projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Handle SREJ requests to resend unacked frames
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
422e925b 7 Copyright (c) 2012 Code Aurora Forum. All rights reserved.
1da177e4
LT		 8
9 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License version 2 as
13 published by the Free Software Foundation;
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
18 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 19 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 22 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23
8e87d142
YH		 24 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
25 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 26 SOFTWARE IS DISCLAIMED.
27*/
28
bb58f747 29/* Bluetooth L2CAP core. */
1da177e4 30
1da177e4
LT		 31#include <linux/module.h>
32
33#include <linux/types.h>
4fc268d2 34#include <linux/capability.h>
1da177e4
LT		 35#include <linux/errno.h>
36#include <linux/kernel.h>
1da177e4
LT		 37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
1da177e4 45#include <linux/list.h>
be9d1227 46#include <linux/device.h>
aef7d97c
MH		 47#include <linux/debugfs.h>
48#include <linux/seq_file.h>
af05b30b 49#include <linux/uaccess.h>
fcc203c3 50#include <linux/crc16.h>
1da177e4
LT		 51#include <net/sock.h>
52
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
b191e031 60bool disable_ertm = 1;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
c5daa683 74 struct l2cap_chan *chan, int err);
1da177e4 75
608bcc6d
MM		 76static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
77 struct sk_buff_head *skbs, u8 event);
78
0139418c 79/* ---- L2CAP channels ---- */
71ba0e56 80
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
3df91ea2 83 struct l2cap_chan *c;
3d57dc68 84
3df91ea2
AE		 85 list_for_each_entry(c, &conn->chan_l, list) {
86 if (c->dcid == cid)
87 return c;
0139418c 88 }
3df91ea2 89 return NULL;
0139418c
MH		 90}
91
baa7e1fa 92static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 93{
3df91ea2 94 struct l2cap_chan *c;
3d57dc68 95
3df91ea2
AE		 96 list_for_each_entry(c, &conn->chan_l, list) {
97 if (c->scid == cid)
98 return c;
0139418c 99 }
3df91ea2 100 return NULL;
0139418c
MH		 101}
102
103/* Find channel with given SCID.
ef191ade 104 * Returns locked channel. */
baa7e1fa 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 106{
48454079 107 struct l2cap_chan *c;
baa7e1fa 108
3df91ea2 109 mutex_lock(&conn->chan_lock);
baa7e1fa 110 c = __l2cap_get_chan_by_scid(conn, cid);
ef191ade
MM		 111 if (c)
112 l2cap_chan_lock(c);
3df91ea2
AE		 113 mutex_unlock(&conn->chan_lock);
114
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
3df91ea2 120 struct l2cap_chan *c;
3d57dc68 121
3df91ea2
AE		 122 list_for_each_entry(c, &conn->chan_l, list) {
123 if (c->ident == ident)
124 return c;
0139418c 125 }
3df91ea2 126 return NULL;
0139418c
MH		 127}
128
23691d75 129static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 130{
23691d75 131 struct l2cap_chan *c;
9e4425ff 132
23691d75
GP		 133 list_for_each_entry(c, &chan_list, global_l) {
134 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 135 return c;
9e4425ff 136 }
250938cb 137 return NULL;
9e4425ff
GP		 138}
139
140int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
141{
73b2ec18
GP		 142 int err;
143
333055f2 144 write_lock(&chan_list_lock);
9e4425ff 145
23691d75 146 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 147 err = -EADDRINUSE;
148 goto done;
9e4425ff
GP		 149 }
150
73b2ec18
GP		 151 if (psm) {
152 chan->psm = psm;
153 chan->sport = psm;
154 err = 0;
155 } else {
156 u16 p;
157
158 err = -EINVAL;
159 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 160 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 161 chan->psm = cpu_to_le16(p);
162 chan->sport = cpu_to_le16(p);
163 err = 0;
164 break;
165 }
166 }
9e4425ff 167
73b2ec18 168done:
333055f2 169 write_unlock(&chan_list_lock);
73b2ec18 170 return err;
9e4425ff
GP		 171}
172
173int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
174{
333055f2 175 write_lock(&chan_list_lock);
9e4425ff
GP		 176
177 chan->scid = scid;
178
333055f2 179 write_unlock(&chan_list_lock);
9e4425ff
GP		 180
181 return 0;
182}
183
baa7e1fa 184static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 185{
8db4dc46 186 u16 cid = L2CAP_CID_DYN_START;
0139418c 187
8db4dc46 188 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 189 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 190 return cid;
191 }
192
193 return 0;
194}
195
0e587be7 196static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 197{
42d2d87c 198 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 199 state_to_string(state));
200
89bc500e
GP		 201 chan->state = state;
202 chan->ops->state_change(chan->data, state);
203}
204
0e587be7
AE		 205static void l2cap_state_change(struct l2cap_chan *chan, int state)
206{
207 struct sock *sk = chan->sk;
208
209 lock_sock(sk);
210 __l2cap_state_change(chan, state);
211 release_sock(sk);
212}
213
2e0052e4
AE		 214static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
215{
216 struct sock *sk = chan->sk;
217
218 sk->sk_err = err;
219}
220
221static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
222{
223 struct sock *sk = chan->sk;
224
225 lock_sock(sk);
226 __l2cap_chan_set_err(chan, err);
227 release_sock(sk);
228}
229
608bcc6d
MM		 230static struct sk_buff *l2cap_ertm_seq_in_queue(struct sk_buff_head *head,
231 u16 seq)
232{
233 struct sk_buff *skb;
234
235 skb_queue_walk(head, skb) {
236 if (bt_cb(skb)->control.txseq == seq)
237 return skb;
238 }
239
240 return NULL;
241}
242
3c588192
MM		 243/* ---- L2CAP sequence number lists ---- */
244
245/* For ERTM, ordered lists of sequence numbers must be tracked for
246 * SREJ requests that are received and for frames that are to be
247 * retransmitted. These seq_list functions implement a singly-linked
248 * list in an array, where membership in the list can also be checked
249 * in constant time. Items can also be added to the tail of the list
250 * and removed from the head in constant time, without further memory
251 * allocs or frees.
252 */
253
254static int l2cap_seq_list_init(struct l2cap_seq_list *seq_list, u16 size)
255{
256 size_t alloc_size, i;
257
258 /* Allocated size is a power of 2 to map sequence numbers
259 * (which may be up to 14 bits) in to a smaller array that is
260 * sized for the negotiated ERTM transmit windows.
261 */
262 alloc_size = roundup_pow_of_two(size);
263
264 seq_list->list = kmalloc(sizeof(u16) * alloc_size, GFP_KERNEL);
265 if (!seq_list->list)
266 return -ENOMEM;
267
268 seq_list->mask = alloc_size - 1;
269 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
270 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
271 for (i = 0; i < alloc_size; i++)
272 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
273
274 return 0;
275}
276
277static inline void l2cap_seq_list_free(struct l2cap_seq_list *seq_list)
278{
279 kfree(seq_list->list);
280}
281
282static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list,
283 u16 seq)
284{
285 /* Constant-time check for list membership */
286 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR;
287}
288
289static u16 l2cap_seq_list_remove(struct l2cap_seq_list *seq_list, u16 seq)
290{
291 u16 mask = seq_list->mask;
292
293 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) {
294 /* In case someone tries to pop the head of an empty list */
295 return L2CAP_SEQ_LIST_CLEAR;
296 } else if (seq_list->head == seq) {
297 /* Head can be removed in constant time */
298 seq_list->head = seq_list->list[seq & mask];
299 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
300
301 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) {
302 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
303 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
304 }
305 } else {
306 /* Walk the list to find the sequence number */
307 u16 prev = seq_list->head;
308 while (seq_list->list[prev & mask] != seq) {
309 prev = seq_list->list[prev & mask];
310 if (prev == L2CAP_SEQ_LIST_TAIL)
311 return L2CAP_SEQ_LIST_CLEAR;
312 }
313
314 /* Unlink the number from the list and clear it */
315 seq_list->list[prev & mask] = seq_list->list[seq & mask];
316 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
317 if (seq_list->tail == seq)
318 seq_list->tail = prev;
319 }
320 return seq;
321}
322
323static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list)
324{
325 /* Remove the head in constant time */
326 return l2cap_seq_list_remove(seq_list, seq_list->head);
327}
328
329static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list)
330{
f522ae36 331 u16 i;
3c588192 332
f522ae36
GP		 333 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR)
334 return;
335
336 for (i = 0; i <= seq_list->mask; i++)
337 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
338
339 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
340 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
3c588192
MM		 341}
342
343static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
344{
345 u16 mask = seq_list->mask;
346
347 /* All appends happen in constant time */
348
f522ae36
GP		 349 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR)
350 return;
3c588192 351
f522ae36
GP		 352 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR)
353 seq_list->head = seq;
354 else
355 seq_list->list[seq_list->tail & mask] = seq;
356
357 seq_list->tail = seq;
358 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL;
3c588192
MM		 359}
360
721c4181 361static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 362{
721c4181
GP		 363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work);
3df91ea2 365 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 366 int reason;
367
e05dcc32 368 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 369
3df91ea2 370 mutex_lock(&conn->chan_lock);
6be36555 371 l2cap_chan_lock(chan);
ab07801d 372
89bc500e 373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 374 reason = ECONNREFUSED;
89bc500e 375 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 376 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED;
378 else
379 reason = ETIMEDOUT;
380
0f852724 381 l2cap_chan_close(chan, reason);
ab07801d 382
6be36555 383 l2cap_chan_unlock(chan);
ab07801d 384
ba3bd0ee 385 chan->ops->close(chan->data);
3df91ea2
AE		 386 mutex_unlock(&conn->chan_lock);
387
371fd835 388 l2cap_chan_put(chan);
ab07801d
GP		 389}
390
eef1d9b6 391struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 392{
393 struct l2cap_chan *chan;
394
395 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
396 if (!chan)
397 return NULL;
398
c03b355e
AE		 399 mutex_init(&chan->lock);
400
333055f2 401 write_lock(&chan_list_lock);
23691d75 402 list_add(&chan->global_l, &chan_list);
333055f2 403 write_unlock(&chan_list_lock);
23691d75 404
721c4181 405 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 406
89bc500e
GP		 407 chan->state = BT_OPEN;
408
71ba0e56
GP		 409 atomic_set(&chan->refcnt, 1);
410
2827011f
MM		 411 /* This flag is cleared in l2cap_chan_ready() */
412 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
413
eef1d9b6 414 BT_DBG("chan %p", chan);
abc545b8 415
48454079
GP		 416 return chan;
417}
418
23691d75 419void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 420{
333055f2 421 write_lock(&chan_list_lock);
23691d75 422 list_del(&chan->global_l);
333055f2 423 write_unlock(&chan_list_lock);
23691d75 424
371fd835 425 l2cap_chan_put(chan);
6ff5abbf
GP		 426}
427
bd4b1653
AE		 428void l2cap_chan_set_defaults(struct l2cap_chan *chan)
429{
430 chan->fcs = L2CAP_FCS_CRC16;
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW;
435
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
437}
438
14a28491 439static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 440{
af05b30b 441 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 442 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 443
9f5a0d7b 444 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 445
8c1d787b 446 chan->conn = conn;
0139418c 447
5491120e
AE		 448 switch (chan->chan_type) {
449 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 450 if (conn->hcon->type == LE_LINK) {
451 /* LE connection */
0c1bc5c6 452 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 453 chan->scid = L2CAP_CID_LE_DATA;
454 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 455 } else {
456 /* Alloc CID for connection-oriented socket */
fe4128e0 457 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 458 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 459 }
5491120e
AE		 460 break;
461
462 case L2CAP_CHAN_CONN_LESS:
0139418c 463 /* Connectionless socket */
fe4128e0
GP		 464 chan->scid = L2CAP_CID_CONN_LESS;
465 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 466 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 467 break;
468
469 default:
0139418c 470 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 471 chan->scid = L2CAP_CID_SIGNALING;
472 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 473 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 474 }
475
8f7975b1
AE		 476 chan->local_id = L2CAP_BESTEFFORT_ID;
477 chan->local_stype = L2CAP_SERV_BESTEFFORT;
478 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
479 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
480 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
481 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
482
371fd835 483 l2cap_chan_hold(chan);
baa7e1fa 484
3df91ea2 485 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 486}
487
14a28491 488static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 489{
490 mutex_lock(&conn->chan_lock);
491 __l2cap_chan_add(conn, chan);
3df91ea2 492 mutex_unlock(&conn->chan_lock);
0139418c
MH		 493}
494
4519de9a 495static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 496{
48454079 497 struct sock *sk = chan->sk;
8c1d787b 498 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 499 struct sock *parent = bt_sk(sk)->parent;
500
c9b66675 501 __clear_chan_timer(chan);
0139418c 502
49208c9c 503 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 504
8e87d142 505 if (conn) {
baa7e1fa 506 /* Delete from channel list */
3df91ea2 507 list_del(&chan->list);
3d57dc68 508
371fd835 509 l2cap_chan_put(chan);
baa7e1fa 510
8c1d787b 511 chan->conn = NULL;
0139418c
MH		 512 hci_conn_put(conn->hcon);
513 }
514
6be36555
AE		 515 lock_sock(sk);
516
0e587be7 517 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 518 sock_set_flag(sk, SOCK_ZAPPED);
519
520 if (err)
2e0052e4 521 __l2cap_chan_set_err(chan, err);
0139418c
MH		 522
523 if (parent) {
524 bt_accept_unlink(sk);
525 parent->sk_data_ready(parent, 0);
526 } else
527 sk->sk_state_change(sk);
c13ffa62 528
6be36555
AE		 529 release_sock(sk);
530
2827011f 531 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
6ff5abbf 532 return;
2ead70b8 533
58d35f87 534 skb_queue_purge(&chan->tx_q);
c13ffa62 535
0c1bc5c6 536 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 537 __clear_retrans_timer(chan);
538 __clear_monitor_timer(chan);
539 __clear_ack_timer(chan);
c13ffa62 540
f1c6775b 541 skb_queue_purge(&chan->srej_q);
c13ffa62 542
3c588192
MM		 543 l2cap_seq_list_free(&chan->srej_list);
544 l2cap_seq_list_free(&chan->retrans_list);
c13ffa62 545 }
0139418c
MH		 546}
547
4519de9a
GP		 548static void l2cap_chan_cleanup_listen(struct sock *parent)
549{
550 struct sock *sk;
551
552 BT_DBG("parent %p", parent);
553
554 /* Close not yet accepted channels */
0f852724 555 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 556 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 557
6be36555 558 l2cap_chan_lock(chan);
c9b66675 559 __clear_chan_timer(chan);
ba3bd0ee 560 l2cap_chan_close(chan, ECONNRESET);
6be36555 561 l2cap_chan_unlock(chan);
3df91ea2 562
ba3bd0ee 563 chan->ops->close(chan->data);
0f852724 564 }
4519de9a
GP		 565}
566
0f852724 567void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 568{
569 struct l2cap_conn *conn = chan->conn;
570 struct sock *sk = chan->sk;
571
e05dcc32
AE		 572 BT_DBG("chan %p state %s sk %p", chan,
573 state_to_string(chan->state), sk);
4519de9a 574
89bc500e 575 switch (chan->state) {
4519de9a 576 case BT_LISTEN:
6be36555 577 lock_sock(sk);
4519de9a 578 l2cap_chan_cleanup_listen(sk);
89bc500e 579
0e587be7 580 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 581 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 582 release_sock(sk);
4519de9a
GP		 583 break;
584
585 case BT_CONNECTED:
586 case BT_CONFIG:
715ec005 587 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 588 conn->hcon->type == ACL_LINK) {
c9b66675 589 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 590 l2cap_send_disconn_req(conn, chan, reason);
591 } else
592 l2cap_chan_del(chan, reason);
593 break;
594
595 case BT_CONNECT2:
715ec005 596 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 597 conn->hcon->type == ACL_LINK) {
598 struct l2cap_conn_rsp rsp;
599 __u16 result;
600
c5daa683 601 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
4519de9a
GP		 602 result = L2CAP_CR_SEC_BLOCK;
603 else
604 result = L2CAP_CR_BAD_PSM;
89bc500e 605 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 606
607 rsp.scid = cpu_to_le16(chan->dcid);
608 rsp.dcid = cpu_to_le16(chan->scid);
609 rsp.result = cpu_to_le16(result);
610 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
611 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
612 sizeof(rsp), &rsp);
613 }
614
615 l2cap_chan_del(chan, reason);
616 break;
617
618 case BT_CONNECT:
619 case BT_DISCONN:
620 l2cap_chan_del(chan, reason);
621 break;
622
623 default:
6be36555 624 lock_sock(sk);
4519de9a 625 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 626 release_sock(sk);
4519de9a
GP		 627 break;
628 }
629}
630
4343478f 631static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 632{
715ec005 633 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 634 switch (chan->sec_level) {
8556edd3
JH		 635 case BT_SECURITY_HIGH:
636 return HCI_AT_DEDICATED_BONDING_MITM;
637 case BT_SECURITY_MEDIUM:
638 return HCI_AT_DEDICATED_BONDING;
639 default:
640 return HCI_AT_NO_BONDING;
641 }
fe4128e0 642 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 643 if (chan->sec_level == BT_SECURITY_LOW)
644 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 645
4343478f 646 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 647 return HCI_AT_NO_BONDING_MITM;
00ae4af9 648 else
8556edd3 649 return HCI_AT_NO_BONDING;
00ae4af9 650 } else {
4343478f 651 switch (chan->sec_level) {
00ae4af9 652 case BT_SECURITY_HIGH:
8556edd3 653 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 654 case BT_SECURITY_MEDIUM:
8556edd3 655 return HCI_AT_GENERAL_BONDING;
00ae4af9 656 default:
8556edd3 657 return HCI_AT_NO_BONDING;
00ae4af9 658 }
0684e5f9 659 }
8556edd3
JH		 660}
661
662/* Service level security */
d45fc423 663int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 664{
8c1d787b 665 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 666 __u8 auth_type;
667
4343478f 668 auth_type = l2cap_get_auth_type(chan);
79d554a6 669
4343478f 670 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 671}
672
b5ad8b7f 673static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 674{
675 u8 id;
676
677 /* Get next available identificator.
678 * 1 - 128 are used by kernel.
679 * 129 - 199 are reserved.
680 * 200 - 254 are used by utilities like l2ping, etc.
