projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: move l2cap_sock_sendmsg() to l2cap_sock.c
[deliverable/linux.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
57
dd135240 58#define VERSION "2.15"
44dd46de 59
bb58f747 60int disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 63static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 64
1890d36b
GP		 65static struct workqueue_struct *_busy_wq;
66
bb58f747 67struct bt_sock_list l2cap_sk_list = {
d5fb2962 68 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 69};
70
1890d36b
GP		 71static void l2cap_busy_work(struct work_struct *work);
72
1da177e4 73static void l2cap_sock_close(struct sock *sk);
1da177e4
LT		 74
75static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
76 u8 code, u8 ident, u16 dlen, void *data);
77
218bb9df
GP		 78static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
79
1da177e4 80/* ---- L2CAP timers ---- */
bb58f747 81void l2cap_sock_set_timer(struct sock *sk, long timeout)
940a9eea
AE		 82{
83 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
84 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
85}
86
dcba0dba 87void l2cap_sock_clear_timer(struct sock *sk)
940a9eea
AE		 88{
89 BT_DBG("sock %p state %d", sk, sk->sk_state);
90 sk_stop_timer(sk, &sk->sk_timer);
91}
92
0139418c
MH		 93/* ---- L2CAP channels ---- */
94static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
95{
96 struct sock *s;
97 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
98 if (l2cap_pi(s)->dcid == cid)
99 break;
100 }
101 return s;
102}
103
104static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
105{
106 struct sock *s;
107 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
108 if (l2cap_pi(s)->scid == cid)
109 break;
110 }
111 return s;
112}
113
114/* Find channel with given SCID.
115 * Returns locked socket */
116static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
117{
118 struct sock *s;
119 read_lock(&l->lock);
120 s = __l2cap_get_chan_by_scid(l, cid);
af05b30b
GP		 121 if (s)
122 bh_lock_sock(s);
0139418c
MH		 123 read_unlock(&l->lock);
124 return s;
125}
126
127static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
128{
129 struct sock *s;
130 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
131 if (l2cap_pi(s)->ident == ident)
132 break;
133 }
134 return s;
135}
136
137static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
138{
139 struct sock *s;
140 read_lock(&l->lock);
141 s = __l2cap_get_chan_by_ident(l, ident);
af05b30b
GP		 142 if (s)
143 bh_lock_sock(s);
0139418c
MH		 144 read_unlock(&l->lock);
145 return s;
146}
147
148static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
149{
8db4dc46 150 u16 cid = L2CAP_CID_DYN_START;
0139418c 151
8db4dc46 152 for (; cid < L2CAP_CID_DYN_END; cid++) {
af05b30b 153 if (!__l2cap_get_chan_by_scid(l, cid))
0139418c
MH		 154 return cid;
155 }
156
157 return 0;
158}
159
160static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
161{
162 sock_hold(sk);
163
164 if (l->head)
165 l2cap_pi(l->head)->prev_c = sk;
166
167 l2cap_pi(sk)->next_c = l->head;
168 l2cap_pi(sk)->prev_c = NULL;
169 l->head = sk;
170}
171
172static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
173{
174 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
175
fd1278d7 176 write_lock_bh(&l->lock);
0139418c
MH		 177 if (sk == l->head)
178 l->head = next;
179
180 if (next)
181 l2cap_pi(next)->prev_c = prev;
182 if (prev)
183 l2cap_pi(prev)->next_c = next;
fd1278d7 184 write_unlock_bh(&l->lock);
0139418c
MH		 185
186 __sock_put(sk);
187}
188
189static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
190{
191 struct l2cap_chan_list *l = &conn->chan_list;
192
af05b30b
GP		 193 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
194 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
0139418c 195
2950f21a
MH		 196 conn->disc_reason = 0x13;
197
0139418c
MH		 198 l2cap_pi(sk)->conn = conn;
199
bd3c9e25 200 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
0139418c
MH		 201 /* Alloc CID for connection-oriented socket */
202 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
203 } else if (sk->sk_type == SOCK_DGRAM) {
204 /* Connectionless socket */
8db4dc46
GP		 205 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
206 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
0139418c
MH		 207 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
208 } else {
209 /* Raw socket can send/recv signalling messages only */
8db4dc46
GP		 210 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
211 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
0139418c
MH		 212 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
213 }
214
215 __l2cap_chan_link(l, sk);
216
217 if (parent)
218 bt_accept_enqueue(parent, sk);
219}
220
8e87d142 221/* Delete channel.
0139418c
MH		 222 * Must be called on the locked socket. */
223static void l2cap_chan_del(struct sock *sk, int err)
224{
225 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
226 struct sock *parent = bt_sk(sk)->parent;
227
228 l2cap_sock_clear_timer(sk);
229
230 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
231
8e87d142 232 if (conn) {
0139418c
MH		 233 /* Unlink from channel list */
234 l2cap_chan_unlink(&conn->chan_list, sk);
235 l2cap_pi(sk)->conn = NULL;
236 hci_conn_put(conn->hcon);
237 }
238
b1235d79 239 sk->sk_state = BT_CLOSED;
0139418c
MH		 240 sock_set_flag(sk, SOCK_ZAPPED);
241
242 if (err)
243 sk->sk_err = err;
244
245 if (parent) {
246 bt_accept_unlink(sk);
247 parent->sk_data_ready(parent, 0);
248 } else
249 sk->sk_state_change(sk);
c13ffa62
GP		 250
251 skb_queue_purge(TX_QUEUE(sk));
252
253 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
254 struct srej_list *l, *tmp;
255
256 del_timer(&l2cap_pi(sk)->retrans_timer);
257 del_timer(&l2cap_pi(sk)->monitor_timer);
258 del_timer(&l2cap_pi(sk)->ack_timer);
259
260 skb_queue_purge(SREJ_QUEUE(sk));
261 skb_queue_purge(BUSY_QUEUE(sk));
262
263 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
264 list_del(&l->list);
265 kfree(l);
266 }
267 }
0139418c
MH		 268}
269
8556edd3 270static inline u8 l2cap_get_auth_type(struct sock *sk)
79d554a6 271{
8556edd3
JH		 272 if (sk->sk_type == SOCK_RAW) {
273 switch (l2cap_pi(sk)->sec_level) {
274 case BT_SECURITY_HIGH:
275 return HCI_AT_DEDICATED_BONDING_MITM;
276 case BT_SECURITY_MEDIUM:
277 return HCI_AT_DEDICATED_BONDING;
278 default:
279 return HCI_AT_NO_BONDING;
280 }
281 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
282 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
283 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
0684e5f9 284
00ae4af9 285 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8556edd3 286 return HCI_AT_NO_BONDING_MITM;
00ae4af9 287 else
8556edd3 288 return HCI_AT_NO_BONDING;
00ae4af9
MH		 289 } else {
290 switch (l2cap_pi(sk)->sec_level) {
291 case BT_SECURITY_HIGH:
8556edd3 292 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 293 case BT_SECURITY_MEDIUM:
8556edd3 294 return HCI_AT_GENERAL_BONDING;
00ae4af9 295 default:
8556edd3 296 return HCI_AT_NO_BONDING;
00ae4af9 297 }
0684e5f9 298 }
8556edd3
JH		 299}
300
301/* Service level security */
302static inline int l2cap_check_security(struct sock *sk)
303{
304 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
305 __u8 auth_type;
306
307 auth_type = l2cap_get_auth_type(sk);
79d554a6 308
0684e5f9
MH		 309 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
310 auth_type);
79d554a6
MH		 311}
312
68983259 313u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 314{
315 u8 id;
316
317 /* Get next available identificator.
318 * 1 - 128 are used by kernel.
319 * 129 - 199 are reserved.
320 * 200 - 254 are used by utilities like l2ping, etc.
321 */
322
323 spin_lock_bh(&conn->lock);
324
325 if (++conn->tx_ident > 128)
326 conn->tx_ident = 1;
327
328 id = conn->tx_ident;
329
330 spin_unlock_bh(&conn->lock);
331
332 return id;
333}
334
68983259 335void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 336{
337 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 338 u8 flags;
4e8402a3
MH		 339
340 BT_DBG("code 0x%2.2x", code);
341
342 if (!skb)
9a9c6a34 343 return;
4e8402a3 344
e702112f
AE		 345 if (lmp_no_flush_capable(conn->hcon->hdev))
346 flags = ACL_START_NO_FLUSH;
347 else
348 flags = ACL_START;
349
350 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 351}
352
9a9c6a34 353static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
1c2acffb
GP		 354{
355 struct sk_buff *skb;
356 struct l2cap_hdr *lh;
357 struct l2cap_conn *conn = pi->conn;
c13ffa62 358 struct sock *sk = (struct sock *)pi;
fcc203c3 359 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 360 u8 flags;
fcc203c3 361
c13ffa62
GP		 362 if (sk->sk_state != BT_CONNECTED)
363 return;
364
fcc203c3
GP		 365 if (pi->fcs == L2CAP_FCS_CRC16)
366 hlen += 2;
1c2acffb
GP		 367
368 BT_DBG("pi %p, control 0x%2.2x", pi, control);
369
fcc203c3 370 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 371 control |= L2CAP_CTRL_FRAME_TYPE;
372
9e917af1
GP		 373 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
374 control |= L2CAP_CTRL_FINAL;
375 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
376 }
377
f0946ccf
GP		 378 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
379 control |= L2CAP_CTRL_POLL;
380 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
381 }
382
1c2acffb
GP		 383 skb = bt_skb_alloc(count, GFP_ATOMIC);
384 if (!skb)
9a9c6a34 385 return;
1c2acffb
GP		 386
387 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 388 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
1c2acffb
GP		 389 lh->cid = cpu_to_le16(pi->dcid);
390 put_unaligned_le16(control, skb_put(skb, 2));
391
fcc203c3
GP		 392 if (pi->fcs == L2CAP_FCS_CRC16) {
393 u16 fcs = crc16(0, (u8 *)lh, count - 2);
394 put_unaligned_le16(fcs, skb_put(skb, 2));
395 }
396
e702112f
AE		 397 if (lmp_no_flush_capable(conn->hcon->hdev))
398 flags = ACL_START_NO_FLUSH;
399 else
400 flags = ACL_START;
401
402 hci_send_acl(pi->conn->hcon, skb, flags);
1c2acffb
GP		 403}
404
9a9c6a34 405static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
7e743090 406{
1890d36b 407 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
7e743090 408 control |= L2CAP_SUPER_RCV_NOT_READY;
1890d36b
GP		 409 pi->conn_state |= L2CAP_CONN_RNR_SENT;
410 } else
7e743090
GP		 411 control |= L2CAP_SUPER_RCV_READY;
412
2ab25cdd
GP		 413 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
414
9a9c6a34 415 l2cap_send_sframe(pi, control);
7e743090
GP		 416}
417
e501d055
AE		 418static inline int __l2cap_no_conn_pending(struct sock *sk)
419{
420 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
421}
422
79d554a6
MH		 423static void l2cap_do_start(struct sock *sk)
424{
425 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
426
427 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 428 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
429 return;
430
e501d055 431 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
b1235d79
MH		 432 struct l2cap_conn_req req;
433 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
434 req.psm = l2cap_pi(sk)->psm;
79d554a6 435
b1235d79 436 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
e501d055 437 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
79d554a6 438
b1235d79 439 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 440 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 441 }
79d554a6
MH		 442 } else {
443 struct l2cap_info_req req;
444 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
445
446 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
447 conn->info_ident = l2cap_get_ident(conn);
448
449 mod_timer(&conn->info_timer, jiffies +
450 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
451
452 l2cap_send_cmd(conn, conn->info_ident,
453 L2CAP_INFO_REQ, sizeof(req), &req);
454 }
455}
456
cf6c2c0b
GP		 457static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
458{
459 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 460 if (!disable_ertm)
cf6c2c0b
GP		 461 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
462
463 switch (mode) {
464 case L2CAP_MODE_ERTM:
465 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
466 case L2CAP_MODE_STREAMING:
467 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
468 default:
469 return 0x00;
470 }
471}
472
9b108fc0 473static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
22121fc9
GP		 474{
475 struct l2cap_disconn_req req;
476
c13ffa62
GP		 477 if (!conn)
478 return;
479
480 skb_queue_purge(TX_QUEUE(sk));
481
482 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
483 del_timer(&l2cap_pi(sk)->retrans_timer);
484 del_timer(&l2cap_pi(sk)->monitor_timer);
485 del_timer(&l2cap_pi(sk)->ack_timer);
486 }
487
22121fc9
GP		 488 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
489 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
490 l2cap_send_cmd(conn, l2cap_get_ident(conn),
491 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62
GP		 492
493 sk->sk_state = BT_DISCONN;
9b108fc0 494 sk->sk_err = err;
22121fc9
GP		 495}
496
1da177e4 497/* ---- L2CAP connections ---- */
4e8402a3
MH		 498static void l2cap_conn_start(struct l2cap_conn *conn)
499{
500 struct l2cap_chan_list *l = &conn->chan_list;
cf6c2c0b 501 struct sock_del_list del, *tmp1, *tmp2;
4e8402a3
MH		 502 struct sock *sk;
503
504 BT_DBG("conn %p", conn);
505
cf6c2c0b
GP		 506 INIT_LIST_HEAD(&del.list);
507
4e8402a3
MH		 508 read_lock(&l->lock);
509
510 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
511 bh_lock_sock(sk);
512
bd3c9e25
GP		 513 if (sk->sk_type != SOCK_SEQPACKET &&
514 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 515 bh_unlock_sock(sk);
516 continue;
517 }
518
519 if (sk->sk_state == BT_CONNECT) {
47731de7 520 struct l2cap_conn_req req;
79d554a6 521
47731de7
GP		 522 if (!l2cap_check_security(sk) ||
523 !__l2cap_no_conn_pending(sk)) {
524 bh_unlock_sock(sk);
525 continue;
526 }
79d554a6 527
47731de7
GP		 528 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
529 conn->feat_mask)
530 && l2cap_pi(sk)->conf_state &
531 L2CAP_CONF_STATE2_DEVICE) {
532 tmp1 = kzalloc(sizeof(struct sock_del_list),
533 GFP_ATOMIC);
534 tmp1->sk = sk;
535 list_add_tail(&tmp1->list, &del.list);
536 bh_unlock_sock(sk);
537 continue;
b1235d79 538 }
47731de7
GP		 539
540 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
541 req.psm = l2cap_pi(sk)->psm;
542
543 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
544 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
545
546 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
547 L2CAP_CONN_REQ, sizeof(req), &req);
548
79d554a6
MH		 549 } else if (sk->sk_state == BT_CONNECT2) {
550 struct l2cap_conn_rsp rsp;
e9aeb2dd 551 char buf[128];
79d554a6
MH		 552 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
553 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
554
2af6b9d5 555 if (l2cap_check_security(sk)) {
f66dc81f
MH		 556 if (bt_sk(sk)->defer_setup) {
557 struct sock *parent = bt_sk(sk)->parent;
558 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
559 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
560 parent->sk_data_ready(parent, 0);
561
562 } else {
563 sk->sk_state = BT_CONFIG;
564 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
565 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
566 }
79d554a6
MH		 567 } else {
568 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
569 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
570 }
571
572 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
573 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
e9aeb2dd
GP		 574
575 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
576 rsp.result != L2CAP_CR_SUCCESS) {
577 bh_unlock_sock(sk);
578 continue;
579 }
580
581 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
582 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
583 l2cap_build_conf_req(sk, buf), buf);
584 l2cap_pi(sk)->num_conf_req++;
4e8402a3
MH		 585 }
586
587 bh_unlock_sock(sk);
588 }
589
590 read_unlock(&l->lock);
cf6c2c0b
GP		 591
592 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
593 bh_lock_sock(tmp1->sk);
594 __l2cap_sock_close(tmp1->sk, ECONNRESET);
595 bh_unlock_sock(tmp1->sk);
596 list_del(&tmp1->list);
597 kfree(tmp1);
598 }
4e8402a3
MH		 599}
600
601static void l2cap_conn_ready(struct l2cap_conn *conn)
602{
79d554a6
MH		 603 struct l2cap_chan_list *l = &conn->chan_list;
604 struct sock *sk;
4e8402a3 605
79d554a6 606 BT_DBG("conn %p", conn);
4e8402a3 607
79d554a6 608 read_lock(&l->lock);
4e8402a3 609
79d554a6
MH		 610 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
611 bh_lock_sock(sk);
4e8402a3 612
bd3c9e25
GP		 613 if (sk->sk_type != SOCK_SEQPACKET &&
614 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 615 l2cap_sock_clear_timer(sk);
616 sk->sk_state = BT_CONNECTED;
617 sk->sk_state_change(sk);
618 } else if (sk->sk_state == BT_CONNECT)
619 l2cap_do_start(sk);
4e8402a3 620
79d554a6 621 bh_unlock_sock(sk);
4e8402a3 622 }
79d554a6
MH		 623
624 read_unlock(&l->lock);
4e8402a3
MH		 625}
626
627/* Notify sockets that we cannot guaranty reliability anymore */
628static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
629{
630 struct l2cap_chan_list *l = &conn->chan_list;
631 struct sock *sk;
632
633 BT_DBG("conn %p", conn);
634
635 read_lock(&l->lock);
636
637 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 638 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 639 sk->sk_err = err;
640 }
641
642 read_unlock(&l->lock);
643}
644
645static void l2cap_info_timeout(unsigned long arg)
646{
647 struct l2cap_conn *conn = (void *) arg;
648
984947dc 649 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 650 conn->info_ident = 0;
984947dc 651
4e8402a3
MH		 652 l2cap_conn_start(conn);
653}
654
1da177e4
LT		 655static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
656{
0139418c 657 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 658
0139418c 659 if (conn || status)
1da177e4
LT		 660 return conn;
661
0139418c
MH		 662 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
663 if (!conn)
1da177e4 664 return NULL;
1da177e4
LT		 665
666 hcon->l2cap_data = conn;
667 conn->hcon = hcon;
668
0139418c
MH		 669 BT_DBG("hcon %p conn %p", hcon, conn);
670
1da177e4
LT		 671 conn->mtu = hcon->hdev->acl_mtu;
672 conn->src = &hcon->hdev->bdaddr;
673 conn->dst = &hcon->dst;
674
4e8402a3
MH		 675 conn->feat_mask = 0;
676
1da177e4
LT		 677 spin_lock_init(&conn->lock);
678 rwlock_init(&conn->chan_list.lock);
679
45054dc1
DY		 680 setup_timer(&conn->info_timer, l2cap_info_timeout,
681 (unsigned long) conn);
682
2950f21a
MH		 683 conn->disc_reason = 0x13;
684
1da177e4
LT		 685 return conn;
686}
687
0139418c 688static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 689{
0139418c 690 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 691 struct sock *sk;
692
0139418c
MH		 693 if (!conn)
694 return;
1da177e4
LT		 695
696 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
697
7585b97a 698 kfree_skb(conn->rx_skb);
1da177e4
LT		 699
700 /* Kill channels */
701 while ((sk = conn->chan_list.head)) {
702 bh_lock_sock(sk);
703 l2cap_chan_del(sk, err);
704 bh_unlock_sock(sk);
705 l2cap_sock_kill(sk);
706 }
707
8e8440f5
DY		 708 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
709 del_timer_sync(&conn->info_timer);
3ab22731 710
1da177e4
LT		 711 hcon->l2cap_data = NULL;
712 kfree(conn);
1da177e4
LT		 713}
714
715static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
716{
717 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 718 write_lock_bh(&l->lock);
1da177e4 719 __l2cap_chan_add(conn, sk, parent);
fd1278d7 720 write_unlock_bh(&l->lock);
1da177e4
LT		 721}
722
1da177e4 723/* ---- Socket interface ---- */
1da177e4
LT		 724
725/* Find socket with psm and source bdaddr.
