projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Save remote L2CAP fixed channel mask
[deliverable/linux.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
52#include <asm/system.h>
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
eb939922 60bool disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
0139418c 76/* ---- L2CAP channels ---- */
71ba0e56 77
baa7e1fa 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 79{
3df91ea2 80 struct l2cap_chan *c;
3d57dc68 81
3df91ea2
AE		 82 list_for_each_entry(c, &conn->chan_l, list) {
83 if (c->dcid == cid)
84 return c;
0139418c 85 }
3df91ea2 86 return NULL;
0139418c
MH		 87}
88
baa7e1fa 89static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 90{
3df91ea2 91 struct l2cap_chan *c;
3d57dc68 92
3df91ea2
AE		 93 list_for_each_entry(c, &conn->chan_l, list) {
94 if (c->scid == cid)
95 return c;
0139418c 96 }
3df91ea2 97 return NULL;
0139418c
MH		 98}
99
100/* Find channel with given SCID.
101 * Returns locked socket */
baa7e1fa 102static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 103{
48454079 104 struct l2cap_chan *c;
baa7e1fa 105
3df91ea2 106 mutex_lock(&conn->chan_lock);
baa7e1fa 107 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 108 mutex_unlock(&conn->chan_lock);
109
48454079 110 return c;
0139418c
MH		 111}
112
baa7e1fa 113static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 114{
3df91ea2 115 struct l2cap_chan *c;
3d57dc68 116
3df91ea2
AE		 117 list_for_each_entry(c, &conn->chan_l, list) {
118 if (c->ident == ident)
119 return c;
0139418c 120 }
3df91ea2 121 return NULL;
0139418c
MH		 122}
123
baa7e1fa 124static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 125{
48454079 126 struct l2cap_chan *c;
baa7e1fa 127
3df91ea2 128 mutex_lock(&conn->chan_lock);
baa7e1fa 129 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 130 mutex_unlock(&conn->chan_lock);
131
48454079 132 return c;
0139418c
MH		 133}
134
23691d75 135static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 136{
23691d75 137 struct l2cap_chan *c;
9e4425ff 138
23691d75
GP		 139 list_for_each_entry(c, &chan_list, global_l) {
140 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 141 return c;
9e4425ff 142 }
250938cb 143 return NULL;
9e4425ff
GP		 144}
145
146int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
147{
73b2ec18
GP		 148 int err;
149
333055f2 150 write_lock(&chan_list_lock);
9e4425ff 151
23691d75 152 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 153 err = -EADDRINUSE;
154 goto done;
9e4425ff
GP		 155 }
156
73b2ec18
GP		 157 if (psm) {
158 chan->psm = psm;
159 chan->sport = psm;
160 err = 0;
161 } else {
162 u16 p;
163
164 err = -EINVAL;
165 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 166 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 167 chan->psm = cpu_to_le16(p);
168 chan->sport = cpu_to_le16(p);
169 err = 0;
170 break;
171 }
172 }
9e4425ff 173
73b2ec18 174done:
333055f2 175 write_unlock(&chan_list_lock);
73b2ec18 176 return err;
9e4425ff
GP		 177}
178
179int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
180{
333055f2 181 write_lock(&chan_list_lock);
9e4425ff
GP		 182
183 chan->scid = scid;
184
333055f2 185 write_unlock(&chan_list_lock);
9e4425ff
GP		 186
187 return 0;
188}
189
baa7e1fa 190static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 191{
8db4dc46 192 u16 cid = L2CAP_CID_DYN_START;
0139418c 193
8db4dc46 194 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 195 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 196 return cid;
197 }
198
199 return 0;
200}
201
0e587be7 202static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 203{
42d2d87c 204 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 205 state_to_string(state));
206
89bc500e
GP		 207 chan->state = state;
208 chan->ops->state_change(chan->data, state);
209}
210
0e587be7
AE		 211static void l2cap_state_change(struct l2cap_chan *chan, int state)
212{
213 struct sock *sk = chan->sk;
214
215 lock_sock(sk);
216 __l2cap_state_change(chan, state);
217 release_sock(sk);
218}
219
2e0052e4
AE		 220static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
221{
222 struct sock *sk = chan->sk;
223
224 sk->sk_err = err;
225}
226
227static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
228{
229 struct sock *sk = chan->sk;
230
231 lock_sock(sk);
232 __l2cap_chan_set_err(chan, err);
233 release_sock(sk);
234}
235
721c4181 236static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 237{
721c4181
GP		 238 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
239 chan_timer.work);
3df91ea2 240 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 241 int reason;
242
e05dcc32 243 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 244
3df91ea2 245 mutex_lock(&conn->chan_lock);
6be36555 246 l2cap_chan_lock(chan);
ab07801d 247
89bc500e 248 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 249 reason = ECONNREFUSED;
89bc500e 250 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 251 chan->sec_level != BT_SECURITY_SDP)
252 reason = ECONNREFUSED;
253 else
254 reason = ETIMEDOUT;
255
0f852724 256 l2cap_chan_close(chan, reason);
ab07801d 257
6be36555 258 l2cap_chan_unlock(chan);
ab07801d 259
ba3bd0ee 260 chan->ops->close(chan->data);
3df91ea2
AE		 261 mutex_unlock(&conn->chan_lock);
262
371fd835 263 l2cap_chan_put(chan);
ab07801d
GP		 264}
265
23691d75 266struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 267{
268 struct l2cap_chan *chan;
269
270 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
271 if (!chan)
272 return NULL;
273
c03b355e
AE		 274 mutex_init(&chan->lock);
275
48454079
GP		 276 chan->sk = sk;
277
333055f2 278 write_lock(&chan_list_lock);
23691d75 279 list_add(&chan->global_l, &chan_list);
333055f2 280 write_unlock(&chan_list_lock);
23691d75 281
721c4181 282 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 283
89bc500e
GP		 284 chan->state = BT_OPEN;
285
71ba0e56
GP		 286 atomic_set(&chan->refcnt, 1);
287
abc545b8
SJ		 288 BT_DBG("sk %p chan %p", sk, chan);
289
48454079
GP		 290 return chan;
291}
292
23691d75 293void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 294{
333055f2 295 write_lock(&chan_list_lock);
23691d75 296 list_del(&chan->global_l);
333055f2 297 write_unlock(&chan_list_lock);
23691d75 298
371fd835 299 l2cap_chan_put(chan);
6ff5abbf
GP		 300}
301
643162a8 302void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 303{
af05b30b 304 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 305 chan->psm, chan->dcid);
0139418c 306
9f5a0d7b 307 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 308
8c1d787b 309 chan->conn = conn;
0139418c 310
5491120e
AE		 311 switch (chan->chan_type) {
312 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 313 if (conn->hcon->type == LE_LINK) {
314 /* LE connection */
0c1bc5c6 315 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 316 chan->scid = L2CAP_CID_LE_DATA;
317 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 318 } else {
319 /* Alloc CID for connection-oriented socket */
fe4128e0 320 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 321 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 322 }
5491120e
AE		 323 break;
324
325 case L2CAP_CHAN_CONN_LESS:
0139418c 326 /* Connectionless socket */
fe4128e0
GP		 327 chan->scid = L2CAP_CID_CONN_LESS;
328 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 329 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 330 break;
331
332 default:
0139418c 333 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 334 chan->scid = L2CAP_CID_SIGNALING;
335 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 336 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 337 }
338
8f7975b1
AE		 339 chan->local_id = L2CAP_BESTEFFORT_ID;
340 chan->local_stype = L2CAP_SERV_BESTEFFORT;
341 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
342 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
343 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
344 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
345
371fd835 346 l2cap_chan_hold(chan);
baa7e1fa 347
3df91ea2 348 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 349}
350
351void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
352{
353 mutex_lock(&conn->chan_lock);
354 __l2cap_chan_add(conn, chan);
3df91ea2 355 mutex_unlock(&conn->chan_lock);
0139418c
MH		 356}
357
4519de9a 358static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 359{
48454079 360 struct sock *sk = chan->sk;
8c1d787b 361 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 362 struct sock *parent = bt_sk(sk)->parent;
363
c9b66675 364 __clear_chan_timer(chan);
0139418c 365
49208c9c 366 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 367
8e87d142 368 if (conn) {
baa7e1fa 369 /* Delete from channel list */
3df91ea2 370 list_del(&chan->list);
3d57dc68 371
371fd835 372 l2cap_chan_put(chan);
baa7e1fa 373
8c1d787b 374 chan->conn = NULL;
0139418c
MH		 375 hci_conn_put(conn->hcon);
376 }
377
6be36555
AE		 378 lock_sock(sk);
379
0e587be7 380 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 381 sock_set_flag(sk, SOCK_ZAPPED);
382
383 if (err)
2e0052e4 384 __l2cap_chan_set_err(chan, err);
0139418c
MH		 385
386 if (parent) {
387 bt_accept_unlink(sk);
388 parent->sk_data_ready(parent, 0);
389 } else
390 sk->sk_state_change(sk);
c13ffa62 391
6be36555
AE		 392 release_sock(sk);
393
c1360a1c
GP		 394 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
395 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 396 return;
2ead70b8 397
58d35f87 398 skb_queue_purge(&chan->tx_q);
c13ffa62 399
0c1bc5c6 400 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 401 struct srej_list *l, *tmp;
402
1a09bcb9
GP		 403 __clear_retrans_timer(chan);
404 __clear_monitor_timer(chan);
405 __clear_ack_timer(chan);
c13ffa62 406
f1c6775b 407 skb_queue_purge(&chan->srej_q);
c13ffa62 408
39d5a3ee 409 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 410 list_del(&l->list);
411 kfree(l);
412 }
413 }
0139418c
MH		 414}
415
4519de9a
GP		 416static void l2cap_chan_cleanup_listen(struct sock *parent)
417{
418 struct sock *sk;
419
420 BT_DBG("parent %p", parent);
421
422 /* Close not yet accepted channels */
0f852724 423 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 424 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 425
6be36555 426 l2cap_chan_lock(chan);
c9b66675 427 __clear_chan_timer(chan);
ba3bd0ee 428 l2cap_chan_close(chan, ECONNRESET);
6be36555 429 l2cap_chan_unlock(chan);
3df91ea2 430
ba3bd0ee 431 chan->ops->close(chan->data);
0f852724 432 }
4519de9a
GP		 433}
434
0f852724 435void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 436{
437 struct l2cap_conn *conn = chan->conn;
438 struct sock *sk = chan->sk;
439
e05dcc32
AE		 440 BT_DBG("chan %p state %s sk %p", chan,
441 state_to_string(chan->state), sk);
4519de9a 442
89bc500e 443 switch (chan->state) {
4519de9a 444 case BT_LISTEN:
6be36555 445 lock_sock(sk);
4519de9a 446 l2cap_chan_cleanup_listen(sk);
89bc500e 447
0e587be7 448 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 449 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 450 release_sock(sk);
4519de9a
GP		 451 break;
452
453 case BT_CONNECTED:
454 case BT_CONFIG:
715ec005 455 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 456 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 457 __clear_chan_timer(chan);
458 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 459 l2cap_send_disconn_req(conn, chan, reason);
460 } else
461 l2cap_chan_del(chan, reason);
462 break;
463
464 case BT_CONNECT2:
715ec005 465 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 466 conn->hcon->type == ACL_LINK) {
467 struct l2cap_conn_rsp rsp;
468 __u16 result;
469
470 if (bt_sk(sk)->defer_setup)
471 result = L2CAP_CR_SEC_BLOCK;
472 else
473 result = L2CAP_CR_BAD_PSM;
89bc500e 474 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 475
476 rsp.scid = cpu_to_le16(chan->dcid);
477 rsp.dcid = cpu_to_le16(chan->scid);
478 rsp.result = cpu_to_le16(result);
479 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
480 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
481 sizeof(rsp), &rsp);
482 }
483
484 l2cap_chan_del(chan, reason);
485 break;
486
487 case BT_CONNECT:
488 case BT_DISCONN:
489 l2cap_chan_del(chan, reason);
490 break;
491
492 default:
6be36555 493 lock_sock(sk);
4519de9a 494 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 495 release_sock(sk);
4519de9a
GP		 496 break;
497 }
498}
499
4343478f 500static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 501{
715ec005 502 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 503 switch (chan->sec_level) {
8556edd3
JH		 504 case BT_SECURITY_HIGH:
505 return HCI_AT_DEDICATED_BONDING_MITM;
506 case BT_SECURITY_MEDIUM:
507 return HCI_AT_DEDICATED_BONDING;
508 default:
509 return HCI_AT_NO_BONDING;
510 }
fe4128e0 511 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 512 if (chan->sec_level == BT_SECURITY_LOW)
513 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 514
4343478f 515 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 516 return HCI_AT_NO_BONDING_MITM;
00ae4af9 517 else
8556edd3 518 return HCI_AT_NO_BONDING;
00ae4af9 519 } else {
4343478f 520 switch (chan->sec_level) {
00ae4af9 521 case BT_SECURITY_HIGH:
8556edd3 522 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 523 case BT_SECURITY_MEDIUM:
8556edd3 524 return HCI_AT_GENERAL_BONDING;
00ae4af9 525 default:
8556edd3 526 return HCI_AT_NO_BONDING;
00ae4af9 527 }
0684e5f9 528 }
8556edd3
JH		 529}
530
531/* Service level security */
d45fc423 532int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 533{
8c1d787b 534 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 535 __u8 auth_type;
536
4343478f 537 auth_type = l2cap_get_auth_type(chan);
79d554a6 538
4343478f 539 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 540}
541
b5ad8b7f 542static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 543{
544 u8 id;
545
546 /* Get next available identificator.
547 * 1 - 128 are used by kernel.
548 * 129 - 199 are reserved.
549 * 200 - 254 are used by utilities like l2ping, etc.
