projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use LMP_HOST_SSP define instead of magic values
[linux-2.6-block.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
52#include <asm/system.h>
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
eb939922 60bool disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
0139418c 76/* ---- L2CAP channels ---- */
71ba0e56 77
baa7e1fa 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 79{
3df91ea2 80 struct l2cap_chan *c;
3d57dc68 81
3df91ea2
AE		 82 list_for_each_entry(c, &conn->chan_l, list) {
83 if (c->dcid == cid)
84 return c;
0139418c 85 }
3df91ea2 86 return NULL;
0139418c
MH		 87}
88
baa7e1fa 89static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 90{
3df91ea2 91 struct l2cap_chan *c;
3d57dc68 92
3df91ea2
AE		 93 list_for_each_entry(c, &conn->chan_l, list) {
94 if (c->scid == cid)
95 return c;
0139418c 96 }
3df91ea2 97 return NULL;
0139418c
MH		 98}
99
100/* Find channel with given SCID.
101 * Returns locked socket */
baa7e1fa 102static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 103{
48454079 104 struct l2cap_chan *c;
baa7e1fa 105
3df91ea2 106 mutex_lock(&conn->chan_lock);
baa7e1fa 107 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 108 mutex_unlock(&conn->chan_lock);
109
48454079 110 return c;
0139418c
MH		 111}
112
baa7e1fa 113static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 114{
3df91ea2 115 struct l2cap_chan *c;
3d57dc68 116
3df91ea2
AE		 117 list_for_each_entry(c, &conn->chan_l, list) {
118 if (c->ident == ident)
119 return c;
0139418c 120 }
3df91ea2 121 return NULL;
0139418c
MH		 122}
123
baa7e1fa 124static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 125{
48454079 126 struct l2cap_chan *c;
baa7e1fa 127
3df91ea2 128 mutex_lock(&conn->chan_lock);
baa7e1fa 129 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 130 mutex_unlock(&conn->chan_lock);
131
48454079 132 return c;
0139418c
MH		 133}
134
23691d75 135static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 136{
23691d75 137 struct l2cap_chan *c;
9e4425ff 138
23691d75
GP		 139 list_for_each_entry(c, &chan_list, global_l) {
140 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 141 return c;
9e4425ff 142 }
250938cb 143 return NULL;
9e4425ff
GP		 144}
145
146int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
147{
73b2ec18
GP		 148 int err;
149
333055f2 150 write_lock(&chan_list_lock);
9e4425ff 151
23691d75 152 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 153 err = -EADDRINUSE;
154 goto done;
9e4425ff
GP		 155 }
156
73b2ec18
GP		 157 if (psm) {
158 chan->psm = psm;
159 chan->sport = psm;
160 err = 0;
161 } else {
162 u16 p;
163
164 err = -EINVAL;
165 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 166 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 167 chan->psm = cpu_to_le16(p);
168 chan->sport = cpu_to_le16(p);
169 err = 0;
170 break;
171 }
172 }
9e4425ff 173
73b2ec18 174done:
333055f2 175 write_unlock(&chan_list_lock);
73b2ec18 176 return err;
9e4425ff
GP		 177}
178
179int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
180{
333055f2 181 write_lock(&chan_list_lock);
9e4425ff
GP		 182
183 chan->scid = scid;
184
333055f2 185 write_unlock(&chan_list_lock);
9e4425ff
GP		 186
187 return 0;
188}
189
baa7e1fa 190static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 191{
8db4dc46 192 u16 cid = L2CAP_CID_DYN_START;
0139418c 193
8db4dc46 194 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 195 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 196 return cid;
197 }
198
199 return 0;
200}
201
0e587be7 202static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 203{
42d2d87c 204 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 205 state_to_string(state));
206
89bc500e
GP		 207 chan->state = state;
208 chan->ops->state_change(chan->data, state);
209}
210
0e587be7
AE		 211static void l2cap_state_change(struct l2cap_chan *chan, int state)
212{
213 struct sock *sk = chan->sk;
214
215 lock_sock(sk);
216 __l2cap_state_change(chan, state);
217 release_sock(sk);
218}
219
2e0052e4
AE		 220static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
221{
222 struct sock *sk = chan->sk;
223
224 sk->sk_err = err;
225}
226
227static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
228{
229 struct sock *sk = chan->sk;
230
231 lock_sock(sk);
232 __l2cap_chan_set_err(chan, err);
233 release_sock(sk);
234}
235
721c4181 236static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 237{
721c4181
GP		 238 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
239 chan_timer.work);
3df91ea2 240 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 241 int reason;
242
e05dcc32 243 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 244
3df91ea2 245 mutex_lock(&conn->chan_lock);
6be36555 246 l2cap_chan_lock(chan);
ab07801d 247
89bc500e 248 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 249 reason = ECONNREFUSED;
89bc500e 250 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 251 chan->sec_level != BT_SECURITY_SDP)
252 reason = ECONNREFUSED;
253 else
254 reason = ETIMEDOUT;
255
0f852724 256 l2cap_chan_close(chan, reason);
ab07801d 257
6be36555 258 l2cap_chan_unlock(chan);
ab07801d 259
ba3bd0ee 260 chan->ops->close(chan->data);
3df91ea2
AE		 261 mutex_unlock(&conn->chan_lock);
262
371fd835 263 l2cap_chan_put(chan);
ab07801d
GP		 264}
265
23691d75 266struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 267{
268 struct l2cap_chan *chan;
269
270 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
271 if (!chan)
272 return NULL;
273
c03b355e
AE		 274 mutex_init(&chan->lock);
275
48454079
GP		 276 chan->sk = sk;
277
333055f2 278 write_lock(&chan_list_lock);
23691d75 279 list_add(&chan->global_l, &chan_list);
333055f2 280 write_unlock(&chan_list_lock);
23691d75 281
721c4181 282 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 283
89bc500e
GP		 284 chan->state = BT_OPEN;
285
71ba0e56
GP		 286 atomic_set(&chan->refcnt, 1);
287
abc545b8
SJ		 288 BT_DBG("sk %p chan %p", sk, chan);
289
48454079
GP		 290 return chan;
291}
292
23691d75 293void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 294{
333055f2 295 write_lock(&chan_list_lock);
23691d75 296 list_del(&chan->global_l);
333055f2 297 write_unlock(&chan_list_lock);
23691d75 298
371fd835 299 l2cap_chan_put(chan);
6ff5abbf
GP		 300}
301
643162a8 302void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 303{
af05b30b 304 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 305 chan->psm, chan->dcid);
0139418c 306
9f5a0d7b 307 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 308
8c1d787b 309 chan->conn = conn;
0139418c 310
5491120e
AE		 311 switch (chan->chan_type) {
312 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 313 if (conn->hcon->type == LE_LINK) {
314 /* LE connection */
0c1bc5c6 315 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 316 chan->scid = L2CAP_CID_LE_DATA;
317 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 318 } else {
319 /* Alloc CID for connection-oriented socket */
fe4128e0 320 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 321 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 322 }
5491120e
AE		 323 break;
324
325 case L2CAP_CHAN_CONN_LESS:
0139418c 326 /* Connectionless socket */
fe4128e0
GP		 327 chan->scid = L2CAP_CID_CONN_LESS;
328 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 329 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 330 break;
331
332 default:
0139418c 333 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 334 chan->scid = L2CAP_CID_SIGNALING;
335 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 336 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 337 }
338
8f7975b1
AE		 339 chan->local_id = L2CAP_BESTEFFORT_ID;
340 chan->local_stype = L2CAP_SERV_BESTEFFORT;
341 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
342 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
343 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
344 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
345
371fd835 346 l2cap_chan_hold(chan);
baa7e1fa 347
3df91ea2 348 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 349}
350
351void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
352{
353 mutex_lock(&conn->chan_lock);
354 __l2cap_chan_add(conn, chan);
3df91ea2 355 mutex_unlock(&conn->chan_lock);
0139418c
MH		 356}
357
4519de9a 358static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 359{
48454079 360 struct sock *sk = chan->sk;
8c1d787b 361 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 362 struct sock *parent = bt_sk(sk)->parent;
363
c9b66675 364 __clear_chan_timer(chan);
0139418c 365
49208c9c 366 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 367
8e87d142 368 if (conn) {
baa7e1fa 369 /* Delete from channel list */
3df91ea2 370 list_del(&chan->list);
3d57dc68 371
371fd835 372 l2cap_chan_put(chan);
baa7e1fa 373
8c1d787b 374 chan->conn = NULL;
0139418c
MH		 375 hci_conn_put(conn->hcon);
376 }
377
6be36555
AE		 378 lock_sock(sk);
379
0e587be7 380 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 381 sock_set_flag(sk, SOCK_ZAPPED);
382
383 if (err)
2e0052e4 384 __l2cap_chan_set_err(chan, err);
0139418c
MH		 385
386 if (parent) {
387 bt_accept_unlink(sk);
388 parent->sk_data_ready(parent, 0);
389 } else
390 sk->sk_state_change(sk);
c13ffa62 391
6be36555
AE		 392 release_sock(sk);
393
c1360a1c
GP		 394 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
395 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 396 return;
2ead70b8 397
58d35f87 398 skb_queue_purge(&chan->tx_q);
c13ffa62 399
0c1bc5c6 400 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 401 struct srej_list *l, *tmp;
402
1a09bcb9
GP		 403 __clear_retrans_timer(chan);
404 __clear_monitor_timer(chan);
405 __clear_ack_timer(chan);
c13ffa62 406
f1c6775b 407 skb_queue_purge(&chan->srej_q);
c13ffa62 408
39d5a3ee 409 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 410 list_del(&l->list);
411 kfree(l);
412 }
413 }
0139418c
MH		 414}
415
4519de9a
GP		 416static void l2cap_chan_cleanup_listen(struct sock *parent)
417{
418 struct sock *sk;
419
420 BT_DBG("parent %p", parent);
421
422 /* Close not yet accepted channels */
0f852724 423 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 424 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 425
6be36555 426 l2cap_chan_lock(chan);
c9b66675 427 __clear_chan_timer(chan);
ba3bd0ee 428 l2cap_chan_close(chan, ECONNRESET);
6be36555 429 l2cap_chan_unlock(chan);
3df91ea2 430
ba3bd0ee 431 chan->ops->close(chan->data);
0f852724 432 }
4519de9a
GP		 433}
434
0f852724 435void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 436{
437 struct l2cap_conn *conn = chan->conn;
438 struct sock *sk = chan->sk;
439
e05dcc32
AE		 440 BT_DBG("chan %p state %s sk %p", chan,
441 state_to_string(chan->state), sk);
4519de9a 442
89bc500e 443 switch (chan->state) {
4519de9a 444 case BT_LISTEN:
6be36555 445 lock_sock(sk);
4519de9a 446 l2cap_chan_cleanup_listen(sk);
89bc500e 447
0e587be7 448 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 449 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 450 release_sock(sk);
4519de9a
GP		 451 break;
452
453 case BT_CONNECTED:
454 case BT_CONFIG:
715ec005 455 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 456 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 457 __clear_chan_timer(chan);
458 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 459 l2cap_send_disconn_req(conn, chan, reason);
460 } else
461 l2cap_chan_del(chan, reason);
462 break;
463
464 case BT_CONNECT2:
715ec005 465 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 466 conn->hcon->type == ACL_LINK) {
467 struct l2cap_conn_rsp rsp;
468 __u16 result;
469
470 if (bt_sk(sk)->defer_setup)
471 result = L2CAP_CR_SEC_BLOCK;
472 else
473 result = L2CAP_CR_BAD_PSM;
89bc500e 474 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 475
476 rsp.scid = cpu_to_le16(chan->dcid);
477 rsp.dcid = cpu_to_le16(chan->scid);
478 rsp.result = cpu_to_le16(result);
479 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
480 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
481 sizeof(rsp), &rsp);
482 }
483
484 l2cap_chan_del(chan, reason);
485 break;
486
487 case BT_CONNECT:
488 case BT_DISCONN:
489 l2cap_chan_del(chan, reason);
490 break;
491
492 default:
6be36555 493 lock_sock(sk);
4519de9a 494 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 495 release_sock(sk);
4519de9a
GP		 496 break;
497 }
498}
499
4343478f 500static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 501{
715ec005 502 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 503 switch (chan->sec_level) {
8556edd3
JH		 504 case BT_SECURITY_HIGH:
505 return HCI_AT_DEDICATED_BONDING_MITM;
506 case BT_SECURITY_MEDIUM:
507 return HCI_AT_DEDICATED_BONDING;
508 default:
509 return HCI_AT_NO_BONDING;
510 }
fe4128e0 511 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 512 if (chan->sec_level == BT_SECURITY_LOW)
513 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 514
4343478f 515 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 516 return HCI_AT_NO_BONDING_MITM;
00ae4af9 517 else
8556edd3 518 return HCI_AT_NO_BONDING;
00ae4af9 519 } else {
4343478f 520 switch (chan->sec_level) {
00ae4af9 521 case BT_SECURITY_HIGH:
8556edd3 522 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 523 case BT_SECURITY_MEDIUM:
8556edd3 524 return HCI_AT_GENERAL_BONDING;
00ae4af9 525 default:
8556edd3 526 return HCI_AT_NO_BONDING;
00ae4af9 527 }
0684e5f9 528 }
8556edd3
JH		 529}
530
531/* Service level security */
d45fc423 532int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 533{
8c1d787b 534 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 535 __u8 auth_type;
536
4343478f 537 auth_type = l2cap_get_auth_type(chan);
79d554a6 538
4343478f 539 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 540}
541
b5ad8b7f 542static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 543{
544 u8 id;
545
546 /* Get next available identificator.
547 * 1 - 128 are used by kernel.
548 * 129 - 199 are reserved.
549 * 200 - 254 are used by utilities like l2ping, etc.
