projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: move l2cap_sock_kill() to l2cap_sock.c
[deliverable/linux.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
57
dd135240 58#define VERSION "2.15"
44dd46de 59
bb58f747 60int disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 63static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 64
1890d36b
GP		 65static struct workqueue_struct *_busy_wq;
66
bb58f747 67struct bt_sock_list l2cap_sk_list = {
d5fb2962 68 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 69};
70
1890d36b
GP		 71static void l2cap_busy_work(struct work_struct *work);
72
1da177e4 73static void l2cap_sock_close(struct sock *sk);
1da177e4
LT		 74
75static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
76 u8 code, u8 ident, u16 dlen, void *data);
77
218bb9df
GP		 78static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
79
0139418c
MH		 80/* ---- L2CAP channels ---- */
81static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
82{
83 struct sock *s;
84 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
85 if (l2cap_pi(s)->dcid == cid)
86 break;
87 }
88 return s;
89}
90
91static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
92{
93 struct sock *s;
94 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
95 if (l2cap_pi(s)->scid == cid)
96 break;
97 }
98 return s;
99}
100
101/* Find channel with given SCID.
102 * Returns locked socket */
103static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
104{
105 struct sock *s;
106 read_lock(&l->lock);
107 s = __l2cap_get_chan_by_scid(l, cid);
af05b30b
GP		 108 if (s)
109 bh_lock_sock(s);
0139418c
MH		 110 read_unlock(&l->lock);
111 return s;
112}
113
114static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
115{
116 struct sock *s;
117 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
118 if (l2cap_pi(s)->ident == ident)
119 break;
120 }
121 return s;
122}
123
124static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
125{
126 struct sock *s;
127 read_lock(&l->lock);
128 s = __l2cap_get_chan_by_ident(l, ident);
af05b30b
GP		 129 if (s)
130 bh_lock_sock(s);
0139418c
MH		 131 read_unlock(&l->lock);
132 return s;
133}
134
135static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
136{
8db4dc46 137 u16 cid = L2CAP_CID_DYN_START;
0139418c 138
8db4dc46 139 for (; cid < L2CAP_CID_DYN_END; cid++) {
af05b30b 140 if (!__l2cap_get_chan_by_scid(l, cid))
0139418c
MH		 141 return cid;
142 }
143
144 return 0;
145}
146
147static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
148{
149 sock_hold(sk);
150
151 if (l->head)
152 l2cap_pi(l->head)->prev_c = sk;
153
154 l2cap_pi(sk)->next_c = l->head;
155 l2cap_pi(sk)->prev_c = NULL;
156 l->head = sk;
157}
158
159static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
160{
161 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
162
fd1278d7 163 write_lock_bh(&l->lock);
0139418c
MH		 164 if (sk == l->head)
165 l->head = next;
166
167 if (next)
168 l2cap_pi(next)->prev_c = prev;
169 if (prev)
170 l2cap_pi(prev)->next_c = next;
fd1278d7 171 write_unlock_bh(&l->lock);
0139418c
MH		 172
173 __sock_put(sk);
174}
175
176static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
177{
178 struct l2cap_chan_list *l = &conn->chan_list;
179
af05b30b
GP		 180 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
181 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
0139418c 182
2950f21a
MH		 183 conn->disc_reason = 0x13;
184
0139418c
MH		 185 l2cap_pi(sk)->conn = conn;
186
bd3c9e25 187 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
0139418c
MH		 188 /* Alloc CID for connection-oriented socket */
189 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
190 } else if (sk->sk_type == SOCK_DGRAM) {
191 /* Connectionless socket */
8db4dc46
GP		 192 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
193 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
0139418c
MH		 194 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
195 } else {
196 /* Raw socket can send/recv signalling messages only */
8db4dc46
GP		 197 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
198 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
0139418c
MH		 199 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
200 }
201
202 __l2cap_chan_link(l, sk);
203
204 if (parent)
205 bt_accept_enqueue(parent, sk);
206}
207
8e87d142 208/* Delete channel.
0139418c
MH		 209 * Must be called on the locked socket. */
210static void l2cap_chan_del(struct sock *sk, int err)
211{
212 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
213 struct sock *parent = bt_sk(sk)->parent;
214
215 l2cap_sock_clear_timer(sk);
216
217 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
218
8e87d142 219 if (conn) {
0139418c
MH		 220 /* Unlink from channel list */
221 l2cap_chan_unlink(&conn->chan_list, sk);
222 l2cap_pi(sk)->conn = NULL;
223 hci_conn_put(conn->hcon);
224 }
225
b1235d79 226 sk->sk_state = BT_CLOSED;
0139418c
MH		 227 sock_set_flag(sk, SOCK_ZAPPED);
228
229 if (err)
230 sk->sk_err = err;
231
232 if (parent) {
233 bt_accept_unlink(sk);
234 parent->sk_data_ready(parent, 0);
235 } else
236 sk->sk_state_change(sk);
c13ffa62
GP		 237
238 skb_queue_purge(TX_QUEUE(sk));
239
240 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
241 struct srej_list *l, *tmp;
242
243 del_timer(&l2cap_pi(sk)->retrans_timer);
244 del_timer(&l2cap_pi(sk)->monitor_timer);
245 del_timer(&l2cap_pi(sk)->ack_timer);
246
247 skb_queue_purge(SREJ_QUEUE(sk));
248 skb_queue_purge(BUSY_QUEUE(sk));
249
250 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
251 list_del(&l->list);
252 kfree(l);
253 }
254 }
0139418c
MH		 255}
256
8556edd3 257static inline u8 l2cap_get_auth_type(struct sock *sk)
79d554a6 258{
8556edd3
JH		 259 if (sk->sk_type == SOCK_RAW) {
260 switch (l2cap_pi(sk)->sec_level) {
261 case BT_SECURITY_HIGH:
262 return HCI_AT_DEDICATED_BONDING_MITM;
263 case BT_SECURITY_MEDIUM:
264 return HCI_AT_DEDICATED_BONDING;
265 default:
266 return HCI_AT_NO_BONDING;
267 }
268 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
269 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
270 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
0684e5f9 271
00ae4af9 272 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8556edd3 273 return HCI_AT_NO_BONDING_MITM;
00ae4af9 274 else
8556edd3 275 return HCI_AT_NO_BONDING;
00ae4af9
MH		 276 } else {
277 switch (l2cap_pi(sk)->sec_level) {
278 case BT_SECURITY_HIGH:
8556edd3 279 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 280 case BT_SECURITY_MEDIUM:
8556edd3 281 return HCI_AT_GENERAL_BONDING;
00ae4af9 282 default:
8556edd3 283 return HCI_AT_NO_BONDING;
00ae4af9 284 }
0684e5f9 285 }
8556edd3
JH		 286}
287
288/* Service level security */
289static inline int l2cap_check_security(struct sock *sk)
290{
291 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
292 __u8 auth_type;
293
294 auth_type = l2cap_get_auth_type(sk);
79d554a6 295
0684e5f9
MH		 296 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
297 auth_type);
79d554a6
MH		 298}
299
68983259 300u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 301{
302 u8 id;
303
304 /* Get next available identificator.
305 * 1 - 128 are used by kernel.
306 * 129 - 199 are reserved.
307 * 200 - 254 are used by utilities like l2ping, etc.
308 */
309
310 spin_lock_bh(&conn->lock);
311
312 if (++conn->tx_ident > 128)
313 conn->tx_ident = 1;
314
315 id = conn->tx_ident;
316
317 spin_unlock_bh(&conn->lock);
318
319 return id;
320}
321
68983259 322void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 323{
324 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 325 u8 flags;
4e8402a3
MH		 326
327 BT_DBG("code 0x%2.2x", code);
328
329 if (!skb)
9a9c6a34 330 return;
4e8402a3 331
e702112f
AE		 332 if (lmp_no_flush_capable(conn->hcon->hdev))
333 flags = ACL_START_NO_FLUSH;
334 else
335 flags = ACL_START;
336
337 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 338}
339
9a9c6a34 340static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
1c2acffb
GP		 341{
342 struct sk_buff *skb;
343 struct l2cap_hdr *lh;
344 struct l2cap_conn *conn = pi->conn;
c13ffa62 345 struct sock *sk = (struct sock *)pi;
fcc203c3 346 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 347 u8 flags;
fcc203c3 348
c13ffa62
GP		 349 if (sk->sk_state != BT_CONNECTED)
350 return;
351
fcc203c3
GP		 352 if (pi->fcs == L2CAP_FCS_CRC16)
353 hlen += 2;
1c2acffb
GP		 354
355 BT_DBG("pi %p, control 0x%2.2x", pi, control);
356
fcc203c3 357 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 358 control |= L2CAP_CTRL_FRAME_TYPE;
359
9e917af1
GP		 360 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
361 control |= L2CAP_CTRL_FINAL;
362 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
363 }
364
f0946ccf
GP		 365 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
366 control |= L2CAP_CTRL_POLL;
367 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
368 }
369
1c2acffb
GP		 370 skb = bt_skb_alloc(count, GFP_ATOMIC);
371 if (!skb)
9a9c6a34 372 return;
1c2acffb
GP		 373
374 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 375 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
1c2acffb
GP		 376 lh->cid = cpu_to_le16(pi->dcid);
377 put_unaligned_le16(control, skb_put(skb, 2));
378
fcc203c3
GP		 379 if (pi->fcs == L2CAP_FCS_CRC16) {
380 u16 fcs = crc16(0, (u8 *)lh, count - 2);
381 put_unaligned_le16(fcs, skb_put(skb, 2));
382 }
383
e702112f
AE		 384 if (lmp_no_flush_capable(conn->hcon->hdev))
385 flags = ACL_START_NO_FLUSH;
386 else
387 flags = ACL_START;
388
389 hci_send_acl(pi->conn->hcon, skb, flags);
1c2acffb
GP		 390}
391
9a9c6a34 392static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
7e743090 393{
1890d36b 394 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
7e743090 395 control |= L2CAP_SUPER_RCV_NOT_READY;
1890d36b
GP		 396 pi->conn_state |= L2CAP_CONN_RNR_SENT;
397 } else
7e743090
GP		 398 control |= L2CAP_SUPER_RCV_READY;
399
2ab25cdd
GP		 400 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
401
9a9c6a34 402 l2cap_send_sframe(pi, control);
7e743090
GP		 403}
404
e501d055
AE		 405static inline int __l2cap_no_conn_pending(struct sock *sk)
406{
407 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
408}
409
79d554a6
MH		 410static void l2cap_do_start(struct sock *sk)
411{
412 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
413
414 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 415 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
416 return;
417
e501d055 418 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
b1235d79
MH		 419 struct l2cap_conn_req req;
420 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
421 req.psm = l2cap_pi(sk)->psm;
79d554a6 422
b1235d79 423 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
e501d055 424 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
79d554a6 425
b1235d79 426 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 427 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 428 }
79d554a6
MH		 429 } else {
430 struct l2cap_info_req req;
431 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
432
433 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
434 conn->info_ident = l2cap_get_ident(conn);
435
436 mod_timer(&conn->info_timer, jiffies +
437 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
438
439 l2cap_send_cmd(conn, conn->info_ident,
440 L2CAP_INFO_REQ, sizeof(req), &req);
441 }
442}
443
cf6c2c0b
GP		 444static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
445{
446 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 447 if (!disable_ertm)
cf6c2c0b
GP		 448 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
449
450 switch (mode) {
451 case L2CAP_MODE_ERTM:
452 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
453 case L2CAP_MODE_STREAMING:
454 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
455 default:
456 return 0x00;
457 }
458}
459
9b108fc0 460static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
22121fc9
GP		 461{
462 struct l2cap_disconn_req req;
463
c13ffa62
GP		 464 if (!conn)
465 return;
466
467 skb_queue_purge(TX_QUEUE(sk));
468
469 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
470 del_timer(&l2cap_pi(sk)->retrans_timer);
471 del_timer(&l2cap_pi(sk)->monitor_timer);
472 del_timer(&l2cap_pi(sk)->ack_timer);
473 }
474
22121fc9
GP		 475 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
476 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
477 l2cap_send_cmd(conn, l2cap_get_ident(conn),
478 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62
GP		 479
480 sk->sk_state = BT_DISCONN;
9b108fc0 481 sk->sk_err = err;
22121fc9
GP		 482}
483
1da177e4 484/* ---- L2CAP connections ---- */
4e8402a3
MH		 485static void l2cap_conn_start(struct l2cap_conn *conn)
486{
487 struct l2cap_chan_list *l = &conn->chan_list;
cf6c2c0b 488 struct sock_del_list del, *tmp1, *tmp2;
4e8402a3
MH		 489 struct sock *sk;
490
491 BT_DBG("conn %p", conn);
492
cf6c2c0b
GP		 493 INIT_LIST_HEAD(&del.list);
494
4e8402a3
MH		 495 read_lock(&l->lock);
496
497 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
498 bh_lock_sock(sk);
499
bd3c9e25
GP		 500 if (sk->sk_type != SOCK_SEQPACKET &&
501 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 502 bh_unlock_sock(sk);
503 continue;
504 }
505
506 if (sk->sk_state == BT_CONNECT) {
47731de7 507 struct l2cap_conn_req req;
79d554a6 508
47731de7
GP		 509 if (!l2cap_check_security(sk) ||
510 !__l2cap_no_conn_pending(sk)) {
511 bh_unlock_sock(sk);
512 continue;
513 }
79d554a6 514
47731de7
GP		 515 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
516 conn->feat_mask)
517 && l2cap_pi(sk)->conf_state &
518 L2CAP_CONF_STATE2_DEVICE) {
519 tmp1 = kzalloc(sizeof(struct sock_del_list),
520 GFP_ATOMIC);
521 tmp1->sk = sk;
522 list_add_tail(&tmp1->list, &del.list);
523 bh_unlock_sock(sk);
524 continue;
b1235d79 525 }
47731de7
GP		 526
527 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
528 req.psm = l2cap_pi(sk)->psm;
529
530 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
531 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
532
533 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
534 L2CAP_CONN_REQ, sizeof(req), &req);
535
79d554a6
MH		 536 } else if (sk->sk_state == BT_CONNECT2) {
537 struct l2cap_conn_rsp rsp;
e9aeb2dd 538 char buf[128];
79d554a6
MH		 539 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
540 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
541
2af6b9d5 542 if (l2cap_check_security(sk)) {
f66dc81f
MH		 543 if (bt_sk(sk)->defer_setup) {
544 struct sock *parent = bt_sk(sk)->parent;
545 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
546 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
547 parent->sk_data_ready(parent, 0);
548
549 } else {
550 sk->sk_state = BT_CONFIG;
551 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
552 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
553 }
79d554a6
MH		 554 } else {
555 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
556 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
557 }
558
559 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
560 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
e9aeb2dd
GP		 561
562 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
563 rsp.result != L2CAP_CR_SUCCESS) {
564 bh_unlock_sock(sk);
565 continue;
566 }
567
568 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
569 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
570 l2cap_build_conf_req(sk, buf), buf);
571 l2cap_pi(sk)->num_conf_req++;
4e8402a3
MH		 572 }
573
574 bh_unlock_sock(sk);
575 }
576
577 read_unlock(&l->lock);
cf6c2c0b
GP		 578
579 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
580 bh_lock_sock(tmp1->sk);
581 __l2cap_sock_close(tmp1->sk, ECONNRESET);
582 bh_unlock_sock(tmp1->sk);
583 list_del(&tmp1->list);
584 kfree(tmp1);
585 }
4e8402a3
MH		 586}
587
588static void l2cap_conn_ready(struct l2cap_conn *conn)
589{
79d554a6
MH		 590 struct l2cap_chan_list *l = &conn->chan_list;
591 struct sock *sk;
4e8402a3 592
79d554a6 593 BT_DBG("conn %p", conn);
4e8402a3 594
79d554a6 595 read_lock(&l->lock);
4e8402a3 596
79d554a6
MH		 597 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
598 bh_lock_sock(sk);
4e8402a3 599
bd3c9e25
GP		 600 if (sk->sk_type != SOCK_SEQPACKET &&
601 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 602 l2cap_sock_clear_timer(sk);
603 sk->sk_state = BT_CONNECTED;
604 sk->sk_state_change(sk);
605 } else if (sk->sk_state == BT_CONNECT)
606 l2cap_do_start(sk);
4e8402a3 607
79d554a6 608 bh_unlock_sock(sk);
4e8402a3 609 }
79d554a6
MH		 610
611 read_unlock(&l->lock);
4e8402a3
MH		 612}
613
614/* Notify sockets that we cannot guaranty reliability anymore */
615static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
616{
617 struct l2cap_chan_list *l = &conn->chan_list;
618 struct sock *sk;
619
620 BT_DBG("conn %p", conn);
621
622 read_lock(&l->lock);
623
624 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 625 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 626 sk->sk_err = err;
627 }
628
629 read_unlock(&l->lock);
630}
631
632static void l2cap_info_timeout(unsigned long arg)
633{
634 struct l2cap_conn *conn = (void *) arg;
635
984947dc 636 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 637 conn->info_ident = 0;
984947dc 638
4e8402a3
MH		 639 l2cap_conn_start(conn);
640}
641
1da177e4
LT		 642static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
643{
0139418c 644 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 645
0139418c 646 if (conn || status)
1da177e4
LT		 647 return conn;
648
0139418c
MH		 649 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
650 if (!conn)
1da177e4 651 return NULL;
1da177e4
LT		 652
653 hcon->l2cap_data = conn;
654 conn->hcon = hcon;
655
0139418c
MH		 656 BT_DBG("hcon %p conn %p", hcon, conn);
657
1da177e4
LT		 658 conn->mtu = hcon->hdev->acl_mtu;
659 conn->src = &hcon->hdev->bdaddr;
660 conn->dst = &hcon->dst;
661
4e8402a3
MH		 662 conn->feat_mask = 0;
663
1da177e4
LT		 664 spin_lock_init(&conn->lock);
665 rwlock_init(&conn->chan_list.lock);
666
45054dc1
DY		 667 setup_timer(&conn->info_timer, l2cap_info_timeout,
668 (unsigned long) conn);
669
2950f21a
MH		 670 conn->disc_reason = 0x13;
671
1da177e4
LT		 672 return conn;
673}
674
0139418c 675static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 676{
0139418c 677 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 678 struct sock *sk;
679
0139418c
MH		 680 if (!conn)
681 return;
1da177e4
LT		 682
683 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
684
7585b97a 685 kfree_skb(conn->rx_skb);
1da177e4
LT		 686
687 /* Kill channels */
688 while ((sk = conn->chan_list.head)) {
689 bh_lock_sock(sk);
690 l2cap_chan_del(sk, err);
691 bh_unlock_sock(sk);
692 l2cap_sock_kill(sk);
693 }
694
8e8440f5
DY		 695 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
696 del_timer_sync(&conn->info_timer);
3ab22731 697
1da177e4
LT		 698 hcon->l2cap_data = NULL;
699 kfree(conn);
1da177e4
LT		 700}
701
702static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
703{
704 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 705 write_lock_bh(&l->lock);
1da177e4 706 __l2cap_chan_add(conn, sk, parent);
fd1278d7 707 write_unlock_bh(&l->lock);
1da177e4
LT		 708}
709
1da177e4 710/* ---- Socket interface ---- */
1da177e4
LT		 711
712/* Find socket with psm and source bdaddr.