681 */
682
333055f2 683 spin_lock(&conn->lock);
4e8402a3
MH		 684
685 if (++conn->tx_ident > 128)
686 conn->tx_ident = 1;
687
688 id = conn->tx_ident;
689
333055f2 690 spin_unlock(&conn->lock);
4e8402a3
MH		 691
692 return id;
693}
694
4519de9a 695static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 696{
697 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 698 u8 flags;
4e8402a3
MH		 699
700 BT_DBG("code 0x%2.2x", code);
701
702 if (!skb)
9a9c6a34 703 return;
4e8402a3 704
e702112f
AE		 705 if (lmp_no_flush_capable(conn->hcon->hdev))
706 flags = ACL_START_NO_FLUSH;
707 else
708 flags = ACL_START;
709
14b12d0b 710 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 711 skb->priority = HCI_PRIO_MAX;
14b12d0b 712
73d80deb
LAD		 713 hci_send_acl(conn->hchan, skb, flags);
714}
715
716static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
717{
718 struct hci_conn *hcon = chan->conn->hcon;
719 u16 flags;
720
721 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
722 skb->priority);
723
724 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
725 lmp_no_flush_capable(hcon->hdev))
726 flags = ACL_START_NO_FLUSH;
727 else
728 flags = ACL_START;
14b12d0b 729
73d80deb
LAD		 730 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
731 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 732}
733
b76bbd66
MM		 734static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control)
735{
736 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT;
737 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT;
738
739 if (enh & L2CAP_CTRL_FRAME_TYPE) {
740 /* S-Frame */
741 control->sframe = 1;
742 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT;
743 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT;
744
745 control->sar = 0;
746 control->txseq = 0;
747 } else {
748 /* I-Frame */
749 control->sframe = 0;
750 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT;
751 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT;
752
753 control->poll = 0;
754 control->super = 0;
755 }
756}
757
b76bbd66
MM		 758static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control)
759{
760 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT;
761 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT;
762
763 if (ext & L2CAP_EXT_CTRL_FRAME_TYPE) {
764 /* S-Frame */
765 control->sframe = 1;
766 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT;
767 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT;
768
769 control->sar = 0;
770 control->txseq = 0;
771 } else {
772 /* I-Frame */
773 control->sframe = 0;
774 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT;
775 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT;
776
777 control->poll = 0;
778 control->super = 0;
779 }
780}
781
782static inline void __unpack_control(struct l2cap_chan *chan,
783 struct sk_buff *skb)
784{
785 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
786 __unpack_extended_control(get_unaligned_le32(skb->data),
787 &bt_cb(skb)->control);
cec8ab6e 788 skb_pull(skb, L2CAP_EXT_CTRL_SIZE);
b76bbd66
MM		 789 } else {
790 __unpack_enhanced_control(get_unaligned_le16(skb->data),
791 &bt_cb(skb)->control);
cec8ab6e 792 skb_pull(skb, L2CAP_ENH_CTRL_SIZE);
b76bbd66
MM		 793 }
794}
795
b5c6aaed
MM		 796static u32 __pack_extended_control(struct l2cap_ctrl *control)
797{
798 u32 packed;
799
800 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT;
801 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT;
802
803 if (control->sframe) {
804 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT;
805 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT;
806 packed |= L2CAP_EXT_CTRL_FRAME_TYPE;
807 } else {
808 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT;
809 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT;
810 }
811
812 return packed;
813}
814
815static u16 __pack_enhanced_control(struct l2cap_ctrl *control)
816{
817 u16 packed;
818
819 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT;
820 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT;
821
822 if (control->sframe) {
823 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT;
824 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT;
825 packed |= L2CAP_CTRL_FRAME_TYPE;
826 } else {
827 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT;
828 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT;
829 }
830
831 return packed;
832}
833
b76bbd66
MM		 834static inline void __pack_control(struct l2cap_chan *chan,
835 struct l2cap_ctrl *control,
836 struct sk_buff *skb)
837{
838 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
839 put_unaligned_le32(__pack_extended_control(control),
840 skb->data + L2CAP_HDR_SIZE);
841 } else {
842 put_unaligned_le16(__pack_enhanced_control(control),
843 skb->data + L2CAP_HDR_SIZE);
844 }
845}
846
a67d7f6f
MM		 847static struct sk_buff *l2cap_create_sframe_pdu(struct l2cap_chan *chan,
848 u32 control)
b5c6aaed
MM		 849{
850 struct sk_buff *skb;
851 struct l2cap_hdr *lh;
a67d7f6f 852 int hlen;
b5c6aaed
MM		 853
854 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
855 hlen = L2CAP_EXT_HDR_SIZE;
856 else
857 hlen = L2CAP_ENH_HDR_SIZE;
858
859 if (chan->fcs == L2CAP_FCS_CRC16)
860 hlen += L2CAP_FCS_SIZE;
861
a67d7f6f 862 skb = bt_skb_alloc(hlen, GFP_KERNEL);
b5c6aaed 863
b5c6aaed 864 if (!skb)
a67d7f6f 865 return ERR_PTR(-ENOMEM);
b5c6aaed
MM		 866
867 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
868 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
869 lh->cid = cpu_to_le16(chan->dcid);
870
a67d7f6f
MM		 871 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
872 put_unaligned_le32(control, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
873 else
874 put_unaligned_le16(control, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
b5c6aaed
MM		 875
876 if (chan->fcs == L2CAP_FCS_CRC16) {
a67d7f6f 877 u16 fcs = crc16(0, (u8 *)skb->data, skb->len);
b5c6aaed
MM		 878 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
879 }
880
881 skb->priority = HCI_PRIO_MAX;
a67d7f6f
MM		 882 return skb;
883}
884
885static void l2cap_send_sframe(struct l2cap_chan *chan,
886 struct l2cap_ctrl *control)
887{
888 struct sk_buff *skb;
889 u32 control_field;
890
891 BT_DBG("chan %p, control %p", chan, control);
892
893 if (!control->sframe)
894 return;
895
896 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
897 !control->poll)
898 control->final = 1;
899
900 if (control->super == L2CAP_SUPER_RR)
901 clear_bit(CONN_RNR_SENT, &chan->conn_state);
902 else if (control->super == L2CAP_SUPER_RNR)
903 set_bit(CONN_RNR_SENT, &chan->conn_state);
904
905 if (control->super != L2CAP_SUPER_SREJ) {
906 chan->last_acked_seq = control->reqseq;
907 __clear_ack_timer(chan);
908 }
909
910 BT_DBG("reqseq %d, final %d, poll %d, super %d", control->reqseq,
911 control->final, control->poll, control->super);
912
913 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
914 control_field = __pack_extended_control(control);
915 else
916 control_field = __pack_enhanced_control(control);
917
918 skb = l2cap_create_sframe_pdu(chan, control_field);
919 if (!IS_ERR(skb))
920 l2cap_do_send(chan, skb);
b5c6aaed
MM		 921}
922
923static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
924{
925 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
926 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
927 set_bit(CONN_RNR_SENT, &chan->conn_state);
928 } else
929 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
930
931 control |= __set_reqseq(chan, chan->buffer_seq);
b5c6aaed
MM		 932}
933
b4450035 934static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 935{
c1360a1c 936 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 937}
938
9b27f350
AE		 939static void l2cap_send_conn_req(struct l2cap_chan *chan)
940{
941 struct l2cap_conn *conn = chan->conn;
942 struct l2cap_conn_req req;
943
944 req.scid = cpu_to_le16(chan->scid);
945 req.psm = chan->psm;
946
947 chan->ident = l2cap_get_ident(conn);
948
949 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
950
951 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
952}
953
9f0caeb1
VCG		 954static void l2cap_chan_ready(struct l2cap_chan *chan)
955{
956 struct sock *sk = chan->sk;
957 struct sock *parent;
958
959 lock_sock(sk);
960
961 parent = bt_sk(sk)->parent;
962
963 BT_DBG("sk %p, parent %p", sk, parent);
964
2827011f 965 /* This clears all conf flags, including CONF_NOT_COMPLETE */
9f0caeb1
VCG		 966 chan->conf_state = 0;
967 __clear_chan_timer(chan);
968
969 __l2cap_state_change(chan, BT_CONNECTED);
970 sk->sk_state_change(sk);
971
972 if (parent)
973 parent->sk_data_ready(parent, 0);
974
975 release_sock(sk);
976}
977
fc7f8a7e 978static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 979{
8c1d787b 980 struct l2cap_conn *conn = chan->conn;
79d554a6 981
9f0caeb1
VCG		 982 if (conn->hcon->type == LE_LINK) {
983 l2cap_chan_ready(chan);
984 return;
985 }
986
79d554a6 987 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 988 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
989 return;
990
d45fc423 991 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 992 __l2cap_no_conn_pending(chan))
993 l2cap_send_conn_req(chan);
79d554a6
MH		 994 } else {
995 struct l2cap_info_req req;
996 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
997
998 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
999 conn->info_ident = l2cap_get_ident(conn);
1000
ba13ccd9 1001 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 1002
1003 l2cap_send_cmd(conn, conn->info_ident,
1004 L2CAP_INFO_REQ, sizeof(req), &req);
1005 }
1006}
1007
cf6c2c0b
GP		 1008static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1009{
1010 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 1011 if (!disable_ertm)
cf6c2c0b
GP		 1012 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
1013
1014 switch (mode) {
1015 case L2CAP_MODE_ERTM:
1016 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
1017 case L2CAP_MODE_STREAMING:
1018 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
1019 default:
1020 return 0x00;
1021 }
1022}
1023
4519de9a 1024static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 1025{
6be36555 1026 struct sock *sk = chan->sk;
22121fc9
GP		 1027 struct l2cap_disconn_req req;
1028
c13ffa62
GP		 1029 if (!conn)
1030 return;
1031
0c1bc5c6 1032 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 1033 __clear_retrans_timer(chan);
1034 __clear_monitor_timer(chan);
1035 __clear_ack_timer(chan);
c13ffa62
GP		 1036 }
1037
fe4128e0
GP		 1038 req.dcid = cpu_to_le16(chan->dcid);
1039 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 1040 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1041 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 1042
6be36555 1043 lock_sock(sk);
0e587be7 1044 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 1045 __l2cap_chan_set_err(chan, err);
6be36555 1046 release_sock(sk);
22121fc9
GP		 1047}
1048
1da177e4 1049/* ---- L2CAP connections ---- */
4e8402a3
MH		 1050static void l2cap_conn_start(struct l2cap_conn *conn)
1051{
3df91ea2 1052 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 1053
1054 BT_DBG("conn %p", conn);
1055
3df91ea2 1056 mutex_lock(&conn->chan_lock);
4e8402a3 1057
3df91ea2 1058 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 1059 struct sock *sk = chan->sk;
baa7e1fa 1060
6be36555 1061 l2cap_chan_lock(chan);
4e8402a3 1062
715ec005 1063 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1064 l2cap_chan_unlock(chan);
79d554a6
MH		 1065 continue;
1066 }
1067
89bc500e 1068 if (chan->state == BT_CONNECT) {
d45fc423 1069 if (!l2cap_chan_check_security(chan) ||
b4450035 1070 !__l2cap_no_conn_pending(chan)) {
6be36555 1071 l2cap_chan_unlock(chan);
47731de7
GP		 1072 continue;
1073 }
79d554a6 1074
c1360a1c
GP		 1075 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1076 && test_bit(CONF_STATE2_DEVICE,
1077 &chan->conf_state)) {
89bc500e 1078 l2cap_chan_close(chan, ECONNRESET);
6be36555 1079 l2cap_chan_unlock(chan);
47731de7 1080 continue;
b1235d79 1081 }
47731de7 1082
9b27f350 1083 l2cap_send_conn_req(chan);
47731de7 1084
89bc500e 1085 } else if (chan->state == BT_CONNECT2) {
79d554a6 1086 struct l2cap_conn_rsp rsp;
e9aeb2dd 1087 char buf[128];
fe4128e0
GP		 1088 rsp.scid = cpu_to_le16(chan->dcid);
1089 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 1090
d45fc423 1091 if (l2cap_chan_check_security(chan)) {
6be36555 1092 lock_sock(sk);
c5daa683
GP		 1093 if (test_bit(BT_SK_DEFER_SETUP,
1094 &bt_sk(sk)->flags)) {
f66dc81f
MH		 1095 struct sock *parent = bt_sk(sk)->parent;
1096 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1097 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 1098 if (parent)
1099 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 1100
1101 } else {
0e587be7 1102 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 1103 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1104 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1105 }
6be36555 1106 release_sock(sk);
79d554a6
MH		 1107 } else {
1108 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1109 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
1110 }
1111
fc7f8a7e
GP		 1112 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1113 sizeof(rsp), &rsp);
e9aeb2dd 1114
c1360a1c 1115 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 1116 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 1117 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 1118 continue;
1119 }
1120
c1360a1c 1121 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 1122 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 1123 l2cap_build_conf_req(chan, buf), buf);
1124 chan->num_conf_req++;
4e8402a3
MH		 1125 }
1126
6be36555 1127 l2cap_chan_unlock(chan);
4e8402a3
MH		 1128 }
1129
3df91ea2 1130 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1131}
1132
c2287681 1133/* Find socket with cid and source/destination bdaddr.
b62f328b
VT		 1134 * Returns closest match, locked.
1135 */
d9b88702 1136static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
c2287681
IY		 1137 bdaddr_t *src,
1138 bdaddr_t *dst)
b62f328b 1139{
23691d75 1140 struct l2cap_chan *c, *c1 = NULL;
b62f328b 1141
23691d75 1142 read_lock(&chan_list_lock);
b62f328b 1143
23691d75
GP		 1144 list_for_each_entry(c, &chan_list, global_l) {
1145 struct sock *sk = c->sk;
fe4128e0 1146
89bc500e 1147 if (state && c->state != state)
b62f328b
VT		 1148 continue;
1149
23691d75 1150 if (c->scid == cid) {
c2287681
IY		 1151 int src_match, dst_match;
1152 int src_any, dst_any;
1153
b62f328b 1154 /* Exact match. */
c2287681
IY		 1155 src_match = !bacmp(&bt_sk(sk)->src, src);
1156 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1157 if (src_match && dst_match) {
23691d75
GP		 1158 read_unlock(&chan_list_lock);
1159 return c;
1160 }
b62f328b
VT		 1161
1162 /* Closest match */
c2287681
IY		 1163 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1164 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1165 if ((src_match && dst_any) || (src_any && dst_match) ||
1166 (src_any && dst_any))
23691d75 1167 c1 = c;
b62f328b
VT		 1168 }
1169 }
280f294f 1170
23691d75 1171 read_unlock(&chan_list_lock);
b62f328b 1172
23691d75 1173 return c1;
b62f328b
VT		 1174}
1175
1176static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1177{
c916fbe4 1178 struct sock *parent, *sk;
23691d75 1179 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 1180
1181 BT_DBG("");
1182
1183 /* Check if we have socket listening on cid */
23691d75 1184 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
c2287681 1185 conn->src, conn->dst);
23691d75 1186 if (!pchan)
b62f328b
VT		 1187 return;
1188
23691d75
GP		 1189 parent = pchan->sk;
1190
aa2ac881 1191 lock_sock(parent);
62f3a2cf 1192
b62f328b
VT		 1193 /* Check for backlog size */
1194 if (sk_acceptq_is_full(parent)) {
1195 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1196 goto clean;
1197 }
1198
80808e43
GP		 1199 chan = pchan->ops->new_connection(pchan->data);
1200 if (!chan)
b62f328b
VT		 1201 goto clean;
1202
80808e43 1203 sk = chan->sk;
5d41ce1d 1204
b62f328b
VT		 1205 hci_conn_hold(conn->hcon);
1206
b62f328b
VT		 1207 bacpy(&bt_sk(sk)->src, conn->src);
1208 bacpy(&bt_sk(sk)->dst, conn->dst);
1209
d1010240
GP		 1210 bt_accept_enqueue(parent, sk);
1211
3d57dc68 1212 l2cap_chan_add(conn, chan);
48454079 1213
c9b66675 1214 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 1215
0e587be7 1216 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 1217 parent->sk_data_ready(parent, 0);
1218
b62f328b 1219clean:
aa2ac881 1220 release_sock(parent);
b62f328b
VT		 1221}
1222
4e8402a3
MH		 1223static void l2cap_conn_ready(struct l2cap_conn *conn)
1224{
48454079 1225 struct l2cap_chan *chan;
4e8402a3 1226
79d554a6 1227 BT_DBG("conn %p", conn);
4e8402a3 1228
b62f328b
VT		 1229 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
1230 l2cap_le_conn_ready(conn);
1231
160dc6ac
VCG		 1232 if (conn->hcon->out && conn->hcon->type == LE_LINK)
1233 smp_conn_security(conn, conn->hcon->pending_sec_level);
1234
3df91ea2 1235 mutex_lock(&conn->chan_lock);
4e8402a3 1236
3df91ea2 1237 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 1238
6be36555 1239 l2cap_chan_lock(chan);
4e8402a3 1240
63128451 1241 if (conn->hcon->type == LE_LINK) {
b501d6a1 1242 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 1243 l2cap_chan_ready(chan);
acd7d370 1244
63128451 1245 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1246 struct sock *sk = chan->sk;
c9b66675 1247 __clear_chan_timer(chan);
6be36555 1248 lock_sock(sk);
0e587be7 1249 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1250 sk->sk_state_change(sk);
6be36555 1251 release_sock(sk);
b501d6a1 1252
89bc500e 1253 } else if (chan->state == BT_CONNECT)
fc7f8a7e 1254 l2cap_do_start(chan);
4e8402a3 1255
6be36555 1256 l2cap_chan_unlock(chan);
4e8402a3 1257 }
79d554a6 1258
3df91ea2 1259 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1260}
1261
1262/* Notify sockets that we cannot guaranty reliability anymore */
1263static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1264{
48454079 1265 struct l2cap_chan *chan;
4e8402a3
MH		 1266
1267 BT_DBG("conn %p", conn);
1268
3df91ea2 1269 mutex_lock(&conn->chan_lock);
4e8402a3 1270
3df91ea2 1271 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 1272 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 1273 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 1274 }
1275
3df91ea2 1276 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1277}
1278
f878fcad 1279static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1280{
f878fcad 1281 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1282 info_timer.work);
4e8402a3 1283
984947dc 1284 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1285 conn->info_ident = 0;
984947dc 1286
4e8402a3
MH		 1287 l2cap_conn_start(conn);
1288}
1289
5d3de7df
VCG		 1290static void l2cap_conn_del(struct hci_conn *hcon, int err)
1291{
1292 struct l2cap_conn *conn = hcon->l2cap_data;
1293 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1294
1295 if (!conn)
1296 return;
1297
1298 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1299
1300 kfree_skb(conn->rx_skb);
1301
3df91ea2
AE		 1302 mutex_lock(&conn->chan_lock);
1303
5d3de7df
VCG		 1304 /* Kill channels */
1305 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
61d6ef3e 1306 l2cap_chan_hold(chan);
6be36555
AE		 1307 l2cap_chan_lock(chan);
1308
5d3de7df 1309 l2cap_chan_del(chan, err);
6be36555
AE		 1310
1311 l2cap_chan_unlock(chan);
1312
5d3de7df 1313 chan->ops->close(chan->data);
61d6ef3e 1314 l2cap_chan_put(chan);
5d3de7df
VCG		 1315 }
1316
3df91ea2
AE		 1317 mutex_unlock(&conn->chan_lock);
1318
73d80deb
LAD		 1319 hci_chan_del(conn->hchan);
1320
5d3de7df 1321 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1322 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1323
51a8efd7 1324 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1325 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1326 smp_chan_destroy(conn);
d26a2345 1327 }
5d3de7df
VCG		 1328
1329 hcon->l2cap_data = NULL;
1330 kfree(conn);
1331}
1332
6c9d42a1 1333static void security_timeout(struct work_struct *work)
5d3de7df 1334{
6c9d42a1
GP		 1335 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1336 security_timer.work);
5d3de7df
VCG		 1337
1338 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1339}
1340
1da177e4
LT		 1341static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1342{
0139418c 1343 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1344 struct hci_chan *hchan;
1da177e4 1345
0139418c 1346 if (conn || status)
1da177e4
LT		 1347 return conn;
1348
73d80deb
LAD		 1349 hchan = hci_chan_create(hcon);
1350 if (!hchan)
1351 return NULL;
1352
0139418c 1353 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1354 if (!conn) {
1355 hci_chan_del(hchan);
1da177e4 1356 return NULL;
73d80deb 1357 }
1da177e4
LT		 1358
1359 hcon->l2cap_data = conn;
1360 conn->hcon = hcon;
73d80deb 1361 conn->hchan = hchan;
1da177e4 1362
73d80deb 1363 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1364
acd7d370
VT		 1365 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1366 conn->mtu = hcon->hdev->le_mtu;
1367 else
1368 conn->mtu = hcon->hdev->acl_mtu;
1369
1da177e4
LT		 1370 conn->src = &hcon->hdev->bdaddr;
1371 conn->dst = &hcon->dst;
1372
4e8402a3
MH		 1373 conn->feat_mask = 0;
1374
1da177e4 1375 spin_lock_init(&conn->lock);
3df91ea2 1376 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1377
1378 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1379
5d3de7df 1380 if (hcon->type == LE_LINK)
6c9d42a1 1381 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1382 else
030013d8 1383 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1384
9f5a0d7b 1385 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1386
1da177e4
LT		 1387 return conn;
1388}
1389
1da177e4 1390/* ---- Socket interface ---- */
1da177e4 1391
c2287681 1392/* Find socket with psm and source / destination bdaddr.
1da177e4
LT		 1393 * Returns closest match.
