked_frames)
1a09bcb9 1247 __clear_retrans_timer(chan);
1c2acffb 1248}
1da177e4 1249
67c9e840 1250static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1251{
8c1d787b 1252 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1253 u16 flags;
1c2acffb 1254
4343478f 1255 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1256
d57b0e8b
AE		 1257 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
1258 lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1259 flags = ACL_START_NO_FLUSH;
1260 else
1261 flags = ACL_START;
1262
15770b1a 1263 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
e702112f 1264 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1265}
1266
67c9e840 1267static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1268{
ccbb84af 1269 struct sk_buff *skb;
fcc203c3 1270 u16 control, fcs;
6840ed07 1271
58d35f87 1272 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1273 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
fb45de7d 1274 control |= __set_txseq(chan, chan->next_tx_seq);
ccbb84af 1275 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1276
47d1ec61 1277 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1278 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1279 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1280 }
1281
4343478f 1282 l2cap_do_send(chan, skb);
6840ed07 1283
42e5c802 1284 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1285 }
6840ed07
GP		 1286}
1287
fb45de7d 1288static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1289{
8f17154f
GP		 1290 struct sk_buff *skb, *tx_skb;
1291 u16 control, fcs;
8f17154f 1292
58d35f87 1293 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1294 if (!skb)
1295 return;
8f17154f 1296
f11d676d
GP		 1297 do {
1298 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1299 break;
8f17154f 1300
58d35f87 1301 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1302 return;
8f17154f 1303
58d35f87 1304 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1305
2c03a7a4
GP		 1306 if (chan->remote_max_tx &&
1307 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1308 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1309 return;
1310 }
1311
1312 tx_skb = skb_clone(skb, GFP_ATOMIC);
1313 bt_cb(skb)->retries++;
1314 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1315 control &= __get_sar_mask(chan);
3cb123d1 1316
e2ab4353 1317 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1318 control |= __set_ctrl_final(chan);
95ffa978 1319
0b209fae 1320 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1321 control |= __set_txseq(chan, tx_seq);
3cb123d1 1322
f11d676d
GP		 1323 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1324
47d1ec61 1325 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1326 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1327 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1328 }
1329
4343478f 1330 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1331}
1332
67c9e840 1333static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1334{
1335 struct sk_buff *skb, *tx_skb;
fcc203c3 1336 u16 control, fcs;
9a9c6a34 1337 int nsent = 0;
1c2acffb 1338
89bc500e 1339 if (chan->state != BT_CONNECTED)
c13ffa62 1340 return -ENOTCONN;
e90bac06 1341
58d35f87 1342 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1343
2c03a7a4
GP		 1344 if (chan->remote_max_tx &&
1345 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1346 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1347 break;
1348 }
1349
e420aba3
AE		 1350 tx_skb = skb_clone(skb, GFP_ATOMIC);
1351
e90bac06
GP		 1352 bt_cb(skb)->retries++;
1353
1c2acffb 1354 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1355 control &= __get_sar_mask(chan);
95ffa978 1356
e2ab4353 1357 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1358 control |= __set_ctrl_final(chan);
e2ab4353 1359
0b209fae 1360 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1361 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb
GP		 1362 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1363
e90bac06 1364
47d1ec61 1365 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1366 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1367 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1368 }
1369
4343478f 1370 l2cap_do_send(chan, tx_skb);
9a9c6a34 1371
1a09bcb9 1372 __set_retrans_timer(chan);
1c2acffb 1373
42e5c802
GP		 1374 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1375 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1376
23e9fde2 1377 if (bt_cb(skb)->retries == 1)
6a026610 1378 chan->unacked_frames++;
23e9fde2 1379
6a026610 1380 chan->frames_sent++;
1c2acffb 1381
58d35f87
GP		 1382 if (skb_queue_is_last(&chan->tx_q, skb))
1383 chan->tx_send_head = NULL;
1c2acffb 1384 else
58d35f87 1385 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1386
1387 nsent++;
1c2acffb
GP		 1388 }
1389
9e917af1
GP		 1390 return nsent;
1391}
1392
525cd185 1393static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1394{
dfc909be
GP		 1395 int ret;
1396
58d35f87
GP		 1397 if (!skb_queue_empty(&chan->tx_q))
1398 chan->tx_send_head = chan->tx_q.next;
dfc909be 1399
42e5c802 1400 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1401 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1402 return ret;
1403}
1404
525cd185 1405static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1406{
9e917af1
GP		 1407 u16 control = 0;
1408
0b209fae 1409 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1410
e2ab4353 1411 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1412 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1413 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1414 l2cap_send_sframe(chan, control);
9a9c6a34 1415 return;
9e917af1 1416 }
dfc909be 1417
525cd185 1418 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1419 return;
1420
ab784b73 1421 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1422 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1423}
1424
525cd185 1425static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1426{
1427 struct srej_list *tail;
1428 u16 control;
1429
ab784b73 1430 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1431 control |= __set_ctrl_final(chan);
99b0d4b7 1432
39d5a3ee 1433 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1434 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1435
525cd185 1436 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1437}
1438
1c2acffb
GP		 1439static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1440{
8c1d787b 1441 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1442 struct sk_buff **frag;
1443 int err, sent = 0;
1da177e4 1444
59203a21 1445 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1446 return -EFAULT;
1da177e4
LT		 1447
1448 sent += count;
1449 len -= count;
1450
1451 /* Continuation fragments (no L2CAP header) */
1452 frag = &skb_shinfo(skb)->frag_list;
1453 while (len) {
1454 count = min_t(unsigned int, conn->mtu, len);
1455
1456 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1457 if (!*frag)
0175d629 1458 return err;
1c2acffb
GP		 1459 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1460 return -EFAULT;
1da177e4
LT		 1461
1462 sent += count;
1463 len -= count;
1464
1465 frag = &(*frag)->next;
1466 }
1da177e4
LT		 1467
1468 return sent;
1c2acffb 1469}
1da177e4 1470
67c9e840 1471static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1472{
fe4128e0 1473 struct sock *sk = chan->sk;
8c1d787b 1474 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1475 struct sk_buff *skb;
1476 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1477 struct l2cap_hdr *lh;
1478
1479 BT_DBG("sk %p len %d", sk, (int)len);
1480
1481 count = min_t(unsigned int, (conn->mtu - hlen), len);
1482 skb = bt_skb_send_alloc(sk, count + hlen,
1483 msg->msg_flags & MSG_DONTWAIT, &err);
1484 if (!skb)
0175d629 1485 return ERR_PTR(err);
1c2acffb
GP		 1486
1487 /* Create L2CAP header */
1488 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1489 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1490 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1491 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1492
1493 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1494 if (unlikely(err < 0)) {
1495 kfree_skb(skb);
1496 return ERR_PTR(err);
1497 }
1498 return skb;
1499}
1500
67c9e840 1501static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1502{
fe4128e0 1503 struct sock *sk = chan->sk;
8c1d787b 1504 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1505 struct sk_buff *skb;
1506 int err, count, hlen = L2CAP_HDR_SIZE;
1507 struct l2cap_hdr *lh;
1508
1509 BT_DBG("sk %p len %d", sk, (int)len);
1510
1511 count = min_t(unsigned int, (conn->mtu - hlen), len);
1512 skb = bt_skb_send_alloc(sk, count + hlen,
1513 msg->msg_flags & MSG_DONTWAIT, &err);
1514 if (!skb)
0175d629 1515 return ERR_PTR(err);
1c2acffb
GP		 1516
1517 /* Create L2CAP header */
1518 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1519 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1520 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1521
1522 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1523 if (unlikely(err < 0)) {
1524 kfree_skb(skb);
1525 return ERR_PTR(err);
1526 }
1527 return skb;
1528}
1529
ab0ff76d
LAD		 1530static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1531 struct msghdr *msg, size_t len,
1532 u16 control, u16 sdulen)
1c2acffb 1533{
47d1ec61 1534 struct sock *sk = chan->sk;
8c1d787b 1535 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1536 struct sk_buff *skb;
1537 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1538 struct l2cap_hdr *lh;
1539
1540 BT_DBG("sk %p len %d", sk, (int)len);
1541
0ee0d208
GP		 1542 if (!conn)
1543 return ERR_PTR(-ENOTCONN);
1544
c74e560c
GP		 1545 if (sdulen)
1546 hlen += 2;
1547
47d1ec61 1548 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1549 hlen += 2;
1550
1c2acffb
GP		 1551 count = min_t(unsigned int, (conn->mtu - hlen), len);
1552 skb = bt_skb_send_alloc(sk, count + hlen,
1553 msg->msg_flags & MSG_DONTWAIT, &err);
1554 if (!skb)
0175d629 1555 return ERR_PTR(err);
1c2acffb
GP		 1556
1557 /* Create L2CAP header */
1558 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1559 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1560 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1561 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1562 if (sdulen)
1563 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1564
1565 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1566 if (unlikely(err < 0)) {
1567 kfree_skb(skb);
1568 return ERR_PTR(err);
1569 }
e90bac06 1570
47d1ec61 1571 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1572 put_unaligned_le16(0, skb_put(skb, 2));
1573
e90bac06 1574 bt_cb(skb)->retries = 0;
1c2acffb 1575 return skb;
1da177e4
LT		 1576}
1577
67c9e840 1578static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1579{
c74e560c
GP		 1580 struct sk_buff *skb;
1581 struct sk_buff_head sar_queue;
1582 u16 control;
1583 size_t size = 0;
1584
ff12fd64 1585 skb_queue_head_init(&sar_queue);
7e0ef6ee 1586 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1587 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1588 if (IS_ERR(skb))
1589 return PTR_ERR(skb);
1590
1591 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1592 len -= chan->remote_mps;
1593 size += chan->remote_mps;
c74e560c
GP		 1594
1595 while (len > 0) {
1596 size_t buflen;
1597
2c03a7a4 1598 if (len > chan->remote_mps) {
7e0ef6ee 1599 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1600 buflen = chan->remote_mps;
c74e560c 1601 } else {
7e0ef6ee 1602 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1603 buflen = len;
1604 }
1605
47d1ec61 1606 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1607 if (IS_ERR(skb)) {
1608 skb_queue_purge(&sar_queue);
1609 return PTR_ERR(skb);
1610 }
1611
1612 __skb_queue_tail(&sar_queue, skb);
1613 len -= buflen;
1614 size += buflen;
c74e560c 1615 }
58d35f87
GP		 1616 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1617 if (chan->tx_send_head == NULL)
1618 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1619
1620 return size;
1621}
1622
9a91a04a
GP		 1623int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1624{
9a91a04a
GP		 1625 struct sk_buff *skb;
1626 u16 control;
1627 int err;
1628
1629 /* Connectionless channel */
715ec005 1630 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
9a91a04a
GP		 1631 skb = l2cap_create_connless_pdu(chan, msg, len);
1632 if (IS_ERR(skb))
1633 return PTR_ERR(skb);
1634
1635 l2cap_do_send(chan, skb);
1636 return len;
1637 }
1638
1639 switch (chan->mode) {
1640 case L2CAP_MODE_BASIC:
1641 /* Check outgoing MTU */
1642 if (len > chan->omtu)
1643 return -EMSGSIZE;
1644
1645 /* Create a basic PDU */
1646 skb = l2cap_create_basic_pdu(chan, msg, len);
1647 if (IS_ERR(skb))
1648 return PTR_ERR(skb);
1649
1650 l2cap_do_send(chan, skb);
1651 err = len;
1652 break;
1653
1654 case L2CAP_MODE_ERTM:
1655 case L2CAP_MODE_STREAMING:
1656 /* Entire SDU fits into one PDU */
1657 if (len <= chan->remote_mps) {
7e0ef6ee 1658 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1659 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1660 0);
1661 if (IS_ERR(skb))
1662 return PTR_ERR(skb);
1663
1664 __skb_queue_tail(&chan->tx_q, skb);
1665
1666 if (chan->tx_send_head == NULL)
1667 chan->tx_send_head = skb;