726 * Returns closest match.
727 */
e0f0cb56 728static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 729{
730 struct sock *sk = NULL, *sk1 = NULL;
731 struct hlist_node *node;
732
e0f0cb56
GP		 733 read_lock(&l2cap_sk_list.lock);
734
1da177e4
LT		 735 sk_for_each(sk, node, &l2cap_sk_list.head) {
736 if (state && sk->sk_state != state)
737 continue;
738
739 if (l2cap_pi(sk)->psm == psm) {
740 /* Exact match. */
741 if (!bacmp(&bt_sk(sk)->src, src))
742 break;
743
744 /* Closest match */
745 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
746 sk1 = sk;
747 }
748 }
1da177e4 749
1da177e4 750 read_unlock(&l2cap_sk_list.lock);
e0f0cb56
GP		 751
752 return node ? sk : sk1;
1da177e4
LT		 753}
754
1da177e4
LT		 755static void l2cap_sock_cleanup_listen(struct sock *parent)
756{
757 struct sock *sk;
758
759 BT_DBG("parent %p", parent);
760
761 /* Close not yet accepted channels */
762 while ((sk = bt_accept_dequeue(parent, NULL)))
763 l2cap_sock_close(sk);
764
b1235d79 765 parent->sk_state = BT_CLOSED;
1da177e4
LT		 766 sock_set_flag(parent, SOCK_ZAPPED);
767}
768
769/* Kill socket (only if zapped and orphan)
770 * Must be called on unlocked socket.
771 */
bb58f747 772void l2cap_sock_kill(struct sock *sk)
1da177e4
LT		 773{
774 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
775 return;
776
777 BT_DBG("sk %p state %d", sk, sk->sk_state);
778
779 /* Kill poor orphan */
780 bt_sock_unlink(&l2cap_sk_list, sk);
781 sock_set_flag(sk, SOCK_DEAD);
782 sock_put(sk);
783}
784
bb58f747 785void __l2cap_sock_close(struct sock *sk, int reason)
1da177e4
LT		 786{
787 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
788
789 switch (sk->sk_state) {
790 case BT_LISTEN:
791 l2cap_sock_cleanup_listen(sk);
792 break;
793
794 case BT_CONNECTED:
795 case BT_CONFIG:
bd3c9e25
GP		 796 if (sk->sk_type == SOCK_SEQPACKET ||
797 sk->sk_type == SOCK_STREAM) {
1da177e4 798 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1da177e4 799
1da177e4 800 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
9b108fc0 801 l2cap_send_disconn_req(conn, sk, reason);
b1235d79 802 } else
1da177e4 803 l2cap_chan_del(sk, reason);
1da177e4
LT		 804 break;
805
f66dc81f 806 case BT_CONNECT2:
bd3c9e25
GP		 807 if (sk->sk_type == SOCK_SEQPACKET ||
808 sk->sk_type == SOCK_STREAM) {
f66dc81f
MH		 809 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
810 struct l2cap_conn_rsp rsp;
811 __u16 result;
812
813 if (bt_sk(sk)->defer_setup)
814 result = L2CAP_CR_SEC_BLOCK;
815 else
816 result = L2CAP_CR_BAD_PSM;
e733fb62 817 sk->sk_state = BT_DISCONN;
f66dc81f
MH		 818
819 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
820 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
821 rsp.result = cpu_to_le16(result);
822 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
823 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
824 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
825 } else
826 l2cap_chan_del(sk, reason);
827 break;
828
1da177e4
LT		 829 case BT_CONNECT:
830 case BT_DISCONN:
831 l2cap_chan_del(sk, reason);
832 break;
833
834 default:
835 sock_set_flag(sk, SOCK_ZAPPED);
836 break;
837 }
838}
839
840/* Must be called on unlocked socket. */
841static void l2cap_sock_close(struct sock *sk)
842{
843 l2cap_sock_clear_timer(sk);
844 lock_sock(sk);
845 __l2cap_sock_close(sk, ECONNRESET);
846 release_sock(sk);
847 l2cap_sock_kill(sk);
848}
849
4e34c50b 850int l2cap_do_connect(struct sock *sk)
1da177e4
LT		 851{
852 bdaddr_t *src = &bt_sk(sk)->src;
853 bdaddr_t *dst = &bt_sk(sk)->dst;
854 struct l2cap_conn *conn;
855 struct hci_conn *hcon;
856 struct hci_dev *hdev;
09ab6f4c 857 __u8 auth_type;
44d0e48e 858 int err;
1da177e4 859
f29972de
MH		 860 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
861 l2cap_pi(sk)->psm);
1da177e4 862
af05b30b
GP		 863 hdev = hci_get_route(dst, src);
864 if (!hdev)
1da177e4
LT		 865 return -EHOSTUNREACH;
866
867 hci_dev_lock_bh(hdev);
868
869 err = -ENOMEM;
870
8556edd3 871 auth_type = l2cap_get_auth_type(sk);
09ab6f4c 872
2af6b9d5
MH		 873 hcon = hci_connect(hdev, ACL_LINK, dst,
874 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 875 if (!hcon)
876 goto done;
877
878 conn = l2cap_conn_add(hcon, 0);
879 if (!conn) {
880 hci_conn_put(hcon);
881 goto done;
882 }
883
884 err = 0;
885
886 /* Update source addr of the socket */
887 bacpy(src, conn->src);
888
889 l2cap_chan_add(conn, sk, NULL);
890
891 sk->sk_state = BT_CONNECT;
892 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
893
894 if (hcon->state == BT_CONNECTED) {
bd3c9e25
GP		 895 if (sk->sk_type != SOCK_SEQPACKET &&
896 sk->sk_type != SOCK_STREAM) {
1da177e4 897 l2cap_sock_clear_timer(sk);
d00ef24f
JH		 898 if (l2cap_check_security(sk))
899 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 900 } else
901 l2cap_do_start(sk);
1da177e4
LT		 902 }
903
904done:
905 hci_dev_unlock_bh(hdev);
906 hci_dev_put(hdev);
907 return err;
908}
909
dcba0dba 910int __l2cap_wait_ack(struct sock *sk)
6161c038
GP		 911{
912 DECLARE_WAITQUEUE(wait, current);
913 int err = 0;
914 int timeo = HZ/5;
915
2b0b05dd 916 add_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 917 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
918 set_current_state(TASK_INTERRUPTIBLE);
919
920 if (!timeo)
921 timeo = HZ/5;
922
923 if (signal_pending(current)) {
924 err = sock_intr_errno(timeo);
925 break;
926 }
927
928 release_sock(sk);
929 timeo = schedule_timeout(timeo);
930 lock_sock(sk);
931
932 err = sock_error(sk);
933 if (err)
934 break;
935 }
936 set_current_state(TASK_RUNNING);
2b0b05dd 937 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 938 return err;
939}
940
e90bac06
GP		 941static void l2cap_monitor_timeout(unsigned long arg)
942{
943 struct sock *sk = (void *) arg;
e90bac06 944
0e98958d
GP		 945 BT_DBG("sk %p", sk);
946
e686219a 947 bh_lock_sock(sk);
e90bac06 948 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
9b108fc0 949 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
b13f5860 950 bh_unlock_sock(sk);
e90bac06
GP		 951 return;
952 }
953
954 l2cap_pi(sk)->retry_count++;
955 __mod_monitor_timer();
956
a2e12a2a 957 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
e686219a 958 bh_unlock_sock(sk);
e90bac06
GP		 959}
960
961static void l2cap_retrans_timeout(unsigned long arg)
962{
963 struct sock *sk = (void *) arg;
e90bac06 964
0e98958d
GP		 965 BT_DBG("sk %p", sk);
966
e686219a 967 bh_lock_sock(sk);
e90bac06
GP		 968 l2cap_pi(sk)->retry_count = 1;
969 __mod_monitor_timer();
970
971 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
972
a2e12a2a 973 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
e686219a 974 bh_unlock_sock(sk);
e90bac06
GP		 975}
976
1c2acffb 977static void l2cap_drop_acked_frames(struct sock *sk)
1da177e4 978{
1c2acffb 979 struct sk_buff *skb;
1da177e4 980
812e737e
GP		 981 while ((skb = skb_peek(TX_QUEUE(sk))) &&
982 l2cap_pi(sk)->unacked_frames) {
1c2acffb
GP		 983 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
984 break;
1da177e4 985
1c2acffb
GP		 986 skb = skb_dequeue(TX_QUEUE(sk));
987 kfree_skb(skb);
1da177e4 988
1c2acffb
GP		 989 l2cap_pi(sk)->unacked_frames--;
990 }
1da177e4 991
e90bac06
GP		 992 if (!l2cap_pi(sk)->unacked_frames)
993 del_timer(&l2cap_pi(sk)->retrans_timer);
1c2acffb 994}
1da177e4 995
fd83ccdb 996void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1c2acffb
GP		 997{
998 struct l2cap_pinfo *pi = l2cap_pi(sk);
e702112f
AE		 999 struct hci_conn *hcon = pi->conn->hcon;
1000 u16 flags;
1c2acffb
GP		 1001
1002 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1da177e4 1003
e702112f
AE		 1004 if (!pi->flushable && lmp_no_flush_capable(hcon->hdev))
1005 flags = ACL_START_NO_FLUSH;
1006 else
1007 flags = ACL_START;
1008
1009 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1010}
1011
fd83ccdb 1012void l2cap_streaming_send(struct sock *sk)
6840ed07 1013{
ccbb84af 1014 struct sk_buff *skb;
6840ed07 1015 struct l2cap_pinfo *pi = l2cap_pi(sk);
fcc203c3 1016 u16 control, fcs;
6840ed07 1017
ccbb84af
GP		 1018 while ((skb = skb_dequeue(TX_QUEUE(sk)))) {
1019 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
6840ed07 1020 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 1021 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1022
e8235c6b 1023 if (pi->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1024 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1025 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1026 }
1027
ccbb84af 1028 l2cap_do_send(sk, skb);
6840ed07
GP		 1029
1030 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
6840ed07 1031 }
6840ed07
GP		 1032}
1033
dfc909be 1034static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
8f17154f
GP		 1035{
1036 struct l2cap_pinfo *pi = l2cap_pi(sk);
1037 struct sk_buff *skb, *tx_skb;
1038 u16 control, fcs;
8f17154f
GP		 1039
1040 skb = skb_peek(TX_QUEUE(sk));
f11d676d
GP		 1041 if (!skb)
1042 return;
8f17154f 1043
f11d676d
GP		 1044 do {
1045 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1046 break;
8f17154f 1047
f11d676d
GP		 1048 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1049 return;
8f17154f 1050
f11d676d 1051 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
8f17154f 1052
f11d676d
GP		 1053 if (pi->remote_max_tx &&
1054 bt_cb(skb)->retries == pi->remote_max_tx) {
9b108fc0 1055 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
f11d676d
GP		 1056 return;
1057 }
1058
1059 tx_skb = skb_clone(skb, GFP_ATOMIC);
1060 bt_cb(skb)->retries++;
1061 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
3cb123d1
GP		 1062
1063 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1064 control |= L2CAP_CTRL_FINAL;
1065 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1066 }
95ffa978 1067
f11d676d
GP		 1068 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1069 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1070
f11d676d
GP		 1071 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1072
1073 if (pi->fcs == L2CAP_FCS_CRC16) {
1074 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1075 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1076 }
1077
1078 l2cap_do_send(sk, tx_skb);
8f17154f
GP		 1079}
1080
fd83ccdb 1081int l2cap_ertm_send(struct sock *sk)
1c2acffb
GP		 1082{
1083 struct sk_buff *skb, *tx_skb;
1084 struct l2cap_pinfo *pi = l2cap_pi(sk);
fcc203c3 1085 u16 control, fcs;
9a9c6a34 1086 int nsent = 0;
1c2acffb 1087
c13ffa62
GP		 1088 if (sk->sk_state != BT_CONNECTED)
1089 return -ENOTCONN;
e90bac06 1090
6e2b6722 1091 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1c2acffb 1092
e90bac06
GP		 1093 if (pi->remote_max_tx &&
1094 bt_cb(skb)->retries == pi->remote_max_tx) {
9b108fc0 1095 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
e90bac06
GP		 1096 break;
1097 }
1098
e420aba3
AE		 1099 tx_skb = skb_clone(skb, GFP_ATOMIC);
1100
e90bac06
GP		 1101 bt_cb(skb)->retries++;
1102
1c2acffb 1103 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1104 control &= L2CAP_CTRL_SAR;
1105
d5392c8f
GP		 1106 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1107 control |= L2CAP_CTRL_FINAL;
1108 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1109 }
9f121a5a 1110 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1c2acffb
GP		 1111 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1112 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1113
e90bac06 1114
e8235c6b 1115 if (pi->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1116 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1117 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1118 }
1119
9a9c6a34
GP		 1120 l2cap_do_send(sk, tx_skb);
1121
e90bac06 1122 __mod_retrans_timer();
1c2acffb
GP		 1123
1124 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1125 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1126
1127 pi->unacked_frames++;
d5392c8f 1128 pi->frames_sent++;
1c2acffb
GP		 1129
1130 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1131 sk->sk_send_head = NULL;
1132 else
1133 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
9e917af1
GP		 1134
1135 nsent++;
1c2acffb
GP		 1136 }
1137
9e917af1
GP		 1138 return nsent;
1139}
1140
dfc909be
GP		 1141static int l2cap_retransmit_frames(struct sock *sk)
1142{
1143 struct l2cap_pinfo *pi = l2cap_pi(sk);
1144 int ret;
1145
dfc909be
GP		 1146 if (!skb_queue_empty(TX_QUEUE(sk)))
1147 sk->sk_send_head = TX_QUEUE(sk)->next;
1148
1149 pi->next_tx_seq = pi->expected_ack_seq;
1150 ret = l2cap_ertm_send(sk);
dfc909be
GP		 1151 return ret;
1152}
1153
9a9c6a34 1154static void l2cap_send_ack(struct l2cap_pinfo *pi)
9e917af1
GP		 1155{
1156 struct sock *sk = (struct sock *)pi;
1157 u16 control = 0;
1158
1159 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1160
1161 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1162 control |= L2CAP_SUPER_RCV_NOT_READY;
1890d36b 1163 pi->conn_state |= L2CAP_CONN_RNR_SENT;
9a9c6a34
GP		 1164 l2cap_send_sframe(pi, control);
1165 return;
9e917af1 1166 }
dfc909be 1167
e0f66218 1168 if (l2cap_ertm_send(sk) > 0)
dfc909be
GP		 1169 return;
1170
1171 control |= L2CAP_SUPER_RCV_READY;
1172 l2cap_send_sframe(pi, control);
1c2acffb
GP		 1173}
1174
9a9c6a34 1175static void l2cap_send_srejtail(struct sock *sk)
99b0d4b7
GP		 1176{
1177 struct srej_list *tail;
1178 u16 control;
1179
1180 control = L2CAP_SUPER_SELECT_REJECT;
1181 control |= L2CAP_CTRL_FINAL;
1182
1183 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1184 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1185
1186 l2cap_send_sframe(l2cap_pi(sk), control);
99b0d4b7
GP		 1187}
1188
1c2acffb
GP		 1189static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1190{
1191 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1192 struct sk_buff **frag;
1193 int err, sent = 0;
1da177e4 1194
59203a21 1195 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1196 return -EFAULT;
1da177e4
LT		 1197
1198 sent += count;
1199 len -= count;
1200
1201 /* Continuation fragments (no L2CAP header) */
1202 frag = &skb_shinfo(skb)->frag_list;
1203 while (len) {
1204 count = min_t(unsigned int, conn->mtu, len);
1205
1206 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1207 if (!*frag)
0175d629 1208 return err;
1c2acffb