550 */
551
333055f2 552 spin_lock(&conn->lock);
4e8402a3
MH		 553
554 if (++conn->tx_ident > 128)
555 conn->tx_ident = 1;
556
557 id = conn->tx_ident;
558
333055f2 559 spin_unlock(&conn->lock);
4e8402a3
MH		 560
561 return id;
562}
563
4519de9a 564static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 565{
566 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 567 u8 flags;
4e8402a3
MH		 568
569 BT_DBG("code 0x%2.2x", code);
570
571 if (!skb)
9a9c6a34 572 return;
4e8402a3 573
e702112f
AE		 574 if (lmp_no_flush_capable(conn->hcon->hdev))
575 flags = ACL_START_NO_FLUSH;
576 else
577 flags = ACL_START;
578
14b12d0b 579 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 580 skb->priority = HCI_PRIO_MAX;
14b12d0b 581
73d80deb
LAD		 582 hci_send_acl(conn->hchan, skb, flags);
583}
584
585static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
586{
587 struct hci_conn *hcon = chan->conn->hcon;
588 u16 flags;
589
590 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
591 skb->priority);
592
593 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
594 lmp_no_flush_capable(hcon->hdev))
595 flags = ACL_START_NO_FLUSH;
596 else
597 flags = ACL_START;
14b12d0b 598
73d80deb
LAD		 599 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
600 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 601}
602
88843ab0 603static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 604{
605 struct sk_buff *skb;
606 struct l2cap_hdr *lh;
8c1d787b 607 struct l2cap_conn *conn = chan->conn;
e4ca6d98 608 int count, hlen;
fcc203c3 609
89bc500e 610 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 611 return;
612
e4ca6d98
AE		 613 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
614 hlen = L2CAP_EXT_HDR_SIZE;
615 else
616 hlen = L2CAP_ENH_HDR_SIZE;
617
47d1ec61 618 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 619 hlen += L2CAP_FCS_SIZE;
1c2acffb 620
88843ab0 621 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 622
fcc203c3 623 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 624
625 control |= __set_sframe(chan);
1c2acffb 626
e2ab4353 627 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 628 control |= __set_ctrl_final(chan);
9e917af1 629
e2ab4353 630 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 631 control |= __set_ctrl_poll(chan);
f0946ccf 632
1c2acffb
GP		 633 skb = bt_skb_alloc(count, GFP_ATOMIC);
634 if (!skb)
9a9c6a34 635 return;
1c2acffb
GP		 636
637 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 638 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 639 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 640
641 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 642
47d1ec61 643 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 644 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
645 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 646 }
647
73d80deb
LAD		 648 skb->priority = HCI_PRIO_MAX;
649 l2cap_do_send(chan, skb);
1c2acffb
GP		 650}
651
88843ab0 652static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 653{
e2ab4353 654 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 655 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 656 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 657 } else
ab784b73 658 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 659
0b209fae 660 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 661
525cd185 662 l2cap_send_sframe(chan, control);
7e743090
GP		 663}
664
b4450035 665static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 666{
c1360a1c 667 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 668}
669
9b27f350
AE		 670static void l2cap_send_conn_req(struct l2cap_chan *chan)
671{
672 struct l2cap_conn *conn = chan->conn;
673 struct l2cap_conn_req req;
674
675 req.scid = cpu_to_le16(chan->scid);
676 req.psm = chan->psm;
677
678 chan->ident = l2cap_get_ident(conn);
679
680 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
681
682 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
683}
684
fc7f8a7e 685static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 686{
8c1d787b 687 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 688
689 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 690 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
691 return;
692
d45fc423 693 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 694 __l2cap_no_conn_pending(chan))
695 l2cap_send_conn_req(chan);
79d554a6
MH		 696 } else {
697 struct l2cap_info_req req;
698 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
699
700 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
701 conn->info_ident = l2cap_get_ident(conn);
702
030013d8 703 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 704 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
705
706 l2cap_send_cmd(conn, conn->info_ident,
707 L2CAP_INFO_REQ, sizeof(req), &req);
708 }
709}
710
cf6c2c0b
GP		 711static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
712{
713 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 714 if (!disable_ertm)
cf6c2c0b
GP		 715 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
716
717 switch (mode) {
718 case L2CAP_MODE_ERTM:
719 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
720 case L2CAP_MODE_STREAMING:
721 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
722 default:
723 return 0x00;
724 }
725}
726
4519de9a 727static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 728{
6be36555 729 struct sock *sk = chan->sk;
22121fc9
GP		 730 struct l2cap_disconn_req req;
731
c13ffa62
GP		 732 if (!conn)
733 return;
734
0c1bc5c6 735 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 736 __clear_retrans_timer(chan);
737 __clear_monitor_timer(chan);
738 __clear_ack_timer(chan);
c13ffa62
GP		 739 }
740
fe4128e0
GP		 741 req.dcid = cpu_to_le16(chan->dcid);
742 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 743 l2cap_send_cmd(conn, l2cap_get_ident(conn),
744 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 745
6be36555 746 lock_sock(sk);
0e587be7 747 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 748 __l2cap_chan_set_err(chan, err);
6be36555 749 release_sock(sk);
22121fc9
GP		 750}
751
1da177e4 752/* ---- L2CAP connections ---- */
4e8402a3
MH		 753static void l2cap_conn_start(struct l2cap_conn *conn)
754{
3df91ea2 755 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 756
757 BT_DBG("conn %p", conn);
758
3df91ea2 759 mutex_lock(&conn->chan_lock);
4e8402a3 760
3df91ea2 761 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 762 struct sock *sk = chan->sk;
baa7e1fa 763
6be36555 764 l2cap_chan_lock(chan);
4e8402a3 765
715ec005 766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 767 l2cap_chan_unlock(chan);
79d554a6
MH		 768 continue;
769 }
770
89bc500e 771 if (chan->state == BT_CONNECT) {
d45fc423 772 if (!l2cap_chan_check_security(chan) ||
b4450035 773 !__l2cap_no_conn_pending(chan)) {
6be36555 774 l2cap_chan_unlock(chan);
47731de7
GP		 775 continue;
776 }
79d554a6 777
c1360a1c
GP		 778 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
779 && test_bit(CONF_STATE2_DEVICE,
780 &chan->conf_state)) {
89bc500e 781 l2cap_chan_close(chan, ECONNRESET);
6be36555 782 l2cap_chan_unlock(chan);
47731de7 783 continue;
b1235d79 784 }
47731de7 785
9b27f350 786 l2cap_send_conn_req(chan);
47731de7 787
89bc500e 788 } else if (chan->state == BT_CONNECT2) {
79d554a6 789 struct l2cap_conn_rsp rsp;
e9aeb2dd 790 char buf[128];
fe4128e0
GP		 791 rsp.scid = cpu_to_le16(chan->dcid);
792 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 793
d45fc423 794 if (l2cap_chan_check_security(chan)) {
6be36555 795 lock_sock(sk);
f66dc81f
MH		 796 if (bt_sk(sk)->defer_setup) {
797 struct sock *parent = bt_sk(sk)->parent;
798 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
799 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 800 if (parent)
801 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 802
803 } else {
0e587be7 804 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 805 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
806 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
807 }
6be36555 808 release_sock(sk);
79d554a6
MH		 809 } else {
810 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
811 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
812 }
813
fc7f8a7e
GP		 814 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
815 sizeof(rsp), &rsp);
e9aeb2dd 816
c1360a1c 817 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 818 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 819 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 820 continue;
821 }
822
c1360a1c 823 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 824 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 825 l2cap_build_conf_req(chan, buf), buf);
826 chan->num_conf_req++;
4e8402a3
MH		 827 }
828
6be36555 829 l2cap_chan_unlock(chan);
4e8402a3
MH		 830 }
831
3df91ea2 832 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 833}
834
b62f328b
VT		 835/* Find socket with cid and source bdaddr.
836 * Returns closest match, locked.
837 */
23691d75 838static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 839{
23691d75 840 struct l2cap_chan *c, *c1 = NULL;
b62f328b 841
23691d75 842 read_lock(&chan_list_lock);
b62f328b 843
23691d75
GP		 844 list_for_each_entry(c, &chan_list, global_l) {
845 struct sock *sk = c->sk;
fe4128e0 846
89bc500e 847 if (state && c->state != state)
b62f328b
VT		 848 continue;
849
23691d75 850 if (c->scid == cid) {
b62f328b 851 /* Exact match. */
23691d75
GP		 852 if (!bacmp(&bt_sk(sk)->src, src)) {
853 read_unlock(&chan_list_lock);
854 return c;
855 }
b62f328b
VT		 856
857 /* Closest match */
858 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 859 c1 = c;
b62f328b
VT		 860 }
861 }
280f294f 862
23691d75 863 read_unlock(&chan_list_lock);
b62f328b 864
23691d75 865 return c1;
b62f328b
VT		 866}
867
868static void l2cap_le_conn_ready(struct l2cap_conn *conn)
869{
c916fbe4 870 struct sock *parent, *sk;
23691d75 871 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 872
873 BT_DBG("");
874
875 /* Check if we have socket listening on cid */
23691d75 876 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 877 conn->src);
23691d75 878 if (!pchan)
b62f328b
VT		 879 return;
880
23691d75
GP		 881 parent = pchan->sk;
882
aa2ac881 883 lock_sock(parent);
62f3a2cf 884
b62f328b
VT		 885 /* Check for backlog size */
886 if (sk_acceptq_is_full(parent)) {
887 BT_DBG("backlog full %d", parent->sk_ack_backlog);
888 goto clean;
889 }
890
80808e43
GP		 891 chan = pchan->ops->new_connection(pchan->data);
892 if (!chan)
b62f328b
VT		 893 goto clean;
894
80808e43 895 sk = chan->sk;
5d41ce1d 896
b62f328b
VT		 897 hci_conn_hold(conn->hcon);
898
b62f328b
VT		 899 bacpy(&bt_sk(sk)->src, conn->src);
900 bacpy(&bt_sk(sk)->dst, conn->dst);
901
d1010240
GP		 902 bt_accept_enqueue(parent, sk);
903
3d57dc68 904 l2cap_chan_add(conn, chan);
48454079 905
c9b66675 906 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 907
0e587be7 908 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 909 parent->sk_data_ready(parent, 0);
910
b62f328b 911clean:
aa2ac881 912 release_sock(parent);
b62f328b
VT		 913}
914
cf4cd009 915static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 916{
cf4cd009 917 struct sock *sk = chan->sk;
6be36555
AE		 918 struct sock *parent;
919
920 lock_sock(sk);
921
922 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 923
924 BT_DBG("sk %p, parent %p", sk, parent);
925
926 chan->conf_state = 0;
927 __clear_chan_timer(chan);
928
0e587be7 929 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 930 sk->sk_state_change(sk);
931
932 if (parent)
933 parent->sk_data_ready(parent, 0);
6be36555
AE		 934
935 release_sock(sk);
f1cb9af5
VCG		 936}
937
4e8402a3
MH		 938static void l2cap_conn_ready(struct l2cap_conn *conn)
939{
48454079 940 struct l2cap_chan *chan;
4e8402a3 941
79d554a6 942 BT_DBG("conn %p", conn);
4e8402a3 943
b62f328b
VT		 944 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
945 l2cap_le_conn_ready(conn);
946
160dc6ac
VCG		 947 if (conn->hcon->out && conn->hcon->type == LE_LINK)
948 smp_conn_security(conn, conn->hcon->pending_sec_level);
949
3df91ea2 950 mutex_lock(&conn->chan_lock);
4e8402a3 951
3df91ea2 952 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 953
6be36555 954 l2cap_chan_lock(chan);
4e8402a3 955
63128451 956 if (conn->hcon->type == LE_LINK) {
b501d6a1 957 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 958 l2cap_chan_ready(chan);
acd7d370 959
63128451 960 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 961 struct sock *sk = chan->sk;
c9b66675 962 __clear_chan_timer(chan);
6be36555 963 lock_sock(sk);
0e587be7 964 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 965 sk->sk_state_change(sk);
6be36555 966 release_sock(sk);
b501d6a1 967
89bc500e 968 } else if (chan->state == BT_CONNECT)
fc7f8a7e 969 l2cap_do_start(chan);
4e8402a3 970
6be36555 971 l2cap_chan_unlock(chan);
4e8402a3 972 }
79d554a6 973
3df91ea2 974 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 975}
976
977/* Notify sockets that we cannot guaranty reliability anymore */
978static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
979{
48454079 980 struct l2cap_chan *chan;
4e8402a3
MH		 981
982 BT_DBG("conn %p", conn);
983
3df91ea2 984 mutex_lock(&conn->chan_lock);
4e8402a3 985
3df91ea2 986 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 987 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 988 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 989 }
990
3df91ea2 991 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 992}
993
f878fcad 994static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 995{
f878fcad 996 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 997 info_timer.work);
4e8402a3 998
984947dc 999 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1000 conn->info_ident = 0;
984947dc 1001
4e8402a3
MH		 1002 l2cap_conn_start(conn);
1003}
1004
5d3de7df
VCG		 1005static void l2cap_conn_del(struct hci_conn *hcon, int err)
1006{
1007 struct l2cap_conn *conn = hcon->l2cap_data;
1008 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1009
1010 if (!conn)
1011 return;
1012
1013 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1014
1015 kfree_skb(conn->rx_skb);
1016
3df91ea2
AE		 1017 mutex_lock(&conn->chan_lock);
1018
5d3de7df
VCG		 1019 /* Kill channels */
1020 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1021 l2cap_chan_lock(chan);
1022
5d3de7df 1023 l2cap_chan_del(chan, err);
6be36555
AE		 1024
1025 l2cap_chan_unlock(chan);
1026
5d3de7df
VCG		 1027 chan->ops->close(chan->data);
1028 }
1029
3df91ea2
AE		 1030 mutex_unlock(&conn->chan_lock);
1031
73d80deb
LAD		 1032 hci_chan_del(conn->hchan);
1033
5d3de7df 1034 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1035 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1036
51a8efd7 1037 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1038 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1039 smp_chan_destroy(conn);
d26a2345 1040 }
5d3de7df
VCG		 1041
1042 hcon->l2cap_data = NULL;
1043 kfree(conn);
1044}
1045
6c9d42a1 1046static void security_timeout(struct work_struct *work)
5d3de7df 1047{
6c9d42a1
GP		 1048 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1049 security_timer.work);
5d3de7df
VCG		 1050
1051 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1052}
1053
1da177e4
LT		 1054static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1055{
0139418c 1056 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1057 struct hci_chan *hchan;
1da177e4 1058
0139418c 1059 if (conn || status)
1da177e4
LT		 1060 return conn;
1061
73d80deb
LAD		 1062 hchan = hci_chan_create(hcon);
1063 if (!hchan)
1064 return NULL;
1065
0139418c 1066 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1067 if (!conn) {
1068 hci_chan_del(hchan);
1da177e4 1069 return NULL;
73d80deb 1070 }
1da177e4
LT		 1071
1072 hcon->l2cap_data = conn;
1073 conn->hcon = hcon;
73d80deb 1074 conn->hchan = hchan;
1da177e4 1075
73d80deb 1076 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1077
acd7d370
VT		 1078 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1079 conn->mtu = hcon->hdev->le_mtu;
1080 else
1081 conn->mtu = hcon->hdev->acl_mtu;
1082
1da177e4
LT		 1083 conn->src = &hcon->hdev->bdaddr;
1084 conn->dst = &hcon->dst;
1085
4e8402a3
MH		 1086 conn->feat_mask = 0;
1087
1da177e4 1088 spin_lock_init(&conn->lock);
3df91ea2 1089 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1090
1091 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1092
5d3de7df 1093 if (hcon->type == LE_LINK)
6c9d42a1 1094 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1095 else
030013d8 1096 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1097
9f5a0d7b 1098 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1099
1da177e4
LT		 1100 return conn;
1101}
1102
1da177e4 1103/* ---- Socket interface ---- */
1da177e4
LT		 1104
1105/* Find socket with psm and source bdaddr.
1106 * Returns closest match.