1668
1669 } else {
1670 /* Segment SDU into multiples PDUs */
1671 err = l2cap_sar_segment_sdu(chan, msg, len);
1672 if (err < 0)
1673 return err;
1674 }
1675
1676 if (chan->mode == L2CAP_MODE_STREAMING) {
1677 l2cap_streaming_send(chan);
1678 err = len;
1679 break;
1680 }
1681
e2ab4353
GP		 1682 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1683 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1684 err = len;
1685 break;
1686 }
1687
1688 err = l2cap_ertm_send(chan);
1689 if (err >= 0)
1690 err = len;
1691
1692 break;
1693
1694 default:
1695 BT_DBG("bad state %1.1x", chan->mode);
1696 err = -EBADFD;
1697 }
1698
1699 return err;
1700}
1701
1da177e4
LT		 1702/* Copy frame to all raw sockets on that connection */
1703static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1704{
1da177e4 1705 struct sk_buff *nskb;
48454079 1706 struct l2cap_chan *chan;
1da177e4
LT		 1707
1708 BT_DBG("conn %p", conn);
1709
baa7e1fa
GP		 1710 read_lock(&conn->chan_lock);
1711 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1712 struct sock *sk = chan->sk;
715ec005 1713 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1714 continue;
1715
1716 /* Don't send frame to the socket it came from */
1717 if (skb->sk == sk)
1718 continue;
af05b30b
GP		 1719 nskb = skb_clone(skb, GFP_ATOMIC);
1720 if (!nskb)
1da177e4
LT		 1721 continue;
1722
23070494 1723 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1724 kfree_skb(nskb);
1725 }
baa7e1fa 1726 read_unlock(&conn->chan_lock);
1da177e4
LT		 1727}
1728
1729/* ---- L2CAP signalling commands ---- */
1730static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1731 u8 code, u8 ident, u16 dlen, void *data)
1732{
1733 struct sk_buff *skb, **frag;
1734 struct l2cap_cmd_hdr *cmd;
1735 struct l2cap_hdr *lh;
1736 int len, count;
1737
af05b30b
GP		 1738 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1739 conn, code, ident, dlen);
1da177e4
LT		 1740
1741 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1742 count = min_t(unsigned int, conn->mtu, len);
1743
1744 skb = bt_skb_alloc(count, GFP_ATOMIC);
1745 if (!skb)
1746 return NULL;
1747
1748 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1749 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1750
1751 if (conn->hcon->type == LE_LINK)
1752 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1753 else
1754 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1755
1756 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1757 cmd->code = code;
1758 cmd->ident = ident;
aca3192c 1759 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1760
1761 if (dlen) {
1762 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1763 memcpy(skb_put(skb, count), data, count);
1764 data += count;
1765 }
1766
1767 len -= skb->len;
1768
1769 /* Continuation fragments (no L2CAP header) */
1770 frag = &skb_shinfo(skb)->frag_list;
1771 while (len) {
1772 count = min_t(unsigned int, conn->mtu, len);
1773
1774 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1775 if (!*frag)
1776 goto fail;
1777
1778 memcpy(skb_put(*frag, count), data, count);
1779
1780 len -= count;
1781 data += count;
1782
1783 frag = &(*frag)->next;
1784 }
1785
1786 return skb;
1787
1788fail:
1789 kfree_skb(skb);
1790 return NULL;
1791}
1792
1793static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1794{
1795 struct l2cap_conf_opt *opt = *ptr;
1796 int len;
1797
1798 len = L2CAP_CONF_OPT_SIZE + opt->len;
1799 *ptr += len;
1800
1801 *type = opt->type;
1802 *olen = opt->len;
1803
1804 switch (opt->len) {
1805 case 1:
1806 *val = *((u8 *) opt->val);
1807 break;
1808
1809 case 2:
bfaaeb3e 1810 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1811 break;
1812
1813 case 4:
bfaaeb3e 1814 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1815 break;
1816
1817 default:
1818 *val = (unsigned long) opt->val;
1819 break;
1820 }
1821
1822 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1823 return len;
1824}
1825
1da177e4
LT		 1826static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1827{
1828 struct l2cap_conf_opt *opt = *ptr;
1829
1830 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1831
1832 opt->type = type;
1833 opt->len = len;
1834
1835 switch (len) {
1836 case 1:
1837 *((u8 *) opt->val) = val;
1838 break;
1839
1840 case 2:
4f8b691c 1841 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1842 break;
1843
1844 case 4:
4f8b691c 1845 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1846 break;
1847
1848 default:
1849 memcpy(opt->val, (void *) val, len);
1850 break;
1851 }
1852
1853 *ptr += L2CAP_CONF_OPT_SIZE + len;
1854}
1855
c1b4f43b
GP		 1856static void l2cap_ack_timeout(unsigned long arg)
1857{
525cd185 1858 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1859
525cd185
GP		 1860 bh_lock_sock(chan->sk);
1861 l2cap_send_ack(chan);
1862 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1863}
1864
525cd185 1865static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1866{
525cd185
GP		 1867 struct sock *sk = chan->sk;
1868
42e5c802 1869 chan->expected_ack_seq = 0;
6a026610 1870 chan->unacked_frames = 0;
42e5c802 1871 chan->buffer_seq = 0;
6a026610
GP		 1872 chan->num_acked = 0;
1873 chan->frames_sent = 0;
0565c1c2 1874
e92c8e70
GP		 1875 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1876 (unsigned long) chan);
1877 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1878 (unsigned long) chan);
1879 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1880
f1c6775b 1881 skb_queue_head_init(&chan->srej_q);
1890d36b 1882
39d5a3ee
GP		 1883 INIT_LIST_HEAD(&chan->srej_l);
1884
218bb9df
GP		 1885
1886 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1887}
1888
f2fcfcd6
GP		 1889static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1890{
1891 switch (mode) {
1892 case L2CAP_MODE_STREAMING:
1893 case L2CAP_MODE_ERTM:
1894 if (l2cap_mode_supported(mode, remote_feat_mask))
1895 return mode;
1896 /* fall through */
1897 default:
1898 return L2CAP_MODE_BASIC;
1899 }
1900}
1901
6327eb98
AE		 1902static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
1903{
1904 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
1905}
1906
1907static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
1908{
1909 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
1910 __l2cap_ews_supported(chan))
1911 /* use extended control field */
1912 set_bit(FLAG_EXT_CTRL, &chan->flags);
1913 else
1914 chan->tx_win = min_t(u16, chan->tx_win,
1915 L2CAP_DEFAULT_TX_WINDOW);
1916}
1917
710f9b0a 1918static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1919{
1da177e4 1920 struct l2cap_conf_req *req = data;
0c1bc5c6 1921 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1922 void *ptr = req->data;
1923
49208c9c 1924 BT_DBG("chan %p", chan);
1da177e4 1925
73ffa904 1926 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1927 goto done;
1928
0c1bc5c6 1929 switch (chan->mode) {
f2fcfcd6
GP		 1930 case L2CAP_MODE_STREAMING:
1931 case L2CAP_MODE_ERTM:
c1360a1c 1932 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 1933 break;
85eb53c6 1934
2ba13ed6 1935 /* fall through */
f2fcfcd6 1936 default:
8c1d787b 1937 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1938 break;
1939 }
1940
1941done:
0c1bc5c6
GP		 1942 if (chan->imtu != L2CAP_DEFAULT_MTU)
1943 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1944
0c1bc5c6 1945 switch (chan->mode) {
65c7c491 1946 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1947 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1948 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1949 break;
1950
62547752
GP		 1951 rfc.mode = L2CAP_MODE_BASIC;
1952 rfc.txwin_size = 0;
1953 rfc.max_transmit = 0;
1954 rfc.retrans_timeout = 0;
1955 rfc.monitor_timeout = 0;
1956 rfc.max_pdu_size = 0;
1957
63406504
GP		 1958 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1959 (unsigned long) &rfc);
65c7c491
MH		 1960 break;
1961
1962 case L2CAP_MODE_ERTM:
1963 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 1964 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1965 rfc.retrans_timeout = 0;
1966 rfc.monitor_timeout = 0;
c74e560c 1967 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1968 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1969 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1970
6327eb98
AE		 1971 l2cap_txwin_setup(chan);
1972
1973 rfc.txwin_size = min_t(u16, chan->tx_win,
1974 L2CAP_DEFAULT_TX_WINDOW);
1975
63406504
GP		 1976 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1977 (unsigned long) &rfc);
1978
8c1d787b 1979 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1980 break;
1981
47d1ec61 1982 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1983 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1984 chan->fcs = L2CAP_FCS_NONE;
1985 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1986 }
6327eb98
AE		 1987
1988 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1989 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
1990 chan->tx_win);
f2fcfcd6
GP		 1991 break;
1992
1993 case L2CAP_MODE_STREAMING:
1994 rfc.mode = L2CAP_MODE_STREAMING;
1995 rfc.txwin_size = 0;
1996 rfc.max_transmit = 0;
1997 rfc.retrans_timeout = 0;
1998 rfc.monitor_timeout = 0;
c74e560c 1999 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 2000 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
2001 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 2002
63406504
GP		 2003 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2004 (unsigned long) &rfc);
2005
8c1d787b 2006 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2007 break;
2008
47d1ec61 2009 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2010 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2011 chan->fcs = L2CAP_FCS_NONE;
2012 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2013 }
65c7c491
MH		 2014 break;
2015 }
1da177e4 2016
fe4128e0 2017 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2018 req->flags = cpu_to_le16(0);
1da177e4
LT		 2019
2020 return ptr - data;
2021}
2022
73ffa904 2023static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2024{
5dee9e7c
MH		 2025 struct l2cap_conf_rsp *rsp = data;
2026 void *ptr = rsp->data;
73ffa904
GP		 2027 void *req = chan->conf_req;
2028 int len = chan->conf_len;
5dee9e7c
MH		 2029 int type, hint, olen;
2030 unsigned long val;
6464f35f 2031 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 2032 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2033 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 2034
73ffa904 2035 BT_DBG("chan %p", chan);
820ae1b8 2036
5dee9e7c
MH		 2037 while (len >= L2CAP_CONF_OPT_SIZE) {
2038 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2039
589d2746 2040 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2041 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2042
2043 switch (type) {
2044 case L2CAP_CONF_MTU:
861d6882 2045 mtu = val;
5dee9e7c
MH		 2046 break;
2047
2048 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2049 chan->flush_to = val;
5dee9e7c
MH		 2050 break;
2051
2052 case L2CAP_CONF_QOS:
2053 break;
2054
6464f35f
MH		 2055 case L2CAP_CONF_RFC:
2056 if (olen == sizeof(rfc))
2057 memcpy(&rfc, (void *) val, olen);
2058 break;
2059
fcc203c3
GP		 2060 case L2CAP_CONF_FCS:
2061 if (val == L2CAP_FCS_NONE)
c1360a1c 2062 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
fcc203c3
GP		 2063
2064 break;
2065
6327eb98
AE		 2066 case L2CAP_CONF_EWS:
2067 if (!enable_hs)
2068 return -ECONNREFUSED;
2069
2070 set_bit(FLAG_EXT_CTRL, &chan->flags);
2071 set_bit(CONF_EWS_RECV, &chan->conf_state);
2072 chan->remote_tx_win = val;
2073 break;
2074
5dee9e7c
MH		 2075 default:
2076 if (hint)
2077 break;
2078
2079 result = L2CAP_CONF_UNKNOWN;
2080 *((u8 *) ptr++) = type;
2081 break;
2082 }
2083 }
2084
73ffa904 2085 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2086 goto done;
2087
0c1bc5c6 2088 switch (chan->mode) {
f2fcfcd6
GP		 2089 case L2CAP_MODE_STREAMING:
2090 case L2CAP_MODE_ERTM:
c1360a1c 2091 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2092 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2093 chan->conn->feat_mask);
85eb53c6
GP		 2094 break;
2095 }
2096
0c1bc5c6 2097 if (chan->mode != rfc.mode)
f2fcfcd6 2098 return -ECONNREFUSED;
742e519b 2099
f2fcfcd6 2100 break;
f2fcfcd6
GP		 2101 }
2102
2103done:
0c1bc5c6 2104 if (chan->mode != rfc.mode) {
f2fcfcd6 2105 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2106 rfc.mode = chan->mode;
f2fcfcd6 2107
73ffa904 2108 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2109 return -ECONNREFUSED;
2110
2111 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2112 sizeof(rfc), (unsigned long) &rfc);
2113 }
2114
2115
5dee9e7c
MH		 2116 if (result == L2CAP_CONF_SUCCESS) {
2117 /* Configure output options and let the other side know
2118 * which ones we don't like. */
2119
f2fcfcd6
GP		 2120 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2121 result = L2CAP_CONF_UNACCEPT;
2122 else {
0c1bc5c6 2123 chan->omtu = mtu;
c1360a1c 2124 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2125 }
0c1bc5c6 2126 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2127
f2fcfcd6
GP		 2128 switch (rfc.mode) {
2129 case L2CAP_MODE_BASIC:
47d1ec61 2130 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2131 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2132 break;
2133
2134 case L2CAP_MODE_ERTM:
6327eb98