1394 */
c2287681
IY		 1395static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1396 bdaddr_t *src,
1397 bdaddr_t *dst)
1da177e4 1398{
23691d75 1399 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1400
23691d75 1401 read_lock(&chan_list_lock);
e0f0cb56 1402
23691d75
GP		 1403 list_for_each_entry(c, &chan_list, global_l) {
1404 struct sock *sk = c->sk;
fe4128e0 1405
89bc500e 1406 if (state && c->state != state)
1da177e4
LT		 1407 continue;
1408
23691d75 1409 if (c->psm == psm) {
c2287681
IY		 1410 int src_match, dst_match;
1411 int src_any, dst_any;
1412
1da177e4 1413 /* Exact match. */
c2287681
IY		 1414 src_match = !bacmp(&bt_sk(sk)->src, src);
1415 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1416 if (src_match && dst_match) {
a7567b20 1417 read_unlock(&chan_list_lock);
23691d75
GP		 1418 return c;
1419 }
1da177e4
LT		 1420
1421 /* Closest match */
c2287681
IY		 1422 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1423 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1424 if ((src_match && dst_any) || (src_any && dst_match) ||
1425 (src_any && dst_any))
23691d75 1426 c1 = c;
1da177e4
LT		 1427 }
1428 }
1da177e4 1429
23691d75 1430 read_unlock(&chan_list_lock);
e0f0cb56 1431
23691d75 1432 return c1;
1da177e4
LT		 1433}
1434
8e9f9892
AG		 1435int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1436 bdaddr_t *dst, u8 dst_type)
1da177e4 1437{
5d41ce1d 1438 struct sock *sk = chan->sk;
1da177e4 1439 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1440 struct l2cap_conn *conn;
1441 struct hci_conn *hcon;
1442 struct hci_dev *hdev;
09ab6f4c 1443 __u8 auth_type;
44d0e48e 1444 int err;
1da177e4 1445
8e9f9892
AG		 1446 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst),
1447 dst_type, __le16_to_cpu(chan->psm));
1da177e4 1448
af05b30b
GP		 1449 hdev = hci_get_route(dst, src);
1450 if (!hdev)
1da177e4
LT		 1451 return -EHOSTUNREACH;
1452
09fd0de5 1453 hci_dev_lock(hdev);
1da177e4 1454
6be36555 1455 l2cap_chan_lock(chan);
03a00194
GP		 1456
1457 /* PSM must be odd and lsb of upper byte must be 0 */
1458 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1459 chan->chan_type != L2CAP_CHAN_RAW) {
1460 err = -EINVAL;
1461 goto done;
1462 }
1463
1464 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1465 err = -EINVAL;
1466 goto done;
1467 }
1468
1469 switch (chan->mode) {
1470 case L2CAP_MODE_BASIC:
1471 break;
1472 case L2CAP_MODE_ERTM:
1473 case L2CAP_MODE_STREAMING:
1474 if (!disable_ertm)
1475 break;
1476 /* fall through */
1477 default:
1478 err = -ENOTSUPP;
1479 goto done;
1480 }
1481
6be36555
AE		 1482 lock_sock(sk);
1483
03a00194
GP		 1484 switch (sk->sk_state) {
1485 case BT_CONNECT:
1486 case BT_CONNECT2:
1487 case BT_CONFIG:
1488 /* Already connecting */
1489 err = 0;
6be36555 1490 release_sock(sk);
03a00194
GP		 1491 goto done;
1492
1493 case BT_CONNECTED:
1494 /* Already connected */
1495 err = -EISCONN;
6be36555 1496 release_sock(sk);
03a00194
GP		 1497 goto done;
1498
1499 case BT_OPEN:
1500 case BT_BOUND:
1501 /* Can connect */
1502 break;
1503
1504 default:
1505 err = -EBADFD;
6be36555 1506 release_sock(sk);
03a00194
GP		 1507 goto done;
1508 }
1509
1510 /* Set destination address and psm */
9219b2a0 1511 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1512
1513 release_sock(sk);
1514
03a00194
GP		 1515 chan->psm = psm;
1516 chan->dcid = cid;
1da177e4 1517
4343478f 1518 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1519
fe4128e0 1520 if (chan->dcid == L2CAP_CID_LE_DATA)
8e9f9892 1521 hcon = hci_connect(hdev, LE_LINK, dst, dst_type,
b12f62cf 1522 chan->sec_level, auth_type);
acd7d370 1523 else
8e9f9892 1524 hcon = hci_connect(hdev, ACL_LINK, dst, dst_type,
b12f62cf 1525 chan->sec_level, auth_type);
acd7d370 1526
30e76272
VT		 1527 if (IS_ERR(hcon)) {
1528 err = PTR_ERR(hcon);
1da177e4 1529 goto done;
30e76272 1530 }
1da177e4
LT		 1531
1532 conn = l2cap_conn_add(hcon, 0);
1533 if (!conn) {
1534 hci_conn_put(hcon);
30e76272 1535 err = -ENOMEM;
1da177e4
LT		 1536 goto done;
1537 }
1538
9f0caeb1
VCG		 1539 if (hcon->type == LE_LINK) {
1540 err = 0;
1541
1542 if (!list_empty(&conn->chan_l)) {
1543 err = -EBUSY;
1544 hci_conn_put(hcon);
1545 }
1546
1547 if (err)
1548 goto done;
1549 }
1550
1da177e4
LT		 1551 /* Update source addr of the socket */
1552 bacpy(src, conn->src);
1553
6be36555 1554 l2cap_chan_unlock(chan);
48454079 1555 l2cap_chan_add(conn, chan);
6be36555 1556 l2cap_chan_lock(chan);
48454079 1557
6be36555 1558 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1559 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1560
1561 if (hcon->state == BT_CONNECTED) {
715ec005 1562 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1563 __clear_chan_timer(chan);
d45fc423 1564 if (l2cap_chan_check_security(chan))
6be36555 1565 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1566 } else
fc7f8a7e 1567 l2cap_do_start(chan);
1da177e4
LT		 1568 }
1569
30e76272
VT		 1570 err = 0;
1571
1da177e4 1572done:
6be36555 1573 l2cap_chan_unlock(chan);
09fd0de5 1574 hci_dev_unlock(hdev);
1da177e4
LT		 1575 hci_dev_put(hdev);
1576 return err;
1577}
1578
dcba0dba 1579int __l2cap_wait_ack(struct sock *sk)
6161c038 1580{
8c1d787b 1581 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1582 DECLARE_WAITQUEUE(wait, current);
1583 int err = 0;
1584 int timeo = HZ/5;
1585
2b0b05dd 1586 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1587 set_current_state(TASK_INTERRUPTIBLE);
1588 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1589 if (!timeo)
1590 timeo = HZ/5;
1591
1592 if (signal_pending(current)) {
1593 err = sock_intr_errno(timeo);
1594 break;
1595 }
1596
1597 release_sock(sk);
1598 timeo = schedule_timeout(timeo);
1599 lock_sock(sk);
a71a0cf4 1600 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1601
1602 err = sock_error(sk);
1603 if (err)
1604 break;
1605 }
1606 set_current_state(TASK_RUNNING);
2b0b05dd 1607 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1608 return err;
1609}
1610
721c4181 1611static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1612{
721c4181
GP		 1613 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1614 monitor_timer.work);
e90bac06 1615
525cd185 1616 BT_DBG("chan %p", chan);
0e98958d 1617
6be36555
AE		 1618 l2cap_chan_lock(chan);
1619
2c03a7a4 1620 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1621 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1622 l2cap_chan_unlock(chan);
8d7e1c7f 1623 l2cap_chan_put(chan);
e90bac06
GP		 1624 return;
1625 }
1626
6a026610 1627 chan->retry_count++;
1a09bcb9 1628 __set_monitor_timer(chan);
e90bac06 1629
525cd185 1630 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1631 l2cap_chan_unlock(chan);
8d7e1c7f 1632 l2cap_chan_put(chan);
e90bac06
GP		 1633}
1634
721c4181 1635static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1636{
721c4181
GP		 1637 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1638 retrans_timer.work);
e90bac06 1639
49208c9c 1640 BT_DBG("chan %p", chan);
0e98958d 1641
6be36555
AE		 1642 l2cap_chan_lock(chan);
1643
6a026610 1644 chan->retry_count = 1;
1a09bcb9 1645 __set_monitor_timer(chan);
e90bac06 1646
e2ab4353 1647 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1648
525cd185 1649 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1650
1651 l2cap_chan_unlock(chan);
8d7e1c7f 1652 l2cap_chan_put(chan);
e90bac06
GP		 1653}
1654
3733937d
MM		 1655static int l2cap_streaming_send(struct l2cap_chan *chan,
1656 struct sk_buff_head *skbs)
6840ed07 1657{
ccbb84af 1658 struct sk_buff *skb;
3733937d 1659 struct l2cap_ctrl *control;
6840ed07 1660
3733937d
MM		 1661 BT_DBG("chan %p, skbs %p", chan, skbs);
1662
1663 if (chan->state != BT_CONNECTED)
1664 return -ENOTCONN;
1665
1666 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1667
1668 while (!skb_queue_empty(&chan->tx_q)) {
1669
1670 skb = skb_dequeue(&chan->tx_q);
1671
1672 bt_cb(skb)->control.retries = 1;
1673 control = &bt_cb(skb)->control;
1674
1675 control->reqseq = 0;
1676 control->txseq = chan->next_tx_seq;
1677
1678 __pack_control(chan, control, skb);
6840ed07 1679
47d1ec61 1680 if (chan->fcs == L2CAP_FCS_CRC16) {
3733937d
MM		 1681 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1682 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1683 }
1684
4343478f 1685 l2cap_do_send(chan, skb);
6840ed07 1686
3733937d
MM		 1687 BT_DBG("Sent txseq %d", (int)control->txseq);
1688
836be934 1689 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
3733937d 1690 chan->frames_sent++;
6840ed07 1691 }
3733937d
MM		 1692
1693 return 0;
6840ed07
GP		 1694}
1695
67c9e840 1696static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1697{
1698 struct sk_buff *skb, *tx_skb;
18a48e76
MM		 1699 struct l2cap_ctrl *control;
1700 int sent = 0;
1701
1702 BT_DBG("chan %p", chan);
1c2acffb 1703
89bc500e 1704 if (chan->state != BT_CONNECTED)
c13ffa62 1705 return -ENOTCONN;
e90bac06 1706
94122bbe
MM		 1707 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1708 return 0;
1709
18a48e76
MM		 1710 while (chan->tx_send_head &&
1711 chan->unacked_frames < chan->remote_tx_win &&
1712 chan->tx_state == L2CAP_TX_STATE_XMIT) {
e420aba3 1713
18a48e76 1714 skb = chan->tx_send_head;
e90bac06 1715
18a48e76
MM		 1716 bt_cb(skb)->control.retries = 1;
1717 control = &bt_cb(skb)->control;
95ffa978 1718
e2ab4353 1719 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
18a48e76 1720 control->final = 1;
e2ab4353 1721
18a48e76
MM		 1722 control->reqseq = chan->buffer_seq;
1723 chan->last_acked_seq = chan->buffer_seq;
1724 control->txseq = chan->next_tx_seq;
1c2acffb 1725
18a48e76 1726 __pack_control(chan, control, skb);
e90bac06 1727
47d1ec61 1728 if (chan->fcs == L2CAP_FCS_CRC16) {
18a48e76
MM		 1729 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1730 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1731 }
1732
18a48e76
MM		 1733 /* Clone after data has been modified. Data is assumed to be
1734 read-only (for locking purposes) on cloned sk_buffs.
1735 */
1736 tx_skb = skb_clone(skb, GFP_KERNEL);
9a9c6a34 1737
18a48e76
MM		 1738 if (!tx_skb)
1739 break;
1c2acffb 1740
18a48e76 1741 __set_retrans_timer(chan);
836be934
AE		 1742
1743 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
18a48e76 1744 chan->unacked_frames++;
6a026610 1745 chan->frames_sent++;
18a48e76 1746 sent++;
1c2acffb 1747
58d35f87
GP		 1748 if (skb_queue_is_last(&chan->tx_q, skb))
1749 chan->tx_send_head = NULL;
1c2acffb 1750 else
58d35f87 1751 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
18a48e76
MM		 1752
1753 l2cap_do_send(chan, tx_skb);
1754 BT_DBG("Sent txseq %d", (int)control->txseq);
1c2acffb
GP		 1755 }
1756
18a48e76
MM		 1757 BT_DBG("Sent %d, %d unacked, %d in ERTM queue", sent,
1758 (int) chan->unacked_frames, skb_queue_len(&chan->tx_q));
1759
1760 return sent;
9e917af1
GP		 1761}
1762
e1fbd4c1
MM		 1763static void l2cap_ertm_resend(struct l2cap_chan *chan)
1764{
1765 struct l2cap_ctrl control;
1766 struct sk_buff *skb;
1767 struct sk_buff *tx_skb;
1768 u16 seq;
1769
1770 BT_DBG("chan %p", chan);
1771
1772 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1773 return;
1774
1775 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) {
1776 seq = l2cap_seq_list_pop(&chan->retrans_list);
1777
1778 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1779 if (!skb) {
1780 BT_DBG("Error: Can't retransmit seq %d, frame missing",
1781 seq);
1782 continue;
1783 }
1784
1785 bt_cb(skb)->control.retries++;
1786 control = bt_cb(skb)->control;
1787
1788 if (chan->max_tx != 0 &&
1789 bt_cb(skb)->control.retries > chan->max_tx) {
1790 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
1791 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
1792 l2cap_seq_list_clear(&chan->retrans_list);
1793 break;
1794 }
1795
1796 control.reqseq = chan->buffer_seq;
1797 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1798 control.final = 1;
1799 else
1800 control.final = 0;
1801
1802 if (skb_cloned(skb)) {
1803 /* Cloned sk_buffs are read-only, so we need a
1804 * writeable copy
1805 */
1806 tx_skb = skb_copy(skb, GFP_ATOMIC);
1807 } else {
1808 tx_skb = skb_clone(skb, GFP_ATOMIC);
1809 }
1810
1811 if (!tx_skb) {
1812 l2cap_seq_list_clear(&chan->retrans_list);
1813 break;
1814 }
1815
1816 /* Update skb contents */
1817 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1818 put_unaligned_le32(__pack_extended_control(&control),
1819 tx_skb->data + L2CAP_HDR_SIZE);
1820 } else {
1821 put_unaligned_le16(__pack_enhanced_control(&control),
1822 tx_skb->data + L2CAP_HDR_SIZE);
1823 }
1824
1825 if (chan->fcs == L2CAP_FCS_CRC16) {
1826 u16 fcs = crc16(0, (u8 *) tx_skb->data, tx_skb->len);
1827 put_unaligned_le16(fcs, skb_put(tx_skb,
1828 L2CAP_FCS_SIZE));
1829 }
1830
1831 l2cap_do_send(chan, tx_skb);
1832
1833 BT_DBG("Resent txseq %d", control.txseq);
1834
1835 chan->last_acked_seq = chan->buffer_seq;
1836 }
1837}
1838
f80842a8
MM		 1839static void l2cap_retransmit(struct l2cap_chan *chan,
1840 struct l2cap_ctrl *control)
1841{
1842 BT_DBG("chan %p, control %p", chan, control);
1843
1844 l2cap_seq_list_append(&chan->retrans_list, control->reqseq);
1845 l2cap_ertm_resend(chan);
1846}
1847
d2a7ac5d
MM		 1848static void l2cap_retransmit_all(struct l2cap_chan *chan,
1849 struct l2cap_ctrl *control)
1850{
e1fbd4c1
MM		 1851 struct sk_buff *skb;
1852
1853 BT_DBG("chan %p, control %p", chan, control);
1854
1855 if (control->poll)
1856 set_bit(CONN_SEND_FBIT, &chan->conn_state);
1857
1858 l2cap_seq_list_clear(&chan->retrans_list);
1859
1860 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1861 return;
1862
1863 if (chan->unacked_frames) {
1864 skb_queue_walk(&chan->tx_q, skb) {
1865 if (bt_cb(skb)->control.txseq == control->reqseq ||
1866 skb == chan->tx_send_head)
1867 break;
1868 }
1869
1870 skb_queue_walk_from(&chan->tx_q, skb) {
1871 if (skb == chan->tx_send_head)
1872 break;
1873
1874 l2cap_seq_list_append(&chan->retrans_list,
1875 bt_cb(skb)->control.txseq);
1876 }
1877
1878 l2cap_ertm_resend(chan);
1879 }
d2a7ac5d
MM		 1880}
1881
0a0aba42 1882static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1883{
0a0aba42
MM		 1884 struct l2cap_ctrl control;
1885 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
1886 chan->last_acked_seq);
1887 int threshold;
9e917af1 1888
0a0aba42
MM		 1889 BT_DBG("chan %p last_acked_seq %d buffer_seq %d",
1890 chan, chan->last_acked_seq, chan->buffer_seq);
9e917af1 1891
0a0aba42
MM		 1892 memset(&control, 0, sizeof(control));
1893 control.sframe = 1;
dfc909be 1894
0a0aba42
MM		 1895 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
1896 chan->rx_state == L2CAP_RX_STATE_RECV) {
1897 __clear_ack_timer(chan);
1898 control.super = L2CAP_SUPER_RNR;
1899 control.reqseq = chan->buffer_seq;
1900 l2cap_send_sframe(chan, &control);
1901 } else {
1902 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) {
1903 l2cap_ertm_send(chan);
1904 /* If any i-frames were sent, they included an ack */
1905 if (chan->buffer_seq == chan->last_acked_seq)
1906 frames_to_ack = 0;
1907 }
dfc909be 1908
0a0aba42
MM		 1909 /* Ack now if the tx window is 3/4ths full.
1910 * Calculate without mul or div
1911 */
1912 threshold = chan->tx_win;
1913 threshold += threshold << 1;
1914 threshold >>= 2;
1915
1916 BT_DBG("frames_to_ack %d, threshold %d", (int)frames_to_ack,
1917 threshold);
1918
1919 if (frames_to_ack >= threshold) {
1920 __clear_ack_timer(chan);
1921 control.super = L2CAP_SUPER_RR;
1922 control.reqseq = chan->buffer_seq;
1923 l2cap_send_sframe(chan, &control);
1924 frames_to_ack = 0;
1925 }
1c2acffb 1926
0a0aba42
MM		 1927 if (frames_to_ack)
1928 __set_ack_timer(chan);
1929 }
b17e73bb
SJ		 1930}
1931
04124681
GP		 1932static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1933 struct msghdr *msg, int len,
1934 int count, struct sk_buff *skb)
1c2acffb 1935{
0952a57a 1936 struct l2cap_conn *conn = chan->conn;
1c2acffb 1937 struct sk_buff **frag;
90338947 1938 int sent = 0;
1da177e4 1939
59203a21 1940 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1941 return -EFAULT;
1da177e4
LT		 1942
1943 sent += count;
1944 len -= count;
1945
1946 /* Continuation fragments (no L2CAP header) */
1947 frag = &skb_shinfo(skb)->frag_list;
1948 while (len) {
fbe00700
GP		 1949 struct sk_buff *tmp;
1950
1da177e4
LT		 1951 count = min_t(unsigned int, conn->mtu, len);
1952
fbe00700
GP		 1953 tmp = chan->ops->alloc_skb(chan, count,
1954 msg->msg_flags & MSG_DONTWAIT);
1955 if (IS_ERR(tmp))
1956 return PTR_ERR(tmp);
1957
1958 *frag = tmp;
2f7719ce 1959
1c2acffb
GP		 1960 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1961 return -EFAULT;
1da177e4 1962
5e59b791
LAD		 1963 (*frag)->priority = skb->priority;
1964
1da177e4
LT		 1965 sent += count;
1966 len -= count;
1967
2d0ed3d5
GP		 1968 skb->len += (*frag)->len;
1969 skb->data_len += (*frag)->len;
1970
1da177e4
LT		 1971 frag = &(*frag)->next;
1972 }
1da177e4
LT		 1973
1974 return sent;
1c2acffb 1975}
1da177e4 1976
5e59b791
LAD		 1977static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1978 struct msghdr *msg, size_t len,
1979 u32 priority)
1c2acffb 1980{
8c1d787b 1981 struct l2cap_conn *conn = chan->conn;
1c2acffb 1982 struct sk_buff *skb;
03a51213 1983 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1984 struct l2cap_hdr *lh;
1985
6d5922b0 1986 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1987
1988 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1989
1990 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1991 msg->msg_flags & MSG_DONTWAIT);
1992 if (IS_ERR(skb))
1993 return skb;
1c2acffb 1994
5e59b791
LAD		 1995 skb->priority = priority;
1996
1c2acffb
GP		 1997 /* Create L2CAP header */
1998 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1999 lh->cid = cpu_to_le16(chan->dcid);
daf6a78c
AE		 2000 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
2001 put_unaligned(chan->psm, skb_put(skb, L2CAP_PSMLEN_SIZE));
1c2acffb 2002
0952a57a 2003 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2004 if (unlikely(err < 0)) {
2005 kfree_skb(skb);
2006 return ERR_PTR(err);
2007 }
2008 return skb;
2009}
2010
5e59b791
LAD		 2011static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
2012 struct msghdr *msg, size_t len,
2013 u32 priority)
1c2acffb 2014{
8c1d787b 2015 struct l2cap_conn *conn = chan->conn;
1c2acffb 2016 struct sk_buff *skb;
f2ba7fae 2017 int err, count;
1c2acffb
GP		 2018 struct l2cap_hdr *lh;
2019
6d5922b0 2020 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 2021
f2ba7fae 2022 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
2f7719ce 2023
f2ba7fae 2024 skb = chan->ops->alloc_skb(chan, count + L2CAP_HDR_SIZE,
90338947
GP		 2025 msg->msg_flags & MSG_DONTWAIT);
2026 if (IS_ERR(skb))
2027 return skb;
1c2acffb 2028
5e59b791
LAD		 2029 skb->priority = priority;
2030
1c2acffb
GP		 2031 /* Create L2CAP header */
2032 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 2033 lh->cid = cpu_to_le16(chan->dcid);
6ff9b5ef 2034 lh->len = cpu_to_le16(len);
1c2acffb 2035
0952a57a 2036 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2037 if (unlikely(err < 0)) {
2038 kfree_skb(skb);
2039 return ERR_PTR(err);
2040 }
2041 return skb;
2042}
2043
ab0ff76d
LAD		 2044static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
2045 struct msghdr *msg, size_t len,
94122bbe 2046 u16 sdulen)
1c2acffb 2047{
8c1d787b 2048 struct l2cap_conn *conn = chan->conn;
1c2acffb 2049 struct sk_buff *skb;
e4ca6d98 2050 int err, count, hlen;
1c2acffb
GP		 2051 struct l2cap_hdr *lh;
2052
6d5922b0 2053 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 2054
0ee0d208
GP		 2055 if (!conn)
2056 return ERR_PTR(-ENOTCONN);
2057
e4ca6d98
AE		 2058 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2059 hlen = L2CAP_EXT_HDR_SIZE;
2060 else
2061 hlen = L2CAP_ENH_HDR_SIZE;
2062
c74e560c 2063 if (sdulen)
03a51213 2064 hlen += L2CAP_SDULEN_SIZE;
c74e560c 2065
47d1ec61 2066 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 2067 hlen += L2CAP_FCS_SIZE;
fcc203c3 2068
1c2acffb 2069 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 2070
2071 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 2072 msg->msg_flags & MSG_DONTWAIT);
2073 if (IS_ERR(skb))
2074 return skb;
1c2acffb
GP		 2075
2076 /* Create L2CAP header */
2077 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 2078 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 2079 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0 2080
18a48e76
MM		 2081 /* Control header is populated later */
2082 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2083 put_unaligned_le32(0, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
2084 else
2085 put_unaligned_le16(0, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
88843ab0 2086
c74e560c 2087 if (sdulen)
03a51213 2088 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 2089
0952a57a 2090 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2091 if (unlikely(err < 0)) {
2092 kfree_skb(skb);
2093 return ERR_PTR(err);
2094 }
e90bac06 2095
18a48e76 2096 bt_cb(skb)->control.fcs = chan->fcs;
3ce3514f 2097 bt_cb(skb)->control.retries = 0;
1c2acffb 2098 return skb;
1da177e4
LT		 2099}
2100
94122bbe
MM		 2101static int l2cap_segment_sdu(struct l2cap_chan *chan,
2102 struct sk_buff_head *seg_queue,
2103 struct msghdr *msg, size_t len)
c74e560c 2104{
c74e560c 2105 struct sk_buff *skb;
94122bbe
MM		 2106 u16 sdu_len;
2107 size_t pdu_len;
2108 int err = 0;
2109 u8 sar;
c74e560c 2110
94122bbe 2111 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len);
c74e560c 2112
94122bbe
MM		 2113 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2114 * so fragmented skbs are not used. The HCI layer's handling
2115 * of fragmented skbs is not compatible with ERTM's queueing.