550 */
551
333055f2 552 spin_lock(&conn->lock);
4e8402a3
MH		 553
554 if (++conn->tx_ident > 128)
555 conn->tx_ident = 1;
556
557 id = conn->tx_ident;
558
333055f2 559 spin_unlock(&conn->lock);
4e8402a3
MH		 560
561 return id;
562}
563
4519de9a 564static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 565{
566 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 567 u8 flags;
4e8402a3
MH		 568
569 BT_DBG("code 0x%2.2x", code);
570
571 if (!skb)
9a9c6a34 572 return;
4e8402a3 573
e702112f
AE		 574 if (lmp_no_flush_capable(conn->hcon->hdev))
575 flags = ACL_START_NO_FLUSH;
576 else
577 flags = ACL_START;
578
14b12d0b 579 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 580 skb->priority = HCI_PRIO_MAX;
14b12d0b 581
73d80deb
LAD		 582 hci_send_acl(conn->hchan, skb, flags);
583}
584
585static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
586{
587 struct hci_conn *hcon = chan->conn->hcon;
588 u16 flags;
589
590 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
591 skb->priority);
592
593 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
594 lmp_no_flush_capable(hcon->hdev))
595 flags = ACL_START_NO_FLUSH;
596 else
597 flags = ACL_START;
14b12d0b 598
73d80deb
LAD		 599 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
600 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 601}
602
88843ab0 603static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 604{
605 struct sk_buff *skb;
606 struct l2cap_hdr *lh;
8c1d787b 607 struct l2cap_conn *conn = chan->conn;
e4ca6d98 608 int count, hlen;
fcc203c3 609
89bc500e 610 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 611 return;
612
e4ca6d98
AE		 613 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
614 hlen = L2CAP_EXT_HDR_SIZE;
615 else
616 hlen = L2CAP_ENH_HDR_SIZE;
617
47d1ec61 618 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 619 hlen += L2CAP_FCS_SIZE;
1c2acffb 620
88843ab0 621 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 622
fcc203c3 623 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 624
625 control |= __set_sframe(chan);
1c2acffb 626
e2ab4353 627 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 628 control |= __set_ctrl_final(chan);
9e917af1 629
e2ab4353 630 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 631 control |= __set_ctrl_poll(chan);
f0946ccf 632
1c2acffb
GP		 633 skb = bt_skb_alloc(count, GFP_ATOMIC);
634 if (!skb)
9a9c6a34 635 return;
1c2acffb
GP		 636
637 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 638 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 639 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 640
641 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 642
47d1ec61 643 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 644 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
645 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 646 }
647
73d80deb
LAD		 648 skb->priority = HCI_PRIO_MAX;
649 l2cap_do_send(chan, skb);
1c2acffb
GP		 650}
651
88843ab0 652static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 653{
e2ab4353 654 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 655 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 656 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 657 } else
ab784b73 658 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 659
0b209fae 660 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 661
525cd185 662 l2cap_send_sframe(chan, control);
7e743090
GP		 663}
664
b4450035 665static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 666{
c1360a1c 667 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 668}
669
9b27f350
AE		 670static void l2cap_send_conn_req(struct l2cap_chan *chan)
671{
672 struct l2cap_conn *conn = chan->conn;
673 struct l2cap_conn_req req;
674
675 req.scid = cpu_to_le16(chan->scid);
676 req.psm = chan->psm;
677
678 chan->ident = l2cap_get_ident(conn);
679
680 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
681
682 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
683}
684
fc7f8a7e 685static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 686{
8c1d787b 687 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 688
689 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 690 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
691 return;
692
d45fc423 693 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 694 __l2cap_no_conn_pending(chan))
695 l2cap_send_conn_req(chan);
79d554a6
MH		 696 } else {
697 struct l2cap_info_req req;
698 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
699
700 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
701 conn->info_ident = l2cap_get_ident(conn);
702
030013d8 703 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 704 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
705
706 l2cap_send_cmd(conn, conn->info_ident,
707 L2CAP_INFO_REQ, sizeof(req), &req);
708 }
709}
710
cf6c2c0b
GP		 711static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
712{
713 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 714 if (!disable_ertm)
cf6c2c0b
GP		 715 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
716
717 switch (mode) {
718 case L2CAP_MODE_ERTM:
719 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
720 case L2CAP_MODE_STREAMING:
721 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
722 default:
723 return 0x00;
724 }
725}
726
4519de9a 727static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 728{
6be36555 729 struct sock *sk = chan->sk;
22121fc9
GP		 730 struct l2cap_disconn_req req;
731
c13ffa62
GP		 732 if (!conn)
733 return;
734
0c1bc5c6 735 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 736 __clear_retrans_timer(chan);
737 __clear_monitor_timer(chan);
738 __clear_ack_timer(chan);
c13ffa62
GP		 739 }
740
fe4128e0
GP		 741 req.dcid = cpu_to_le16(chan->dcid);
742 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 743 l2cap_send_cmd(conn, l2cap_get_ident(conn),
744 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 745
6be36555 746 lock_sock(sk);
0e587be7 747 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 748 __l2cap_chan_set_err(chan, err);
6be36555 749 release_sock(sk);
22121fc9
GP		 750}
751
1da177e4 752/* ---- L2CAP connections ---- */
4e8402a3
MH		 753static void l2cap_conn_start(struct l2cap_conn *conn)
754{
3df91ea2 755 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 756
757 BT_DBG("conn %p", conn);
758
3df91ea2 759 mutex_lock(&conn->chan_lock);
4e8402a3 760
3df91ea2 761 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 762 struct sock *sk = chan->sk;
baa7e1fa 763
6be36555 764 l2cap_chan_lock(chan);
4e8402a3 765
715ec005 766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 767 l2cap_chan_unlock(chan);
79d554a6
MH		 768 continue;
769 }
770
89bc500e 771 if (chan->state == BT_CONNECT) {
d45fc423 772 if (!l2cap_chan_check_security(chan) ||
b4450035 773 !__l2cap_no_conn_pending(chan)) {
6be36555 774 l2cap_chan_unlock(chan);
47731de7
GP		 775 continue;
776 }
79d554a6 777
c1360a1c
GP		 778 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
779 && test_bit(CONF_STATE2_DEVICE,
780 &chan->conf_state)) {
89bc500e 781 l2cap_chan_close(chan, ECONNRESET);
6be36555 782 l2cap_chan_unlock(chan);
47731de7 783 continue;
b1235d79 784 }
47731de7 785
9b27f350 786 l2cap_send_conn_req(chan);
47731de7 787
89bc500e 788 } else if (chan->state == BT_CONNECT2) {
79d554a6 789 struct l2cap_conn_rsp rsp;
e9aeb2dd 790 char buf[128];
fe4128e0
GP		 791 rsp.scid = cpu_to_le16(chan->dcid);
792 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 793
d45fc423 794 if (l2cap_chan_check_security(chan)) {
6be36555 795 lock_sock(sk);
f66dc81f
MH		 796 if (bt_sk(sk)->defer_setup) {
797 struct sock *parent = bt_sk(sk)->parent;
798 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
799 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 800 if (parent)
801 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 802
803 } else {
0e587be7 804 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 805 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
806 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
807 }
6be36555 808 release_sock(sk);
79d554a6
MH		 809 } else {
810 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
811 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
812 }
813
fc7f8a7e
GP		 814 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
815 sizeof(rsp), &rsp);
e9aeb2dd 816
c1360a1c 817 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 818 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 819 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 820 continue;
821 }
822
c1360a1c 823 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 824 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 825 l2cap_build_conf_req(chan, buf), buf);
826 chan->num_conf_req++;
4e8402a3
MH		 827 }
828
6be36555 829 l2cap_chan_unlock(chan);
4e8402a3
MH		 830 }
831
3df91ea2 832 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 833}
834
b62f328b
VT		 835/* Find socket with cid and source bdaddr.
836 * Returns closest match, locked.
837 */
23691d75 838static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 839{
23691d75 840 struct l2cap_chan *c, *c1 = NULL;
b62f328b 841
23691d75 842 read_lock(&chan_list_lock);
b62f328b 843
23691d75
GP		 844 list_for_each_entry(c, &chan_list, global_l) {
845 struct sock *sk = c->sk;
fe4128e0 846
89bc500e 847 if (state && c->state != state)
b62f328b
VT		 848 continue;
849
23691d75 850 if (c->scid == cid) {
b62f328b 851 /* Exact match. */
23691d75
GP		 852 if (!bacmp(&bt_sk(sk)->src, src)) {
853 read_unlock(&chan_list_lock);
854 return c;
855 }
b62f328b
VT		 856
857 /* Closest match */
858 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 859 c1 = c;
b62f328b
VT		 860 }
861 }
280f294f 862
23691d75 863 read_unlock(&chan_list_lock);
b62f328b 864
23691d75 865 return c1;
b62f328b
VT		 866}
867
868static void l2cap_le_conn_ready(struct l2cap_conn *conn)
869{
c916fbe4 870 struct sock *parent, *sk;
23691d75 871 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 872
873 BT_DBG("");
874
875 /* Check if we have socket listening on cid */
23691d75 876 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 877 conn->src);
23691d75 878 if (!pchan)
b62f328b
VT		 879 return;
880
23691d75
GP		 881 parent = pchan->sk;
882
aa2ac881 883 lock_sock(parent);
62f3a2cf 884
b62f328b
VT		 885 /* Check for backlog size */
886 if (sk_acceptq_is_full(parent)) {
887 BT_DBG("backlog full %d", parent->sk_ack_backlog);
888 goto clean;
889 }
890
80808e43
GP		 891 chan = pchan->ops->new_connection(pchan->data);
892 if (!chan)
b62f328b
VT		 893 goto clean;
894
80808e43 895 sk = chan->sk;
5d41ce1d 896
b62f328b
VT		 897 hci_conn_hold(conn->hcon);
898
b62f328b
VT		 899 bacpy(&bt_sk(sk)->src, conn->src);
900 bacpy(&bt_sk(sk)->dst, conn->dst);
901
d1010240
GP		 902 bt_accept_enqueue(parent, sk);
903
3d57dc68 904 l2cap_chan_add(conn, chan);
48454079 905
c9b66675 906 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 907
0e587be7 908 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 909 parent->sk_data_ready(parent, 0);
910
b62f328b 911clean:
aa2ac881 912 release_sock(parent);
b62f328b
VT		 913}
914
cf4cd009 915static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 916{
cf4cd009 917 struct sock *sk = chan->sk;
6be36555
AE		 918 struct sock *parent;
919
920 lock_sock(sk);
921
922 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 923
924 BT_DBG("sk %p, parent %p", sk, parent);
925
926 chan->conf_state = 0;
927 __clear_chan_timer(chan);
928
0e587be7 929 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 930 sk->sk_state_change(sk);
931
932 if (parent)
933 parent->sk_data_ready(parent, 0);
6be36555
AE		 934
935 release_sock(sk);
f1cb9af5
VCG		 936}
937
4e8402a3
MH		 938static void l2cap_conn_ready(struct l2cap_conn *conn)
939{
48454079 940 struct l2cap_chan *chan;
4e8402a3 941
79d554a6 942 BT_DBG("conn %p", conn);
4e8402a3 943
b62f328b
VT		 944 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
945 l2cap_le_conn_ready(conn);
946
160dc6ac
VCG		 947 if (conn->hcon->out && conn->hcon->type == LE_LINK)
948 smp_conn_security(conn, conn->hcon->pending_sec_level);
949
3df91ea2 950 mutex_lock(&conn->chan_lock);
4e8402a3 951
3df91ea2 952 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 953
6be36555 954 l2cap_chan_lock(chan);
4e8402a3 955
63128451 956 if (conn->hcon->type == LE_LINK) {
b501d6a1 957 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 958 l2cap_chan_ready(chan);
acd7d370 959
63128451 960 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 961 struct sock *sk = chan->sk;
c9b66675 962 __clear_chan_timer(chan);
6be36555 963 lock_sock(sk);
0e587be7 964 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 965 sk->sk_state_change(sk);
6be36555 966 release_sock(sk);
b501d6a1 967
89bc500e 968 } else if (chan->state == BT_CONNECT)
fc7f8a7e 969 l2cap_do_start(chan);
4e8402a3 970
6be36555 971 l2cap_chan_unlock(chan);
4e8402a3 972 }
79d554a6 973
3df91ea2 974 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 975}
976
977/* Notify sockets that we cannot guaranty reliability anymore */
978static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
979{
48454079 980 struct l2cap_chan *chan;
4e8402a3
MH		 981
982 BT_DBG("conn %p", conn);
983
3df91ea2 984 mutex_lock(&conn->chan_lock);
4e8402a3 985
3df91ea2 986 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 987 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 988 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 989 }
990
3df91ea2 991 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 992}
993
f878fcad 994static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 995{
f878fcad 996 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 997 info_timer.work);
4e8402a3 998
984947dc 999 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1000 conn->info_ident = 0;
984947dc 1001
4e8402a3
MH		 1002 l2cap_conn_start(conn);
1003}
1004
5d3de7df
VCG		 1005static void l2cap_conn_del(struct hci_conn *hcon, int err)
1006{
1007 struct l2cap_conn *conn = hcon->l2cap_data;
1008 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1009
1010 if (!conn)
1011 return;
1012
1013 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1014
1015 kfree_skb(conn->rx_skb);
1016
3df91ea2
AE		 1017 mutex_lock(&conn->chan_lock);
1018
5d3de7df
VCG		 1019 /* Kill channels */
1020 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1021 l2cap_chan_lock(chan);
1022
5d3de7df 1023 l2cap_chan_del(chan, err);
6be36555
AE		 1024
1025 l2cap_chan_unlock(chan);
1026
5d3de7df
VCG		 1027 chan->ops->close(chan->data);
1028 }
1029
3df91ea2
AE		 1030 mutex_unlock(&conn->chan_lock);
1031
73d80deb
LAD		 1032 hci_chan_del(conn->hchan);
1033
5d3de7df 1034 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1035 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1036
51a8efd7 1037 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1038 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1039 smp_chan_destroy(conn);
d26a2345 1040 }
5d3de7df
VCG		 1041
1042 hcon->l2cap_data = NULL;
1043 kfree(conn);
1044}
1045
6c9d42a1 1046static void security_timeout(struct work_struct *work)
5d3de7df 1047{
6c9d42a1
GP		 1048 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1049 security_timer.work);
5d3de7df
VCG		 1050
1051 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1052}
1053
1da177e4
LT		 1054static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1055{
0139418c 1056 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1057 struct hci_chan *hchan;
1da177e4 1058
0139418c 1059 if (conn || status)
1da177e4
LT		 1060 return conn;
1061
73d80deb
LAD		 1062 hchan = hci_chan_create(hcon);
1063 if (!hchan)
1064 return NULL;
1065
0139418c 1066 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1067 if (!conn) {
1068 hci_chan_del(hchan);
1da177e4 1069 return NULL;
73d80deb 1070 }
1da177e4
LT		 1071
1072 hcon->l2cap_data = conn;
1073 conn->hcon = hcon;
73d80deb 1074 conn->hchan = hchan;
1da177e4 1075
73d80deb 1076 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1077
acd7d370
VT		 1078 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1079 conn->mtu = hcon->hdev->le_mtu;
1080 else
1081 conn->mtu = hcon->hdev->acl_mtu;
1082
1da177e4
LT		 1083 conn->src = &hcon->hdev->bdaddr;
1084 conn->dst = &hcon->dst;
1085
4e8402a3
MH		 1086 conn->feat_mask = 0;
1087
1da177e4 1088 spin_lock_init(&conn->lock);
3df91ea2 1089 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1090
1091 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1092
5d3de7df 1093 if (hcon->type == LE_LINK)
6c9d42a1 1094 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1095 else
030013d8 1096 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1097
9f5a0d7b 1098 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1099
1da177e4
LT		 1100 return conn;
1101}
1102
1da177e4 1103/* ---- Socket interface ---- */
1da177e4
LT		 1104
1105/* Find socket with psm and source bdaddr.
1106 * Returns closest match.