AE		 2135 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2136 chan->remote_tx_win = rfc.txwin_size;
2137 else
2138 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2139
2c03a7a4 2140 chan->remote_max_tx = rfc.max_transmit;
86b1b263 2141
8c1d787b
GP		 2142 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2143 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2144
2c03a7a4 2145 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2146
10467e9e
GP		 2147 rfc.retrans_timeout =
2148 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2149 rfc.monitor_timeout =
2150 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2151
c1360a1c 2152 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2153
2154 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2155 sizeof(rfc), (unsigned long) &rfc);
2156
f2fcfcd6
GP		 2157 break;
2158
2159 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 2160 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2161 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2162
2c03a7a4 2163 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2164
c1360a1c 2165 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2166
2167 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2168 sizeof(rfc), (unsigned long) &rfc);
2169
f2fcfcd6
GP		 2170 break;
2171
2172 default:
5dee9e7c 2173 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2174
6464f35f 2175 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2176 rfc.mode = chan->mode;
f2fcfcd6 2177 }
6464f35f 2178
f2fcfcd6 2179 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2180 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2181 }
fe4128e0 2182 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2183 rsp->result = cpu_to_le16(result);
2184 rsp->flags = cpu_to_le16(0x0000);
2185
2186 return ptr - data;
1da177e4
LT		 2187}
2188
b4450035 2189static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2190{
f2fcfcd6
GP		 2191 struct l2cap_conf_req *req = data;
2192 void *ptr = req->data;
2193 int type, olen;
2194 unsigned long val;
2195 struct l2cap_conf_rfc rfc;
2196
fe4128e0 2197 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2198
2199 while (len >= L2CAP_CONF_OPT_SIZE) {
2200 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2201
2202 switch (type) {
2203 case L2CAP_CONF_MTU:
2204 if (val < L2CAP_DEFAULT_MIN_MTU) {
2205 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2206 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2207 } else
0c1bc5c6
GP		 2208 chan->imtu = val;
2209 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2210 break;
2211
2212 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2213 chan->flush_to = val;
f2fcfcd6 2214 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2215 2, chan->flush_to);
f2fcfcd6
GP		 2216 break;
2217
2218 case L2CAP_CONF_RFC:
2219 if (olen == sizeof(rfc))
2220 memcpy(&rfc, (void *)val, olen);
2221
c1360a1c 2222 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2223 rfc.mode != chan->mode)
f2fcfcd6
GP		 2224 return -ECONNREFUSED;
2225
47d1ec61 2226 chan->fcs = 0;
f2fcfcd6
GP		 2227
2228 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2229 sizeof(rfc), (unsigned long) &rfc);
2230 break;
6327eb98
AE		 2231
2232 case L2CAP_CONF_EWS:
2233 chan->tx_win = min_t(u16, val,
2234 L2CAP_DEFAULT_EXT_WINDOW);
2235 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS,
2236 2, chan->tx_win);
2237 break;
f2fcfcd6
GP		 2238 }
2239 }
2240
0c1bc5c6 2241 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2242 return -ECONNREFUSED;
2243
0c1bc5c6 2244 chan->mode = rfc.mode;
6c2ea7a8 2245
f2fcfcd6
GP		 2246 if (*result == L2CAP_CONF_SUCCESS) {
2247 switch (rfc.mode) {
2248 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2249 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2250 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2251 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2252 break;
2253 case L2CAP_MODE_STREAMING:
47d1ec61 2254 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2255 }
2256 }
2257
fe4128e0 2258 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2259 req->flags = cpu_to_le16(0x0000);
2260
2261 return ptr - data;
2262}
2263
fe4128e0 2264static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2265{
2266 struct l2cap_conf_rsp *rsp = data;
2267 void *ptr = rsp->data;
1da177e4 2268
fe4128e0 2269 BT_DBG("chan %p", chan);
1da177e4 2270
fe4128e0 2271 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2272 rsp->result = cpu_to_le16(result);
aca3192c 2273 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2274
2275 return ptr - data;
2276}
2277
8c1d787b 2278void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2279{
2280 struct l2cap_conn_rsp rsp;
8c1d787b 2281 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2282 u8 buf[128];
2283
fe4128e0
GP		 2284 rsp.scid = cpu_to_le16(chan->dcid);
2285 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2286 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2287 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2288 l2cap_send_cmd(conn, chan->ident,
2289 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2290
c1360a1c 2291 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2292 return;
2293
710f9b0a
GP		 2294 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2295 l2cap_build_conf_req(chan, buf), buf);
2296 chan->num_conf_req++;
2297}
2298
47d1ec61 2299static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2300{
7b1c0049
GP		 2301 int type, olen;
2302 unsigned long val;
2303 struct l2cap_conf_rfc rfc;
2304
47d1ec61 2305 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2306
0c1bc5c6 2307 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2308 return;
2309
2310 while (len >= L2CAP_CONF_OPT_SIZE) {
2311 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2312
2313 switch (type) {
2314 case L2CAP_CONF_RFC:
2315 if (olen == sizeof(rfc))
2316 memcpy(&rfc, (void *)val, olen);
2317 goto done;
2318 }
2319 }
2320
2321done:
2322 switch (rfc.mode) {
2323 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2324 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2325 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2326 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2327 break;
2328 case L2CAP_MODE_STREAMING:
47d1ec61 2329 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2330 }
2331}
2332
4e8402a3
MH		 2333static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2334{
e2fd318e 2335 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2336
e2fd318e 2337 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2338 return 0;
2339
2340 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2341 cmd->ident == conn->info_ident) {
4e8402a3 2342 del_timer(&conn->info_timer);
984947dc
MH		 2343
2344 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2345 conn->info_ident = 0;
984947dc 2346
4e8402a3
MH		 2347 l2cap_conn_start(conn);
2348 }
2349
2350 return 0;
2351}
2352
1da177e4
LT		 2353static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2354{
1da177e4
LT		 2355 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2356 struct l2cap_conn_rsp rsp;
23691d75 2357 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2358 struct sock *parent, *sk = NULL;
e7c29cb1 2359 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2360
2361 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2362 __le16 psm = req->psm;
1da177e4
LT		 2363
2364 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2365
2366 /* Check if we have socket listening on psm */
23691d75
GP		 2367 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2368 if (!pchan) {
1da177e4
LT		 2369 result = L2CAP_CR_BAD_PSM;
2370 goto sendresp;
2371 }
2372
23691d75
GP		 2373 parent = pchan->sk;
2374
e0f0cb56
GP		 2375 bh_lock_sock(parent);
2376
e7c29cb1
MH		 2377 /* Check if the ACL is secure enough (if not SDP) */
2378 if (psm != cpu_to_le16(0x0001) &&
2379 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2380 conn->disc_reason = 0x05;
e7c29cb1
MH		 2381 result = L2CAP_CR_SEC_BLOCK;
2382 goto response;
2383 }
2384
1da177e4
LT		 2385 result = L2CAP_CR_NO_MEM;
2386
2387 /* Check for backlog size */
2388 if (sk_acceptq_is_full(parent)) {
8e87d142 2389 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2390 goto response;
2391 }
2392
80808e43
GP		 2393 chan = pchan->ops->new_connection(pchan->data);
2394 if (!chan)
1da177e4
LT		 2395 goto response;
2396
80808e43
GP		 2397 sk = chan->sk;
2398
baa7e1fa 2399 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2400
2401 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2402 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2403 write_unlock_bh(&conn->chan_lock);
1da177e4 2404 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2405 chan->ops->close(chan->data);
1da177e4
LT		 2406 goto response;
2407 }
2408
2409 hci_conn_hold(conn->hcon);
2410
1da177e4
LT		 2411 bacpy(&bt_sk(sk)->src, conn->src);
2412 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2413 chan->psm = psm;
2414 chan->dcid = scid;
1da177e4 2415
d1010240
GP		 2416 bt_accept_enqueue(parent, sk);
2417
48454079
GP		 2418 __l2cap_chan_add(conn, chan);
2419
fe4128e0 2420 dcid = chan->scid;
1da177e4 2421
c9b66675 2422 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2423
fc7f8a7e 2424 chan->ident = cmd->ident;
1da177e4 2425
984947dc 2426 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2427 if (l2cap_check_security(chan)) {
f66dc81f 2428 if (bt_sk(sk)->defer_setup) {
89bc500e 2429 l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2430 result = L2CAP_CR_PEND;
2431 status = L2CAP_CS_AUTHOR_PEND;
2432 parent->sk_data_ready(parent, 0);
2433 } else {
89bc500e 2434 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2435 result = L2CAP_CR_SUCCESS;
2436 status = L2CAP_CS_NO_INFO;
2437 }
79d554a6 2438 } else {
89bc500e 2439 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2440 result = L2CAP_CR_PEND;
2441 status = L2CAP_CS_AUTHEN_PEND;
2442 }
2443 } else {
89bc500e 2444 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2445 result = L2CAP_CR_PEND;
2446 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2447 }
2448
baa7e1fa 2449 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2450
2451response:
2452 bh_unlock_sock(parent);
2453
2454sendresp:
aca3192c
YH		 2455 rsp.scid = cpu_to_le16(scid);
2456 rsp.dcid = cpu_to_le16(dcid);
2457 rsp.result = cpu_to_le16(result);
2458 rsp.status = cpu_to_le16(status);
1da177e4 2459 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2460
2461 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2462 struct l2cap_info_req info;
2463 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2464
2465 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2466 conn->info_ident = l2cap_get_ident(conn);
2467
2468 mod_timer(&conn->info_timer, jiffies +
2469 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2470
2471 l2cap_send_cmd(conn, conn->info_ident,
2472 L2CAP_INFO_REQ, sizeof(info), &info);
2473 }
2474
c1360a1c 2475 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2476 result == L2CAP_CR_SUCCESS) {
2477 u8 buf[128];
c1360a1c 2478 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2479 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2480 l2cap_build_conf_req(chan, buf), buf);
2481 chan->num_conf_req++;
e9aeb2dd
GP		 2482 }
2483
1da177e4
LT		 2484 return 0;
2485}
2486
2487static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2488{
2489 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2490 u16 scid, dcid, result, status;
48454079 2491 struct l2cap_chan *chan;
1da177e4
LT		 2492 struct sock *sk;
2493 u8 req[128];
2494
2495 scid = __le16_to_cpu(rsp->scid);
2496 dcid = __le16_to_cpu(rsp->dcid);
2497 result = __le16_to_cpu(rsp->result);
2498 status = __le16_to_cpu(rsp->status);
2499
2500 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2501
2502 if (scid) {
baa7e1fa 2503 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2504 if (!chan)
57d3b22b 2505 return -EFAULT;
1da177e4 2506 } else {
baa7e1fa 2507 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2508 if (!chan)
57d3b22b 2509 return -EFAULT;
1da177e4
LT		 2510 }
2511
48454079
GP		 2512 sk = chan->sk;
2513
1da177e4
LT		 2514 switch (result) {
2515 case L2CAP_CR_SUCCESS:
89bc500e 2516 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2517 chan->ident = 0;
fe4128e0 2518 chan->dcid = dcid;
c1360a1c 2519 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2520
c1360a1c 2521 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2522 break;
2523
1da177e4 2524 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2525 l2cap_build_conf_req(chan, req), req);
2526 chan->num_conf_req++;
1da177e4
LT		 2527 break;
2528
2529 case L2CAP_CR_PEND:
c1360a1c 2530 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2531 break;
2532
2533 default:
a49184c2
AE		 2534 /* don't delete l2cap channel if sk is owned by user */
2535 if (sock_owned_by_user(sk)) {
89bc500e 2536 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2537 __clear_chan_timer(chan);
2538 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2539 break;
2540 }
2541
48454079 2542 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2543 break;
2544 }
2545
2546 bh_unlock_sock(sk);
2547 return 0;
2548}
2549
47d1ec61 2550static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2551{
2552 /* FCS is enabled only in ERTM or streaming mode, if one or both
2553 * sides request it.