713 * Returns closest match.
714 */
e0f0cb56 715static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 716{
717 struct sock *sk = NULL, *sk1 = NULL;
718 struct hlist_node *node;
719
e0f0cb56
GP		 720 read_lock(&l2cap_sk_list.lock);
721
1da177e4
LT		 722 sk_for_each(sk, node, &l2cap_sk_list.head) {
723 if (state && sk->sk_state != state)
724 continue;
725
726 if (l2cap_pi(sk)->psm == psm) {
727 /* Exact match. */
728 if (!bacmp(&bt_sk(sk)->src, src))
729 break;
730
731 /* Closest match */
732 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
733 sk1 = sk;
734 }
735 }
1da177e4 736
1da177e4 737 read_unlock(&l2cap_sk_list.lock);
e0f0cb56
GP		 738
739 return node ? sk : sk1;
1da177e4
LT		 740}
741
1da177e4
LT		 742static void l2cap_sock_cleanup_listen(struct sock *parent)
743{
744 struct sock *sk;
745
746 BT_DBG("parent %p", parent);
747
748 /* Close not yet accepted channels */
749 while ((sk = bt_accept_dequeue(parent, NULL)))
750 l2cap_sock_close(sk);
751
b1235d79 752 parent->sk_state = BT_CLOSED;
1da177e4
LT		 753 sock_set_flag(parent, SOCK_ZAPPED);
754}
755
bb58f747 756void __l2cap_sock_close(struct sock *sk, int reason)
1da177e4
LT		 757{
758 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
759
760 switch (sk->sk_state) {
761 case BT_LISTEN:
762 l2cap_sock_cleanup_listen(sk);
763 break;
764
765 case BT_CONNECTED:
766 case BT_CONFIG:
bd3c9e25
GP		 767 if (sk->sk_type == SOCK_SEQPACKET ||
768 sk->sk_type == SOCK_STREAM) {
1da177e4 769 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1da177e4 770
1da177e4 771 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
9b108fc0 772 l2cap_send_disconn_req(conn, sk, reason);
b1235d79 773 } else
1da177e4 774 l2cap_chan_del(sk, reason);
1da177e4
LT		 775 break;
776
f66dc81f 777 case BT_CONNECT2:
bd3c9e25
GP		 778 if (sk->sk_type == SOCK_SEQPACKET ||
779 sk->sk_type == SOCK_STREAM) {
f66dc81f
MH		 780 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
781 struct l2cap_conn_rsp rsp;
782 __u16 result;
783
784 if (bt_sk(sk)->defer_setup)
785 result = L2CAP_CR_SEC_BLOCK;
786 else
787 result = L2CAP_CR_BAD_PSM;
e733fb62 788 sk->sk_state = BT_DISCONN;
f66dc81f
MH		 789
790 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
791 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
792 rsp.result = cpu_to_le16(result);
793 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
794 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
795 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
796 } else
797 l2cap_chan_del(sk, reason);
798 break;
799
1da177e4
LT		 800 case BT_CONNECT:
801 case BT_DISCONN:
802 l2cap_chan_del(sk, reason);
803 break;
804
805 default:
806 sock_set_flag(sk, SOCK_ZAPPED);
807 break;
808 }
809}
810
811/* Must be called on unlocked socket. */
812static void l2cap_sock_close(struct sock *sk)
813{
814 l2cap_sock_clear_timer(sk);
815 lock_sock(sk);
816 __l2cap_sock_close(sk, ECONNRESET);
817 release_sock(sk);
818 l2cap_sock_kill(sk);
819}
820
4e34c50b 821int l2cap_do_connect(struct sock *sk)
1da177e4
LT		 822{
823 bdaddr_t *src = &bt_sk(sk)->src;
824 bdaddr_t *dst = &bt_sk(sk)->dst;
825 struct l2cap_conn *conn;
826 struct hci_conn *hcon;
827 struct hci_dev *hdev;
09ab6f4c 828 __u8 auth_type;
44d0e48e 829 int err;
1da177e4 830
f29972de
MH		 831 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
832 l2cap_pi(sk)->psm);
1da177e4 833
af05b30b
GP		 834 hdev = hci_get_route(dst, src);
835 if (!hdev)
1da177e4
LT		 836 return -EHOSTUNREACH;
837
838 hci_dev_lock_bh(hdev);
839
840 err = -ENOMEM;
841
8556edd3 842 auth_type = l2cap_get_auth_type(sk);
09ab6f4c 843
2af6b9d5
MH		 844 hcon = hci_connect(hdev, ACL_LINK, dst,
845 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 846 if (!hcon)
847 goto done;
848
849 conn = l2cap_conn_add(hcon, 0);
850 if (!conn) {
851 hci_conn_put(hcon);
852 goto done;
853 }
854
855 err = 0;
856
857 /* Update source addr of the socket */
858 bacpy(src, conn->src);
859
860 l2cap_chan_add(conn, sk, NULL);
861
862 sk->sk_state = BT_CONNECT;
863 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
864
865 if (hcon->state == BT_CONNECTED) {
bd3c9e25
GP		 866 if (sk->sk_type != SOCK_SEQPACKET &&
867 sk->sk_type != SOCK_STREAM) {
1da177e4 868 l2cap_sock_clear_timer(sk);
d00ef24f
JH		 869 if (l2cap_check_security(sk))
870 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 871 } else
872 l2cap_do_start(sk);
1da177e4
LT		 873 }
874
875done:
876 hci_dev_unlock_bh(hdev);
877 hci_dev_put(hdev);
878 return err;
879}
880
dcba0dba 881int __l2cap_wait_ack(struct sock *sk)
6161c038
GP		 882{
883 DECLARE_WAITQUEUE(wait, current);
884 int err = 0;
885 int timeo = HZ/5;
886
2b0b05dd 887 add_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 888 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
889 set_current_state(TASK_INTERRUPTIBLE);
890
891 if (!timeo)
892 timeo = HZ/5;
893
894 if (signal_pending(current)) {
895 err = sock_intr_errno(timeo);
896 break;
897 }
898
899 release_sock(sk);
900 timeo = schedule_timeout(timeo);
901 lock_sock(sk);
902
903 err = sock_error(sk);
904 if (err)
905 break;
906 }
907 set_current_state(TASK_RUNNING);
2b0b05dd 908 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 909 return err;
910}
911
e90bac06
GP		 912static void l2cap_monitor_timeout(unsigned long arg)
913{
914 struct sock *sk = (void *) arg;
e90bac06 915
0e98958d
GP		 916 BT_DBG("sk %p", sk);
917
e686219a 918 bh_lock_sock(sk);
e90bac06 919 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
9b108fc0 920 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
b13f5860 921 bh_unlock_sock(sk);
e90bac06
GP		 922 return;
923 }
924
925 l2cap_pi(sk)->retry_count++;
926 __mod_monitor_timer();
927
a2e12a2a 928 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
e686219a 929 bh_unlock_sock(sk);
e90bac06
GP		 930}
931
932static void l2cap_retrans_timeout(unsigned long arg)
933{
934 struct sock *sk = (void *) arg;
e90bac06 935
0e98958d
GP		 936 BT_DBG("sk %p", sk);
937
e686219a 938 bh_lock_sock(sk);
e90bac06
GP		 939 l2cap_pi(sk)->retry_count = 1;
940 __mod_monitor_timer();
941
942 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
943
a2e12a2a 944 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
e686219a 945 bh_unlock_sock(sk);
e90bac06
GP		 946}
947
1c2acffb 948static void l2cap_drop_acked_frames(struct sock *sk)
1da177e4 949{
1c2acffb 950 struct sk_buff *skb;
1da177e4 951
812e737e
GP		 952 while ((skb = skb_peek(TX_QUEUE(sk))) &&
953 l2cap_pi(sk)->unacked_frames) {
1c2acffb
GP		 954 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
955 break;
1da177e4 956
1c2acffb
GP		 957 skb = skb_dequeue(TX_QUEUE(sk));
958 kfree_skb(skb);
1da177e4 959
1c2acffb
GP		 960 l2cap_pi(sk)->unacked_frames--;
961 }
1da177e4 962
e90bac06
GP		 963 if (!l2cap_pi(sk)->unacked_frames)
964 del_timer(&l2cap_pi(sk)->retrans_timer);
1c2acffb 965}
1da177e4 966
fd83ccdb 967void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1c2acffb
GP		 968{
969 struct l2cap_pinfo *pi = l2cap_pi(sk);
e702112f
AE		 970 struct hci_conn *hcon = pi->conn->hcon;
971 u16 flags;
1c2acffb
GP		 972
973 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1da177e4 974
e702112f
AE		 975 if (!pi->flushable && lmp_no_flush_capable(hcon->hdev))
976 flags = ACL_START_NO_FLUSH;
977 else
978 flags = ACL_START;
979
980 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 981}
982
fd83ccdb 983void l2cap_streaming_send(struct sock *sk)
6840ed07 984{
ccbb84af 985 struct sk_buff *skb;
6840ed07 986 struct l2cap_pinfo *pi = l2cap_pi(sk);
fcc203c3 987 u16 control, fcs;
6840ed07 988
ccbb84af
GP		 989 while ((skb = skb_dequeue(TX_QUEUE(sk)))) {
990 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
6840ed07 991 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 992 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 993
e8235c6b 994 if (pi->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 995 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
996 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 997 }
998
ccbb84af 999 l2cap_do_send(sk, skb);
6840ed07
GP		 1000
1001 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
6840ed07 1002 }
6840ed07
GP		 1003}
1004
dfc909be 1005static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
8f17154f
GP		 1006{
1007 struct l2cap_pinfo *pi = l2cap_pi(sk);
1008 struct sk_buff *skb, *tx_skb;
1009 u16 control, fcs;
8f17154f
GP		 1010
1011 skb = skb_peek(TX_QUEUE(sk));
f11d676d
GP		 1012 if (!skb)
1013 return;
8f17154f 1014
f11d676d
GP		 1015 do {
1016 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1017 break;
8f17154f 1018
f11d676d
GP		 1019 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1020 return;
8f17154f 1021
f11d676d 1022 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
8f17154f 1023
f11d676d
GP		 1024 if (pi->remote_max_tx &&
1025 bt_cb(skb)->retries == pi->remote_max_tx) {
9b108fc0 1026 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
f11d676d
GP		 1027 return;
1028 }
1029
1030 tx_skb = skb_clone(skb, GFP_ATOMIC);
1031 bt_cb(skb)->retries++;
1032 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
3cb123d1
GP		 1033
1034 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1035 control |= L2CAP_CTRL_FINAL;
1036 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1037 }
95ffa978 1038
f11d676d
GP		 1039 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1040 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1041
f11d676d
GP		 1042 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1043
1044 if (pi->fcs == L2CAP_FCS_CRC16) {
1045 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1046 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1047 }
1048
1049 l2cap_do_send(sk, tx_skb);
8f17154f
GP		 1050}
1051
fd83ccdb 1052int l2cap_ertm_send(struct sock *sk)
1c2acffb
GP		 1053{
1054 struct sk_buff *skb, *tx_skb;
1055 struct l2cap_pinfo *pi = l2cap_pi(sk);
fcc203c3 1056 u16 control, fcs;
9a9c6a34 1057 int nsent = 0;
1c2acffb 1058
c13ffa62
GP		 1059 if (sk->sk_state != BT_CONNECTED)
1060 return -ENOTCONN;
e90bac06 1061
6e2b6722 1062 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1c2acffb 1063
e90bac06
GP		 1064 if (pi->remote_max_tx &&
1065 bt_cb(skb)->retries == pi->remote_max_tx) {
9b108fc0 1066 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
e90bac06
GP		 1067 break;
1068 }
1069
e420aba3
AE		 1070 tx_skb = skb_clone(skb, GFP_ATOMIC);
1071
e90bac06
GP		 1072 bt_cb(skb)->retries++;
1073
1c2acffb 1074 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1075 control &= L2CAP_CTRL_SAR;
1076
d5392c8f
GP		 1077 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1078 control |= L2CAP_CTRL_FINAL;
1079 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1080 }
9f121a5a 1081 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1c2acffb
GP		 1082 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1083 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1084
e90bac06 1085
e8235c6b 1086 if (pi->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1087 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1088 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1089 }
1090
9a9c6a34
GP		 1091 l2cap_do_send(sk, tx_skb);
1092
e90bac06 1093 __mod_retrans_timer();
1c2acffb
GP		 1094
1095 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1096 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1097
1098 pi->unacked_frames++;
d5392c8f 1099 pi->frames_sent++;
1c2acffb
GP		 1100
1101 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1102 sk->sk_send_head = NULL;
1103 else
1104 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
9e917af1
GP		 1105
1106 nsent++;
1c2acffb
GP		 1107 }
1108
9e917af1
GP		 1109 return nsent;
1110}
1111
dfc909be
GP		 1112static int l2cap_retransmit_frames(struct sock *sk)
1113{
1114 struct l2cap_pinfo *pi = l2cap_pi(sk);
1115 int ret;
1116
dfc909be
GP		 1117 if (!skb_queue_empty(TX_QUEUE(sk)))
1118 sk->sk_send_head = TX_QUEUE(sk)->next;
1119
1120 pi->next_tx_seq = pi->expected_ack_seq;
1121 ret = l2cap_ertm_send(sk);
dfc909be
GP		 1122 return ret;
1123}
1124
9a9c6a34 1125static void l2cap_send_ack(struct l2cap_pinfo *pi)
9e917af1
GP		 1126{
1127 struct sock *sk = (struct sock *)pi;
1128 u16 control = 0;
1129
1130 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1131
1132 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1133 control |= L2CAP_SUPER_RCV_NOT_READY;
1890d36b 1134 pi->conn_state |= L2CAP_CONN_RNR_SENT;
9a9c6a34
GP		 1135 l2cap_send_sframe(pi, control);
1136 return;
9e917af1 1137 }
dfc909be 1138
e0f66218 1139 if (l2cap_ertm_send(sk) > 0)
dfc909be
GP		 1140 return;
1141
1142 control |= L2CAP_SUPER_RCV_READY;
1143 l2cap_send_sframe(pi, control);
1c2acffb
GP		 1144}
1145
9a9c6a34 1146static void l2cap_send_srejtail(struct sock *sk)
99b0d4b7
GP		 1147{
1148 struct srej_list *tail;
1149 u16 control;
1150
1151 control = L2CAP_SUPER_SELECT_REJECT;
1152 control |= L2CAP_CTRL_FINAL;
1153
1154 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1155 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1156
1157 l2cap_send_sframe(l2cap_pi(sk), control);
99b0d4b7
GP		 1158}
1159
1c2acffb
GP		 1160static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1161{
1162 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1163 struct sk_buff **frag;
1164 int err, sent = 0;
1da177e4 1165
59203a21 1166 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1167 return -EFAULT;
1da177e4
LT		 1168
1169 sent += count;
1170 len -= count;
1171
1172 /* Continuation fragments (no L2CAP header) */
1173 frag = &skb_shinfo(skb)->frag_list;
1174 while (len) {
1175 count = min_t(unsigned int, conn->mtu, len);
1176
1177 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1178 if (!*frag)
0175d629 1179 return err;
1c2acffb
GP		 1180 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1181 return -EFAULT;
1da177e4
LT		 1182
1183 sent += count;
1184 len -= count;
1185
1186 frag = &(*frag)->next;
1187 }
1da177e4
LT		 1188
1189 return sent;
1c2acffb 1190}
1da177e4 1191
fd83ccdb 1192struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1c2acffb