1107 */
23691d75 1108static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1109{
23691d75 1110 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1111
23691d75 1112 read_lock(&chan_list_lock);
e0f0cb56 1113
23691d75
GP		 1114 list_for_each_entry(c, &chan_list, global_l) {
1115 struct sock *sk = c->sk;
fe4128e0 1116
89bc500e 1117 if (state && c->state != state)
1da177e4
LT		 1118 continue;
1119
23691d75 1120 if (c->psm == psm) {
1da177e4 1121 /* Exact match. */
23691d75 1122 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1123 read_unlock(&chan_list_lock);
23691d75
GP		 1124 return c;
1125 }
1da177e4
LT		 1126
1127 /* Closest match */
1128 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1129 c1 = c;
1da177e4
LT		 1130 }
1131 }
1da177e4 1132
23691d75 1133 read_unlock(&chan_list_lock);
e0f0cb56 1134
23691d75 1135 return c1;
1da177e4
LT		 1136}
1137
cbe8fed4 1138int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1139{
5d41ce1d 1140 struct sock *sk = chan->sk;
1da177e4 1141 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1142 struct l2cap_conn *conn;
1143 struct hci_conn *hcon;
1144 struct hci_dev *hdev;
09ab6f4c 1145 __u8 auth_type;
44d0e48e 1146 int err;
1da177e4 1147
f29972de 1148 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1149 chan->psm);
1da177e4 1150
af05b30b
GP		 1151 hdev = hci_get_route(dst, src);
1152 if (!hdev)
1da177e4
LT		 1153 return -EHOSTUNREACH;
1154
09fd0de5 1155 hci_dev_lock(hdev);
1da177e4 1156
6be36555 1157 l2cap_chan_lock(chan);
03a00194
GP		 1158
1159 /* PSM must be odd and lsb of upper byte must be 0 */
1160 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1161 chan->chan_type != L2CAP_CHAN_RAW) {
1162 err = -EINVAL;
1163 goto done;
1164 }
1165
1166 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1167 err = -EINVAL;
1168 goto done;
1169 }
1170
1171 switch (chan->mode) {
1172 case L2CAP_MODE_BASIC:
1173 break;
1174 case L2CAP_MODE_ERTM:
1175 case L2CAP_MODE_STREAMING:
1176 if (!disable_ertm)
1177 break;
1178 /* fall through */
1179 default:
1180 err = -ENOTSUPP;
1181 goto done;
1182 }
1183
6be36555
AE		 1184 lock_sock(sk);
1185
03a00194
GP		 1186 switch (sk->sk_state) {
1187 case BT_CONNECT:
1188 case BT_CONNECT2:
1189 case BT_CONFIG:
1190 /* Already connecting */
1191 err = 0;
6be36555 1192 release_sock(sk);
03a00194
GP		 1193 goto done;
1194
1195 case BT_CONNECTED:
1196 /* Already connected */
1197 err = -EISCONN;
6be36555 1198 release_sock(sk);
03a00194
GP		 1199 goto done;
1200
1201 case BT_OPEN:
1202 case BT_BOUND:
1203 /* Can connect */
1204 break;
1205
1206 default:
1207 err = -EBADFD;
6be36555 1208 release_sock(sk);
03a00194
GP		 1209 goto done;
1210 }
1211
1212 /* Set destination address and psm */
9219b2a0 1213 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1214
1215 release_sock(sk);
1216
03a00194
GP		 1217 chan->psm = psm;
1218 chan->dcid = cid;
1da177e4 1219
4343478f 1220 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1221
fe4128e0 1222 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1223 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1224 chan->sec_level, auth_type);
acd7d370
VT		 1225 else
1226 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1227 chan->sec_level, auth_type);
acd7d370 1228
30e76272
VT		 1229 if (IS_ERR(hcon)) {
1230 err = PTR_ERR(hcon);
1da177e4 1231 goto done;
30e76272 1232 }
1da177e4
LT		 1233
1234 conn = l2cap_conn_add(hcon, 0);
1235 if (!conn) {
1236 hci_conn_put(hcon);
30e76272 1237 err = -ENOMEM;
1da177e4
LT		 1238 goto done;
1239 }
1240
1da177e4
LT		 1241 /* Update source addr of the socket */
1242 bacpy(src, conn->src);
1243
6be36555 1244 l2cap_chan_unlock(chan);
48454079 1245 l2cap_chan_add(conn, chan);
6be36555 1246 l2cap_chan_lock(chan);
48454079 1247
6be36555 1248 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1249 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1250
1251 if (hcon->state == BT_CONNECTED) {
715ec005 1252 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1253 __clear_chan_timer(chan);
d45fc423 1254 if (l2cap_chan_check_security(chan))
6be36555 1255 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1256 } else
fc7f8a7e 1257 l2cap_do_start(chan);
1da177e4
LT		 1258 }
1259
30e76272
VT		 1260 err = 0;
1261
1da177e4 1262done:
6be36555 1263 l2cap_chan_unlock(chan);
09fd0de5 1264 hci_dev_unlock(hdev);
1da177e4
LT		 1265 hci_dev_put(hdev);
1266 return err;
1267}
1268
dcba0dba 1269int __l2cap_wait_ack(struct sock *sk)
6161c038 1270{
8c1d787b 1271 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1272 DECLARE_WAITQUEUE(wait, current);
1273 int err = 0;
1274 int timeo = HZ/5;
1275
2b0b05dd 1276 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1277 set_current_state(TASK_INTERRUPTIBLE);
1278 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1279 if (!timeo)
1280 timeo = HZ/5;
1281
1282 if (signal_pending(current)) {
1283 err = sock_intr_errno(timeo);
1284 break;
1285 }
1286
1287 release_sock(sk);
1288 timeo = schedule_timeout(timeo);
1289 lock_sock(sk);
a71a0cf4 1290 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1291
1292 err = sock_error(sk);
1293 if (err)
1294 break;
1295 }
1296 set_current_state(TASK_RUNNING);
2b0b05dd 1297 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1298 return err;
1299}
1300
721c4181 1301static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1302{
721c4181
GP		 1303 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1304 monitor_timer.work);
e90bac06 1305
525cd185 1306 BT_DBG("chan %p", chan);
0e98958d 1307
6be36555
AE		 1308 l2cap_chan_lock(chan);
1309
2c03a7a4 1310 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1311 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1312 l2cap_chan_unlock(chan);
e90bac06
GP		 1313 return;
1314 }
1315
6a026610 1316 chan->retry_count++;
1a09bcb9 1317 __set_monitor_timer(chan);
e90bac06 1318
525cd185 1319 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1320 l2cap_chan_unlock(chan);
e90bac06
GP		 1321}
1322
721c4181 1323static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1324{
721c4181
GP		 1325 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1326 retrans_timer.work);
e90bac06 1327
49208c9c 1328 BT_DBG("chan %p", chan);
0e98958d 1329
6be36555
AE		 1330 l2cap_chan_lock(chan);
1331
6a026610 1332 chan->retry_count = 1;
1a09bcb9 1333 __set_monitor_timer(chan);
e90bac06 1334
e2ab4353 1335 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1336
525cd185 1337 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1338
1339 l2cap_chan_unlock(chan);
e90bac06
GP		 1340}
1341
42e5c802 1342static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1343{
1c2acffb 1344 struct sk_buff *skb;
1da177e4 1345
58d35f87 1346 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1347 chan->unacked_frames) {
42e5c802 1348 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1349 break;
1da177e4 1350
58d35f87 1351 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1352 kfree_skb(skb);
1da177e4 1353
6a026610 1354 chan->unacked_frames--;
1c2acffb 1355 }
1da177e4 1356
6a026610 1357 if (!chan->unacked_frames)
1a09bcb9 1358 __clear_retrans_timer(chan);
1c2acffb 1359}
1da177e4 1360
67c9e840 1361static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1362{
ccbb84af 1363 struct sk_buff *skb;
88843ab0
AE		 1364 u32 control;
1365 u16 fcs;
6840ed07 1366
58d35f87 1367 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1368 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1369 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1370 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1371
47d1ec61 1372 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1373 fcs = crc16(0, (u8 *)skb->data,
1374 skb->len - L2CAP_FCS_SIZE);
1375 put_unaligned_le16(fcs,
1376 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1377 }
1378
4343478f 1379 l2cap_do_send(chan, skb);
6840ed07 1380
836be934 1381 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1382 }
6840ed07
GP		 1383}
1384
fb45de7d 1385static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1386{
8f17154f 1387 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1388 u16 fcs;
1389 u32 control;
8f17154f 1390
58d35f87 1391 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1392 if (!skb)
1393 return;
8f17154f 1394
d1726b6d 1395 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1396 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1397 return;
8f17154f 1398
d1726b6d
SJ		 1399 skb = skb_queue_next(&chan->tx_q, skb);
1400 }
8f17154f 1401
2c03a7a4
GP		 1402 if (chan->remote_max_tx &&
1403 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1404 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1405 return;
1406 }
1407
1408 tx_skb = skb_clone(skb, GFP_ATOMIC);
1409 bt_cb(skb)->retries++;
88843ab0
AE		 1410
1411 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1412 control &= __get_sar_mask(chan);
3cb123d1 1413
e2ab4353 1414 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1415 control |= __set_ctrl_final(chan);
95ffa978 1416
0b209fae 1417 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1418 control |= __set_txseq(chan, tx_seq);
3cb123d1 1419
88843ab0 1420 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1421
47d1ec61 1422 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1423 fcs = crc16(0, (u8 *)tx_skb->data,
1424 tx_skb->len - L2CAP_FCS_SIZE);
1425 put_unaligned_le16(fcs,
1426 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1427 }
1428
4343478f 1429 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1430}
1431
67c9e840 1432static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1433{
1434 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1435 u16 fcs;
1436 u32 control;
9a9c6a34 1437 int nsent = 0;
1c2acffb 1438
89bc500e 1439 if (chan->state != BT_CONNECTED)
c13ffa62 1440 return -ENOTCONN;
e90bac06 1441
58d35f87 1442 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1443
2c03a7a4
GP		 1444 if (chan->remote_max_tx &&
1445 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1446 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1447 break;
1448 }
1449
e420aba3
AE		 1450 tx_skb = skb_clone(skb, GFP_ATOMIC);
1451
e90bac06
GP		 1452 bt_cb(skb)->retries++;
1453
88843ab0 1454 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1455 control &= __get_sar_mask(chan);
95ffa978 1456
e2ab4353 1457 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1458 control |= __set_ctrl_final(chan);
e2ab4353 1459
0b209fae 1460 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1461 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1462
88843ab0 1463 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1464
47d1ec61 1465 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1466 fcs = crc16(0, (u8 *)skb->data,
1467 tx_skb->len - L2CAP_FCS_SIZE);
1468 put_unaligned_le16(fcs, skb->data +
1469 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1470 }
1471
4343478f 1472 l2cap_do_send(chan, tx_skb);
9a9c6a34 1473
1a09bcb9 1474 __set_retrans_timer(chan);
1c2acffb 1475
42e5c802 1476 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1477
1478 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1479
8ed7a0ae 1480 if (bt_cb(skb)->retries == 1) {
6a026610 1481 chan->unacked_frames++;
930fa4ae
SJ		 1482
1483 if (!nsent++)
1484 __clear_ack_timer(chan);
8ed7a0ae 1485 }
23e9fde2 1486
6a026610 1487 chan->frames_sent++;
1c2acffb 1488
58d35f87
GP		 1489 if (skb_queue_is_last(&chan->tx_q, skb))
1490 chan->tx_send_head = NULL;
1c2acffb 1491 else
58d35f87 1492 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1493 }
1494
9e917af1
GP		 1495 return nsent;
1496}
1497
525cd185 1498static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1499{
dfc909be
GP		 1500 int ret;
1501
58d35f87
GP		 1502 if (!skb_queue_empty(&chan->tx_q))
1503 chan->tx_send_head = chan->tx_q.next;
dfc909be 1504
42e5c802 1505 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1506 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1507 return ret;
1508}
1509
b17e73bb 1510static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1511{
88843ab0 1512 u32 control = 0;
9e917af1 1513
0b209fae 1514 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1515
e2ab4353 1516 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1517 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1518 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1519 l2cap_send_sframe(chan, control);
9a9c6a34 1520 return;
9e917af1 1521 }
dfc909be 1522
525cd185 1523 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1524 return;
1525
ab784b73 1526 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1527 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1528}
1529
b17e73bb
SJ		 1530static void l2cap_send_ack(struct l2cap_chan *chan)
1531{
1532 __clear_ack_timer(chan);
1533 __l2cap_send_ack(chan);
1534}
1535
525cd185 1536static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1537{
1538 struct srej_list *tail;
88843ab0 1539 u32 control;
99b0d4b7 1540
ab784b73 1541 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1542 control |= __set_ctrl_final(chan);
99b0d4b7 1543
39d5a3ee 1544 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1545 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1546
525cd185 1547 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1548}
1549
0952a57a 1550static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1c2acffb 1551{
0952a57a 1552 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1553 struct sk_buff **frag;
1554 int err, sent = 0;
1da177e4 1555
59203a21 1556 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1557 return -EFAULT;
1da177e4
LT		 1558
1559 sent += count;
1560 len -= count;
1561
1562 /* Continuation fragments (no L2CAP header) */
1563 frag = &skb_shinfo(skb)->frag_list;
1564 while (len) {
1565 count = min_t(unsigned int, conn->mtu, len);
1566
2f7719ce
AE		 1567 *frag = chan->ops->alloc_skb(chan, count,
1568 msg->msg_flags & MSG_DONTWAIT, &err);
1569
1da177e4 1570 if (!*frag)
0175d629 1571 return err;
1c2acffb
GP		 1572 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1573 return -EFAULT;
1da177e4 1574
5e59b791
LAD		 1575 (*frag)->priority = skb->priority;
1576
1da177e4
LT		 1577 sent += count;
1578 len -= count;
1579
1580 frag = &(*frag)->next;
1581 }
1da177e4
LT		 1582
1583 return sent;
1c2acffb 1584}
1da177e4 1585
5e59b791
LAD		 1586static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1587 struct msghdr *msg, size_t len,
1588 u32 priority)
1c2acffb 1589{
8c1d787b 1590 struct l2cap_conn *conn = chan->conn;
1c2acffb 1591 struct sk_buff *skb;
03a51213 1592 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1593 struct l2cap_hdr *lh;
1594
6d5922b0 1595 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1596
1597 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1598
1599 skb = chan->ops->alloc_skb(chan, count + hlen,
1600 msg->msg_flags & MSG_DONTWAIT, &err);
1601
1c2acffb 1602 if (!skb)
0175d629 1603 return ERR_PTR(err);
1c2acffb 1604
5e59b791
LAD		 1605 skb->priority = priority;
1606
1c2acffb
GP		 1607 /* Create L2CAP header */
1608 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1609 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1610 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1611 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb 1612
0952a57a 1613 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1614 if (unlikely(err < 0)) {
1615 kfree_skb(skb);
1616 return ERR_PTR(err);
1617 }
1618 return skb;
1619}
1620
5e59b791
LAD		 1621static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1622 struct msghdr *msg, size_t len,
1623 u32 priority)
1c2acffb 1624{
8c1d787b 1625 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1626 struct sk_buff *skb;
1627 int err, count, hlen = L2CAP_HDR_SIZE;
1628 struct l2cap_hdr *lh;
1629
6d5922b0 1630 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1631
1632 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1633
1634 skb = chan->ops->alloc_skb(chan, count + hlen,
1635 msg->msg_flags & MSG_DONTWAIT, &err);
1636
1c2acffb 1637 if (!skb)
0175d629 1638 return ERR_PTR(err);
1c2acffb 1639
5e59b791
LAD		 1640 skb->priority = priority;
1641
1c2acffb
GP		 1642 /* Create L2CAP header */
1643 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1644 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1645 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1646
0952a57a 1647 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1648 if (unlikely(err < 0)) {
1649 kfree_skb(skb);
1650 return ERR_PTR(err);
1651 }
1652 return skb;
1653}
1654
ab0ff76d
LAD		 1655static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1656 struct msghdr *msg, size_t len,
88843ab0 1657 u32 control, u16 sdulen)
1c2acffb 1658{
8c1d787b 1659 struct l2cap_conn *conn = chan->conn;
1c2acffb 1660 struct sk_buff *skb;
e4ca6d98 1661 int err, count, hlen;
1c2acffb
GP		 1662 struct l2cap_hdr *lh;
1663
6d5922b0 1664 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1665
0ee0d208
GP		 1666 if (!conn)
1667 return ERR_PTR(-ENOTCONN);
1668
e4ca6d98
AE		 1669 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1670 hlen = L2CAP_EXT_HDR_SIZE;
1671 else
1672 hlen = L2CAP_ENH_HDR_SIZE;
1673
c74e560c 1674 if (sdulen)
03a51213 1675 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1676
47d1ec61 1677 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1678 hlen += L2CAP_FCS_SIZE;
fcc203c3 1679
1c2acffb 1680 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1681
1682 skb = chan->ops->alloc_skb(chan, count + hlen,