2554 */
0c1bc5c6 2555 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2556 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2557 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2558 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2559}
2560
88219a0f 2561static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2562{
2563 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2564 u16 dcid, flags;
2565 u8 rsp[64];
48454079 2566 struct l2cap_chan *chan;
1da177e4 2567 struct sock *sk;
5dee9e7c 2568 int len;
1da177e4
LT		 2569
2570 dcid = __le16_to_cpu(req->dcid);
2571 flags = __le16_to_cpu(req->flags);
2572
2573 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2574
baa7e1fa 2575 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2576 if (!chan)
1da177e4
LT		 2577 return -ENOENT;
2578
48454079
GP		 2579 sk = chan->sk;
2580
033b1142 2581 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2582 struct l2cap_cmd_rej_cid rej;
2583
2584 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2585 rej.scid = cpu_to_le16(chan->scid);
2586 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2587
df6bd743
GP		 2588 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2589 sizeof(rej), &rej);
354f60a9 2590 goto unlock;
df6bd743 2591 }
354f60a9 2592
5dee9e7c 2593 /* Reject if config buffer is too small. */
88219a0f 2594 len = cmd_len - sizeof(*req);
7ac28817 2595 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2596 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2597 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2598 L2CAP_CONF_REJECT, flags), rsp);
2599 goto unlock;
2600 }
2601
2602 /* Store config. */
73ffa904
GP		 2603 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2604 chan->conf_len += len;
1da177e4
LT		 2605
2606 if (flags & 0x0001) {
2607 /* Incomplete config. Send empty response. */
2608 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2609 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2610 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2611 goto unlock;
2612 }
2613
2614 /* Complete config. */
73ffa904 2615 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2616 if (len < 0) {
e92c8e70 2617 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2618 goto unlock;
f2fcfcd6 2619 }
1da177e4 2620
5dee9e7c 2621 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2622 chan->num_conf_rsp++;
5dee9e7c 2623
5dee9e7c 2624 /* Reset config buffer. */
73ffa904 2625 chan->conf_len = 0;
5dee9e7c 2626
c1360a1c 2627 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2628 goto unlock;
2629
c1360a1c 2630 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2631 set_default_fcs(chan);
fcc203c3 2632
89bc500e 2633 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2634
42e5c802
GP		 2635 chan->next_tx_seq = 0;
2636 chan->expected_tx_seq = 0;
58d35f87 2637 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2638 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2639 l2cap_ertm_init(chan);
0565c1c2 2640
1da177e4 2641 l2cap_chan_ready(sk);
876d9484
MH		 2642 goto unlock;
2643 }
2644
c1360a1c 2645 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2646 u8 buf[64];
1da177e4 2647 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2648 l2cap_build_conf_req(chan, buf), buf);
2649 chan->num_conf_req++;
1da177e4
LT		 2650 }
2651
2652unlock:
2653 bh_unlock_sock(sk);
2654 return 0;
2655}
2656
2657static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2658{
2659 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2660 u16 scid, flags, result;
48454079 2661 struct l2cap_chan *chan;
1da177e4 2662 struct sock *sk;
7b1c0049 2663 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2664
2665 scid = __le16_to_cpu(rsp->scid);
2666 flags = __le16_to_cpu(rsp->flags);
2667 result = __le16_to_cpu(rsp->result);
2668
af05b30b
GP		 2669 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2670 scid, flags, result);
1da177e4 2671
baa7e1fa 2672 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2673 if (!chan)
1da177e4
LT		 2674 return 0;
2675
48454079
GP		 2676 sk = chan->sk;
2677
1da177e4
LT		 2678 switch (result) {
2679 case L2CAP_CONF_SUCCESS:
47d1ec61 2680 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2681 break;
2682
2683 case L2CAP_CONF_UNACCEPT:
73ffa904 2684 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2685 char req[64];
2686
c2c77ec8 2687 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2688 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2689 goto done;
2690 }
2691
f2fcfcd6
GP		 2692 /* throw out any old stored conf requests */
2693 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2694 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2695 req, &result);
f2fcfcd6 2696 if (len < 0) {
e92c8e70 2697 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2698 goto done;
2699 }
2700
2701 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2702 L2CAP_CONF_REQ, len, req);
73ffa904 2703 chan->num_conf_req++;
f2fcfcd6
GP		 2704 if (result != L2CAP_CONF_SUCCESS)
2705 goto done;
2706 break;
1da177e4
LT		 2707 }
2708
8e87d142 2709 default:
b1235d79 2710 sk->sk_err = ECONNRESET;
c9b66675 2711 __set_chan_timer(chan, HZ * 5);
e92c8e70 2712 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2713 goto done;
2714 }
2715
2716 if (flags & 0x01)
2717 goto done;
2718
c1360a1c 2719 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 2720
c1360a1c 2721 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 2722 set_default_fcs(chan);
fcc203c3 2723
89bc500e 2724 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 2725 chan->next_tx_seq = 0;
2726 chan->expected_tx_seq = 0;
58d35f87 2727 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2728 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2729 l2cap_ertm_init(chan);
0565c1c2 2730
1da177e4
LT		 2731 l2cap_chan_ready(sk);
2732 }
2733
2734done:
2735 bh_unlock_sock(sk);
2736 return 0;
2737}
2738
2739static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2740{
2741 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2742 struct l2cap_disconn_rsp rsp;
2743 u16 dcid, scid;
48454079 2744 struct l2cap_chan *chan;
1da177e4
LT		 2745 struct sock *sk;
2746
2747 scid = __le16_to_cpu(req->scid);
2748 dcid = __le16_to_cpu(req->dcid);
2749
2750 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2751
baa7e1fa 2752 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2753 if (!chan)
1da177e4
LT		 2754 return 0;
2755
48454079
GP		 2756 sk = chan->sk;
2757
fe4128e0
GP		 2758 rsp.dcid = cpu_to_le16(chan->scid);
2759 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2760 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2761
2762 sk->sk_shutdown = SHUTDOWN_MASK;
2763
a49184c2
AE		 2764 /* don't delete l2cap channel if sk is owned by user */
2765 if (sock_owned_by_user(sk)) {
89bc500e 2766 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2767 __clear_chan_timer(chan);
2768 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2769 bh_unlock_sock(sk);
2770 return 0;
2771 }
2772
48454079 2773 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2774 bh_unlock_sock(sk);
2775
ba3bd0ee 2776 chan->ops->close(chan->data);
1da177e4
LT		 2777 return 0;
2778}
2779
2780static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2781{
2782 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2783 u16 dcid, scid;
48454079 2784 struct l2cap_chan *chan;
1da177e4
LT		 2785 struct sock *sk;
2786
2787 scid = __le16_to_cpu(rsp->scid);
2788 dcid = __le16_to_cpu(rsp->dcid);
2789
2790 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2791
baa7e1fa 2792 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2793 if (!chan)
1da177e4
LT		 2794 return 0;
2795
48454079
GP		 2796 sk = chan->sk;
2797
a49184c2
AE		 2798 /* don't delete l2cap channel if sk is owned by user */
2799 if (sock_owned_by_user(sk)) {
89bc500e 2800 l2cap_state_change(chan,BT_DISCONN);
c9b66675
GP		 2801 __clear_chan_timer(chan);
2802 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2803 bh_unlock_sock(sk);
2804 return 0;
2805 }
2806
48454079 2807 l2cap_chan_del(chan, 0);
1da177e4
LT		 2808 bh_unlock_sock(sk);
2809
ba3bd0ee 2810 chan->ops->close(chan->data);
1da177e4
LT		 2811 return 0;
2812}
2813
2814static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2815{
2816 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2817 u16 type;
2818
2819 type = __le16_to_cpu(req->type);
2820
2821 BT_DBG("type 0x%4.4x", type);
2822
f0709e03
MH		 2823 if (type == L2CAP_IT_FEAT_MASK) {
2824 u8 buf[8];
44dd46de 2825 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2826 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2827 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2828 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2829 if (!disable_ertm)
fcc203c3
GP		 2830 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2831 | L2CAP_FEAT_FCS;
a5fd6f30 2832 if (enable_hs)
6327eb98
AE		 2833 feat_mask |= L2CAP_FEAT_EXT_FLOW
2834 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 2835
1b7bf4ed 2836 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2837 l2cap_send_cmd(conn, cmd->ident,
2838 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2839 } else if (type == L2CAP_IT_FIXED_CHAN) {
2840 u8 buf[12];
2841 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2842 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2843 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2844 memcpy(buf + 4, l2cap_fixed_chan, 8);
2845 l2cap_send_cmd(conn, cmd->ident,
2846 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2847 } else {
2848 struct l2cap_info_rsp rsp;
2849 rsp.type = cpu_to_le16(type);
2850 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2851 l2cap_send_cmd(conn, cmd->ident,
2852 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2853 }
1da177e4
LT		 2854
2855 return 0;
2856}
2857
2858static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2859{
2860 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2861 u16 type, result;
2862
2863 type = __le16_to_cpu(rsp->type);
2864 result = __le16_to_cpu(rsp->result);
2865
2866 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2867
e90165be
AE		 2868 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2869 if (cmd->ident != conn->info_ident ||
2870 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2871 return 0;
2872
4e8402a3
MH		 2873 del_timer(&conn->info_timer);
2874
adb08ede
VT		 2875 if (result != L2CAP_IR_SUCCESS) {
2876 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2877 conn->info_ident = 0;
2878
2879 l2cap_conn_start(conn);
2880
2881 return 0;
2882 }
2883
984947dc 2884 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2885 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2886
47ec1dcd 2887 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2888 struct l2cap_info_req req;
2889 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2890
2891 conn->info_ident = l2cap_get_ident(conn);
2892
2893 l2cap_send_cmd(conn, conn->info_ident,
2894 L2CAP_INFO_REQ, sizeof(req), &req);
2895 } else {
2896 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2897 conn->info_ident = 0;
2898
2899 l2cap_conn_start(conn);
2900 }
2901 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2902 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2903 conn->info_ident = 0;
984947dc
MH		 2904
2905 l2cap_conn_start(conn);
2906 }
4e8402a3 2907
1da177e4
LT		 2908 return 0;
2909}
2910
e2174ca4 2911static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2912 u16 to_multiplier)
2913{
2914 u16 max_latency;
2915
2916 if (min > max || min < 6 || max > 3200)
2917 return -EINVAL;
2918
2919 if (to_multiplier < 10 || to_multiplier > 3200)
2920 return -EINVAL;
2921
2922 if (max >= to_multiplier * 8)
2923 return -EINVAL;
2924
2925 max_latency = (to_multiplier * 8 / max) - 1;
2926 if (latency > 499 || latency > max_latency)
2927 return -EINVAL;
2928
2929 return 0;
2930}
2931
2932static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2933 struct l2cap_cmd_hdr *cmd, u8 *data)
2934{
2935 struct hci_conn *hcon = conn->hcon;
2936 struct l2cap_conn_param_update_req *req;
2937 struct l2cap_conn_param_update_rsp rsp;