2116 */
c74e560c 2117
94122bbe
MM		 2118 /* PDU size is derived from the HCI MTU */
2119 pdu_len = chan->conn->mtu;
c74e560c 2120
94122bbe
MM		 2121 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
2122
2123 /* Adjust for largest possible L2CAP overhead. */
2124 pdu_len -= L2CAP_EXT_HDR_SIZE + L2CAP_FCS_SIZE;
2125
2126 /* Remote device may have requested smaller PDUs */
2127 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2128
2129 if (len <= pdu_len) {
2130 sar = L2CAP_SAR_UNSEGMENTED;
2131 sdu_len = 0;
2132 pdu_len = len;
2133 } else {
2134 sar = L2CAP_SAR_START;
2135 sdu_len = len;
2136 pdu_len -= L2CAP_SDULEN_SIZE;
2137 }
2138
2139 while (len > 0) {
2140 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
c74e560c 2141
c74e560c 2142 if (IS_ERR(skb)) {
94122bbe 2143 __skb_queue_purge(seg_queue);
c74e560c
GP		 2144 return PTR_ERR(skb);
2145 }
2146
94122bbe
MM		 2147 bt_cb(skb)->control.sar = sar;
2148 __skb_queue_tail(seg_queue, skb);
2149
2150 len -= pdu_len;
2151 if (sdu_len) {
2152 sdu_len = 0;
2153 pdu_len += L2CAP_SDULEN_SIZE;
2154 }
2155
2156 if (len <= pdu_len) {
2157 sar = L2CAP_SAR_END;
2158 pdu_len = len;
2159 } else {
2160 sar = L2CAP_SAR_CONTINUE;
2161 }
c74e560c 2162 }
c74e560c 2163
94122bbe 2164 return err;
c74e560c
GP		 2165}
2166
5e59b791
LAD		 2167int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2168 u32 priority)
9a91a04a 2169{
9a91a04a 2170 struct sk_buff *skb;
9a91a04a 2171 int err;
94122bbe 2172 struct sk_buff_head seg_queue;
9a91a04a
GP		 2173
2174 /* Connectionless channel */
715ec005 2175 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 2176 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 2177 if (IS_ERR(skb))
2178 return PTR_ERR(skb);
2179
2180 l2cap_do_send(chan, skb);
2181 return len;
2182 }
2183
2184 switch (chan->mode) {
2185 case L2CAP_MODE_BASIC:
2186 /* Check outgoing MTU */
2187 if (len > chan->omtu)
2188 return -EMSGSIZE;
2189
2190 /* Create a basic PDU */
5e59b791 2191 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 2192 if (IS_ERR(skb))
2193 return PTR_ERR(skb);
2194
2195 l2cap_do_send(chan, skb);
2196 err = len;
2197 break;
2198
2199 case L2CAP_MODE_ERTM:
2200 case L2CAP_MODE_STREAMING:
94122bbe
MM		 2201 /* Check outgoing MTU */
2202 if (len > chan->omtu) {
2203 err = -EMSGSIZE;
2204 break;
2205 }
9a91a04a 2206
94122bbe 2207 __skb_queue_head_init(&seg_queue);
9a91a04a 2208
94122bbe
MM		 2209 /* Do segmentation before calling in to the state machine,
2210 * since it's possible to block while waiting for memory
2211 * allocation.
2212 */
2213 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
9a91a04a 2214
94122bbe
MM		 2215 /* The channel could have been closed while segmenting,
2216 * check that it is still connected.
2217 */
2218 if (chan->state != BT_CONNECTED) {
2219 __skb_queue_purge(&seg_queue);
2220 err = -ENOTCONN;
9a91a04a
GP		 2221 }
2222
94122bbe 2223 if (err)
9a91a04a 2224 break;
9a91a04a 2225
3733937d 2226 if (chan->mode == L2CAP_MODE_ERTM)
608bcc6d
MM		 2227 err = l2cap_tx(chan, 0, &seg_queue,
2228 L2CAP_EV_DATA_REQUEST);
3733937d
MM		 2229 else
2230 err = l2cap_streaming_send(chan, &seg_queue);
9a91a04a 2231
608bcc6d 2232 if (!err)
9a91a04a
GP		 2233 err = len;
2234
94122bbe
MM		 2235 /* If the skbs were not queued for sending, they'll still be in
2236 * seg_queue and need to be purged.
2237 */
2238 __skb_queue_purge(&seg_queue);
9a91a04a
GP		 2239 break;
2240
2241 default:
2242 BT_DBG("bad state %1.1x", chan->mode);
2243 err = -EBADFD;
2244 }
2245
2246 return err;
2247}
2248
d2a7ac5d
MM		 2249static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2250{
bed68bde
MM		 2251 struct l2cap_ctrl control;
2252 u16 seq;
2253
2254 BT_DBG("chan %p, txseq %d", chan, txseq);
2255
2256 memset(&control, 0, sizeof(control));
2257 control.sframe = 1;
2258 control.super = L2CAP_SUPER_SREJ;
2259
2260 for (seq = chan->expected_tx_seq; seq != txseq;
2261 seq = __next_seq(chan, seq)) {
2262 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) {
2263 control.reqseq = seq;
2264 l2cap_send_sframe(chan, &control);
2265 l2cap_seq_list_append(&chan->srej_list, seq);
2266 }
2267 }
2268
2269 chan->expected_tx_seq = __next_seq(chan, txseq);
d2a7ac5d
MM		 2270}
2271
2272static void l2cap_send_srej_tail(struct l2cap_chan *chan)
2273{
bed68bde
MM		 2274 struct l2cap_ctrl control;
2275
2276 BT_DBG("chan %p", chan);
2277
2278 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR)
2279 return;
2280
2281 memset(&control, 0, sizeof(control));
2282 control.sframe = 1;
2283 control.super = L2CAP_SUPER_SREJ;
2284 control.reqseq = chan->srej_list.tail;
2285 l2cap_send_sframe(chan, &control);
d2a7ac5d
MM		 2286}
2287
2288static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2289{
bed68bde
MM		 2290 struct l2cap_ctrl control;
2291 u16 initial_head;
2292 u16 seq;
2293
2294 BT_DBG("chan %p, txseq %d", chan, txseq);
2295
2296 memset(&control, 0, sizeof(control));
2297 control.sframe = 1;
2298 control.super = L2CAP_SUPER_SREJ;
2299
2300 /* Capture initial list head to allow only one pass through the list. */
2301 initial_head = chan->srej_list.head;
2302
2303 do {
2304 seq = l2cap_seq_list_pop(&chan->srej_list);
2305 if (seq == txseq || seq == L2CAP_SEQ_LIST_CLEAR)
2306 break;
2307
2308 control.reqseq = seq;
2309 l2cap_send_sframe(chan, &control);
2310 l2cap_seq_list_append(&chan->srej_list, seq);
2311 } while (chan->srej_list.head != initial_head);
d2a7ac5d
MM		 2312}
2313
608bcc6d
MM		 2314static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2315{
2316 struct sk_buff *acked_skb;
2317 u16 ackseq;
2318
2319 BT_DBG("chan %p, reqseq %d", chan, reqseq);
2320
2321 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2322 return;
2323
2324 BT_DBG("expected_ack_seq %d, unacked_frames %d",
2325 chan->expected_ack_seq, chan->unacked_frames);
2326
2327 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2328 ackseq = __next_seq(chan, ackseq)) {
2329
2330 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2331 if (acked_skb) {
2332 skb_unlink(acked_skb, &chan->tx_q);
2333 kfree_skb(acked_skb);
2334 chan->unacked_frames--;
2335 }
2336 }
2337
2338 chan->expected_ack_seq = reqseq;
2339
2340 if (chan->unacked_frames == 0)
2341 __clear_retrans_timer(chan);
2342
2343 BT_DBG("unacked_frames %d", (int) chan->unacked_frames);
2344}
2345
2346static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2347{
2348 BT_DBG("chan %p", chan);
2349
2350 chan->expected_tx_seq = chan->buffer_seq;
2351 l2cap_seq_list_clear(&chan->srej_list);
2352 skb_queue_purge(&chan->srej_q);
2353 chan->rx_state = L2CAP_RX_STATE_RECV;
2354}
2355
2356static int l2cap_tx_state_xmit(struct l2cap_chan *chan,
2357 struct l2cap_ctrl *control,
2358 struct sk_buff_head *skbs, u8 event)
2359{
2360 int err = 0;
2361
2362 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2363 event);
2364
2365 switch (event) {
2366 case L2CAP_EV_DATA_REQUEST:
2367 if (chan->tx_send_head == NULL)
2368 chan->tx_send_head = skb_peek(skbs);
2369
2370 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2371 l2cap_ertm_send(chan);
2372 break;
2373 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2374 BT_DBG("Enter LOCAL_BUSY");
2375 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2376
2377 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2378 /* The SREJ_SENT state must be aborted if we are to
2379 * enter the LOCAL_BUSY state.
2380 */
2381 l2cap_abort_rx_srej_sent(chan);
2382 }
2383
2384 l2cap_send_ack(chan);
2385
2386 break;
2387 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2388 BT_DBG("Exit LOCAL_BUSY");
2389 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2390
2391 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2392 struct l2cap_ctrl local_control;
2393
2394 memset(&local_control, 0, sizeof(local_control));
2395 local_control.sframe = 1;
2396 local_control.super = L2CAP_SUPER_RR;
2397 local_control.poll = 1;
2398 local_control.reqseq = chan->buffer_seq;
a67d7f6f 2399 l2cap_send_sframe(chan, &local_control);
608bcc6d
MM		 2400
2401 chan->retry_count = 1;
2402 __set_monitor_timer(chan);
2403 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2404 }
2405 break;
2406 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2407 l2cap_process_reqseq(chan, control->reqseq);
2408 break;
2409 case L2CAP_EV_EXPLICIT_POLL:
2410 l2cap_send_rr_or_rnr(chan, 1);
2411 chan->retry_count = 1;
2412 __set_monitor_timer(chan);
2413 __clear_ack_timer(chan);
2414 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2415 break;
2416 case L2CAP_EV_RETRANS_TO:
2417 l2cap_send_rr_or_rnr(chan, 1);
2418 chan->retry_count = 1;
2419 __set_monitor_timer(chan);
2420 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2421 break;
2422 case L2CAP_EV_RECV_FBIT:
2423 /* Nothing to process */
2424 break;
2425 default:
2426 break;
2427 }
2428
2429 return err;
2430}
2431
2432static int l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2433 struct l2cap_ctrl *control,
2434 struct sk_buff_head *skbs, u8 event)
2435{
2436 int err = 0;
2437
2438 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2439 event);
2440
2441 switch (event) {
2442 case L2CAP_EV_DATA_REQUEST:
2443 if (chan->tx_send_head == NULL)
2444 chan->tx_send_head = skb_peek(skbs);
2445 /* Queue data, but don't send. */
2446 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2447 break;
2448 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2449 BT_DBG("Enter LOCAL_BUSY");
2450 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2451
2452 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2453 /* The SREJ_SENT state must be aborted if we are to
2454 * enter the LOCAL_BUSY state.
2455 */
2456 l2cap_abort_rx_srej_sent(chan);
2457 }
2458
2459 l2cap_send_ack(chan);
2460
2461 break;
2462 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2463 BT_DBG("Exit LOCAL_BUSY");
2464 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2465
2466 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2467 struct l2cap_ctrl local_control;
2468 memset(&local_control, 0, sizeof(local_control));
2469 local_control.sframe = 1;
2470 local_control.super = L2CAP_SUPER_RR;
2471 local_control.poll = 1;
2472 local_control.reqseq = chan->buffer_seq;
a67d7f6f 2473 l2cap_send_sframe(chan, &local_control);
608bcc6d
MM		 2474
2475 chan->retry_count = 1;
2476 __set_monitor_timer(chan);
2477 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2478 }
2479 break;
2480 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2481 l2cap_process_reqseq(chan, control->reqseq);
2482
2483 /* Fall through */
2484
2485 case L2CAP_EV_RECV_FBIT:
2486 if (control && control->final) {
2487 __clear_monitor_timer(chan);
2488 if (chan->unacked_frames > 0)
2489 __set_retrans_timer(chan);
2490 chan->retry_count = 0;
2491 chan->tx_state = L2CAP_TX_STATE_XMIT;
2492 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2493 }
2494 break;
2495 case L2CAP_EV_EXPLICIT_POLL:
2496 /* Ignore */
2497 break;
2498 case L2CAP_EV_MONITOR_TO:
2499 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2500 l2cap_send_rr_or_rnr(chan, 1);
2501 __set_monitor_timer(chan);
2502 chan->retry_count++;
2503 } else {
2504 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
2505 }
2506 break;
2507 default:
2508 break;
2509 }
2510
2511 return err;
2512}
2513
2514static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2515 struct sk_buff_head *skbs, u8 event)
2516{
2517 int err = 0;
2518
2519 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2520 chan, control, skbs, event, chan->tx_state);
2521
2522 switch (chan->tx_state) {
2523 case L2CAP_TX_STATE_XMIT:
2524 err = l2cap_tx_state_xmit(chan, control, skbs, event);
2525 break;
2526 case L2CAP_TX_STATE_WAIT_F:
2527 err = l2cap_tx_state_wait_f(chan, control, skbs, event);
2528 break;
2529 default:
2530 /* Ignore event */
2531 break;
2532 }
2533
2534 return err;
2535}
2536
4b51dae9
MM		 2537static void l2cap_pass_to_tx(struct l2cap_chan *chan,
2538 struct l2cap_ctrl *control)
2539{
2540 BT_DBG("chan %p, control %p", chan, control);
2541 l2cap_tx(chan, control, 0, L2CAP_EV_RECV_REQSEQ_AND_FBIT);
2542}
2543
f80842a8
MM		 2544static void l2cap_pass_to_tx_fbit(struct l2cap_chan *chan,
2545 struct l2cap_ctrl *control)
2546{
2547 BT_DBG("chan %p, control %p", chan, control);
2548 l2cap_tx(chan, control, 0, L2CAP_EV_RECV_FBIT);
2549}
2550
1da177e4
LT		 2551/* Copy frame to all raw sockets on that connection */
2552static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2553{
1da177e4 2554 struct sk_buff *nskb;
48454079 2555 struct l2cap_chan *chan;
1da177e4
LT		 2556
2557 BT_DBG("conn %p", conn);
2558
3df91ea2 2559 mutex_lock(&conn->chan_lock);
3d57dc68 2560
3df91ea2 2561 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 2562 struct sock *sk = chan->sk;
715ec005 2563 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 2564 continue;
2565
2566 /* Don't send frame to the socket it came from */
2567 if (skb->sk == sk)
2568 continue;
af05b30b
GP		 2569 nskb = skb_clone(skb, GFP_ATOMIC);
2570 if (!nskb)
1da177e4
LT		 2571 continue;
2572
23070494 2573 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 2574 kfree_skb(nskb);
2575 }
3d57dc68 2576
3df91ea2 2577 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2578}
2579
2580/* ---- L2CAP signalling commands ---- */
2581static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2582 u8 code, u8 ident, u16 dlen, void *data)
2583{
2584 struct sk_buff *skb, **frag;
2585 struct l2cap_cmd_hdr *cmd;
2586 struct l2cap_hdr *lh;
2587 int len, count;
2588
af05b30b
GP		 2589 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2590 conn, code, ident, dlen);
1da177e4
LT		 2591
2592 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2593 count = min_t(unsigned int, conn->mtu, len);
2594
2595 skb = bt_skb_alloc(count, GFP_ATOMIC);
2596 if (!skb)
2597 return NULL;
2598
2599 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 2600 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 2601
2602 if (conn->hcon->type == LE_LINK)
2603 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
2604 else
2605 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 2606
2607 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2608 cmd->code = code;
2609 cmd->ident = ident;
aca3192c 2610 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 2611
2612 if (dlen) {
2613 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2614 memcpy(skb_put(skb, count), data, count);
2615 data += count;
2616 }
2617
2618 len -= skb->len;
2619
2620 /* Continuation fragments (no L2CAP header) */
2621 frag = &skb_shinfo(skb)->frag_list;
2622 while (len) {
2623 count = min_t(unsigned int, conn->mtu, len);
2624
2625 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2626 if (!*frag)
2627 goto fail;
2628
2629 memcpy(skb_put(*frag, count), data, count);
2630
2631 len -= count;
2632 data += count;
2633
2634 frag = &(*frag)->next;
2635 }
2636
2637 return skb;
2638
2639fail:
2640 kfree_skb(skb);
2641 return NULL;
2642}
2643
2644static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2645{
2646 struct l2cap_conf_opt *opt = *ptr;
2647 int len;
2648
2649 len = L2CAP_CONF_OPT_SIZE + opt->len;
2650 *ptr += len;
2651
2652 *type = opt->type;
2653 *olen = opt->len;
2654
2655 switch (opt->len) {
2656 case 1:
2657 *val = *((u8 *) opt->val);
2658 break;
2659
2660 case 2:
bfaaeb3e 2661 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 2662 break;
2663
2664 case 4:
bfaaeb3e 2665 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 2666 break;
2667
2668 default:
2669 *val = (unsigned long) opt->val;
2670 break;
2671 }
2672
2673 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2674 return len;
2675}
2676
1da177e4
LT		 2677static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2678{
2679 struct l2cap_conf_opt *opt = *ptr;
2680
2681 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2682
2683 opt->type = type;
2684 opt->len = len;
2685
2686 switch (len) {
2687 case 1:
2688 *((u8 *) opt->val) = val;
2689 break;
2690
2691 case 2:
4f8b691c 2692 put_unaligned_le16(val, opt->val);
1da177e4
LT		 2693 break;
2694
2695 case 4:
4f8b691c 2696 put_unaligned_le32(val, opt->val);
1da177e4
LT		 2697 break;
2698
2699 default:
2700 memcpy(opt->val, (void *) val, len);
2701 break;
2702 }
2703
2704 *ptr += L2CAP_CONF_OPT_SIZE + len;
2705}
2706
f89cef09
AE		 2707static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2708{
2709 struct l2cap_conf_efs efs;
2710
1ec918ce 2711 switch (chan->mode) {
f89cef09
AE		 2712 case L2CAP_MODE_ERTM:
2713 efs.id = chan->local_id;
2714 efs.stype = chan->local_stype;
2715 efs.msdu = cpu_to_le16(chan->local_msdu);
2716 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2717 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2718 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2719 break;
2720
2721 case L2CAP_MODE_STREAMING:
2722 efs.id = 1;
2723 efs.stype = L2CAP_SERV_BESTEFFORT;
2724 efs.msdu = cpu_to_le16(chan->local_msdu);
2725 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2726 efs.acc_lat = 0;
2727 efs.flush_to = 0;
2728 break;
2729
2730 default:
2731 return;
2732 }
2733
2734 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2735 (unsigned long) &efs);
2736}
2737
721c4181 2738static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2739{
721c4181
GP		 2740 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2741 ack_timer.work);
c1b4f43b 2742
2fb9b3d4
GP		 2743 BT_DBG("chan %p", chan);
2744
6be36555
AE		 2745 l2cap_chan_lock(chan);
2746
0a0aba42 2747 l2cap_send_ack(chan);
6be36555
AE		 2748
2749 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2750
2751 l2cap_chan_put(chan);
c1b4f43b
GP		 2752}
2753
3c588192 2754static inline int l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2755{
3c588192
MM		 2756 int err;
2757
105bdf9e
MM		 2758 chan->next_tx_seq = 0;
2759 chan->expected_tx_seq = 0;
42e5c802 2760 chan->expected_ack_seq = 0;
6a026610 2761 chan->unacked_frames = 0;
42e5c802 2762 chan->buffer_seq = 0;
6a026610 2763 chan->frames_sent = 0;
105bdf9e
MM		 2764 chan->last_acked_seq = 0;
2765 chan->sdu = NULL;
2766 chan->sdu_last_frag = NULL;
2767 chan->sdu_len = 0;
2768
d34c34fb
MM		 2769 skb_queue_head_init(&chan->tx_q);
2770
105bdf9e
MM		 2771 if (chan->mode != L2CAP_MODE_ERTM)
2772 return 0;
2773
2774 chan->rx_state = L2CAP_RX_STATE_RECV;
2775 chan->tx_state = L2CAP_TX_STATE_XMIT;
0565c1c2 2776
721c4181
GP		 2777 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2778 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2779 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2780
f1c6775b 2781 skb_queue_head_init(&chan->srej_q);
1890d36b 2782
3c588192
MM		 2783 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
2784 if (err < 0)
2785 return err;
2786
9dc9affc
MM		 2787 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
2788 if (err < 0)
2789 l2cap_seq_list_free(&chan->srej_list);
2790
2791 return err;
0565c1c2
GP		 2792}
2793
f2fcfcd6
GP		 2794static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2795{
2796 switch (mode) {
2797 case L2CAP_MODE_STREAMING:
2798 case L2CAP_MODE_ERTM:
2799 if (l2cap_mode_supported(mode, remote_feat_mask))
2800 return mode;
2801 /* fall through */
2802 default:
2803 return L2CAP_MODE_BASIC;
2804 }
2805}
2806
6327eb98
AE		 2807static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2808{
2809 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2810}
2811
f89cef09
AE		 2812static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2813{
2814 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2815}
2816
6327eb98
AE		 2817static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2818{
2819 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2820 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2821 /* use extended control field */
2822 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2823 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2824 } else {
6327eb98
AE		 2825 chan->tx_win = min_t(u16, chan->tx_win,
2826 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2827 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2828 }
6327eb98
AE		 2829}
2830
710f9b0a 2831static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2832{
1da177e4 2833 struct l2cap_conf_req *req = data;
0c1bc5c6 2834 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2835 void *ptr = req->data;
c8f79162 2836 u16 size;
1da177e4 2837
49208c9c 2838 BT_DBG("chan %p", chan);
1da177e4 2839
73ffa904 2840 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2841 goto done;
2842
0c1bc5c6 2843 switch (chan->mode) {
f2fcfcd6
GP		 2844 case L2CAP_MODE_STREAMING:
2845 case L2CAP_MODE_ERTM:
c1360a1c 2846 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2847 break;
85eb53c6 2848
f89cef09
AE		 2849 if (__l2cap_efs_supported(chan))
2850 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2851
2ba13ed6 2852 /* fall through */
f2fcfcd6 2853 default:
8c1d787b 2854 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2855 break;
2856 }
2857
2858done:
0c1bc5c6
GP		 2859 if (chan->imtu != L2CAP_DEFAULT_MTU)
2860 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2861
0c1bc5c6 2862 switch (chan->mode) {
65c7c491 2863 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2864 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2865 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2866 break;
2867
62547752
GP		 2868 rfc.mode = L2CAP_MODE_BASIC;
2869 rfc.txwin_size = 0;
2870 rfc.max_transmit = 0;
2871 rfc.retrans_timeout = 0;
2872 rfc.monitor_timeout = 0;
2873 rfc.max_pdu_size = 0;
2874
63406504
GP		 2875 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2876 (unsigned long) &rfc);
65c7c491
MH		 2877 break;
2878
2879 case L2CAP_MODE_ERTM:
2880 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2881 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2882 rfc.retrans_timeout = 0;
2883 rfc.monitor_timeout = 0;
c8f79162
AE		 2884
2885 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2886 L2CAP_EXT_HDR_SIZE -