1107 */
23691d75 1108static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1109{
23691d75 1110 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1111
23691d75 1112 read_lock(&chan_list_lock);
e0f0cb56 1113
23691d75
GP		 1114 list_for_each_entry(c, &chan_list, global_l) {
1115 struct sock *sk = c->sk;
fe4128e0 1116
89bc500e 1117 if (state && c->state != state)
1da177e4
LT		 1118 continue;
1119
23691d75 1120 if (c->psm == psm) {
1da177e4 1121 /* Exact match. */
23691d75 1122 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1123 read_unlock(&chan_list_lock);
23691d75
GP		 1124 return c;
1125 }
1da177e4
LT		 1126
1127 /* Closest match */
1128 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1129 c1 = c;
1da177e4
LT		 1130 }
1131 }
1da177e4 1132
23691d75 1133 read_unlock(&chan_list_lock);
e0f0cb56 1134
23691d75 1135 return c1;
1da177e4
LT		 1136}
1137
cbe8fed4 1138int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1139{
5d41ce1d 1140 struct sock *sk = chan->sk;
1da177e4 1141 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1142 struct l2cap_conn *conn;
1143 struct hci_conn *hcon;
1144 struct hci_dev *hdev;
09ab6f4c 1145 __u8 auth_type;
44d0e48e 1146 int err;
1da177e4 1147
f29972de 1148 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1149 chan->psm);
1da177e4 1150
af05b30b
GP		 1151 hdev = hci_get_route(dst, src);
1152 if (!hdev)
1da177e4
LT		 1153 return -EHOSTUNREACH;
1154
09fd0de5 1155 hci_dev_lock(hdev);
1da177e4 1156
6be36555 1157 l2cap_chan_lock(chan);
03a00194
GP		 1158
1159 /* PSM must be odd and lsb of upper byte must be 0 */
1160 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1161 chan->chan_type != L2CAP_CHAN_RAW) {
1162 err = -EINVAL;
1163 goto done;
1164 }
1165
1166 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1167 err = -EINVAL;
1168 goto done;
1169 }
1170
1171 switch (chan->mode) {
1172 case L2CAP_MODE_BASIC:
1173 break;
1174 case L2CAP_MODE_ERTM:
1175 case L2CAP_MODE_STREAMING:
1176 if (!disable_ertm)
1177 break;
1178 /* fall through */
1179 default:
1180 err = -ENOTSUPP;
1181 goto done;
1182 }
1183
6be36555
AE		 1184 lock_sock(sk);
1185
03a00194
GP		 1186 switch (sk->sk_state) {
1187 case BT_CONNECT:
1188 case BT_CONNECT2:
1189 case BT_CONFIG:
1190 /* Already connecting */
1191 err = 0;
6be36555 1192 release_sock(sk);
03a00194
GP		 1193 goto done;
1194
1195 case BT_CONNECTED:
1196 /* Already connected */
1197 err = -EISCONN;
6be36555 1198 release_sock(sk);
03a00194
GP		 1199 goto done;
1200
1201 case BT_OPEN:
1202 case BT_BOUND:
1203 /* Can connect */
1204 break;
1205
1206 default:
1207 err = -EBADFD;
6be36555 1208 release_sock(sk);
03a00194
GP		 1209 goto done;
1210 }
1211
1212 /* Set destination address and psm */
9219b2a0 1213 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1214
1215 release_sock(sk);
1216
03a00194
GP		 1217 chan->psm = psm;
1218 chan->dcid = cid;
1da177e4 1219
4343478f 1220 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1221
fe4128e0 1222 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1223 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1224 chan->sec_level, auth_type);
acd7d370
VT		 1225 else
1226 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1227 chan->sec_level, auth_type);
acd7d370 1228
30e76272
VT		 1229 if (IS_ERR(hcon)) {
1230 err = PTR_ERR(hcon);
1da177e4 1231 goto done;
30e76272 1232 }
1da177e4
LT		 1233
1234 conn = l2cap_conn_add(hcon, 0);
1235 if (!conn) {
1236 hci_conn_put(hcon);
30e76272 1237 err = -ENOMEM;
1da177e4
LT		 1238 goto done;
1239 }
1240
1da177e4
LT		 1241 /* Update source addr of the socket */
1242 bacpy(src, conn->src);
1243
6be36555 1244 l2cap_chan_unlock(chan);
48454079 1245 l2cap_chan_add(conn, chan);
6be36555 1246 l2cap_chan_lock(chan);
48454079 1247
6be36555 1248 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1249 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1250
1251 if (hcon->state == BT_CONNECTED) {
715ec005 1252 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1253 __clear_chan_timer(chan);
d45fc423 1254 if (l2cap_chan_check_security(chan))
6be36555 1255 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1256 } else
fc7f8a7e 1257 l2cap_do_start(chan);
1da177e4
LT		 1258 }
1259
30e76272
VT		 1260 err = 0;
1261
1da177e4 1262done:
6be36555 1263 l2cap_chan_unlock(chan);
09fd0de5 1264 hci_dev_unlock(hdev);
1da177e4
LT		 1265 hci_dev_put(hdev);
1266 return err;
1267}
1268
dcba0dba 1269int __l2cap_wait_ack(struct sock *sk)
6161c038 1270{
8c1d787b 1271 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1272 DECLARE_WAITQUEUE(wait, current);
1273 int err = 0;
1274 int timeo = HZ/5;
1275
2b0b05dd 1276 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1277 set_current_state(TASK_INTERRUPTIBLE);
1278 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1279 if (!timeo)
1280 timeo = HZ/5;
1281
1282 if (signal_pending(current)) {
1283 err = sock_intr_errno(timeo);
1284 break;
1285 }
1286
1287 release_sock(sk);
1288 timeo = schedule_timeout(timeo);
1289 lock_sock(sk);
a71a0cf4 1290 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1291
1292 err = sock_error(sk);
1293 if (err)
1294 break;
1295 }
1296 set_current_state(TASK_RUNNING);
2b0b05dd 1297 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1298 return err;
1299}
1300
721c4181 1301static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1302{
721c4181
GP		 1303 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1304 monitor_timer.work);
e90bac06 1305
525cd185 1306 BT_DBG("chan %p", chan);
0e98958d 1307
6be36555
AE		 1308 l2cap_chan_lock(chan);
1309
2c03a7a4 1310 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1311 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1312 l2cap_chan_unlock(chan);
e90bac06
GP		 1313 return;
1314 }
1315
6a026610 1316 chan->retry_count++;
1a09bcb9 1317 __set_monitor_timer(chan);
e90bac06 1318
525cd185 1319 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1320 l2cap_chan_unlock(chan);
e90bac06
GP		 1321}
1322
721c4181 1323static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1324{
721c4181
GP		 1325 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1326 retrans_timer.work);
e90bac06 1327
49208c9c 1328 BT_DBG("chan %p", chan);
0e98958d 1329
6be36555
AE		 1330 l2cap_chan_lock(chan);
1331
6a026610 1332 chan->retry_count = 1;
1a09bcb9 1333 __set_monitor_timer(chan);
e90bac06 1334
e2ab4353 1335 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1336
525cd185 1337 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1338
1339 l2cap_chan_unlock(chan);
e90bac06
GP		 1340}
1341
42e5c802 1342static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1343{
1c2acffb 1344 struct sk_buff *skb;
1da177e4 1345
58d35f87 1346 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1347 chan->unacked_frames) {
42e5c802 1348 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1349 break;
1da177e4 1350
58d35f87 1351 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1352 kfree_skb(skb);
1da177e4 1353
6a026610 1354 chan->unacked_frames--;
1c2acffb 1355 }
1da177e4 1356
6a026610 1357 if (!chan->unacked_frames)
1a09bcb9 1358 __clear_retrans_timer(chan);
1c2acffb 1359}
1da177e4 1360
67c9e840 1361static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1362{
ccbb84af 1363 struct sk_buff *skb;
88843ab0
AE		 1364 u32 control;
1365 u16 fcs;
6840ed07 1366
58d35f87 1367 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1368 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1369 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1370 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1371
47d1ec61 1372 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1373 fcs = crc16(0, (u8 *)skb->data,
1374 skb->len - L2CAP_FCS_SIZE);
1375 put_unaligned_le16(fcs,
1376 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1377 }
1378
4343478f 1379 l2cap_do_send(chan, skb);
6840ed07 1380
836be934 1381 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1382 }
6840ed07
GP		 1383}
1384
fb45de7d 1385static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1386{
8f17154f 1387 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1388 u16 fcs;
1389 u32 control;
8f17154f 1390
58d35f87 1391 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1392 if (!skb)
1393 return;
8f17154f 1394
d1726b6d 1395 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1396 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1397 return;
8f17154f 1398
d1726b6d
SJ		 1399 skb = skb_queue_next(&chan->tx_q, skb);
1400 }
8f17154f 1401
2c03a7a4
GP		 1402 if (chan->remote_max_tx &&
1403 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1404 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1405 return;
1406 }
1407
1408 tx_skb = skb_clone(skb, GFP_ATOMIC);
1409 bt_cb(skb)->retries++;
88843ab0
AE		 1410
1411 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1412 control &= __get_sar_mask(chan);
3cb123d1 1413
e2ab4353 1414 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1415 control |= __set_ctrl_final(chan);
95ffa978 1416
0b209fae 1417 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1418 control |= __set_txseq(chan, tx_seq);
3cb123d1 1419
88843ab0 1420 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1421
47d1ec61 1422 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1423 fcs = crc16(0, (u8 *)tx_skb->data,
1424 tx_skb->len - L2CAP_FCS_SIZE);
1425 put_unaligned_le16(fcs,
1426 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1427 }
1428
4343478f 1429 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1430}
1431
67c9e840 1432static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1433{
1434 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1435 u16 fcs;
1436 u32 control;
9a9c6a34 1437 int nsent = 0;
1c2acffb 1438
89bc500e 1439 if (chan->state != BT_CONNECTED)
c13ffa62 1440 return -ENOTCONN;
e90bac06 1441
58d35f87 1442 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1443
2c03a7a4
GP		 1444 if (chan->remote_max_tx &&
1445 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1446 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1447 break;
1448 }
1449
e420aba3
AE		 1450 tx_skb = skb_clone(skb, GFP_ATOMIC);
1451
e90bac06
GP		 1452 bt_cb(skb)->retries++;
1453
88843ab0 1454 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1455 control &= __get_sar_mask(chan);
95ffa978 1456
e2ab4353 1457 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1458 control |= __set_ctrl_final(chan);
e2ab4353 1459
0b209fae 1460 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1461 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1462
88843ab0 1463 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1464
47d1ec61 1465 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1466 fcs = crc16(0, (u8 *)skb->data,
1467 tx_skb->len - L2CAP_FCS_SIZE);
1468 put_unaligned_le16(fcs, skb->data +
1469 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1470 }
1471
4343478f 1472 l2cap_do_send(chan, tx_skb);
9a9c6a34 1473
1a09bcb9 1474 __set_retrans_timer(chan);
1c2acffb 1475
42e5c802 1476 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1477
1478 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1479
8ed7a0ae 1480 if (bt_cb(skb)->retries == 1) {
6a026610 1481 chan->unacked_frames++;
930fa4ae
SJ		 1482
1483 if (!nsent++)
1484 __clear_ack_timer(chan);
8ed7a0ae 1485 }
23e9fde2 1486
6a026610 1487 chan->frames_sent++;
1c2acffb 1488
58d35f87
GP		 1489 if (skb_queue_is_last(&chan->tx_q, skb))
1490 chan->tx_send_head = NULL;
1c2acffb 1491 else
58d35f87 1492 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1493 }
1494
9e917af1
GP		 1495 return nsent;
1496}
1497
525cd185 1498static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1499{
dfc909be
GP		 1500 int ret;
1501
58d35f87
GP		 1502 if (!skb_queue_empty(&chan->tx_q))
1503 chan->tx_send_head = chan->tx_q.next;
dfc909be 1504
42e5c802 1505 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1506 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1507 return ret;
1508}
1509
b17e73bb 1510static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1511{
88843ab0 1512 u32 control = 0;
9e917af1 1513
0b209fae 1514 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1515
e2ab4353 1516 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1517 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1518 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1519 l2cap_send_sframe(chan, control);
9a9c6a34 1520 return;
9e917af1 1521 }
dfc909be 1522
525cd185 1523 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1524 return;
1525
ab784b73 1526 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1527 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1528}
1529
b17e73bb
SJ		 1530static void l2cap_send_ack(struct l2cap_chan *chan)
1531{
1532 __clear_ack_timer(chan);
1533 __l2cap_send_ack(chan);
1534}
1535
525cd185 1536static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1537{
1538 struct srej_list *tail;
88843ab0 1539 u32 control;
99b0d4b7 1540
ab784b73 1541 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1542 control |= __set_ctrl_final(chan);
99b0d4b7 1543
39d5a3ee 1544 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1545 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1546
525cd185 1547 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1548}
1549
0952a57a 1550static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1c2acffb 1551{
0952a57a 1552 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1553 struct sk_buff **frag;
1554 int err, sent = 0;
1da177e4 1555
59203a21 1556 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1557 return -EFAULT;
1da177e4
LT		 1558
1559 sent += count;
1560 len -= count;
1561
1562 /* Continuation fragments (no L2CAP header) */
1563 frag = &skb_shinfo(skb)->frag_list;
1564 while (len) {
1565 count = min_t(unsigned int, conn->mtu, len);
1566
2f7719ce
AE		 1567 *frag = chan->ops->alloc_skb(chan, count,
1568 msg->msg_flags & MSG_DONTWAIT, &err);
1569
1da177e4 1570 if (!*frag)
0175d629 1571 return err;
1c2acffb
GP		 1572 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1573 return -EFAULT;
1da177e4 1574
5e59b791
LAD		 1575 (*frag)->priority = skb->priority;
1576
1da177e4
LT		 1577 sent += count;
1578 len -= count;
1579
1580 frag = &(*frag)->next;
1581 }
1da177e4
LT		 1582
1583 return sent;
1c2acffb 1584}
1da177e4 1585
5e59b791
LAD		 1586static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1587 struct msghdr *msg, size_t len,
1588 u32 priority)
1c2acffb 1589{
8c1d787b 1590 struct l2cap_conn *conn = chan->conn;
1c2acffb 1591 struct sk_buff *skb;
03a51213 1592 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1593 struct l2cap_hdr *lh;
1594
6d5922b0 1595 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1596
1597 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1598
1599 skb = chan->ops->alloc_skb(chan, count + hlen,
1600 msg->msg_flags & MSG_DONTWAIT, &err);
1601
1c2acffb 1602 if (!skb)
0175d629 1603 return ERR_PTR(err);
1c2acffb 1604
5e59b791
LAD		 1605 skb->priority = priority;
1606
1c2acffb
GP		 1607 /* Create L2CAP header */
1608 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1609 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1610 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1611 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb 1612
0952a57a 1613 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1614 if (unlikely(err < 0)) {
1615 kfree_skb(skb);
1616 return ERR_PTR(err);
1617 }
1618 return skb;
1619}
1620
5e59b791
LAD		 1621static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1622 struct msghdr *msg, size_t len,
1623 u32 priority)
1c2acffb 1624{
8c1d787b 1625 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1626 struct sk_buff *skb;
1627 int err, count, hlen = L2CAP_HDR_SIZE;
1628 struct l2cap_hdr *lh;
1629
6d5922b0 1630 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1631
1632 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1633
1634 skb = chan->ops->alloc_skb(chan, count + hlen,
1635 msg->msg_flags & MSG_DONTWAIT, &err);
1636
1c2acffb 1637 if (!skb)
0175d629 1638 return ERR_PTR(err);
1c2acffb 1639
5e59b791
LAD		 1640 skb->priority = priority;
1641
1c2acffb
GP		 1642 /* Create L2CAP header */
1643 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1644 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1645 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1646
0952a57a 1647 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1648 if (unlikely(err < 0)) {
1649 kfree_skb(skb);
1650 return ERR_PTR(err);
1651 }
1652 return skb;
1653}
1654
ab0ff76d
LAD		 1655static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1656 struct msghdr *msg, size_t len,
88843ab0 1657 u32 control, u16 sdulen)
1c2acffb 1658{
8c1d787b 1659 struct l2cap_conn *conn = chan->conn;
1c2acffb 1660 struct sk_buff *skb;
e4ca6d98 1661 int err, count, hlen;
1c2acffb
GP		 1662 struct l2cap_hdr *lh;
1663
6d5922b0 1664 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1665
0ee0d208
GP		 1666 if (!conn)
1667 return ERR_PTR(-ENOTCONN);
1668
e4ca6d98
AE		 1669 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1670 hlen = L2CAP_EXT_HDR_SIZE;
1671 else
1672 hlen = L2CAP_ENH_HDR_SIZE;
1673
c74e560c 1674 if (sdulen)
03a51213 1675 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1676
47d1ec61 1677 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1678 hlen += L2CAP_FCS_SIZE;
fcc203c3 1679
1c2acffb 1680 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1681
1682 skb = chan->ops->alloc_skb(chan, count + hlen,
1683 msg->msg_flags & MSG_DONTWAIT, &err);
1684
1c2acffb 1685 if (!skb)
0175d629 1686 return ERR_PTR(err);
1c2acffb
GP		 1687
1688 /* Create L2CAP header */
1689 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1690 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1691 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1692
1693 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1694
c74e560c 1695 if (sdulen)
03a51213 1696 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1697
0952a57a 1698 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1699 if (unlikely(err < 0)) {
1700 kfree_skb(skb);
1701 return ERR_PTR(err);
1702 }
e90bac06 1703
47d1ec61 1704 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1705 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1706
e90bac06 1707 bt_cb(skb)->retries = 0;
1c2acffb 1708 return skb;
1da177e4
LT		 1709}
1710
67c9e840 1711static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1712{
c74e560c
GP		 1713 struct sk_buff *skb;
1714 struct sk_buff_head sar_queue;
88843ab0 1715 u32 control;
c74e560c
GP		 1716 size_t size = 0;
1717
ff12fd64 1718 skb_queue_head_init(&sar_queue);
7e0ef6ee 1719 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1720 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1721 if (IS_ERR(skb))
1722 return PTR_ERR(skb);
1723
1724 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1725 len -= chan->remote_mps;
1726 size += chan->remote_mps;
c74e560c
GP		 1727
1728 while (len > 0) {
1729 size_t buflen;
1730
2c03a7a4 1731 if (len > chan->remote_mps) {
7e0ef6ee 1732 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1733 buflen = chan->remote_mps;
c74e560c 1734 } else {
7e0ef6ee 1735 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1736 buflen = len;
1737 }
1738
47d1ec61 1739 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1740 if (IS_ERR(skb)) {
1741 skb_queue_purge(&sar_queue);
1742 return PTR_ERR(skb);
1743 }
1744
1745 __skb_queue_tail(&sar_queue, skb);
1746 len -= buflen;
1747 size += buflen;
c74e560c 1748 }
58d35f87
GP		 1749 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1750 if (chan->tx_send_head == NULL)
1751 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1752
1753 return size;
1754}
1755
5e59b791
LAD		 1756int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1757 u32 priority)
9a91a04a 1758{
9a91a04a 1759 struct sk_buff *skb;
88843ab0 1760 u32 control;
9a91a04a
GP		 1761 int err;
1762
1763 /* Connectionless channel */
715ec005 1764 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1765 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1766 if (IS_ERR(skb))
1767 return PTR_ERR(skb);
1768
1769 l2cap_do_send(chan, skb);
1770 return len;
1771 }
1772
1773 switch (chan->mode) {
1774 case L2CAP_MODE_BASIC:
1775 /* Check outgoing MTU */
1776 if (len > chan->omtu)
1777 return -EMSGSIZE;
1778
1779 /* Create a basic PDU */
5e59b791 1780 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1781 if (IS_ERR(skb))
1782 return PTR_ERR(skb);
1783
1784 l2cap_do_send(chan, skb);
1785 err = len;
1786 break;
1787
1788 case L2CAP_MODE_ERTM:
1789 case L2CAP_MODE_STREAMING:
1790 /* Entire SDU fits into one PDU */
1791 if (len <= chan->remote_mps) {
7e0ef6ee 1792 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1793 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1794 0);
1795 if (IS_ERR(skb))
1796 return PTR_ERR(skb);
1797
1798 __skb_queue_tail(&chan->tx_q, skb);
1799
1800 if (chan->tx_send_head == NULL)
1801 chan->tx_send_head = skb;
1802
1803 } else {
1804 /* Segment SDU into multiples PDUs */
1805 err = l2cap_sar_segment_sdu(chan, msg, len);
1806 if (err < 0)
1807 return err;
1808 }
1809
1810 if (chan->mode == L2CAP_MODE_STREAMING) {
1811 l2cap_streaming_send(chan);
1812 err = len;
1813 break;
1814 }
1815
e2ab4353
GP		 1816 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1817 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1818 err = len;
1819 break;
1820 }
1821
1822 err = l2cap_ertm_send(chan);
1823 if (err >= 0)
1824 err = len;
1825
1826 break;
1827
1828 default:
1829 BT_DBG("bad state %1.1x", chan->mode);
1830 err = -EBADFD;
1831 }
1832
1833 return err;
1834}
1835
1da177e4
LT		 1836/* Copy frame to all raw sockets on that connection */
1837static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1838{
1da177e4 1839 struct sk_buff *nskb;
48454079 1840 struct l2cap_chan *chan;
1da177e4
LT		 1841
1842 BT_DBG("conn %p", conn);
1843
3df91ea2 1844 mutex_lock(&conn->chan_lock);
3d57dc68 1845
3df91ea2 1846 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1847 struct sock *sk = chan->sk;
715ec005 1848 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1849 continue;
1850
1851 /* Don't send frame to the socket it came from */
1852 if (skb->sk == sk)
1853 continue;
af05b30b
GP		 1854 nskb = skb_clone(skb, GFP_ATOMIC);
1855 if (!nskb)
1da177e4
LT		 1856 continue;