1683 msg->msg_flags & MSG_DONTWAIT, &err);
1684
1c2acffb 1685 if (!skb)
0175d629 1686 return ERR_PTR(err);
1c2acffb
GP		 1687
1688 /* Create L2CAP header */
1689 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1690 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1691 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1692
1693 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1694
c74e560c 1695 if (sdulen)
03a51213 1696 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1697
0952a57a 1698 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1699 if (unlikely(err < 0)) {
1700 kfree_skb(skb);
1701 return ERR_PTR(err);
1702 }
e90bac06 1703
47d1ec61 1704 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1705 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1706
e90bac06 1707 bt_cb(skb)->retries = 0;
1c2acffb 1708 return skb;
1da177e4
LT		 1709}
1710
67c9e840 1711static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1712{
c74e560c
GP		 1713 struct sk_buff *skb;
1714 struct sk_buff_head sar_queue;
88843ab0 1715 u32 control;
c74e560c
GP		 1716 size_t size = 0;
1717
ff12fd64 1718 skb_queue_head_init(&sar_queue);
7e0ef6ee 1719 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1720 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1721 if (IS_ERR(skb))
1722 return PTR_ERR(skb);
1723
1724 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1725 len -= chan->remote_mps;
1726 size += chan->remote_mps;
c74e560c
GP		 1727
1728 while (len > 0) {
1729 size_t buflen;
1730
2c03a7a4 1731 if (len > chan->remote_mps) {
7e0ef6ee 1732 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1733 buflen = chan->remote_mps;
c74e560c 1734 } else {
7e0ef6ee 1735 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1736 buflen = len;
1737 }
1738
47d1ec61 1739 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1740 if (IS_ERR(skb)) {
1741 skb_queue_purge(&sar_queue);
1742 return PTR_ERR(skb);
1743 }
1744
1745 __skb_queue_tail(&sar_queue, skb);
1746 len -= buflen;
1747 size += buflen;
c74e560c 1748 }
58d35f87
GP		 1749 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1750 if (chan->tx_send_head == NULL)
1751 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1752
1753 return size;
1754}
1755
5e59b791
LAD		 1756int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1757 u32 priority)
9a91a04a 1758{
9a91a04a 1759 struct sk_buff *skb;
88843ab0 1760 u32 control;
9a91a04a
GP		 1761 int err;
1762
1763 /* Connectionless channel */
715ec005 1764 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1765 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1766 if (IS_ERR(skb))
1767 return PTR_ERR(skb);
1768
1769 l2cap_do_send(chan, skb);
1770 return len;
1771 }
1772
1773 switch (chan->mode) {
1774 case L2CAP_MODE_BASIC:
1775 /* Check outgoing MTU */
1776 if (len > chan->omtu)
1777 return -EMSGSIZE;
1778
1779 /* Create a basic PDU */
5e59b791 1780 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1781 if (IS_ERR(skb))
1782 return PTR_ERR(skb);
1783
1784 l2cap_do_send(chan, skb);
1785 err = len;
1786 break;
1787
1788 case L2CAP_MODE_ERTM:
1789 case L2CAP_MODE_STREAMING:
1790 /* Entire SDU fits into one PDU */
1791 if (len <= chan->remote_mps) {
7e0ef6ee 1792 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1793 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1794 0);
1795 if (IS_ERR(skb))
1796 return PTR_ERR(skb);
1797
1798 __skb_queue_tail(&chan->tx_q, skb);
1799
1800 if (chan->tx_send_head == NULL)
1801 chan->tx_send_head = skb;
1802
1803 } else {
1804 /* Segment SDU into multiples PDUs */
1805 err = l2cap_sar_segment_sdu(chan, msg, len);
1806 if (err < 0)
1807 return err;
1808 }
1809
1810 if (chan->mode == L2CAP_MODE_STREAMING) {
1811 l2cap_streaming_send(chan);
1812 err = len;
1813 break;
1814 }
1815
e2ab4353
GP		 1816 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1817 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1818 err = len;
1819 break;
1820 }
1821
1822 err = l2cap_ertm_send(chan);
1823 if (err >= 0)
1824 err = len;
1825
1826 break;
1827
1828 default:
1829 BT_DBG("bad state %1.1x", chan->mode);
1830 err = -EBADFD;
1831 }
1832
1833 return err;
1834}
1835
1da177e4
LT		 1836/* Copy frame to all raw sockets on that connection */
1837static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1838{
1da177e4 1839 struct sk_buff *nskb;
48454079 1840 struct l2cap_chan *chan;
1da177e4
LT		 1841
1842 BT_DBG("conn %p", conn);
1843
3df91ea2 1844 mutex_lock(&conn->chan_lock);
3d57dc68 1845
3df91ea2 1846 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1847 struct sock *sk = chan->sk;
715ec005 1848 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1849 continue;
1850
1851 /* Don't send frame to the socket it came from */
1852 if (skb->sk == sk)
1853 continue;
af05b30b
GP		 1854 nskb = skb_clone(skb, GFP_ATOMIC);
1855 if (!nskb)
1da177e4
LT		 1856 continue;
1857
23070494 1858 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1859 kfree_skb(nskb);
1860 }
3d57dc68 1861
3df91ea2 1862 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1863}
1864
1865/* ---- L2CAP signalling commands ---- */
1866static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1867 u8 code, u8 ident, u16 dlen, void *data)
1868{
1869 struct sk_buff *skb, **frag;
1870 struct l2cap_cmd_hdr *cmd;
1871 struct l2cap_hdr *lh;
1872 int len, count;
1873
af05b30b
GP		 1874 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1875 conn, code, ident, dlen);
1da177e4
LT		 1876
1877 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1878 count = min_t(unsigned int, conn->mtu, len);
1879
1880 skb = bt_skb_alloc(count, GFP_ATOMIC);
1881 if (!skb)
1882 return NULL;
1883
1884 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1885 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1886
1887 if (conn->hcon->type == LE_LINK)
1888 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1889 else
1890 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1891
1892 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1893 cmd->code = code;
1894 cmd->ident = ident;
aca3192c 1895 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1896
1897 if (dlen) {
1898 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1899 memcpy(skb_put(skb, count), data, count);
1900 data += count;
1901 }
1902
1903 len -= skb->len;
1904
1905 /* Continuation fragments (no L2CAP header) */
1906 frag = &skb_shinfo(skb)->frag_list;
1907 while (len) {
1908 count = min_t(unsigned int, conn->mtu, len);
1909
1910 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1911 if (!*frag)
1912 goto fail;
1913
1914 memcpy(skb_put(*frag, count), data, count);
1915
1916 len -= count;
1917 data += count;
1918
1919 frag = &(*frag)->next;
1920 }
1921
1922 return skb;
1923
1924fail:
1925 kfree_skb(skb);
1926 return NULL;
1927}
1928
1929static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1930{
1931 struct l2cap_conf_opt *opt = *ptr;
1932 int len;
1933
1934 len = L2CAP_CONF_OPT_SIZE + opt->len;
1935 *ptr += len;
1936
1937 *type = opt->type;
1938 *olen = opt->len;
1939
1940 switch (opt->len) {
1941 case 1:
1942 *val = *((u8 *) opt->val);
1943 break;
1944
1945 case 2:
bfaaeb3e 1946 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1947 break;
1948
1949 case 4:
bfaaeb3e 1950 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1951 break;
1952
1953 default:
1954 *val = (unsigned long) opt->val;
1955 break;
1956 }
1957
1958 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1959 return len;
1960}
1961
1da177e4
LT		 1962static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1963{
1964 struct l2cap_conf_opt *opt = *ptr;
1965
1966 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1967
1968 opt->type = type;
1969 opt->len = len;
1970
1971 switch (len) {
1972 case 1:
1973 *((u8 *) opt->val) = val;
1974 break;
1975
1976 case 2:
4f8b691c 1977 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1978 break;
1979
1980 case 4:
4f8b691c 1981 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1982 break;
1983
1984 default:
1985 memcpy(opt->val, (void *) val, len);
1986 break;
1987 }
1988
1989 *ptr += L2CAP_CONF_OPT_SIZE + len;
1990}
1991
f89cef09
AE		 1992static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1993{
1994 struct l2cap_conf_efs efs;
1995
1ec918ce 1996 switch (chan->mode) {
f89cef09
AE		 1997 case L2CAP_MODE_ERTM:
1998 efs.id = chan->local_id;
1999 efs.stype = chan->local_stype;
2000 efs.msdu = cpu_to_le16(chan->local_msdu);
2001 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2002 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2003 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2004 break;
2005
2006 case L2CAP_MODE_STREAMING:
2007 efs.id = 1;
2008 efs.stype = L2CAP_SERV_BESTEFFORT;
2009 efs.msdu = cpu_to_le16(chan->local_msdu);
2010 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2011 efs.acc_lat = 0;
2012 efs.flush_to = 0;
2013 break;
2014
2015 default:
2016 return;
2017 }
2018
2019 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2020 (unsigned long) &efs);
2021}
2022
721c4181 2023static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2024{
721c4181
GP		 2025 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2026 ack_timer.work);
c1b4f43b 2027
2fb9b3d4
GP		 2028 BT_DBG("chan %p", chan);
2029
6be36555
AE		 2030 l2cap_chan_lock(chan);
2031
b17e73bb 2032 __l2cap_send_ack(chan);
6be36555
AE		 2033
2034 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2035
2036 l2cap_chan_put(chan);
c1b4f43b
GP		 2037}
2038
525cd185 2039static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2040{
42e5c802 2041 chan->expected_ack_seq = 0;
6a026610 2042 chan->unacked_frames = 0;
42e5c802 2043 chan->buffer_seq = 0;
6a026610
GP		 2044 chan->num_acked = 0;
2045 chan->frames_sent = 0;
0565c1c2 2046
721c4181
GP		 2047 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2048 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2049 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2050
f1c6775b 2051 skb_queue_head_init(&chan->srej_q);
1890d36b 2052
39d5a3ee 2053 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2054}
2055
f2fcfcd6
GP		 2056static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2057{
2058 switch (mode) {
2059 case L2CAP_MODE_STREAMING:
2060 case L2CAP_MODE_ERTM:
2061 if (l2cap_mode_supported(mode, remote_feat_mask))
2062 return mode;
2063 /* fall through */
2064 default:
2065 return L2CAP_MODE_BASIC;
2066 }
2067}
2068
6327eb98
AE		 2069static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2070{
2071 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2072}
2073
f89cef09
AE		 2074static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2075{
2076 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2077}
2078
6327eb98
AE		 2079static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2080{
2081 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2082 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2083 /* use extended control field */
2084 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2085 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2086 } else {
6327eb98
AE		 2087 chan->tx_win = min_t(u16, chan->tx_win,
2088 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2089 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2090 }
6327eb98
AE		 2091}
2092
710f9b0a 2093static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2094{
1da177e4 2095 struct l2cap_conf_req *req = data;
0c1bc5c6 2096 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2097 void *ptr = req->data;
c8f79162 2098 u16 size;
1da177e4 2099
49208c9c 2100 BT_DBG("chan %p", chan);
1da177e4 2101
73ffa904 2102 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2103 goto done;
2104
0c1bc5c6 2105 switch (chan->mode) {
f2fcfcd6
GP		 2106 case L2CAP_MODE_STREAMING:
2107 case L2CAP_MODE_ERTM:
c1360a1c 2108 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2109 break;
85eb53c6 2110
f89cef09
AE		 2111 if (__l2cap_efs_supported(chan))
2112 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2113
2ba13ed6 2114 /* fall through */
f2fcfcd6 2115 default:
8c1d787b 2116 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2117 break;
2118 }
2119
2120done:
0c1bc5c6
GP		 2121 if (chan->imtu != L2CAP_DEFAULT_MTU)
2122 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2123
0c1bc5c6 2124 switch (chan->mode) {
65c7c491 2125 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2126 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2127 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2128 break;
2129
62547752
GP		 2130 rfc.mode = L2CAP_MODE_BASIC;
2131 rfc.txwin_size = 0;
2132 rfc.max_transmit = 0;
2133 rfc.retrans_timeout = 0;
2134 rfc.monitor_timeout = 0;
2135 rfc.max_pdu_size = 0;
2136
63406504
GP		 2137 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2138 (unsigned long) &rfc);
65c7c491
MH		 2139 break;
2140
2141 case L2CAP_MODE_ERTM:
2142 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2143 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2144 rfc.retrans_timeout = 0;
2145 rfc.monitor_timeout = 0;
c8f79162
AE		 2146
2147 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2148 L2CAP_EXT_HDR_SIZE -
2149 L2CAP_SDULEN_SIZE -
2150 L2CAP_FCS_SIZE);
2151 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2152
6327eb98
AE		 2153 l2cap_txwin_setup(chan);
2154
2155 rfc.txwin_size = min_t(u16, chan->tx_win,
2156 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2157
63406504
GP		 2158 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2159 (unsigned long) &rfc);
2160
f89cef09
AE		 2161 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2162 l2cap_add_opt_efs(&ptr, chan);
2163
8c1d787b 2164 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2165 break;
2166
47d1ec61 2167 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2168 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2169 chan->fcs = L2CAP_FCS_NONE;
2170 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2171 }
6327eb98
AE		 2172
2173 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2174 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2175 chan->tx_win);
f2fcfcd6
GP		 2176 break;
2177
2178 case L2CAP_MODE_STREAMING:
2179 rfc.mode = L2CAP_MODE_STREAMING;
2180 rfc.txwin_size = 0;
2181 rfc.max_transmit = 0;
2182 rfc.retrans_timeout = 0;
2183 rfc.monitor_timeout = 0;
c8f79162
AE		 2184
2185 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2186 L2CAP_EXT_HDR_SIZE -
2187 L2CAP_SDULEN_SIZE -
2188 L2CAP_FCS_SIZE);
2189 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2190
63406504
GP		 2191 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2192 (unsigned long) &rfc);
2193
f89cef09
AE		 2194 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2195 l2cap_add_opt_efs(&ptr, chan);
2196
8c1d787b 2197 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2198 break;
2199
47d1ec61 2200 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2201 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2202 chan->fcs = L2CAP_FCS_NONE;
2203 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2204 }
65c7c491
MH		 2205 break;
2206 }
1da177e4 2207
fe4128e0 2208 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2209 req->flags = cpu_to_le16(0);
1da177e4
LT		 2210
2211 return ptr - data;
2212}
2213
73ffa904 2214static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2215{
5dee9e7c
MH		 2216 struct l2cap_conf_rsp *rsp = data;
2217 void *ptr = rsp->data;
73ffa904
GP		 2218 void *req = chan->conf_req;
2219 int len = chan->conf_len;
5dee9e7c
MH		 2220 int type, hint, olen;
2221 unsigned long val;
6464f35f 2222 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2223 struct l2cap_conf_efs efs;
2224 u8 remote_efs = 0;
861d6882 2225 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2226 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2227 u16 size;
1da177e4 2228
73ffa904 2229 BT_DBG("chan %p", chan);
820ae1b8 2230
5dee9e7c
MH		 2231 while (len >= L2CAP_CONF_OPT_SIZE) {
2232 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2233
589d2746 2234 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2235 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2236
2237 switch (type) {
2238 case L2CAP_CONF_MTU:
861d6882 2239 mtu = val;
5dee9e7c
MH		 2240 break;
2241
2242 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2243 chan->flush_to = val;
5dee9e7c
MH		 2244 break;
2245
2246 case L2CAP_CONF_QOS:
2247 break;
2248
6464f35f
MH		 2249 case L2CAP_CONF_RFC:
2250 if (olen == sizeof(rfc))
2251 memcpy(&rfc, (void *) val, olen);
2252 break;
2253
fcc203c3
GP		 2254 case L2CAP_CONF_FCS:
2255 if (val == L2CAP_FCS_NONE)
c1360a1c 2256 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2257 break;
fcc203c3 2258
42dceae2
AE		 2259 case L2CAP_CONF_EFS:
2260 remote_efs = 1;
2261 if (olen == sizeof(efs))
2262 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2263 break;
2264
6327eb98
AE		 2265 case L2CAP_CONF_EWS:
2266 if (!enable_hs)
2267 return -ECONNREFUSED;
fcc203c3 2268
6327eb98
AE		 2269 set_bit(FLAG_EXT_CTRL, &chan->flags);
2270 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2271 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2272 chan->remote_tx_win = val;
fcc203c3
GP		 2273 break;
2274
5dee9e7c
MH		 2275 default:
2276 if (hint)
2277 break;
2278
2279 result = L2CAP_CONF_UNKNOWN;
2280 *((u8 *) ptr++) = type;
2281 break;
2282 }
2283 }
2284
73ffa904 2285 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2286 goto done;
2287
0c1bc5c6 2288 switch (chan->mode) {
f2fcfcd6
GP		 2289 case L2CAP_MODE_STREAMING:
2290 case L2CAP_MODE_ERTM:
c1360a1c 2291 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2292 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2293 chan->conn->feat_mask);
85eb53c6
GP		 2294 break;
2295 }
2296
42dceae2
AE		 2297 if (remote_efs) {
2298 if (__l2cap_efs_supported(chan))
2299 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2300 else
2301 return -ECONNREFUSED;
2302 }
2303
0c1bc5c6 2304 if (chan->mode != rfc.mode)
f2fcfcd6 2305 return -ECONNREFUSED;
742e519b 2306
f2fcfcd6 2307 break;
f2fcfcd6
GP		 2308 }
2309
2310done:
0c1bc5c6 2311 if (chan->mode != rfc.mode) {
f2fcfcd6 2312 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2313 rfc.mode = chan->mode;
f2fcfcd6 2314
73ffa904 2315 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2316 return -ECONNREFUSED;
2317
2318 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2319 sizeof(rfc), (unsigned long) &rfc);
2320 }
2321
5dee9e7c
MH		 2322 if (result == L2CAP_CONF_SUCCESS) {
2323 /* Configure output options and let the other side know
2324 * which ones we don't like. */
2325
f2fcfcd6
GP		 2326 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2327 result = L2CAP_CONF_UNACCEPT;
2328 else {
0c1bc5c6 2329 chan->omtu = mtu;
c1360a1c 2330 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2331 }
0c1bc5c6 2332 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2333
42dceae2
AE		 2334 if (remote_efs) {
2335 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2336 efs.stype != L2CAP_SERV_NOTRAFIC &&
2337 efs.stype != chan->local_stype) {
2338
2339 result = L2CAP_CONF_UNACCEPT;
2340
2341 if (chan->num_conf_req >= 1)
2342 return -ECONNREFUSED;
2343
2344 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2345 sizeof(efs),
42dceae2 2346 (unsigned long) &efs);
0e8b207e 2347 } else {
3e6b3b95 2348 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2349 result = L2CAP_CONF_PENDING;
2350 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2351 }
2352 }
2353
f2fcfcd6
GP		 2354 switch (rfc.mode) {
2355 case L2CAP_MODE_BASIC:
47d1ec61 2356 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2357 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2358 break;
2359
2360 case L2CAP_MODE_ERTM:
6327eb98
AE		 2361 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2362 chan->remote_tx_win = rfc.txwin_size;
2363 else
2364 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2365
2c03a7a4 2366 chan->remote_max_tx = rfc.max_transmit;
1c762159 2367
c8f79162
AE		 2368 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2369 chan->conn->mtu -
2370 L2CAP_EXT_HDR_SIZE -
2371 L2CAP_SDULEN_SIZE -
2372 L2CAP_FCS_SIZE);
2373 rfc.max_pdu_size = cpu_to_le16(size);
2374 chan->remote_mps = size;
f2fcfcd6 2375
10467e9e
GP		 2376 rfc.retrans_timeout =
2377 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2378 rfc.monitor_timeout =
2379 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2380
c1360a1c 2381 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2382
2383 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2384 sizeof(rfc), (unsigned long) &rfc);
2385
42dceae2
AE		 2386 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2387 chan->remote_id = efs.id;
2388 chan->remote_stype = efs.stype;
2389 chan->remote_msdu = le16_to_cpu(efs.msdu);
2390 chan->remote_flush_to =
2391 le32_to_cpu(efs.flush_to);
2392 chan->remote_acc_lat =
2393 le32_to_cpu(efs.acc_lat);
2394 chan->remote_sdu_itime =
2395 le32_to_cpu(efs.sdu_itime);
2396 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2397 sizeof(efs), (unsigned long) &efs);
2398 }
f2fcfcd6
GP		 2399 break;
2400
2401 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2402 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2403 chan->conn->mtu -
2404 L2CAP_EXT_HDR_SIZE -
2405 L2CAP_SDULEN_SIZE -
2406 L2CAP_FCS_SIZE);
2407 rfc.max_pdu_size = cpu_to_le16(size);
2408 chan->remote_mps = size;
f2fcfcd6 2409
c1360a1c 2410 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2411
2412 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2413 sizeof(rfc), (unsigned long) &rfc);
2414
f2fcfcd6
GP		 2415 break;
2416
2417 default:
5dee9e7c 2418 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2419
6464f35f 2420 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2421 rfc.mode = chan->mode;
f2fcfcd6 2422 }
6464f35f 2423
f2fcfcd6 2424 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2425 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2426 }
fe4128e0 2427 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2428 rsp->result = cpu_to_le16(result);
2429 rsp->flags = cpu_to_le16(0x0000);
2430
2431 return ptr - data;
1da177e4
LT		 2432}
2433
b4450035 2434static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2435{
f2fcfcd6
GP		 2436 struct l2cap_conf_req *req = data;
2437 void *ptr = req->data;
2438 int type, olen;
2439 unsigned long val;
36e999a8 2440 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2441 struct l2cap_conf_efs efs;
f2fcfcd6 2442
fe4128e0 2443 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2444
2445 while (len >= L2CAP_CONF_OPT_SIZE) {
2446 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2447
2448 switch (type) {
2449 case L2CAP_CONF_MTU:
2450 if (val < L2CAP_DEFAULT_MIN_MTU) {
2451 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2452 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2453 } else
0c1bc5c6
GP		 2454 chan->imtu = val;
2455 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2456 break;
2457
2458 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2459 chan->flush_to = val;
f2fcfcd6 2460 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2461 2, chan->flush_to);
f2fcfcd6
GP		 2462 break;
2463
2464 case L2CAP_CONF_RFC:
2465 if (olen == sizeof(rfc))
2466 memcpy(&rfc, (void *)val, olen);
2467
c1360a1c 2468 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2469 rfc.mode != chan->mode)
f2fcfcd6
GP		 2470 return -ECONNREFUSED;
2471
47d1ec61 2472 chan->fcs = 0;
f2fcfcd6
GP		 2473
2474 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2475 sizeof(rfc), (unsigned long) &rfc);
2476 break;
6327eb98
AE		 2477
2478 case L2CAP_CONF_EWS:
2479 chan->tx_win = min_t(u16, val,
2480 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2481 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2482 chan->tx_win);
6327eb98 2483 break;
66af7aaf
AE		 2484
2485 case L2CAP_CONF_EFS:
2486 if (olen == sizeof(efs))
2487 memcpy(&efs, (void *)val, olen);
2488
2489 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2490 efs.stype != L2CAP_SERV_NOTRAFIC &&
2491 efs.stype != chan->local_stype)
2492 return -ECONNREFUSED;
2493
2494 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2495 sizeof(efs), (unsigned long) &efs);
2496 break;
f2fcfcd6
GP		 2497 }
2498 }
2499
0c1bc5c6 2500 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2501 return -ECONNREFUSED;
2502
0c1bc5c6 2503 chan->mode = rfc.mode;
6c2ea7a8 2504
0e8b207e 2505 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2506 switch (rfc.mode) {
2507 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2508 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2509 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2510 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2511
2512 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2513 chan->local_msdu = le16_to_cpu(efs.msdu);
2514 chan->local_sdu_itime =
2515 le32_to_cpu(efs.sdu_itime);
2516 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2517 chan->local_flush_to =
2518 le32_to_cpu(efs.flush_to);
2519 }
f2fcfcd6 2520 break;
66af7aaf 2521
f2fcfcd6 2522 case L2CAP_MODE_STREAMING:
47d1ec61 2523 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2524 }
2525 }
2526
fe4128e0 2527 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2528 req->flags = cpu_to_le16(0x0000);
2529
2530 return ptr - data;
2531}
2532
fe4128e0 2533static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2534{
2535 struct l2cap_conf_rsp *rsp = data;
2536 void *ptr = rsp->data;
1da177e4 2537
fe4128e0 2538 BT_DBG("chan %p", chan);
1da177e4 2539
fe4128e0 2540 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2541 rsp->result = cpu_to_le16(result);
aca3192c 2542 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2543
2544 return ptr - data;
2545}
2546
8c1d787b 2547void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2548{
2549 struct l2cap_conn_rsp rsp;
8c1d787b 2550 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2551 u8 buf[128];
2552
fe4128e0
GP		 2553 rsp.scid = cpu_to_le16(chan->dcid);
2554 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2555 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2556 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2557 l2cap_send_cmd(conn, chan->ident,
2558 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2559
c1360a1c 2560 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2561 return;
2562
710f9b0a
GP		 2563 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2564 l2cap_build_conf_req(chan, buf), buf);
2565 chan->num_conf_req++;
2566}
2567
47d1ec61 2568static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2569{
7b1c0049
GP		 2570 int type, olen;
2571 unsigned long val;
2572 struct l2cap_conf_rfc rfc;
2573
47d1ec61 2574 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2575
0c1bc5c6 2576 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2577 return;
2578
2579 while (len >= L2CAP_CONF_OPT_SIZE) {
2580 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2581
2582 switch (type) {
2583 case L2CAP_CONF_RFC:
2584 if (olen == sizeof(rfc))
2585 memcpy(&rfc, (void *)val, olen);
2586 goto done;
2587 }
2588 }
2589
36e999a8
MM		 2590 /* Use sane default values in case a misbehaving remote device
2591 * did not send an RFC option.
2592 */
2593 rfc.mode = chan->mode;
2594 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2595 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2596 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2597
2598 BT_ERR("Expected RFC option was not found, using defaults");
2599
7b1c0049
GP		 2600done:
2601 switch (rfc.mode) {
2602 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2603 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2604 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2605 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2606 break;
2607 case L2CAP_MODE_STREAMING:
47d1ec61 2608 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2609 }
2610}
2611
4e8402a3
MH		 2612static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2613{
e2fd318e 2614 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2615
e2fd318e 2616 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2617 return 0;
2618
2619 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2620 cmd->ident == conn->info_ident) {
17cd3f37 2621 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2622
2623 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2624 conn->info_ident = 0;
984947dc 2625
4e8402a3
MH		 2626 l2cap_conn_start(conn);
2627 }
2628
2629 return 0;
2630}
2631
1da177e4
LT		 2632static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2633{
1da177e4
LT		 2634 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2635 struct l2cap_conn_rsp rsp;
23691d75 2636 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2637 struct sock *parent, *sk = NULL;
e7c29cb1 2638 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2639
2640 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2641 __le16 psm = req->psm;
1da177e4
LT		 2642
2643 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2644
2645 /* Check if we have socket listening on psm */
23691d75
GP		 2646 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2647 if (!pchan) {
1da177e4
LT		 2648 result = L2CAP_CR_BAD_PSM;
2649 goto sendresp;
2650 }
2651
23691d75
GP		 2652 parent = pchan->sk;
2653
3df91ea2 2654 mutex_lock(&conn->chan_lock);
aa2ac881 2655 lock_sock(parent);
e0f0cb56 2656
e7c29cb1
MH		 2657 /* Check if the ACL is secure enough (if not SDP) */
2658 if (psm != cpu_to_le16(0x0001) &&
2659 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2660 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2661 result = L2CAP_CR_SEC_BLOCK;
2662 goto response;
2663 }
2664
1da177e4
LT		 2665 result = L2CAP_CR_NO_MEM;
2666
2667 /* Check for backlog size */
2668 if (sk_acceptq_is_full(parent)) {
8e87d142 2669 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2670 goto response;
2671 }
2672
80808e43
GP		 2673 chan = pchan->ops->new_connection(pchan->data);
2674 if (!chan)
1da177e4
LT		 2675 goto response;
2676
80808e43
GP		 2677 sk = chan->sk;
2678
1da177e4 2679 /* Check if we already have channel with that dcid */
baa7e1fa 2680 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2681 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2682 chan->ops->close(chan->data);
1da177e4
LT		 2683 goto response;
2684 }
2685
2686 hci_conn_hold(conn->hcon);
2687
1da177e4
LT		 2688 bacpy(&bt_sk(sk)->src, conn->src);
2689 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2690 chan->psm = psm;
2691 chan->dcid = scid;
1da177e4 2692
d1010240
GP		 2693 bt_accept_enqueue(parent, sk);
2694
6be36555 2695 __l2cap_chan_add(conn, chan);
48454079 2696
fe4128e0 2697 dcid = chan->scid;
1da177e4 2698
c9b66675 2699 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2700
fc7f8a7e 2701 chan->ident = cmd->ident;
1da177e4 2702
984947dc 2703 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2704 if (l2cap_chan_check_security(chan)) {
f66dc81f 2705 if (bt_sk(sk)->defer_setup) {
0e587be7 2706 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2707 result = L2CAP_CR_PEND;
2708 status = L2CAP_CS_AUTHOR_PEND;
2709 parent->sk_data_ready(parent, 0);
2710 } else {
0e587be7 2711 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2712 result = L2CAP_CR_SUCCESS;
2713 status = L2CAP_CS_NO_INFO;
2714 }
79d554a6 2715 } else {
0e587be7 2716 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2717 result = L2CAP_CR_PEND;
2718 status = L2CAP_CS_AUTHEN_PEND;
2719 }
2720 } else {
0e587be7 2721 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2722 result = L2CAP_CR_PEND;
2723 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2724 }
2725
1da177e4 2726response:
aa2ac881 2727 release_sock(parent);
3df91ea2 2728 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2729
2730sendresp:
aca3192c
YH		 2731 rsp.scid = cpu_to_le16(scid);
2732 rsp.dcid = cpu_to_le16(dcid);
2733 rsp.result = cpu_to_le16(result);
2734 rsp.status = cpu_to_le16(status);
1da177e4 2735 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2736
2737 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2738 struct l2cap_info_req info;
2739 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2740
2741 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2742 conn->info_ident = l2cap_get_ident(conn);
2743
030013d8 2744 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 2745 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2746
2747 l2cap_send_cmd(conn, conn->info_ident,
2748 L2CAP_INFO_REQ, sizeof(info), &info);
2749 }
2750
c1360a1c 2751 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2752 result == L2CAP_CR_SUCCESS) {
2753 u8 buf[128];
c1360a1c 2754 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2755 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2756 l2cap_build_conf_req(chan, buf), buf);
2757 chan->num_conf_req++;
e9aeb2dd
GP		 2758 }
2759
1da177e4
LT		 2760 return 0;
2761}
2762
2763static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2764{
2765 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2766 u16 scid, dcid, result, status;
48454079 2767 struct l2cap_chan *chan;
1da177e4 2768 u8 req[128];
3df91ea2 2769 int err;
1da177e4
LT		 2770
2771 scid = __le16_to_cpu(rsp->scid);
2772 dcid = __le16_to_cpu(rsp->dcid);
2773 result = __le16_to_cpu(rsp->result);
2774 status = __le16_to_cpu(rsp->status);
2775
1b009c98
AE		 2776 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2777 dcid, scid, result, status);
1da177e4 2778
3df91ea2
AE		 2779 mutex_lock(&conn->chan_lock);
2780
1da177e4 2781 if (scid) {
3df91ea2
AE		 2782 chan = __l2cap_get_chan_by_scid(conn, scid);
2783 if (!chan) {
2784 err = -EFAULT;
2785 goto unlock;
2786 }
1da177e4 2787 } else {
3df91ea2
AE		 2788 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2789 if (!chan) {
2790 err = -EFAULT;
2791 goto unlock;
2792 }
1da177e4
LT		 2793 }
2794
3df91ea2
AE		 2795 err = 0;
2796
6be36555 2797 l2cap_chan_lock(chan);
48454079 2798
1da177e4
LT		 2799 switch (result) {
2800 case L2CAP_CR_SUCCESS:
89bc500e 2801 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2802 chan->ident = 0;
fe4128e0 2803 chan->dcid = dcid;
c1360a1c 2804 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2805
c1360a1c 2806 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2807 break;
2808
1da177e4 2809 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2810 l2cap_build_conf_req(chan, req), req);
2811 chan->num_conf_req++;
1da177e4
LT		 2812 break;
2813
2814 case L2CAP_CR_PEND:
c1360a1c 2815 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2816 break;
2817
2818 default:
48454079 2819 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2820 break;
2821 }
2822
6be36555 2823 l2cap_chan_unlock(chan);
3df91ea2
AE		 2824
2825unlock:
2826 mutex_unlock(&conn->chan_lock);
2827
2828 return err;
1da177e4
LT		 2829}
2830
47d1ec61 2831static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2832{
2833 /* FCS is enabled only in ERTM or streaming mode, if one or both
2834 * sides request it.