GP		 1193{
1194 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1195 struct sk_buff *skb;
1196 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1197 struct l2cap_hdr *lh;
1198
1199 BT_DBG("sk %p len %d", sk, (int)len);
1200
1201 count = min_t(unsigned int, (conn->mtu - hlen), len);
1202 skb = bt_skb_send_alloc(sk, count + hlen,
1203 msg->msg_flags & MSG_DONTWAIT, &err);
1204 if (!skb)
0175d629 1205 return ERR_PTR(err);
1c2acffb
GP		 1206
1207 /* Create L2CAP header */
1208 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1209 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1210 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1211 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1212
1213 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1214 if (unlikely(err < 0)) {
1215 kfree_skb(skb);
1216 return ERR_PTR(err);
1217 }
1218 return skb;
1219}
1220
fd83ccdb 1221struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1c2acffb
GP		 1222{
1223 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1224 struct sk_buff *skb;
1225 int err, count, hlen = L2CAP_HDR_SIZE;
1226 struct l2cap_hdr *lh;
1227
1228 BT_DBG("sk %p len %d", sk, (int)len);
1229
1230 count = min_t(unsigned int, (conn->mtu - hlen), len);
1231 skb = bt_skb_send_alloc(sk, count + hlen,
1232 msg->msg_flags & MSG_DONTWAIT, &err);
1233 if (!skb)
0175d629 1234 return ERR_PTR(err);
1c2acffb
GP		 1235
1236 /* Create L2CAP header */
1237 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1238 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1239 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1240
1241 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1242 if (unlikely(err < 0)) {
1243 kfree_skb(skb);
1244 return ERR_PTR(err);
1245 }
1246 return skb;
1247}
1248
fd83ccdb 1249struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1c2acffb
GP		 1250{
1251 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1252 struct sk_buff *skb;
1253 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1254 struct l2cap_hdr *lh;
1255
1256 BT_DBG("sk %p len %d", sk, (int)len);
1257
0ee0d208
GP		 1258 if (!conn)
1259 return ERR_PTR(-ENOTCONN);
1260
c74e560c
GP		 1261 if (sdulen)
1262 hlen += 2;
1263
fcc203c3
GP		 1264 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1265 hlen += 2;
1266
1c2acffb
GP		 1267 count = min_t(unsigned int, (conn->mtu - hlen), len);
1268 skb = bt_skb_send_alloc(sk, count + hlen,
1269 msg->msg_flags & MSG_DONTWAIT, &err);
1270 if (!skb)
0175d629 1271 return ERR_PTR(err);
1c2acffb
GP		 1272
1273 /* Create L2CAP header */
1274 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1275 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1276 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1277 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1278 if (sdulen)
1279 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1280
1281 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1282 if (unlikely(err < 0)) {
1283 kfree_skb(skb);
1284 return ERR_PTR(err);
1285 }
e90bac06 1286
fcc203c3
GP		 1287 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1288 put_unaligned_le16(0, skb_put(skb, 2));
1289
e90bac06 1290 bt_cb(skb)->retries = 0;
1c2acffb 1291 return skb;
1da177e4
LT		 1292}
1293
fd83ccdb 1294int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
c74e560c
GP		 1295{
1296 struct l2cap_pinfo *pi = l2cap_pi(sk);
1297 struct sk_buff *skb;
1298 struct sk_buff_head sar_queue;
1299 u16 control;
1300 size_t size = 0;
1301
ff12fd64 1302 skb_queue_head_init(&sar_queue);
c74e560c 1303 control = L2CAP_SDU_START;
1c762159 1304 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
c74e560c
GP		 1305 if (IS_ERR(skb))
1306 return PTR_ERR(skb);
1307
1308 __skb_queue_tail(&sar_queue, skb);
1c762159
GP		 1309 len -= pi->remote_mps;
1310 size += pi->remote_mps;
c74e560c
GP		 1311
1312 while (len > 0) {
1313 size_t buflen;
1314
1c762159 1315 if (len > pi->remote_mps) {
44651b85 1316 control = L2CAP_SDU_CONTINUE;
1c762159 1317 buflen = pi->remote_mps;
c74e560c 1318 } else {
44651b85 1319 control = L2CAP_SDU_END;
c74e560c
GP		 1320 buflen = len;
1321 }
1322
6840ed07 1323 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
c74e560c
GP		 1324 if (IS_ERR(skb)) {
1325 skb_queue_purge(&sar_queue);
1326 return PTR_ERR(skb);
1327 }
1328
1329 __skb_queue_tail(&sar_queue, skb);
1330 len -= buflen;
1331 size += buflen;
c74e560c
GP		 1332 }
1333 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1334 if (sk->sk_send_head == NULL)
1335 sk->sk_send_head = sar_queue.next;
1336
1337 return size;
1338}
1339
1da177e4
LT		 1340static void l2cap_chan_ready(struct sock *sk)
1341{
1342 struct sock *parent = bt_sk(sk)->parent;
1343
1344 BT_DBG("sk %p, parent %p", sk, parent);
1345
1346 l2cap_pi(sk)->conf_state = 0;
1347 l2cap_sock_clear_timer(sk);
1348
1349 if (!parent) {
1350 /* Outgoing channel.
1351 * Wake up socket sleeping on connect.
1352 */
1353 sk->sk_state = BT_CONNECTED;
1354 sk->sk_state_change(sk);
1355 } else {
1356 /* Incoming channel.
1357 * Wake up socket sleeping on accept.
1358 */
1359 parent->sk_data_ready(parent, 0);
1360 }
1361}
1362
1363/* Copy frame to all raw sockets on that connection */
1364static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1365{
1366 struct l2cap_chan_list *l = &conn->chan_list;
1367 struct sk_buff *nskb;
af05b30b 1368 struct sock *sk;
1da177e4
LT		 1369
1370 BT_DBG("conn %p", conn);
1371
1372 read_lock(&l->lock);
1373 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1374 if (sk->sk_type != SOCK_RAW)
1375 continue;
1376
1377 /* Don't send frame to the socket it came from */
1378 if (skb->sk == sk)
1379 continue;
af05b30b
GP		 1380 nskb = skb_clone(skb, GFP_ATOMIC);
1381 if (!nskb)
1da177e4
LT		 1382 continue;
1383
1384 if (sock_queue_rcv_skb(sk, nskb))
1385 kfree_skb(nskb);
1386 }
1387 read_unlock(&l->lock);
1388}
1389
1390/* ---- L2CAP signalling commands ---- */
1391static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1392 u8 code, u8 ident, u16 dlen, void *data)
1393{
1394 struct sk_buff *skb, **frag;
1395 struct l2cap_cmd_hdr *cmd;
1396 struct l2cap_hdr *lh;
1397 int len, count;
1398
af05b30b
GP		 1399 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1400 conn, code, ident, dlen);
1da177e4
LT		 1401
1402 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1403 count = min_t(unsigned int, conn->mtu, len);
1404
1405 skb = bt_skb_alloc(count, GFP_ATOMIC);
1406 if (!skb)
1407 return NULL;
1408
1409 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1410 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
8db4dc46 1411 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1412
1413 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1414 cmd->code = code;
1415 cmd->ident = ident;
aca3192c 1416 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1417
1418 if (dlen) {
1419 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1420 memcpy(skb_put(skb, count), data, count);
1421 data += count;
1422 }
1423
1424 len -= skb->len;
1425
1426 /* Continuation fragments (no L2CAP header) */
1427 frag = &skb_shinfo(skb)->frag_list;
1428 while (len) {
1429 count = min_t(unsigned int, conn->mtu, len);
1430
1431 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1432 if (!*frag)
1433 goto fail;
1434
1435 memcpy(skb_put(*frag, count), data, count);
1436
1437 len -= count;
1438 data += count;
1439
1440 frag = &(*frag)->next;
1441 }
1442
1443 return skb;
1444
1445fail:
1446 kfree_skb(skb);
1447 return NULL;
1448}
1449
1450static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1451{
1452 struct l2cap_conf_opt *opt = *ptr;
1453 int len;
1454
1455 len = L2CAP_CONF_OPT_SIZE + opt->len;
1456 *ptr += len;
1457
1458 *type = opt->type;
1459 *olen = opt->len;
1460
1461 switch (opt->len) {
1462 case 1:
1463 *val = *((u8 *) opt->val);
1464 break;
1465
1466 case 2:
bfaaeb3e 1467 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1468 break;
1469
1470 case 4:
bfaaeb3e 1471 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1472 break;
1473
1474 default:
1475 *val = (unsigned long) opt->val;
1476 break;
1477 }
1478
1479 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1480 return len;
1481}
1482
1da177e4
LT		 1483static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1484{
1485 struct l2cap_conf_opt *opt = *ptr;
1486
1487 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1488
1489 opt->type = type;
1490 opt->len = len;
1491
1492 switch (len) {
1493 case 1:
1494 *((u8 *) opt->val) = val;
1495 break;
1496
1497 case 2:
4f8b691c 1498 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1499 break;
1500
1501 case 4:
4f8b691c 1502 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1503 break;
1504
1505 default:
1506 memcpy(opt->val, (void *) val, len);
1507 break;
1508 }
1509
1510 *ptr += L2CAP_CONF_OPT_SIZE + len;
1511}
1512
c1b4f43b
GP		 1513static void l2cap_ack_timeout(unsigned long arg)
1514{
1515 struct sock *sk = (void *) arg;
1516
1517 bh_lock_sock(sk);
1518 l2cap_send_ack(l2cap_pi(sk));
1519 bh_unlock_sock(sk);
1520}
1521
0565c1c2
GP		 1522static inline void l2cap_ertm_init(struct sock *sk)
1523{
1524 l2cap_pi(sk)->expected_ack_seq = 0;
1525 l2cap_pi(sk)->unacked_frames = 0;
1526 l2cap_pi(sk)->buffer_seq = 0;
803020c6 1527 l2cap_pi(sk)->num_acked = 0;
d5392c8f 1528 l2cap_pi(sk)->frames_sent = 0;
0565c1c2
GP		 1529
1530 setup_timer(&l2cap_pi(sk)->retrans_timer,
1531 l2cap_retrans_timeout, (unsigned long) sk);
1532 setup_timer(&l2cap_pi(sk)->monitor_timer,
1533 l2cap_monitor_timeout, (unsigned long) sk);
c1b4f43b
GP		 1534 setup_timer(&l2cap_pi(sk)->ack_timer,
1535 l2cap_ack_timeout, (unsigned long) sk);
0565c1c2
GP		 1536
1537 __skb_queue_head_init(SREJ_QUEUE(sk));
1890d36b
GP		 1538 __skb_queue_head_init(BUSY_QUEUE(sk));
1539
1540 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
218bb9df
GP		 1541
1542 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1543}
1544
f2fcfcd6
GP		 1545static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1546{
1547 switch (mode) {
1548 case L2CAP_MODE_STREAMING:
1549 case L2CAP_MODE_ERTM:
1550 if (l2cap_mode_supported(mode, remote_feat_mask))
1551 return mode;
1552 /* fall through */
1553 default:
1554 return L2CAP_MODE_BASIC;
1555 }
1556}
1557
68983259 1558int l2cap_build_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1559{
1560 struct l2cap_pinfo *pi = l2cap_pi(sk);
1561 struct l2cap_conf_req *req = data;
bd3c9e25 1562 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1da177e4
LT		 1563 void *ptr = req->data;
1564
1565 BT_DBG("sk %p", sk);
1566
f2fcfcd6
GP		 1567 if (pi->num_conf_req || pi->num_conf_rsp)
1568 goto done;
1569
1570 switch (pi->mode) {
1571 case L2CAP_MODE_STREAMING:
1572 case L2CAP_MODE_ERTM:
2ba13ed6 1573 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
85eb53c6 1574 break;
85eb53c6 1575
2ba13ed6 1576 /* fall through */
f2fcfcd6
GP		 1577 default:
1578 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1579 break;
1580 }
1581
1582done:
7990681c
GP		 1583 if (pi->imtu != L2CAP_DEFAULT_MTU)
1584 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1585
65c7c491
MH		 1586 switch (pi->mode) {
1587 case L2CAP_MODE_BASIC:
63406504
GP		 1588 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1589 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
1590 break;
1591
62547752
GP		 1592 rfc.mode = L2CAP_MODE_BASIC;
1593 rfc.txwin_size = 0;
1594 rfc.max_transmit = 0;
1595 rfc.retrans_timeout = 0;
1596 rfc.monitor_timeout = 0;
1597 rfc.max_pdu_size = 0;
1598
63406504
GP		 1599 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1600 (unsigned long) &rfc);
65c7c491
MH		 1601 break;
1602
1603 case L2CAP_MODE_ERTM:
1604 rfc.mode = L2CAP_MODE_ERTM;
14b5aa71 1605 rfc.txwin_size = pi->tx_win;
68d7f0ce 1606 rfc.max_transmit = pi->max_tx;
f2fcfcd6
GP		 1607 rfc.retrans_timeout = 0;
1608 rfc.monitor_timeout = 0;
c74e560c 1609 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
d1daa091 1610 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1c762159 1611 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
f2fcfcd6 1612
63406504
GP		 1613 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1614 (unsigned long) &rfc);
1615
fcc203c3
GP		 1616 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1617 break;
1618
1619 if (pi->fcs == L2CAP_FCS_NONE ||
1620 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1621 pi->fcs = L2CAP_FCS_NONE;
1622 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1623 }
f2fcfcd6
GP		 1624 break;
1625
1626 case L2CAP_MODE_STREAMING:
1627 rfc.mode = L2CAP_MODE_STREAMING;
1628 rfc.txwin_size = 0;
1629 rfc.max_transmit = 0;
1630 rfc.retrans_timeout = 0;
1631 rfc.monitor_timeout = 0;
c74e560c 1632 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
d1daa091 1633 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1c762159 1634 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
65c7c491 1635
63406504
GP		 1636 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1637 (unsigned long) &rfc);
1638
fcc203c3
GP		 1639 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1640 break;
1641
1642 if (pi->fcs == L2CAP_FCS_NONE ||
1643 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1644 pi->fcs = L2CAP_FCS_NONE;
1645 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1646 }
65c7c491
MH		 1647 break;
1648 }
1da177e4
LT		 1649
1650 /* FIXME: Need actual value of the flush timeout */
1651 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1652 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1653
aca3192c
YH		 1654 req->dcid = cpu_to_le16(pi->dcid);
1655 req->flags = cpu_to_le16(0);
1da177e4
LT		 1656
1657 return ptr - data;
1658}
1659
5dee9e7c 1660static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1661{
1662 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1663 struct l2cap_conf_rsp *rsp = data;
1664 void *ptr = rsp->data;
1665 void *req = pi->conf_req;
1666 int len = pi->conf_len;
1667 int type, hint, olen;
1668 unsigned long val;
6464f35f 1669 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1670 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1671 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1672