GP		 1209 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1210 return -EFAULT;
1da177e4
LT		 1211
1212 sent += count;
1213 len -= count;
1214
1215 frag = &(*frag)->next;
1216 }
1da177e4
LT		 1217
1218 return sent;
1c2acffb 1219}
1da177e4 1220
fd83ccdb 1221struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1c2acffb
GP		 1222{
1223 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1224 struct sk_buff *skb;
1225 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1226 struct l2cap_hdr *lh;
1227
1228 BT_DBG("sk %p len %d", sk, (int)len);
1229
1230 count = min_t(unsigned int, (conn->mtu - hlen), len);
1231 skb = bt_skb_send_alloc(sk, count + hlen,
1232 msg->msg_flags & MSG_DONTWAIT, &err);
1233 if (!skb)
0175d629 1234 return ERR_PTR(err);
1c2acffb
GP		 1235
1236 /* Create L2CAP header */
1237 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1238 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1239 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1240 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1241
1242 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1243 if (unlikely(err < 0)) {
1244 kfree_skb(skb);
1245 return ERR_PTR(err);
1246 }
1247 return skb;
1248}
1249
fd83ccdb 1250struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1c2acffb
GP		 1251{
1252 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1253 struct sk_buff *skb;
1254 int err, count, hlen = L2CAP_HDR_SIZE;
1255 struct l2cap_hdr *lh;
1256
1257 BT_DBG("sk %p len %d", sk, (int)len);
1258
1259 count = min_t(unsigned int, (conn->mtu - hlen), len);
1260 skb = bt_skb_send_alloc(sk, count + hlen,
1261 msg->msg_flags & MSG_DONTWAIT, &err);
1262 if (!skb)
0175d629 1263 return ERR_PTR(err);
1c2acffb
GP		 1264
1265 /* Create L2CAP header */
1266 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1267 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1268 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1269
1270 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1271 if (unlikely(err < 0)) {
1272 kfree_skb(skb);
1273 return ERR_PTR(err);
1274 }
1275 return skb;
1276}
1277
fd83ccdb 1278struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1c2acffb
GP		 1279{
1280 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1281 struct sk_buff *skb;
1282 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1283 struct l2cap_hdr *lh;
1284
1285 BT_DBG("sk %p len %d", sk, (int)len);
1286
0ee0d208
GP		 1287 if (!conn)
1288 return ERR_PTR(-ENOTCONN);
1289
c74e560c
GP		 1290 if (sdulen)
1291 hlen += 2;
1292
fcc203c3
GP		 1293 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1294 hlen += 2;
1295
1c2acffb
GP		 1296 count = min_t(unsigned int, (conn->mtu - hlen), len);
1297 skb = bt_skb_send_alloc(sk, count + hlen,
1298 msg->msg_flags & MSG_DONTWAIT, &err);
1299 if (!skb)
0175d629 1300 return ERR_PTR(err);
1c2acffb
GP		 1301
1302 /* Create L2CAP header */
1303 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1304 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1305 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1306 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1307 if (sdulen)
1308 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1309
1310 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1311 if (unlikely(err < 0)) {
1312 kfree_skb(skb);
1313 return ERR_PTR(err);
1314 }
e90bac06 1315
fcc203c3
GP		 1316 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1317 put_unaligned_le16(0, skb_put(skb, 2));
1318
e90bac06 1319 bt_cb(skb)->retries = 0;
1c2acffb 1320 return skb;
1da177e4
LT		 1321}
1322
fd83ccdb 1323int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
c74e560c
GP		 1324{
1325 struct l2cap_pinfo *pi = l2cap_pi(sk);
1326 struct sk_buff *skb;
1327 struct sk_buff_head sar_queue;
1328 u16 control;
1329 size_t size = 0;
1330
ff12fd64 1331 skb_queue_head_init(&sar_queue);
c74e560c 1332 control = L2CAP_SDU_START;
1c762159 1333 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
c74e560c
GP		 1334 if (IS_ERR(skb))
1335 return PTR_ERR(skb);
1336
1337 __skb_queue_tail(&sar_queue, skb);
1c762159
GP		 1338 len -= pi->remote_mps;
1339 size += pi->remote_mps;
c74e560c
GP		 1340
1341 while (len > 0) {
1342 size_t buflen;
1343
1c762159 1344 if (len > pi->remote_mps) {
44651b85 1345 control = L2CAP_SDU_CONTINUE;
1c762159 1346 buflen = pi->remote_mps;
c74e560c 1347 } else {
44651b85 1348 control = L2CAP_SDU_END;
c74e560c
GP		 1349 buflen = len;
1350 }
1351
6840ed07 1352 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
c74e560c
GP		 1353 if (IS_ERR(skb)) {
1354 skb_queue_purge(&sar_queue);
1355 return PTR_ERR(skb);
1356 }
1357
1358 __skb_queue_tail(&sar_queue, skb);
1359 len -= buflen;
1360 size += buflen;
c74e560c
GP		 1361 }
1362 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1363 if (sk->sk_send_head == NULL)
1364 sk->sk_send_head = sar_queue.next;
1365
1366 return size;
1367}
1368
1da177e4
LT		 1369static void l2cap_chan_ready(struct sock *sk)
1370{
1371 struct sock *parent = bt_sk(sk)->parent;
1372
1373 BT_DBG("sk %p, parent %p", sk, parent);
1374
1375 l2cap_pi(sk)->conf_state = 0;
1376 l2cap_sock_clear_timer(sk);
1377
1378 if (!parent) {
1379 /* Outgoing channel.
1380 * Wake up socket sleeping on connect.
1381 */
1382 sk->sk_state = BT_CONNECTED;
1383 sk->sk_state_change(sk);
1384 } else {
1385 /* Incoming channel.
1386 * Wake up socket sleeping on accept.
1387 */
1388 parent->sk_data_ready(parent, 0);
1389 }
1390}
1391
1392/* Copy frame to all raw sockets on that connection */
1393static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1394{
1395 struct l2cap_chan_list *l = &conn->chan_list;
1396 struct sk_buff *nskb;
af05b30b 1397 struct sock *sk;
1da177e4
LT		 1398
1399 BT_DBG("conn %p", conn);
1400
1401 read_lock(&l->lock);
1402 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1403 if (sk->sk_type != SOCK_RAW)
1404 continue;
1405
1406 /* Don't send frame to the socket it came from */
1407 if (skb->sk == sk)
1408 continue;
af05b30b
GP		 1409 nskb = skb_clone(skb, GFP_ATOMIC);
1410 if (!nskb)
1da177e4
LT		 1411 continue;
1412
1413 if (sock_queue_rcv_skb(sk, nskb))
1414 kfree_skb(nskb);
1415 }
1416 read_unlock(&l->lock);
1417}
1418
1419/* ---- L2CAP signalling commands ---- */
1420static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1421 u8 code, u8 ident, u16 dlen, void *data)
1422{
1423 struct sk_buff *skb, **frag;
1424 struct l2cap_cmd_hdr *cmd;
1425 struct l2cap_hdr *lh;
1426 int len, count;
1427
af05b30b
GP		 1428 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1429 conn, code, ident, dlen);
1da177e4
LT		 1430
1431 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1432 count = min_t(unsigned int, conn->mtu, len);
1433
1434 skb = bt_skb_alloc(count, GFP_ATOMIC);
1435 if (!skb)
1436 return NULL;
1437
1438 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1439 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
8db4dc46 1440 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1441
1442 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1443 cmd->code = code;
1444 cmd->ident = ident;
aca3192c 1445 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1446
1447 if (dlen) {
1448 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1449 memcpy(skb_put(skb, count), data, count);
1450 data += count;
1451 }
1452
1453 len -= skb->len;
1454
1455 /* Continuation fragments (no L2CAP header) */
1456 frag = &skb_shinfo(skb)->frag_list;
1457 while (len) {
1458 count = min_t(unsigned int, conn->mtu, len);
1459
1460 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1461 if (!*frag)
1462 goto fail;
1463
1464 memcpy(skb_put(*frag, count), data, count);
1465
1466 len -= count;
1467 data += count;
1468
1469 frag = &(*frag)->next;
1470 }
1471
1472 return skb;
1473
1474fail:
1475 kfree_skb(skb);
1476 return NULL;
1477}
1478
1479static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1480{
1481 struct l2cap_conf_opt *opt = *ptr;
1482 int len;
1483
1484 len = L2CAP_CONF_OPT_SIZE + opt->len;
1485 *ptr += len;
1486
1487 *type = opt->type;
1488 *olen = opt->len;
1489
1490 switch (opt->len) {
1491 case 1:
1492 *val = *((u8 *) opt->val);
1493 break;
1494
1495 case 2:
bfaaeb3e 1496 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1497 break;
1498
1499 case 4:
bfaaeb3e 1500 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1501 break;
1502
1503 default:
1504 *val = (unsigned long) opt->val;
1505 break;
1506 }
1507
1508 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1509 return len;
1510}
1511
1da177e4
LT		 1512static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1513{
1514 struct l2cap_conf_opt *opt = *ptr;
1515
1516 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1517
1518 opt->type = type;
1519 opt->len = len;
1520
1521 switch (len) {
1522 case 1:
1523 *((u8 *) opt->val) = val;
1524 break;
1525
1526 case 2:
4f8b691c 1527 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1528 break;
1529
1530 case 4:
4f8b691c 1531 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1532 break;
1533
1534 default:
1535 memcpy(opt->val, (void *) val, len);
1536 break;
1537 }
1538
1539 *ptr += L2CAP_CONF_OPT_SIZE + len;
1540}
1541
c1b4f43b
GP		 1542static void l2cap_ack_timeout(unsigned long arg)
1543{
1544 struct sock *sk = (void *) arg;
1545
1546 bh_lock_sock(sk);
1547 l2cap_send_ack(l2cap_pi(sk));
1548 bh_unlock_sock(sk);
1549}
1550
0565c1c2
GP		 1551static inline void l2cap_ertm_init(struct sock *sk)
1552{
1553 l2cap_pi(sk)->expected_ack_seq = 0;
1554 l2cap_pi(sk)->unacked_frames = 0;
1555 l2cap_pi(sk)->buffer_seq = 0;
803020c6 1556 l2cap_pi(sk)->num_acked = 0;
d5392c8f 1557 l2cap_pi(sk)->frames_sent = 0;
0565c1c2
GP		 1558
1559 setup_timer(&l2cap_pi(sk)->retrans_timer,
1560 l2cap_retrans_timeout, (unsigned long) sk);
1561 setup_timer(&l2cap_pi(sk)->monitor_timer,
1562 l2cap_monitor_timeout, (unsigned long) sk);
c1b4f43b
GP		 1563 setup_timer(&l2cap_pi(sk)->ack_timer,
1564 l2cap_ack_timeout, (unsigned long) sk);
0565c1c2
GP		 1565
1566 __skb_queue_head_init(SREJ_QUEUE(sk));
1890d36b
GP		 1567 __skb_queue_head_init(BUSY_QUEUE(sk));
1568
1569 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
218bb9df
GP		 1570
1571 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1572}
1573
f2fcfcd6
GP		 1574static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1575{
1576 switch (mode) {
1577 case L2CAP_MODE_STREAMING:
1578 case L2CAP_MODE_ERTM:
1579 if (l2cap_mode_supported(mode, remote_feat_mask))
1580 return mode;
1581 /* fall through */
1582 default:
1583 return L2CAP_MODE_BASIC;
1584 }
1585}
1586
68983259 1587int l2cap_build_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1588{
1589 struct l2cap_pinfo *pi = l2cap_pi(sk);
1590 struct l2cap_conf_req *req = data;
bd3c9e25 1591 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1da177e4
LT		 1592 void *ptr = req->data;
1593
1594 BT_DBG("sk %p", sk);
1595
f2fcfcd6
GP		 1596 if (pi->num_conf_req || pi->num_conf_rsp)
1597 goto done;
1598
1599 switch (pi->mode) {
1600 case L2CAP_MODE_STREAMING:
1601 case L2CAP_MODE_ERTM:
2ba13ed6 1602 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
85eb53c6 1603 break;
85eb53c6 1604
2ba13ed6 1605 /* fall through */
f2fcfcd6
GP		 1606 default:
1607 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1608 break;
1609 }
1610
1611done:
7990681c
GP		 1612 if (pi->imtu != L2CAP_DEFAULT_MTU)
1613 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1614
65c7c491
MH		 1615 switch (pi->mode) {
1616 case L2CAP_MODE_BASIC:
63406504
GP		 1617 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1618 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
1619 break;
1620
62547752
GP		 1621 rfc.mode = L2CAP_MODE_BASIC;
1622 rfc.txwin_size = 0;
1623 rfc.max_transmit = 0;
1624 rfc.retrans_timeout = 0;
1625 rfc.monitor_timeout = 0;
1626 rfc.max_pdu_size = 0;
1627
63406504
GP		 1628 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1629 (unsigned long) &rfc);
65c7c491
MH		 1630 break;
1631
1632 case L2CAP_MODE_ERTM:
1633 rfc.mode = L2CAP_MODE_ERTM;
14b5aa71 1634 rfc.txwin_size = pi->tx_win;
68d7f0ce 1635 rfc.max_transmit = pi->max_tx;
f2fcfcd6
GP		 1636 rfc.retrans_timeout = 0;
1637 rfc.monitor_timeout = 0;
c74e560c 1638 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
d1daa091 1639 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1c762159 1640 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
f2fcfcd6 1641
63406504
GP		 1642 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1643 (unsigned long) &rfc);
1644
fcc203c3
GP		 1645 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1646 break;
1647
1648 if (pi->fcs == L2CAP_FCS_NONE ||
1649 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1650 pi->fcs = L2CAP_FCS_NONE;
1651 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1652 }
f2fcfcd6
GP		 1653 break;
1654
1655 case L2CAP_MODE_STREAMING:
1656 rfc.mode = L2CAP_MODE_STREAMING;
1657 rfc.txwin_size = 0;
1658 rfc.max_transmit = 0;
1659 rfc.retrans_timeout = 0;
1660 rfc.monitor_timeout = 0;
c74e560c 1661 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
d1daa091 1662 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
1c762159 1663 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
65c7c491 1664
63406504
GP		 1665 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1666 (unsigned long) &rfc);
1667
fcc203c3
GP		 1668 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
1669 break;
1670
1671 if (pi->fcs == L2CAP_FCS_NONE ||
1672 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1673 pi->fcs = L2CAP_FCS_NONE;
1674 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
1675 }
65c7c491
MH		 1676 break;
1677 }
1da177e4
LT		 1678
1679 /* FIXME: Need actual value of the flush timeout */
1680 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1681 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1682
aca3192c
YH		 1683 req->dcid = cpu_to_le16(pi->dcid);
1684 req->flags = cpu_to_le16(0);
1da177e4
LT		 1685
1686 return ptr - data;
1687}
1688
5dee9e7c 1689static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1690{
1691 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1692 struct l2cap_conf_rsp *rsp = data;
1693 void *ptr = rsp->data;
1694 void *req = pi->conf_req;
1695 int len = pi->conf_len;