2835 */
0c1bc5c6 2836 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2837 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2838 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2839 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2840}
2841
88219a0f 2842static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2843{
2844 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2845 u16 dcid, flags;
2846 u8 rsp[64];
48454079 2847 struct l2cap_chan *chan;
5dee9e7c 2848 int len;
1da177e4
LT		 2849
2850 dcid = __le16_to_cpu(req->dcid);
2851 flags = __le16_to_cpu(req->flags);
2852
2853 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2854
baa7e1fa 2855 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2856 if (!chan)
1da177e4
LT		 2857 return -ENOENT;
2858
6be36555 2859 l2cap_chan_lock(chan);
48454079 2860
033b1142 2861 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2862 struct l2cap_cmd_rej_cid rej;
2863
2864 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2865 rej.scid = cpu_to_le16(chan->scid);
2866 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2867
df6bd743
GP		 2868 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2869 sizeof(rej), &rej);
354f60a9 2870 goto unlock;
df6bd743 2871 }
354f60a9 2872
5dee9e7c 2873 /* Reject if config buffer is too small. */
88219a0f 2874 len = cmd_len - sizeof(*req);
7ac28817 2875 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2876 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2877 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2878 L2CAP_CONF_REJECT, flags), rsp);
2879 goto unlock;
2880 }
2881
2882 /* Store config. */
73ffa904
GP		 2883 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2884 chan->conf_len += len;
1da177e4
LT		 2885
2886 if (flags & 0x0001) {
2887 /* Incomplete config. Send empty response. */
2888 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2889 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2890 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2891 goto unlock;
2892 }
2893
2894 /* Complete config. */
73ffa904 2895 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2896 if (len < 0) {
e92c8e70 2897 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2898 goto unlock;
f2fcfcd6 2899 }
1da177e4 2900
5dee9e7c 2901 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2902 chan->num_conf_rsp++;
5dee9e7c 2903
5dee9e7c 2904 /* Reset config buffer. */
73ffa904 2905 chan->conf_len = 0;
5dee9e7c 2906
c1360a1c 2907 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2908 goto unlock;
2909
c1360a1c 2910 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2911 set_default_fcs(chan);
fcc203c3 2912
89bc500e 2913 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2914
42e5c802
GP		 2915 chan->next_tx_seq = 0;
2916 chan->expected_tx_seq = 0;
58d35f87 2917 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2918 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2919 l2cap_ertm_init(chan);
0565c1c2 2920
cf4cd009 2921 l2cap_chan_ready(chan);
876d9484
MH		 2922 goto unlock;
2923 }
2924
c1360a1c 2925 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2926 u8 buf[64];
1da177e4 2927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2928 l2cap_build_conf_req(chan, buf), buf);
2929 chan->num_conf_req++;
1da177e4
LT		 2930 }
2931
0e8b207e
AE		 2932 /* Got Conf Rsp PENDING from remote side and asume we sent
2933 Conf Rsp PENDING in the code above */
2934 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2935 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2936
2937 /* check compatibility */
2938
2939 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2940 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2941
2942 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2943 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2944 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2945 }
2946
1da177e4 2947unlock:
6be36555 2948 l2cap_chan_unlock(chan);
1da177e4
LT		 2949 return 0;
2950}
2951
2952static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2953{
2954 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2955 u16 scid, flags, result;
48454079 2956 struct l2cap_chan *chan;
7b1c0049 2957 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2958
2959 scid = __le16_to_cpu(rsp->scid);
2960 flags = __le16_to_cpu(rsp->flags);
2961 result = __le16_to_cpu(rsp->result);
2962
af05b30b
GP		 2963 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2964 scid, flags, result);
1da177e4 2965
baa7e1fa 2966 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2967 if (!chan)
1da177e4
LT		 2968 return 0;
2969
6be36555 2970 l2cap_chan_lock(chan);
48454079 2971
1da177e4
LT		 2972 switch (result) {
2973 case L2CAP_CONF_SUCCESS:
47d1ec61 2974 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2975 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2976 break;
2977
0e8b207e
AE		 2978 case L2CAP_CONF_PENDING:
2979 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2980
2981 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2982 char buf[64];
2983
2984 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2985 buf, &result);
2986 if (len < 0) {
2987 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2988 goto done;
2989 }
2990
2991 /* check compatibility */
2992
2993 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2994 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2995
2996 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2997 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 2998 L2CAP_CONF_SUCCESS, 0x0000), buf);
2999 }
3000 goto done;
3001
1da177e4 3002 case L2CAP_CONF_UNACCEPT:
73ffa904 3003 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3004 char req[64];
3005
c2c77ec8 3006 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3007 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3008 goto done;
3009 }
3010
f2fcfcd6
GP		 3011 /* throw out any old stored conf requests */
3012 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3013 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3014 req, &result);
f2fcfcd6 3015 if (len < 0) {
e92c8e70 3016 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3017 goto done;
3018 }
3019
3020 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3021 L2CAP_CONF_REQ, len, req);
73ffa904 3022 chan->num_conf_req++;
f2fcfcd6
GP		 3023 if (result != L2CAP_CONF_SUCCESS)
3024 goto done;
3025 break;
1da177e4
LT		 3026 }
3027
8e87d142 3028 default:
6be36555 3029 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3030
b83ddfe2
AK		 3031 __set_chan_timer(chan,
3032 msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT));
e92c8e70 3033 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3034 goto done;
3035 }
3036
3037 if (flags & 0x01)
3038 goto done;
3039
c1360a1c 3040 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3041
c1360a1c 3042 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3043 set_default_fcs(chan);
fcc203c3 3044
89bc500e 3045 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3046 chan->next_tx_seq = 0;
3047 chan->expected_tx_seq = 0;
58d35f87 3048 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3049 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3050 l2cap_ertm_init(chan);
0565c1c2 3051
cf4cd009 3052 l2cap_chan_ready(chan);
1da177e4
LT		 3053 }
3054
3055done:
6be36555 3056 l2cap_chan_unlock(chan);
1da177e4
LT		 3057 return 0;
3058}
3059
3060static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3061{
3062 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3063 struct l2cap_disconn_rsp rsp;
3064 u16 dcid, scid;
48454079 3065 struct l2cap_chan *chan;
1da177e4
LT		 3066 struct sock *sk;
3067
3068 scid = __le16_to_cpu(req->scid);
3069 dcid = __le16_to_cpu(req->dcid);
3070
3071 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3072
3df91ea2
AE		 3073 mutex_lock(&conn->chan_lock);
3074
3075 chan = __l2cap_get_chan_by_scid(conn, dcid);
3076 if (!chan) {
3077 mutex_unlock(&conn->chan_lock);
1da177e4 3078 return 0;
3df91ea2 3079 }
1da177e4 3080
6be36555
AE		 3081 l2cap_chan_lock(chan);
3082
48454079
GP		 3083 sk = chan->sk;
3084
fe4128e0
GP		 3085 rsp.dcid = cpu_to_le16(chan->scid);
3086 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3087 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3088
6be36555 3089 lock_sock(sk);
1da177e4 3090 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3091 release_sock(sk);
1da177e4 3092
48454079 3093 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3094
3095 l2cap_chan_unlock(chan);
1da177e4 3096
ba3bd0ee 3097 chan->ops->close(chan->data);
3df91ea2
AE		 3098
3099 mutex_unlock(&conn->chan_lock);
3100
1da177e4
LT		 3101 return 0;
3102}
3103
3104static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3105{
3106 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3107 u16 dcid, scid;
48454079 3108 struct l2cap_chan *chan;
1da177e4
LT		 3109
3110 scid = __le16_to_cpu(rsp->scid);
3111 dcid = __le16_to_cpu(rsp->dcid);
3112
3113 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3114
3df91ea2
AE		 3115 mutex_lock(&conn->chan_lock);
3116
3117 chan = __l2cap_get_chan_by_scid(conn, scid);
3118 if (!chan) {
3119 mutex_unlock(&conn->chan_lock);
1da177e4 3120 return 0;
3df91ea2 3121 }
1da177e4 3122
6be36555 3123 l2cap_chan_lock(chan);
48454079 3124
48454079 3125 l2cap_chan_del(chan, 0);
6be36555
AE		 3126
3127 l2cap_chan_unlock(chan);
1da177e4 3128
ba3bd0ee 3129 chan->ops->close(chan->data);
3df91ea2
AE		 3130
3131 mutex_unlock(&conn->chan_lock);
3132
1da177e4
LT		 3133 return 0;
3134}
3135
3136static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3137{
3138 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3139 u16 type;
3140
3141 type = __le16_to_cpu(req->type);
3142
3143 BT_DBG("type 0x%4.4x", type);
3144
f0709e03
MH		 3145 if (type == L2CAP_IT_FEAT_MASK) {
3146 u8 buf[8];
44dd46de 3147 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3148 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3149 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3150 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3151 if (!disable_ertm)
fcc203c3
GP		 3152 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3153 | L2CAP_FEAT_FCS;
a5fd6f30 3154 if (enable_hs)
6327eb98
AE		 3155 feat_mask |= L2CAP_FEAT_EXT_FLOW
3156 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3157
1b7bf4ed 3158 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3159 l2cap_send_cmd(conn, cmd->ident,
3160 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3161 } else if (type == L2CAP_IT_FIXED_CHAN) {
3162 u8 buf[12];
3163 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3164
3165 if (enable_hs)
3166 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3167 else
3168 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3169
e1027a7c
MH		 3170 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3171 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3172 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3173 l2cap_send_cmd(conn, cmd->ident,
3174 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3175 } else {
3176 struct l2cap_info_rsp rsp;
3177 rsp.type = cpu_to_le16(type);
3178 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3179 l2cap_send_cmd(conn, cmd->ident,
3180 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3181 }
1da177e4
LT		 3182
3183 return 0;
3184}
3185
3186static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3187{
3188 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3189 u16 type, result;
3190
3191 type = __le16_to_cpu(rsp->type);
3192 result = __le16_to_cpu(rsp->result);
3193
3194 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3195
e90165be
AE		 3196 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3197 if (cmd->ident != conn->info_ident ||
3198 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3199 return 0;
3200
17cd3f37 3201 cancel_delayed_work(&conn->info_timer);
4e8402a3 3202
adb08ede
VT		 3203 if (result != L2CAP_IR_SUCCESS) {
3204 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3205 conn->info_ident = 0;
3206
3207 l2cap_conn_start(conn);
3208
3209 return 0;
3210 }
3211
984947dc 3212 if (type == L2CAP_IT_FEAT_MASK) {
83985319 3213 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3214
47ec1dcd 3215 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3216 struct l2cap_info_req req;
3217 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3218
3219 conn->info_ident = l2cap_get_ident(conn);
3220
3221 l2cap_send_cmd(conn, conn->info_ident,
3222 L2CAP_INFO_REQ, sizeof(req), &req);
3223 } else {
3224 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3225 conn->info_ident = 0;
3226
3227 l2cap_conn_start(conn);
3228 }
3229 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 3230 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3231 conn->info_ident = 0;
984947dc
MH		 3232
3233 l2cap_conn_start(conn);
3234 }
4e8402a3 3235
1da177e4
LT		 3236 return 0;
3237}
3238
f94ff6ff
MM		 3239static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3240 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3241 void *data)
3242{
3243 struct l2cap_create_chan_req *req = data;
3244 struct l2cap_create_chan_rsp rsp;
3245 u16 psm, scid;
3246
3247 if (cmd_len != sizeof(*req))
3248 return -EPROTO;
3249
3250 if (!enable_hs)
3251 return -EINVAL;
3252
3253 psm = le16_to_cpu(req->psm);
3254 scid = le16_to_cpu(req->scid);
3255
3256 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3257
3258 /* Placeholder: Always reject */
3259 rsp.dcid = 0;
3260 rsp.scid = cpu_to_le16(scid);
3261 rsp.result = L2CAP_CR_NO_MEM;
3262 rsp.status = L2CAP_CS_NO_INFO;
3263
3264 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3265 sizeof(rsp), &rsp);
3266
3267 return 0;
3268}
3269
3270static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3271 struct l2cap_cmd_hdr *cmd, void *data)
3272{
3273 BT_DBG("conn %p", conn);
3274
3275 return l2cap_connect_rsp(conn, cmd, data);
3276}
3277
8d5a04a1
MM		 3278static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3279 u16 icid, u16 result)
3280{
3281 struct l2cap_move_chan_rsp rsp;
3282
3283 BT_DBG("icid %d, result %d", icid, result);
3284
3285 rsp.icid = cpu_to_le16(icid);
3286 rsp.result = cpu_to_le16(result);
3287
3288 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3289}
3290
3291static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3292 struct l2cap_chan *chan, u16 icid, u16 result)
3293{
3294 struct l2cap_move_chan_cfm cfm;
3295 u8 ident;
3296
3297 BT_DBG("icid %d, result %d", icid, result);
3298
3299 ident = l2cap_get_ident(conn);
3300 if (chan)
3301 chan->ident = ident;
3302
3303 cfm.icid = cpu_to_le16(icid);
3304 cfm.result = cpu_to_le16(result);
3305
3306 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3307}
3308
3309static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3310 u16 icid)
3311{
3312 struct l2cap_move_chan_cfm_rsp rsp;
3313
3314 BT_DBG("icid %d", icid);
3315
3316 rsp.icid = cpu_to_le16(icid);
3317 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3318}
3319
3320static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3321 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3322{
3323 struct l2cap_move_chan_req *req = data;
3324 u16 icid = 0;
3325 u16 result = L2CAP_MR_NOT_ALLOWED;
3326
3327 if (cmd_len != sizeof(*req))
3328 return -EPROTO;
3329
3330 icid = le16_to_cpu(req->icid);
3331
3332 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3333
3334 if (!enable_hs)
3335 return -EINVAL;
3336
3337 /* Placeholder: Always refuse */
3338 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3339
3340 return 0;
3341}
3342
3343static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3344 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3345{
3346 struct l2cap_move_chan_rsp *rsp = data;
3347 u16 icid, result;
3348
3349 if (cmd_len != sizeof(*rsp))
3350 return -EPROTO;
3351
3352 icid = le16_to_cpu(rsp->icid);
3353 result = le16_to_cpu(rsp->result);
3354
3355 BT_DBG("icid %d, result %d", icid, result);
3356
3357 /* Placeholder: Always unconfirmed */
3358 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3359
3360 return 0;
3361}
3362
3363static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3364 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3365{
3366 struct l2cap_move_chan_cfm *cfm = data;
3367 u16 icid, result;
3368
3369 if (cmd_len != sizeof(*cfm))
3370 return -EPROTO;
3371
3372 icid = le16_to_cpu(cfm->icid);
3373 result = le16_to_cpu(cfm->result);
3374
3375 BT_DBG("icid %d, result %d", icid, result);
3376
3377 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3378
3379 return 0;
3380}
3381
3382static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3383 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3384{
3385 struct l2cap_move_chan_cfm_rsp *rsp = data;
3386 u16 icid;
3387
3388 if (cmd_len != sizeof(*rsp))
3389 return -EPROTO;
3390
3391 icid = le16_to_cpu(rsp->icid);
3392