5dee9e7c 1673 BT_DBG("sk %p", sk);
820ae1b8 1674
5dee9e7c
MH		 1675 while (len >= L2CAP_CONF_OPT_SIZE) {
1676 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1677
589d2746 1678 hint = type & L2CAP_CONF_HINT;
47ec1dcd 1679 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 1680
1681 switch (type) {
1682 case L2CAP_CONF_MTU:
861d6882 1683 mtu = val;
5dee9e7c
MH		 1684 break;
1685
1686 case L2CAP_CONF_FLUSH_TO:
1687 pi->flush_to = val;
1688 break;
1689
1690 case L2CAP_CONF_QOS:
1691 break;
1692
6464f35f
MH		 1693 case L2CAP_CONF_RFC:
1694 if (olen == sizeof(rfc))
1695 memcpy(&rfc, (void *) val, olen);
1696 break;
1697
fcc203c3
GP		 1698 case L2CAP_CONF_FCS:
1699 if (val == L2CAP_FCS_NONE)
1700 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1701
1702 break;
1703
5dee9e7c
MH		 1704 default:
1705 if (hint)
1706 break;
1707
1708 result = L2CAP_CONF_UNKNOWN;
1709 *((u8 *) ptr++) = type;
1710 break;
1711 }
1712 }
1713
e9aeb2dd 1714 if (pi->num_conf_rsp || pi->num_conf_req > 1)
f2fcfcd6
GP		 1715 goto done;
1716
1717 switch (pi->mode) {
1718 case L2CAP_MODE_STREAMING:
1719 case L2CAP_MODE_ERTM:
85eb53c6
GP		 1720 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1721 pi->mode = l2cap_select_mode(rfc.mode,
1722 pi->conn->feat_mask);
1723 break;
1724 }
1725
742e519b 1726 if (pi->mode != rfc.mode)
f2fcfcd6 1727 return -ECONNREFUSED;
742e519b 1728
f2fcfcd6 1729 break;
f2fcfcd6
GP		 1730 }
1731
1732done:
1733 if (pi->mode != rfc.mode) {
1734 result = L2CAP_CONF_UNACCEPT;
1735 rfc.mode = pi->mode;
1736
1737 if (pi->num_conf_rsp == 1)
1738 return -ECONNREFUSED;
1739
1740 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1741 sizeof(rfc), (unsigned long) &rfc);
1742 }
1743
1744
5dee9e7c
MH		 1745 if (result == L2CAP_CONF_SUCCESS) {
1746 /* Configure output options and let the other side know
1747 * which ones we don't like. */
1748
f2fcfcd6
GP		 1749 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1750 result = L2CAP_CONF_UNACCEPT;
1751 else {
1752 pi->omtu = mtu;
1753 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1754 }
1755 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
6464f35f 1756
f2fcfcd6
GP		 1757 switch (rfc.mode) {
1758 case L2CAP_MODE_BASIC:
1759 pi->fcs = L2CAP_FCS_NONE;
1760 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1761 break;
1762
1763 case L2CAP_MODE_ERTM:
1764 pi->remote_tx_win = rfc.txwin_size;
1765 pi->remote_max_tx = rfc.max_transmit;
86b1b263
MM		 1766
1767 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1768 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1c762159
GP		 1769
1770 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 1771
10467e9e
GP		 1772 rfc.retrans_timeout =
1773 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
1774 rfc.monitor_timeout =
1775 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6
GP		 1776
1777 pi->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1778
1779 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1780 sizeof(rfc), (unsigned long) &rfc);
1781
f2fcfcd6
GP		 1782 break;
1783
1784 case L2CAP_MODE_STREAMING:
86b1b263
MM		 1785 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1786 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1c762159
GP		 1787
1788 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1789
1790 pi->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1791
1792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1793 sizeof(rfc), (unsigned long) &rfc);
1794
f2fcfcd6
GP		 1795 break;
1796
1797 default:
5dee9e7c 1798 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1799
6464f35f 1800 memset(&rfc, 0, sizeof(rfc));
f2fcfcd6
GP		 1801 rfc.mode = pi->mode;
1802 }
6464f35f 1803
f2fcfcd6
GP		 1804 if (result == L2CAP_CONF_SUCCESS)
1805 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1806 }
5dee9e7c
MH		 1807 rsp->scid = cpu_to_le16(pi->dcid);
1808 rsp->result = cpu_to_le16(result);
1809 rsp->flags = cpu_to_le16(0x0000);
1810
1811 return ptr - data;
1da177e4
LT		 1812}
1813
f2fcfcd6
GP		 1814static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
1815{
1816 struct l2cap_pinfo *pi = l2cap_pi(sk);
1817 struct l2cap_conf_req *req = data;
1818 void *ptr = req->data;
1819 int type, olen;
1820 unsigned long val;
1821 struct l2cap_conf_rfc rfc;
1822
1823 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
1824
1825 while (len >= L2CAP_CONF_OPT_SIZE) {
1826 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1827
1828 switch (type) {
1829 case L2CAP_CONF_MTU:
1830 if (val < L2CAP_DEFAULT_MIN_MTU) {
1831 *result = L2CAP_CONF_UNACCEPT;
8183b775 1832 pi->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 1833 } else
8183b775
AE		 1834 pi->imtu = val;
1835 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
f2fcfcd6
GP		 1836 break;
1837
1838 case L2CAP_CONF_FLUSH_TO:
1839 pi->flush_to = val;
1840 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1841 2, pi->flush_to);
1842 break;
1843
1844 case L2CAP_CONF_RFC:
1845 if (olen == sizeof(rfc))
1846 memcpy(&rfc, (void *)val, olen);
1847
1848 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1849 rfc.mode != pi->mode)
1850 return -ECONNREFUSED;
1851
f2fcfcd6
GP		 1852 pi->fcs = 0;
1853
1854 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1855 sizeof(rfc), (unsigned long) &rfc);
1856 break;
1857 }
1858 }
1859
6c2ea7a8
GP		 1860 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
1861 return -ECONNREFUSED;
1862
1863 pi->mode = rfc.mode;
1864
f2fcfcd6
GP		 1865 if (*result == L2CAP_CONF_SUCCESS) {
1866 switch (rfc.mode) {
1867 case L2CAP_MODE_ERTM:
10467e9e
GP		 1868 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1869 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1c762159 1870 pi->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1871 break;
1872 case L2CAP_MODE_STREAMING:
1c762159 1873 pi->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1874 }
1875 }
1876
1877 req->dcid = cpu_to_le16(pi->dcid);
1878 req->flags = cpu_to_le16(0x0000);
1879
1880 return ptr - data;
1881}
1882
5dee9e7c 1883static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1884{
1885 struct l2cap_conf_rsp *rsp = data;
1886 void *ptr = rsp->data;
1da177e4 1887
5dee9e7c 1888 BT_DBG("sk %p", sk);
1da177e4 1889
aca3192c 1890 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1891 rsp->result = cpu_to_le16(result);
aca3192c 1892 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1893
1894 return ptr - data;
1895}
1896
7b1c0049
GP		 1897static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1898{
1899 struct l2cap_pinfo *pi = l2cap_pi(sk);
1900 int type, olen;
1901 unsigned long val;
1902 struct l2cap_conf_rfc rfc;
1903
1904 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
1905
1906 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
1907 return;
1908
1909 while (len >= L2CAP_CONF_OPT_SIZE) {
1910 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1911
1912 switch (type) {
1913 case L2CAP_CONF_RFC:
1914 if (olen == sizeof(rfc))
1915 memcpy(&rfc, (void *)val, olen);
1916 goto done;
1917 }
1918 }
1919
1920done:
1921 switch (rfc.mode) {
1922 case L2CAP_MODE_ERTM:
10467e9e
GP		 1923 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1924 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
7b1c0049
GP		 1925 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1926 break;
1927 case L2CAP_MODE_STREAMING:
1928 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1929 }
1930}
1931
4e8402a3
MH		 1932static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1933{
1934 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1935
1936 if (rej->reason != 0x0000)
1937 return 0;
1938
1939 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1940 cmd->ident == conn->info_ident) {
4e8402a3 1941 del_timer(&conn->info_timer);
984947dc
MH		 1942
1943 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1944 conn->info_ident = 0;
984947dc 1945
4e8402a3
MH		 1946 l2cap_conn_start(conn);
1947 }
1948
1949 return 0;
1950}
1951
1da177e4
LT		 1952static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1953{
1954 struct l2cap_chan_list *list = &conn->chan_list;
1955 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1956 struct l2cap_conn_rsp rsp;
d793fe8c 1957 struct sock *parent, *sk = NULL;
e7c29cb1 1958 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1959
1960 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1961 __le16 psm = req->psm;
1da177e4
LT		 1962
1963 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1964
1965 /* Check if we have socket listening on psm */
1966 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1967 if (!parent) {
1968 result = L2CAP_CR_BAD_PSM;
1969 goto sendresp;
1970 }
1971
e0f0cb56
GP		 1972 bh_lock_sock(parent);
1973
e7c29cb1
MH		 1974 /* Check if the ACL is secure enough (if not SDP) */
1975 if (psm != cpu_to_le16(0x0001) &&
1976 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 1977 conn->disc_reason = 0x05;
e7c29cb1
MH		 1978 result = L2CAP_CR_SEC_BLOCK;
1979 goto response;
1980 }
1981
1da177e4
LT		 1982 result = L2CAP_CR_NO_MEM;
1983
1984 /* Check for backlog size */
1985 if (sk_acceptq_is_full(parent)) {
8e87d142 1986 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1987 goto response;
1988 }
1989
3b1e0a65 1990 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 1991 if (!sk)
1992 goto response;
1993
fd1278d7 1994 write_lock_bh(&list->lock);
1da177e4
LT		 1995
1996 /* Check if we already have channel with that dcid */
1997 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 1998 write_unlock_bh(&list->lock);
1da177e4
LT		 1999 sock_set_flag(sk, SOCK_ZAPPED);
2000 l2cap_sock_kill(sk);
2001 goto response;
2002 }
2003
2004 hci_conn_hold(conn->hcon);
2005
2006 l2cap_sock_init(sk, parent);
2007 bacpy(&bt_sk(sk)->src, conn->src);
2008 bacpy(&bt_sk(sk)->dst, conn->dst);
2009 l2cap_pi(sk)->psm = psm;
2010 l2cap_pi(sk)->dcid = scid;
2011
2012 __l2cap_chan_add(conn, sk, parent);
2013 dcid = l2cap_pi(sk)->scid;
2014
2015 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2016
1da177e4
LT		 2017 l2cap_pi(sk)->ident = cmd->ident;
2018
984947dc 2019 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2af6b9d5 2020 if (l2cap_check_security(sk)) {
f66dc81f
MH		 2021 if (bt_sk(sk)->defer_setup) {
2022 sk->sk_state = BT_CONNECT2;
2023 result = L2CAP_CR_PEND;
2024 status = L2CAP_CS_AUTHOR_PEND;
2025 parent->sk_data_ready(parent, 0);
2026 } else {
2027 sk->sk_state = BT_CONFIG;
2028 result = L2CAP_CR_SUCCESS;
2029 status = L2CAP_CS_NO_INFO;
2030 }
79d554a6
MH		 2031 } else {
2032 sk->sk_state = BT_CONNECT2;
2033 result = L2CAP_CR_PEND;
2034 status = L2CAP_CS_AUTHEN_PEND;
2035 }
2036 } else {
2037 sk->sk_state = BT_CONNECT2;
2038 result = L2CAP_CR_PEND;
2039 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2040 }
2041
fd1278d7 2042 write_unlock_bh(&list->lock);
1da177e4
LT		 2043
2044response:
2045 bh_unlock_sock(parent);
2046
2047sendresp:
aca3192c
YH		 2048 rsp.scid = cpu_to_le16(scid);
2049 rsp.dcid = cpu_to_le16(dcid);
2050 rsp.result = cpu_to_le16(result);
2051 rsp.status = cpu_to_le16(status);
1da177e4 2052 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2053
2054 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2055 struct l2cap_info_req info;
2056 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2057
2058 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2059 conn->info_ident = l2cap_get_ident(conn);
2060
2061 mod_timer(&conn->info_timer, jiffies +
2062 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2063
2064 l2cap_send_cmd(conn, conn->info_ident,
2065 L2CAP_INFO_REQ, sizeof(info), &info);
2066 }
2067
d793fe8c 2068 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
e9aeb2dd
GP		 2069 result == L2CAP_CR_SUCCESS) {
2070 u8 buf[128];
2071 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2072 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2073 l2cap_build_conf_req(sk, buf), buf);
2074 l2cap_pi(sk)->num_conf_req++;
2075 }
2076
1da177e4
LT		 2077 return 0;
2078}
2079
2080static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2081{
2082 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2083 u16 scid, dcid, result, status;
2084 struct sock *sk;
2085 u8 req[128];
2086
2087 scid = __le16_to_cpu(rsp->scid);
2088 dcid = __le16_to_cpu(rsp->dcid);
2089 result = __le16_to_cpu(rsp->result);
2090 status = __le16_to_cpu(rsp->status);
2091
2092 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2093
2094 if (scid) {
af05b30b
GP		 2095 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2096 if (!sk)
57d3b22b 2097 return -EFAULT;
1da177e4 2098 } else {
af05b30b
GP		 2099 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2100 if (!sk)
57d3b22b 2101 return -EFAULT;
1da177e4
LT		 2102 }
2103
2104 switch (result) {
2105 case L2CAP_CR_SUCCESS:
2106 sk->sk_state = BT_CONFIG;
2107 l2cap_pi(sk)->ident = 0;
2108 l2cap_pi(sk)->dcid = dcid;
6a8d3010
MH		 2109 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2110
e9aeb2dd
GP		 2111 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
2112 break;
2113
2114 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2115
1da177e4
LT		 2116 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2117 l2cap_build_conf_req(sk, req), req);
f2fcfcd6 2118 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2119 break;
2120
2121 case L2CAP_CR_PEND:
6a8d3010 2122 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4
LT		 2123 break;
2124
2125 default:
a49184c2
AE		 2126 /* don't delete l2cap channel if sk is owned by user */
2127 if (sock_owned_by_user(sk)) {
2128 sk->sk_state = BT_DISCONN;
2129 l2cap_sock_clear_timer(sk);
2130 l2cap_sock_set_timer(sk, HZ / 5);
2131 break;
2132 }
2133
1da177e4
LT		 2134 l2cap_chan_del(sk, ECONNREFUSED);
2135 break;
2136 }
2137
2138 bh_unlock_sock(sk);
2139 return 0;
2140}
2141
8c462b60
MM		 2142static inline void set_default_fcs(struct l2cap_pinfo *pi)
2143{
2144 /* FCS is enabled only in ERTM or streaming mode, if one or both
2145 * sides request it.