1696 int type, hint, olen;
1697 unsigned long val;
6464f35f 1698 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1699 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1700 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1701
5dee9e7c 1702 BT_DBG("sk %p", sk);
820ae1b8 1703
5dee9e7c
MH		 1704 while (len >= L2CAP_CONF_OPT_SIZE) {
1705 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1706
589d2746 1707 hint = type & L2CAP_CONF_HINT;
47ec1dcd 1708 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 1709
1710 switch (type) {
1711 case L2CAP_CONF_MTU:
861d6882 1712 mtu = val;
5dee9e7c
MH		 1713 break;
1714
1715 case L2CAP_CONF_FLUSH_TO:
1716 pi->flush_to = val;
1717 break;
1718
1719 case L2CAP_CONF_QOS:
1720 break;
1721
6464f35f
MH		 1722 case L2CAP_CONF_RFC:
1723 if (olen == sizeof(rfc))
1724 memcpy(&rfc, (void *) val, olen);
1725 break;
1726
fcc203c3
GP		 1727 case L2CAP_CONF_FCS:
1728 if (val == L2CAP_FCS_NONE)
1729 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1730
1731 break;
1732
5dee9e7c
MH		 1733 default:
1734 if (hint)
1735 break;
1736
1737 result = L2CAP_CONF_UNKNOWN;
1738 *((u8 *) ptr++) = type;
1739 break;
1740 }
1741 }
1742
e9aeb2dd 1743 if (pi->num_conf_rsp || pi->num_conf_req > 1)
f2fcfcd6
GP		 1744 goto done;
1745
1746 switch (pi->mode) {
1747 case L2CAP_MODE_STREAMING:
1748 case L2CAP_MODE_ERTM:
85eb53c6
GP		 1749 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1750 pi->mode = l2cap_select_mode(rfc.mode,
1751 pi->conn->feat_mask);
1752 break;
1753 }
1754
742e519b 1755 if (pi->mode != rfc.mode)
f2fcfcd6 1756 return -ECONNREFUSED;
742e519b 1757
f2fcfcd6 1758 break;
f2fcfcd6
GP		 1759 }
1760
1761done:
1762 if (pi->mode != rfc.mode) {
1763 result = L2CAP_CONF_UNACCEPT;
1764 rfc.mode = pi->mode;
1765
1766 if (pi->num_conf_rsp == 1)
1767 return -ECONNREFUSED;
1768
1769 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1770 sizeof(rfc), (unsigned long) &rfc);
1771 }
1772
1773
5dee9e7c
MH		 1774 if (result == L2CAP_CONF_SUCCESS) {
1775 /* Configure output options and let the other side know
1776 * which ones we don't like. */
1777
f2fcfcd6
GP		 1778 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1779 result = L2CAP_CONF_UNACCEPT;
1780 else {
1781 pi->omtu = mtu;
1782 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1783 }
1784 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
6464f35f 1785
f2fcfcd6
GP		 1786 switch (rfc.mode) {
1787 case L2CAP_MODE_BASIC:
1788 pi->fcs = L2CAP_FCS_NONE;
1789 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1790 break;
1791
1792 case L2CAP_MODE_ERTM:
1793 pi->remote_tx_win = rfc.txwin_size;
1794 pi->remote_max_tx = rfc.max_transmit;
86b1b263
MM		 1795
1796 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1797 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1c762159
GP		 1798
1799 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 1800
10467e9e
GP		 1801 rfc.retrans_timeout =
1802 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
1803 rfc.monitor_timeout =
1804 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6
GP		 1805
1806 pi->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1807
1808 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1809 sizeof(rfc), (unsigned long) &rfc);
1810
f2fcfcd6
GP		 1811 break;
1812
1813 case L2CAP_MODE_STREAMING:
86b1b263
MM		 1814 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1815 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1c762159
GP		 1816
1817 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1818
1819 pi->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1820
1821 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1822 sizeof(rfc), (unsigned long) &rfc);
1823
f2fcfcd6
GP		 1824 break;
1825
1826 default:
5dee9e7c 1827 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1828
6464f35f 1829 memset(&rfc, 0, sizeof(rfc));
f2fcfcd6
GP		 1830 rfc.mode = pi->mode;
1831 }
6464f35f 1832
f2fcfcd6
GP		 1833 if (result == L2CAP_CONF_SUCCESS)
1834 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1835 }
5dee9e7c
MH		 1836 rsp->scid = cpu_to_le16(pi->dcid);
1837 rsp->result = cpu_to_le16(result);
1838 rsp->flags = cpu_to_le16(0x0000);
1839
1840 return ptr - data;
1da177e4
LT		 1841}
1842
f2fcfcd6
GP		 1843static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
1844{
1845 struct l2cap_pinfo *pi = l2cap_pi(sk);
1846 struct l2cap_conf_req *req = data;
1847 void *ptr = req->data;
1848 int type, olen;
1849 unsigned long val;
1850 struct l2cap_conf_rfc rfc;
1851
1852 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
1853
1854 while (len >= L2CAP_CONF_OPT_SIZE) {
1855 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1856
1857 switch (type) {
1858 case L2CAP_CONF_MTU:
1859 if (val < L2CAP_DEFAULT_MIN_MTU) {
1860 *result = L2CAP_CONF_UNACCEPT;
8183b775 1861 pi->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 1862 } else
8183b775
AE		 1863 pi->imtu = val;
1864 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
f2fcfcd6
GP		 1865 break;
1866
1867 case L2CAP_CONF_FLUSH_TO:
1868 pi->flush_to = val;
1869 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1870 2, pi->flush_to);
1871 break;
1872
1873 case L2CAP_CONF_RFC:
1874 if (olen == sizeof(rfc))
1875 memcpy(&rfc, (void *)val, olen);
1876
1877 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1878 rfc.mode != pi->mode)
1879 return -ECONNREFUSED;
1880
f2fcfcd6
GP		 1881 pi->fcs = 0;
1882
1883 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1884 sizeof(rfc), (unsigned long) &rfc);
1885 break;
1886 }
1887 }
1888
6c2ea7a8
GP		 1889 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
1890 return -ECONNREFUSED;
1891
1892 pi->mode = rfc.mode;
1893
f2fcfcd6
GP		 1894 if (*result == L2CAP_CONF_SUCCESS) {
1895 switch (rfc.mode) {
1896 case L2CAP_MODE_ERTM:
10467e9e
GP		 1897 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1898 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1c762159 1899 pi->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1900 break;
1901 case L2CAP_MODE_STREAMING:
1c762159 1902 pi->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 1903 }
1904 }
1905
1906 req->dcid = cpu_to_le16(pi->dcid);
1907 req->flags = cpu_to_le16(0x0000);
1908
1909 return ptr - data;
1910}
1911
5dee9e7c 1912static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1913{
1914 struct l2cap_conf_rsp *rsp = data;
1915 void *ptr = rsp->data;
1da177e4 1916
5dee9e7c 1917 BT_DBG("sk %p", sk);
1da177e4 1918
aca3192c 1919 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1920 rsp->result = cpu_to_le16(result);
aca3192c 1921 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1922
1923 return ptr - data;
1924}
1925
7b1c0049
GP		 1926static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1927{
1928 struct l2cap_pinfo *pi = l2cap_pi(sk);
1929 int type, olen;
1930 unsigned long val;
1931 struct l2cap_conf_rfc rfc;
1932
1933 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
1934
1935 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
1936 return;
1937
1938 while (len >= L2CAP_CONF_OPT_SIZE) {
1939 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1940
1941 switch (type) {
1942 case L2CAP_CONF_RFC:
1943 if (olen == sizeof(rfc))
1944 memcpy(&rfc, (void *)val, olen);
1945 goto done;
1946 }
1947 }
1948
1949done:
1950 switch (rfc.mode) {
1951 case L2CAP_MODE_ERTM:
10467e9e
GP		 1952 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1953 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
7b1c0049
GP		 1954 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1955 break;
1956 case L2CAP_MODE_STREAMING:
1957 pi->mps = le16_to_cpu(rfc.max_pdu_size);
1958 }
1959}
1960
4e8402a3
MH		 1961static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1962{
1963 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1964
1965 if (rej->reason != 0x0000)
1966 return 0;
1967
1968 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1969 cmd->ident == conn->info_ident) {
4e8402a3 1970 del_timer(&conn->info_timer);
984947dc
MH		 1971
1972 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1973 conn->info_ident = 0;
984947dc 1974
4e8402a3
MH		 1975 l2cap_conn_start(conn);
1976 }
1977
1978 return 0;
1979}
1980
1da177e4
LT		 1981static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1982{
1983 struct l2cap_chan_list *list = &conn->chan_list;
1984 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1985 struct l2cap_conn_rsp rsp;
d793fe8c 1986 struct sock *parent, *sk = NULL;
e7c29cb1 1987 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1988
1989 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1990 __le16 psm = req->psm;
1da177e4
LT		 1991
1992 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1993
1994 /* Check if we have socket listening on psm */
1995 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1996 if (!parent) {
1997 result = L2CAP_CR_BAD_PSM;
1998 goto sendresp;
1999 }
2000
e0f0cb56
GP		 2001 bh_lock_sock(parent);
2002
e7c29cb1
MH		 2003 /* Check if the ACL is secure enough (if not SDP) */
2004 if (psm != cpu_to_le16(0x0001) &&
2005 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2006 conn->disc_reason = 0x05;
e7c29cb1
MH		 2007 result = L2CAP_CR_SEC_BLOCK;
2008 goto response;
2009 }
2010
1da177e4
LT		 2011 result = L2CAP_CR_NO_MEM;
2012
2013 /* Check for backlog size */
2014 if (sk_acceptq_is_full(parent)) {
8e87d142 2015 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2016 goto response;
2017 }
2018
3b1e0a65 2019 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 2020 if (!sk)
2021 goto response;
2022
fd1278d7 2023 write_lock_bh(&list->lock);
1da177e4
LT		 2024
2025 /* Check if we already have channel with that dcid */
2026 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 2027 write_unlock_bh(&list->lock);
1da177e4
LT		 2028 sock_set_flag(sk, SOCK_ZAPPED);
2029 l2cap_sock_kill(sk);
2030 goto response;
2031 }
2032
2033 hci_conn_hold(conn->hcon);
2034
2035 l2cap_sock_init(sk, parent);
2036 bacpy(&bt_sk(sk)->src, conn->src);
2037 bacpy(&bt_sk(sk)->dst, conn->dst);
2038 l2cap_pi(sk)->psm = psm;
2039 l2cap_pi(sk)->dcid = scid;
2040
2041 __l2cap_chan_add(conn, sk, parent);
2042 dcid = l2cap_pi(sk)->scid;
2043
2044 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2045
1da177e4
LT		 2046 l2cap_pi(sk)->ident = cmd->ident;
2047
984947dc 2048 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2af6b9d5 2049 if (l2cap_check_security(sk)) {
f66dc81f
MH		 2050 if (bt_sk(sk)->defer_setup) {
2051 sk->sk_state = BT_CONNECT2;
2052 result = L2CAP_CR_PEND;
2053 status = L2CAP_CS_AUTHOR_PEND;
2054 parent->sk_data_ready(parent, 0);
2055 } else {
2056 sk->sk_state = BT_CONFIG;
2057 result = L2CAP_CR_SUCCESS;
2058 status = L2CAP_CS_NO_INFO;
2059 }
79d554a6
MH		 2060 } else {
2061 sk->sk_state = BT_CONNECT2;
2062 result = L2CAP_CR_PEND;
2063 status = L2CAP_CS_AUTHEN_PEND;
2064 }
2065 } else {
2066 sk->sk_state = BT_CONNECT2;
2067 result = L2CAP_CR_PEND;
2068 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2069 }
2070
fd1278d7 2071 write_unlock_bh(&list->lock);
1da177e4
LT		 2072
2073response:
2074 bh_unlock_sock(parent);
2075
2076sendresp:
aca3192c
YH		 2077 rsp.scid = cpu_to_le16(scid);
2078 rsp.dcid = cpu_to_le16(dcid);
2079 rsp.result = cpu_to_le16(result);
2080 rsp.status = cpu_to_le16(status);
1da177e4 2081 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2082
2083 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2084 struct l2cap_info_req info;
2085 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2086
2087 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2088 conn->info_ident = l2cap_get_ident(conn);
2089
2090 mod_timer(&conn->info_timer, jiffies +
2091 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2092
2093 l2cap_send_cmd(conn, conn->info_ident,
2094 L2CAP_INFO_REQ, sizeof(info), &info);
2095 }
2096
d793fe8c 2097 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
e9aeb2dd
GP		 2098 result == L2CAP_CR_SUCCESS) {
2099 u8 buf[128];
2100 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2101 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2102 l2cap_build_conf_req(sk, buf), buf);
2103 l2cap_pi(sk)->num_conf_req++;
2104 }
2105
1da177e4
LT		 2106 return 0;
2107}
2108
2109static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2110{
2111 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2112 u16 scid, dcid, result, status;
2113 struct sock *sk;
2114 u8 req[128];
2115
2116 scid = __le16_to_cpu(rsp->scid);
2117 dcid = __le16_to_cpu(rsp->dcid);
2118 result = __le16_to_cpu(rsp->result);
2119 status = __le16_to_cpu(rsp->status);
2120
2121 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2122
2123 if (scid) {
af05b30b
GP		 2124 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2125 if (!sk)
57d3b22b 2126 return -EFAULT;
1da177e4 2127 } else {
af05b30b
GP		 2128 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2129 if (!sk)
57d3b22b 2130 return -EFAULT;
1da177e4
LT		 2131 }
2132
2133 switch (result) {
2134 case L2CAP_CR_SUCCESS:
2135 sk->sk_state = BT_CONFIG;
2136 l2cap_pi(sk)->ident = 0;
2137 l2cap_pi(sk)->dcid = dcid;
6a8d3010
MH		 2138 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2139
e9aeb2dd
GP		 2140 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
2141 break;
2142
2143 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2144
1da177e4
LT		 2145 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2146 l2cap_build_conf_req(sk, req), req);
f2fcfcd6 2147 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2148 break;
2149
2150 case L2CAP_CR_PEND:
6a8d3010 2151 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4
LT		 2152 break;
2153
2154 default:
a49184c2
AE		 2155 /* don't delete l2cap channel if sk is owned by user */
2156 if (sock_owned_by_user(sk)) {
2157 sk->sk_state = BT_DISCONN;
2158 l2cap_sock_clear_timer(sk);
2159 l2cap_sock_set_timer(sk, HZ / 5);
2160 break;
2161 }
2162
1da177e4
LT		 2163 l2cap_chan_del(sk, ECONNREFUSED);
2164 break;
2165 }
2166
2167 bh_unlock_sock(sk);
2168 return 0;
2169}
2170
8c462b60
MM		 2171static inline void set_default_fcs(struct l2cap_pinfo *pi)
2172{
2173 /* FCS is enabled only in ERTM or streaming mode, if one or both
2174 * sides request it.