1857
23070494 1858 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1859 kfree_skb(nskb);
1860 }
3d57dc68 1861
3df91ea2 1862 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1863}
1864
1865/* ---- L2CAP signalling commands ---- */
1866static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1867 u8 code, u8 ident, u16 dlen, void *data)
1868{
1869 struct sk_buff *skb, **frag;
1870 struct l2cap_cmd_hdr *cmd;
1871 struct l2cap_hdr *lh;
1872 int len, count;
1873
af05b30b
GP		 1874 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1875 conn, code, ident, dlen);
1da177e4
LT		 1876
1877 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1878 count = min_t(unsigned int, conn->mtu, len);
1879
1880 skb = bt_skb_alloc(count, GFP_ATOMIC);
1881 if (!skb)
1882 return NULL;
1883
1884 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1885 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1886
1887 if (conn->hcon->type == LE_LINK)
1888 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1889 else
1890 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1891
1892 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1893 cmd->code = code;
1894 cmd->ident = ident;
aca3192c 1895 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1896
1897 if (dlen) {
1898 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1899 memcpy(skb_put(skb, count), data, count);
1900 data += count;
1901 }
1902
1903 len -= skb->len;
1904
1905 /* Continuation fragments (no L2CAP header) */
1906 frag = &skb_shinfo(skb)->frag_list;
1907 while (len) {
1908 count = min_t(unsigned int, conn->mtu, len);
1909
1910 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1911 if (!*frag)
1912 goto fail;
1913
1914 memcpy(skb_put(*frag, count), data, count);
1915
1916 len -= count;
1917 data += count;
1918
1919 frag = &(*frag)->next;
1920 }
1921
1922 return skb;
1923
1924fail:
1925 kfree_skb(skb);
1926 return NULL;
1927}
1928
1929static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1930{
1931 struct l2cap_conf_opt *opt = *ptr;
1932 int len;
1933
1934 len = L2CAP_CONF_OPT_SIZE + opt->len;
1935 *ptr += len;
1936
1937 *type = opt->type;
1938 *olen = opt->len;
1939
1940 switch (opt->len) {
1941 case 1:
1942 *val = *((u8 *) opt->val);
1943 break;
1944
1945 case 2:
bfaaeb3e 1946 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1947 break;
1948
1949 case 4:
bfaaeb3e 1950 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1951 break;
1952
1953 default:
1954 *val = (unsigned long) opt->val;
1955 break;
1956 }
1957
1958 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1959 return len;
1960}
1961
1da177e4
LT		 1962static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1963{
1964 struct l2cap_conf_opt *opt = *ptr;
1965
1966 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1967
1968 opt->type = type;
1969 opt->len = len;
1970
1971 switch (len) {
1972 case 1:
1973 *((u8 *) opt->val) = val;
1974 break;
1975
1976 case 2:
4f8b691c 1977 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1978 break;
1979
1980 case 4:
4f8b691c 1981 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1982 break;
1983
1984 default:
1985 memcpy(opt->val, (void *) val, len);
1986 break;
1987 }
1988
1989 *ptr += L2CAP_CONF_OPT_SIZE + len;
1990}
1991
f89cef09
AE		 1992static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1993{
1994 struct l2cap_conf_efs efs;
1995
1ec918ce 1996 switch (chan->mode) {
f89cef09
AE		 1997 case L2CAP_MODE_ERTM:
1998 efs.id = chan->local_id;
1999 efs.stype = chan->local_stype;
2000 efs.msdu = cpu_to_le16(chan->local_msdu);
2001 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2002 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2003 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2004 break;
2005
2006 case L2CAP_MODE_STREAMING:
2007 efs.id = 1;
2008 efs.stype = L2CAP_SERV_BESTEFFORT;
2009 efs.msdu = cpu_to_le16(chan->local_msdu);
2010 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2011 efs.acc_lat = 0;
2012 efs.flush_to = 0;
2013 break;
2014
2015 default:
2016 return;
2017 }
2018
2019 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2020 (unsigned long) &efs);
2021}
2022
721c4181 2023static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2024{
721c4181
GP		 2025 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2026 ack_timer.work);
c1b4f43b 2027
2fb9b3d4
GP		 2028 BT_DBG("chan %p", chan);
2029
6be36555
AE		 2030 l2cap_chan_lock(chan);
2031
b17e73bb 2032 __l2cap_send_ack(chan);
6be36555
AE		 2033
2034 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2035
2036 l2cap_chan_put(chan);
c1b4f43b
GP		 2037}
2038
525cd185 2039static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2040{
42e5c802 2041 chan->expected_ack_seq = 0;
6a026610 2042 chan->unacked_frames = 0;
42e5c802 2043 chan->buffer_seq = 0;
6a026610
GP		 2044 chan->num_acked = 0;
2045 chan->frames_sent = 0;
0565c1c2 2046
721c4181
GP		 2047 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2048 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2049 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2050
f1c6775b 2051 skb_queue_head_init(&chan->srej_q);
1890d36b 2052
39d5a3ee 2053 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2054}
2055
f2fcfcd6
GP		 2056static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2057{
2058 switch (mode) {
2059 case L2CAP_MODE_STREAMING:
2060 case L2CAP_MODE_ERTM:
2061 if (l2cap_mode_supported(mode, remote_feat_mask))
2062 return mode;
2063 /* fall through */
2064 default:
2065 return L2CAP_MODE_BASIC;
2066 }
2067}
2068
6327eb98
AE		 2069static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2070{
2071 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2072}
2073
f89cef09
AE		 2074static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2075{
2076 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2077}
2078
6327eb98
AE		 2079static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2080{
2081 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2082 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2083 /* use extended control field */
2084 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2085 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2086 } else {
6327eb98
AE		 2087 chan->tx_win = min_t(u16, chan->tx_win,
2088 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2089 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2090 }
6327eb98
AE		 2091}
2092
710f9b0a 2093static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2094{
1da177e4 2095 struct l2cap_conf_req *req = data;
0c1bc5c6 2096 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2097 void *ptr = req->data;
c8f79162 2098 u16 size;
1da177e4 2099
49208c9c 2100 BT_DBG("chan %p", chan);
1da177e4 2101
73ffa904 2102 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2103 goto done;
2104
0c1bc5c6 2105 switch (chan->mode) {
f2fcfcd6
GP		 2106 case L2CAP_MODE_STREAMING:
2107 case L2CAP_MODE_ERTM:
c1360a1c 2108 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2109 break;
85eb53c6 2110
f89cef09
AE		 2111 if (__l2cap_efs_supported(chan))
2112 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2113
2ba13ed6 2114 /* fall through */
f2fcfcd6 2115 default:
8c1d787b 2116 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2117 break;
2118 }
2119
2120done:
0c1bc5c6
GP		 2121 if (chan->imtu != L2CAP_DEFAULT_MTU)
2122 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2123
0c1bc5c6 2124 switch (chan->mode) {
65c7c491 2125 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2126 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2127 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2128 break;
2129
62547752
GP		 2130 rfc.mode = L2CAP_MODE_BASIC;
2131 rfc.txwin_size = 0;
2132 rfc.max_transmit = 0;
2133 rfc.retrans_timeout = 0;
2134 rfc.monitor_timeout = 0;
2135 rfc.max_pdu_size = 0;
2136
63406504
GP		 2137 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2138 (unsigned long) &rfc);
65c7c491
MH		 2139 break;
2140
2141 case L2CAP_MODE_ERTM:
2142 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2143 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2144 rfc.retrans_timeout = 0;
2145 rfc.monitor_timeout = 0;
c8f79162
AE		 2146
2147 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2148 L2CAP_EXT_HDR_SIZE -
2149 L2CAP_SDULEN_SIZE -
2150 L2CAP_FCS_SIZE);
2151 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2152
6327eb98
AE		 2153 l2cap_txwin_setup(chan);
2154
2155 rfc.txwin_size = min_t(u16, chan->tx_win,
2156 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2157
63406504
GP		 2158 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2159 (unsigned long) &rfc);
2160
f89cef09
AE		 2161 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2162 l2cap_add_opt_efs(&ptr, chan);
2163
8c1d787b 2164 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2165 break;
2166
47d1ec61 2167 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2168 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2169 chan->fcs = L2CAP_FCS_NONE;
2170 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2171 }
6327eb98
AE		 2172
2173 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2174 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2175 chan->tx_win);
f2fcfcd6
GP		 2176 break;
2177
2178 case L2CAP_MODE_STREAMING:
2179 rfc.mode = L2CAP_MODE_STREAMING;
2180 rfc.txwin_size = 0;
2181 rfc.max_transmit = 0;
2182 rfc.retrans_timeout = 0;
2183 rfc.monitor_timeout = 0;
c8f79162
AE		 2184
2185 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2186 L2CAP_EXT_HDR_SIZE -
2187 L2CAP_SDULEN_SIZE -
2188 L2CAP_FCS_SIZE);
2189 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2190
63406504
GP		 2191 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2192 (unsigned long) &rfc);
2193
f89cef09
AE		 2194 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2195 l2cap_add_opt_efs(&ptr, chan);
2196
8c1d787b 2197 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2198 break;
2199
47d1ec61 2200 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2201 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2202 chan->fcs = L2CAP_FCS_NONE;
2203 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2204 }
65c7c491
MH		 2205 break;
2206 }
1da177e4 2207
fe4128e0 2208 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2209 req->flags = cpu_to_le16(0);
1da177e4
LT		 2210
2211 return ptr - data;
2212}
2213
73ffa904 2214static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2215{
5dee9e7c
MH		 2216 struct l2cap_conf_rsp *rsp = data;
2217 void *ptr = rsp->data;
73ffa904
GP		 2218 void *req = chan->conf_req;
2219 int len = chan->conf_len;
5dee9e7c
MH		 2220 int type, hint, olen;
2221 unsigned long val;
6464f35f 2222 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2223 struct l2cap_conf_efs efs;
2224 u8 remote_efs = 0;
861d6882 2225 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2226 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2227 u16 size;
1da177e4 2228
73ffa904 2229 BT_DBG("chan %p", chan);
820ae1b8 2230
5dee9e7c
MH		 2231 while (len >= L2CAP_CONF_OPT_SIZE) {
2232 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2233
589d2746 2234 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2235 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2236
2237 switch (type) {
2238 case L2CAP_CONF_MTU:
861d6882 2239 mtu = val;
5dee9e7c
MH		 2240 break;
2241
2242 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2243 chan->flush_to = val;
5dee9e7c
MH		 2244 break;
2245
2246 case L2CAP_CONF_QOS:
2247 break;
2248
6464f35f
MH		 2249 case L2CAP_CONF_RFC:
2250 if (olen == sizeof(rfc))
2251 memcpy(&rfc, (void *) val, olen);
2252 break;
2253
fcc203c3
GP		 2254 case L2CAP_CONF_FCS:
2255 if (val == L2CAP_FCS_NONE)
c1360a1c 2256 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2257 break;
fcc203c3 2258
42dceae2
AE		 2259 case L2CAP_CONF_EFS:
2260 remote_efs = 1;
2261 if (olen == sizeof(efs))
2262 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2263 break;
2264
6327eb98
AE		 2265 case L2CAP_CONF_EWS:
2266 if (!enable_hs)
2267 return -ECONNREFUSED;
fcc203c3 2268
6327eb98
AE		 2269 set_bit(FLAG_EXT_CTRL, &chan->flags);
2270 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2271 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2272 chan->remote_tx_win = val;
fcc203c3
GP		 2273 break;
2274
5dee9e7c
MH		 2275 default:
2276 if (hint)
2277 break;
2278
2279 result = L2CAP_CONF_UNKNOWN;
2280 *((u8 *) ptr++) = type;
2281 break;
2282 }
2283 }
2284
73ffa904 2285 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2286 goto done;
2287
0c1bc5c6 2288 switch (chan->mode) {
f2fcfcd6
GP		 2289 case L2CAP_MODE_STREAMING:
2290 case L2CAP_MODE_ERTM:
c1360a1c 2291 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2292 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2293 chan->conn->feat_mask);
85eb53c6
GP		 2294 break;
2295 }
2296
42dceae2
AE		 2297 if (remote_efs) {
2298 if (__l2cap_efs_supported(chan))
2299 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2300 else
2301 return -ECONNREFUSED;
2302 }
2303
0c1bc5c6 2304 if (chan->mode != rfc.mode)
f2fcfcd6 2305 return -ECONNREFUSED;
742e519b 2306
f2fcfcd6 2307 break;
f2fcfcd6
GP		 2308 }
2309
2310done:
0c1bc5c6 2311 if (chan->mode != rfc.mode) {
f2fcfcd6 2312 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2313 rfc.mode = chan->mode;
f2fcfcd6 2314
73ffa904 2315 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2316 return -ECONNREFUSED;
2317
2318 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2319 sizeof(rfc), (unsigned long) &rfc);
2320 }
2321
5dee9e7c
MH		 2322 if (result == L2CAP_CONF_SUCCESS) {
2323 /* Configure output options and let the other side know
2324 * which ones we don't like. */
2325
f2fcfcd6
GP		 2326 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2327 result = L2CAP_CONF_UNACCEPT;
2328 else {
0c1bc5c6 2329 chan->omtu = mtu;
c1360a1c 2330 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2331 }
0c1bc5c6 2332 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2333
42dceae2
AE		 2334 if (remote_efs) {
2335 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2336 efs.stype != L2CAP_SERV_NOTRAFIC &&
2337 efs.stype != chan->local_stype) {
2338
2339 result = L2CAP_CONF_UNACCEPT;
2340
2341 if (chan->num_conf_req >= 1)
2342 return -ECONNREFUSED;
2343
2344 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2345 sizeof(efs),
42dceae2 2346 (unsigned long) &efs);
0e8b207e 2347 } else {
3e6b3b95 2348 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2349 result = L2CAP_CONF_PENDING;
2350 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2351 }
2352 }
2353
f2fcfcd6
GP		 2354 switch (rfc.mode) {
2355 case L2CAP_MODE_BASIC:
47d1ec61 2356 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2357 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2358 break;
2359
2360 case L2CAP_MODE_ERTM:
6327eb98
AE		 2361 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2362 chan->remote_tx_win = rfc.txwin_size;
2363 else
2364 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2365
2c03a7a4 2366 chan->remote_max_tx = rfc.max_transmit;
1c762159 2367
c8f79162
AE		 2368 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2369 chan->conn->mtu -
2370 L2CAP_EXT_HDR_SIZE -
2371 L2CAP_SDULEN_SIZE -
2372 L2CAP_FCS_SIZE);
2373 rfc.max_pdu_size = cpu_to_le16(size);
2374 chan->remote_mps = size;
f2fcfcd6 2375
10467e9e
GP		 2376 rfc.retrans_timeout =
2377 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2378 rfc.monitor_timeout =
2379 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2380
c1360a1c 2381 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2382
2383 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2384 sizeof(rfc), (unsigned long) &rfc);
2385
42dceae2
AE		 2386 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2387 chan->remote_id = efs.id;
2388 chan->remote_stype = efs.stype;
2389 chan->remote_msdu = le16_to_cpu(efs.msdu);
2390 chan->remote_flush_to =
2391 le32_to_cpu(efs.flush_to);
2392 chan->remote_acc_lat =
2393 le32_to_cpu(efs.acc_lat);
2394 chan->remote_sdu_itime =
2395 le32_to_cpu(efs.sdu_itime);
2396 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2397 sizeof(efs), (unsigned long) &efs);
2398 }
f2fcfcd6
GP		 2399 break;
2400
2401 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2402 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2403 chan->conn->mtu -
2404 L2CAP_EXT_HDR_SIZE -
2405 L2CAP_SDULEN_SIZE -
2406 L2CAP_FCS_SIZE);
2407 rfc.max_pdu_size = cpu_to_le16(size);
2408 chan->remote_mps = size;
f2fcfcd6 2409
c1360a1c 2410 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2411
2412 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2413 sizeof(rfc), (unsigned long) &rfc);
2414
f2fcfcd6
GP		 2415 break;
2416
2417 default:
5dee9e7c 2418 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2419
6464f35f 2420 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2421 rfc.mode = chan->mode;
f2fcfcd6 2422 }
6464f35f 2423
f2fcfcd6 2424 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2425 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2426 }
fe4128e0 2427 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2428 rsp->result = cpu_to_le16(result);
2429 rsp->flags = cpu_to_le16(0x0000);
2430
2431 return ptr - data;
1da177e4
LT		 2432}
2433
b4450035 2434static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2435{
f2fcfcd6
GP		 2436 struct l2cap_conf_req *req = data;
2437 void *ptr = req->data;
2438 int type, olen;
2439 unsigned long val;
36e999a8 2440 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2441 struct l2cap_conf_efs efs;
f2fcfcd6 2442
fe4128e0 2443 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2444
2445 while (len >= L2CAP_CONF_OPT_SIZE) {
2446 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2447
2448 switch (type) {
2449 case L2CAP_CONF_MTU:
2450 if (val < L2CAP_DEFAULT_MIN_MTU) {
2451 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2452 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2453 } else
0c1bc5c6
GP		 2454 chan->imtu = val;
2455 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2456 break;
2457
2458 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2459 chan->flush_to = val;
f2fcfcd6 2460 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2461 2, chan->flush_to);
f2fcfcd6
GP		 2462 break;
2463
2464 case L2CAP_CONF_RFC:
2465 if (olen == sizeof(rfc))
2466 memcpy(&rfc, (void *)val, olen);
2467
c1360a1c 2468 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2469 rfc.mode != chan->mode)
f2fcfcd6
GP		 2470 return -ECONNREFUSED;
2471
47d1ec61 2472 chan->fcs = 0;
f2fcfcd6
GP		 2473
2474 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2475 sizeof(rfc), (unsigned long) &rfc);
2476 break;
6327eb98
AE		 2477
2478 case L2CAP_CONF_EWS:
2479 chan->tx_win = min_t(u16, val,
2480 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2481 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2482 chan->tx_win);
6327eb98 2483 break;
66af7aaf
AE		 2484
2485 case L2CAP_CONF_EFS:
2486 if (olen == sizeof(efs))
2487 memcpy(&efs, (void *)val, olen);
2488
2489 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2490 efs.stype != L2CAP_SERV_NOTRAFIC &&
2491 efs.stype != chan->local_stype)
2492 return -ECONNREFUSED;
2493
2494 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2495 sizeof(efs), (unsigned long) &efs);
2496 break;
f2fcfcd6
GP		 2497 }
2498 }
2499
0c1bc5c6 2500 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2501 return -ECONNREFUSED;
2502
0c1bc5c6 2503 chan->mode = rfc.mode;
6c2ea7a8 2504
0e8b207e 2505 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2506 switch (rfc.mode) {
2507 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2508 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2509 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2510 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2511
2512 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2513 chan->local_msdu = le16_to_cpu(efs.msdu);
2514 chan->local_sdu_itime =
2515 le32_to_cpu(efs.sdu_itime);
2516 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2517 chan->local_flush_to =
2518 le32_to_cpu(efs.flush_to);
2519 }
f2fcfcd6 2520 break;
66af7aaf 2521
f2fcfcd6 2522 case L2CAP_MODE_STREAMING:
47d1ec61 2523 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2524 }
2525 }
2526
fe4128e0 2527 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2528 req->flags = cpu_to_le16(0x0000);
2529
2530 return ptr - data;
2531}
2532
fe4128e0 2533static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2534{
2535 struct l2cap_conf_rsp *rsp = data;
2536 void *ptr = rsp->data;
1da177e4 2537
fe4128e0 2538 BT_DBG("chan %p", chan);
1da177e4 2539
fe4128e0 2540 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2541 rsp->result = cpu_to_le16(result);
aca3192c 2542 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2543
2544 return ptr - data;
2545}
2546
8c1d787b 2547void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2548{
2549 struct l2cap_conn_rsp rsp;
8c1d787b 2550 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2551 u8 buf[128];
2552
fe4128e0
GP		 2553 rsp.scid = cpu_to_le16(chan->dcid);
2554 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2555 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2556 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2557 l2cap_send_cmd(conn, chan->ident,
2558 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2559
c1360a1c 2560 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2561 return;
2562
710f9b0a
GP		 2563 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2564 l2cap_build_conf_req(chan, buf), buf);
2565 chan->num_conf_req++;
2566}
2567
47d1ec61 2568static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2569{
7b1c0049
GP		 2570 int type, olen;
2571 unsigned long val;
2572 struct l2cap_conf_rfc rfc;
2573
47d1ec61 2574 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2575
0c1bc5c6 2576 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2577 return;
2578
2579 while (len >= L2CAP_CONF_OPT_SIZE) {
2580 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2581
2582 switch (type) {
2583 case L2CAP_CONF_RFC:
2584 if (olen == sizeof(rfc))
2585 memcpy(&rfc, (void *)val, olen);
2586 goto done;
2587 }
2588 }
2589
36e999a8
MM		 2590 /* Use sane default values in case a misbehaving remote device
2591 * did not send an RFC option.