2146 */
2147 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
2148 pi->fcs = L2CAP_FCS_NONE;
2149 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
2150 pi->fcs = L2CAP_FCS_CRC16;
2151}
2152
88219a0f 2153static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2154{
2155 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2156 u16 dcid, flags;
2157 u8 rsp[64];
2158 struct sock *sk;
5dee9e7c 2159 int len;
1da177e4
LT		 2160
2161 dcid = __le16_to_cpu(req->dcid);
2162 flags = __le16_to_cpu(req->flags);
2163
2164 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2165
af05b30b
GP		 2166 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2167 if (!sk)
1da177e4
LT		 2168 return -ENOENT;
2169
df6bd743
GP		 2170 if (sk->sk_state != BT_CONFIG) {
2171 struct l2cap_cmd_rej rej;
2172
2173 rej.reason = cpu_to_le16(0x0002);
2174 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2175 sizeof(rej), &rej);
354f60a9 2176 goto unlock;
df6bd743 2177 }
354f60a9 2178
5dee9e7c 2179 /* Reject if config buffer is too small. */
88219a0f 2180 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 2181 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2182 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2183 l2cap_build_conf_rsp(sk, rsp,
2184 L2CAP_CONF_REJECT, flags), rsp);
2185 goto unlock;
2186 }
2187
2188 /* Store config. */
2189 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2190 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 2191
2192 if (flags & 0x0001) {
2193 /* Incomplete config. Send empty response. */
2194 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 2195 l2cap_build_conf_rsp(sk, rsp,
2196 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2197 goto unlock;
2198 }
2199
2200 /* Complete config. */
5dee9e7c 2201 len = l2cap_parse_conf_req(sk, rsp);
f2fcfcd6 2202 if (len < 0) {
9b108fc0 2203 l2cap_send_disconn_req(conn, sk, ECONNRESET);
1da177e4 2204 goto unlock;
f2fcfcd6 2205 }
1da177e4 2206
5dee9e7c 2207 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
f2fcfcd6 2208 l2cap_pi(sk)->num_conf_rsp++;
5dee9e7c 2209
5dee9e7c
MH		 2210 /* Reset config buffer. */
2211 l2cap_pi(sk)->conf_len = 0;
2212
876d9484
MH		 2213 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2214 goto unlock;
2215
1da177e4 2216 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
8c462b60 2217 set_default_fcs(l2cap_pi(sk));
fcc203c3 2218
1da177e4 2219 sk->sk_state = BT_CONNECTED;
e90bac06 2220
0565c1c2
GP		 2221 l2cap_pi(sk)->next_tx_seq = 0;
2222 l2cap_pi(sk)->expected_tx_seq = 0;
1c2acffb 2223 __skb_queue_head_init(TX_QUEUE(sk));
0565c1c2
GP		 2224 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2225 l2cap_ertm_init(sk);
2226
1da177e4 2227 l2cap_chan_ready(sk);
876d9484
MH		 2228 goto unlock;
2229 }
2230
2231 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2232 u8 buf[64];
ab3e5715 2233 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1da177e4 2234 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 2235 l2cap_build_conf_req(sk, buf), buf);
f2fcfcd6 2236 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2237 }
2238
2239unlock:
2240 bh_unlock_sock(sk);
2241 return 0;
2242}
2243
2244static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2245{
2246 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2247 u16 scid, flags, result;
2248 struct sock *sk;
7b1c0049 2249 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2250
2251 scid = __le16_to_cpu(rsp->scid);
2252 flags = __le16_to_cpu(rsp->flags);
2253 result = __le16_to_cpu(rsp->result);
2254
af05b30b
GP		 2255 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2256 scid, flags, result);
1da177e4 2257
af05b30b
GP		 2258 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2259 if (!sk)
1da177e4
LT		 2260 return 0;
2261
2262 switch (result) {
2263 case L2CAP_CONF_SUCCESS:
7b1c0049 2264 l2cap_conf_rfc_get(sk, rsp->data, len);
1da177e4
LT		 2265 break;
2266
2267 case L2CAP_CONF_UNACCEPT:
f2fcfcd6 2268 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2269 char req[64];
2270
c2c77ec8 2271 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
9b108fc0 2272 l2cap_send_disconn_req(conn, sk, ECONNRESET);
c2c77ec8
AE		 2273 goto done;
2274 }
2275
f2fcfcd6
GP		 2276 /* throw out any old stored conf requests */
2277 result = L2CAP_CONF_SUCCESS;
2278 len = l2cap_parse_conf_rsp(sk, rsp->data,
2279 len, req, &result);
2280 if (len < 0) {
9b108fc0 2281 l2cap_send_disconn_req(conn, sk, ECONNRESET);
f2fcfcd6
GP		 2282 goto done;
2283 }
2284
2285 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2286 L2CAP_CONF_REQ, len, req);
2287 l2cap_pi(sk)->num_conf_req++;
2288 if (result != L2CAP_CONF_SUCCESS)
2289 goto done;
2290 break;
1da177e4
LT		 2291 }
2292
8e87d142 2293 default:
b1235d79 2294 sk->sk_err = ECONNRESET;
1da177e4 2295 l2cap_sock_set_timer(sk, HZ * 5);
9b108fc0 2296 l2cap_send_disconn_req(conn, sk, ECONNRESET);
1da177e4
LT		 2297 goto done;
2298 }
2299
2300 if (flags & 0x01)
2301 goto done;
2302
1da177e4
LT		 2303 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2304
2305 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
8c462b60 2306 set_default_fcs(l2cap_pi(sk));
fcc203c3 2307
1da177e4 2308 sk->sk_state = BT_CONNECTED;
0565c1c2 2309 l2cap_pi(sk)->next_tx_seq = 0;
1c2acffb 2310 l2cap_pi(sk)->expected_tx_seq = 0;
1c2acffb 2311 __skb_queue_head_init(TX_QUEUE(sk));
0565c1c2
GP		 2312 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2313 l2cap_ertm_init(sk);
2314
1da177e4
LT		 2315 l2cap_chan_ready(sk);
2316 }
2317
2318done:
2319 bh_unlock_sock(sk);
2320 return 0;
2321}
2322
2323static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2324{
2325 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2326 struct l2cap_disconn_rsp rsp;
2327 u16 dcid, scid;
2328 struct sock *sk;
2329
2330 scid = __le16_to_cpu(req->scid);
2331 dcid = __le16_to_cpu(req->dcid);
2332
2333 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2334
af05b30b
GP		 2335 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2336 if (!sk)
1da177e4
LT		 2337 return 0;
2338
aca3192c
YH		 2339 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2340 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2341 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2342
2343 sk->sk_shutdown = SHUTDOWN_MASK;
2344
a49184c2
AE		 2345 /* don't delete l2cap channel if sk is owned by user */
2346 if (sock_owned_by_user(sk)) {
2347 sk->sk_state = BT_DISCONN;
2348 l2cap_sock_clear_timer(sk);
2349 l2cap_sock_set_timer(sk, HZ / 5);
2350 bh_unlock_sock(sk);
2351 return 0;
2352 }
2353
1da177e4
LT		 2354 l2cap_chan_del(sk, ECONNRESET);
2355 bh_unlock_sock(sk);
2356
2357 l2cap_sock_kill(sk);
2358 return 0;
2359}
2360
2361static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2362{
2363 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2364 u16 dcid, scid;
2365 struct sock *sk;
2366
2367 scid = __le16_to_cpu(rsp->scid);
2368 dcid = __le16_to_cpu(rsp->dcid);
2369
2370 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2371
af05b30b
GP		 2372 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2373 if (!sk)
1da177e4
LT		 2374 return 0;
2375
a49184c2
AE		 2376 /* don't delete l2cap channel if sk is owned by user */
2377 if (sock_owned_by_user(sk)) {
2378 sk->sk_state = BT_DISCONN;
2379 l2cap_sock_clear_timer(sk);
2380 l2cap_sock_set_timer(sk, HZ / 5);
2381 bh_unlock_sock(sk);
2382 return 0;
2383 }
2384
1da177e4
LT		 2385 l2cap_chan_del(sk, 0);
2386 bh_unlock_sock(sk);
2387
2388 l2cap_sock_kill(sk);
2389 return 0;
2390}
2391
2392static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2393{
2394 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2395 u16 type;
2396
2397 type = __le16_to_cpu(req->type);
2398
2399 BT_DBG("type 0x%4.4x", type);
2400
f0709e03
MH		 2401 if (type == L2CAP_IT_FEAT_MASK) {
2402 u8 buf[8];
44dd46de 2403 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2404 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2405 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2406 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2407 if (!disable_ertm)
fcc203c3
GP		 2408 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2409 | L2CAP_FEAT_FCS;
1b7bf4ed 2410 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2411 l2cap_send_cmd(conn, cmd->ident,
2412 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2413 } else if (type == L2CAP_IT_FIXED_CHAN) {
2414 u8 buf[12];
2415 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2416 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2417 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2418 memcpy(buf + 4, l2cap_fixed_chan, 8);
2419 l2cap_send_cmd(conn, cmd->ident,
2420 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2421 } else {
2422 struct l2cap_info_rsp rsp;
2423 rsp.type = cpu_to_le16(type);
2424 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2425 l2cap_send_cmd(conn, cmd->ident,
2426 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2427 }
1da177e4
LT		 2428
2429 return 0;
2430}
2431
2432static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2433{
2434 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2435 u16 type, result;
2436
2437 type = __le16_to_cpu(rsp->type);
2438 result = __le16_to_cpu(rsp->result);
2439
2440 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2441
4e8402a3
MH		 2442 del_timer(&conn->info_timer);
2443
adb08ede
VT		 2444 if (result != L2CAP_IR_SUCCESS) {
2445 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2446 conn->info_ident = 0;
2447
2448 l2cap_conn_start(conn);
2449
2450 return 0;
2451 }
2452
984947dc 2453 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2454 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2455
47ec1dcd 2456 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2457 struct l2cap_info_req req;
2458 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2459
2460 conn->info_ident = l2cap_get_ident(conn);
2461
2462 l2cap_send_cmd(conn, conn->info_ident,
2463 L2CAP_INFO_REQ, sizeof(req), &req);
2464 } else {
2465 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2466 conn->info_ident = 0;
2467
2468 l2cap_conn_start(conn);
2469 }
2470 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2471 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2472 conn->info_ident = 0;
984947dc
MH		 2473
2474 l2cap_conn_start(conn);
2475 }
4e8402a3 2476
1da177e4
LT		 2477 return 0;
2478}
2479
2480static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2481{
2482 u8 *data = skb->data;
2483 int len = skb->len;
2484 struct l2cap_cmd_hdr cmd;
2485 int err = 0;
2486
2487 l2cap_raw_recv(conn, skb);
2488
2489 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2490 u16 cmd_len;
1da177e4
LT		 2491 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2492 data += L2CAP_CMD_HDR_SIZE;
2493 len -= L2CAP_CMD_HDR_SIZE;
2494
88219a0f 2495 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2496
88219a0f 2497 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2498
88219a0f 2499 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2500 BT_DBG("corrupted command");
2501 break;