2175 */
2176 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
2177 pi->fcs = L2CAP_FCS_NONE;
2178 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
2179 pi->fcs = L2CAP_FCS_CRC16;
2180}
2181
88219a0f 2182static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2183{
2184 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2185 u16 dcid, flags;
2186 u8 rsp[64];
2187 struct sock *sk;
5dee9e7c 2188 int len;
1da177e4
LT		 2189
2190 dcid = __le16_to_cpu(req->dcid);
2191 flags = __le16_to_cpu(req->flags);
2192
2193 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2194
af05b30b
GP		 2195 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2196 if (!sk)
1da177e4
LT		 2197 return -ENOENT;
2198
df6bd743
GP		 2199 if (sk->sk_state != BT_CONFIG) {
2200 struct l2cap_cmd_rej rej;
2201
2202 rej.reason = cpu_to_le16(0x0002);
2203 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2204 sizeof(rej), &rej);
354f60a9 2205 goto unlock;
df6bd743 2206 }
354f60a9 2207
5dee9e7c 2208 /* Reject if config buffer is too small. */
88219a0f 2209 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 2210 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2211 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2212 l2cap_build_conf_rsp(sk, rsp,
2213 L2CAP_CONF_REJECT, flags), rsp);
2214 goto unlock;
2215 }
2216
2217 /* Store config. */
2218 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2219 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 2220
2221 if (flags & 0x0001) {
2222 /* Incomplete config. Send empty response. */
2223 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 2224 l2cap_build_conf_rsp(sk, rsp,
2225 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2226 goto unlock;
2227 }
2228
2229 /* Complete config. */
5dee9e7c 2230 len = l2cap_parse_conf_req(sk, rsp);
f2fcfcd6 2231 if (len < 0) {
9b108fc0 2232 l2cap_send_disconn_req(conn, sk, ECONNRESET);
1da177e4 2233 goto unlock;
f2fcfcd6 2234 }
1da177e4 2235
5dee9e7c 2236 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
f2fcfcd6 2237 l2cap_pi(sk)->num_conf_rsp++;
5dee9e7c 2238
5dee9e7c
MH		 2239 /* Reset config buffer. */
2240 l2cap_pi(sk)->conf_len = 0;
2241
876d9484
MH		 2242 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2243 goto unlock;
2244
1da177e4 2245 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
8c462b60 2246 set_default_fcs(l2cap_pi(sk));
fcc203c3 2247
1da177e4 2248 sk->sk_state = BT_CONNECTED;
e90bac06 2249
0565c1c2
GP		 2250 l2cap_pi(sk)->next_tx_seq = 0;
2251 l2cap_pi(sk)->expected_tx_seq = 0;
1c2acffb 2252 __skb_queue_head_init(TX_QUEUE(sk));
0565c1c2
GP		 2253 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2254 l2cap_ertm_init(sk);
2255
1da177e4 2256 l2cap_chan_ready(sk);
876d9484
MH		 2257 goto unlock;
2258 }
2259
2260 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2261 u8 buf[64];
ab3e5715 2262 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1da177e4 2263 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 2264 l2cap_build_conf_req(sk, buf), buf);
f2fcfcd6 2265 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2266 }
2267
2268unlock:
2269 bh_unlock_sock(sk);
2270 return 0;
2271}
2272
2273static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2274{
2275 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2276 u16 scid, flags, result;
2277 struct sock *sk;
7b1c0049 2278 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2279
2280 scid = __le16_to_cpu(rsp->scid);
2281 flags = __le16_to_cpu(rsp->flags);
2282 result = __le16_to_cpu(rsp->result);
2283
af05b30b
GP		 2284 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2285 scid, flags, result);
1da177e4 2286
af05b30b
GP		 2287 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2288 if (!sk)
1da177e4
LT		 2289 return 0;
2290
2291 switch (result) {
2292 case L2CAP_CONF_SUCCESS:
7b1c0049 2293 l2cap_conf_rfc_get(sk, rsp->data, len);
1da177e4
LT		 2294 break;
2295
2296 case L2CAP_CONF_UNACCEPT:
f2fcfcd6 2297 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2298 char req[64];
2299
c2c77ec8 2300 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
9b108fc0 2301 l2cap_send_disconn_req(conn, sk, ECONNRESET);
c2c77ec8
AE		 2302 goto done;
2303 }
2304
f2fcfcd6
GP		 2305 /* throw out any old stored conf requests */
2306 result = L2CAP_CONF_SUCCESS;
2307 len = l2cap_parse_conf_rsp(sk, rsp->data,
2308 len, req, &result);
2309 if (len < 0) {
9b108fc0 2310 l2cap_send_disconn_req(conn, sk, ECONNRESET);
f2fcfcd6
GP		 2311 goto done;
2312 }
2313
2314 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2315 L2CAP_CONF_REQ, len, req);
2316 l2cap_pi(sk)->num_conf_req++;
2317 if (result != L2CAP_CONF_SUCCESS)
2318 goto done;
2319 break;
1da177e4
LT		 2320 }
2321
8e87d142 2322 default:
b1235d79 2323 sk->sk_err = ECONNRESET;
1da177e4 2324 l2cap_sock_set_timer(sk, HZ * 5);
9b108fc0 2325 l2cap_send_disconn_req(conn, sk, ECONNRESET);
1da177e4
LT		 2326 goto done;
2327 }
2328
2329 if (flags & 0x01)
2330 goto done;
2331
1da177e4
LT		 2332 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2333
2334 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
8c462b60 2335 set_default_fcs(l2cap_pi(sk));
fcc203c3 2336
1da177e4 2337 sk->sk_state = BT_CONNECTED;
0565c1c2 2338 l2cap_pi(sk)->next_tx_seq = 0;
1c2acffb 2339 l2cap_pi(sk)->expected_tx_seq = 0;
1c2acffb 2340 __skb_queue_head_init(TX_QUEUE(sk));
0565c1c2
GP		 2341 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2342 l2cap_ertm_init(sk);
2343
1da177e4
LT		 2344 l2cap_chan_ready(sk);
2345 }
2346
2347done:
2348 bh_unlock_sock(sk);
2349 return 0;
2350}
2351
2352static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2353{
2354 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2355 struct l2cap_disconn_rsp rsp;
2356 u16 dcid, scid;
2357 struct sock *sk;
2358
2359 scid = __le16_to_cpu(req->scid);
2360 dcid = __le16_to_cpu(req->dcid);
2361
2362 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2363
af05b30b
GP		 2364 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2365 if (!sk)
1da177e4
LT		 2366 return 0;
2367
aca3192c
YH		 2368 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2369 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2370 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2371
2372 sk->sk_shutdown = SHUTDOWN_MASK;
2373
a49184c2
AE		 2374 /* don't delete l2cap channel if sk is owned by user */
2375 if (sock_owned_by_user(sk)) {
2376 sk->sk_state = BT_DISCONN;
2377 l2cap_sock_clear_timer(sk);
2378 l2cap_sock_set_timer(sk, HZ / 5);
2379 bh_unlock_sock(sk);
2380 return 0;
2381 }
2382
1da177e4
LT		 2383 l2cap_chan_del(sk, ECONNRESET);
2384 bh_unlock_sock(sk);
2385
2386 l2cap_sock_kill(sk);
2387 return 0;
2388}
2389
2390static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2391{
2392 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2393 u16 dcid, scid;
2394 struct sock *sk;
2395
2396 scid = __le16_to_cpu(rsp->scid);
2397 dcid = __le16_to_cpu(rsp->dcid);
2398
2399 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2400
af05b30b
GP		 2401 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2402 if (!sk)
1da177e4
LT		 2403 return 0;
2404
a49184c2
AE		 2405 /* don't delete l2cap channel if sk is owned by user */
2406 if (sock_owned_by_user(sk)) {
2407 sk->sk_state = BT_DISCONN;
2408 l2cap_sock_clear_timer(sk);
2409 l2cap_sock_set_timer(sk, HZ / 5);
2410 bh_unlock_sock(sk);
2411 return 0;
2412 }
2413
1da177e4
LT		 2414 l2cap_chan_del(sk, 0);
2415 bh_unlock_sock(sk);
2416
2417 l2cap_sock_kill(sk);
2418 return 0;
2419}
2420
2421static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2422{
2423 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2424 u16 type;
2425
2426 type = __le16_to_cpu(req->type);
2427
2428 BT_DBG("type 0x%4.4x", type);
2429
f0709e03
MH		 2430 if (type == L2CAP_IT_FEAT_MASK) {
2431 u8 buf[8];
44dd46de 2432 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2433 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2434 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2435 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2436 if (!disable_ertm)
fcc203c3
GP		 2437 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2438 | L2CAP_FEAT_FCS;
1b7bf4ed 2439 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2440 l2cap_send_cmd(conn, cmd->ident,
2441 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2442 } else if (type == L2CAP_IT_FIXED_CHAN) {
2443 u8 buf[12];
2444 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2445 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2446 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2447 memcpy(buf + 4, l2cap_fixed_chan, 8);
2448 l2cap_send_cmd(conn, cmd->ident,
2449 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2450 } else {
2451 struct l2cap_info_rsp rsp;
2452 rsp.type = cpu_to_le16(type);
2453 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2454 l2cap_send_cmd(conn, cmd->ident,
2455 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2456 }
1da177e4
LT		 2457
2458 return 0;
2459}
2460
2461static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2462{
2463 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2464 u16 type, result;
2465
2466 type = __le16_to_cpu(rsp->type);
2467 result = __le16_to_cpu(rsp->result);
2468
2469 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2470
4e8402a3
MH		 2471 del_timer(&conn->info_timer);
2472
adb08ede
VT		 2473 if (result != L2CAP_IR_SUCCESS) {
2474 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2475 conn->info_ident = 0;
2476
2477 l2cap_conn_start(conn);
2478
2479 return 0;
2480 }
2481
984947dc 2482 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2483 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2484
47ec1dcd 2485 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2486 struct l2cap_info_req req;
2487 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2488
2489 conn->info_ident = l2cap_get_ident(conn);
2490
2491 l2cap_send_cmd(conn, conn->info_ident,
2492 L2CAP_INFO_REQ, sizeof(req), &req);
2493 } else {
2494 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2495 conn->info_ident = 0;
2496
2497 l2cap_conn_start(conn);
2498 }
2499 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2500 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2501 conn->info_ident = 0;
984947dc
MH		 2502
2503 l2cap_conn_start(conn);
2504 }
4e8402a3 2505
1da177e4
LT		 2506 return 0;
2507}
2508
2509static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2510{
2511 u8 *data = skb->data;
2512 int len = skb->len;
2513 struct l2cap_cmd_hdr cmd;
2514 int err = 0;
2515
2516 l2cap_raw_recv(conn, skb);
2517
2518 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2519 u16 cmd_len;
1da177e4
LT		 2520 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2521 data += L2CAP_CMD_HDR_SIZE;
2522 len -= L2CAP_CMD_HDR_SIZE;
2523
88219a0f 2524 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2525
88219a0f 2526 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2527
88219a0f 2528 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2529 BT_DBG("corrupted command");
2530 break;