2592 */
2593 rfc.mode = chan->mode;
2594 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2595 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2596 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2597
2598 BT_ERR("Expected RFC option was not found, using defaults");
2599
7b1c0049
GP		 2600done:
2601 switch (rfc.mode) {
2602 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2603 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2604 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2605 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2606 break;
2607 case L2CAP_MODE_STREAMING:
47d1ec61 2608 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2609 }
2610}
2611
4e8402a3
MH		 2612static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2613{
e2fd318e 2614 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2615
e2fd318e 2616 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2617 return 0;
2618
2619 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2620 cmd->ident == conn->info_ident) {
17cd3f37 2621 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2622
2623 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2624 conn->info_ident = 0;
984947dc 2625
4e8402a3
MH		 2626 l2cap_conn_start(conn);
2627 }
2628
2629 return 0;
2630}
2631
1da177e4
LT		 2632static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2633{
1da177e4
LT		 2634 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2635 struct l2cap_conn_rsp rsp;
23691d75 2636 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2637 struct sock *parent, *sk = NULL;
e7c29cb1 2638 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2639
2640 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2641 __le16 psm = req->psm;
1da177e4
LT		 2642
2643 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2644
2645 /* Check if we have socket listening on psm */
23691d75
GP		 2646 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2647 if (!pchan) {
1da177e4
LT		 2648 result = L2CAP_CR_BAD_PSM;
2649 goto sendresp;
2650 }
2651
23691d75
GP		 2652 parent = pchan->sk;
2653
3df91ea2 2654 mutex_lock(&conn->chan_lock);
aa2ac881 2655 lock_sock(parent);
e0f0cb56 2656
e7c29cb1
MH		 2657 /* Check if the ACL is secure enough (if not SDP) */
2658 if (psm != cpu_to_le16(0x0001) &&
2659 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2660 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2661 result = L2CAP_CR_SEC_BLOCK;
2662 goto response;
2663 }
2664
1da177e4
LT		 2665 result = L2CAP_CR_NO_MEM;
2666
2667 /* Check for backlog size */
2668 if (sk_acceptq_is_full(parent)) {
8e87d142 2669 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2670 goto response;
2671 }
2672
80808e43
GP		 2673 chan = pchan->ops->new_connection(pchan->data);
2674 if (!chan)
1da177e4
LT		 2675 goto response;
2676
80808e43
GP		 2677 sk = chan->sk;
2678
1da177e4 2679 /* Check if we already have channel with that dcid */
baa7e1fa 2680 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2681 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2682 chan->ops->close(chan->data);
1da177e4
LT		 2683 goto response;
2684 }
2685
2686 hci_conn_hold(conn->hcon);
2687
1da177e4
LT		 2688 bacpy(&bt_sk(sk)->src, conn->src);
2689 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2690 chan->psm = psm;
2691 chan->dcid = scid;
1da177e4 2692
d1010240
GP		 2693 bt_accept_enqueue(parent, sk);
2694
6be36555 2695 __l2cap_chan_add(conn, chan);
48454079 2696
fe4128e0 2697 dcid = chan->scid;
1da177e4 2698
c9b66675 2699 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2700
fc7f8a7e 2701 chan->ident = cmd->ident;
1da177e4 2702
984947dc 2703 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2704 if (l2cap_chan_check_security(chan)) {
f66dc81f 2705 if (bt_sk(sk)->defer_setup) {
0e587be7 2706 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2707 result = L2CAP_CR_PEND;
2708 status = L2CAP_CS_AUTHOR_PEND;
2709 parent->sk_data_ready(parent, 0);
2710 } else {
0e587be7 2711 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2712 result = L2CAP_CR_SUCCESS;
2713 status = L2CAP_CS_NO_INFO;
2714 }
79d554a6 2715 } else {
0e587be7 2716 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2717 result = L2CAP_CR_PEND;
2718 status = L2CAP_CS_AUTHEN_PEND;
2719 }
2720 } else {
0e587be7 2721 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2722 result = L2CAP_CR_PEND;
2723 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2724 }
2725
1da177e4 2726response:
aa2ac881 2727 release_sock(parent);
3df91ea2 2728 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2729
2730sendresp:
aca3192c
YH		 2731 rsp.scid = cpu_to_le16(scid);
2732 rsp.dcid = cpu_to_le16(dcid);
2733 rsp.result = cpu_to_le16(result);
2734 rsp.status = cpu_to_le16(status);
1da177e4 2735 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2736
2737 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2738 struct l2cap_info_req info;
2739 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2740
2741 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2742 conn->info_ident = l2cap_get_ident(conn);
2743
030013d8 2744 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 2745 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2746
2747 l2cap_send_cmd(conn, conn->info_ident,
2748 L2CAP_INFO_REQ, sizeof(info), &info);
2749 }
2750
c1360a1c 2751 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2752 result == L2CAP_CR_SUCCESS) {
2753 u8 buf[128];
c1360a1c 2754 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2755 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2756 l2cap_build_conf_req(chan, buf), buf);
2757 chan->num_conf_req++;
e9aeb2dd
GP		 2758 }
2759
1da177e4
LT		 2760 return 0;
2761}
2762
2763static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2764{
2765 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2766 u16 scid, dcid, result, status;
48454079 2767 struct l2cap_chan *chan;
1da177e4 2768 u8 req[128];
3df91ea2 2769 int err;
1da177e4
LT		 2770
2771 scid = __le16_to_cpu(rsp->scid);
2772 dcid = __le16_to_cpu(rsp->dcid);
2773 result = __le16_to_cpu(rsp->result);
2774 status = __le16_to_cpu(rsp->status);
2775
1b009c98
AE		 2776 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2777 dcid, scid, result, status);
1da177e4 2778
3df91ea2
AE		 2779 mutex_lock(&conn->chan_lock);
2780
1da177e4 2781 if (scid) {
3df91ea2
AE		 2782 chan = __l2cap_get_chan_by_scid(conn, scid);
2783 if (!chan) {
2784 err = -EFAULT;
2785 goto unlock;
2786 }
1da177e4 2787 } else {
3df91ea2
AE		 2788 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2789 if (!chan) {
2790 err = -EFAULT;
2791 goto unlock;
2792 }
1da177e4
LT		 2793 }
2794
3df91ea2
AE		 2795 err = 0;
2796
6be36555 2797 l2cap_chan_lock(chan);
48454079 2798
1da177e4
LT		 2799 switch (result) {
2800 case L2CAP_CR_SUCCESS:
89bc500e 2801 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2802 chan->ident = 0;
fe4128e0 2803 chan->dcid = dcid;
c1360a1c 2804 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2805
c1360a1c 2806 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2807 break;
2808
1da177e4 2809 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2810 l2cap_build_conf_req(chan, req), req);
2811 chan->num_conf_req++;
1da177e4
LT		 2812 break;
2813
2814 case L2CAP_CR_PEND:
c1360a1c 2815 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2816 break;
2817
2818 default:
48454079 2819 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2820 break;
2821 }
2822
6be36555 2823 l2cap_chan_unlock(chan);
3df91ea2
AE		 2824
2825unlock:
2826 mutex_unlock(&conn->chan_lock);
2827
2828 return err;
1da177e4
LT		 2829}
2830
47d1ec61 2831static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2832{
2833 /* FCS is enabled only in ERTM or streaming mode, if one or both
2834 * sides request it.
2835 */
0c1bc5c6 2836 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2837 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2838 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2839 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2840}
2841
88219a0f 2842static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2843{
2844 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2845 u16 dcid, flags;
2846 u8 rsp[64];
48454079 2847 struct l2cap_chan *chan;
5dee9e7c 2848 int len;
1da177e4
LT		 2849
2850 dcid = __le16_to_cpu(req->dcid);
2851 flags = __le16_to_cpu(req->flags);
2852
2853 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2854
baa7e1fa 2855 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2856 if (!chan)
1da177e4
LT		 2857 return -ENOENT;
2858
6be36555 2859 l2cap_chan_lock(chan);
48454079 2860
033b1142 2861 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2862 struct l2cap_cmd_rej_cid rej;
2863
2864 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2865 rej.scid = cpu_to_le16(chan->scid);
2866 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2867
df6bd743
GP		 2868 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2869 sizeof(rej), &rej);
354f60a9 2870 goto unlock;
df6bd743 2871 }
354f60a9 2872
5dee9e7c 2873 /* Reject if config buffer is too small. */
88219a0f 2874 len = cmd_len - sizeof(*req);
7ac28817 2875 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2876 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2877 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2878 L2CAP_CONF_REJECT, flags), rsp);
2879 goto unlock;
2880 }
2881
2882 /* Store config. */
73ffa904
GP		 2883 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2884 chan->conf_len += len;
1da177e4
LT		 2885
2886 if (flags & 0x0001) {
2887 /* Incomplete config. Send empty response. */
2888 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2889 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2890 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2891 goto unlock;
2892 }
2893
2894 /* Complete config. */
73ffa904 2895 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2896 if (len < 0) {
e92c8e70 2897 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2898 goto unlock;
f2fcfcd6 2899 }
1da177e4 2900
5dee9e7c 2901 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2902 chan->num_conf_rsp++;
5dee9e7c 2903
5dee9e7c 2904 /* Reset config buffer. */
73ffa904 2905 chan->conf_len = 0;
5dee9e7c 2906
c1360a1c 2907 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2908 goto unlock;
2909
c1360a1c 2910 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2911 set_default_fcs(chan);
fcc203c3 2912
89bc500e 2913 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2914
42e5c802
GP		 2915 chan->next_tx_seq = 0;
2916 chan->expected_tx_seq = 0;
58d35f87 2917 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2918 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2919 l2cap_ertm_init(chan);
0565c1c2 2920
cf4cd009 2921 l2cap_chan_ready(chan);
876d9484
MH		 2922 goto unlock;
2923 }
2924
c1360a1c 2925 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2926 u8 buf[64];
1da177e4 2927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2928 l2cap_build_conf_req(chan, buf), buf);
2929 chan->num_conf_req++;
1da177e4
LT		 2930 }
2931
0e8b207e
AE		 2932 /* Got Conf Rsp PENDING from remote side and asume we sent
2933 Conf Rsp PENDING in the code above */
2934 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2935 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2936
2937 /* check compatibility */
2938
2939 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2940 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2941
2942 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2943 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2944 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2945 }
2946
1da177e4 2947unlock:
6be36555 2948 l2cap_chan_unlock(chan);
1da177e4
LT		 2949 return 0;
2950}
2951
2952static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2953{
2954 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2955 u16 scid, flags, result;
48454079 2956 struct l2cap_chan *chan;
7b1c0049 2957 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2958
2959 scid = __le16_to_cpu(rsp->scid);
2960 flags = __le16_to_cpu(rsp->flags);
2961 result = __le16_to_cpu(rsp->result);
2962
af05b30b
GP		 2963 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2964 scid, flags, result);
1da177e4 2965
baa7e1fa 2966 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2967 if (!chan)
1da177e4
LT		 2968 return 0;
2969
6be36555 2970 l2cap_chan_lock(chan);
48454079 2971
1da177e4
LT		 2972 switch (result) {
2973 case L2CAP_CONF_SUCCESS:
47d1ec61 2974 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2975 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2976 break;
2977
0e8b207e
AE		 2978 case L2CAP_CONF_PENDING:
2979 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2980
2981 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2982 char buf[64];
2983
2984 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2985 buf, &result);
2986 if (len < 0) {
2987 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2988 goto done;
2989 }
2990
2991 /* check compatibility */
2992
2993 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2994 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2995
2996 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2997 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 2998 L2CAP_CONF_SUCCESS, 0x0000), buf);
2999 }
3000 goto done;
3001
1da177e4 3002 case L2CAP_CONF_UNACCEPT:
73ffa904 3003 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3004 char req[64];
3005
c2c77ec8 3006 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3007 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3008 goto done;
3009 }
3010
f2fcfcd6
GP		 3011 /* throw out any old stored conf requests */
3012 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3013 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3014 req, &result);
f2fcfcd6 3015 if (len < 0) {
e92c8e70 3016 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3017 goto done;
3018 }
3019
3020 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3021 L2CAP_CONF_REQ, len, req);
73ffa904 3022 chan->num_conf_req++;
f2fcfcd6
GP		 3023 if (result != L2CAP_CONF_SUCCESS)
3024 goto done;
3025 break;
1da177e4
LT		 3026 }
3027
8e87d142 3028 default:
6be36555 3029 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3030
b83ddfe2
AK		 3031 __set_chan_timer(chan,
3032 msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT));
e92c8e70 3033 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3034 goto done;
3035 }
3036
3037 if (flags & 0x01)
3038 goto done;
3039
c1360a1c 3040 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3041
c1360a1c 3042 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3043 set_default_fcs(chan);
fcc203c3 3044
89bc500e 3045 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3046 chan->next_tx_seq = 0;
3047 chan->expected_tx_seq = 0;
58d35f87 3048 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3049 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3050 l2cap_ertm_init(chan);
0565c1c2 3051
cf4cd009 3052 l2cap_chan_ready(chan);
1da177e4
LT		 3053 }
3054
3055done:
6be36555 3056 l2cap_chan_unlock(chan);
1da177e4
LT		 3057 return 0;
3058}
3059
3060static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3061{
3062 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3063 struct l2cap_disconn_rsp rsp;
3064 u16 dcid, scid;
48454079 3065 struct l2cap_chan *chan;
1da177e4
LT		 3066 struct sock *sk;
3067
3068 scid = __le16_to_cpu(req->scid);
3069 dcid = __le16_to_cpu(req->dcid);
3070
3071 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3072
3df91ea2
AE		 3073 mutex_lock(&conn->chan_lock);
3074
3075 chan = __l2cap_get_chan_by_scid(conn, dcid);
3076 if (!chan) {
3077 mutex_unlock(&conn->chan_lock);
1da177e4 3078 return 0;
3df91ea2 3079 }
1da177e4 3080
6be36555
AE		 3081 l2cap_chan_lock(chan);
3082
48454079
GP		 3083 sk = chan->sk;
3084
fe4128e0
GP		 3085 rsp.dcid = cpu_to_le16(chan->scid);
3086 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3087 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3088
6be36555 3089 lock_sock(sk);
1da177e4 3090 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3091 release_sock(sk);
1da177e4 3092
48454079 3093 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3094
3095 l2cap_chan_unlock(chan);
1da177e4 3096
ba3bd0ee 3097 chan->ops->close(chan->data);
3df91ea2
AE		 3098
3099 mutex_unlock(&conn->chan_lock);
3100
1da177e4
LT		 3101 return 0;
3102}
3103
3104static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3105{
3106 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3107 u16 dcid, scid;
48454079 3108 struct l2cap_chan *chan;
1da177e4
LT		 3109
3110 scid = __le16_to_cpu(rsp->scid);
3111 dcid = __le16_to_cpu(rsp->dcid);
3112
3113 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3114
3df91ea2
AE		 3115 mutex_lock(&conn->chan_lock);
3116
3117 chan = __l2cap_get_chan_by_scid(conn, scid);
3118 if (!chan) {
3119 mutex_unlock(&conn->chan_lock);
1da177e4 3120 return 0;
3df91ea2 3121 }
1da177e4 3122
6be36555 3123 l2cap_chan_lock(chan);
48454079 3124
48454079 3125 l2cap_chan_del(chan, 0);
6be36555
AE		 3126
3127 l2cap_chan_unlock(chan);
1da177e4 3128
ba3bd0ee 3129 chan->ops->close(chan->data);
3df91ea2
AE		 3130
3131 mutex_unlock(&conn->chan_lock);
3132
1da177e4
LT		 3133 return 0;
3134}
3135
3136static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3137{
3138 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3139 u16 type;
3140
3141 type = __le16_to_cpu(req->type);
3142
3143 BT_DBG("type 0x%4.4x", type);
3144
f0709e03
MH		 3145 if (type == L2CAP_IT_FEAT_MASK) {
3146 u8 buf[8];