2502 }
2503
2504 switch (cmd.code) {
2505 case L2CAP_COMMAND_REJ:
4e8402a3 2506 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2507 break;
2508
2509 case L2CAP_CONN_REQ:
2510 err = l2cap_connect_req(conn, &cmd, data);
2511 break;
2512
2513 case L2CAP_CONN_RSP:
2514 err = l2cap_connect_rsp(conn, &cmd, data);
2515 break;
2516
2517 case L2CAP_CONF_REQ:
88219a0f 2518 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2519 break;
2520
2521 case L2CAP_CONF_RSP:
2522 err = l2cap_config_rsp(conn, &cmd, data);
2523 break;
2524
2525 case L2CAP_DISCONN_REQ:
2526 err = l2cap_disconnect_req(conn, &cmd, data);
2527 break;
2528
2529 case L2CAP_DISCONN_RSP:
2530 err = l2cap_disconnect_rsp(conn, &cmd, data);
2531 break;
2532
2533 case L2CAP_ECHO_REQ:
88219a0f 2534 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2535 break;
2536
2537 case L2CAP_ECHO_RSP:
2538 break;
2539
2540 case L2CAP_INFO_REQ:
2541 err = l2cap_information_req(conn, &cmd, data);
2542 break;
2543
2544 case L2CAP_INFO_RSP:
2545 err = l2cap_information_rsp(conn, &cmd, data);
2546 break;
2547
2548 default:
2549 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2550 err = -EINVAL;
2551 break;
2552 }
2553
2554 if (err) {
2555 struct l2cap_cmd_rej rej;
2556 BT_DBG("error %d", err);
2557
2558 /* FIXME: Map err to a valid reason */
aca3192c 2559 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2560 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2561 }
2562
88219a0f
AV		 2563 data += cmd_len;
2564 len -= cmd_len;
1da177e4
LT		 2565 }
2566
2567 kfree_skb(skb);
2568}
2569
fcc203c3
GP		 2570static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2571{
2572 u16 our_fcs, rcv_fcs;
2573 int hdr_size = L2CAP_HDR_SIZE + 2;
2574
2575 if (pi->fcs == L2CAP_FCS_CRC16) {
2576 skb_trim(skb, skb->len - 2);
2577 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2578 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
2579
2580 if (our_fcs != rcv_fcs)
7a560e5c 2581 return -EBADMSG;
fcc203c3
GP		 2582 }
2583 return 0;
2584}
2585
d5392c8f
GP		 2586static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
2587{
2588 struct l2cap_pinfo *pi = l2cap_pi(sk);
2589 u16 control = 0;
2590
2591 pi->frames_sent = 0;
d5392c8f
GP		 2592
2593 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2594
2595 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
64988868 2596 control |= L2CAP_SUPER_RCV_NOT_READY;
d5392c8f 2597 l2cap_send_sframe(pi, control);
1890d36b 2598 pi->conn_state |= L2CAP_CONN_RNR_SENT;
d5392c8f
GP		 2599 }
2600
4ea727ef
GP		 2601 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
2602 l2cap_retransmit_frames(sk);
d5392c8f
GP		 2603
2604 l2cap_ertm_send(sk);
2605
2606 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2607 pi->frames_sent == 0) {
2608 control |= L2CAP_SUPER_RCV_READY;
d5392c8f
GP		 2609 l2cap_send_sframe(pi, control);
2610 }
2611}
2612
9b53350d 2613static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 2614{
2615 struct sk_buff *next_skb;
bfbacc11
JPRV		 2616 struct l2cap_pinfo *pi = l2cap_pi(sk);
2617 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 2618
2619 bt_cb(skb)->tx_seq = tx_seq;
2620 bt_cb(skb)->sar = sar;
2621
2622 next_skb = skb_peek(SREJ_QUEUE(sk));
2623 if (!next_skb) {
2624 __skb_queue_tail(SREJ_QUEUE(sk), skb);
9b53350d 2625 return 0;
8f17154f
GP		 2626 }
2627
bfbacc11
JPRV		 2628 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
2629 if (tx_seq_offset < 0)
2630 tx_seq_offset += 64;
2631
8f17154f 2632 do {
9b53350d
JPRV		 2633 if (bt_cb(next_skb)->tx_seq == tx_seq)
2634 return -EINVAL;
2635
bfbacc11
JPRV		 2636 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2637 pi->buffer_seq) % 64;
2638 if (next_tx_seq_offset < 0)
2639 next_tx_seq_offset += 64;
2640
2641 if (next_tx_seq_offset > tx_seq_offset) {
8f17154f 2642 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
9b53350d 2643 return 0;
8f17154f
GP		 2644 }
2645
2646 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
2647 break;
2648
59203a21 2649 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
8f17154f
GP		 2650
2651 __skb_queue_tail(SREJ_QUEUE(sk), skb);
9b53350d
JPRV		 2652
2653 return 0;
8f17154f
GP		 2654}
2655
18778a63
GP		 2656static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
2657{
2658 struct l2cap_pinfo *pi = l2cap_pi(sk);
2659 struct sk_buff *_skb;
1890d36b 2660 int err;
18778a63
GP		 2661
2662 switch (control & L2CAP_CTRL_SAR) {
2663 case L2CAP_SDU_UNSEGMENTED:
2664 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2665 goto drop;
2666
2667 err = sock_queue_rcv_skb(sk, skb);
2668 if (!err)
2669 return err;
2670
2671 break;
2672
2673 case L2CAP_SDU_START:
2674 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2675 goto drop;
2676
2677 pi->sdu_len = get_unaligned_le16(skb->data);
18778a63
GP		 2678
2679 if (pi->sdu_len > pi->imtu)
2680 goto disconnect;
2681
2682 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
1890d36b
GP		 2683 if (!pi->sdu)
2684 return -ENOMEM;
2685
2686 /* pull sdu_len bytes only after alloc, because of Local Busy
2687 * condition we have to be sure that this will be executed
2688 * only once, i.e., when alloc does not fail */
2689 skb_pull(skb, 2);
18778a63
GP		 2690
2691 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2692
2693 pi->conn_state |= L2CAP_CONN_SAR_SDU;
2694 pi->partial_sdu_len = skb->len;
2695 break;
2696
2697 case L2CAP_SDU_CONTINUE:
2698 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2699 goto disconnect;
2700
2701 if (!pi->sdu)
2702 goto disconnect;
2703
18778a63
GP		 2704 pi->partial_sdu_len += skb->len;
2705 if (pi->partial_sdu_len > pi->sdu_len)
2706 goto drop;
2707
4178ba46
GP		 2708 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2709
18778a63
GP		 2710 break;
2711
2712 case L2CAP_SDU_END:
2713 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2714 goto disconnect;
2715
2716 if (!pi->sdu)
2717 goto disconnect;
2718
1890d36b 2719 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
1890d36b 2720 pi->partial_sdu_len += skb->len;
18778a63 2721
1890d36b
GP		 2722 if (pi->partial_sdu_len > pi->imtu)
2723 goto drop;
18778a63 2724
1890d36b
GP		 2725 if (pi->partial_sdu_len != pi->sdu_len)
2726 goto drop;
4178ba46
GP		 2727
2728 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
1890d36b 2729 }
18778a63
GP		 2730
2731 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
1890d36b
GP		 2732 if (!_skb) {
2733 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2734 return -ENOMEM;
2735 }
2736
18778a63 2737 err = sock_queue_rcv_skb(sk, _skb);
1890d36b 2738 if (err < 0) {
18778a63 2739 kfree_skb(_skb);
1890d36b
GP		 2740 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2741 return err;
2742 }
2743
2744 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2745 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
18778a63
GP		 2746
2747 kfree_skb(pi->sdu);
2748 break;
2749 }
2750
2751 kfree_skb(skb);
1890d36b 2752 return 0;
18778a63
GP		 2753
2754drop:
2755 kfree_skb(pi->sdu);
2756 pi->sdu = NULL;
2757
2758disconnect:
9b108fc0 2759 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
18778a63
GP		 2760 kfree_skb(skb);
2761 return 0;
2762}
2763
712132eb
GP		 2764static int l2cap_try_push_rx_skb(struct sock *sk)
2765{
2766 struct l2cap_pinfo *pi = l2cap_pi(sk);
2767 struct sk_buff *skb;
2768 u16 control;
2769 int err;
2770
2771 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
2772 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2773 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2774 if (err < 0) {
2775 skb_queue_head(BUSY_QUEUE(sk), skb);
2776 return -EBUSY;
2777 }
2778
2779 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2780 }
2781
2782 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
2783 goto done;
2784
2785 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2786 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2787 l2cap_send_sframe(pi, control);
2788 l2cap_pi(sk)->retry_count = 1;
2789
2790 del_timer(&pi->retrans_timer);
2791 __mod_monitor_timer();
2792
2793 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
2794
2795done:
2796 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2797 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
2798
2799 BT_DBG("sk %p, Exit local busy", sk);
2800
2801 return 0;
2802}
2803
1890d36b
GP		 2804static void l2cap_busy_work(struct work_struct *work)
2805{
2806 DECLARE_WAITQUEUE(wait, current);
2807 struct l2cap_pinfo *pi =
2808 container_of(work, struct l2cap_pinfo, busy_work);
2809 struct sock *sk = (struct sock *)pi;
2810 int n_tries = 0, timeo = HZ/5, err;
2811 struct sk_buff *skb;
1890d36b
GP		 2812
2813 lock_sock(sk);
2814
2b0b05dd 2815 add_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 2816 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
2817 set_current_state(TASK_INTERRUPTIBLE);
2818
2819 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2820 err = -EBUSY;
9b108fc0 2821 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
712132eb 2822 break;
1890d36b
GP		 2823 }
2824
2825 if (!timeo)
2826 timeo = HZ/5;
2827
2828 if (signal_pending(current)) {
2829 err = sock_intr_errno(timeo);
712132eb 2830 break;
1890d36b
GP		 2831 }
2832
2833 release_sock(sk);
2834 timeo = schedule_timeout(timeo);
2835 lock_sock(sk);
2836
2837 err = sock_error(sk);
2838 if (err)
712132eb 2839 break;
1890d36b 2840
712132eb 2841 if (l2cap_try_push_rx_skb(sk) == 0)
1890d36b
GP		 2842 break;
2843 }
2844
1890d36b 2845 set_current_state(TASK_RUNNING);
2b0b05dd 2846 remove_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 2847
2848 release_sock(sk);
2849}
2850
2851static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
2852{
2853 struct l2cap_pinfo *pi = l2cap_pi(sk);
2854 int sctrl, err;
2855
2856 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2857 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2858 __skb_queue_tail(BUSY_QUEUE(sk), skb);
712132eb
GP		 2859 return l2cap_try_push_rx_skb(sk);
2860
2861
1890d36b
GP		 2862 }
2863
2864 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2865 if (err >= 0) {
2866 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2867 return err;
2868 }
2869
2870 /* Busy Condition */
0e98958d
GP		 2871 BT_DBG("sk %p, Enter local busy", sk);
2872
1890d36b
GP		 2873 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
2874 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2875 __skb_queue_tail(BUSY_QUEUE(sk), skb);
2876
2877 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2878 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
2879 l2cap_send_sframe(pi, sctrl);
2880
2881 pi->conn_state |= L2CAP_CONN_RNR_SENT;
2882
7fe9b298
GP		 2883 del_timer(&pi->ack_timer);
2884
1890d36b
GP		 2885 queue_work(_busy_wq, &pi->busy_work);
2886
2887 return err;
2888}
2889
18778a63 2890static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
c74e560c
GP		 2891{
2892 struct l2cap_pinfo *pi = l2cap_pi(sk);
2893 struct sk_buff *_skb;
2894 int err = -EINVAL;
2895
18778a63
GP		 2896 /*
2897 * TODO: We have to notify the userland if some data is lost with the
2898 * Streaming Mode.