3393 BT_DBG("icid %d", icid);
3394
3395 return 0;
3396}
3397
e2174ca4 3398static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3399 u16 to_multiplier)
3400{
3401 u16 max_latency;
3402
3403 if (min > max || min < 6 || max > 3200)
3404 return -EINVAL;
3405
3406 if (to_multiplier < 10 || to_multiplier > 3200)
3407 return -EINVAL;
3408
3409 if (max >= to_multiplier * 8)
3410 return -EINVAL;
3411
3412 max_latency = (to_multiplier * 8 / max) - 1;
3413 if (latency > 499 || latency > max_latency)
3414 return -EINVAL;
3415
3416 return 0;
3417}
3418
3419static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3420 struct l2cap_cmd_hdr *cmd, u8 *data)
3421{
3422 struct hci_conn *hcon = conn->hcon;
3423 struct l2cap_conn_param_update_req *req;
3424 struct l2cap_conn_param_update_rsp rsp;
3425 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3426 int err;
de73115a
CT		 3427
3428 if (!(hcon->link_mode & HCI_LM_MASTER))
3429 return -EINVAL;
3430
3431 cmd_len = __le16_to_cpu(cmd->len);
3432 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3433 return -EPROTO;
3434
3435 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3436 min = __le16_to_cpu(req->min);
3437 max = __le16_to_cpu(req->max);
de73115a
CT		 3438 latency = __le16_to_cpu(req->latency);
3439 to_multiplier = __le16_to_cpu(req->to_multiplier);
3440
3441 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3442 min, max, latency, to_multiplier);
3443
3444 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3445
3446 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3447 if (err)
de73115a
CT		 3448 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3449 else
3450 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3451
3452 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3453 sizeof(rsp), &rsp);
3454
2ce603eb
CT		 3455 if (!err)
3456 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3457
de73115a
CT		 3458 return 0;
3459}
3460
3300d9a9
CT		 3461static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3462 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3463{
3464 int err = 0;
3465
3466 switch (cmd->code) {
3467 case L2CAP_COMMAND_REJ:
3468 l2cap_command_rej(conn, cmd, data);
3469 break;
3470
3471 case L2CAP_CONN_REQ:
3472 err = l2cap_connect_req(conn, cmd, data);
3473 break;
3474
3475 case L2CAP_CONN_RSP:
3476 err = l2cap_connect_rsp(conn, cmd, data);
3477 break;
3478
3479 case L2CAP_CONF_REQ:
3480 err = l2cap_config_req(conn, cmd, cmd_len, data);
3481 break;
3482
3483 case L2CAP_CONF_RSP:
3484 err = l2cap_config_rsp(conn, cmd, data);
3485 break;
3486
3487 case L2CAP_DISCONN_REQ:
3488 err = l2cap_disconnect_req(conn, cmd, data);
3489 break;
3490
3491 case L2CAP_DISCONN_RSP:
3492 err = l2cap_disconnect_rsp(conn, cmd, data);
3493 break;
3494
3495 case L2CAP_ECHO_REQ:
3496 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3497 break;
3498
3499 case L2CAP_ECHO_RSP:
3500 break;
3501
3502 case L2CAP_INFO_REQ:
3503 err = l2cap_information_req(conn, cmd, data);
3504 break;
3505
3506 case L2CAP_INFO_RSP:
3507 err = l2cap_information_rsp(conn, cmd, data);
3508 break;
3509
f94ff6ff
MM		 3510 case L2CAP_CREATE_CHAN_REQ:
3511 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3512 break;
3513
3514 case L2CAP_CREATE_CHAN_RSP:
3515 err = l2cap_create_channel_rsp(conn, cmd, data);
3516 break;
3517
8d5a04a1
MM		 3518 case L2CAP_MOVE_CHAN_REQ:
3519 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3520 break;
3521
3522 case L2CAP_MOVE_CHAN_RSP:
3523 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3524 break;
3525
3526 case L2CAP_MOVE_CHAN_CFM:
3527 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3528 break;
3529
3530 case L2CAP_MOVE_CHAN_CFM_RSP:
3531 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3532 break;
3533
3300d9a9
CT		 3534 default:
3535 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3536 err = -EINVAL;
3537 break;
3538 }
3539
3540 return err;
3541}
3542
3543static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3544 struct l2cap_cmd_hdr *cmd, u8 *data)
3545{
3546 switch (cmd->code) {
3547 case L2CAP_COMMAND_REJ:
3548 return 0;
3549
3550 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3551 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3552
3553 case L2CAP_CONN_PARAM_UPDATE_RSP:
3554 return 0;
3555
3556 default:
3557 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3558 return -EINVAL;
3559 }
3560}
3561
3562static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3563 struct sk_buff *skb)
1da177e4
LT		 3564{
3565 u8 *data = skb->data;
3566 int len = skb->len;
3567 struct l2cap_cmd_hdr cmd;
3300d9a9 3568 int err;
1da177e4
LT		 3569
3570 l2cap_raw_recv(conn, skb);
3571
3572 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3573 u16 cmd_len;
1da177e4
LT		 3574 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3575 data += L2CAP_CMD_HDR_SIZE;
3576 len -= L2CAP_CMD_HDR_SIZE;
3577
88219a0f 3578 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3579
88219a0f 3580 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3581
88219a0f 3582 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3583 BT_DBG("corrupted command");
3584 break;
3585 }
3586
3300d9a9
CT		 3587 if (conn->hcon->type == LE_LINK)
3588 err = l2cap_le_sig_cmd(conn, &cmd, data);
3589 else
3590 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3591
3592 if (err) {
e2fd318e 3593 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3594
3595 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3596
3597 /* FIXME: Map err to a valid reason */
e2fd318e 3598 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3599 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3600 }
3601
88219a0f
AV		 3602 data += cmd_len;
3603 len -= cmd_len;
1da177e4
LT		 3604 }
3605
3606 kfree_skb(skb);
3607}
3608
47d1ec61 3609static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3610{
3611 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3612 int hdr_size;
3613
3614 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3615 hdr_size = L2CAP_EXT_HDR_SIZE;
3616 else
3617 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3618
47d1ec61 3619 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3620 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3621 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3622 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3623
3624 if (our_fcs != rcv_fcs)
7a560e5c 3625 return -EBADMSG;
fcc203c3
GP		 3626 }
3627 return 0;
3628}
3629
525cd185 3630static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3631{
88843ab0 3632 u32 control = 0;
d5392c8f 3633
6a026610 3634 chan->frames_sent = 0;
d5392c8f 3635
0b209fae 3636 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3637
e2ab4353 3638 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3639 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3640 l2cap_send_sframe(chan, control);
e2ab4353 3641 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3642 }
3643
e2ab4353 3644 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3645 l2cap_retransmit_frames(chan);
d5392c8f 3646
525cd185 3647 l2cap_ertm_send(chan);
d5392c8f 3648
e2ab4353 3649 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3650 chan->frames_sent == 0) {
ab784b73 3651 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3652 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3653 }
3654}
3655
fb45de7d 3656static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3657{
3658 struct sk_buff *next_skb;
bfbacc11 3659 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3660
3661 bt_cb(skb)->tx_seq = tx_seq;
3662 bt_cb(skb)->sar = sar;
3663
f1c6775b 3664 next_skb = skb_peek(&chan->srej_q);
8f17154f 3665
836be934 3666 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3667
039d9572 3668 while (next_skb) {
9b53350d
JPRV		 3669 if (bt_cb(next_skb)->tx_seq == tx_seq)
3670 return -EINVAL;
3671
836be934
AE		 3672 next_tx_seq_offset = __seq_offset(chan,
3673 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3674
3675 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3676 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3677 return 0;
8f17154f
GP		 3678 }
3679
f1c6775b 3680 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3681 next_skb = NULL;
3682 else
3683 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3684 }
8f17154f 3685
f1c6775b 3686 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3687
3688 return 0;
8f17154f
GP		 3689}
3690
84084a31
MM		 3691static void append_skb_frag(struct sk_buff *skb,
3692 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3693{
84084a31
MM		 3694 /* skb->len reflects data in skb as well as all fragments
3695 * skb->data_len reflects only data in fragments
3696 */
3697 if (!skb_has_frag_list(skb))
3698 skb_shinfo(skb)->frag_list = new_frag;
3699
3700 new_frag->next = NULL;
3701
3702 (*last_frag)->next = new_frag;
3703 *last_frag = new_frag;
3704
3705 skb->len += new_frag->len;
3706 skb->data_len += new_frag->len;
3707 skb->truesize += new_frag->truesize;
3708}
3709
88843ab0 3710static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3711{
3712 int err = -EINVAL;
18778a63 3713
7e0ef6ee
AE		 3714 switch (__get_ctrl_sar(chan, control)) {
3715 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3716 if (chan->sdu)
3717 break;
18778a63 3718
84084a31
MM		 3719 err = chan->ops->recv(chan->data, skb);
3720 break;
18778a63 3721
7e0ef6ee 3722 case L2CAP_SAR_START:
84084a31
MM		 3723 if (chan->sdu)
3724 break;
18778a63 3725
6f61fd47 3726 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3727 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3728
84084a31
MM		 3729 if (chan->sdu_len > chan->imtu) {
3730 err = -EMSGSIZE;
3731 break;
3732 }
1890d36b 3733
84084a31
MM		 3734 if (skb->len >= chan->sdu_len)
3735 break;
18778a63 3736
84084a31
MM		 3737 chan->sdu = skb;
3738 chan->sdu_last_frag = skb;
18778a63 3739
84084a31
MM		 3740 skb = NULL;
3741 err = 0;
18778a63
GP		 3742 break;
3743
7e0ef6ee 3744 case L2CAP_SAR_CONTINUE:
6f61fd47 3745 if (!chan->sdu)
84084a31 3746 break;
18778a63 3747
84084a31
MM		 3748 append_skb_frag(chan->sdu, skb,
3749 &chan->sdu_last_frag);
3750 skb = NULL;
18778a63 3751
84084a31
MM		 3752 if (chan->sdu->len >= chan->sdu_len)
3753 break;
4178ba46 3754
84084a31 3755 err = 0;
18778a63
GP		 3756 break;
3757
7e0ef6ee 3758 case L2CAP_SAR_END:
6f61fd47 3759 if (!chan->sdu)
84084a31 3760 break;
18778a63 3761
84084a31
MM		 3762 append_skb_frag(chan->sdu, skb,
3763 &chan->sdu_last_frag);
3764 skb = NULL;
4178ba46 3765
84084a31
MM		 3766 if (chan->sdu->len != chan->sdu_len)
3767 break;
18778a63 3768
84084a31 3769 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3770
84084a31
MM		 3771 if (!err) {
3772 /* Reassembly complete */
3773 chan->sdu = NULL;
3774 chan->sdu_last_frag = NULL;
3775 chan->sdu_len = 0;
1890d36b 3776 }
18778a63
GP		 3777 break;
3778 }
3779
84084a31
MM		 3780 if (err) {
3781 kfree_skb(skb);
3782 kfree_skb(chan->sdu);
3783 chan->sdu = NULL;
3784 chan->sdu_last_frag = NULL;
3785 chan->sdu_len = 0;
3786 }
18778a63 3787
84084a31 3788 return err;
18778a63
GP		 3789}
3790
26f880d2 3791static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3792{
26f880d2 3793 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3794
26f880d2
MM		 3795 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3796
77f918bc 3797 __set_ack_timer(chan);
26f880d2
MM		 3798}
3799
3800static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3801{
88843ab0 3802 u32 control;
712132eb 3803
e2ab4353 3804 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3805 goto done;
3806
0b209fae 3807 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3808 control |= __set_ctrl_poll(chan);
ab784b73 3809 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3810 l2cap_send_sframe(chan, control);
6a026610 3811 chan->retry_count = 1;
712132eb 3812
1a09bcb9
GP		 3813 __clear_retrans_timer(chan);
3814 __set_monitor_timer(chan);
712132eb 3815
e2ab4353 3816 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3817
3818done:
e2ab4353
GP		 3819 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3820 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3821
49208c9c 3822 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3823}
3824
e328140f 3825void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3826{
e328140f
MM		 3827 if (chan->mode == L2CAP_MODE_ERTM) {
3828 if (busy)
3829 l2cap_ertm_enter_local_busy(chan);
3830 else
3831 l2cap_ertm_exit_local_busy(chan);
1890d36b 3832 }
1890d36b
GP		 3833}
3834
fb45de7d 3835static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3836{
3837 struct sk_buff *skb;
88843ab0 3838 u32 control;
8f17154f 3839
e328140f
MM		 3840 while ((skb = skb_peek(&chan->srej_q)) &&
3841 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3842 int err;
3843
8f17154f
GP		 3844 if (bt_cb(skb)->tx_seq != tx_seq)
3845 break;
3846
f1c6775b 3847 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3848 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3849 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3850
3851 if (err < 0) {
3852 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3853 break;
3854 }
3855
836be934
AE		 3856 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3857 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3858 }
3859}
3860
fb45de7d 3861static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3862{
8f17154f 3863 struct srej_list *l, *tmp;
88843ab0 3864 u32 control;
8f17154f 3865
39d5a3ee 3866 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3867 if (l->tx_seq == tx_seq) {
3868 list_del(&l->list);
3869 kfree(l);
3870 return;
3871 }
ab784b73 3872 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3873 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3874 l2cap_send_sframe(chan, control);
8f17154f 3875 list_del(&l->list);
39d5a3ee 3876 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3877 }
3878}
3879
aef89f21 3880static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3881{
8f17154f 3882 struct srej_list *new;
88843ab0 3883 u32 control;
8f17154f 3884
42e5c802 3885 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3886 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3887 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3888 l2cap_send_sframe(chan, control);
8f17154f
GP		 3889
3890 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3891 if (!new)
3892 return -ENOMEM;
3893
42e5c802 3894 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3895
3896 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3897
39d5a3ee 3898 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3899 }
836be934
AE		 3900
3901 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3902
3903 return 0;
8f17154f
GP		 3904}
3905
88843ab0 3906static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3907{
fb45de7d 3908 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3909 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3910 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3911 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3912 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3913 int err = 0;
3914
88843ab0 3915 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3916 tx_seq, rx_control);
1c2acffb 3917
03f6715d 3918 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3919 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3920 __clear_monitor_timer(chan);
6a026610 3921 if (chan->unacked_frames > 0)
1a09bcb9 3922 __set_retrans_timer(chan);
e2ab4353 3923 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3924 }
3925
42e5c802
GP		 3926 chan->expected_ack_seq = req_seq;
3927 l2cap_drop_acked_frames(chan);
9f121a5a 3928
836be934 3929 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3930
3931 /* invalid tx_seq */
47d1ec61 3932 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3933 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3934 goto drop;
3935 }
3936
77f918bc
SJ		 3937 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3938 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3939 l2cap_send_ack(chan);
1890d36b 3940 goto drop;
77f918bc 3941 }
1890d36b 3942
02f1b641
MM		 3943 if (tx_seq == chan->expected_tx_seq)
3944 goto expected;
3945
e2ab4353 3946 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3947 struct srej_list *first;
30afb5b2 3948
39d5a3ee 3949 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3950 struct srej_list, list);
3951 if (tx_seq == first->tx_seq) {
42e5c802 3952 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3953 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3954
3955 list_del(&first->list);
3956 kfree(first);
3957
39d5a3ee 3958 if (list_empty(&chan->srej_l)) {
42e5c802 3959 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3960 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3961 l2cap_send_ack(chan);
49208c9c 3962 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3963 }
3964 } else {