44dd46de 3147 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3148 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3149 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3150 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3151 if (!disable_ertm)
fcc203c3
GP		 3152 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3153 | L2CAP_FEAT_FCS;
a5fd6f30 3154 if (enable_hs)
6327eb98
AE		 3155 feat_mask |= L2CAP_FEAT_EXT_FLOW
3156 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3157
1b7bf4ed 3158 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3159 l2cap_send_cmd(conn, cmd->ident,
3160 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3161 } else if (type == L2CAP_IT_FIXED_CHAN) {
3162 u8 buf[12];
3163 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3164
3165 if (enable_hs)
3166 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3167 else
3168 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3169
e1027a7c
MH		 3170 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3171 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3172 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3173 l2cap_send_cmd(conn, cmd->ident,
3174 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3175 } else {
3176 struct l2cap_info_rsp rsp;
3177 rsp.type = cpu_to_le16(type);
3178 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3179 l2cap_send_cmd(conn, cmd->ident,
3180 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3181 }
1da177e4
LT		 3182
3183 return 0;
3184}
3185
3186static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3187{
3188 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3189 u16 type, result;
3190
3191 type = __le16_to_cpu(rsp->type);
3192 result = __le16_to_cpu(rsp->result);
3193
3194 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3195
e90165be
AE		 3196 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3197 if (cmd->ident != conn->info_ident ||
3198 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3199 return 0;
3200
17cd3f37 3201 cancel_delayed_work(&conn->info_timer);
4e8402a3 3202
adb08ede
VT		 3203 if (result != L2CAP_IR_SUCCESS) {
3204 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3205 conn->info_ident = 0;
3206
3207 l2cap_conn_start(conn);
3208
3209 return 0;
3210 }
3211
978c93b9
AE		 3212 switch (type) {
3213 case L2CAP_IT_FEAT_MASK:
83985319 3214 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3215
47ec1dcd 3216 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3217 struct l2cap_info_req req;
3218 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3219
3220 conn->info_ident = l2cap_get_ident(conn);
3221
3222 l2cap_send_cmd(conn, conn->info_ident,
3223 L2CAP_INFO_REQ, sizeof(req), &req);
3224 } else {
3225 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3226 conn->info_ident = 0;
3227
3228 l2cap_conn_start(conn);
3229 }
978c93b9
AE		 3230 break;
3231
3232 case L2CAP_IT_FIXED_CHAN:
3233 conn->fixed_chan_mask = rsp->data[0];
984947dc 3234 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3235 conn->info_ident = 0;
984947dc
MH		 3236
3237 l2cap_conn_start(conn);
978c93b9 3238 break;
984947dc 3239 }
4e8402a3 3240
1da177e4
LT		 3241 return 0;
3242}
3243
f94ff6ff
MM		 3244static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3245 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3246 void *data)
3247{
3248 struct l2cap_create_chan_req *req = data;
3249 struct l2cap_create_chan_rsp rsp;
3250 u16 psm, scid;
3251
3252 if (cmd_len != sizeof(*req))
3253 return -EPROTO;
3254
3255 if (!enable_hs)
3256 return -EINVAL;
3257
3258 psm = le16_to_cpu(req->psm);
3259 scid = le16_to_cpu(req->scid);
3260
3261 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3262
3263 /* Placeholder: Always reject */
3264 rsp.dcid = 0;
3265 rsp.scid = cpu_to_le16(scid);
3266 rsp.result = L2CAP_CR_NO_MEM;
3267 rsp.status = L2CAP_CS_NO_INFO;
3268
3269 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3270 sizeof(rsp), &rsp);
3271
3272 return 0;
3273}
3274
3275static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3276 struct l2cap_cmd_hdr *cmd, void *data)
3277{
3278 BT_DBG("conn %p", conn);
3279
3280 return l2cap_connect_rsp(conn, cmd, data);
3281}
3282
8d5a04a1
MM		 3283static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3284 u16 icid, u16 result)
3285{
3286 struct l2cap_move_chan_rsp rsp;
3287
3288 BT_DBG("icid %d, result %d", icid, result);
3289
3290 rsp.icid = cpu_to_le16(icid);
3291 rsp.result = cpu_to_le16(result);
3292
3293 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3294}
3295
3296static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3297 struct l2cap_chan *chan, u16 icid, u16 result)
3298{
3299 struct l2cap_move_chan_cfm cfm;
3300 u8 ident;
3301
3302 BT_DBG("icid %d, result %d", icid, result);
3303
3304 ident = l2cap_get_ident(conn);
3305 if (chan)
3306 chan->ident = ident;
3307
3308 cfm.icid = cpu_to_le16(icid);
3309 cfm.result = cpu_to_le16(result);
3310
3311 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3312}
3313
3314static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3315 u16 icid)
3316{
3317 struct l2cap_move_chan_cfm_rsp rsp;
3318
3319 BT_DBG("icid %d", icid);
3320
3321 rsp.icid = cpu_to_le16(icid);
3322 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3323}
3324
3325static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3326 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3327{
3328 struct l2cap_move_chan_req *req = data;
3329 u16 icid = 0;
3330 u16 result = L2CAP_MR_NOT_ALLOWED;
3331
3332 if (cmd_len != sizeof(*req))
3333 return -EPROTO;
3334
3335 icid = le16_to_cpu(req->icid);
3336
3337 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3338
3339 if (!enable_hs)
3340 return -EINVAL;
3341
3342 /* Placeholder: Always refuse */
3343 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3344
3345 return 0;
3346}
3347
3348static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3349 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3350{
3351 struct l2cap_move_chan_rsp *rsp = data;
3352 u16 icid, result;
3353
3354 if (cmd_len != sizeof(*rsp))
3355 return -EPROTO;
3356
3357 icid = le16_to_cpu(rsp->icid);
3358 result = le16_to_cpu(rsp->result);
3359
3360 BT_DBG("icid %d, result %d", icid, result);
3361
3362 /* Placeholder: Always unconfirmed */
3363 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3364
3365 return 0;
3366}
3367
3368static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3369 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3370{
3371 struct l2cap_move_chan_cfm *cfm = data;
3372 u16 icid, result;
3373
3374 if (cmd_len != sizeof(*cfm))
3375 return -EPROTO;
3376
3377 icid = le16_to_cpu(cfm->icid);
3378 result = le16_to_cpu(cfm->result);
3379
3380 BT_DBG("icid %d, result %d", icid, result);
3381
3382 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3383
3384 return 0;
3385}
3386
3387static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3388 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3389{
3390 struct l2cap_move_chan_cfm_rsp *rsp = data;
3391 u16 icid;
3392
3393 if (cmd_len != sizeof(*rsp))
3394 return -EPROTO;
3395
3396 icid = le16_to_cpu(rsp->icid);
3397
3398 BT_DBG("icid %d", icid);
3399
3400 return 0;
3401}
3402
e2174ca4 3403static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3404 u16 to_multiplier)
3405{
3406 u16 max_latency;
3407
3408 if (min > max || min < 6 || max > 3200)
3409 return -EINVAL;
3410
3411 if (to_multiplier < 10 || to_multiplier > 3200)
3412 return -EINVAL;
3413
3414 if (max >= to_multiplier * 8)
3415 return -EINVAL;
3416
3417 max_latency = (to_multiplier * 8 / max) - 1;
3418 if (latency > 499 || latency > max_latency)
3419 return -EINVAL;
3420
3421 return 0;
3422}
3423
3424static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3425 struct l2cap_cmd_hdr *cmd, u8 *data)
3426{
3427 struct hci_conn *hcon = conn->hcon;
3428 struct l2cap_conn_param_update_req *req;
3429 struct l2cap_conn_param_update_rsp rsp;
3430 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3431 int err;
de73115a
CT		 3432
3433 if (!(hcon->link_mode & HCI_LM_MASTER))
3434 return -EINVAL;
3435
3436 cmd_len = __le16_to_cpu(cmd->len);
3437 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3438 return -EPROTO;
3439
3440 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3441 min = __le16_to_cpu(req->min);
3442 max = __le16_to_cpu(req->max);
de73115a
CT		 3443 latency = __le16_to_cpu(req->latency);
3444 to_multiplier = __le16_to_cpu(req->to_multiplier);
3445
3446 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3447 min, max, latency, to_multiplier);
3448
3449 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3450
3451 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3452 if (err)
de73115a
CT		 3453 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3454 else
3455 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3456
3457 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3458 sizeof(rsp), &rsp);
3459
2ce603eb
CT		 3460 if (!err)
3461 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3462
de73115a
CT		 3463 return 0;
3464}
3465
3300d9a9
CT		 3466static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3467 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3468{
3469 int err = 0;
3470
3471 switch (cmd->code) {
3472 case L2CAP_COMMAND_REJ:
3473 l2cap_command_rej(conn, cmd, data);
3474 break;
3475
3476 case L2CAP_CONN_REQ:
3477 err = l2cap_connect_req(conn, cmd, data);
3478 break;
3479
3480 case L2CAP_CONN_RSP:
3481 err = l2cap_connect_rsp(conn, cmd, data);
3482 break;
3483
3484 case L2CAP_CONF_REQ:
3485 err = l2cap_config_req(conn, cmd, cmd_len, data);
3486 break;
3487
3488 case L2CAP_CONF_RSP:
3489 err = l2cap_config_rsp(conn, cmd, data);
3490 break;
3491
3492 case L2CAP_DISCONN_REQ:
3493 err = l2cap_disconnect_req(conn, cmd, data);
3494 break;
3495
3496 case L2CAP_DISCONN_RSP:
3497 err = l2cap_disconnect_rsp(conn, cmd, data);
3498 break;
3499
3500 case L2CAP_ECHO_REQ:
3501 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3502 break;
3503
3504 case L2CAP_ECHO_RSP:
3505 break;
3506
3507 case L2CAP_INFO_REQ:
3508 err = l2cap_information_req(conn, cmd, data);
3509 break;
3510
3511 case L2CAP_INFO_RSP:
3512 err = l2cap_information_rsp(conn, cmd, data);
3513 break;
3514
f94ff6ff
MM		 3515 case L2CAP_CREATE_CHAN_REQ:
3516 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3517 break;
3518
3519 case L2CAP_CREATE_CHAN_RSP:
3520 err = l2cap_create_channel_rsp(conn, cmd, data);
3521 break;
3522
8d5a04a1
MM		 3523 case L2CAP_MOVE_CHAN_REQ:
3524 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3525 break;
3526
3527 case L2CAP_MOVE_CHAN_RSP:
3528 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3529 break;
3530
3531 case L2CAP_MOVE_CHAN_CFM:
3532 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3533 break;
3534
3535 case L2CAP_MOVE_CHAN_CFM_RSP:
3536 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3537 break;
3538
3300d9a9
CT		 3539 default:
3540 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3541 err = -EINVAL;
3542 break;
3543 }
3544
3545 return err;
3546}
3547
3548static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3549 struct l2cap_cmd_hdr *cmd, u8 *data)
3550{
3551 switch (cmd->code) {
3552 case L2CAP_COMMAND_REJ:
3553 return 0;
3554
3555 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3556 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3557
3558 case L2CAP_CONN_PARAM_UPDATE_RSP:
3559 return 0;
3560
3561 default:
3562 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3563 return -EINVAL;
3564 }
3565}
3566
3567static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3568 struct sk_buff *skb)
1da177e4
LT		 3569{
3570 u8 *data = skb->data;
3571 int len = skb->len;
3572 struct l2cap_cmd_hdr cmd;
3300d9a9 3573 int err;
1da177e4
LT		 3574
3575 l2cap_raw_recv(conn, skb);
3576
3577 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3578 u16 cmd_len;
1da177e4
LT		 3579 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3580 data += L2CAP_CMD_HDR_SIZE;
3581 len -= L2CAP_CMD_HDR_SIZE;
3582
88219a0f 3583 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3584
88219a0f 3585 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3586
88219a0f 3587 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3588 BT_DBG("corrupted command");
3589 break;
3590 }
3591
3300d9a9
CT		 3592 if (conn->hcon->type == LE_LINK)
3593 err = l2cap_le_sig_cmd(conn, &cmd, data);
3594 else
3595 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3596
3597 if (err) {
e2fd318e 3598 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3599
3600 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3601
3602 /* FIXME: Map err to a valid reason */
e2fd318e 3603 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3604 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3605 }
3606
88219a0f
AV		 3607 data += cmd_len;
3608 len -= cmd_len;
1da177e4
LT		 3609 }
3610
3611 kfree_skb(skb);
3612}
3613
47d1ec61 3614static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3615{
3616 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3617 int hdr_size;
3618
3619 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3620 hdr_size = L2CAP_EXT_HDR_SIZE;
3621 else
3622 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3623
47d1ec61 3624 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3625 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3626 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3627 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3628
3629 if (our_fcs != rcv_fcs)
7a560e5c 3630 return -EBADMSG;
fcc203c3
GP		 3631 }
3632 return 0;
3633}
3634
525cd185 3635static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3636{
88843ab0 3637 u32 control = 0;
d5392c8f 3638
6a026610 3639 chan->frames_sent = 0;
d5392c8f 3640
0b209fae 3641 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3642
e2ab4353 3643 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3644 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3645 l2cap_send_sframe(chan, control);
e2ab4353 3646 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3647 }
3648
e2ab4353 3649 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3650 l2cap_retransmit_frames(chan);
d5392c8f 3651
525cd185 3652 l2cap_ertm_send(chan);
d5392c8f 3653
e2ab4353 3654 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3655 chan->frames_sent == 0) {
ab784b73 3656 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3657 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3658 }
3659}
3660
fb45de7d 3661static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3662{
3663 struct sk_buff *next_skb;
bfbacc11 3664 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3665
3666 bt_cb(skb)->tx_seq = tx_seq;
3667 bt_cb(skb)->sar = sar;
3668
f1c6775b 3669 next_skb = skb_peek(&chan->srej_q);
8f17154f 3670
836be934 3671 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3672
039d9572 3673 while (next_skb) {
9b53350d
JPRV		 3674 if (bt_cb(next_skb)->tx_seq == tx_seq)
3675 return -EINVAL;
3676
836be934
AE		 3677 next_tx_seq_offset = __seq_offset(chan,
3678 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3679
3680 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3681 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3682 return 0;
8f17154f
GP		 3683 }
3684
f1c6775b 3685 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3686 next_skb = NULL;
3687 else
3688 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3689 }
8f17154f 3690
f1c6775b 3691 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3692
3693 return 0;
8f17154f
GP		 3694}
3695
84084a31
MM		 3696static void append_skb_frag(struct sk_buff *skb,
3697 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3698{
84084a31
MM		 3699 /* skb->len reflects data in skb as well as all fragments
3700 * skb->data_len reflects only data in fragments
3701 */
3702 if (!skb_has_frag_list(skb))
3703 skb_shinfo(skb)->frag_list = new_frag;
3704
3705 new_frag->next = NULL;
3706
3707 (*last_frag)->next = new_frag;
3708 *last_frag = new_frag;
3709
3710 skb->len += new_frag->len;
3711 skb->data_len += new_frag->len;
3712 skb->truesize += new_frag->truesize;
3713}
3714
88843ab0 3715static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3716{
3717 int err = -EINVAL;
18778a63 3718
7e0ef6ee
AE		 3719 switch (__get_ctrl_sar(chan, control)) {
3720 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3721 if (chan->sdu)
3722 break;
18778a63 3723
84084a31
MM		 3724 err = chan->ops->recv(chan->data, skb);
3725 break;
18778a63 3726
7e0ef6ee 3727 case L2CAP_SAR_START:
84084a31
MM		 3728 if (chan->sdu)
3729 break;
18778a63 3730
6f61fd47 3731 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3732 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3733
84084a31
MM		 3734 if (chan->sdu_len > chan->imtu) {
3735 err = -EMSGSIZE;
3736 break;
3737 }
1890d36b 3738
84084a31
MM		 3739 if (skb->len >= chan->sdu_len)
3740 break;
18778a63 3741
84084a31
MM		 3742 chan->sdu = skb;
3743 chan->sdu_last_frag = skb;
18778a63 3744
84084a31
MM		 3745 skb = NULL;
3746 err = 0;
18778a63
GP		 3747 break;
3748
7e0ef6ee 3749 case L2CAP_SAR_CONTINUE:
6f61fd47 3750 if (!chan->sdu)
84084a31 3751 break;
18778a63 3752
84084a31
MM		 3753 append_skb_frag(chan->sdu, skb,
3754 &chan->sdu_last_frag);
3755 skb = NULL;
18778a63 3756
84084a31
MM		 3757 if (chan->sdu->len >= chan->sdu_len)
3758 break;
4178ba46 3759
84084a31 3760 err = 0;
18778a63
GP		 3761 break;
3762
7e0ef6ee 3763 case L2CAP_SAR_END:
6f61fd47 3764 if (!chan->sdu)
84084a31 3765 break;
18778a63 3766
84084a31
MM		 3767 append_skb_frag(chan->sdu, skb,
3768 &chan->sdu_last_frag);
3769 skb = NULL;
4178ba46 3770
84084a31
MM		 3771 if (chan->sdu->len != chan->sdu_len)
3772 break;
18778a63 3773