2938 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2939 int err;
de73115a
CT		 2940
2941 if (!(hcon->link_mode & HCI_LM_MASTER))
2942 return -EINVAL;
2943
2944 cmd_len = __le16_to_cpu(cmd->len);
2945 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2946 return -EPROTO;
2947
2948 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2949 min = __le16_to_cpu(req->min);
2950 max = __le16_to_cpu(req->max);
de73115a
CT		 2951 latency = __le16_to_cpu(req->latency);
2952 to_multiplier = __le16_to_cpu(req->to_multiplier);
2953
2954 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2955 min, max, latency, to_multiplier);
2956
2957 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2958
2959 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2960 if (err)
de73115a
CT		 2961 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2962 else
2963 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2964
2965 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2966 sizeof(rsp), &rsp);
2967
2ce603eb
CT		 2968 if (!err)
2969 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2970
de73115a
CT		 2971 return 0;
2972}
2973
3300d9a9
CT		 2974static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2975 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2976{
2977 int err = 0;
2978
2979 switch (cmd->code) {
2980 case L2CAP_COMMAND_REJ:
2981 l2cap_command_rej(conn, cmd, data);
2982 break;
2983
2984 case L2CAP_CONN_REQ:
2985 err = l2cap_connect_req(conn, cmd, data);
2986 break;
2987
2988 case L2CAP_CONN_RSP:
2989 err = l2cap_connect_rsp(conn, cmd, data);
2990 break;
2991
2992 case L2CAP_CONF_REQ:
2993 err = l2cap_config_req(conn, cmd, cmd_len, data);
2994 break;
2995
2996 case L2CAP_CONF_RSP:
2997 err = l2cap_config_rsp(conn, cmd, data);
2998 break;
2999
3000 case L2CAP_DISCONN_REQ:
3001 err = l2cap_disconnect_req(conn, cmd, data);
3002 break;
3003
3004 case L2CAP_DISCONN_RSP:
3005 err = l2cap_disconnect_rsp(conn, cmd, data);
3006 break;
3007
3008 case L2CAP_ECHO_REQ:
3009 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3010 break;
3011
3012 case L2CAP_ECHO_RSP:
3013 break;
3014
3015 case L2CAP_INFO_REQ:
3016 err = l2cap_information_req(conn, cmd, data);
3017 break;
3018
3019 case L2CAP_INFO_RSP:
3020 err = l2cap_information_rsp(conn, cmd, data);
3021 break;
3022
3023 default:
3024 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3025 err = -EINVAL;
3026 break;
3027 }
3028
3029 return err;
3030}
3031
3032static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3033 struct l2cap_cmd_hdr *cmd, u8 *data)
3034{
3035 switch (cmd->code) {
3036 case L2CAP_COMMAND_REJ:
3037 return 0;
3038
3039 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3040 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3041
3042 case L2CAP_CONN_PARAM_UPDATE_RSP:
3043 return 0;
3044
3045 default:
3046 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3047 return -EINVAL;
3048 }
3049}
3050
3051static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3052 struct sk_buff *skb)
1da177e4
LT		 3053{
3054 u8 *data = skb->data;
3055 int len = skb->len;
3056 struct l2cap_cmd_hdr cmd;
3300d9a9 3057 int err;
1da177e4
LT		 3058
3059 l2cap_raw_recv(conn, skb);
3060
3061 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3062 u16 cmd_len;
1da177e4
LT		 3063 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3064 data += L2CAP_CMD_HDR_SIZE;
3065 len -= L2CAP_CMD_HDR_SIZE;
3066
88219a0f 3067 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3068
88219a0f 3069 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3070
88219a0f 3071 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3072 BT_DBG("corrupted command");
3073 break;
3074 }
3075
3300d9a9
CT		 3076 if (conn->hcon->type == LE_LINK)
3077 err = l2cap_le_sig_cmd(conn, &cmd, data);
3078 else
3079 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3080
3081 if (err) {
e2fd318e 3082 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3083
3084 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3085
3086 /* FIXME: Map err to a valid reason */
e2fd318e 3087 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3088 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3089 }
3090
88219a0f
AV		 3091 data += cmd_len;
3092 len -= cmd_len;
1da177e4
LT		 3093 }
3094
3095 kfree_skb(skb);
3096}
3097
47d1ec61 3098static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3099{
3100 u16 our_fcs, rcv_fcs;
3101 int hdr_size = L2CAP_HDR_SIZE + 2;
3102
47d1ec61 3103 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 3104 skb_trim(skb, skb->len - 2);
3105 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3106 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3107
3108 if (our_fcs != rcv_fcs)
7a560e5c 3109 return -EBADMSG;
fcc203c3
GP		 3110 }
3111 return 0;
3112}
3113
525cd185 3114static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3115{
d5392c8f
GP		 3116 u16 control = 0;
3117
6a026610 3118 chan->frames_sent = 0;
d5392c8f 3119
0b209fae 3120 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3121
e2ab4353 3122 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3123 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3124 l2cap_send_sframe(chan, control);
e2ab4353 3125 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3126 }
3127
e2ab4353 3128 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3129 l2cap_retransmit_frames(chan);
d5392c8f 3130
525cd185 3131 l2cap_ertm_send(chan);
d5392c8f 3132
e2ab4353 3133 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3134 chan->frames_sent == 0) {
ab784b73 3135 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3136 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3137 }
3138}
3139
fb45de7d 3140static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3141{
3142 struct sk_buff *next_skb;
bfbacc11 3143 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3144
3145 bt_cb(skb)->tx_seq = tx_seq;
3146 bt_cb(skb)->sar = sar;
3147
f1c6775b 3148 next_skb = skb_peek(&chan->srej_q);
8f17154f 3149 if (!next_skb) {
f1c6775b 3150 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 3151 return 0;
8f17154f
GP		 3152 }
3153
42e5c802 3154 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 3155 if (tx_seq_offset < 0)
3156 tx_seq_offset += 64;
3157
8f17154f 3158 do {
9b53350d
JPRV		 3159 if (bt_cb(next_skb)->tx_seq == tx_seq)
3160 return -EINVAL;
3161
bfbacc11 3162 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 3163 chan->buffer_seq) % 64;
bfbacc11
JPRV		 3164 if (next_tx_seq_offset < 0)
3165 next_tx_seq_offset += 64;
3166
3167 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3168 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3169 return 0;
8f17154f
GP		 3170 }
3171
f1c6775b 3172 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 3173 break;
3174
f1c6775b 3175 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3176
f1c6775b 3177 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3178
3179 return 0;
8f17154f
GP		 3180}
3181
84084a31
MM		 3182static void append_skb_frag(struct sk_buff *skb,
3183 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3184{
84084a31
MM		 3185 /* skb->len reflects data in skb as well as all fragments
3186 * skb->data_len reflects only data in fragments
3187 */
3188 if (!skb_has_frag_list(skb))
3189 skb_shinfo(skb)->frag_list = new_frag;
3190
3191 new_frag->next = NULL;
3192
3193 (*last_frag)->next = new_frag;
3194 *last_frag = new_frag;
3195
3196 skb->len += new_frag->len;
3197 skb->data_len += new_frag->len;
3198 skb->truesize += new_frag->truesize;
3199}
3200
3201static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3202{
3203 int err = -EINVAL;
18778a63 3204
7e0ef6ee
AE		 3205 switch (__get_ctrl_sar(chan, control)) {
3206 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3207 if (chan->sdu)
3208 break;
18778a63 3209
84084a31
MM		 3210 err = chan->ops->recv(chan->data, skb);
3211 break;
18778a63 3212
7e0ef6ee 3213 case L2CAP_SAR_START:
84084a31
MM		 3214 if (chan->sdu)
3215 break;
18778a63 3216
6f61fd47 3217 chan->sdu_len = get_unaligned_le16(skb->data);
84084a31 3218 skb_pull(skb, 2);
18778a63 3219
84084a31
MM		 3220 if (chan->sdu_len > chan->imtu) {
3221 err = -EMSGSIZE;
3222 break;
3223 }
1890d36b 3224
84084a31
MM		 3225 if (skb->len >= chan->sdu_len)
3226 break;
18778a63 3227
84084a31
MM		 3228 chan->sdu = skb;
3229 chan->sdu_last_frag = skb;
18778a63 3230
84084a31
MM		 3231 skb = NULL;
3232 err = 0;
18778a63
GP		 3233 break;
3234
7e0ef6ee 3235 case L2CAP_SAR_CONTINUE:
6f61fd47 3236 if (!chan->sdu)
84084a31 3237 break;
18778a63 3238
84084a31
MM		 3239 append_skb_frag(chan->sdu, skb,
3240 &chan->sdu_last_frag);
3241 skb = NULL;
18778a63 3242
84084a31
MM		 3243 if (chan->sdu->len >= chan->sdu_len)
3244 break;
4178ba46 3245
84084a31 3246 err = 0;
18778a63
GP		 3247 break;
3248
7e0ef6ee 3249 case L2CAP_SAR_END:
6f61fd47 3250 if (!chan->sdu)
84084a31 3251 break;
18778a63 3252
84084a31
MM		 3253 append_skb_frag(chan->sdu, skb,
3254 &chan->sdu_last_frag);
3255 skb = NULL;
4178ba46 3256
84084a31
MM		 3257 if (chan->sdu->len != chan->sdu_len)
3258 break;
18778a63 3259
84084a31 3260 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3261
84084a31
MM		 3262 if (!err) {
3263 /* Reassembly complete */
3264 chan->sdu = NULL;
3265 chan->sdu_last_frag = NULL;
3266 chan->sdu_len = 0;
1890d36b 3267 }
18778a63
GP		 3268 break;
3269 }
3270
84084a31
MM		 3271 if (err) {
3272 kfree_skb(skb);
3273 kfree_skb(chan->sdu);
3274 chan->sdu = NULL;
3275 chan->sdu_last_frag = NULL;
3276 chan->sdu_len = 0;
3277 }
18778a63 3278
84084a31 3279 return err;
18778a63
GP		 3280}
3281
26f880d2 3282static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3283{
712132eb 3284 u16 control;
712132eb 3285
26f880d2 3286 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3287
26f880d2
MM		 3288 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3289
0b209fae 3290 control = __set_reqseq(chan, chan->buffer_seq);
ab784b73 3291 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
26f880d2
MM		 3292 l2cap_send_sframe(chan, control);
3293
3294 set_bit(CONN_RNR_SENT, &chan->conn_state);
3295
3296 __clear_ack_timer(chan);
3297}
3298
3299static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3300{
3301 u16 control;
712132eb 3302
e2ab4353 3303 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3304 goto done;
3305
0b209fae 3306 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3307 control |= __set_ctrl_poll(chan);
ab784b73 3308 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3309 l2cap_send_sframe(chan, control);
6a026610 3310 chan->retry_count = 1;
712132eb 3311
1a09bcb9
GP		 3312 __clear_retrans_timer(chan);
3313 __set_monitor_timer(chan);
712132eb 3314
e2ab4353 3315 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3316
3317done:
e2ab4353
GP		 3318 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3319 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3320
49208c9c 3321 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3322}
3323
e328140f 3324void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3325{
e328140f
MM		 3326 if (chan->mode == L2CAP_MODE_ERTM) {
3327 if (busy)
3328 l2cap_ertm_enter_local_busy(chan);
3329 else
3330 l2cap_ertm_exit_local_busy(chan);
1890d36b 3331 }
1890d36b
GP		 3332}
3333
fb45de7d 3334static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3335{
3336 struct sk_buff *skb;
afefdbc4 3337 u16 control;
8f17154f 3338
e328140f
MM		 3339 while ((skb = skb_peek(&chan->srej_q)) &&
3340 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3341 int err;
3342
8f17154f
GP		 3343 if (bt_cb(skb)->tx_seq != tx_seq)
3344 break;
3345
f1c6775b 3346 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3347 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3348 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3349
3350 if (err < 0) {
3351 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3352 break;
3353 }
3354
42e5c802
GP		 3355 chan->buffer_seq_srej =
3356 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3357 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3358 }
3359}
3360
fb45de7d 3361static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3362{