2899 */
2900
c74e560c
GP		 2901 switch (control & L2CAP_CTRL_SAR) {
2902 case L2CAP_SDU_UNSEGMENTED:
2903 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
2904 kfree_skb(pi->sdu);
2905 break;
2906 }
2907
2908 err = sock_queue_rcv_skb(sk, skb);
2909 if (!err)
2910 return 0;
2911
2912 break;
2913
2914 case L2CAP_SDU_START:
2915 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
2916 kfree_skb(pi->sdu);
2917 break;
2918 }
2919
2920 pi->sdu_len = get_unaligned_le16(skb->data);
2921 skb_pull(skb, 2);
2922
052897ca
GP		 2923 if (pi->sdu_len > pi->imtu) {
2924 err = -EMSGSIZE;
2925 break;
2926 }
2927
c74e560c
GP		 2928 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
2929 if (!pi->sdu) {
2930 err = -ENOMEM;
2931 break;
2932 }
2933
2934 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2935
2936 pi->conn_state |= L2CAP_CONN_SAR_SDU;
2937 pi->partial_sdu_len = skb->len;
2938 err = 0;
2939 break;
2940
2941 case L2CAP_SDU_CONTINUE:
2942 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2943 break;
2944
2945 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2946
2947 pi->partial_sdu_len += skb->len;
2948 if (pi->partial_sdu_len > pi->sdu_len)
2949 kfree_skb(pi->sdu);
2950 else
2951 err = 0;
2952
2953 break;
2954
2955 case L2CAP_SDU_END:
2956 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2957 break;
2958
2959 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2960
2961 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
2962 pi->partial_sdu_len += skb->len;
2963
36f2fd58
GP		 2964 if (pi->partial_sdu_len > pi->imtu)
2965 goto drop;
2966
c74e560c
GP		 2967 if (pi->partial_sdu_len == pi->sdu_len) {
2968 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
2969 err = sock_queue_rcv_skb(sk, _skb);
2970 if (err < 0)
2971 kfree_skb(_skb);
2972 }
c74e560c
GP		 2973 err = 0;
2974
36f2fd58
GP		 2975drop:
2976 kfree_skb(pi->sdu);
c74e560c
GP		 2977 break;
2978 }
2979
2980 kfree_skb(skb);
2981 return err;
2982}
2983
8f17154f
GP		 2984static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
2985{
2986 struct sk_buff *skb;
afefdbc4 2987 u16 control;
8f17154f 2988
59203a21 2989 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
8f17154f
GP		 2990 if (bt_cb(skb)->tx_seq != tx_seq)
2991 break;
2992
2993 skb = skb_dequeue(SREJ_QUEUE(sk));
afefdbc4 2994 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
18778a63 2995 l2cap_ertm_reassembly_sdu(sk, skb, control);
8f17154f
GP		 2996 l2cap_pi(sk)->buffer_seq_srej =
2997 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
8ff50ec0 2998 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 2999 }
3000}
3001
3002static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3003{
3004 struct l2cap_pinfo *pi = l2cap_pi(sk);
3005 struct srej_list *l, *tmp;
3006 u16 control;
3007
59203a21 3008 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
8f17154f
GP		 3009 if (l->tx_seq == tx_seq) {
3010 list_del(&l->list);
3011 kfree(l);
3012 return;
3013 }
3014 control = L2CAP_SUPER_SELECT_REJECT;
3015 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3016 l2cap_send_sframe(pi, control);
3017 list_del(&l->list);
3018 list_add_tail(&l->list, SREJ_LIST(sk));
3019 }
3020}
3021
3022static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3023{
3024 struct l2cap_pinfo *pi = l2cap_pi(sk);
3025 struct srej_list *new;
3026 u16 control;
3027
3028 while (tx_seq != pi->expected_tx_seq) {
3029 control = L2CAP_SUPER_SELECT_REJECT;
3030 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3031 l2cap_send_sframe(pi, control);
3032
3033 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
8ff50ec0
GP		 3034 new->tx_seq = pi->expected_tx_seq;
3035 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
8f17154f
GP		 3036 list_add_tail(&new->list, SREJ_LIST(sk));
3037 }
8ff50ec0 3038 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
8f17154f
GP		 3039}
3040
1c2acffb
GP		 3041static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3042{
3043 struct l2cap_pinfo *pi = l2cap_pi(sk);
3044 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3045 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3046 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3047 int tx_seq_offset, expected_tx_seq_offset;
803020c6 3048 int num_to_ack = (pi->tx_win/6) + 1;
1c2acffb
GP		 3049 int err = 0;
3050
0e98958d
GP		 3051 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3052 rx_control);
1c2acffb 3053
9b16dc65
GP		 3054 if (L2CAP_CTRL_FINAL & rx_control &&
3055 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
1d8f5d16
GP		 3056 del_timer(&pi->monitor_timer);
3057 if (pi->unacked_frames > 0)
3058 __mod_retrans_timer();
3059 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3060 }
3061
9f121a5a
GP		 3062 pi->expected_ack_seq = req_seq;
3063 l2cap_drop_acked_frames(sk);
3064
8f17154f
GP		 3065 if (tx_seq == pi->expected_tx_seq)
3066 goto expected;
1c2acffb 3067
9b53350d
JPRV		 3068 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3069 if (tx_seq_offset < 0)
3070 tx_seq_offset += 64;
3071
3072 /* invalid tx_seq */
3073 if (tx_seq_offset >= pi->tx_win) {
9b108fc0 3074 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
9b53350d
JPRV		 3075 goto drop;
3076 }
3077
1890d36b
GP		 3078 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3079 goto drop;
3080
8f17154f
GP		 3081 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3082 struct srej_list *first;
30afb5b2 3083
8f17154f
GP		 3084 first = list_first_entry(SREJ_LIST(sk),
3085 struct srej_list, list);
3086 if (tx_seq == first->tx_seq) {
3087 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3088 l2cap_check_srej_gap(sk, tx_seq);
3089
3090 list_del(&first->list);
3091 kfree(first);
3092
3093 if (list_empty(SREJ_LIST(sk))) {
3094 pi->buffer_seq = pi->buffer_seq_srej;
3095 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
855666cc 3096 l2cap_send_ack(pi);
0e98958d 3097 BT_DBG("sk %p, Exit SREJ_SENT", sk);
8f17154f
GP		 3098 }
3099 } else {
3100 struct srej_list *l;
9b53350d
JPRV		 3101
3102 /* duplicated tx_seq */
3103 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
3104 goto drop;
8f17154f
GP		 3105
3106 list_for_each_entry(l, SREJ_LIST(sk), list) {
3107 if (l->tx_seq == tx_seq) {
3108 l2cap_resend_srejframe(sk, tx_seq);
3109 return 0;
3110 }
3111 }
3112 l2cap_send_srejframe(sk, tx_seq);
30afb5b2
GP		 3113 }
3114 } else {
9b53350d
JPRV		 3115 expected_tx_seq_offset =
3116 (pi->expected_tx_seq - pi->buffer_seq) % 64;
3117 if (expected_tx_seq_offset < 0)
3118 expected_tx_seq_offset += 64;
3119
3120 /* duplicated tx_seq */
3121 if (tx_seq_offset < expected_tx_seq_offset)
3122 goto drop;
3123
8f17154f 3124 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
1c2acffb 3125
0e98958d
GP		 3126 BT_DBG("sk %p, Enter SREJ", sk);
3127
8f17154f
GP		 3128 INIT_LIST_HEAD(SREJ_LIST(sk));
3129 pi->buffer_seq_srej = pi->buffer_seq;
3130
3131 __skb_queue_head_init(SREJ_QUEUE(sk));
1890d36b 3132 __skb_queue_head_init(BUSY_QUEUE(sk));
8f17154f
GP		 3133 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3134
ef54fd93
GP		 3135 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3136
8f17154f 3137 l2cap_send_srejframe(sk, tx_seq);
7fe9b298
GP		 3138
3139 del_timer(&pi->ack_timer);
1c2acffb 3140 }
30afb5b2
GP		 3141 return 0;
3142
8f17154f
GP		 3143expected:
3144 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3145
3146 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3b1a9f3f
GP		 3147 bt_cb(skb)->tx_seq = tx_seq;
3148 bt_cb(skb)->sar = sar;
3149 __skb_queue_tail(SREJ_QUEUE(sk), skb);
8f17154f
GP		 3150 return 0;
3151 }
3152
2ece3684
GP		 3153 err = l2cap_push_rx_skb(sk, skb, rx_control);
3154 if (err < 0)
3155 return 0;
3156
4ec10d97
GP		 3157 if (rx_control & L2CAP_CTRL_FINAL) {
3158 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3159 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3160 else
3161 l2cap_retransmit_frames(sk);
4ec10d97
GP		 3162 }
3163
c1b4f43b
GP		 3164 __mod_ack_timer();
3165
803020c6
GP		 3166 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
3167 if (pi->num_acked == num_to_ack - 1)
9e917af1
GP		 3168 l2cap_send_ack(pi);
3169
8f17154f 3170 return 0;
9b53350d
JPRV		 3171
3172drop:
3173 kfree_skb(skb);
3174 return 0;
1c2acffb
GP		 3175}
3176
e072745f 3177static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
1c2acffb
GP		 3178{
3179 struct l2cap_pinfo *pi = l2cap_pi(sk);
6e3a5981 3180
0e98958d
GP		 3181 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3182 rx_control);
3183
6e3a5981
GP		 3184 pi->expected_ack_seq = __get_reqseq(rx_control);
3185 l2cap_drop_acked_frames(sk);
1c2acffb 3186
e072745f 3187 if (rx_control & L2CAP_CTRL_POLL) {
3cb123d1 3188 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
05fbd89d
GP		 3189 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3190 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3191 (pi->unacked_frames > 0))
3192 __mod_retrans_timer();
3193
3194 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3195 l2cap_send_srejtail(sk);
3196 } else {
3197 l2cap_send_i_or_rr_or_rnr(sk);
05fbd89d 3198 }
1d8f5d16 3199
e072745f
GP		 3200 } else if (rx_control & L2CAP_CTRL_FINAL) {
3201 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4ec10d97 3202
e072745f
GP		 3203 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3204 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3205 else
3206 l2cap_retransmit_frames(sk);
2246b2f1 3207
e072745f 3208 } else {
e072745f
GP		 3209 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3210 (pi->unacked_frames > 0))
3211 __mod_retrans_timer();
1c2acffb 3212
2246b2f1 3213 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
894718a6 3214 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
e072745f 3215 l2cap_send_ack(pi);
894718a6 3216 else
e072745f
GP		 3217 l2cap_ertm_send(sk);
3218 }
3219}
2246b2f1 3220
e072745f
GP		 3221static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3222{
3223 struct l2cap_pinfo *pi = l2cap_pi(sk);
3224 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3225
0e98958d
GP		 3226 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3227
e072745f
GP		 3228 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3229
8abb52ee 3230 pi->expected_ack_seq = tx_seq;
e072745f
GP		 3231 l2cap_drop_acked_frames(sk);
3232
3233 if (rx_control & L2CAP_CTRL_FINAL) {
3234 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3235 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3236 else
3237 l2cap_retransmit_frames(sk);
e072745f 3238 } else {
dfc909be 3239 l2cap_retransmit_frames(sk);
30afb5b2 3240
0301ef04 3241 if (pi->conn_state & L2CAP_CONN_WAIT_F)
e072745f 3242 pi->conn_state |= L2CAP_CONN_REJ_ACT;
e072745f
GP		 3243 }
3244}
3245static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3246{
3247 struct l2cap_pinfo *pi = l2cap_pi(sk);
3248 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3249
0e98958d
GP		 3250 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3251
e072745f 3252 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
2246b2f1 3253
e072745f
GP		 3254 if (rx_control & L2CAP_CTRL_POLL) {
3255 pi->expected_ack_seq = tx_seq;
3256 l2cap_drop_acked_frames(sk);
3cb123d1
GP		 3257
3258 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
dfc909be
GP		 3259 l2cap_retransmit_one_frame(sk, tx_seq);
3260
e072745f 3261 l2cap_ertm_send(sk);
dfc909be 3262
e072745f
GP		 3263 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3264 pi->srej_save_reqseq = tx_seq;
3265 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3266 }
e072745f
GP		 3267 } else if (rx_control & L2CAP_CTRL_FINAL) {
3268 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3269 pi->srej_save_reqseq == tx_seq)
3270 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3271 else
dfc909be 3272 l2cap_retransmit_one_frame(sk, tx_seq);
e072745f 3273 } else {
dfc909be 3274 l2cap_retransmit_one_frame(sk, tx_seq);
e072745f
GP		 3275 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3276 pi->srej_save_reqseq = tx_seq;
3277 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3278 }
e072745f
GP		 3279 }
3280}
3281
3282static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
3283{
3284 struct l2cap_pinfo *pi = l2cap_pi(sk);
3285 u8 tx_seq = __get_reqseq(rx_control);
3286
0e98958d
GP		 3287 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3288
e072745f
GP		 3289 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3290 pi->expected_ack_seq = tx_seq;
3291 l2cap_drop_acked_frames(sk);
3292
3cb123d1
GP		 3293 if (rx_control & L2CAP_CTRL_POLL)
3294 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3295
99b0d4b7
GP		 3296 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
3297 del_timer(&pi->retrans_timer);
a2e12a2a
GP		 3298 if (rx_control & L2CAP_CTRL_POLL)
3299 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
99b0d4b7 3300 return;
e072745f 3301 }
99b0d4b7
GP		 3302
3303 if (rx_control & L2CAP_CTRL_POLL)
3304 l2cap_send_srejtail(sk);
3305 else
3306 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3307}
3308
3309static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3310{
3311 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3312
9b16dc65
GP		 3313 if (L2CAP_CTRL_FINAL & rx_control &&
3314 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
e072745f
GP		 3315 del_timer(&l2cap_pi(sk)->monitor_timer);
3316 if (l2cap_pi(sk)->unacked_frames > 0)
3317 __mod_retrans_timer();
3318 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
3319 }
3320
3321 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3322 case L2CAP_SUPER_RCV_READY:
3323 l2cap_data_channel_rrframe(sk, rx_control);
8f17154f
GP		 3324 break;
3325
e072745f
GP		 3326 case L2CAP_SUPER_REJECT:
3327 l2cap_data_channel_rejframe(sk, rx_control);
3328 break;
2246b2f1 3329
e072745f
GP		 3330 case L2CAP_SUPER_SELECT_REJECT:
3331 l2cap_data_channel_srejframe(sk, rx_control);
3332 break;
3333
3334 case L2CAP_SUPER_RCV_NOT_READY:
3335 l2cap_data_channel_rnrframe(sk, rx_control);
1c2acffb
GP		 3336 break;
3337 }
3338
faaebd19 3339 kfree_skb(skb);
1c2acffb
GP		 3340 return 0;
3341}
3342
218bb9df
GP		 3343static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3344{
3345 struct l2cap_pinfo *pi = l2cap_pi(sk);
3346 u16 control;
3347 u8 req_seq;
3348 int len, next_tx_seq_offset, req_seq_offset;
3349
3350 control = get_unaligned_le16(skb->data);
3351 skb_pull(skb, 2);
3352 len = skb->len;
3353
3354 /*
3355 * We can just drop the corrupted I-frame here.
3356 * Receiver will miss it and start proper recovery
3357 * procedures and ask retransmission.
3358 */
3359 if (l2cap_check_fcs(pi, skb))
3360 goto drop;
3361
3362 if (__is_sar_start(control) && __is_iframe(control))
3363 len -= 2;
3364
3365 if (pi->fcs == L2CAP_FCS_CRC16)
3366 len -= 2;
3367
3368 if (len > pi->mps) {
3369 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3370 goto drop;
3371 }
3372
3373 req_seq = __get_reqseq(control);
3374 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
3375 if (req_seq_offset < 0)
3376 req_seq_offset += 64;
3377
3378 next_tx_seq_offset =
3379 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
3380 if (next_tx_seq_offset < 0)
3381 next_tx_seq_offset += 64;
3382
3383 /* check for invalid req-seq */
3384 if (req_seq_offset > next_tx_seq_offset) {
3385 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3386 goto drop;
3387 }
3388
3389 if (__is_iframe(control)) {
3390 if (len < 0) {
3391 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3392 goto drop;
3393 }
3394
3395 l2cap_data_channel_iframe(sk, control, skb);
3396 } else {
3397 if (len != 0) {
3398 BT_ERR("%d", len);
3399 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3400 goto drop;
3401 }
3402
3403 l2cap_data_channel_sframe(sk, control, skb);
3404 }
3405
3406 return 0;
3407
3408drop:
3409 kfree_skb(skb);
3410 return 0;
3411}
3412
1da177e4
LT		 3413static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3414{
3415 struct sock *sk;
6840ed07 3416 struct l2cap_pinfo *pi;
51893f88 3417 u16 control;
218bb9df
GP		 3418 u8 tx_seq;
3419 int len;
1da177e4
LT		 3420
3421 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3422 if (!sk) {
3423 BT_DBG("unknown cid 0x%4.4x", cid);
3424 goto drop;
3425 }
3426
6840ed07
GP		 3427 pi = l2cap_pi(sk);
3428
1da177e4
LT		 3429 BT_DBG("sk %p, len %d", sk, skb->len);
3430
3431 if (sk->sk_state != BT_CONNECTED)
3432 goto drop;
3433
6840ed07 3434 switch (pi->mode) {
1c2acffb
GP		 3435 case L2CAP_MODE_BASIC:
3436 /* If socket recv buffers overflows we drop data here
3437 * which is *bad* because L2CAP has to be reliable.