2531 }
2532
2533 switch (cmd.code) {
2534 case L2CAP_COMMAND_REJ:
4e8402a3 2535 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2536 break;
2537
2538 case L2CAP_CONN_REQ:
2539 err = l2cap_connect_req(conn, &cmd, data);
2540 break;
2541
2542 case L2CAP_CONN_RSP:
2543 err = l2cap_connect_rsp(conn, &cmd, data);
2544 break;
2545
2546 case L2CAP_CONF_REQ:
88219a0f 2547 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2548 break;
2549
2550 case L2CAP_CONF_RSP:
2551 err = l2cap_config_rsp(conn, &cmd, data);
2552 break;
2553
2554 case L2CAP_DISCONN_REQ:
2555 err = l2cap_disconnect_req(conn, &cmd, data);
2556 break;
2557
2558 case L2CAP_DISCONN_RSP:
2559 err = l2cap_disconnect_rsp(conn, &cmd, data);
2560 break;
2561
2562 case L2CAP_ECHO_REQ:
88219a0f 2563 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2564 break;
2565
2566 case L2CAP_ECHO_RSP:
2567 break;
2568
2569 case L2CAP_INFO_REQ:
2570 err = l2cap_information_req(conn, &cmd, data);
2571 break;
2572
2573 case L2CAP_INFO_RSP:
2574 err = l2cap_information_rsp(conn, &cmd, data);
2575 break;
2576
2577 default:
2578 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2579 err = -EINVAL;
2580 break;
2581 }
2582
2583 if (err) {
2584 struct l2cap_cmd_rej rej;
2585 BT_DBG("error %d", err);
2586
2587 /* FIXME: Map err to a valid reason */
aca3192c 2588 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2589 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2590 }
2591
88219a0f
AV		 2592 data += cmd_len;
2593 len -= cmd_len;
1da177e4
LT		 2594 }
2595
2596 kfree_skb(skb);
2597}
2598
fcc203c3
GP		 2599static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2600{
2601 u16 our_fcs, rcv_fcs;
2602 int hdr_size = L2CAP_HDR_SIZE + 2;
2603
2604 if (pi->fcs == L2CAP_FCS_CRC16) {
2605 skb_trim(skb, skb->len - 2);
2606 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2607 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
2608
2609 if (our_fcs != rcv_fcs)
7a560e5c 2610 return -EBADMSG;
fcc203c3
GP		 2611 }
2612 return 0;
2613}
2614
d5392c8f
GP		 2615static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
2616{
2617 struct l2cap_pinfo *pi = l2cap_pi(sk);
2618 u16 control = 0;
2619
2620 pi->frames_sent = 0;
d5392c8f
GP		 2621
2622 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2623
2624 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
64988868 2625 control |= L2CAP_SUPER_RCV_NOT_READY;
d5392c8f 2626 l2cap_send_sframe(pi, control);
1890d36b 2627 pi->conn_state |= L2CAP_CONN_RNR_SENT;
d5392c8f
GP		 2628 }
2629
4ea727ef
GP		 2630 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
2631 l2cap_retransmit_frames(sk);
d5392c8f
GP		 2632
2633 l2cap_ertm_send(sk);
2634
2635 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2636 pi->frames_sent == 0) {
2637 control |= L2CAP_SUPER_RCV_READY;
d5392c8f
GP		 2638 l2cap_send_sframe(pi, control);
2639 }
2640}
2641
9b53350d 2642static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 2643{
2644 struct sk_buff *next_skb;
bfbacc11
JPRV		 2645 struct l2cap_pinfo *pi = l2cap_pi(sk);
2646 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 2647
2648 bt_cb(skb)->tx_seq = tx_seq;
2649 bt_cb(skb)->sar = sar;
2650
2651 next_skb = skb_peek(SREJ_QUEUE(sk));
2652 if (!next_skb) {
2653 __skb_queue_tail(SREJ_QUEUE(sk), skb);
9b53350d 2654 return 0;
8f17154f
GP		 2655 }
2656
bfbacc11
JPRV		 2657 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
2658 if (tx_seq_offset < 0)
2659 tx_seq_offset += 64;
2660
8f17154f 2661 do {
9b53350d
JPRV		 2662 if (bt_cb(next_skb)->tx_seq == tx_seq)
2663 return -EINVAL;
2664
bfbacc11
JPRV		 2665 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2666 pi->buffer_seq) % 64;
2667 if (next_tx_seq_offset < 0)
2668 next_tx_seq_offset += 64;
2669
2670 if (next_tx_seq_offset > tx_seq_offset) {
8f17154f 2671 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
9b53350d 2672 return 0;
8f17154f
GP		 2673 }
2674
2675 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
2676 break;
2677
59203a21 2678 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
8f17154f
GP		 2679
2680 __skb_queue_tail(SREJ_QUEUE(sk), skb);
9b53350d
JPRV		 2681
2682 return 0;
8f17154f
GP		 2683}
2684
18778a63
GP		 2685static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
2686{
2687 struct l2cap_pinfo *pi = l2cap_pi(sk);
2688 struct sk_buff *_skb;
1890d36b 2689 int err;
18778a63
GP		 2690
2691 switch (control & L2CAP_CTRL_SAR) {
2692 case L2CAP_SDU_UNSEGMENTED:
2693 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2694 goto drop;
2695
2696 err = sock_queue_rcv_skb(sk, skb);
2697 if (!err)
2698 return err;
2699
2700 break;
2701
2702 case L2CAP_SDU_START:
2703 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
2704 goto drop;
2705
2706 pi->sdu_len = get_unaligned_le16(skb->data);
18778a63
GP		 2707
2708 if (pi->sdu_len > pi->imtu)
2709 goto disconnect;
2710
2711 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
1890d36b
GP		 2712 if (!pi->sdu)
2713 return -ENOMEM;
2714
2715 /* pull sdu_len bytes only after alloc, because of Local Busy
2716 * condition we have to be sure that this will be executed
2717 * only once, i.e., when alloc does not fail */
2718 skb_pull(skb, 2);
18778a63
GP		 2719
2720 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2721
2722 pi->conn_state |= L2CAP_CONN_SAR_SDU;
2723 pi->partial_sdu_len = skb->len;
2724 break;
2725
2726 case L2CAP_SDU_CONTINUE:
2727 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2728 goto disconnect;
2729
2730 if (!pi->sdu)
2731 goto disconnect;
2732
18778a63
GP		 2733 pi->partial_sdu_len += skb->len;
2734 if (pi->partial_sdu_len > pi->sdu_len)
2735 goto drop;
2736
4178ba46
GP		 2737 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2738
18778a63
GP		 2739 break;
2740
2741 case L2CAP_SDU_END:
2742 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2743 goto disconnect;
2744
2745 if (!pi->sdu)
2746 goto disconnect;
2747
1890d36b 2748 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
1890d36b 2749 pi->partial_sdu_len += skb->len;
18778a63 2750
1890d36b
GP		 2751 if (pi->partial_sdu_len > pi->imtu)
2752 goto drop;
18778a63 2753
1890d36b
GP		 2754 if (pi->partial_sdu_len != pi->sdu_len)
2755 goto drop;
4178ba46
GP		 2756
2757 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
1890d36b 2758 }
18778a63
GP		 2759
2760 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
1890d36b
GP		 2761 if (!_skb) {
2762 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2763 return -ENOMEM;
2764 }
2765
18778a63 2766 err = sock_queue_rcv_skb(sk, _skb);
1890d36b 2767 if (err < 0) {
18778a63 2768 kfree_skb(_skb);
1890d36b
GP		 2769 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
2770 return err;
2771 }
2772
2773 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2774 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
18778a63
GP		 2775
2776 kfree_skb(pi->sdu);
2777 break;
2778 }
2779
2780 kfree_skb(skb);
1890d36b 2781 return 0;
18778a63
GP		 2782
2783drop:
2784 kfree_skb(pi->sdu);
2785 pi->sdu = NULL;
2786
2787disconnect:
9b108fc0 2788 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
18778a63
GP		 2789 kfree_skb(skb);
2790 return 0;
2791}
2792
712132eb
GP		 2793static int l2cap_try_push_rx_skb(struct sock *sk)
2794{
2795 struct l2cap_pinfo *pi = l2cap_pi(sk);
2796 struct sk_buff *skb;
2797 u16 control;
2798 int err;
2799
2800 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
2801 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2802 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2803 if (err < 0) {
2804 skb_queue_head(BUSY_QUEUE(sk), skb);
2805 return -EBUSY;
2806 }
2807
2808 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2809 }
2810
2811 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
2812 goto done;
2813
2814 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2815 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2816 l2cap_send_sframe(pi, control);
2817 l2cap_pi(sk)->retry_count = 1;
2818
2819 del_timer(&pi->retrans_timer);
2820 __mod_monitor_timer();
2821
2822 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
2823
2824done:
2825 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2826 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
2827
2828 BT_DBG("sk %p, Exit local busy", sk);
2829
2830 return 0;
2831}
2832
1890d36b
GP		 2833static void l2cap_busy_work(struct work_struct *work)
2834{
2835 DECLARE_WAITQUEUE(wait, current);
2836 struct l2cap_pinfo *pi =
2837 container_of(work, struct l2cap_pinfo, busy_work);
2838 struct sock *sk = (struct sock *)pi;
2839 int n_tries = 0, timeo = HZ/5, err;
2840 struct sk_buff *skb;
1890d36b
GP		 2841
2842 lock_sock(sk);
2843
2b0b05dd 2844 add_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 2845 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
2846 set_current_state(TASK_INTERRUPTIBLE);
2847
2848 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2849 err = -EBUSY;
9b108fc0 2850 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
712132eb 2851 break;
1890d36b
GP		 2852 }
2853
2854 if (!timeo)
2855 timeo = HZ/5;
2856
2857 if (signal_pending(current)) {
2858 err = sock_intr_errno(timeo);
712132eb 2859 break;
1890d36b
GP		 2860 }
2861
2862 release_sock(sk);
2863 timeo = schedule_timeout(timeo);
2864 lock_sock(sk);
2865
2866 err = sock_error(sk);
2867 if (err)
712132eb 2868 break;
1890d36b 2869
712132eb 2870 if (l2cap_try_push_rx_skb(sk) == 0)
1890d36b
GP		 2871 break;
2872 }
2873
1890d36b 2874 set_current_state(TASK_RUNNING);
2b0b05dd 2875 remove_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 2876
2877 release_sock(sk);
2878}
2879
2880static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
2881{
2882 struct l2cap_pinfo *pi = l2cap_pi(sk);
2883 int sctrl, err;
2884
2885 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2886 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2887 __skb_queue_tail(BUSY_QUEUE(sk), skb);
712132eb
GP		 2888 return l2cap_try_push_rx_skb(sk);
2889
2890
1890d36b
GP		 2891 }
2892
2893 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
2894 if (err >= 0) {
2895 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
2896 return err;
2897 }
2898
2899 /* Busy Condition */
0e98958d
GP		 2900 BT_DBG("sk %p, Enter local busy", sk);
2901
1890d36b
GP		 2902 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
2903 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2904 __skb_queue_tail(BUSY_QUEUE(sk), skb);
2905
2906 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2907 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
2908 l2cap_send_sframe(pi, sctrl);
2909
2910 pi->conn_state |= L2CAP_CONN_RNR_SENT;
2911
7fe9b298
GP		 2912 del_timer(&pi->ack_timer);
2913
1890d36b
GP		 2914 queue_work(_busy_wq, &pi->busy_work);
2915
2916 return err;
2917}
2918
18778a63 2919static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
c74e560c
GP		 2920{
2921 struct l2cap_pinfo *pi = l2cap_pi(sk);
2922 struct sk_buff *_skb;
2923 int err = -EINVAL;
2924
18778a63
GP		 2925 /*
2926 * TODO: We have to notify the userland if some data is lost with the
2927 * Streaming Mode.