84084a31 3774 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3775
84084a31
MM		 3776 if (!err) {
3777 /* Reassembly complete */
3778 chan->sdu = NULL;
3779 chan->sdu_last_frag = NULL;
3780 chan->sdu_len = 0;
1890d36b 3781 }
18778a63
GP		 3782 break;
3783 }
3784
84084a31
MM		 3785 if (err) {
3786 kfree_skb(skb);
3787 kfree_skb(chan->sdu);
3788 chan->sdu = NULL;
3789 chan->sdu_last_frag = NULL;
3790 chan->sdu_len = 0;
3791 }
18778a63 3792
84084a31 3793 return err;
18778a63
GP		 3794}
3795
26f880d2 3796static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3797{
26f880d2 3798 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3799
26f880d2
MM		 3800 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3801
77f918bc 3802 __set_ack_timer(chan);
26f880d2
MM		 3803}
3804
3805static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3806{
88843ab0 3807 u32 control;
712132eb 3808
e2ab4353 3809 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3810 goto done;
3811
0b209fae 3812 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3813 control |= __set_ctrl_poll(chan);
ab784b73 3814 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3815 l2cap_send_sframe(chan, control);
6a026610 3816 chan->retry_count = 1;
712132eb 3817
1a09bcb9
GP		 3818 __clear_retrans_timer(chan);
3819 __set_monitor_timer(chan);
712132eb 3820
e2ab4353 3821 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3822
3823done:
e2ab4353
GP		 3824 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3825 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3826
49208c9c 3827 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3828}
3829
e328140f 3830void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3831{
e328140f
MM		 3832 if (chan->mode == L2CAP_MODE_ERTM) {
3833 if (busy)
3834 l2cap_ertm_enter_local_busy(chan);
3835 else
3836 l2cap_ertm_exit_local_busy(chan);
1890d36b 3837 }
1890d36b
GP		 3838}
3839
fb45de7d 3840static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3841{
3842 struct sk_buff *skb;
88843ab0 3843 u32 control;
8f17154f 3844
e328140f
MM		 3845 while ((skb = skb_peek(&chan->srej_q)) &&
3846 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3847 int err;
3848
8f17154f
GP		 3849 if (bt_cb(skb)->tx_seq != tx_seq)
3850 break;
3851
f1c6775b 3852 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3853 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3854 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3855
3856 if (err < 0) {
3857 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3858 break;
3859 }
3860
836be934
AE		 3861 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3862 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3863 }
3864}
3865
fb45de7d 3866static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3867{
8f17154f 3868 struct srej_list *l, *tmp;
88843ab0 3869 u32 control;
8f17154f 3870
39d5a3ee 3871 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3872 if (l->tx_seq == tx_seq) {
3873 list_del(&l->list);
3874 kfree(l);
3875 return;
3876 }
ab784b73 3877 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3878 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3879 l2cap_send_sframe(chan, control);
8f17154f 3880 list_del(&l->list);
39d5a3ee 3881 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3882 }
3883}
3884
aef89f21 3885static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3886{
8f17154f 3887 struct srej_list *new;
88843ab0 3888 u32 control;
8f17154f 3889
42e5c802 3890 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3891 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3892 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3893 l2cap_send_sframe(chan, control);
8f17154f
GP		 3894
3895 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3896 if (!new)
3897 return -ENOMEM;
3898
42e5c802 3899 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3900
3901 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3902
39d5a3ee 3903 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3904 }
836be934
AE		 3905
3906 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3907
3908 return 0;
8f17154f
GP		 3909}
3910
88843ab0 3911static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3912{
fb45de7d 3913 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3914 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3915 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3916 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3917 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3918 int err = 0;
3919
88843ab0 3920 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3921 tx_seq, rx_control);
1c2acffb 3922
03f6715d 3923 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3924 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3925 __clear_monitor_timer(chan);
6a026610 3926 if (chan->unacked_frames > 0)
1a09bcb9 3927 __set_retrans_timer(chan);
e2ab4353 3928 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3929 }
3930
42e5c802
GP		 3931 chan->expected_ack_seq = req_seq;
3932 l2cap_drop_acked_frames(chan);
9f121a5a 3933
836be934 3934 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3935
3936 /* invalid tx_seq */
47d1ec61 3937 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3938 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3939 goto drop;
3940 }
3941
77f918bc
SJ		 3942 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3943 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3944 l2cap_send_ack(chan);
1890d36b 3945 goto drop;
77f918bc 3946 }
1890d36b 3947
02f1b641
MM		 3948 if (tx_seq == chan->expected_tx_seq)
3949 goto expected;
3950
e2ab4353 3951 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3952 struct srej_list *first;
30afb5b2 3953
39d5a3ee 3954 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3955 struct srej_list, list);
3956 if (tx_seq == first->tx_seq) {
42e5c802 3957 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3958 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3959
3960 list_del(&first->list);
3961 kfree(first);
3962
39d5a3ee 3963 if (list_empty(&chan->srej_l)) {
42e5c802 3964 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3965 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3966 l2cap_send_ack(chan);
49208c9c 3967 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3968 }
3969 } else {
3970 struct srej_list *l;
9b53350d
JPRV		 3971
3972 /* duplicated tx_seq */
42e5c802 3973 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3974 goto drop;
8f17154f 3975
39d5a3ee 3976 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3977 if (l->tx_seq == tx_seq) {
525cd185 3978 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3979 return 0;
3980 }
3981 }
aef89f21
SJ		 3982
3983 err = l2cap_send_srejframe(chan, tx_seq);
3984 if (err < 0) {
3985 l2cap_send_disconn_req(chan->conn, chan, -err);
3986 return err;
3987 }
30afb5b2
GP		 3988 }
3989 } else {
836be934
AE		 3990 expected_tx_seq_offset = __seq_offset(chan,
3991 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3992
3993 /* duplicated tx_seq */
3994 if (tx_seq_offset < expected_tx_seq_offset)
3995 goto drop;
3996
e2ab4353 3997 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3998
49208c9c 3999 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4000
39d5a3ee 4001 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4002 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4003
f1c6775b 4004 __skb_queue_head_init(&chan->srej_q);
42e5c802 4005 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4006
0ef3ef0f
SJ		 4007 /* Set P-bit only if there are some I-frames to ack. */
4008 if (__clear_ack_timer(chan))
4009 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4010
aef89f21
SJ		 4011 err = l2cap_send_srejframe(chan, tx_seq);
4012 if (err < 0) {
4013 l2cap_send_disconn_req(chan->conn, chan, -err);
4014 return err;
4015 }
1c2acffb 4016 }
30afb5b2
GP		 4017 return 0;
4018
8f17154f 4019expected:
836be934 4020 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4021
e2ab4353 4022 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4023 bt_cb(skb)->tx_seq = tx_seq;
4024 bt_cb(skb)->sar = sar;
f1c6775b 4025 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4026 return 0;
4027 }
4028
84084a31 4029 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4030 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4031
e328140f
MM		 4032 if (err < 0) {
4033 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4034 return err;
4035 }
2ece3684 4036
03f6715d 4037 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4038 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4039 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4040 }
4041
c1b4f43b 4042
6a026610
GP		 4043 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4044 if (chan->num_acked == num_to_ack - 1)
525cd185 4045 l2cap_send_ack(chan);
4d611e4d
GP		 4046 else
4047 __set_ack_timer(chan);
9e917af1 4048
8f17154f 4049 return 0;
9b53350d
JPRV		 4050
4051drop:
4052 kfree_skb(skb);
4053 return 0;
1c2acffb
GP		 4054}
4055
88843ab0 4056static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4057{
88843ab0 4058 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4059 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4060
0b209fae 4061 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4062 l2cap_drop_acked_frames(chan);
1c2acffb 4063
e3781735 4064 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4065 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4066 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4067 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4068 (chan->unacked_frames > 0))
1a09bcb9 4069 __set_retrans_timer(chan);
05fbd89d 4070
e2ab4353 4071 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4072 l2cap_send_srejtail(chan);
05fbd89d 4073 } else {
525cd185 4074 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4075 }
1d8f5d16 4076
03f6715d 4077 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4078 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4079
e2ab4353 4080 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4081 l2cap_retransmit_frames(chan);
2246b2f1 4082
e072745f 4083 } else {
e2ab4353 4084 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4085 (chan->unacked_frames > 0))
1a09bcb9 4086 __set_retrans_timer(chan);
1c2acffb 4087
e2ab4353
GP		 4088 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4089 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4090 l2cap_send_ack(chan);
894718a6 4091 else
525cd185 4092 l2cap_ertm_send(chan);
e072745f
GP		 4093 }
4094}
2246b2f1 4095
88843ab0 4096static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4097{
0b209fae 4098 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4099
88843ab0 4100 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4101
e2ab4353 4102 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4103
42e5c802
GP		 4104 chan->expected_ack_seq = tx_seq;
4105 l2cap_drop_acked_frames(chan);
e072745f 4106
03f6715d 4107 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4108 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4109 l2cap_retransmit_frames(chan);
e072745f 4110 } else {
525cd185 4111 l2cap_retransmit_frames(chan);
30afb5b2 4112
e2ab4353
GP		 4113 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4114 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4115 }
4116}
88843ab0 4117static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4118{
0b209fae 4119 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4120
88843ab0 4121 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4122
e2ab4353 4123 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4124
e3781735 4125 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4126 chan->expected_ack_seq = tx_seq;
4127 l2cap_drop_acked_frames(chan);
3cb123d1 4128
e2ab4353 4129 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4130 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4131
525cd185 4132 l2cap_ertm_send(chan);
dfc909be 4133
e2ab4353 4134 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4135 chan->srej_save_reqseq = tx_seq;
e2ab4353 4136 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4137 }
03f6715d 4138 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4139 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4140 chan->srej_save_reqseq == tx_seq)
e2ab4353 4141 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4142 else
525cd185 4143 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4144 } else {
525cd185 4145 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4146 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4147 chan->srej_save_reqseq = tx_seq;
e2ab4353 4148 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4149 }
e072745f
GP		 4150 }
4151}
4152
88843ab0 4153static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4154{
0b209fae 4155 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4156
88843ab0 4157 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4158
e2ab4353 4159 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4160 chan->expected_ack_seq = tx_seq;
4161 l2cap_drop_acked_frames(chan);
e072745f 4162
e3781735 4163 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4164 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4165
e2ab4353 4166 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4167 __clear_retrans_timer(chan);
e3781735 4168 if (__is_ctrl_poll(chan, rx_control))
525cd185 4169 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4170 return;
e072745f 4171 }
99b0d4b7 4172
e3781735 4173 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4174 l2cap_send_srejtail(chan);
ab784b73
AE		 4175 } else {
4176 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4177 l2cap_send_sframe(chan, rx_control);
4178 }
e072745f
GP		 4179}
4180
88843ab0 4181static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4182{
88843ab0 4183 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4184
03f6715d 4185 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4186 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4187 __clear_monitor_timer(chan);
6a026610 4188 if (chan->unacked_frames > 0)
1a09bcb9 4189 __set_retrans_timer(chan);
e2ab4353 4190 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4191 }
4192
ab784b73
AE		 4193 switch (__get_ctrl_super(chan, rx_control)) {
4194 case L2CAP_SUPER_RR:
525cd185 4195 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4196 break;
4197
ab784b73 4198 case L2CAP_SUPER_REJ:
525cd185 4199 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4200 break;
2246b2f1 4201
ab784b73 4202 case L2CAP_SUPER_SREJ:
525cd185 4203 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4204 break;
4205
ab784b73 4206 case L2CAP_SUPER_RNR:
525cd185 4207 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4208 break;
4209 }
4210
faaebd19 4211 kfree_skb(skb);
1c2acffb
GP		 4212 return 0;
4213}
4214
cad8f1d0 4215static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4216{
88843ab0 4217 u32 control;
0b209fae 4218 u16 req_seq;
218bb9df
GP		 4219 int len, next_tx_seq_offset, req_seq_offset;
4220
88843ab0
AE		 4221 control = __get_control(chan, skb->data);
4222 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4223 len = skb->len;
4224
4225 /*
4226 * We can just drop the corrupted I-frame here.
4227 * Receiver will miss it and start proper recovery
4228 * procedures and ask retransmission.
4229 */
47d1ec61 4230 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4231 goto drop;
4232
793c2f1c 4233 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4234 len -= L2CAP_SDULEN_SIZE;
218bb9df 4235
47d1ec61 4236 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4237 len -= L2CAP_FCS_SIZE;
218bb9df 4238
47d1ec61 4239 if (len > chan->mps) {
8c1d787b 4240 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4241 goto drop;
4242 }
4243
0b209fae 4244 req_seq = __get_reqseq(chan, control);
218bb9df 4245
836be934
AE		 4246 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4247
4248 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4249 chan->expected_ack_seq);
218bb9df
GP		 4250
4251 /* check for invalid req-seq */
4252 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4253 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4254 goto drop;
4255 }
4256
793c2f1c 4257 if (!__is_sframe(chan, control)) {
218bb9df 4258 if (len < 0) {
8c1d787b 4259 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4260 goto drop;
4261 }
4262
525cd185 4263 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4264 } else {
4265 if (len != 0) {
4266 BT_ERR("%d", len);
8c1d787b 4267 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4268 goto drop;
4269 }
4270
525cd185 4271 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4272 }
4273
4274 return 0;
4275
4276drop:
4277 kfree_skb(skb);
4278 return 0;
4279}
4280
1da177e4
LT		 4281static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4282{
48454079 4283 struct l2cap_chan *chan;
88843ab0 4284 u32 control;
fb45de7d 4285 u16 tx_seq;
218bb9df 4286 int len;
1da177e4 4287
baa7e1fa 4288 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4289 if (!chan) {
1da177e4 4290 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4291 /* Drop packet and return */
3379013b 4292 kfree_skb(skb);
6be36555 4293 return 0;
1da177e4
LT		 4294 }
4295
6be36555 4296 l2cap_chan_lock(chan);
6840ed07 4297
49208c9c 4298 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4299
89bc500e 4300 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4301 goto drop;
4302
0c1bc5c6 4303 switch (chan->mode) {
1c2acffb
GP		 4304 case L2CAP_MODE_BASIC:
4305 /* If socket recv buffers overflows we drop data here
4306 * which is *bad* because L2CAP has to be reliable.