8f17154f
GP		 3363 struct srej_list *l, *tmp;
3364 u16 control;
3365
39d5a3ee 3366 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3367 if (l->tx_seq == tx_seq) {
3368 list_del(&l->list);
3369 kfree(l);
3370 return;
3371 }
ab784b73 3372 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3373 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3374 l2cap_send_sframe(chan, control);
8f17154f 3375 list_del(&l->list);
39d5a3ee 3376 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3377 }
3378}
3379
fb45de7d 3380static void l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3381{
8f17154f
GP		 3382 struct srej_list *new;
3383 u16 control;
3384
42e5c802 3385 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3386 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3387 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3388 l2cap_send_sframe(chan, control);
8f17154f
GP		 3389
3390 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3391 new->tx_seq = chan->expected_tx_seq;
3392 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3393 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3394 }
42e5c802 3395 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3396}
3397
525cd185 3398static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3399{
fb45de7d 3400 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3401 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3402 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3403 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3404 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3405 int err = 0;
3406
525cd185
GP		 3407 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3408 tx_seq, rx_control);
1c2acffb 3409
03f6715d 3410 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3411 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3412 __clear_monitor_timer(chan);
6a026610 3413 if (chan->unacked_frames > 0)
1a09bcb9 3414 __set_retrans_timer(chan);
e2ab4353 3415 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3416 }
3417
42e5c802
GP		 3418 chan->expected_ack_seq = req_seq;
3419 l2cap_drop_acked_frames(chan);
9f121a5a 3420
42e5c802 3421 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3422 if (tx_seq_offset < 0)
3423 tx_seq_offset += 64;
3424
3425 /* invalid tx_seq */
47d1ec61 3426 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3427 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3428 goto drop;
3429 }
3430
e2ab4353 3431 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1890d36b
GP		 3432 goto drop;
3433
02f1b641
MM		 3434 if (tx_seq == chan->expected_tx_seq)
3435 goto expected;
3436
e2ab4353 3437 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3438 struct srej_list *first;
30afb5b2 3439
39d5a3ee 3440 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3441 struct srej_list, list);
3442 if (tx_seq == first->tx_seq) {
42e5c802 3443 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3444 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3445
3446 list_del(&first->list);
3447 kfree(first);
3448
39d5a3ee 3449 if (list_empty(&chan->srej_l)) {
42e5c802 3450 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3451 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3452 l2cap_send_ack(chan);
49208c9c 3453 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3454 }
3455 } else {
3456 struct srej_list *l;
9b53350d
JPRV		 3457
3458 /* duplicated tx_seq */
42e5c802 3459 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3460 goto drop;
8f17154f 3461
39d5a3ee 3462 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3463 if (l->tx_seq == tx_seq) {
525cd185 3464 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3465 return 0;
3466 }
3467 }
525cd185 3468 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3469 }
3470 } else {
9b53350d 3471 expected_tx_seq_offset =
42e5c802 3472 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3473 if (expected_tx_seq_offset < 0)
3474 expected_tx_seq_offset += 64;
3475
3476 /* duplicated tx_seq */
3477 if (tx_seq_offset < expected_tx_seq_offset)
3478 goto drop;
3479
e2ab4353 3480 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3481
49208c9c 3482 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3483
39d5a3ee 3484 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3485 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3486
f1c6775b 3487 __skb_queue_head_init(&chan->srej_q);
42e5c802 3488 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3489
e2ab4353 3490 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 3491
525cd185 3492 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3493
1a09bcb9 3494 __clear_ack_timer(chan);
1c2acffb 3495 }
30afb5b2
GP		 3496 return 0;
3497
8f17154f 3498expected:
42e5c802 3499 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3500
e2ab4353 3501 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 3502 bt_cb(skb)->tx_seq = tx_seq;
3503 bt_cb(skb)->sar = sar;
f1c6775b 3504 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3505 return 0;
3506 }
3507
84084a31 3508 err = l2cap_reassemble_sdu(chan, skb, rx_control);
fadd192e 3509 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
e328140f
MM		 3510 if (err < 0) {
3511 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3512 return err;
3513 }
2ece3684 3514
03f6715d 3515 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3516 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3517 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3518 }
3519
1a09bcb9 3520 __set_ack_timer(chan);
c1b4f43b 3521
6a026610
GP		 3522 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3523 if (chan->num_acked == num_to_ack - 1)
525cd185 3524 l2cap_send_ack(chan);
9e917af1 3525
8f17154f 3526 return 0;
9b53350d
JPRV		 3527
3528drop:
3529 kfree_skb(skb);
3530 return 0;
1c2acffb
GP		 3531}
3532
525cd185 3533static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3534{
0b209fae
AE		 3535 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan,
3536 __get_reqseq(chan, rx_control), rx_control);
0e98958d 3537
0b209fae 3538 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 3539 l2cap_drop_acked_frames(chan);
1c2acffb 3540
e3781735 3541 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 3542 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3543 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3544 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3545 (chan->unacked_frames > 0))
1a09bcb9 3546 __set_retrans_timer(chan);
05fbd89d 3547
e2ab4353 3548 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 3549 l2cap_send_srejtail(chan);
05fbd89d 3550 } else {
525cd185 3551 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3552 }
1d8f5d16 3553
03f6715d 3554 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3555 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 3556
e2ab4353 3557 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3558 l2cap_retransmit_frames(chan);
2246b2f1 3559
e072745f 3560 } else {
e2ab4353 3561 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3562 (chan->unacked_frames > 0))
1a09bcb9 3563 __set_retrans_timer(chan);
1c2acffb 3564
e2ab4353
GP		 3565 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
3566 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 3567 l2cap_send_ack(chan);
894718a6 3568 else
525cd185 3569 l2cap_ertm_send(chan);
e072745f
GP		 3570 }
3571}
2246b2f1 3572
525cd185 3573static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3574{
0b209fae 3575 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 3576
525cd185 3577 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3578
e2ab4353 3579 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 3580
42e5c802
GP		 3581 chan->expected_ack_seq = tx_seq;
3582 l2cap_drop_acked_frames(chan);
e072745f 3583
03f6715d 3584 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3585 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3586 l2cap_retransmit_frames(chan);
e072745f 3587 } else {
525cd185 3588 l2cap_retransmit_frames(chan);
30afb5b2 3589
e2ab4353
GP		 3590 if (test_bit(CONN_WAIT_F, &chan->conn_state))
3591 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 3592 }
3593}
525cd185 3594static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3595{
0b209fae 3596 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 3597
525cd185 3598 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3599
e2ab4353 3600 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 3601
e3781735 3602 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 3603 chan->expected_ack_seq = tx_seq;
3604 l2cap_drop_acked_frames(chan);
3cb123d1 3605
e2ab4353 3606 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 3607 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3608
525cd185 3609 l2cap_ertm_send(chan);
dfc909be 3610
e2ab4353 3611 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3612 chan->srej_save_reqseq = tx_seq;
e2ab4353 3613 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3614 }
03f6715d 3615 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3616 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 3617 chan->srej_save_reqseq == tx_seq)
e2ab4353 3618 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 3619 else
525cd185 3620 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3621 } else {
525cd185 3622 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 3623 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3624 chan->srej_save_reqseq = tx_seq;
e2ab4353 3625 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3626 }
e072745f
GP		 3627 }
3628}
3629
525cd185 3630static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3631{
0b209fae 3632 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 3633
525cd185 3634 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3635
e2ab4353 3636 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 3637 chan->expected_ack_seq = tx_seq;
3638 l2cap_drop_acked_frames(chan);
e072745f 3639
e3781735 3640 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 3641 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 3642
e2ab4353 3643 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 3644 __clear_retrans_timer(chan);
e3781735 3645 if (__is_ctrl_poll(chan, rx_control))
525cd185 3646 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3647 return;
e072745f 3648 }
99b0d4b7 3649
e3781735 3650 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 3651 l2cap_send_srejtail(chan);
ab784b73
AE		 3652 } else {
3653 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
3654 l2cap_send_sframe(chan, rx_control);
3655 }
e072745f
GP		 3656}
3657
525cd185 3658static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3659{
525cd185 3660 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3661
03f6715d 3662 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3663 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3664 __clear_monitor_timer(chan);
6a026610 3665 if (chan->unacked_frames > 0)
1a09bcb9 3666 __set_retrans_timer(chan);
e2ab4353 3667 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 3668 }
3669
ab784b73
AE		 3670 switch (__get_ctrl_super(chan, rx_control)) {
3671 case L2CAP_SUPER_RR:
525cd185 3672 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3673 break;
3674
ab784b73 3675 case L2CAP_SUPER_REJ:
525cd185 3676 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3677 break;
2246b2f1 3678
ab784b73 3679 case L2CAP_SUPER_SREJ:
525cd185 3680 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3681 break;
3682
ab784b73 3683 case L2CAP_SUPER_RNR:
525cd185 3684 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3685 break;
3686 }
3687
faaebd19 3688 kfree_skb(skb);
1c2acffb
GP		 3689 return 0;
3690}
3691
218bb9df
GP		 3692static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3693{
525cd185 3694 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df 3695 u16 control;
0b209fae 3696 u16 req_seq;
218bb9df
GP		 3697 int len, next_tx_seq_offset, req_seq_offset;
3698
3699 control = get_unaligned_le16(skb->data);
3700 skb_pull(skb, 2);
3701 len = skb->len;
3702
3703 /*
3704 * We can just drop the corrupted I-frame here.