2928 */
2929
c74e560c
GP		 2930 switch (control & L2CAP_CTRL_SAR) {
2931 case L2CAP_SDU_UNSEGMENTED:
2932 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
2933 kfree_skb(pi->sdu);
2934 break;
2935 }
2936
2937 err = sock_queue_rcv_skb(sk, skb);
2938 if (!err)
2939 return 0;
2940
2941 break;
2942
2943 case L2CAP_SDU_START:
2944 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
2945 kfree_skb(pi->sdu);
2946 break;
2947 }
2948
2949 pi->sdu_len = get_unaligned_le16(skb->data);
2950 skb_pull(skb, 2);
2951
052897ca
GP		 2952 if (pi->sdu_len > pi->imtu) {
2953 err = -EMSGSIZE;
2954 break;
2955 }
2956
c74e560c
GP		 2957 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
2958 if (!pi->sdu) {
2959 err = -ENOMEM;
2960 break;
2961 }
2962
2963 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2964
2965 pi->conn_state |= L2CAP_CONN_SAR_SDU;
2966 pi->partial_sdu_len = skb->len;
2967 err = 0;
2968 break;
2969
2970 case L2CAP_SDU_CONTINUE:
2971 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2972 break;
2973
2974 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2975
2976 pi->partial_sdu_len += skb->len;
2977 if (pi->partial_sdu_len > pi->sdu_len)
2978 kfree_skb(pi->sdu);
2979 else
2980 err = 0;
2981
2982 break;
2983
2984 case L2CAP_SDU_END:
2985 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
2986 break;
2987
2988 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
2989
2990 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
2991 pi->partial_sdu_len += skb->len;
2992
36f2fd58
GP		 2993 if (pi->partial_sdu_len > pi->imtu)
2994 goto drop;
2995
c74e560c
GP		 2996 if (pi->partial_sdu_len == pi->sdu_len) {
2997 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
2998 err = sock_queue_rcv_skb(sk, _skb);
2999 if (err < 0)
3000 kfree_skb(_skb);
3001 }
c74e560c
GP		 3002 err = 0;
3003
36f2fd58
GP		 3004drop:
3005 kfree_skb(pi->sdu);
c74e560c
GP		 3006 break;
3007 }
3008
3009 kfree_skb(skb);
3010 return err;
3011}
3012
8f17154f
GP		 3013static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3014{
3015 struct sk_buff *skb;
afefdbc4 3016 u16 control;
8f17154f 3017
59203a21 3018 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
8f17154f
GP		 3019 if (bt_cb(skb)->tx_seq != tx_seq)
3020 break;
3021
3022 skb = skb_dequeue(SREJ_QUEUE(sk));
afefdbc4 3023 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
18778a63 3024 l2cap_ertm_reassembly_sdu(sk, skb, control);
8f17154f
GP		 3025 l2cap_pi(sk)->buffer_seq_srej =
3026 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
8ff50ec0 3027 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3028 }
3029}
3030
3031static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3032{
3033 struct l2cap_pinfo *pi = l2cap_pi(sk);
3034 struct srej_list *l, *tmp;
3035 u16 control;
3036
59203a21 3037 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
8f17154f
GP		 3038 if (l->tx_seq == tx_seq) {
3039 list_del(&l->list);
3040 kfree(l);
3041 return;
3042 }
3043 control = L2CAP_SUPER_SELECT_REJECT;
3044 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3045 l2cap_send_sframe(pi, control);
3046 list_del(&l->list);
3047 list_add_tail(&l->list, SREJ_LIST(sk));
3048 }
3049}
3050
3051static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3052{
3053 struct l2cap_pinfo *pi = l2cap_pi(sk);
3054 struct srej_list *new;
3055 u16 control;
3056
3057 while (tx_seq != pi->expected_tx_seq) {
3058 control = L2CAP_SUPER_SELECT_REJECT;
3059 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3060 l2cap_send_sframe(pi, control);
3061
3062 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
8ff50ec0
GP		 3063 new->tx_seq = pi->expected_tx_seq;
3064 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
8f17154f
GP		 3065 list_add_tail(&new->list, SREJ_LIST(sk));
3066 }
8ff50ec0 3067 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
8f17154f
GP		 3068}
3069
1c2acffb
GP		 3070static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3071{
3072 struct l2cap_pinfo *pi = l2cap_pi(sk);
3073 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3074 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3075 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3076 int tx_seq_offset, expected_tx_seq_offset;
803020c6 3077 int num_to_ack = (pi->tx_win/6) + 1;
1c2acffb
GP		 3078 int err = 0;
3079
0e98958d
GP		 3080 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3081 rx_control);
1c2acffb 3082
9b16dc65
GP		 3083 if (L2CAP_CTRL_FINAL & rx_control &&
3084 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
1d8f5d16
GP		 3085 del_timer(&pi->monitor_timer);
3086 if (pi->unacked_frames > 0)
3087 __mod_retrans_timer();
3088 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3089 }
3090
9f121a5a
GP		 3091 pi->expected_ack_seq = req_seq;
3092 l2cap_drop_acked_frames(sk);
3093
8f17154f
GP		 3094 if (tx_seq == pi->expected_tx_seq)
3095 goto expected;
1c2acffb 3096
9b53350d
JPRV		 3097 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3098 if (tx_seq_offset < 0)
3099 tx_seq_offset += 64;
3100
3101 /* invalid tx_seq */
3102 if (tx_seq_offset >= pi->tx_win) {
9b108fc0 3103 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
9b53350d
JPRV		 3104 goto drop;
3105 }
3106
1890d36b
GP		 3107 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3108 goto drop;
3109
8f17154f
GP		 3110 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3111 struct srej_list *first;
30afb5b2 3112
8f17154f
GP		 3113 first = list_first_entry(SREJ_LIST(sk),
3114 struct srej_list, list);
3115 if (tx_seq == first->tx_seq) {
3116 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3117 l2cap_check_srej_gap(sk, tx_seq);
3118
3119 list_del(&first->list);
3120 kfree(first);
3121
3122 if (list_empty(SREJ_LIST(sk))) {
3123 pi->buffer_seq = pi->buffer_seq_srej;
3124 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
855666cc 3125 l2cap_send_ack(pi);
0e98958d 3126 BT_DBG("sk %p, Exit SREJ_SENT", sk);
8f17154f
GP		 3127 }
3128 } else {
3129 struct srej_list *l;
9b53350d
JPRV		 3130
3131 /* duplicated tx_seq */
3132 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
3133 goto drop;
8f17154f
GP		 3134
3135 list_for_each_entry(l, SREJ_LIST(sk), list) {
3136 if (l->tx_seq == tx_seq) {
3137 l2cap_resend_srejframe(sk, tx_seq);
3138 return 0;
3139 }
3140 }
3141 l2cap_send_srejframe(sk, tx_seq);
30afb5b2
GP		 3142 }
3143 } else {
9b53350d
JPRV		 3144 expected_tx_seq_offset =
3145 (pi->expected_tx_seq - pi->buffer_seq) % 64;
3146 if (expected_tx_seq_offset < 0)
3147 expected_tx_seq_offset += 64;
3148
3149 /* duplicated tx_seq */
3150 if (tx_seq_offset < expected_tx_seq_offset)
3151 goto drop;
3152
8f17154f 3153 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
1c2acffb 3154
0e98958d
GP		 3155 BT_DBG("sk %p, Enter SREJ", sk);
3156
8f17154f
GP		 3157 INIT_LIST_HEAD(SREJ_LIST(sk));
3158 pi->buffer_seq_srej = pi->buffer_seq;
3159
3160 __skb_queue_head_init(SREJ_QUEUE(sk));
1890d36b 3161 __skb_queue_head_init(BUSY_QUEUE(sk));
8f17154f
GP		 3162 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3163
ef54fd93
GP		 3164 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3165
8f17154f 3166 l2cap_send_srejframe(sk, tx_seq);
7fe9b298
GP		 3167
3168 del_timer(&pi->ack_timer);
1c2acffb 3169 }
30afb5b2
GP		 3170 return 0;
3171
8f17154f
GP		 3172expected:
3173 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3174
3175 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3b1a9f3f
GP		 3176 bt_cb(skb)->tx_seq = tx_seq;
3177 bt_cb(skb)->sar = sar;
3178 __skb_queue_tail(SREJ_QUEUE(sk), skb);
8f17154f
GP		 3179 return 0;
3180 }
3181
2ece3684
GP		 3182 err = l2cap_push_rx_skb(sk, skb, rx_control);
3183 if (err < 0)
3184 return 0;
3185
4ec10d97
GP		 3186 if (rx_control & L2CAP_CTRL_FINAL) {
3187 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3188 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3189 else
3190 l2cap_retransmit_frames(sk);
4ec10d97
GP		 3191 }
3192
c1b4f43b
GP		 3193 __mod_ack_timer();
3194
803020c6
GP		 3195 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
3196 if (pi->num_acked == num_to_ack - 1)
9e917af1
GP		 3197 l2cap_send_ack(pi);
3198
8f17154f 3199 return 0;
9b53350d
JPRV		 3200
3201drop:
3202 kfree_skb(skb);
3203 return 0;
1c2acffb
GP		 3204}
3205
e072745f 3206static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
1c2acffb
GP		 3207{
3208 struct l2cap_pinfo *pi = l2cap_pi(sk);
6e3a5981 3209
0e98958d
GP		 3210 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3211 rx_control);
3212
6e3a5981
GP		 3213 pi->expected_ack_seq = __get_reqseq(rx_control);
3214 l2cap_drop_acked_frames(sk);
1c2acffb 3215
e072745f 3216 if (rx_control & L2CAP_CTRL_POLL) {
3cb123d1 3217 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
05fbd89d
GP		 3218 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3219 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3220 (pi->unacked_frames > 0))
3221 __mod_retrans_timer();
3222
3223 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3224 l2cap_send_srejtail(sk);
3225 } else {
3226 l2cap_send_i_or_rr_or_rnr(sk);
05fbd89d 3227 }
1d8f5d16 3228
e072745f
GP		 3229 } else if (rx_control & L2CAP_CTRL_FINAL) {
3230 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4ec10d97 3231
e072745f
GP		 3232 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3233 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3234 else
3235 l2cap_retransmit_frames(sk);
2246b2f1 3236
e072745f 3237 } else {
e072745f
GP		 3238 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3239 (pi->unacked_frames > 0))
3240 __mod_retrans_timer();
1c2acffb 3241
2246b2f1 3242 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
894718a6 3243 if (pi->conn_state & L2CAP_CONN_SREJ_SENT)
e072745f 3244 l2cap_send_ack(pi);
894718a6 3245 else
e072745f
GP		 3246 l2cap_ertm_send(sk);
3247 }
3248}
2246b2f1 3249
e072745f
GP		 3250static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3251{
3252 struct l2cap_pinfo *pi = l2cap_pi(sk);
3253 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3254
0e98958d
GP		 3255 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3256
e072745f
GP		 3257 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3258
8abb52ee 3259 pi->expected_ack_seq = tx_seq;
e072745f
GP		 3260 l2cap_drop_acked_frames(sk);
3261
3262 if (rx_control & L2CAP_CTRL_FINAL) {
3263 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3264 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be
GP		 3265 else
3266 l2cap_retransmit_frames(sk);
e072745f 3267 } else {
dfc909be 3268 l2cap_retransmit_frames(sk);
30afb5b2 3269
0301ef04 3270 if (pi->conn_state & L2CAP_CONN_WAIT_F)
e072745f 3271 pi->conn_state |= L2CAP_CONN_REJ_ACT;
e072745f
GP		 3272 }
3273}
3274static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3275{
3276 struct l2cap_pinfo *pi = l2cap_pi(sk);
3277 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3278
0e98958d
GP		 3279 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3280
e072745f 3281 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
2246b2f1 3282
e072745f
GP		 3283 if (rx_control & L2CAP_CTRL_POLL) {
3284 pi->expected_ack_seq = tx_seq;
3285 l2cap_drop_acked_frames(sk);
3cb123d1
GP		 3286
3287 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
dfc909be
GP		 3288 l2cap_retransmit_one_frame(sk, tx_seq);
3289
e072745f 3290 l2cap_ertm_send(sk);
dfc909be 3291
e072745f
GP		 3292 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3293 pi->srej_save_reqseq = tx_seq;
3294 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3295 }
e072745f
GP		 3296 } else if (rx_control & L2CAP_CTRL_FINAL) {
3297 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3298 pi->srej_save_reqseq == tx_seq)
3299 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3300 else
dfc909be 3301 l2cap_retransmit_one_frame(sk, tx_seq);
e072745f 3302 } else {
dfc909be 3303 l2cap_retransmit_one_frame(sk, tx_seq);
e072745f
GP		 3304 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3305 pi->srej_save_reqseq = tx_seq;
3306 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3307 }
e072745f
GP		 3308 }
3309}
3310
3311static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
3312{
3313 struct l2cap_pinfo *pi = l2cap_pi(sk);
3314 u8 tx_seq = __get_reqseq(rx_control);
3315
0e98958d
GP		 3316 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
3317
e072745f
GP		 3318 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3319 pi->expected_ack_seq = tx_seq;
3320 l2cap_drop_acked_frames(sk);
3321
3cb123d1
GP		 3322 if (rx_control & L2CAP_CTRL_POLL)
3323 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3324
99b0d4b7
GP		 3325 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
3326 del_timer(&pi->retrans_timer);
a2e12a2a
GP		 3327 if (rx_control & L2CAP_CTRL_POLL)
3328 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
99b0d4b7 3329 return;
e072745f 3330 }
99b0d4b7
GP		 3331
3332 if (rx_control & L2CAP_CTRL_POLL)
3333 l2cap_send_srejtail(sk);
3334 else
3335 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3336}
3337
3338static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3339{
3340 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3341
9b16dc65
GP		 3342 if (L2CAP_CTRL_FINAL & rx_control &&
3343 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
e072745f
GP		 3344 del_timer(&l2cap_pi(sk)->monitor_timer);
3345 if (l2cap_pi(sk)->unacked_frames > 0)
3346 __mod_retrans_timer();
3347 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
3348 }
3349
3350 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3351 case L2CAP_SUPER_RCV_READY:
3352 l2cap_data_channel_rrframe(sk, rx_control);
8f17154f
GP		 3353 break;
3354
e072745f
GP		 3355 case L2CAP_SUPER_REJECT:
3356 l2cap_data_channel_rejframe(sk, rx_control);
3357 break;
2246b2f1 3358
e072745f
GP		 3359 case L2CAP_SUPER_SELECT_REJECT:
3360 l2cap_data_channel_srejframe(sk, rx_control);
3361 break;
3362
3363 case L2CAP_SUPER_RCV_NOT_READY:
3364 l2cap_data_channel_rnrframe(sk, rx_control);
1c2acffb
GP		 3365 break;
3366 }
3367
faaebd19 3368 kfree_skb(skb);
1c2acffb
GP		 3369 return 0;
3370}
3371
218bb9df
GP		 3372static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3373{
3374 struct l2cap_pinfo *pi = l2cap_pi(sk);
3375 u16 control;
3376 u8 req_seq;
3377 int len, next_tx_seq_offset, req_seq_offset;
3378
3379 control = get_unaligned_le16(skb->data);
3380 skb_pull(skb, 2);
3381 len = skb->len;
3382
3383 /*
3384 * We can just drop the corrupted I-frame here.
3385 * Receiver will miss it and start proper recovery
3386 * procedures and ask retransmission.
3387 */
3388 if (l2cap_check_fcs(pi, skb))
3389 goto drop;
3390
3391 if (__is_sar_start(control) && __is_iframe(control))
3392 len -= 2;
3393
3394 if (pi->fcs == L2CAP_FCS_CRC16)
3395 len -= 2;
3396
3397 if (len > pi->mps) {
3398 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3399 goto drop;
3400 }
3401
3402 req_seq = __get_reqseq(control);
3403 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
3404 if (req_seq_offset < 0)
3405 req_seq_offset += 64;
3406
3407 next_tx_seq_offset =
3408 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
3409 if (next_tx_seq_offset < 0)
3410 next_tx_seq_offset += 64;
3411
3412 /* check for invalid req-seq */
3413 if (req_seq_offset > next_tx_seq_offset) {
3414 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3415 goto drop;
3416 }
3417
3418 if (__is_iframe(control)) {
3419 if (len < 0) {
3420 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3421 goto drop;
3422 }
3423
3424 l2cap_data_channel_iframe(sk, control, skb);
3425 } else {
3426 if (len != 0) {
3427 BT_ERR("%d", len);
3428 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3429 goto drop;
3430 }
3431
3432 l2cap_data_channel_sframe(sk, control, skb);
3433 }
3434
3435 return 0;
3436
3437drop:
3438 kfree_skb(skb);
3439 return 0;
3440}
3441
1da177e4
LT		 3442static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3443{
3444 struct sock *sk;
6840ed07 3445 struct l2cap_pinfo *pi;
51893f88 3446 u16 control;
218bb9df
GP		 3447 u8 tx_seq;
3448 int len;
1da177e4
LT		 3449
3450 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3451 if (!sk) {
3452 BT_DBG("unknown cid 0x%4.4x", cid);
3453 goto drop;
3454 }
3455
6840ed07
GP		 3456 pi = l2cap_pi(sk);
3457
1da177e4
LT		 3458 BT_DBG("sk %p, len %d", sk, skb->len);
3459
3460 if (sk->sk_state != BT_CONNECTED)
3461 goto drop;
3462
6840ed07 3463 switch (pi->mode) {
1c2acffb
GP		 3464 case L2CAP_MODE_BASIC:
3465 /* If socket recv buffers overflows we drop data here
3466 * which is *bad* because L2CAP has to be reliable.