4307 * But we don't have any other choice. L2CAP doesn't
4308 * provide flow control mechanism. */
1da177e4 4309
0c1bc5c6 4310 if (chan->imtu < skb->len)
1c2acffb 4311 goto drop;
1da177e4 4312
23070494 4313 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4314 goto done;
4315 break;
4316
4317 case L2CAP_MODE_ERTM:
5ef8cb9e 4318 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4319
fcafde2e 4320 goto done;
1c2acffb 4321
6840ed07 4322 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4323 control = __get_control(chan, skb->data);
4324 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4325 len = skb->len;
4326
47d1ec61 4327 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4328 goto drop;
4329
7e0ef6ee 4330 if (__is_sar_start(chan, control))
03a51213 4331 len -= L2CAP_SDULEN_SIZE;
6840ed07 4332
47d1ec61 4333 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4334 len -= L2CAP_FCS_SIZE;
fcc203c3 4335
793c2f1c 4336 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4337 goto drop;
4338
fb45de7d 4339 tx_seq = __get_txseq(chan, control);
6840ed07 4340
84084a31
MM		 4341 if (chan->expected_tx_seq != tx_seq) {
4342 /* Frame(s) missing - must discard partial SDU */
4343 kfree_skb(chan->sdu);
4344 chan->sdu = NULL;
4345 chan->sdu_last_frag = NULL;
4346 chan->sdu_len = 0;
6840ed07 4347
84084a31
MM		 4348 /* TODO: Notify userland of missing data */
4349 }
4350
836be934 4351 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4352
4353 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4354 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4355
4356 goto done;
4357
1c2acffb 4358 default:
0c1bc5c6 4359 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4360 break;
4361 }
1da177e4
LT		 4362
4363drop:
4364 kfree_skb(skb);
4365
4366done:
6be36555 4367 l2cap_chan_unlock(chan);
0139418c 4368
1da177e4
LT		 4369 return 0;
4370}
4371
8e036fc3 4372static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4373{
23691d75 4374 struct l2cap_chan *chan;
1da177e4 4375
23691d75
GP		 4376 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4377 if (!chan)
1da177e4
LT		 4378 goto drop;
4379
5b4cedaa 4380 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4381
89bc500e 4382 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4383 goto drop;
4384
e13e21dc 4385 if (chan->imtu < skb->len)
1da177e4
LT		 4386 goto drop;
4387
23070494 4388 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4389 return 0;
1da177e4
LT		 4390
4391drop:
4392 kfree_skb(skb);
4393
1da177e4
LT		 4394 return 0;
4395}
4396
9f69bda6
GP		 4397static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4398{
23691d75 4399 struct l2cap_chan *chan;
9f69bda6 4400
23691d75
GP		 4401 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4402 if (!chan)
9f69bda6
GP		 4403 goto drop;
4404
5b4cedaa 4405 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 4406
89bc500e 4407 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4408 goto drop;
4409
e13e21dc 4410 if (chan->imtu < skb->len)
9f69bda6
GP		 4411 goto drop;
4412
23070494 4413 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4414 return 0;
9f69bda6
GP		 4415
4416drop:
4417 kfree_skb(skb);
4418
9f69bda6
GP		 4419 return 0;
4420}
4421
1da177e4
LT		 4422static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4423{
4424 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4425 u16 cid, len;
4426 __le16 psm;
1da177e4
LT		 4427
4428 skb_pull(skb, L2CAP_HDR_SIZE);
4429 cid = __le16_to_cpu(lh->cid);
4430 len = __le16_to_cpu(lh->len);
4431
1c2acffb
GP		 4432 if (len != skb->len) {
4433 kfree_skb(skb);
4434 return;
4435 }
4436
1da177e4
LT		 4437 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4438
4439 switch (cid) {
3300d9a9 4440 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4441 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4442 l2cap_sig_channel(conn, skb);
4443 break;
4444
8db4dc46 4445 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4446 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4447 skb_pull(skb, 2);
4448 l2cap_conless_channel(conn, psm, skb);
4449 break;
4450
9f69bda6
GP		 4451 case L2CAP_CID_LE_DATA:
4452 l2cap_att_channel(conn, cid, skb);
4453 break;
4454
b501d6a1
AB		 4455 case L2CAP_CID_SMP:
4456 if (smp_sig_channel(conn, skb))
4457 l2cap_conn_del(conn->hcon, EACCES);
4458 break;
4459
1da177e4
LT		 4460 default:
4461 l2cap_data_channel(conn, cid, skb);
4462 break;
4463 }
4464}
4465
4466/* ---- L2CAP interface with lower layer (HCI) ---- */
4467
686ebf28 4468int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4469{
4470 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4471 struct l2cap_chan *c;
1da177e4 4472
1da177e4
LT		 4473 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4474
4475 /* Find listening sockets and check their link_mode */
23691d75
GP		 4476 read_lock(&chan_list_lock);
4477 list_for_each_entry(c, &chan_list, global_l) {
4478 struct sock *sk = c->sk;
4343478f 4479
89bc500e 4480 if (c->state != BT_LISTEN)
1da177e4
LT		 4481 continue;
4482
4483 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4484 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4485 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4486 lm1 |= HCI_LM_MASTER;
1da177e4 4487 exact++;
2af6b9d5
MH		 4488 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4489 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4490 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4491 lm2 |= HCI_LM_MASTER;
4492 }
1da177e4 4493 }
23691d75 4494 read_unlock(&chan_list_lock);
1da177e4
LT		 4495
4496 return exact ? lm1 : lm2;
4497}
4498
686ebf28 4499int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4500{
0139418c
MH		 4501 struct l2cap_conn *conn;
4502
1da177e4
LT		 4503 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4504
1da177e4 4505 if (!status) {
1da177e4
LT		 4506 conn = l2cap_conn_add(hcon, status);
4507 if (conn)
4508 l2cap_conn_ready(conn);
0139418c 4509 } else
e175072f 4510 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4511
4512 return 0;
4513}
4514
686ebf28 4515int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4516{
4517 struct l2cap_conn *conn = hcon->l2cap_data;
4518
4519 BT_DBG("hcon %p", hcon);
4520
686ebf28 4521 if (!conn)
9f5a0d7b 4522 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4523 return conn->disc_reason;
4524}
4525
686ebf28 4526int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4527{
4528 BT_DBG("hcon %p reason %d", hcon, reason);
4529
e175072f 4530 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4531 return 0;
4532}
4533
4343478f 4534static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4535{
715ec005 4536 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4537 return;
4538
f62e4323 4539 if (encrypt == 0x00) {
4343478f 4540 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675 4541 __clear_chan_timer(chan);
b83ddfe2
AK		 4542 __set_chan_timer(chan,
4543 msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
4343478f 4544 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4545 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4546 } else {
4343478f 4547 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4548 __clear_chan_timer(chan);
f62e4323
MH		 4549 }
4550}
4551
686ebf28 4552int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4553{
0139418c 4554 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4555 struct l2cap_chan *chan;
1da177e4 4556
0139418c 4557 if (!conn)
1da177e4 4558 return 0;
0139418c 4559
1da177e4
LT		 4560 BT_DBG("conn %p", conn);
4561
160dc6ac
VCG		 4562 if (hcon->type == LE_LINK) {
4563 smp_distribute_keys(conn, 0);
17cd3f37 4564 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4565 }
4566
3df91ea2 4567 mutex_lock(&conn->chan_lock);
1da177e4 4568
3df91ea2 4569 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4570 l2cap_chan_lock(chan);
1da177e4 4571
f1cb9af5
VCG		 4572 BT_DBG("chan->scid %d", chan->scid);
4573
4574 if (chan->scid == L2CAP_CID_LE_DATA) {
4575 if (!status && encrypt) {
4576 chan->sec_level = hcon->sec_level;
cf4cd009 4577 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4578 }
4579
6be36555 4580 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4581 continue;
4582 }
4583
c1360a1c 4584 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4585 l2cap_chan_unlock(chan);
6a8d3010
MH		 4586 continue;
4587 }
4588
89bc500e
GP		 4589 if (!status && (chan->state == BT_CONNECTED ||
4590 chan->state == BT_CONFIG)) {
4343478f 4591 l2cap_check_encryption(chan, encrypt);
6be36555 4592 l2cap_chan_unlock(chan);
9719f8af
MH		 4593 continue;
4594 }
4595
89bc500e 4596 if (chan->state == BT_CONNECT) {
b1235d79 4597 if (!status) {
9b27f350 4598 l2cap_send_conn_req(chan);
b1235d79 4599 } else {
c9b66675 4600 __clear_chan_timer(chan);
b83ddfe2
AK		 4601 __set_chan_timer(chan,
4602 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
b1235d79 4603 }
89bc500e 4604 } else if (chan->state == BT_CONNECT2) {
6be36555 4605 struct sock *sk = chan->sk;
b1235d79 4606 struct l2cap_conn_rsp rsp;
df3c3931 4607 __u16 res, stat;
1da177e4 4608
6be36555
AE		 4609 lock_sock(sk);
4610
b1235d79 4611 if (!status) {
df3c3931
JH		 4612 if (bt_sk(sk)->defer_setup) {
4613 struct sock *parent = bt_sk(sk)->parent;
4614 res = L2CAP_CR_PEND;
4615 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4616 if (parent)
4617 parent->sk_data_ready(parent, 0);
df3c3931 4618 } else {
0e587be7 4619 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4620 res = L2CAP_CR_SUCCESS;
4621 stat = L2CAP_CS_NO_INFO;
4622 }
b1235d79 4623 } else {
0e587be7 4624 __l2cap_state_change(chan, BT_DISCONN);
b83ddfe2
AK		 4625 __set_chan_timer(chan,
4626 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
df3c3931
JH		 4627 res = L2CAP_CR_SEC_BLOCK;
4628 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4629 }
4630
6be36555
AE		 4631 release_sock(sk);
4632
fe4128e0
GP		 4633 rsp.scid = cpu_to_le16(chan->dcid);
4634 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4635 rsp.result = cpu_to_le16(res);
4636 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4637 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4638 sizeof(rsp), &rsp);
b1235d79 4639 }
1da177e4 4640
6be36555 4641 l2cap_chan_unlock(chan);
1da177e4
LT		 4642 }
4643
3df91ea2 4644 mutex_unlock(&conn->chan_lock);
b1235d79 4645
1da177e4
LT		 4646 return 0;
4647}
4648
686ebf28 4649int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4650{
4651 struct l2cap_conn *conn = hcon->l2cap_data;
4652
5a08ecce
AE		 4653 if (!conn)
4654 conn = l2cap_conn_add(hcon, 0);
4655
4656 if (!conn)
1da177e4
LT		 4657 goto drop;
4658
4659 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4660
e702112f 4661 if (!(flags & ACL_CONT)) {
1da177e4 4662 struct l2cap_hdr *hdr;
48454079 4663 struct l2cap_chan *chan;
89794813 4664 u16 cid;
1da177e4
LT		 4665 int len;
4666
4667 if (conn->rx_len) {
4668 BT_ERR("Unexpected start frame (len %d)", skb->len);
4669 kfree_skb(conn->rx_skb);
4670 conn->rx_skb = NULL;
4671 conn->rx_len = 0;
4672 l2cap_conn_unreliable(conn, ECOMM);
4673 }
4674
aae7fe22
AE		 4675 /* Start fragment always begin with Basic L2CAP header */
4676 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4677 BT_ERR("Frame is too short (len %d)", skb->len);
4678 l2cap_conn_unreliable(conn, ECOMM);
4679 goto drop;
4680 }
4681
4682 hdr = (struct l2cap_hdr *) skb->data;
4683 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4684 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4685
4686 if (len == skb->len) {
4687 /* Complete frame received */
4688 l2cap_recv_frame(conn, skb);
4689 return 0;
4690 }
4691
4692 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4693
4694 if (skb->len > len) {
4695 BT_ERR("Frame is too long (len %d, expected len %d)",
4696 skb->len, len);
4697 l2cap_conn_unreliable(conn, ECOMM);
4698 goto drop;
4699 }
4700
baa7e1fa 4701 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4702
48454079
GP		 4703 if (chan && chan->sk) {
4704 struct sock *sk = chan->sk;
3df91ea2 4705 lock_sock(sk);
89794813 4706
0c1bc5c6 4707 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4708 BT_ERR("Frame exceeding recv MTU (len %d, "
4709 "MTU %d)", len,
0c1bc5c6 4710 chan->imtu);
aa2ac881 4711 release_sock(sk);
48454079
GP		 4712 l2cap_conn_unreliable(conn, ECOMM);
4713 goto drop;
4714 }
aa2ac881 4715 release_sock(sk);
48454079 4716 }
89794813 4717
1da177e4 4718 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4719 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4720 if (!conn->rx_skb)
1da177e4
LT		 4721 goto drop;
4722
d626f62b 4723 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4724 skb->len);
1da177e4
LT		 4725 conn->rx_len = len - skb->len;
4726 } else {
4727 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4728
4729 if (!conn->rx_len) {
4730 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4731 l2cap_conn_unreliable(conn, ECOMM);
4732 goto drop;
4733 }
4734
4735 if (skb->len > conn->rx_len) {
4736 BT_ERR("Fragment is too long (len %d, expected %d)",
4737 skb->len, conn->rx_len);
4738 kfree_skb(conn->rx_skb);
4739 conn->rx_skb = NULL;
4740 conn->rx_len = 0;
4741 l2cap_conn_unreliable(conn, ECOMM);
4742 goto drop;
4743 }
4744
d626f62b 4745 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4746 skb->len);
1da177e4
LT		 4747 conn->rx_len -= skb->len;
4748
4749 if (!conn->rx_len) {
4750 /* Complete frame received */
4751 l2cap_recv_frame(conn, conn->rx_skb);
4752 conn->rx_skb = NULL;
4753 }
4754 }
4755
4756drop:
4757 kfree_skb(skb);
4758 return 0;
4759}
4760
aef7d97c 4761static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4762{
23691d75 4763 struct l2cap_chan *c;
1da177e4 4764
333055f2 4765 read_lock(&chan_list_lock);
1da177e4 4766
23691d75
GP		 4767 list_for_each_entry(c, &chan_list, global_l) {
4768 struct sock *sk = c->sk;
101545f6 4769
903d343e 4770 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4771 batostr(&bt_sk(sk)->src),
4772 batostr(&bt_sk(sk)->dst),
89bc500e 4773 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4774 c->scid, c->dcid, c->imtu, c->omtu,
4775 c->sec_level, c->mode);
61e1b4b7 4776 }
1da177e4 4777
333055f2 4778 read_unlock(&chan_list_lock);
1da177e4 4779
aef7d97c 4780 return 0;
1da177e4
LT		 4781}
4782
aef7d97c
MH		 4783static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4784{
4785 return single_open(file, l2cap_debugfs_show, inode->i_private);
4786}
4787
4788static const struct file_operations l2cap_debugfs_fops = {
4789 .open = l2cap_debugfs_open,
4790 .read = seq_read,
4791 .llseek = seq_lseek,
4792 .release = single_release,
4793};
4794
4795static struct dentry *l2cap_debugfs;
1da177e4 4796
64274518 4797int __init l2cap_init(void)
1da177e4
LT		 4798{
4799 int err;
be9d1227 4800
bb58f747 4801 err = l2cap_init_sockets();
1da177e4
LT		 4802 if (err < 0)
4803 return err;
4804
aef7d97c
MH		 4805 if (bt_debugfs) {
4806 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4807 bt_debugfs, NULL, &l2cap_debugfs_fops);
4808 if (!l2cap_debugfs)
4809 BT_ERR("Failed to create L2CAP debug file");
4810 }
1da177e4 4811
1da177e4 4812 return 0;
1da177e4
LT		 4813}
4814
64274518 4815void l2cap_exit(void)
1da177e4 4816{
aef7d97c 4817 debugfs_remove(l2cap_debugfs);
bb58f747 4818 l2cap_cleanup_sockets();
1da177e4
LT		 4819}
4820
d1c4a17d
GP		 4821module_param(disable_ertm, bool, 0644);
4822MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
Linux kernel - Deliverables
This page took 1.394967 seconds and 5 git commands to generate.