3438 * But we don't have any other choice. L2CAP doesn't
3439 * provide flow control mechanism. */
1da177e4 3440
6840ed07 3441 if (pi->imtu < skb->len)
1c2acffb 3442 goto drop;
1da177e4 3443
1c2acffb
GP		 3444 if (!sock_queue_rcv_skb(sk, skb))
3445 goto done;
3446 break;
3447
3448 case L2CAP_MODE_ERTM:
218bb9df
GP		 3449 if (!sock_owned_by_user(sk)) {
3450 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3451 } else {
218bb9df 3452 if (sk_add_backlog(sk, skb))
277ffbe3 3453 goto drop;
277ffbe3 3454 }
1c2acffb 3455
fcafde2e 3456 goto done;
1c2acffb 3457
6840ed07
GP		 3458 case L2CAP_MODE_STREAMING:
3459 control = get_unaligned_le16(skb->data);
3460 skb_pull(skb, 2);
3461 len = skb->len;
3462
26000089
GP		 3463 if (l2cap_check_fcs(pi, skb))
3464 goto drop;
3465
6840ed07
GP		 3466 if (__is_sar_start(control))
3467 len -= 2;
3468
fcc203c3
GP		 3469 if (pi->fcs == L2CAP_FCS_CRC16)
3470 len -= 2;
3471
51893f88 3472 if (len > pi->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3473 goto drop;
3474
3475 tx_seq = __get_txseq(control);
3476
3477 if (pi->expected_tx_seq == tx_seq)
3478 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3479 else
7dffe421 3480 pi->expected_tx_seq = (tx_seq + 1) % 64;
6840ed07 3481
18778a63 3482 l2cap_streaming_reassembly_sdu(sk, skb, control);
6840ed07
GP		 3483
3484 goto done;
3485
1c2acffb 3486 default:
e8235c6b 3487 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
1c2acffb
GP		 3488 break;
3489 }
1da177e4
LT		 3490
3491drop:
3492 kfree_skb(skb);
3493
3494done:
0139418c
MH		 3495 if (sk)
3496 bh_unlock_sock(sk);
3497
1da177e4
LT		 3498 return 0;
3499}
3500
8e036fc3 3501static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 3502{
3503 struct sock *sk;
3504
3505 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3506 if (!sk)
3507 goto drop;
3508
e0f0cb56
GP		 3509 bh_lock_sock(sk);
3510
1da177e4
LT		 3511 BT_DBG("sk %p, len %d", sk, skb->len);
3512
3513 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3514 goto drop;
3515
3516 if (l2cap_pi(sk)->imtu < skb->len)
3517 goto drop;
3518
3519 if (!sock_queue_rcv_skb(sk, skb))
3520 goto done;
3521
3522drop:
3523 kfree_skb(skb);
3524
3525done:
af05b30b
GP		 3526 if (sk)
3527 bh_unlock_sock(sk);
1da177e4
LT		 3528 return 0;
3529}
3530
3531static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3532{
3533 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3534 u16 cid, len;
3535 __le16 psm;
1da177e4
LT		 3536
3537 skb_pull(skb, L2CAP_HDR_SIZE);
3538 cid = __le16_to_cpu(lh->cid);
3539 len = __le16_to_cpu(lh->len);
3540
1c2acffb
GP		 3541 if (len != skb->len) {
3542 kfree_skb(skb);
3543 return;
3544 }
3545
1da177e4
LT		 3546 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3547
3548 switch (cid) {
8db4dc46 3549 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3550 l2cap_sig_channel(conn, skb);
3551 break;
3552
8db4dc46 3553 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3554 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3555 skb_pull(skb, 2);
3556 l2cap_conless_channel(conn, psm, skb);
3557 break;
3558
3559 default:
3560 l2cap_data_channel(conn, cid, skb);
3561 break;
3562 }
3563}
3564
3565/* ---- L2CAP interface with lower layer (HCI) ---- */
3566
3567static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3568{
3569 int exact = 0, lm1 = 0, lm2 = 0;
3570 register struct sock *sk;
3571 struct hlist_node *node;
3572
3573 if (type != ACL_LINK)
963cf687 3574 return -EINVAL;
1da177e4
LT		 3575
3576 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3577
3578 /* Find listening sockets and check their link_mode */
3579 read_lock(&l2cap_sk_list.lock);
3580 sk_for_each(sk, node, &l2cap_sk_list.head) {
3581 if (sk->sk_state != BT_LISTEN)
3582 continue;
3583
3584 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 3585 lm1 |= HCI_LM_ACCEPT;
3586 if (l2cap_pi(sk)->role_switch)
3587 lm1 |= HCI_LM_MASTER;
1da177e4 3588 exact++;
2af6b9d5
MH		 3589 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3590 lm2 |= HCI_LM_ACCEPT;
3591 if (l2cap_pi(sk)->role_switch)
3592 lm2 |= HCI_LM_MASTER;
3593 }
1da177e4
LT		 3594 }
3595 read_unlock(&l2cap_sk_list.lock);
3596
3597 return exact ? lm1 : lm2;
3598}
3599
3600static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3601{
0139418c
MH		 3602 struct l2cap_conn *conn;
3603
1da177e4
LT		 3604 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3605
3606 if (hcon->type != ACL_LINK)
963cf687 3607 return -EINVAL;
1da177e4
LT		 3608
3609 if (!status) {
1da177e4
LT		 3610 conn = l2cap_conn_add(hcon, status);
3611 if (conn)
3612 l2cap_conn_ready(conn);
0139418c 3613 } else
1da177e4
LT		 3614 l2cap_conn_del(hcon, bt_err(status));
3615
3616 return 0;
3617}
3618
2950f21a
MH		 3619static int l2cap_disconn_ind(struct hci_conn *hcon)
3620{
3621 struct l2cap_conn *conn = hcon->l2cap_data;
3622
3623 BT_DBG("hcon %p", hcon);
3624
3625 if (hcon->type != ACL_LINK || !conn)
3626 return 0x13;
3627
3628 return conn->disc_reason;
3629}
3630
3631static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 3632{
3633 BT_DBG("hcon %p reason %d", hcon, reason);
3634
3635 if (hcon->type != ACL_LINK)
963cf687 3636 return -EINVAL;
1da177e4
LT		 3637
3638 l2cap_conn_del(hcon, bt_err(reason));
0139418c 3639
1da177e4
LT		 3640 return 0;
3641}
3642
f62e4323
MH		 3643static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3644{
bd3c9e25 3645 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
255c7601
MH		 3646 return;
3647
f62e4323
MH		 3648 if (encrypt == 0x00) {
3649 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3650 l2cap_sock_clear_timer(sk);
3651 l2cap_sock_set_timer(sk, HZ * 5);
3652 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3653 __l2cap_sock_close(sk, ECONNREFUSED);
3654 } else {
3655 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3656 l2cap_sock_clear_timer(sk);
3657 }
3658}
3659
8c1b2355 3660static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 3661{
3662 struct l2cap_chan_list *l;
0139418c 3663 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 3664 struct sock *sk;
1da177e4 3665
0139418c 3666 if (!conn)
1da177e4 3667 return 0;
0139418c 3668
1da177e4
LT		 3669 l = &conn->chan_list;
3670
3671 BT_DBG("conn %p", conn);
3672
3673 read_lock(&l->lock);
3674
3675 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3676 bh_lock_sock(sk);
3677
6a8d3010
MH		 3678 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3679 bh_unlock_sock(sk);
3680 continue;
3681 }
3682
f62e4323 3683 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 3684 sk->sk_state == BT_CONFIG)) {
f62e4323 3685 l2cap_check_encryption(sk, encrypt);
9719f8af
MH		 3686 bh_unlock_sock(sk);
3687 continue;
3688 }
3689
b1235d79
MH		 3690 if (sk->sk_state == BT_CONNECT) {
3691 if (!status) {
3692 struct l2cap_conn_req req;
3693 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3694 req.psm = l2cap_pi(sk)->psm;
1da177e4 3695
b1235d79 3696 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
e501d055 3697 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4 3698
b1235d79
MH		 3699 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3700 L2CAP_CONN_REQ, sizeof(req), &req);
3701 } else {
3702 l2cap_sock_clear_timer(sk);
3703 l2cap_sock_set_timer(sk, HZ / 10);
3704 }
3705 } else if (sk->sk_state == BT_CONNECT2) {
3706 struct l2cap_conn_rsp rsp;
3707 __u16 result;
1da177e4 3708
b1235d79
MH		 3709 if (!status) {
3710 sk->sk_state = BT_CONFIG;
3711 result = L2CAP_CR_SUCCESS;
3712 } else {
3713 sk->sk_state = BT_DISCONN;
3714 l2cap_sock_set_timer(sk, HZ / 10);
3715 result = L2CAP_CR_SEC_BLOCK;
3716 }
3717
3718 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3719 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3720 rsp.result = cpu_to_le16(result);
e7c29cb1 3721 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 3722 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3723 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3724 }
1da177e4
LT		 3725
3726 bh_unlock_sock(sk);
3727 }
3728
3729 read_unlock(&l->lock);
b1235d79 3730
1da177e4
LT		 3731 return 0;
3732}
3733
3734static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3735{
3736 struct l2cap_conn *conn = hcon->l2cap_data;
3737
5a08ecce
AE		 3738 if (!conn)
3739 conn = l2cap_conn_add(hcon, 0);
3740
3741 if (!conn)
1da177e4
LT		 3742 goto drop;
3743
3744 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3745
e702112f 3746 if (!(flags & ACL_CONT)) {
1da177e4 3747 struct l2cap_hdr *hdr;
89794813
AE		 3748 struct sock *sk;
3749 u16 cid;
1da177e4
LT		 3750 int len;
3751
3752 if (conn->rx_len) {
3753 BT_ERR("Unexpected start frame (len %d)", skb->len);
3754 kfree_skb(conn->rx_skb);
3755 conn->rx_skb = NULL;
3756 conn->rx_len = 0;
3757 l2cap_conn_unreliable(conn, ECOMM);
3758 }
3759
aae7fe22
AE		 3760 /* Start fragment always begin with Basic L2CAP header */
3761 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 3762 BT_ERR("Frame is too short (len %d)", skb->len);
3763 l2cap_conn_unreliable(conn, ECOMM);
3764 goto drop;
3765 }
3766
3767 hdr = (struct l2cap_hdr *) skb->data;
3768 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 3769 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 3770
3771 if (len == skb->len) {
3772 /* Complete frame received */
3773 l2cap_recv_frame(conn, skb);
3774 return 0;
3775 }
3776
3777 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
3778
3779 if (skb->len > len) {
3780 BT_ERR("Frame is too long (len %d, expected len %d)",
3781 skb->len, len);
3782 l2cap_conn_unreliable(conn, ECOMM);
3783 goto drop;
3784 }
3785
89794813
AE		 3786 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3787
3788 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
3789 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)",
3790 len, l2cap_pi(sk)->imtu);
3791 bh_unlock_sock(sk);
3792 l2cap_conn_unreliable(conn, ECOMM);
3793 goto drop;
3794 }
3795
3796 if (sk)
3797 bh_unlock_sock(sk);
3798
1da177e4 3799 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 3800 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
3801 if (!conn->rx_skb)
1da177e4
LT		 3802 goto drop;
3803
d626f62b 3804 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 3805 skb->len);
1da177e4
LT		 3806 conn->rx_len = len - skb->len;
3807 } else {
3808 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
3809
3810 if (!conn->rx_len) {
3811 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
3812 l2cap_conn_unreliable(conn, ECOMM);
3813 goto drop;
3814 }
3815
3816 if (skb->len > conn->rx_len) {
3817 BT_ERR("Fragment is too long (len %d, expected %d)",
3818 skb->len, conn->rx_len);
3819 kfree_skb(conn->rx_skb);
3820 conn->rx_skb = NULL;
3821 conn->rx_len = 0;
3822 l2cap_conn_unreliable(conn, ECOMM);
3823 goto drop;
3824 }
3825
d626f62b 3826 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 3827 skb->len);
1da177e4
LT		 3828 conn->rx_len -= skb->len;
3829
3830 if (!conn->rx_len) {
3831 /* Complete frame received */
3832 l2cap_recv_frame(conn, conn->rx_skb);
3833 conn->rx_skb = NULL;
3834 }
3835 }
3836
3837drop:
3838 kfree_skb(skb);
3839 return 0;
3840}
3841
aef7d97c 3842static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4
LT		 3843{
3844 struct sock *sk;
3845 struct hlist_node *node;
1da177e4
LT		 3846
3847 read_lock_bh(&l2cap_sk_list.lock);
3848
be9d1227
MH		 3849 sk_for_each(sk, node, &l2cap_sk_list.head) {
3850 struct l2cap_pinfo *pi = l2cap_pi(sk);
101545f6 3851
aef7d97c
MH		 3852 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
3853 batostr(&bt_sk(sk)->src),
3854 batostr(&bt_sk(sk)->dst),
3855 sk->sk_state, __le16_to_cpu(pi->psm),
3856 pi->scid, pi->dcid,
3857 pi->imtu, pi->omtu, pi->sec_level);
be9d1227 3858 }
1da177e4 3859
1da177e4 3860 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 3861
aef7d97c 3862 return 0;
1da177e4
LT		 3863}
3864
aef7d97c
MH		 3865static int l2cap_debugfs_open(struct inode *inode, struct file *file)
3866{
3867 return single_open(file, l2cap_debugfs_show, inode->i_private);
3868}
3869
3870static const struct file_operations l2cap_debugfs_fops = {
3871 .open = l2cap_debugfs_open,
3872 .read = seq_read,
3873 .llseek = seq_lseek,
3874 .release = single_release,
3875};
3876
3877static struct dentry *l2cap_debugfs;
1da177e4 3878
1da177e4
LT		 3879static struct hci_proto l2cap_hci_proto = {
3880 .name = "L2CAP",
3881 .id = HCI_PROTO_L2CAP,
3882 .connect_ind = l2cap_connect_ind,
3883 .connect_cfm = l2cap_connect_cfm,
3884 .disconn_ind = l2cap_disconn_ind,
2950f21a 3885 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 3886 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 3887 .recv_acldata = l2cap_recv_acldata
3888};
3889
3890static int __init l2cap_init(void)
3891{
3892 int err;
be9d1227 3893
bb58f747 3894 err = l2cap_init_sockets();
1da177e4
LT		 3895 if (err < 0)
3896 return err;
3897
1890d36b 3898 _busy_wq = create_singlethread_workqueue("l2cap");
b78d7b4f 3899 if (!_busy_wq) {
bb58f747 3900 err = -ENOMEM;
1da177e4
LT		 3901 goto error;
3902 }
3903
3904 err = hci_register_proto(&l2cap_hci_proto);
3905 if (err < 0) {
3906 BT_ERR("L2CAP protocol registration failed");
3907 bt_sock_unregister(BTPROTO_L2CAP);
3908 goto error;
3909 }
3910
aef7d97c
MH		 3911 if (bt_debugfs) {
3912 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
3913 bt_debugfs, NULL, &l2cap_debugfs_fops);
3914 if (!l2cap_debugfs)
3915 BT_ERR("Failed to create L2CAP debug file");
3916 }
1da177e4
LT		 3917
3918 BT_INFO("L2CAP ver %s", VERSION);
3919 BT_INFO("L2CAP socket layer initialized");
3920
3921 return 0;
3922
3923error:
b78d7b4f 3924 destroy_workqueue(_busy_wq);
bb58f747 3925 l2cap_cleanup_sockets();
1da177e4
LT		 3926 return err;
3927}
3928
3929static void __exit l2cap_exit(void)
3930{
aef7d97c 3931 debugfs_remove(l2cap_debugfs);
1da177e4 3932
1890d36b
GP		 3933 flush_workqueue(_busy_wq);
3934 destroy_workqueue(_busy_wq);
3935
1da177e4
LT		 3936 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
3937 BT_ERR("L2CAP protocol unregistration failed");
3938
bb58f747 3939 l2cap_cleanup_sockets();
1da177e4
LT		 3940}
3941
3942void l2cap_load(void)
3943{
3944 /* Dummy function to trigger automatic L2CAP module loading by
3945 * other modules that use L2CAP sockets but don't use any other
3946 * symbols from it. */
1da177e4
LT		 3947}
3948EXPORT_SYMBOL(l2cap_load);
3949
3950module_init(l2cap_init);
3951module_exit(l2cap_exit);
3952
d1c4a17d
GP		 3953module_param(disable_ertm, bool, 0644);
3954MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
44dd46de 3955
63fbd24e 3956MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 3957MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
3958MODULE_VERSION(VERSION);
3959MODULE_LICENSE("GPL");
3960MODULE_ALIAS("bt-proto-0");
Linux kernel - Deliverables
This page took 0.917002 seconds and 5 git commands to generate.