3467 * But we don't have any other choice. L2CAP doesn't
3468 * provide flow control mechanism. */
1da177e4 3469
6840ed07 3470 if (pi->imtu < skb->len)
1c2acffb 3471 goto drop;
1da177e4 3472
1c2acffb
GP		 3473 if (!sock_queue_rcv_skb(sk, skb))
3474 goto done;
3475 break;
3476
3477 case L2CAP_MODE_ERTM:
218bb9df
GP		 3478 if (!sock_owned_by_user(sk)) {
3479 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3480 } else {
218bb9df 3481 if (sk_add_backlog(sk, skb))
277ffbe3 3482 goto drop;
277ffbe3 3483 }
1c2acffb 3484
fcafde2e 3485 goto done;
1c2acffb 3486
6840ed07
GP		 3487 case L2CAP_MODE_STREAMING:
3488 control = get_unaligned_le16(skb->data);
3489 skb_pull(skb, 2);
3490 len = skb->len;
3491
26000089
GP		 3492 if (l2cap_check_fcs(pi, skb))
3493 goto drop;
3494
6840ed07
GP		 3495 if (__is_sar_start(control))
3496 len -= 2;
3497
fcc203c3
GP		 3498 if (pi->fcs == L2CAP_FCS_CRC16)
3499 len -= 2;
3500
51893f88 3501 if (len > pi->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3502 goto drop;
3503
3504 tx_seq = __get_txseq(control);
3505
3506 if (pi->expected_tx_seq == tx_seq)
3507 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3508 else
7dffe421 3509 pi->expected_tx_seq = (tx_seq + 1) % 64;
6840ed07 3510
18778a63 3511 l2cap_streaming_reassembly_sdu(sk, skb, control);
6840ed07
GP		 3512
3513 goto done;
3514
1c2acffb 3515 default:
e8235c6b 3516 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
1c2acffb
GP		 3517 break;
3518 }
1da177e4
LT		 3519
3520drop:
3521 kfree_skb(skb);
3522
3523done:
0139418c
MH		 3524 if (sk)
3525 bh_unlock_sock(sk);
3526
1da177e4
LT		 3527 return 0;
3528}
3529
8e036fc3 3530static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 3531{
3532 struct sock *sk;
3533
3534 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3535 if (!sk)
3536 goto drop;
3537
e0f0cb56
GP		 3538 bh_lock_sock(sk);
3539
1da177e4
LT		 3540 BT_DBG("sk %p, len %d", sk, skb->len);
3541
3542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3543 goto drop;
3544
3545 if (l2cap_pi(sk)->imtu < skb->len)
3546 goto drop;
3547
3548 if (!sock_queue_rcv_skb(sk, skb))
3549 goto done;
3550
3551drop:
3552 kfree_skb(skb);
3553
3554done:
af05b30b
GP		 3555 if (sk)
3556 bh_unlock_sock(sk);
1da177e4
LT		 3557 return 0;
3558}
3559
3560static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3561{
3562 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3563 u16 cid, len;
3564 __le16 psm;
1da177e4
LT		 3565
3566 skb_pull(skb, L2CAP_HDR_SIZE);
3567 cid = __le16_to_cpu(lh->cid);
3568 len = __le16_to_cpu(lh->len);
3569
1c2acffb
GP		 3570 if (len != skb->len) {
3571 kfree_skb(skb);
3572 return;
3573 }
3574
1da177e4
LT		 3575 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3576
3577 switch (cid) {
8db4dc46 3578 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3579 l2cap_sig_channel(conn, skb);
3580 break;
3581
8db4dc46 3582 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3583 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3584 skb_pull(skb, 2);
3585 l2cap_conless_channel(conn, psm, skb);
3586 break;
3587
3588 default:
3589 l2cap_data_channel(conn, cid, skb);
3590 break;
3591 }
3592}
3593
3594/* ---- L2CAP interface with lower layer (HCI) ---- */
3595
3596static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3597{
3598 int exact = 0, lm1 = 0, lm2 = 0;
3599 register struct sock *sk;
3600 struct hlist_node *node;
3601
3602 if (type != ACL_LINK)
963cf687 3603 return -EINVAL;
1da177e4
LT		 3604
3605 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3606
3607 /* Find listening sockets and check their link_mode */
3608 read_lock(&l2cap_sk_list.lock);
3609 sk_for_each(sk, node, &l2cap_sk_list.head) {
3610 if (sk->sk_state != BT_LISTEN)
3611 continue;
3612
3613 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 3614 lm1 |= HCI_LM_ACCEPT;
3615 if (l2cap_pi(sk)->role_switch)
3616 lm1 |= HCI_LM_MASTER;
1da177e4 3617 exact++;
2af6b9d5
MH		 3618 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3619 lm2 |= HCI_LM_ACCEPT;
3620 if (l2cap_pi(sk)->role_switch)
3621 lm2 |= HCI_LM_MASTER;
3622 }
1da177e4
LT		 3623 }
3624 read_unlock(&l2cap_sk_list.lock);
3625
3626 return exact ? lm1 : lm2;
3627}
3628
3629static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3630{
0139418c
MH		 3631 struct l2cap_conn *conn;
3632
1da177e4
LT		 3633 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3634
3635 if (hcon->type != ACL_LINK)
963cf687 3636 return -EINVAL;
1da177e4
LT		 3637
3638 if (!status) {
1da177e4
LT		 3639 conn = l2cap_conn_add(hcon, status);
3640 if (conn)
3641 l2cap_conn_ready(conn);
0139418c 3642 } else
1da177e4
LT		 3643 l2cap_conn_del(hcon, bt_err(status));
3644
3645 return 0;
3646}
3647
2950f21a
MH		 3648static int l2cap_disconn_ind(struct hci_conn *hcon)
3649{
3650 struct l2cap_conn *conn = hcon->l2cap_data;
3651
3652 BT_DBG("hcon %p", hcon);
3653
3654 if (hcon->type != ACL_LINK || !conn)
3655 return 0x13;
3656
3657 return conn->disc_reason;
3658}
3659
3660static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 3661{
3662 BT_DBG("hcon %p reason %d", hcon, reason);
3663
3664 if (hcon->type != ACL_LINK)
963cf687 3665 return -EINVAL;
1da177e4
LT		 3666
3667 l2cap_conn_del(hcon, bt_err(reason));
0139418c 3668
1da177e4
LT		 3669 return 0;
3670}
3671
f62e4323
MH		 3672static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3673{
bd3c9e25 3674 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
255c7601
MH		 3675 return;
3676
f62e4323
MH		 3677 if (encrypt == 0x00) {
3678 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3679 l2cap_sock_clear_timer(sk);
3680 l2cap_sock_set_timer(sk, HZ * 5);
3681 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3682 __l2cap_sock_close(sk, ECONNREFUSED);
3683 } else {
3684 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3685 l2cap_sock_clear_timer(sk);
3686 }
3687}
3688
8c1b2355 3689static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 3690{
3691 struct l2cap_chan_list *l;
0139418c 3692 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 3693 struct sock *sk;
1da177e4 3694
0139418c 3695 if (!conn)
1da177e4 3696 return 0;
0139418c 3697
1da177e4
LT		 3698 l = &conn->chan_list;
3699
3700 BT_DBG("conn %p", conn);
3701
3702 read_lock(&l->lock);
3703
3704 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3705 bh_lock_sock(sk);
3706
6a8d3010
MH		 3707 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3708 bh_unlock_sock(sk);
3709 continue;
3710 }
3711
f62e4323 3712 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 3713 sk->sk_state == BT_CONFIG)) {
f62e4323 3714 l2cap_check_encryption(sk, encrypt);
9719f8af
MH		 3715 bh_unlock_sock(sk);
3716 continue;
3717 }
3718
b1235d79
MH		 3719 if (sk->sk_state == BT_CONNECT) {
3720 if (!status) {
3721 struct l2cap_conn_req req;
3722 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3723 req.psm = l2cap_pi(sk)->psm;
1da177e4 3724
b1235d79 3725 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
e501d055 3726 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4 3727
b1235d79
MH		 3728 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3729 L2CAP_CONN_REQ, sizeof(req), &req);
3730 } else {
3731 l2cap_sock_clear_timer(sk);
3732 l2cap_sock_set_timer(sk, HZ / 10);
3733 }
3734 } else if (sk->sk_state == BT_CONNECT2) {
3735 struct l2cap_conn_rsp rsp;
3736 __u16 result;
1da177e4 3737
b1235d79
MH		 3738 if (!status) {
3739 sk->sk_state = BT_CONFIG;
3740 result = L2CAP_CR_SUCCESS;
3741 } else {
3742 sk->sk_state = BT_DISCONN;
3743 l2cap_sock_set_timer(sk, HZ / 10);
3744 result = L2CAP_CR_SEC_BLOCK;
3745 }
3746
3747 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3748 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3749 rsp.result = cpu_to_le16(result);
e7c29cb1 3750 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 3751 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3752 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3753 }
1da177e4
LT		 3754
3755 bh_unlock_sock(sk);
3756 }
3757
3758 read_unlock(&l->lock);
b1235d79 3759
1da177e4
LT		 3760 return 0;
3761}
3762
3763static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3764{
3765 struct l2cap_conn *conn = hcon->l2cap_data;
3766
5a08ecce
AE		 3767 if (!conn)
3768 conn = l2cap_conn_add(hcon, 0);
3769
3770 if (!conn)
1da177e4
LT		 3771 goto drop;
3772
3773 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3774
e702112f 3775 if (!(flags & ACL_CONT)) {
1da177e4 3776 struct l2cap_hdr *hdr;
89794813
AE		 3777 struct sock *sk;
3778 u16 cid;
1da177e4
LT		 3779 int len;
3780
3781 if (conn->rx_len) {
3782 BT_ERR("Unexpected start frame (len %d)", skb->len);
3783 kfree_skb(conn->rx_skb);
3784 conn->rx_skb = NULL;
3785 conn->rx_len = 0;
3786 l2cap_conn_unreliable(conn, ECOMM);
3787 }
3788
aae7fe22
AE		 3789 /* Start fragment always begin with Basic L2CAP header */
3790 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 3791 BT_ERR("Frame is too short (len %d)", skb->len);
3792 l2cap_conn_unreliable(conn, ECOMM);
3793 goto drop;
3794 }
3795
3796 hdr = (struct l2cap_hdr *) skb->data;
3797 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 3798 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 3799
3800 if (len == skb->len) {
3801 /* Complete frame received */
3802 l2cap_recv_frame(conn, skb);
3803 return 0;
3804 }
3805
3806 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
3807
3808 if (skb->len > len) {
3809 BT_ERR("Frame is too long (len %d, expected len %d)",
3810 skb->len, len);
3811 l2cap_conn_unreliable(conn, ECOMM);
3812 goto drop;
3813 }
3814
89794813
AE		 3815 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3816
3817 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
3818 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)",
3819 len, l2cap_pi(sk)->imtu);
3820 bh_unlock_sock(sk);
3821 l2cap_conn_unreliable(conn, ECOMM);
3822 goto drop;
3823 }
3824
3825 if (sk)
3826 bh_unlock_sock(sk);
3827
1da177e4 3828 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 3829 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
3830 if (!conn->rx_skb)
1da177e4
LT		 3831 goto drop;
3832
d626f62b 3833 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 3834 skb->len);
1da177e4
LT		 3835 conn->rx_len = len - skb->len;
3836 } else {
3837 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
3838
3839 if (!conn->rx_len) {
3840 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
3841 l2cap_conn_unreliable(conn, ECOMM);
3842 goto drop;
3843 }
3844
3845 if (skb->len > conn->rx_len) {
3846 BT_ERR("Fragment is too long (len %d, expected %d)",
3847 skb->len, conn->rx_len);
3848 kfree_skb(conn->rx_skb);
3849 conn->rx_skb = NULL;
3850 conn->rx_len = 0;
3851 l2cap_conn_unreliable(conn, ECOMM);
3852 goto drop;
3853 }
3854
d626f62b 3855 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 3856 skb->len);
1da177e4
LT		 3857 conn->rx_len -= skb->len;
3858
3859 if (!conn->rx_len) {
3860 /* Complete frame received */
3861 l2cap_recv_frame(conn, conn->rx_skb);
3862 conn->rx_skb = NULL;
3863 }
3864 }
3865
3866drop:
3867 kfree_skb(skb);
3868 return 0;
3869}
3870
aef7d97c 3871static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4
LT		 3872{
3873 struct sock *sk;
3874 struct hlist_node *node;
1da177e4
LT		 3875
3876 read_lock_bh(&l2cap_sk_list.lock);
3877
be9d1227
MH		 3878 sk_for_each(sk, node, &l2cap_sk_list.head) {
3879 struct l2cap_pinfo *pi = l2cap_pi(sk);
101545f6 3880
aef7d97c
MH		 3881 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
3882 batostr(&bt_sk(sk)->src),
3883 batostr(&bt_sk(sk)->dst),
3884 sk->sk_state, __le16_to_cpu(pi->psm),
3885 pi->scid, pi->dcid,
3886 pi->imtu, pi->omtu, pi->sec_level);
be9d1227 3887 }
1da177e4 3888
1da177e4 3889 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 3890
aef7d97c 3891 return 0;
1da177e4
LT		 3892}
3893
aef7d97c
MH		 3894static int l2cap_debugfs_open(struct inode *inode, struct file *file)
3895{
3896 return single_open(file, l2cap_debugfs_show, inode->i_private);
3897}
3898
3899static const struct file_operations l2cap_debugfs_fops = {
3900 .open = l2cap_debugfs_open,
3901 .read = seq_read,
3902 .llseek = seq_lseek,
3903 .release = single_release,
3904};
3905
3906static struct dentry *l2cap_debugfs;
1da177e4 3907
1da177e4
LT		 3908static struct hci_proto l2cap_hci_proto = {
3909 .name = "L2CAP",
3910 .id = HCI_PROTO_L2CAP,
3911 .connect_ind = l2cap_connect_ind,
3912 .connect_cfm = l2cap_connect_cfm,
3913 .disconn_ind = l2cap_disconn_ind,
2950f21a 3914 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 3915 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 3916 .recv_acldata = l2cap_recv_acldata
3917};
3918
3919static int __init l2cap_init(void)
3920{
3921 int err;
be9d1227 3922
bb58f747 3923 err = l2cap_init_sockets();
1da177e4
LT		 3924 if (err < 0)
3925 return err;
3926
1890d36b 3927 _busy_wq = create_singlethread_workqueue("l2cap");
b78d7b4f 3928 if (!_busy_wq) {
bb58f747 3929 err = -ENOMEM;
1da177e4
LT		 3930 goto error;
3931 }
3932
3933 err = hci_register_proto(&l2cap_hci_proto);
3934 if (err < 0) {
3935 BT_ERR("L2CAP protocol registration failed");
3936 bt_sock_unregister(BTPROTO_L2CAP);
3937 goto error;
3938 }
3939
aef7d97c
MH		 3940 if (bt_debugfs) {
3941 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
3942 bt_debugfs, NULL, &l2cap_debugfs_fops);
3943 if (!l2cap_debugfs)
3944 BT_ERR("Failed to create L2CAP debug file");
3945 }
1da177e4
LT		 3946
3947 BT_INFO("L2CAP ver %s", VERSION);
3948 BT_INFO("L2CAP socket layer initialized");
3949
3950 return 0;
3951
3952error:
b78d7b4f 3953 destroy_workqueue(_busy_wq);
bb58f747 3954 l2cap_cleanup_sockets();
1da177e4
LT		 3955 return err;
3956}
3957
3958static void __exit l2cap_exit(void)
3959{
aef7d97c 3960 debugfs_remove(l2cap_debugfs);
1da177e4 3961
1890d36b
GP		 3962 flush_workqueue(_busy_wq);
3963 destroy_workqueue(_busy_wq);
3964
1da177e4
LT		 3965 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
3966 BT_ERR("L2CAP protocol unregistration failed");
3967
bb58f747 3968 l2cap_cleanup_sockets();
1da177e4
LT		 3969}
3970
3971void l2cap_load(void)
3972{
3973 /* Dummy function to trigger automatic L2CAP module loading by
3974 * other modules that use L2CAP sockets but don't use any other
3975 * symbols from it. */
1da177e4
LT		 3976}
3977EXPORT_SYMBOL(l2cap_load);
3978
3979module_init(l2cap_init);
3980module_exit(l2cap_exit);
3981
d1c4a17d
GP		 3982module_param(disable_ertm, bool, 0644);
3983MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
44dd46de 3984
63fbd24e 3985MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 3986MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
3987MODULE_VERSION(VERSION);
3988MODULE_LICENSE("GPL");
3989MODULE_ALIAS("bt-proto-0");
Linux kernel - Deliverables
This page took 0.833517 seconds and 5 git commands to generate.