2887 L2CAP_SDULEN_SIZE -
2888 L2CAP_FCS_SIZE);
2889 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2890
6327eb98
AE		 2891 l2cap_txwin_setup(chan);
2892
2893 rfc.txwin_size = min_t(u16, chan->tx_win,
2894 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2895
63406504
GP		 2896 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2897 (unsigned long) &rfc);
2898
f89cef09
AE		 2899 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2900 l2cap_add_opt_efs(&ptr, chan);
2901
8c1d787b 2902 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2903 break;
2904
47d1ec61 2905 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2906 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2907 chan->fcs = L2CAP_FCS_NONE;
2908 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2909 }
6327eb98
AE		 2910
2911 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2912 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2913 chan->tx_win);
f2fcfcd6
GP		 2914 break;
2915
2916 case L2CAP_MODE_STREAMING:
2917 rfc.mode = L2CAP_MODE_STREAMING;
2918 rfc.txwin_size = 0;
2919 rfc.max_transmit = 0;
2920 rfc.retrans_timeout = 0;
2921 rfc.monitor_timeout = 0;
c8f79162
AE		 2922
2923 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2924 L2CAP_EXT_HDR_SIZE -
2925 L2CAP_SDULEN_SIZE -
2926 L2CAP_FCS_SIZE);
2927 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2928
63406504
GP		 2929 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2930 (unsigned long) &rfc);
2931
f89cef09
AE		 2932 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2933 l2cap_add_opt_efs(&ptr, chan);
2934
8c1d787b 2935 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2936 break;
2937
47d1ec61 2938 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2939 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2940 chan->fcs = L2CAP_FCS_NONE;
2941 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2942 }
65c7c491
MH		 2943 break;
2944 }
1da177e4 2945
fe4128e0 2946 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2947 req->flags = cpu_to_le16(0);
1da177e4
LT		 2948
2949 return ptr - data;
2950}
2951
73ffa904 2952static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2953{
5dee9e7c
MH		 2954 struct l2cap_conf_rsp *rsp = data;
2955 void *ptr = rsp->data;
73ffa904
GP		 2956 void *req = chan->conf_req;
2957 int len = chan->conf_len;
5dee9e7c
MH		 2958 int type, hint, olen;
2959 unsigned long val;
6464f35f 2960 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2961 struct l2cap_conf_efs efs;
2962 u8 remote_efs = 0;
861d6882 2963 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2964 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2965 u16 size;
1da177e4 2966
73ffa904 2967 BT_DBG("chan %p", chan);
820ae1b8 2968
5dee9e7c
MH		 2969 while (len >= L2CAP_CONF_OPT_SIZE) {
2970 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2971
589d2746 2972 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2973 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2974
2975 switch (type) {
2976 case L2CAP_CONF_MTU:
861d6882 2977 mtu = val;
5dee9e7c
MH		 2978 break;
2979
2980 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2981 chan->flush_to = val;
5dee9e7c
MH		 2982 break;
2983
2984 case L2CAP_CONF_QOS:
2985 break;
2986
6464f35f
MH		 2987 case L2CAP_CONF_RFC:
2988 if (olen == sizeof(rfc))
2989 memcpy(&rfc, (void *) val, olen);
2990 break;
2991
fcc203c3
GP		 2992 case L2CAP_CONF_FCS:
2993 if (val == L2CAP_FCS_NONE)
c1360a1c 2994 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2995 break;
fcc203c3 2996
42dceae2
AE		 2997 case L2CAP_CONF_EFS:
2998 remote_efs = 1;
2999 if (olen == sizeof(efs))
3000 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 3001 break;
3002
6327eb98
AE		 3003 case L2CAP_CONF_EWS:
3004 if (!enable_hs)
3005 return -ECONNREFUSED;
fcc203c3 3006
6327eb98
AE		 3007 set_bit(FLAG_EXT_CTRL, &chan->flags);
3008 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 3009 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 3010 chan->remote_tx_win = val;
fcc203c3
GP		 3011 break;
3012
5dee9e7c
MH		 3013 default:
3014 if (hint)
3015 break;
3016
3017 result = L2CAP_CONF_UNKNOWN;
3018 *((u8 *) ptr++) = type;
3019 break;
3020 }
3021 }
3022
73ffa904 3023 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 3024 goto done;
3025
0c1bc5c6 3026 switch (chan->mode) {
f2fcfcd6
GP		 3027 case L2CAP_MODE_STREAMING:
3028 case L2CAP_MODE_ERTM:
c1360a1c 3029 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 3030 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 3031 chan->conn->feat_mask);
85eb53c6
GP		 3032 break;
3033 }
3034
42dceae2
AE		 3035 if (remote_efs) {
3036 if (__l2cap_efs_supported(chan))
3037 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3038 else
3039 return -ECONNREFUSED;
3040 }
3041
0c1bc5c6 3042 if (chan->mode != rfc.mode)
f2fcfcd6 3043 return -ECONNREFUSED;
742e519b 3044
f2fcfcd6 3045 break;
f2fcfcd6
GP		 3046 }
3047
3048done:
0c1bc5c6 3049 if (chan->mode != rfc.mode) {
f2fcfcd6 3050 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 3051 rfc.mode = chan->mode;
f2fcfcd6 3052
73ffa904 3053 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 3054 return -ECONNREFUSED;
3055
3056 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3057 sizeof(rfc), (unsigned long) &rfc);
3058 }
3059
5dee9e7c
MH		 3060 if (result == L2CAP_CONF_SUCCESS) {
3061 /* Configure output options and let the other side know
3062 * which ones we don't like. */
3063
f2fcfcd6
GP		 3064 if (mtu < L2CAP_DEFAULT_MIN_MTU)
3065 result = L2CAP_CONF_UNACCEPT;
3066 else {
0c1bc5c6 3067 chan->omtu = mtu;
c1360a1c 3068 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 3069 }
0c1bc5c6 3070 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 3071
42dceae2
AE		 3072 if (remote_efs) {
3073 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3074 efs.stype != L2CAP_SERV_NOTRAFIC &&
3075 efs.stype != chan->local_stype) {
3076
3077 result = L2CAP_CONF_UNACCEPT;
3078
3079 if (chan->num_conf_req >= 1)
3080 return -ECONNREFUSED;
3081
3082 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 3083 sizeof(efs),
42dceae2 3084 (unsigned long) &efs);
0e8b207e 3085 } else {
3e6b3b95 3086 /* Send PENDING Conf Rsp */
0e8b207e
AE		 3087 result = L2CAP_CONF_PENDING;
3088 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 3089 }
3090 }
3091
f2fcfcd6
GP		 3092 switch (rfc.mode) {
3093 case L2CAP_MODE_BASIC:
47d1ec61 3094 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 3095 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 3096 break;
3097
3098 case L2CAP_MODE_ERTM:
6327eb98
AE		 3099 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
3100 chan->remote_tx_win = rfc.txwin_size;
3101 else
3102 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 3103
2c03a7a4 3104 chan->remote_max_tx = rfc.max_transmit;
1c762159 3105
c8f79162
AE		 3106 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3107 chan->conn->mtu -
3108 L2CAP_EXT_HDR_SIZE -
3109 L2CAP_SDULEN_SIZE -
3110 L2CAP_FCS_SIZE);
3111 rfc.max_pdu_size = cpu_to_le16(size);
3112 chan->remote_mps = size;
f2fcfcd6 3113
10467e9e 3114 rfc.retrans_timeout =
4fd21a88 3115 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 3116 rfc.monitor_timeout =
4fd21a88 3117 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 3118
c1360a1c 3119 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 3120
3121 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3122 sizeof(rfc), (unsigned long) &rfc);
3123
42dceae2
AE		 3124 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3125 chan->remote_id = efs.id;
3126 chan->remote_stype = efs.stype;
3127 chan->remote_msdu = le16_to_cpu(efs.msdu);
3128 chan->remote_flush_to =
3129 le32_to_cpu(efs.flush_to);
3130 chan->remote_acc_lat =
3131 le32_to_cpu(efs.acc_lat);
3132 chan->remote_sdu_itime =
3133 le32_to_cpu(efs.sdu_itime);
3134 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3135 sizeof(efs), (unsigned long) &efs);
3136 }
f2fcfcd6
GP		 3137 break;
3138
3139 case L2CAP_MODE_STREAMING:
c8f79162
AE		 3140 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3141 chan->conn->mtu -
3142 L2CAP_EXT_HDR_SIZE -
3143 L2CAP_SDULEN_SIZE -
3144 L2CAP_FCS_SIZE);
3145 rfc.max_pdu_size = cpu_to_le16(size);
3146 chan->remote_mps = size;
f2fcfcd6 3147
c1360a1c 3148 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 3149
3150 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3151 sizeof(rfc), (unsigned long) &rfc);
3152
f2fcfcd6
GP		 3153 break;
3154
3155 default:
5dee9e7c 3156 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 3157
6464f35f 3158 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 3159 rfc.mode = chan->mode;
f2fcfcd6 3160 }
6464f35f 3161
f2fcfcd6 3162 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 3163 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 3164 }
fe4128e0 3165 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 3166 rsp->result = cpu_to_le16(result);
3167 rsp->flags = cpu_to_le16(0x0000);
3168
3169 return ptr - data;
1da177e4
LT		 3170}
3171
b4450035 3172static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 3173{
f2fcfcd6
GP		 3174 struct l2cap_conf_req *req = data;
3175 void *ptr = req->data;
3176 int type, olen;
3177 unsigned long val;
36e999a8 3178 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 3179 struct l2cap_conf_efs efs;
f2fcfcd6 3180
fe4128e0 3181 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 3182
3183 while (len >= L2CAP_CONF_OPT_SIZE) {
3184 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3185
3186 switch (type) {
3187 case L2CAP_CONF_MTU:
3188 if (val < L2CAP_DEFAULT_MIN_MTU) {
3189 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 3190 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 3191 } else
0c1bc5c6
GP		 3192 chan->imtu = val;
3193 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 3194 break;
3195
3196 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 3197 chan->flush_to = val;
f2fcfcd6 3198 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 3199 2, chan->flush_to);
f2fcfcd6
GP		 3200 break;
3201
3202 case L2CAP_CONF_RFC:
3203 if (olen == sizeof(rfc))
3204 memcpy(&rfc, (void *)val, olen);
3205
c1360a1c 3206 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 3207 rfc.mode != chan->mode)
f2fcfcd6
GP		 3208 return -ECONNREFUSED;
3209
47d1ec61 3210 chan->fcs = 0;
f2fcfcd6
GP		 3211
3212 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3213 sizeof(rfc), (unsigned long) &rfc);
3214 break;
6327eb98
AE		 3215
3216 case L2CAP_CONF_EWS:
3217 chan->tx_win = min_t(u16, val,
3218 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 3219 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3220 chan->tx_win);
6327eb98 3221 break;
66af7aaf
AE		 3222
3223 case L2CAP_CONF_EFS:
3224 if (olen == sizeof(efs))
3225 memcpy(&efs, (void *)val, olen);
3226
3227 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3228 efs.stype != L2CAP_SERV_NOTRAFIC &&
3229 efs.stype != chan->local_stype)
3230 return -ECONNREFUSED;
3231
3232 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3233 sizeof(efs), (unsigned long) &efs);
3234 break;
f2fcfcd6
GP		 3235 }
3236 }
3237
0c1bc5c6 3238 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 3239 return -ECONNREFUSED;
3240
0c1bc5c6 3241 chan->mode = rfc.mode;
6c2ea7a8 3242
0e8b207e 3243 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 3244 switch (rfc.mode) {
3245 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3246 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3247 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3248 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 3249
3250 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3251 chan->local_msdu = le16_to_cpu(efs.msdu);
3252 chan->local_sdu_itime =
3253 le32_to_cpu(efs.sdu_itime);
3254 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3255 chan->local_flush_to =
3256 le32_to_cpu(efs.flush_to);
3257 }
f2fcfcd6 3258 break;
66af7aaf 3259
f2fcfcd6 3260 case L2CAP_MODE_STREAMING:
47d1ec61 3261 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 3262 }
3263 }
3264
fe4128e0 3265 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 3266 req->flags = cpu_to_le16(0x0000);
3267
3268 return ptr - data;
3269}
3270
fe4128e0 3271static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 3272{
3273 struct l2cap_conf_rsp *rsp = data;
3274 void *ptr = rsp->data;
1da177e4 3275
fe4128e0 3276 BT_DBG("chan %p", chan);
1da177e4 3277
fe4128e0 3278 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 3279 rsp->result = cpu_to_le16(result);
aca3192c 3280 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 3281
3282 return ptr - data;
3283}
3284
8c1d787b 3285void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 3286{
3287 struct l2cap_conn_rsp rsp;
8c1d787b 3288 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 3289 u8 buf[128];
3290
fe4128e0
GP		 3291 rsp.scid = cpu_to_le16(chan->dcid);
3292 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 3293 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
3294 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3295 l2cap_send_cmd(conn, chan->ident,
3296 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3297
c1360a1c 3298 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 3299 return;
3300
710f9b0a
GP		 3301 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3302 l2cap_build_conf_req(chan, buf), buf);
3303 chan->num_conf_req++;
3304}
3305
47d1ec61 3306static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 3307{
7b1c0049
GP		 3308 int type, olen;
3309 unsigned long val;
3310 struct l2cap_conf_rfc rfc;
3311
47d1ec61 3312 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 3313
0c1bc5c6 3314 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 3315 return;
3316
3317 while (len >= L2CAP_CONF_OPT_SIZE) {
3318 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3319
3320 switch (type) {
3321 case L2CAP_CONF_RFC:
3322 if (olen == sizeof(rfc))
3323 memcpy(&rfc, (void *)val, olen);
3324 goto done;
3325 }
3326 }
3327
36e999a8
MM		 3328 /* Use sane default values in case a misbehaving remote device
3329 * did not send an RFC option.
3330 */
3331 rfc.mode = chan->mode;
3332 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3333 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3334 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3335
3336 BT_ERR("Expected RFC option was not found, using defaults");
3337
7b1c0049
GP		 3338done:
3339 switch (rfc.mode) {
3340 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3341 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3342 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3343 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3344 break;
3345 case L2CAP_MODE_STREAMING:
47d1ec61 3346 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3347 }
3348}
3349
4e8402a3
MH		 3350static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3351{
e2fd318e 3352 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 3353
e2fd318e 3354 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 3355 return 0;
3356
3357 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3358 cmd->ident == conn->info_ident) {
17cd3f37 3359 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 3360
3361 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3362 conn->info_ident = 0;
984947dc 3363
4e8402a3
MH		 3364 l2cap_conn_start(conn);
3365 }
3366
3367 return 0;
3368}
3369
1da177e4
LT		 3370static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3371{
1da177e4
LT		 3372 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3373 struct l2cap_conn_rsp rsp;
23691d75 3374 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 3375 struct sock *parent, *sk = NULL;
e7c29cb1 3376 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3377
3378 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 3379 __le16 psm = req->psm;
1da177e4 3380
097db76c 3381 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 3382
3383 /* Check if we have socket listening on psm */
c2287681 3384 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src, conn->dst);
23691d75 3385 if (!pchan) {
1da177e4
LT		 3386 result = L2CAP_CR_BAD_PSM;
3387 goto sendresp;
3388 }
3389
23691d75
GP		 3390 parent = pchan->sk;
3391
3df91ea2 3392 mutex_lock(&conn->chan_lock);
aa2ac881 3393 lock_sock(parent);
e0f0cb56 3394
e7c29cb1
MH		 3395 /* Check if the ACL is secure enough (if not SDP) */
3396 if (psm != cpu_to_le16(0x0001) &&
3397 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 3398 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 3399 result = L2CAP_CR_SEC_BLOCK;
3400 goto response;
3401 }
3402
1da177e4
LT		 3403 result = L2CAP_CR_NO_MEM;
3404
3405 /* Check for backlog size */
3406 if (sk_acceptq_is_full(parent)) {
8e87d142 3407 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 3408 goto response;
3409 }
3410
80808e43
GP		 3411 chan = pchan->ops->new_connection(pchan->data);
3412 if (!chan)
1da177e4
LT		 3413 goto response;
3414
80808e43
GP		 3415 sk = chan->sk;
3416
1da177e4 3417 /* Check if we already have channel with that dcid */
baa7e1fa 3418 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 3419 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 3420 chan->ops->close(chan->data);
1da177e4
LT		 3421 goto response;
3422 }
3423
3424 hci_conn_hold(conn->hcon);
3425
1da177e4
LT		 3426 bacpy(&bt_sk(sk)->src, conn->src);
3427 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 3428 chan->psm = psm;
3429 chan->dcid = scid;
1da177e4 3430
d1010240
GP		 3431 bt_accept_enqueue(parent, sk);
3432
6be36555 3433 __l2cap_chan_add(conn, chan);
48454079 3434
fe4128e0 3435 dcid = chan->scid;
1da177e4 3436
c9b66675 3437 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 3438
fc7f8a7e 3439 chan->ident = cmd->ident;
1da177e4 3440
984947dc 3441 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 3442 if (l2cap_chan_check_security(chan)) {
c5daa683 3443 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0e587be7 3444 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 3445 result = L2CAP_CR_PEND;
3446 status = L2CAP_CS_AUTHOR_PEND;
3447 parent->sk_data_ready(parent, 0);
3448 } else {
0e587be7 3449 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 3450 result = L2CAP_CR_SUCCESS;
3451 status = L2CAP_CS_NO_INFO;
3452 }
79d554a6 3453 } else {
0e587be7 3454 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3455 result = L2CAP_CR_PEND;
3456 status = L2CAP_CS_AUTHEN_PEND;
3457 }
3458 } else {
0e587be7 3459 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3460 result = L2CAP_CR_PEND;
3461 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3462 }
3463
1da177e4 3464response:
aa2ac881 3465 release_sock(parent);
3df91ea2 3466 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 3467
3468sendresp:
aca3192c
YH		 3469 rsp.scid = cpu_to_le16(scid);
3470 rsp.dcid = cpu_to_le16(dcid);
3471 rsp.result = cpu_to_le16(result);
3472 rsp.status = cpu_to_le16(status);
1da177e4 3473 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 3474
3475 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3476 struct l2cap_info_req info;
3477 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3478
3479 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3480 conn->info_ident = l2cap_get_ident(conn);
3481
ba13ccd9 3482 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 3483
3484 l2cap_send_cmd(conn, conn->info_ident,
3485 L2CAP_INFO_REQ, sizeof(info), &info);
3486 }
3487
c1360a1c 3488 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 3489 result == L2CAP_CR_SUCCESS) {
3490 u8 buf[128];
c1360a1c 3491 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 3492 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3493 l2cap_build_conf_req(chan, buf), buf);
3494 chan->num_conf_req++;
e9aeb2dd
GP		 3495 }
3496
1da177e4
LT		 3497 return 0;
3498}
3499
3500static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3501{
3502 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3503 u16 scid, dcid, result, status;
48454079 3504 struct l2cap_chan *chan;
1da177e4 3505 u8 req[128];
3df91ea2 3506 int err;
1da177e4
LT		 3507
3508 scid = __le16_to_cpu(rsp->scid);
3509 dcid = __le16_to_cpu(rsp->dcid);
3510 result = __le16_to_cpu(rsp->result);
3511 status = __le16_to_cpu(rsp->status);
3512
1b009c98
AE		 3513 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3514 dcid, scid, result, status);
1da177e4 3515
3df91ea2
AE		 3516 mutex_lock(&conn->chan_lock);
3517
1da177e4 3518 if (scid) {
3df91ea2
AE		 3519 chan = __l2cap_get_chan_by_scid(conn, scid);
3520 if (!chan) {
3521 err = -EFAULT;
3522 goto unlock;
3523 }
1da177e4 3524 } else {
3df91ea2
AE		 3525 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3526 if (!chan) {
3527 err = -EFAULT;
3528 goto unlock;
3529 }
1da177e4
LT		 3530 }
3531
3df91ea2
AE		 3532 err = 0;
3533
6be36555 3534 l2cap_chan_lock(chan);
48454079 3535
1da177e4
LT		 3536 switch (result) {
3537 case L2CAP_CR_SUCCESS:
89bc500e 3538 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 3539 chan->ident = 0;
fe4128e0 3540 chan->dcid = dcid;
c1360a1c 3541 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 3542
c1360a1c 3543 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 3544 break;
3545
1da177e4 3546 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3547 l2cap_build_conf_req(chan, req), req);
3548 chan->num_conf_req++;
1da177e4
LT		 3549 break;
3550
3551 case L2CAP_CR_PEND:
c1360a1c 3552 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 3553 break;
3554
3555 default:
48454079 3556 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 3557 break;
3558 }
3559
6be36555 3560 l2cap_chan_unlock(chan);
3df91ea2
AE		 3561
3562unlock:
3563 mutex_unlock(&conn->chan_lock);
3564
3565 return err;
1da177e4
LT		 3566}
3567
47d1ec61 3568static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 3569{
3570 /* FCS is enabled only in ERTM or streaming mode, if one or both
3571 * sides request it.