3705 * Receiver will miss it and start proper recovery
3706 * procedures and ask retransmission.
3707 */
47d1ec61 3708 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3709 goto drop;
3710
793c2f1c 3711 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
218bb9df
GP		 3712 len -= 2;
3713
47d1ec61 3714 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3715 len -= 2;
3716
47d1ec61 3717 if (len > chan->mps) {
8c1d787b 3718 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3719 goto drop;
3720 }
3721
0b209fae 3722 req_seq = __get_reqseq(chan, control);
42e5c802 3723 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3724 if (req_seq_offset < 0)
3725 req_seq_offset += 64;
3726
3727 next_tx_seq_offset =
42e5c802 3728 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3729 if (next_tx_seq_offset < 0)
3730 next_tx_seq_offset += 64;
3731
3732 /* check for invalid req-seq */
3733 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3734 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3735 goto drop;
3736 }
3737
793c2f1c 3738 if (!__is_sframe(chan, control)) {
218bb9df 3739 if (len < 0) {
8c1d787b 3740 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3741 goto drop;
3742 }
3743
525cd185 3744 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3745 } else {
3746 if (len != 0) {
3747 BT_ERR("%d", len);
8c1d787b 3748 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3749 goto drop;
3750 }
3751
525cd185 3752 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3753 }
3754
3755 return 0;
3756
3757drop:
3758 kfree_skb(skb);
3759 return 0;
3760}
3761
1da177e4
LT		 3762static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3763{
48454079 3764 struct l2cap_chan *chan;
bf734843 3765 struct sock *sk = NULL;
51893f88 3766 u16 control;
fb45de7d 3767 u16 tx_seq;
218bb9df 3768 int len;
1da177e4 3769
baa7e1fa 3770 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3771 if (!chan) {
1da177e4
LT		 3772 BT_DBG("unknown cid 0x%4.4x", cid);
3773 goto drop;
3774 }
3775
48454079 3776 sk = chan->sk;
6840ed07 3777
49208c9c 3778 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 3779
89bc500e 3780 if (chan->state != BT_CONNECTED)
1da177e4
LT		 3781 goto drop;
3782
0c1bc5c6 3783 switch (chan->mode) {
1c2acffb
GP		 3784 case L2CAP_MODE_BASIC:
3785 /* If socket recv buffers overflows we drop data here
3786 * which is *bad* because L2CAP has to be reliable.
3787 * But we don't have any other choice. L2CAP doesn't
3788 * provide flow control mechanism. */
1da177e4 3789
0c1bc5c6 3790 if (chan->imtu < skb->len)
1c2acffb 3791 goto drop;
1da177e4 3792
23070494 3793 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 3794 goto done;
3795 break;
3796
3797 case L2CAP_MODE_ERTM:
218bb9df
GP		 3798 if (!sock_owned_by_user(sk)) {
3799 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3800 } else {
218bb9df 3801 if (sk_add_backlog(sk, skb))
277ffbe3 3802 goto drop;
277ffbe3 3803 }
1c2acffb 3804
fcafde2e 3805 goto done;
1c2acffb 3806
6840ed07
GP		 3807 case L2CAP_MODE_STREAMING:
3808 control = get_unaligned_le16(skb->data);
3809 skb_pull(skb, 2);
3810 len = skb->len;
3811
47d1ec61 3812 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3813 goto drop;
3814
7e0ef6ee 3815 if (__is_sar_start(chan, control))
6840ed07
GP		 3816 len -= 2;
3817
47d1ec61 3818 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3819 len -= 2;
3820
793c2f1c 3821 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 3822 goto drop;
3823
fb45de7d 3824 tx_seq = __get_txseq(chan, control);
6840ed07 3825
84084a31
MM		 3826 if (chan->expected_tx_seq != tx_seq) {
3827 /* Frame(s) missing - must discard partial SDU */
3828 kfree_skb(chan->sdu);
3829 chan->sdu = NULL;
3830 chan->sdu_last_frag = NULL;
3831 chan->sdu_len = 0;
6840ed07 3832
84084a31
MM		 3833 /* TODO: Notify userland of missing data */
3834 }
3835
3836 chan->expected_tx_seq = (tx_seq + 1) % 64;
3837
3838 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
3839 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 3840
3841 goto done;
3842
1c2acffb 3843 default:
0c1bc5c6 3844 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3845 break;
3846 }
1da177e4
LT		 3847
3848drop:
3849 kfree_skb(skb);
3850
3851done:
0139418c
MH		 3852 if (sk)
3853 bh_unlock_sock(sk);
3854
1da177e4
LT		 3855 return 0;
3856}
3857
8e036fc3 3858static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3859{
6dcae1ea 3860 struct sock *sk = NULL;
23691d75 3861 struct l2cap_chan *chan;
1da177e4 3862
23691d75
GP		 3863 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3864 if (!chan)
1da177e4
LT		 3865 goto drop;
3866
23691d75
GP		 3867 sk = chan->sk;
3868
e0f0cb56
GP		 3869 bh_lock_sock(sk);
3870
1da177e4
LT		 3871 BT_DBG("sk %p, len %d", sk, skb->len);
3872
89bc500e 3873 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 3874 goto drop;
3875
e13e21dc 3876 if (chan->imtu < skb->len)
1da177e4
LT		 3877 goto drop;
3878
23070494 3879 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 3880 goto done;
3881
3882drop:
3883 kfree_skb(skb);
3884
3885done:
af05b30b
GP		 3886 if (sk)
3887 bh_unlock_sock(sk);
1da177e4
LT		 3888 return 0;
3889}
3890
9f69bda6
GP		 3891static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3892{
6dcae1ea 3893 struct sock *sk = NULL;
23691d75 3894 struct l2cap_chan *chan;
9f69bda6 3895
23691d75
GP		 3896 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3897 if (!chan)
9f69bda6
GP		 3898 goto drop;
3899
23691d75
GP		 3900 sk = chan->sk;
3901
9f69bda6
GP		 3902 bh_lock_sock(sk);
3903
3904 BT_DBG("sk %p, len %d", sk, skb->len);
3905
89bc500e 3906 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 3907 goto drop;
3908
e13e21dc 3909 if (chan->imtu < skb->len)
9f69bda6
GP		 3910 goto drop;
3911
23070494 3912 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 3913 goto done;
3914
3915drop:
3916 kfree_skb(skb);
3917
3918done:
3919 if (sk)
3920 bh_unlock_sock(sk);
3921 return 0;
3922}
3923
1da177e4
LT		 3924static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3925{
3926 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3927 u16 cid, len;
3928 __le16 psm;
1da177e4
LT		 3929
3930 skb_pull(skb, L2CAP_HDR_SIZE);
3931 cid = __le16_to_cpu(lh->cid);
3932 len = __le16_to_cpu(lh->len);
3933
1c2acffb
GP		 3934 if (len != skb->len) {
3935 kfree_skb(skb);
3936 return;
3937 }
3938
1da177e4
LT		 3939 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3940
3941 switch (cid) {
3300d9a9 3942 case L2CAP_CID_LE_SIGNALING:
8db4dc46 3943 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3944 l2cap_sig_channel(conn, skb);
3945 break;
3946
8db4dc46 3947 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3948 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3949 skb_pull(skb, 2);
3950 l2cap_conless_channel(conn, psm, skb);
3951 break;
3952
9f69bda6
GP		 3953 case L2CAP_CID_LE_DATA:
3954 l2cap_att_channel(conn, cid, skb);
3955 break;
3956
b501d6a1
AB		 3957 case L2CAP_CID_SMP:
3958 if (smp_sig_channel(conn, skb))
3959 l2cap_conn_del(conn->hcon, EACCES);
3960 break;
3961
1da177e4
LT		 3962 default:
3963 l2cap_data_channel(conn, cid, skb);
3964 break;
3965 }
3966}
3967
3968/* ---- L2CAP interface with lower layer (HCI) ---- */
3969
3970static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3971{
3972 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 3973 struct l2cap_chan *c;
1da177e4
LT		 3974
3975 if (type != ACL_LINK)
963cf687 3976 return -EINVAL;
1da177e4
LT		 3977
3978 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3979
3980 /* Find listening sockets and check their link_mode */
23691d75
GP		 3981 read_lock(&chan_list_lock);
3982 list_for_each_entry(c, &chan_list, global_l) {
3983 struct sock *sk = c->sk;
4343478f 3984
89bc500e 3985 if (c->state != BT_LISTEN)
1da177e4
LT		 3986 continue;
3987
3988 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 3989 lm1 |= HCI_LM_ACCEPT;
43bd0f32 3990 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 3991 lm1 |= HCI_LM_MASTER;
1da177e4 3992 exact++;
2af6b9d5
MH		 3993 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3994 lm2 |= HCI_LM_ACCEPT;
43bd0f32 3995 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 3996 lm2 |= HCI_LM_MASTER;
3997 }
1da177e4 3998 }
23691d75 3999 read_unlock(&chan_list_lock);
1da177e4
LT		 4000
4001 return exact ? lm1 : lm2;
4002}
4003
4004static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4005{
0139418c
MH		 4006 struct l2cap_conn *conn;
4007
1da177e4
LT		 4008 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4009
acd7d370 4010 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4011 return -EINVAL;
1da177e4
LT		 4012
4013 if (!status) {
1da177e4
LT		 4014 conn = l2cap_conn_add(hcon, status);
4015 if (conn)
4016 l2cap_conn_ready(conn);
0139418c 4017 } else
e175072f 4018 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4019
4020 return 0;
4021}
4022
2950f21a
MH		 4023static int l2cap_disconn_ind(struct hci_conn *hcon)
4024{
4025 struct l2cap_conn *conn = hcon->l2cap_data;
4026
4027 BT_DBG("hcon %p", hcon);
4028
b5694506 4029 if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn)
2950f21a
MH		 4030 return 0x13;
4031
4032 return conn->disc_reason;
4033}
4034
4035static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4036{
4037 BT_DBG("hcon %p reason %d", hcon, reason);
4038
acd7d370 4039 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4040 return -EINVAL;
1da177e4 4041
e175072f 4042 l2cap_conn_del(hcon, bt_to_errno(reason));
0139418c 4043
1da177e4
LT		 4044 return 0;
4045}
4046
4343478f 4047static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4048{