3572 */
0c1bc5c6 3573 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 3574 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 3575 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 3576 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 3577}
3578
88219a0f 3579static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 3580{
3581 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3582 u16 dcid, flags;
3583 u8 rsp[64];
48454079 3584 struct l2cap_chan *chan;
3c588192 3585 int len, err = 0;
1da177e4
LT		 3586
3587 dcid = __le16_to_cpu(req->dcid);
3588 flags = __le16_to_cpu(req->flags);
3589
3590 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3591
baa7e1fa 3592 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 3593 if (!chan)
1da177e4
LT		 3594 return -ENOENT;
3595
033b1142 3596 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 3597 struct l2cap_cmd_rej_cid rej;
3598
3599 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
3600 rej.scid = cpu_to_le16(chan->scid);
3601 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 3602
df6bd743
GP		 3603 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3604 sizeof(rej), &rej);
354f60a9 3605 goto unlock;
df6bd743 3606 }
354f60a9 3607
5dee9e7c 3608 /* Reject if config buffer is too small. */
88219a0f 3609 len = cmd_len - sizeof(*req);
7ac28817 3610 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 3611 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3612 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 3613 L2CAP_CONF_REJECT, flags), rsp);
3614 goto unlock;
3615 }
3616
3617 /* Store config. */
73ffa904
GP		 3618 memcpy(chan->conf_req + chan->conf_len, req->data, len);
3619 chan->conf_len += len;
1da177e4
LT		 3620
3621 if (flags & 0x0001) {
3622 /* Incomplete config. Send empty response. */
3623 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3624 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 3625 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 3626 goto unlock;
3627 }
3628
3629 /* Complete config. */
73ffa904 3630 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 3631 if (len < 0) {
e92c8e70 3632 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 3633 goto unlock;
f2fcfcd6 3634 }
1da177e4 3635
5dee9e7c 3636 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 3637 chan->num_conf_rsp++;
5dee9e7c 3638
5dee9e7c 3639 /* Reset config buffer. */
73ffa904 3640 chan->conf_len = 0;
5dee9e7c 3641
c1360a1c 3642 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 3643 goto unlock;
3644
c1360a1c 3645 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 3646 set_default_fcs(chan);
fcc203c3 3647
89bc500e 3648 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 3649
105bdf9e
MM		 3650 if (chan->mode == L2CAP_MODE_ERTM ||
3651 chan->mode == L2CAP_MODE_STREAMING)
3c588192
MM		 3652 err = l2cap_ertm_init(chan);
3653
3654 if (err < 0)
3655 l2cap_send_disconn_req(chan->conn, chan, -err);
3656 else
3657 l2cap_chan_ready(chan);
0565c1c2 3658
876d9484
MH		 3659 goto unlock;
3660 }
3661
c1360a1c 3662 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 3663 u8 buf[64];
1da177e4 3664 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3665 l2cap_build_conf_req(chan, buf), buf);
3666 chan->num_conf_req++;
1da177e4
LT		 3667 }
3668
0e8b207e
AE		 3669 /* Got Conf Rsp PENDING from remote side and asume we sent
3670 Conf Rsp PENDING in the code above */
3671 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3672 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3673
3674 /* check compatibility */
3675
3676 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3677 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3678
3679 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3680 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 3681 L2CAP_CONF_SUCCESS, 0x0000), rsp);
3682 }
3683
1da177e4 3684unlock:
6be36555 3685 l2cap_chan_unlock(chan);
3c588192 3686 return err;
1da177e4
LT		 3687}
3688
3689static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3690{
3691 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3692 u16 scid, flags, result;
48454079 3693 struct l2cap_chan *chan;
61386cba 3694 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
3c588192 3695 int err = 0;
1da177e4
LT		 3696
3697 scid = __le16_to_cpu(rsp->scid);
3698 flags = __le16_to_cpu(rsp->flags);
3699 result = __le16_to_cpu(rsp->result);
3700
61386cba
AE		 3701 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
3702 result, len);
1da177e4 3703
baa7e1fa 3704 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 3705 if (!chan)
1da177e4
LT		 3706 return 0;
3707
3708 switch (result) {
3709 case L2CAP_CONF_SUCCESS:
47d1ec61 3710 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 3711 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 3712 break;
3713
0e8b207e
AE		 3714 case L2CAP_CONF_PENDING:
3715 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
3716
3717 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3718 char buf[64];
3719
3720 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3721 buf, &result);
3722 if (len < 0) {
3723 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3724 goto done;
3725 }
3726
3727 /* check compatibility */
3728
3729 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3730 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3731
3732 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3733 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3734 L2CAP_CONF_SUCCESS, 0x0000), buf);
3735 }
3736 goto done;
3737
1da177e4 3738 case L2CAP_CONF_UNACCEPT:
73ffa904 3739 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3740 char req[64];
3741
c2c77ec8 3742 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3743 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3744 goto done;
3745 }
3746
f2fcfcd6
GP		 3747 /* throw out any old stored conf requests */
3748 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3749 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3750 req, &result);
f2fcfcd6 3751 if (len < 0) {
e92c8e70 3752 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3753 goto done;
3754 }
3755
3756 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3757 L2CAP_CONF_REQ, len, req);
73ffa904 3758 chan->num_conf_req++;
f2fcfcd6
GP		 3759 if (result != L2CAP_CONF_SUCCESS)
3760 goto done;
3761 break;
1da177e4
LT		 3762 }
3763
8e87d142 3764 default:
6be36555 3765 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3766
ba13ccd9 3767 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3768 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3769 goto done;
3770 }
3771
3772 if (flags & 0x01)
3773 goto done;
3774
c1360a1c 3775 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3776
c1360a1c 3777 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3778 set_default_fcs(chan);
fcc203c3 3779
89bc500e 3780 l2cap_state_change(chan, BT_CONNECTED);
105bdf9e
MM		 3781 if (chan->mode == L2CAP_MODE_ERTM ||
3782 chan->mode == L2CAP_MODE_STREAMING)
3c588192 3783 err = l2cap_ertm_init(chan);
0565c1c2 3784
3c588192
MM		 3785 if (err < 0)
3786 l2cap_send_disconn_req(chan->conn, chan, -err);
3787 else
3788 l2cap_chan_ready(chan);
1da177e4
LT		 3789 }
3790
3791done:
6be36555 3792 l2cap_chan_unlock(chan);
3c588192 3793 return err;
1da177e4
LT		 3794}
3795
3796static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3797{
3798 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3799 struct l2cap_disconn_rsp rsp;
3800 u16 dcid, scid;
48454079 3801 struct l2cap_chan *chan;
1da177e4
LT		 3802 struct sock *sk;
3803
3804 scid = __le16_to_cpu(req->scid);
3805 dcid = __le16_to_cpu(req->dcid);
3806
3807 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3808
3df91ea2
AE		 3809 mutex_lock(&conn->chan_lock);
3810
3811 chan = __l2cap_get_chan_by_scid(conn, dcid);
3812 if (!chan) {
3813 mutex_unlock(&conn->chan_lock);
1da177e4 3814 return 0;
3df91ea2 3815 }
1da177e4 3816
6be36555
AE		 3817 l2cap_chan_lock(chan);
3818
48454079
GP		 3819 sk = chan->sk;
3820
fe4128e0
GP		 3821 rsp.dcid = cpu_to_le16(chan->scid);
3822 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3823 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3824
6be36555 3825 lock_sock(sk);
1da177e4 3826 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3827 release_sock(sk);
1da177e4 3828
61d6ef3e 3829 l2cap_chan_hold(chan);
48454079 3830 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3831
3832 l2cap_chan_unlock(chan);
1da177e4 3833
ba3bd0ee 3834 chan->ops->close(chan->data);
61d6ef3e 3835 l2cap_chan_put(chan);
3df91ea2
AE		 3836
3837 mutex_unlock(&conn->chan_lock);
3838
1da177e4
LT		 3839 return 0;
3840}
3841
3842static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3843{
3844 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3845 u16 dcid, scid;
48454079 3846 struct l2cap_chan *chan;
1da177e4
LT		 3847
3848 scid = __le16_to_cpu(rsp->scid);
3849 dcid = __le16_to_cpu(rsp->dcid);
3850
3851 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3852
3df91ea2
AE		 3853 mutex_lock(&conn->chan_lock);
3854
3855 chan = __l2cap_get_chan_by_scid(conn, scid);
3856 if (!chan) {
3857 mutex_unlock(&conn->chan_lock);
1da177e4 3858 return 0;
3df91ea2 3859 }
1da177e4 3860
6be36555 3861 l2cap_chan_lock(chan);
48454079 3862
61d6ef3e 3863 l2cap_chan_hold(chan);
48454079 3864 l2cap_chan_del(chan, 0);
6be36555
AE		 3865
3866 l2cap_chan_unlock(chan);
1da177e4 3867
ba3bd0ee 3868 chan->ops->close(chan->data);
61d6ef3e 3869 l2cap_chan_put(chan);
3df91ea2
AE		 3870
3871 mutex_unlock(&conn->chan_lock);
3872
1da177e4
LT		 3873 return 0;
3874}
3875
3876static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3877{
3878 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3879 u16 type;
3880
3881 type = __le16_to_cpu(req->type);
3882
3883 BT_DBG("type 0x%4.4x", type);
3884
f0709e03
MH		 3885 if (type == L2CAP_IT_FEAT_MASK) {
3886 u8 buf[8];
44dd46de 3887 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3888 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3889 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3890 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3891 if (!disable_ertm)
fcc203c3
GP		 3892 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3893 | L2CAP_FEAT_FCS;
a5fd6f30 3894 if (enable_hs)
6327eb98
AE		 3895 feat_mask |= L2CAP_FEAT_EXT_FLOW
3896 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3897
1b7bf4ed 3898 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3899 l2cap_send_cmd(conn, cmd->ident,
3900 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3901 } else if (type == L2CAP_IT_FIXED_CHAN) {
3902 u8 buf[12];
3903 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3904
3905 if (enable_hs)
3906 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3907 else
3908 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3909
e1027a7c
MH		 3910 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3911 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3912 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3913 l2cap_send_cmd(conn, cmd->ident,
3914 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3915 } else {
3916 struct l2cap_info_rsp rsp;
3917 rsp.type = cpu_to_le16(type);
3918 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3919 l2cap_send_cmd(conn, cmd->ident,
3920 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3921 }
1da177e4
LT		 3922
3923 return 0;
3924}
3925
3926static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3927{
3928 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3929 u16 type, result;
3930
3931 type = __le16_to_cpu(rsp->type);
3932 result = __le16_to_cpu(rsp->result);
3933
3934 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3935
e90165be
AE		 3936 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3937 if (cmd->ident != conn->info_ident ||
3938 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3939 return 0;
3940
17cd3f37 3941 cancel_delayed_work(&conn->info_timer);
4e8402a3 3942
adb08ede
VT		 3943 if (result != L2CAP_IR_SUCCESS) {
3944 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3945 conn->info_ident = 0;
3946
3947 l2cap_conn_start(conn);
3948
3949 return 0;
3950 }
3951
978c93b9
AE		 3952 switch (type) {
3953 case L2CAP_IT_FEAT_MASK:
83985319 3954 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3955
47ec1dcd 3956 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3957 struct l2cap_info_req req;
3958 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3959
3960 conn->info_ident = l2cap_get_ident(conn);
3961
3962 l2cap_send_cmd(conn, conn->info_ident,
3963 L2CAP_INFO_REQ, sizeof(req), &req);
3964 } else {
3965 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3966 conn->info_ident = 0;
3967
3968 l2cap_conn_start(conn);
3969 }
978c93b9
AE		 3970 break;
3971
3972 case L2CAP_IT_FIXED_CHAN:
3973 conn->fixed_chan_mask = rsp->data[0];
984947dc 3974 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3975 conn->info_ident = 0;
984947dc
MH		 3976
3977 l2cap_conn_start(conn);
978c93b9 3978 break;
984947dc 3979 }
4e8402a3 3980
1da177e4
LT		 3981 return 0;
3982}
3983
f94ff6ff
MM		 3984static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3985 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3986 void *data)
3987{
3988 struct l2cap_create_chan_req *req = data;
3989 struct l2cap_create_chan_rsp rsp;
3990 u16 psm, scid;
3991
3992 if (cmd_len != sizeof(*req))
3993 return -EPROTO;
3994
3995 if (!enable_hs)
3996 return -EINVAL;
3997
3998 psm = le16_to_cpu(req->psm);
3999 scid = le16_to_cpu(req->scid);
4000
4001 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
4002
4003 /* Placeholder: Always reject */
4004 rsp.dcid = 0;
4005 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 4006 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
4007 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 4008
4009 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
4010 sizeof(rsp), &rsp);
4011
4012 return 0;
4013}
4014
4015static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
4016 struct l2cap_cmd_hdr *cmd, void *data)
4017{
4018 BT_DBG("conn %p", conn);
4019
4020 return l2cap_connect_rsp(conn, cmd, data);
4021}
4022
8d5a04a1
MM		 4023static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
4024 u16 icid, u16 result)
4025{
4026 struct l2cap_move_chan_rsp rsp;
4027
4028 BT_DBG("icid %d, result %d", icid, result);
4029
4030 rsp.icid = cpu_to_le16(icid);
4031 rsp.result = cpu_to_le16(result);
4032
4033 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
4034}
4035
4036static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
4037 struct l2cap_chan *chan, u16 icid, u16 result)
4038{
4039 struct l2cap_move_chan_cfm cfm;
4040 u8 ident;
4041
4042 BT_DBG("icid %d, result %d", icid, result);
4043
4044 ident = l2cap_get_ident(conn);
4045 if (chan)
4046 chan->ident = ident;
4047
4048 cfm.icid = cpu_to_le16(icid);
4049 cfm.result = cpu_to_le16(result);
4050
4051 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
4052}
4053
4054static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
4055 u16 icid)
4056{
4057 struct l2cap_move_chan_cfm_rsp rsp;
4058
4059 BT_DBG("icid %d", icid);
4060
4061 rsp.icid = cpu_to_le16(icid);
4062 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
4063}
4064
4065static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4066 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
4067{
4068 struct l2cap_move_chan_req *req = data;
4069 u16 icid = 0;
4070 u16 result = L2CAP_MR_NOT_ALLOWED;
4071
4072 if (cmd_len != sizeof(*req))
4073 return -EPROTO;
4074
4075 icid = le16_to_cpu(req->icid);
4076
4077 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
4078
4079 if (!enable_hs)
4080 return -EINVAL;
4081
4082 /* Placeholder: Always refuse */
4083 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
4084
4085 return 0;
4086}
4087
4088static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4089 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
4090{
4091 struct l2cap_move_chan_rsp *rsp = data;
4092 u16 icid, result;
4093
4094 if (cmd_len != sizeof(*rsp))
4095 return -EPROTO;
4096
4097 icid = le16_to_cpu(rsp->icid);
4098 result = le16_to_cpu(rsp->result);
4099
4100 BT_DBG("icid %d, result %d", icid, result);
4101
4102 /* Placeholder: Always unconfirmed */
4103 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
4104
4105 return 0;
4106}
4107
4108static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4109 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
4110{
4111 struct l2cap_move_chan_cfm *cfm = data;
4112 u16 icid, result;
4113
4114 if (cmd_len != sizeof(*cfm))
4115 return -EPROTO;
4116
4117 icid = le16_to_cpu(cfm->icid);
4118 result = le16_to_cpu(cfm->result);
4119
4120 BT_DBG("icid %d, result %d", icid, result);
4121
4122 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
4123
4124 return 0;
4125}
4126
4127static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4128 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
4129{
4130 struct l2cap_move_chan_cfm_rsp *rsp = data;
4131 u16 icid;
4132
4133 if (cmd_len != sizeof(*rsp))
4134 return -EPROTO;
4135
4136 icid = le16_to_cpu(rsp->icid);
4137
4138 BT_DBG("icid %d", icid);
4139
4140 return 0;
4141}
4142
e2174ca4 4143static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 4144 u16 to_multiplier)
4145{
4146 u16 max_latency;
4147
4148 if (min > max || min < 6 || max > 3200)
4149 return -EINVAL;
4150
4151 if (to_multiplier < 10 || to_multiplier > 3200)
4152 return -EINVAL;
4153
4154 if (max >= to_multiplier * 8)
4155 return -EINVAL;
4156
4157 max_latency = (to_multiplier * 8 / max) - 1;
4158 if (latency > 499 || latency > max_latency)
4159 return -EINVAL;
4160
4161 return 0;
4162}
4163
4164static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4165 struct l2cap_cmd_hdr *cmd, u8 *data)
4166{
4167 struct hci_conn *hcon = conn->hcon;
4168 struct l2cap_conn_param_update_req *req;
4169 struct l2cap_conn_param_update_rsp rsp;
4170 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 4171 int err;
de73115a
CT		 4172
4173 if (!(hcon->link_mode & HCI_LM_MASTER))
4174 return -EINVAL;
4175
4176 cmd_len = __le16_to_cpu(cmd->len);
4177 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
4178 return -EPROTO;
4179
4180 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 4181 min = __le16_to_cpu(req->min);
4182 max = __le16_to_cpu(req->max);
de73115a
CT		 4183 latency = __le16_to_cpu(req->latency);
4184 to_multiplier = __le16_to_cpu(req->to_multiplier);
4185
4186 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4187 min, max, latency, to_multiplier);
4188
4189 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 4190
4191 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
4192 if (err)
de73115a
CT		 4193 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
4194 else
4195 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4196
4197 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4198 sizeof(rsp), &rsp);
4199
2ce603eb
CT		 4200 if (!err)
4201 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
4202
de73115a
CT		 4203 return 0;
4204}
4205
3300d9a9
CT		 4206static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4207 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
4208{
4209 int err = 0;
4210
4211 switch (cmd->code) {
4212 case L2CAP_COMMAND_REJ:
4213 l2cap_command_rej(conn, cmd, data);
4214 break;
4215
4216 case L2CAP_CONN_REQ:
4217 err = l2cap_connect_req(conn, cmd, data);
4218 break;
4219
4220 case L2CAP_CONN_RSP:
4221 err = l2cap_connect_rsp(conn, cmd, data);
4222 break;
4223
4224 case L2CAP_CONF_REQ:
4225 err = l2cap_config_req(conn, cmd, cmd_len, data);
4226 break;
4227
4228 case L2CAP_CONF_RSP:
4229 err = l2cap_config_rsp(conn, cmd, data);
4230 break;
4231
4232 case L2CAP_DISCONN_REQ:
4233 err = l2cap_disconnect_req(conn, cmd, data);
4234 break;
4235
4236 case L2CAP_DISCONN_RSP:
4237 err = l2cap_disconnect_rsp(conn, cmd, data);
4238 break;
4239
4240 case L2CAP_ECHO_REQ:
4241 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
4242 break;
4243
4244 case L2CAP_ECHO_RSP:
4245 break;
4246
4247 case L2CAP_INFO_REQ:
4248 err = l2cap_information_req(conn, cmd, data);
4249 break;
4250
4251 case L2CAP_INFO_RSP:
4252 err = l2cap_information_rsp(conn, cmd, data);
4253 break;
4254
f94ff6ff
MM		 4255 case L2CAP_CREATE_CHAN_REQ:
4256 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4257 break;
4258
4259 case L2CAP_CREATE_CHAN_RSP:
4260 err = l2cap_create_channel_rsp(conn, cmd, data);
4261 break;
4262
8d5a04a1
MM		 4263 case L2CAP_MOVE_CHAN_REQ:
4264 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4265 break;
4266
4267 case L2CAP_MOVE_CHAN_RSP:
4268 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
4269 break;
4270
4271 case L2CAP_MOVE_CHAN_CFM:
4272 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
4273 break;
4274
4275 case L2CAP_MOVE_CHAN_CFM_RSP:
4276 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
4277 break;
4278
3300d9a9
CT		 4279 default:
4280 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
4281 err = -EINVAL;
4282 break;
4283 }
4284
4285 return err;
4286}
4287
4288static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4289 struct l2cap_cmd_hdr *cmd, u8 *data)
4290{
4291 switch (cmd->code) {
4292 case L2CAP_COMMAND_REJ:
4293 return 0;
4294
4295 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 4296 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 4297
4298 case L2CAP_CONN_PARAM_UPDATE_RSP:
4299 return 0;
4300
4301 default:
4302 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
4303 return -EINVAL;
4304 }
4305}
4306
4307static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4308 struct sk_buff *skb)
1da177e4
LT		 4309{
4310 u8 *data = skb->data;
4311 int len = skb->len;
4312 struct l2cap_cmd_hdr cmd;
3300d9a9 4313 int err;
1da177e4
LT		 4314
4315 l2cap_raw_recv(conn, skb);
4316
4317 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 4318 u16 cmd_len;
1da177e4
LT		 4319 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
4320 data += L2CAP_CMD_HDR_SIZE;
4321 len -= L2CAP_CMD_HDR_SIZE;
4322
88219a0f 4323 cmd_len = le16_to_cpu(cmd.len);
1da177e4 4324
88219a0f 4325 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 4326
88219a0f 4327 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 4328 BT_DBG("corrupted command");
4329 break;
4330 }
4331
3300d9a9
CT		 4332 if (conn->hcon->type == LE_LINK)
4333 err = l2cap_le_sig_cmd(conn, &cmd, data);
4334 else
4335 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 4336
4337 if (err) {
e2fd318e 4338 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 4339
4340 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 4341
4342 /* FIXME: Map err to a valid reason */
e2fd318e 4343 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 4344 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
4345 }
4346
88219a0f
AV		 4347 data += cmd_len;
4348 len -= cmd_len;
1da177e4
LT		 4349 }
4350
4351 kfree_skb(skb);
4352}
4353
47d1ec61 4354static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 4355{
4356 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 4357 int hdr_size;
4358
4359 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
4360 hdr_size = L2CAP_EXT_HDR_SIZE;
4361 else
4362 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 4363
47d1ec61 4364 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 4365 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 4366 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
4367 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
4368
4369 if (our_fcs != rcv_fcs)
7a560e5c 4370 return -EBADMSG;
fcc203c3
GP		 4371 }
4372 return 0;
4373}
4374
525cd185 4375static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 4376{
e31f7633 4377 struct l2cap_ctrl control;
d5392c8f 4378
e31f7633 4379 BT_DBG("chan %p", chan);
d5392c8f 4380
e31f7633
MM		 4381 memset(&control, 0, sizeof(control));
4382 control.sframe = 1;
4383 control.final = 1;
4384 control.reqseq = chan->buffer_seq;
4385 set_bit(CONN_SEND_FBIT, &chan->conn_state);
d5392c8f 4386
e2ab4353 4387 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
e31f7633
MM		 4388 control.super = L2CAP_SUPER_RNR;
4389 l2cap_send_sframe(chan, &control);
d5392c8f
GP		 4390 }
4391
e31f7633
MM		 4392 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
4393 chan->unacked_frames > 0)
4394 __set_retrans_timer(chan);
d5392c8f 4395
e31f7633 4396 /* Send pending iframes */
525cd185 4397 l2cap_ertm_send(chan);
d5392c8f 4398
e2ab4353 4399 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
e31f7633
MM		 4400 test_bit(CONN_SEND_FBIT, &chan->conn_state)) {
4401 /* F-bit wasn't sent in an s-frame or i-frame yet, so
4402 * send it now.
4403 */
4404 control.super = L2CAP_SUPER_RR;
4405 l2cap_send_sframe(chan, &control);
d5392c8f
GP		 4406 }
4407}
4408
84084a31
MM		 4409static void append_skb_frag(struct sk_buff *skb,
4410 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 4411{
84084a31
MM		 4412 /* skb->len reflects data in skb as well as all fragments
4413 * skb->data_len reflects only data in fragments
4414 */
4415 if (!skb_has_frag_list(skb))
4416 skb_shinfo(skb)->frag_list = new_frag;
4417
4418 new_frag->next = NULL;
4419
4420 (*last_frag)->next = new_frag;
4421 *last_frag = new_frag;
4422
4423 skb->len += new_frag->len;
4424 skb->data_len += new_frag->len;
4425 skb->truesize += new_frag->truesize;
4426}
4427
4b51dae9
MM		 4428static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
4429 struct l2cap_ctrl *control)
84084a31
MM		 4430{
4431 int err = -EINVAL;
18778a63 4432
4b51dae9 4433 switch (control->sar) {
7e0ef6ee 4434 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 4435 if (chan->sdu)
4436 break;
18778a63 4437
84084a31
MM		 4438 err = chan->ops->recv(chan->data, skb);
4439 break;
18778a63 4440
7e0ef6ee 4441 case L2CAP_SAR_START:
84084a31
MM		 4442 if (chan->sdu)
4443 break;
18778a63 4444
6f61fd47 4445 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 4446 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 4447
84084a31
MM		 4448 if (chan->sdu_len > chan->imtu) {
4449 err = -EMSGSIZE;
4450 break;
4451 }
1890d36b 4452
84084a31
MM		 4453 if (skb->len >= chan->sdu_len)
4454 break;
18778a63 4455
84084a31
MM		 4456 chan->sdu = skb;
4457 chan->sdu_last_frag = skb;
18778a63 4458
84084a31
MM		 4459 skb = NULL;
4460 err = 0;
18778a63
GP		 4461 break;
4462
7e0ef6ee 4463 case L2CAP_SAR_CONTINUE:
6f61fd47 4464 if (!chan->sdu)
84084a31 4465 break;
18778a63 4466
84084a31
MM		 4467 append_skb_frag(chan->sdu, skb,
4468 &chan->sdu_last_frag);
4469 skb = NULL;
18778a63 4470
84084a31
MM		 4471 if (chan->sdu->len >= chan->sdu_len)
4472 break;
4178ba46 4473
84084a31 4474 err = 0;
18778a63
GP		 4475 break;
4476
7e0ef6ee 4477 case L2CAP_SAR_END:
6f61fd47 4478 if (!chan->sdu)
84084a31 4479 break;
18778a63 4480
84084a31
MM		 4481 append_skb_frag(chan->sdu, skb,
4482 &chan->sdu_last_frag);
4483 skb = NULL;
4178ba46 4484
84084a31
MM		 4485 if (chan->sdu->len != chan->sdu_len)
4486 break;
18778a63 4487
84084a31 4488 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 4489
84084a31
MM		 4490 if (!err) {
4491 /* Reassembly complete */
4492 chan->sdu = NULL;
4493 chan->sdu_last_frag = NULL;
4494 chan->sdu_len = 0;
1890d36b 4495 }
18778a63
GP		 4496 break;
4497 }
4498
84084a31
MM		 4499 if (err) {
4500 kfree_skb(skb);
4501 kfree_skb(chan->sdu);
4502 chan->sdu = NULL;
4503 chan->sdu_last_frag = NULL;
4504 chan->sdu_len = 0;
4505 }
18778a63 4506
84084a31 4507 return err;
18778a63
GP		 4508}
4509
61aa4f5b 4510void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
26f880d2 4511{
61aa4f5b 4512 u8 event;
712132eb 4513
61aa4f5b
MM		 4514 if (chan->mode != L2CAP_MODE_ERTM)
4515 return;
712132eb 4516
61aa4f5b
MM		 4517 event = busy ? L2CAP_EV_LOCAL_BUSY_DETECTED : L2CAP_EV_LOCAL_BUSY_CLEAR;
4518 l2cap_tx(chan, 0, 0, event);
1890d36b
GP		 4519}
4520
d2a7ac5d
MM		 4521static int l2cap_rx_queued_iframes(struct l2cap_chan *chan)
4522{
63838725
MM		 4523 int err = 0;
4524 /* Pass sequential frames to l2cap_reassemble_sdu()
4525 * until a gap is encountered.
4526 */
4527
4528 BT_DBG("chan %p", chan);
4529
4530 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4531 struct sk_buff *skb;
4532 BT_DBG("Searching for skb with txseq %d (queue len %d)",
4533 chan->buffer_seq, skb_queue_len(&chan->srej_q));
4534
4535 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq);
4536
4537 if (!skb)
4538 break;
4539
4540 skb_unlink(skb, &chan->srej_q);
4541 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4542 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->control);
4543 if (err)
4544 break;
4545 }
4546
4547 if (skb_queue_empty(&chan->srej_q)) {
4548 chan->rx_state = L2CAP_RX_STATE_RECV;
4549 l2cap_send_ack(chan);
4550 }
4551
4552 return err;
d2a7ac5d
MM		 4553}
4554
4555static void l2cap_handle_srej(struct l2cap_chan *chan,
4556 struct l2cap_ctrl *control)
4557{
f80842a8
MM		 4558 struct sk_buff *skb;
4559
4560 BT_DBG("chan %p, control %p", chan, control);
4561
4562 if (control->reqseq == chan->next_tx_seq) {
4563 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);
4564 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4565 return;
4566 }
4567
4568 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
4569
4570 if (skb == NULL) {
4571 BT_DBG("Seq %d not available for retransmission",
4572 control->reqseq);
4573 return;
4574 }
4575
4576 if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) {
4577 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
4578 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4579 return;
4580 }
4581
4582 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4583
4584 if (control->poll) {
4585 l2cap_pass_to_tx(chan, control);
4586
4587 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4588 l2cap_retransmit(chan, control);
4589 l2cap_ertm_send(chan);
4590
4591 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
4592 set_bit(CONN_SREJ_ACT, &chan->conn_state);
4593 chan->srej_save_reqseq = control->reqseq;
4594 }
4595 } else {
4596 l2cap_pass_to_tx_fbit(chan, control);
4597
4598 if (control->final) {
4599 if (chan->srej_save_reqseq != control->reqseq ||
4600 !test_and_clear_bit(CONN_SREJ_ACT,
4601 &chan->conn_state))
4602 l2cap_retransmit(chan, control);
4603 } else {
4604 l2cap_retransmit(chan, control);
4605 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
4606 set_bit(CONN_SREJ_ACT, &chan->conn_state);
4607 chan->srej_save_reqseq = control->reqseq;
4608 }
4609 }
4610 }
d2a7ac5d
MM		 4611}
4612
4613static void l2cap_handle_rej(struct l2cap_chan *chan,
4614 struct l2cap_ctrl *control)
4615{
4616 /* Placeholder */
4617}
4618
4b51dae9
MM		 4619static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4620{
4621 BT_DBG("chan %p, txseq %d", chan, txseq);
4622
4623 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq,
4624 chan->expected_tx_seq);
4625
4626 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
4627 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
4628 chan->tx_win) {
4629 /* See notes below regarding "double poll" and
4630 * invalid packets.
4631 */
4632 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
4633 BT_DBG("Invalid/Ignore - after SREJ");
4634 return L2CAP_TXSEQ_INVALID_IGNORE;
4635 } else {
4636 BT_DBG("Invalid - in window after SREJ sent");
4637 return L2CAP_TXSEQ_INVALID;
4638 }
4639 }
4640
4641 if (chan->srej_list.head == txseq) {
4642 BT_DBG("Expected SREJ");
4643 return L2CAP_TXSEQ_EXPECTED_SREJ;
4644 }
4645
4646 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) {
4647 BT_DBG("Duplicate SREJ - txseq already stored");
4648 return L2CAP_TXSEQ_DUPLICATE_SREJ;
4649 }
4650
4651 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) {
4652 BT_DBG("Unexpected SREJ - not requested");
4653 return L2CAP_TXSEQ_UNEXPECTED_SREJ;
4654 }
4655 }
4656
4657 if (chan->expected_tx_seq == txseq) {
4658 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
4659 chan->tx_win) {
4660 BT_DBG("Invalid - txseq outside tx window");
4661 return L2CAP_TXSEQ_INVALID;
4662 } else {
4663 BT_DBG("Expected");
4664 return L2CAP_TXSEQ_EXPECTED;
4665 }
4666 }
4667
4668 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
4669 __seq_offset(chan, chan->expected_tx_seq,
4670 chan->last_acked_seq)){
4671 BT_DBG("Duplicate - expected_tx_seq later than txseq");
4672 return L2CAP_TXSEQ_DUPLICATE;
4673 }
4674
4675 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) {
4676 /* A source of invalid packets is a "double poll" condition,
4677 * where delays cause us to send multiple poll packets. If
4678 * the remote stack receives and processes both polls,
4679 * sequence numbers can wrap around in such a way that a
4680 * resent frame has a sequence number that looks like new data
4681 * with a sequence gap. This would trigger an erroneous SREJ
4682 * request.
4683 *
4684 * Fortunately, this is impossible with a tx window that's
4685 * less than half of the maximum sequence number, which allows
4686 * invalid frames to be safely ignored.
4687 *
4688 * With tx window sizes greater than half of the tx window
4689 * maximum, the frame is invalid and cannot be ignored. This
4690 * causes a disconnect.
4691 */
4692
4693 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
4694 BT_DBG("Invalid/Ignore - txseq outside tx window");
4695 return L2CAP_TXSEQ_INVALID_IGNORE;
4696 } else {
4697 BT_DBG("Invalid - txseq outside tx window");
4698 return L2CAP_TXSEQ_INVALID;
4699 }
4700 } else {
4701 BT_DBG("Unexpected - txseq indicates missing frames");
4702 return L2CAP_TXSEQ_UNEXPECTED;
4703 }
4704}
4705
d2a7ac5d
MM		 4706static int l2cap_rx_state_recv(struct l2cap_chan *chan,
4707 struct l2cap_ctrl *control,
4708 struct sk_buff *skb, u8 event)
4709{
4710 int err = 0;
4711 bool skb_in_use = 0;
4712
4713 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
4714 event);
4715
4716 switch (event) {
4717 case L2CAP_EV_RECV_IFRAME:
4718 switch (l2cap_classify_txseq(chan, control->txseq)) {
4719 case L2CAP_TXSEQ_EXPECTED:
4720 l2cap_pass_to_tx(chan, control);
4721
4722 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4723 BT_DBG("Busy, discarding expected seq %d",
4724 control->txseq);
4725 break;
4726 }
4727
4728 chan->expected_tx_seq = __next_seq(chan,
4729 control->txseq);
4730
4731 chan->buffer_seq = chan->expected_tx_seq;
4732 skb_in_use = 1;
4733
4734 err = l2cap_reassemble_sdu(chan, skb, control);
4735 if (err)
4736 break;
4737
4738 if (control->final) {
4739 if (!test_and_clear_bit(CONN_REJ_ACT,
4740 &chan->conn_state)) {
4741 control->final = 0;
4742 l2cap_retransmit_all(chan, control);
4743 l2cap_ertm_send(chan);
4744 }
4745 }
4746
4747 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
4748 l2cap_send_ack(chan);
4749 break;
4750 case L2CAP_TXSEQ_UNEXPECTED:
4751 l2cap_pass_to_tx(chan, control);
4752
4753 /* Can't issue SREJ frames in the local busy state.
4754 * Drop this frame, it will be seen as missing
4755 * when local busy is exited.
4756 */
4757 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4758 BT_DBG("Busy, discarding unexpected seq %d",
4759 control->txseq);
4760 break;
4761 }
4762
4763 /* There was a gap in the sequence, so an SREJ
4764 * must be sent for each missing frame. The
4765 * current frame is stored for later use.
4766 */
4767 skb_queue_tail(&chan->srej_q, skb);
4768 skb_in_use = 1;
4769 BT_DBG("Queued %p (queue len %d)", skb,
4770 skb_queue_len(&chan->srej_q));
4771
4772 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
4773 l2cap_seq_list_clear(&chan->srej_list);
4774 l2cap_send_srej(chan, control->txseq);
4775
4776 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT;
4777 break;
4778 case L2CAP_TXSEQ_DUPLICATE:
4779 l2cap_pass_to_tx(chan, control);
4780 break;
4781 case L2CAP_TXSEQ_INVALID_IGNORE:
4782 break;
4783 case L2CAP_TXSEQ_INVALID:
4784 default:
4785 l2cap_send_disconn_req(chan->conn, chan,
4786 ECONNRESET);
4787 break;
4788 }
4789 break;
4790 case L2CAP_EV_RECV_RR:
4791 l2cap_pass_to_tx(chan, control);
4792 if (control->final) {
4793 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4794
4795 if (!test_and_clear_bit(CONN_REJ_ACT,
4796 &chan->conn_state)) {
4797 control->final = 0;
4798 l2cap_retransmit_all(chan, control);
4799 }
4800
4801 l2cap_ertm_send(chan);
4802 } else if (control->poll) {
4803 l2cap_send_i_or_rr_or_rnr(chan);
4804 } else {
4805 if (test_and_clear_bit(CONN_REMOTE_BUSY,
4806 &chan->conn_state) &&
4807 chan->unacked_frames)
4808 __set_retrans_timer(chan);
4809
4810 l2cap_ertm_send(chan);
4811 }
4812 break;
4813 case L2CAP_EV_RECV_RNR:
4814 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4815 l2cap_pass_to_tx(chan, control);
4816 if (control && control->poll) {
4817 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4818 l2cap_send_rr_or_rnr(chan, 0);
4819 }
4820 __clear_retrans_timer(chan);
4821 l2cap_seq_list_clear(&chan->retrans_list);
4822 break;
4823 case L2CAP_EV_RECV_REJ:
4824 l2cap_handle_rej(chan, control);
4825 break;
4826 case L2CAP_EV_RECV_SREJ:
4827 l2cap_handle_srej(chan, control);
4828 break;
4829 default:
4830 break;
4831 }
4832
4833 if (skb && !skb_in_use) {
4834 BT_DBG("Freeing %p", skb);
4835 kfree_skb(skb);
4836 }
4837
4838 return err;
4839}
4840
4841static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
4842 struct l2cap_ctrl *control,
4843 struct sk_buff *skb, u8 event)
4844{
4845 int err = 0;
4846 u16 txseq = control->txseq;
4847 bool skb_in_use = 0;
4848
4849 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
4850 event);
4851
4852 switch (event) {
4853 case L2CAP_EV_RECV_IFRAME:
4854 switch (l2cap_classify_txseq(chan, txseq)) {
4855 case L2CAP_TXSEQ_EXPECTED:
4856 /* Keep frame for reassembly later */
4857 l2cap_pass_to_tx(chan, control);
4858 skb_queue_tail(&chan->srej_q, skb);
4859 skb_in_use = 1;
4860 BT_DBG("Queued %p (queue len %d)", skb,
4861 skb_queue_len(&chan->srej_q));
4862
4863 chan->expected_tx_seq = __next_seq(chan, txseq);
4864 break;
4865 case L2CAP_TXSEQ_EXPECTED_SREJ:
4866 l2cap_seq_list_pop(&chan->srej_list);
4867
4868 l2cap_pass_to_tx(chan, control);
4869 skb_queue_tail(&chan->srej_q, skb);
4870 skb_in_use = 1;
4871 BT_DBG("Queued %p (queue len %d)", skb,
4872 skb_queue_len(&chan->srej_q));
4873
4874 err = l2cap_rx_queued_iframes(chan);
4875 if (err)
4876 break;
4877
4878 break;
4879 case L2CAP_TXSEQ_UNEXPECTED:
4880 /* Got a frame that can't be reassembled yet.
4881 * Save it for later, and send SREJs to cover
4882 * the missing frames.
4883 */
4884 skb_queue_tail(&chan->srej_q, skb);
4885 skb_in_use = 1;
4886 BT_DBG("Queued %p (queue len %d)", skb,
4887 skb_queue_len(&chan->srej_q));
4888
4889 l2cap_pass_to_tx(chan, control);
4890 l2cap_send_srej(chan, control->txseq);
4891 break;
4892 case L2CAP_TXSEQ_UNEXPECTED_SREJ:
4893 /* This frame was requested with an SREJ, but
4894 * some expected retransmitted frames are
4895 * missing. Request retransmission of missing
4896 * SREJ'd frames.
4897 */
4898 skb_queue_tail(&chan->srej_q, skb);
4899 skb_in_use = 1;
4900 BT_DBG("Queued %p (queue len %d)", skb,
4901 skb_queue_len(&chan->srej_q));
4902
4903 l2cap_pass_to_tx(chan, control);
4904 l2cap_send_srej_list(chan, control->txseq);
4905 break;
4906 case L2CAP_TXSEQ_DUPLICATE_SREJ:
4907 /* We've already queued this frame. Drop this copy. */
4908 l2cap_pass_to_tx(chan, control);
4909 break;
4910 case L2CAP_TXSEQ_DUPLICATE:
4911 /* Expecting a later sequence number, so this frame
4912 * was already received. Ignore it completely.