715ec005 4049 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4050 return;
4051
f62e4323 4052 if (encrypt == 0x00) {
4343478f 4053 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675
GP		 4054 __clear_chan_timer(chan);
4055 __set_chan_timer(chan, HZ * 5);
4343478f 4056 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4057 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4058 } else {
4343478f 4059 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4060 __clear_chan_timer(chan);
f62e4323
MH		 4061 }
4062}
4063
8c1b2355 4064static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4065{
0139418c 4066 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4067 struct l2cap_chan *chan;
1da177e4 4068
0139418c 4069 if (!conn)
1da177e4 4070 return 0;
0139418c 4071
1da177e4
LT		 4072 BT_DBG("conn %p", conn);
4073
160dc6ac
VCG		 4074 if (hcon->type == LE_LINK) {
4075 smp_distribute_keys(conn, 0);
4076 del_timer(&conn->security_timer);
4077 }
4078
baa7e1fa 4079 read_lock(&conn->chan_lock);
1da177e4 4080
baa7e1fa 4081 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4082 struct sock *sk = chan->sk;
baa7e1fa 4083
1da177e4
LT		 4084 bh_lock_sock(sk);
4085
f1cb9af5
VCG		 4086 BT_DBG("chan->scid %d", chan->scid);
4087
4088 if (chan->scid == L2CAP_CID_LE_DATA) {
4089 if (!status && encrypt) {
4090 chan->sec_level = hcon->sec_level;
4091 l2cap_chan_ready(sk);
4092 }
4093
4094 bh_unlock_sock(sk);
4095 continue;
4096 }
4097
c1360a1c 4098 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6a8d3010
MH		 4099 bh_unlock_sock(sk);
4100 continue;
4101 }
4102
89bc500e
GP		 4103 if (!status && (chan->state == BT_CONNECTED ||
4104 chan->state == BT_CONFIG)) {
4343478f 4105 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4106 bh_unlock_sock(sk);
4107 continue;
4108 }
4109
89bc500e 4110 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4111 if (!status) {
4112 struct l2cap_conn_req req;
fe4128e0
GP		 4113 req.scid = cpu_to_le16(chan->scid);
4114 req.psm = chan->psm;
1da177e4 4115
fc7f8a7e 4116 chan->ident = l2cap_get_ident(conn);
c1360a1c 4117 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4118
fc7f8a7e 4119 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4120 L2CAP_CONN_REQ, sizeof(req), &req);
4121 } else {
c9b66675
GP		 4122 __clear_chan_timer(chan);
4123 __set_chan_timer(chan, HZ / 10);
b1235d79 4124 }
89bc500e 4125 } else if (chan->state == BT_CONNECT2) {
b1235d79 4126 struct l2cap_conn_rsp rsp;
df3c3931 4127 __u16 res, stat;
1da177e4 4128
b1235d79 4129 if (!status) {
df3c3931
JH		 4130 if (bt_sk(sk)->defer_setup) {
4131 struct sock *parent = bt_sk(sk)->parent;
4132 res = L2CAP_CR_PEND;
4133 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4134 if (parent)
4135 parent->sk_data_ready(parent, 0);
df3c3931 4136 } else {
05558911 4137 l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4138 res = L2CAP_CR_SUCCESS;
4139 stat = L2CAP_CS_NO_INFO;
4140 }
b1235d79 4141 } else {
89bc500e 4142 l2cap_state_change(chan, BT_DISCONN);
c9b66675 4143 __set_chan_timer(chan, HZ / 10);
df3c3931
JH		 4144 res = L2CAP_CR_SEC_BLOCK;
4145 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4146 }
4147
fe4128e0
GP		 4148 rsp.scid = cpu_to_le16(chan->dcid);
4149 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4150 rsp.result = cpu_to_le16(res);
4151 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4152 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4153 sizeof(rsp), &rsp);
b1235d79 4154 }
1da177e4
LT		 4155
4156 bh_unlock_sock(sk);
4157 }
4158
baa7e1fa 4159 read_unlock(&conn->chan_lock);
b1235d79 4160
1da177e4
LT		 4161 return 0;
4162}
4163
4164static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4165{
4166 struct l2cap_conn *conn = hcon->l2cap_data;
4167
5a08ecce
AE		 4168 if (!conn)
4169 conn = l2cap_conn_add(hcon, 0);
4170
4171 if (!conn)
1da177e4
LT		 4172 goto drop;
4173
4174 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4175
e702112f 4176 if (!(flags & ACL_CONT)) {
1da177e4 4177 struct l2cap_hdr *hdr;
48454079 4178 struct l2cap_chan *chan;
89794813 4179 u16 cid;
1da177e4
LT		 4180 int len;
4181
4182 if (conn->rx_len) {
4183 BT_ERR("Unexpected start frame (len %d)", skb->len);
4184 kfree_skb(conn->rx_skb);
4185 conn->rx_skb = NULL;
4186 conn->rx_len = 0;
4187 l2cap_conn_unreliable(conn, ECOMM);
4188 }
4189
aae7fe22
AE		 4190 /* Start fragment always begin with Basic L2CAP header */
4191 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4192 BT_ERR("Frame is too short (len %d)", skb->len);
4193 l2cap_conn_unreliable(conn, ECOMM);
4194 goto drop;
4195 }
4196
4197 hdr = (struct l2cap_hdr *) skb->data;
4198 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4199 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4200
4201 if (len == skb->len) {
4202 /* Complete frame received */
4203 l2cap_recv_frame(conn, skb);
4204 return 0;
4205 }
4206
4207 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4208
4209 if (skb->len > len) {
4210 BT_ERR("Frame is too long (len %d, expected len %d)",
4211 skb->len, len);
4212 l2cap_conn_unreliable(conn, ECOMM);
4213 goto drop;
4214 }
4215
baa7e1fa 4216 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4217
48454079
GP		 4218 if (chan && chan->sk) {
4219 struct sock *sk = chan->sk;
89794813 4220
0c1bc5c6 4221 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4222 BT_ERR("Frame exceeding recv MTU (len %d, "
4223 "MTU %d)", len,
0c1bc5c6 4224 chan->imtu);
48454079
GP		 4225 bh_unlock_sock(sk);
4226 l2cap_conn_unreliable(conn, ECOMM);
4227 goto drop;
4228 }
89794813 4229 bh_unlock_sock(sk);
48454079 4230 }
89794813 4231
1da177e4 4232 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4233 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4234 if (!conn->rx_skb)
1da177e4
LT		 4235 goto drop;
4236
d626f62b 4237 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4238 skb->len);
1da177e4
LT		 4239 conn->rx_len = len - skb->len;
4240 } else {
4241 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4242
4243 if (!conn->rx_len) {
4244 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4245 l2cap_conn_unreliable(conn, ECOMM);
4246 goto drop;
4247 }
4248
4249 if (skb->len > conn->rx_len) {
4250 BT_ERR("Fragment is too long (len %d, expected %d)",
4251 skb->len, conn->rx_len);
4252 kfree_skb(conn->rx_skb);
4253 conn->rx_skb = NULL;
4254 conn->rx_len = 0;
4255 l2cap_conn_unreliable(conn, ECOMM);
4256 goto drop;
4257 }
4258
d626f62b 4259 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4260 skb->len);
1da177e4
LT		 4261 conn->rx_len -= skb->len;
4262
4263 if (!conn->rx_len) {
4264 /* Complete frame received */
4265 l2cap_recv_frame(conn, conn->rx_skb);
4266 conn->rx_skb = NULL;
4267 }
4268 }
4269
4270drop:
4271 kfree_skb(skb);
4272 return 0;
4273}
4274
aef7d97c 4275static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4276{
23691d75 4277 struct l2cap_chan *c;
1da177e4 4278
23691d75 4279 read_lock_bh(&chan_list_lock);
1da177e4 4280
23691d75
GP		 4281 list_for_each_entry(c, &chan_list, global_l) {
4282 struct sock *sk = c->sk;
101545f6 4283
903d343e 4284 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4285 batostr(&bt_sk(sk)->src),
4286 batostr(&bt_sk(sk)->dst),
89bc500e 4287 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4288 c->scid, c->dcid, c->imtu, c->omtu,
4289 c->sec_level, c->mode);
05558911 4290}
1da177e4 4291
23691d75 4292 read_unlock_bh(&chan_list_lock);
1da177e4 4293
aef7d97c 4294 return 0;
1da177e4
LT		 4295}
4296
aef7d97c
MH		 4297static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4298{
4299 return single_open(file, l2cap_debugfs_show, inode->i_private);
4300}
4301
4302static const struct file_operations l2cap_debugfs_fops = {
4303 .open = l2cap_debugfs_open,
4304 .read = seq_read,
4305 .llseek = seq_lseek,
4306 .release = single_release,
4307};
4308
4309static struct dentry *l2cap_debugfs;
1da177e4 4310
1da177e4
LT		 4311static struct hci_proto l2cap_hci_proto = {
4312 .name = "L2CAP",
4313 .id = HCI_PROTO_L2CAP,
4314 .connect_ind = l2cap_connect_ind,
4315 .connect_cfm = l2cap_connect_cfm,
4316 .disconn_ind = l2cap_disconn_ind,
2950f21a 4317 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4318 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4319 .recv_acldata = l2cap_recv_acldata
4320};
4321
64274518 4322int __init l2cap_init(void)
1da177e4
LT		 4323{
4324 int err;
be9d1227 4325
bb58f747 4326 err = l2cap_init_sockets();
1da177e4
LT		 4327 if (err < 0)
4328 return err;
4329
1da177e4
LT		 4330 err = hci_register_proto(&l2cap_hci_proto);
4331 if (err < 0) {
4332 BT_ERR("L2CAP protocol registration failed");
4333 bt_sock_unregister(BTPROTO_L2CAP);
4334 goto error;
4335 }
4336
aef7d97c
MH		 4337 if (bt_debugfs) {
4338 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4339 bt_debugfs, NULL, &l2cap_debugfs_fops);
4340 if (!l2cap_debugfs)
4341 BT_ERR("Failed to create L2CAP debug file");
4342 }
1da177e4 4343
1da177e4
LT		 4344 return 0;
4345
4346error:
bb58f747 4347 l2cap_cleanup_sockets();
1da177e4
LT		 4348 return err;
4349}
4350
64274518 4351void l2cap_exit(void)
1da177e4 4352{
aef7d97c 4353 debugfs_remove(l2cap_debugfs);
1da177e4 4354
1da177e4
LT		 4355 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4356 BT_ERR("L2CAP protocol unregistration failed");
4357
bb58f747 4358 l2cap_cleanup_sockets();
1da177e4
LT		 4359}
4360
d1c4a17d
GP		 4361module_param(disable_ertm, bool, 0644);
4362MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
a5fd6f30
AE		 4363
4364module_param(enable_hs, bool, 0644);
4365MODULE_PARM_DESC(enable_hs, "Enable High Speed");
kernel source for telekom puls (alcatel/mediatek)