4913 */
4914 break;
4915 case L2CAP_TXSEQ_INVALID_IGNORE:
4916 break;
4917 case L2CAP_TXSEQ_INVALID:
4918 default:
4919 l2cap_send_disconn_req(chan->conn, chan,
4920 ECONNRESET);
4921 break;
4922 }
4923 break;
4924 case L2CAP_EV_RECV_RR:
4925 l2cap_pass_to_tx(chan, control);
4926 if (control->final) {
4927 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4928
4929 if (!test_and_clear_bit(CONN_REJ_ACT,
4930 &chan->conn_state)) {
4931 control->final = 0;
4932 l2cap_retransmit_all(chan, control);
4933 }
4934
4935 l2cap_ertm_send(chan);
4936 } else if (control->poll) {
4937 if (test_and_clear_bit(CONN_REMOTE_BUSY,
4938 &chan->conn_state) &&
4939 chan->unacked_frames) {
4940 __set_retrans_timer(chan);
4941 }
4942
4943 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4944 l2cap_send_srej_tail(chan);
4945 } else {
4946 if (test_and_clear_bit(CONN_REMOTE_BUSY,
4947 &chan->conn_state) &&
4948 chan->unacked_frames)
4949 __set_retrans_timer(chan);
4950
4951 l2cap_send_ack(chan);
4952 }
4953 break;
4954 case L2CAP_EV_RECV_RNR:
4955 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4956 l2cap_pass_to_tx(chan, control);
4957 if (control->poll) {
4958 l2cap_send_srej_tail(chan);
4959 } else {
4960 struct l2cap_ctrl rr_control;
4961 memset(&rr_control, 0, sizeof(rr_control));
4962 rr_control.sframe = 1;
4963 rr_control.super = L2CAP_SUPER_RR;
4964 rr_control.reqseq = chan->buffer_seq;
4965 l2cap_send_sframe(chan, &rr_control);
4966 }
4967
4968 break;
4969 case L2CAP_EV_RECV_REJ:
4970 l2cap_handle_rej(chan, control);
4971 break;
4972 case L2CAP_EV_RECV_SREJ:
4973 l2cap_handle_srej(chan, control);
4974 break;
4975 }
4976
4977 if (skb && !skb_in_use) {
4978 BT_DBG("Freeing %p", skb);
4979 kfree_skb(skb);
4980 }
4981
4982 return err;
4983}
4984
4985static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq)
4986{
4987 /* Make sure reqseq is for a packet that has been sent but not acked */
4988 u16 unacked;
4989
4990 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq);
4991 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked;
4992}
4993
cec8ab6e
MM		 4994static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
4995 struct sk_buff *skb, u8 event)
218bb9df 4996{
d2a7ac5d
MM		 4997 int err = 0;
4998
4999 BT_DBG("chan %p, control %p, skb %p, event %d, state %d", chan,
5000 control, skb, event, chan->rx_state);
5001
5002 if (__valid_reqseq(chan, control->reqseq)) {
5003 switch (chan->rx_state) {
5004 case L2CAP_RX_STATE_RECV:
5005 err = l2cap_rx_state_recv(chan, control, skb, event);
5006 break;
5007 case L2CAP_RX_STATE_SREJ_SENT:
5008 err = l2cap_rx_state_srej_sent(chan, control, skb,
5009 event);
5010 break;
5011 default:
5012 /* shut it down */
5013 break;
5014 }
5015 } else {
5016 BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d",
5017 control->reqseq, chan->next_tx_seq,
5018 chan->expected_ack_seq);
5019 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
5020 }
5021
5022 return err;
cec8ab6e
MM		 5023}
5024
5025static int l2cap_stream_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
5026 struct sk_buff *skb)
5027{
4b51dae9
MM		 5028 int err = 0;
5029
5030 BT_DBG("chan %p, control %p, skb %p, state %d", chan, control, skb,
5031 chan->rx_state);
5032
5033 if (l2cap_classify_txseq(chan, control->txseq) ==
5034 L2CAP_TXSEQ_EXPECTED) {
5035 l2cap_pass_to_tx(chan, control);
5036
5037 BT_DBG("buffer_seq %d->%d", chan->buffer_seq,
5038 __next_seq(chan, chan->buffer_seq));
5039
5040 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
5041
5042 l2cap_reassemble_sdu(chan, skb, control);
5043 } else {
5044 if (chan->sdu) {
5045 kfree_skb(chan->sdu);
5046 chan->sdu = NULL;
5047 }
5048 chan->sdu_last_frag = NULL;
5049 chan->sdu_len = 0;
5050
5051 if (skb) {
5052 BT_DBG("Freeing %p", skb);
5053 kfree_skb(skb);
5054 }
5055 }
5056
5057 chan->last_acked_seq = control->txseq;
5058 chan->expected_tx_seq = __next_seq(chan, control->txseq);
5059
5060 return err;
cec8ab6e
MM		 5061}
5062
5063static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
5064{
5065 struct l2cap_ctrl *control = &bt_cb(skb)->control;
5066 u16 len;
5067 u8 event;
218bb9df 5068
b76bbd66
MM		 5069 __unpack_control(chan, skb);
5070
218bb9df
GP		 5071 len = skb->len;
5072
5073 /*
5074 * We can just drop the corrupted I-frame here.
5075 * Receiver will miss it and start proper recovery
cec8ab6e 5076 * procedures and ask for retransmission.
218bb9df 5077 */
47d1ec61 5078 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 5079 goto drop;
5080
cec8ab6e 5081 if (!control->sframe && control->sar == L2CAP_SAR_START)
03a51213 5082 len -= L2CAP_SDULEN_SIZE;
218bb9df 5083
47d1ec61 5084 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 5085 len -= L2CAP_FCS_SIZE;
218bb9df 5086
47d1ec61 5087 if (len > chan->mps) {
8c1d787b 5088 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 5089 goto drop;
5090 }
5091
cec8ab6e
MM		 5092 if (!control->sframe) {
5093 int err;
218bb9df 5094
cec8ab6e
MM		 5095 BT_DBG("iframe sar %d, reqseq %d, final %d, txseq %d",
5096 control->sar, control->reqseq, control->final,
5097 control->txseq);
218bb9df 5098
cec8ab6e
MM		 5099 /* Validate F-bit - F=0 always valid, F=1 only
5100 * valid in TX WAIT_F
5101 */
5102 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F)
218bb9df 5103 goto drop;
cec8ab6e
MM		 5104
5105 if (chan->mode != L2CAP_MODE_STREAMING) {
5106 event = L2CAP_EV_RECV_IFRAME;
5107 err = l2cap_rx(chan, control, skb, event);
5108 } else {
5109 err = l2cap_stream_rx(chan, control, skb);
218bb9df
GP		 5110 }
5111
cec8ab6e
MM		 5112 if (err)
5113 l2cap_send_disconn_req(chan->conn, chan,
5114 ECONNRESET);
218bb9df 5115 } else {
cec8ab6e
MM		 5116 const u8 rx_func_to_event[4] = {
5117 L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ,
5118 L2CAP_EV_RECV_RNR, L2CAP_EV_RECV_SREJ
5119 };
5120
5121 /* Only I-frames are expected in streaming mode */
5122 if (chan->mode == L2CAP_MODE_STREAMING)
5123 goto drop;
5124
5125 BT_DBG("sframe reqseq %d, final %d, poll %d, super %d",
5126 control->reqseq, control->final, control->poll,
5127 control->super);
5128
218bb9df
GP		 5129 if (len != 0) {
5130 BT_ERR("%d", len);
8c1d787b 5131 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 5132 goto drop;
5133 }
5134
cec8ab6e
MM		 5135 /* Validate F and P bits */
5136 if (control->final && (control->poll ||
5137 chan->tx_state != L2CAP_TX_STATE_WAIT_F))
5138 goto drop;
5139
5140 event = rx_func_to_event[control->super];
5141 if (l2cap_rx(chan, control, skb, event))
5142 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 5143 }
5144
5145 return 0;
5146
5147drop:
5148 kfree_skb(skb);
5149 return 0;
5150}
5151
1da177e4
LT		 5152static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
5153{
48454079 5154 struct l2cap_chan *chan;
1da177e4 5155
baa7e1fa 5156 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 5157 if (!chan) {
1da177e4 5158 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 5159 /* Drop packet and return */
3379013b 5160 kfree_skb(skb);
6be36555 5161 return 0;
1da177e4
LT		 5162 }
5163
49208c9c 5164 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 5165
89bc500e 5166 if (chan->state != BT_CONNECTED)
1da177e4
LT		 5167 goto drop;
5168
0c1bc5c6 5169 switch (chan->mode) {
1c2acffb
GP		 5170 case L2CAP_MODE_BASIC:
5171 /* If socket recv buffers overflows we drop data here
5172 * which is *bad* because L2CAP has to be reliable.
5173 * But we don't have any other choice. L2CAP doesn't
5174 * provide flow control mechanism. */
1da177e4 5175
0c1bc5c6 5176 if (chan->imtu < skb->len)
1c2acffb 5177 goto drop;
1da177e4 5178
23070494 5179 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 5180 goto done;
5181 break;
5182
5183 case L2CAP_MODE_ERTM:
6840ed07 5184 case L2CAP_MODE_STREAMING:
cec8ab6e 5185 l2cap_data_rcv(chan, skb);
6840ed07
GP		 5186 goto done;
5187
1c2acffb 5188 default:
0c1bc5c6 5189 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 5190 break;
5191 }
1da177e4
LT		 5192
5193drop:
5194 kfree_skb(skb);
5195
5196done:
6be36555 5197 l2cap_chan_unlock(chan);
0139418c 5198
1da177e4
LT		 5199 return 0;
5200}
5201
8e036fc3 5202static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 5203{
23691d75 5204 struct l2cap_chan *chan;
1da177e4 5205
c2287681 5206 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst);
23691d75 5207 if (!chan)
1da177e4
LT		 5208 goto drop;
5209
5b4cedaa 5210 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 5211
89bc500e 5212 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 5213 goto drop;
5214
e13e21dc 5215 if (chan->imtu < skb->len)
1da177e4
LT		 5216 goto drop;
5217
23070494 5218 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 5219 return 0;
1da177e4
LT		 5220
5221drop:
5222 kfree_skb(skb);
5223
1da177e4
LT		 5224 return 0;
5225}
5226
d9b88702
AE		 5227static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
5228 struct sk_buff *skb)
9f69bda6 5229{
23691d75 5230 struct l2cap_chan *chan;
9f69bda6 5231
c2287681 5232 chan = l2cap_global_chan_by_scid(0, cid, conn->src, conn->dst);
23691d75 5233 if (!chan)
9f69bda6
GP		 5234 goto drop;
5235
5b4cedaa 5236 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 5237
89bc500e 5238 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 5239 goto drop;
5240
e13e21dc 5241 if (chan->imtu < skb->len)
9f69bda6
GP		 5242 goto drop;
5243
23070494 5244 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 5245 return 0;
9f69bda6
GP		 5246
5247drop:
5248 kfree_skb(skb);
5249
9f69bda6
GP		 5250 return 0;
5251}
5252
1da177e4
LT		 5253static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
5254{
5255 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 5256 u16 cid, len;
5257 __le16 psm;
1da177e4
LT		 5258
5259 skb_pull(skb, L2CAP_HDR_SIZE);
5260 cid = __le16_to_cpu(lh->cid);
5261 len = __le16_to_cpu(lh->len);
5262
1c2acffb
GP		 5263 if (len != skb->len) {
5264 kfree_skb(skb);
5265 return;
5266 }
5267
1da177e4
LT		 5268 BT_DBG("len %d, cid 0x%4.4x", len, cid);
5269
5270 switch (cid) {
3300d9a9 5271 case L2CAP_CID_LE_SIGNALING:
8db4dc46 5272 case L2CAP_CID_SIGNALING:
1da177e4
LT		 5273 l2cap_sig_channel(conn, skb);
5274 break;
5275
8db4dc46 5276 case L2CAP_CID_CONN_LESS:
097db76c 5277 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 5278 skb_pull(skb, 2);
5279 l2cap_conless_channel(conn, psm, skb);
5280 break;
5281
9f69bda6
GP		 5282 case L2CAP_CID_LE_DATA:
5283 l2cap_att_channel(conn, cid, skb);
5284 break;
5285
b501d6a1
AB		 5286 case L2CAP_CID_SMP:
5287 if (smp_sig_channel(conn, skb))
5288 l2cap_conn_del(conn->hcon, EACCES);
5289 break;
5290
1da177e4
LT		 5291 default:
5292 l2cap_data_channel(conn, cid, skb);
5293 break;
5294 }
5295}
5296
5297/* ---- L2CAP interface with lower layer (HCI) ---- */
5298
686ebf28 5299int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 5300{
5301 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 5302 struct l2cap_chan *c;
1da177e4 5303
1da177e4
LT		 5304 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
5305
5306 /* Find listening sockets and check their link_mode */
23691d75
GP		 5307 read_lock(&chan_list_lock);
5308 list_for_each_entry(c, &chan_list, global_l) {
5309 struct sock *sk = c->sk;
4343478f 5310
89bc500e 5311 if (c->state != BT_LISTEN)
1da177e4
LT		 5312 continue;
5313
5314 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 5315 lm1 |= HCI_LM_ACCEPT;
43bd0f32 5316 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 5317 lm1 |= HCI_LM_MASTER;
1da177e4 5318 exact++;
2af6b9d5
MH		 5319 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
5320 lm2 |= HCI_LM_ACCEPT;
43bd0f32 5321 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 5322 lm2 |= HCI_LM_MASTER;
5323 }
1da177e4 5324 }
23691d75 5325 read_unlock(&chan_list_lock);
1da177e4
LT		 5326
5327 return exact ? lm1 : lm2;
5328}
5329
686ebf28 5330int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 5331{
0139418c
MH		 5332 struct l2cap_conn *conn;
5333
1da177e4
LT		 5334 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
5335
1da177e4 5336 if (!status) {
1da177e4
LT		 5337 conn = l2cap_conn_add(hcon, status);
5338 if (conn)
5339 l2cap_conn_ready(conn);
0139418c 5340 } else
e175072f 5341 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 5342
5343 return 0;
5344}
5345
686ebf28 5346int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 5347{
5348 struct l2cap_conn *conn = hcon->l2cap_data;
5349
5350 BT_DBG("hcon %p", hcon);
5351
686ebf28 5352 if (!conn)
9f5a0d7b 5353 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 5354 return conn->disc_reason;
5355}
5356
686ebf28 5357int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 5358{
5359 BT_DBG("hcon %p reason %d", hcon, reason);
5360
e175072f 5361 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 5362 return 0;
5363}
5364
4343478f 5365static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 5366{
715ec005 5367 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 5368 return;
5369
f62e4323 5370 if (encrypt == 0x00) {
4343478f 5371 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 5372 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 5373 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 5374 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 5375 } else {
4343478f 5376 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 5377 __clear_chan_timer(chan);
f62e4323
MH		 5378 }
5379}
5380
686ebf28 5381int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 5382{
0139418c 5383 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 5384 struct l2cap_chan *chan;
1da177e4 5385
0139418c 5386 if (!conn)
1da177e4 5387 return 0;
0139418c 5388
1da177e4
LT		 5389 BT_DBG("conn %p", conn);
5390
160dc6ac 5391 if (hcon->type == LE_LINK) {
35d4adcc
HG		 5392 if (!status && encrypt)
5393 smp_distribute_keys(conn, 0);
17cd3f37 5394 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 5395 }
5396
3df91ea2 5397 mutex_lock(&conn->chan_lock);
1da177e4 5398
3df91ea2 5399 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 5400 l2cap_chan_lock(chan);
1da177e4 5401
f1cb9af5
VCG		 5402 BT_DBG("chan->scid %d", chan->scid);
5403
5404 if (chan->scid == L2CAP_CID_LE_DATA) {
5405 if (!status && encrypt) {
5406 chan->sec_level = hcon->sec_level;
cf4cd009 5407 l2cap_chan_ready(chan);
f1cb9af5
VCG		 5408 }
5409
6be36555 5410 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 5411 continue;
5412 }
5413
c1360a1c 5414 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 5415 l2cap_chan_unlock(chan);
6a8d3010
MH		 5416 continue;
5417 }
5418
89bc500e
GP		 5419 if (!status && (chan->state == BT_CONNECTED ||
5420 chan->state == BT_CONFIG)) {
a7d7723a
GP		 5421 struct sock *sk = chan->sk;
5422
c5daa683 5423 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 5424 sk->sk_state_change(sk);
5425
4343478f 5426 l2cap_check_encryption(chan, encrypt);
6be36555 5427 l2cap_chan_unlock(chan);
9719f8af
MH		 5428 continue;
5429 }
5430
89bc500e 5431 if (chan->state == BT_CONNECT) {
b1235d79 5432 if (!status) {
9b27f350 5433 l2cap_send_conn_req(chan);
b1235d79 5434 } else {
ba13ccd9 5435 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 5436 }
89bc500e 5437 } else if (chan->state == BT_CONNECT2) {
6be36555 5438 struct sock *sk = chan->sk;
b1235d79 5439 struct l2cap_conn_rsp rsp;
df3c3931 5440 __u16 res, stat;
1da177e4 5441
6be36555
AE		 5442 lock_sock(sk);
5443
b1235d79 5444 if (!status) {
c5daa683
GP		 5445 if (test_bit(BT_SK_DEFER_SETUP,
5446 &bt_sk(sk)->flags)) {
df3c3931
JH		 5447 struct sock *parent = bt_sk(sk)->parent;
5448 res = L2CAP_CR_PEND;
5449 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 5450 if (parent)
5451 parent->sk_data_ready(parent, 0);
df3c3931 5452 } else {
0e587be7 5453 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 5454 res = L2CAP_CR_SUCCESS;
5455 stat = L2CAP_CS_NO_INFO;
5456 }
b1235d79 5457 } else {
0e587be7 5458 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 5459 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 5460 res = L2CAP_CR_SEC_BLOCK;
5461 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 5462 }
5463
6be36555
AE		 5464 release_sock(sk);
5465
fe4128e0
GP		 5466 rsp.scid = cpu_to_le16(chan->dcid);
5467 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 5468 rsp.result = cpu_to_le16(res);
5469 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 5470 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5471 sizeof(rsp), &rsp);
b1235d79 5472 }
1da177e4 5473
6be36555 5474 l2cap_chan_unlock(chan);
1da177e4
LT		 5475 }
5476
3df91ea2 5477 mutex_unlock(&conn->chan_lock);
b1235d79 5478
1da177e4
LT		 5479 return 0;
5480}
5481
686ebf28 5482int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 5483{
5484 struct l2cap_conn *conn = hcon->l2cap_data;
5485
5a08ecce
AE		 5486 if (!conn)
5487 conn = l2cap_conn_add(hcon, 0);
5488
5489 if (!conn)
1da177e4
LT		 5490 goto drop;
5491
5492 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5493
e702112f 5494 if (!(flags & ACL_CONT)) {
1da177e4
LT		 5495 struct l2cap_hdr *hdr;
5496 int len;
5497
5498 if (conn->rx_len) {
5499 BT_ERR("Unexpected start frame (len %d)", skb->len);
5500 kfree_skb(conn->rx_skb);
5501 conn->rx_skb = NULL;
5502 conn->rx_len = 0;
5503 l2cap_conn_unreliable(conn, ECOMM);
5504 }
5505
aae7fe22
AE		 5506 /* Start fragment always begin with Basic L2CAP header */
5507 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 5508 BT_ERR("Frame is too short (len %d)", skb->len);
5509 l2cap_conn_unreliable(conn, ECOMM);
5510 goto drop;
5511 }
5512
5513 hdr = (struct l2cap_hdr *) skb->data;
5514 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
5515
5516 if (len == skb->len) {
5517 /* Complete frame received */
5518 l2cap_recv_frame(conn, skb);
5519 return 0;
5520 }
5521
5522 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
5523
5524 if (skb->len > len) {
5525 BT_ERR("Frame is too long (len %d, expected len %d)",
5526 skb->len, len);
5527 l2cap_conn_unreliable(conn, ECOMM);
5528 goto drop;
5529 }
5530
5531 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 5532 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
5533 if (!conn->rx_skb)
1da177e4
LT		 5534 goto drop;
5535
d626f62b 5536 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5537 skb->len);
1da177e4
LT		 5538 conn->rx_len = len - skb->len;
5539 } else {
5540 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5541
5542 if (!conn->rx_len) {
5543 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
5544 l2cap_conn_unreliable(conn, ECOMM);
5545 goto drop;
5546 }
5547
5548 if (skb->len > conn->rx_len) {
5549 BT_ERR("Fragment is too long (len %d, expected %d)",
5550 skb->len, conn->rx_len);
5551 kfree_skb(conn->rx_skb);
5552 conn->rx_skb = NULL;
5553 conn->rx_len = 0;
5554 l2cap_conn_unreliable(conn, ECOMM);
5555 goto drop;
5556 }
5557
d626f62b 5558 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5559 skb->len);
1da177e4
LT		 5560 conn->rx_len -= skb->len;
5561
5562 if (!conn->rx_len) {
5563 /* Complete frame received */
5564 l2cap_recv_frame(conn, conn->rx_skb);
5565 conn->rx_skb = NULL;
5566 }
5567 }
5568
5569drop:
5570 kfree_skb(skb);
5571 return 0;
5572}
5573
aef7d97c 5574static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 5575{
23691d75 5576 struct l2cap_chan *c;
1da177e4 5577
333055f2 5578 read_lock(&chan_list_lock);
1da177e4 5579
23691d75
GP		 5580 list_for_each_entry(c, &chan_list, global_l) {
5581 struct sock *sk = c->sk;
101545f6 5582
903d343e 5583 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 5584 batostr(&bt_sk(sk)->src),
5585 batostr(&bt_sk(sk)->dst),
89bc500e 5586 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 5587 c->scid, c->dcid, c->imtu, c->omtu,
5588 c->sec_level, c->mode);
61e1b4b7 5589 }
1da177e4 5590
333055f2 5591 read_unlock(&chan_list_lock);
1da177e4 5592
aef7d97c 5593 return 0;
1da177e4
LT		 5594}
5595
aef7d97c
MH		 5596static int l2cap_debugfs_open(struct inode *inode, struct file *file)
5597{
5598 return single_open(file, l2cap_debugfs_show, inode->i_private);
5599}
5600
5601static const struct file_operations l2cap_debugfs_fops = {
5602 .open = l2cap_debugfs_open,
5603 .read = seq_read,
5604 .llseek = seq_lseek,
5605 .release = single_release,
5606};
5607
5608static struct dentry *l2cap_debugfs;
1da177e4 5609
64274518 5610int __init l2cap_init(void)
1da177e4
LT		 5611{
5612 int err;
be9d1227 5613
bb58f747 5614 err = l2cap_init_sockets();
1da177e4
LT		 5615 if (err < 0)
5616 return err;
5617
aef7d97c
MH		 5618 if (bt_debugfs) {
5619 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
5620 bt_debugfs, NULL, &l2cap_debugfs_fops);
5621 if (!l2cap_debugfs)
5622 BT_ERR("Failed to create L2CAP debug file");
5623 }
1da177e4 5624
1da177e4 5625 return 0;
1da177e4
LT		 5626}
5627
64274518 5628void l2cap_exit(void)
1da177e4 5629{
aef7d97c 5630 debugfs_remove(l2cap_debugfs);
bb58f747 5631 l2cap_cleanup_sockets();
1da177e4
LT		 5632}
5633
d1c4a17d
GP		 5634module_param(disable_ertm, bool, 0644);
5635MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)