3965 struct srej_list *l;
9b53350d
JPRV		 3966
3967 /* duplicated tx_seq */
42e5c802 3968 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3969 goto drop;
8f17154f 3970
39d5a3ee 3971 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3972 if (l->tx_seq == tx_seq) {
525cd185 3973 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3974 return 0;
3975 }
3976 }
aef89f21
SJ		 3977
3978 err = l2cap_send_srejframe(chan, tx_seq);
3979 if (err < 0) {
3980 l2cap_send_disconn_req(chan->conn, chan, -err);
3981 return err;
3982 }
30afb5b2
GP		 3983 }
3984 } else {
836be934
AE		 3985 expected_tx_seq_offset = __seq_offset(chan,
3986 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3987
3988 /* duplicated tx_seq */
3989 if (tx_seq_offset < expected_tx_seq_offset)
3990 goto drop;
3991
e2ab4353 3992 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3993
49208c9c 3994 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3995
39d5a3ee 3996 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3997 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3998
f1c6775b 3999 __skb_queue_head_init(&chan->srej_q);
42e5c802 4000 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4001
0ef3ef0f
SJ		 4002 /* Set P-bit only if there are some I-frames to ack. */
4003 if (__clear_ack_timer(chan))
4004 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4005
aef89f21
SJ		 4006 err = l2cap_send_srejframe(chan, tx_seq);
4007 if (err < 0) {
4008 l2cap_send_disconn_req(chan->conn, chan, -err);
4009 return err;
4010 }
1c2acffb 4011 }
30afb5b2
GP		 4012 return 0;
4013
8f17154f 4014expected:
836be934 4015 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4016
e2ab4353 4017 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4018 bt_cb(skb)->tx_seq = tx_seq;
4019 bt_cb(skb)->sar = sar;
f1c6775b 4020 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4021 return 0;
4022 }
4023
84084a31 4024 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4025 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4026
e328140f
MM		 4027 if (err < 0) {
4028 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4029 return err;
4030 }
2ece3684 4031
03f6715d 4032 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4033 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4034 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4035 }
4036
c1b4f43b 4037
6a026610
GP		 4038 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4039 if (chan->num_acked == num_to_ack - 1)
525cd185 4040 l2cap_send_ack(chan);
4d611e4d
GP		 4041 else
4042 __set_ack_timer(chan);
9e917af1 4043
8f17154f 4044 return 0;
9b53350d
JPRV		 4045
4046drop:
4047 kfree_skb(skb);
4048 return 0;
1c2acffb
GP		 4049}
4050
88843ab0 4051static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4052{
88843ab0 4053 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4054 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4055
0b209fae 4056 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4057 l2cap_drop_acked_frames(chan);
1c2acffb 4058
e3781735 4059 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4060 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4061 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4062 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4063 (chan->unacked_frames > 0))
1a09bcb9 4064 __set_retrans_timer(chan);
05fbd89d 4065
e2ab4353 4066 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4067 l2cap_send_srejtail(chan);
05fbd89d 4068 } else {
525cd185 4069 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4070 }
1d8f5d16 4071
03f6715d 4072 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4073 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4074
e2ab4353 4075 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4076 l2cap_retransmit_frames(chan);
2246b2f1 4077
e072745f 4078 } else {
e2ab4353 4079 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4080 (chan->unacked_frames > 0))
1a09bcb9 4081 __set_retrans_timer(chan);
1c2acffb 4082
e2ab4353
GP		 4083 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4084 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4085 l2cap_send_ack(chan);
894718a6 4086 else
525cd185 4087 l2cap_ertm_send(chan);
e072745f
GP		 4088 }
4089}
2246b2f1 4090
88843ab0 4091static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4092{
0b209fae 4093 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4094
88843ab0 4095 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4096
e2ab4353 4097 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4098
42e5c802
GP		 4099 chan->expected_ack_seq = tx_seq;
4100 l2cap_drop_acked_frames(chan);
e072745f 4101
03f6715d 4102 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4103 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4104 l2cap_retransmit_frames(chan);
e072745f 4105 } else {
525cd185 4106 l2cap_retransmit_frames(chan);
30afb5b2 4107
e2ab4353
GP		 4108 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4109 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4110 }
4111}
88843ab0 4112static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4113{
0b209fae 4114 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4115
88843ab0 4116 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4117
e2ab4353 4118 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4119
e3781735 4120 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4121 chan->expected_ack_seq = tx_seq;
4122 l2cap_drop_acked_frames(chan);
3cb123d1 4123
e2ab4353 4124 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4125 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4126
525cd185 4127 l2cap_ertm_send(chan);
dfc909be 4128
e2ab4353 4129 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4130 chan->srej_save_reqseq = tx_seq;
e2ab4353 4131 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4132 }
03f6715d 4133 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4134 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4135 chan->srej_save_reqseq == tx_seq)
e2ab4353 4136 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4137 else
525cd185 4138 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4139 } else {
525cd185 4140 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4141 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4142 chan->srej_save_reqseq = tx_seq;
e2ab4353 4143 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4144 }
e072745f
GP		 4145 }
4146}
4147
88843ab0 4148static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4149{
0b209fae 4150 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4151
88843ab0 4152 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4153
e2ab4353 4154 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4155 chan->expected_ack_seq = tx_seq;
4156 l2cap_drop_acked_frames(chan);
e072745f 4157
e3781735 4158 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4159 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4160
e2ab4353 4161 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4162 __clear_retrans_timer(chan);
e3781735 4163 if (__is_ctrl_poll(chan, rx_control))
525cd185 4164 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4165 return;
e072745f 4166 }
99b0d4b7 4167
e3781735 4168 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4169 l2cap_send_srejtail(chan);
ab784b73
AE		 4170 } else {
4171 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4172 l2cap_send_sframe(chan, rx_control);
4173 }
e072745f
GP		 4174}
4175
88843ab0 4176static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4177{
88843ab0 4178 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4179
03f6715d 4180 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4181 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4182 __clear_monitor_timer(chan);
6a026610 4183 if (chan->unacked_frames > 0)
1a09bcb9 4184 __set_retrans_timer(chan);
e2ab4353 4185 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4186 }
4187
ab784b73
AE		 4188 switch (__get_ctrl_super(chan, rx_control)) {
4189 case L2CAP_SUPER_RR:
525cd185 4190 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4191 break;
4192
ab784b73 4193 case L2CAP_SUPER_REJ:
525cd185 4194 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4195 break;
2246b2f1 4196
ab784b73 4197 case L2CAP_SUPER_SREJ:
525cd185 4198 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4199 break;
4200
ab784b73 4201 case L2CAP_SUPER_RNR:
525cd185 4202 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4203 break;
4204 }
4205
faaebd19 4206 kfree_skb(skb);
1c2acffb
GP		 4207 return 0;
4208}
4209
cad8f1d0 4210static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4211{
88843ab0 4212 u32 control;
0b209fae 4213 u16 req_seq;
218bb9df
GP		 4214 int len, next_tx_seq_offset, req_seq_offset;
4215
88843ab0
AE		 4216 control = __get_control(chan, skb->data);
4217 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4218 len = skb->len;
4219
4220 /*
4221 * We can just drop the corrupted I-frame here.
4222 * Receiver will miss it and start proper recovery
4223 * procedures and ask retransmission.
4224 */
47d1ec61 4225 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4226 goto drop;
4227
793c2f1c 4228 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4229 len -= L2CAP_SDULEN_SIZE;
218bb9df 4230
47d1ec61 4231 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4232 len -= L2CAP_FCS_SIZE;
218bb9df 4233
47d1ec61 4234 if (len > chan->mps) {
8c1d787b 4235 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4236 goto drop;
4237 }
4238
0b209fae 4239 req_seq = __get_reqseq(chan, control);
218bb9df 4240
836be934
AE		 4241 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4242
4243 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4244 chan->expected_ack_seq);
218bb9df
GP		 4245
4246 /* check for invalid req-seq */
4247 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4248 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4249 goto drop;
4250 }
4251
793c2f1c 4252 if (!__is_sframe(chan, control)) {
218bb9df 4253 if (len < 0) {
8c1d787b 4254 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4255 goto drop;
4256 }
4257
525cd185 4258 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4259 } else {
4260 if (len != 0) {
4261 BT_ERR("%d", len);
8c1d787b 4262 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4263 goto drop;
4264 }
4265
525cd185 4266 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4267 }
4268
4269 return 0;
4270
4271drop:
4272 kfree_skb(skb);
4273 return 0;
4274}
4275
1da177e4
LT		 4276static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4277{
48454079 4278 struct l2cap_chan *chan;
88843ab0 4279 u32 control;
fb45de7d 4280 u16 tx_seq;
218bb9df 4281 int len;
1da177e4 4282
baa7e1fa 4283 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4284 if (!chan) {
1da177e4 4285 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555
AE		 4286 /* Drop packet and return */
4287 kfree(skb);
4288 return 0;
1da177e4
LT		 4289 }
4290
6be36555 4291 l2cap_chan_lock(chan);
6840ed07 4292
49208c9c 4293 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4294
89bc500e 4295 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4296 goto drop;
4297
0c1bc5c6 4298 switch (chan->mode) {
1c2acffb
GP		 4299 case L2CAP_MODE_BASIC:
4300 /* If socket recv buffers overflows we drop data here
4301 * which is *bad* because L2CAP has to be reliable.
4302 * But we don't have any other choice. L2CAP doesn't
4303 * provide flow control mechanism. */
1da177e4 4304
0c1bc5c6 4305 if (chan->imtu < skb->len)
1c2acffb 4306 goto drop;
1da177e4 4307
23070494 4308 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4309 goto done;
4310 break;
4311
4312 case L2CAP_MODE_ERTM:
5ef8cb9e 4313 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4314
fcafde2e 4315 goto done;
1c2acffb 4316
6840ed07 4317 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4318 control = __get_control(chan, skb->data);
4319 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4320 len = skb->len;
4321
47d1ec61 4322 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4323 goto drop;
4324
7e0ef6ee 4325 if (__is_sar_start(chan, control))
03a51213 4326 len -= L2CAP_SDULEN_SIZE;
6840ed07 4327
47d1ec61 4328 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4329 len -= L2CAP_FCS_SIZE;
fcc203c3 4330
793c2f1c 4331 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4332 goto drop;
4333
fb45de7d 4334 tx_seq = __get_txseq(chan, control);
6840ed07 4335
84084a31
MM		 4336 if (chan->expected_tx_seq != tx_seq) {
4337 /* Frame(s) missing - must discard partial SDU */
4338 kfree_skb(chan->sdu);
4339 chan->sdu = NULL;
4340 chan->sdu_last_frag = NULL;
4341 chan->sdu_len = 0;
6840ed07 4342
84084a31
MM		 4343 /* TODO: Notify userland of missing data */
4344 }
4345
836be934 4346 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4347
4348 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4349 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4350
4351 goto done;
4352
1c2acffb 4353 default:
0c1bc5c6 4354 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4355 break;
4356 }
1da177e4
LT		 4357
4358drop:
4359 kfree_skb(skb);
4360
4361done:
6be36555 4362 l2cap_chan_unlock(chan);
0139418c 4363
1da177e4
LT		 4364 return 0;
4365}
4366
8e036fc3 4367static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4368{
23691d75 4369 struct l2cap_chan *chan;
1da177e4 4370
23691d75
GP		 4371 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4372 if (!chan)
1da177e4
LT		 4373 goto drop;
4374
5b4cedaa 4375 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4376
89bc500e 4377 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4378 goto drop;
4379
e13e21dc 4380 if (chan->imtu < skb->len)
1da177e4
LT		 4381 goto drop;
4382
23070494 4383 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4384 return 0;
1da177e4
LT		 4385
4386drop:
4387 kfree_skb(skb);
4388
1da177e4
LT		 4389 return 0;
4390}
4391
9f69bda6
GP		 4392static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4393{
23691d75 4394 struct l2cap_chan *chan;
9f69bda6 4395
23691d75
GP		 4396 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4397 if (!chan)
9f69bda6
GP		 4398 goto drop;
4399
5b4cedaa 4400 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 4401
89bc500e 4402 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4403 goto drop;
4404
e13e21dc 4405 if (chan->imtu < skb->len)
9f69bda6
GP		 4406 goto drop;
4407
23070494 4408 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4409 return 0;
9f69bda6
GP		 4410
4411drop:
4412 kfree_skb(skb);
4413
9f69bda6
GP		 4414 return 0;
4415}
4416
1da177e4
LT		 4417static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4418{
4419 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4420 u16 cid, len;
4421 __le16 psm;
1da177e4
LT		 4422
4423 skb_pull(skb, L2CAP_HDR_SIZE);
4424 cid = __le16_to_cpu(lh->cid);
4425 len = __le16_to_cpu(lh->len);
4426
1c2acffb
GP		 4427 if (len != skb->len) {
4428 kfree_skb(skb);
4429 return;
4430 }
4431
1da177e4
LT		 4432 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4433
4434 switch (cid) {
3300d9a9 4435 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4436 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4437 l2cap_sig_channel(conn, skb);
4438 break;
4439
8db4dc46 4440 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4441 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4442 skb_pull(skb, 2);
4443 l2cap_conless_channel(conn, psm, skb);
4444 break;
4445
9f69bda6
GP		 4446 case L2CAP_CID_LE_DATA:
4447 l2cap_att_channel(conn, cid, skb);
4448 break;
4449
b501d6a1
AB		 4450 case L2CAP_CID_SMP:
4451 if (smp_sig_channel(conn, skb))
4452 l2cap_conn_del(conn->hcon, EACCES);
4453 break;
4454
1da177e4
LT		 4455 default:
4456 l2cap_data_channel(conn, cid, skb);
4457 break;
4458 }
4459}
4460
4461/* ---- L2CAP interface with lower layer (HCI) ---- */
4462
686ebf28 4463int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4464{
4465 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4466 struct l2cap_chan *c;
1da177e4 4467
1da177e4
LT		 4468 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4469
4470 /* Find listening sockets and check their link_mode */
23691d75
GP		 4471 read_lock(&chan_list_lock);
4472 list_for_each_entry(c, &chan_list, global_l) {
4473 struct sock *sk = c->sk;
4343478f 4474
89bc500e 4475 if (c->state != BT_LISTEN)
1da177e4
LT		 4476 continue;
4477
4478 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4479 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4480 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4481 lm1 |= HCI_LM_MASTER;
1da177e4 4482 exact++;
2af6b9d5
MH		 4483 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4484 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4485 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4486 lm2 |= HCI_LM_MASTER;
4487 }
1da177e4 4488 }
23691d75 4489 read_unlock(&chan_list_lock);
1da177e4
LT		 4490
4491 return exact ? lm1 : lm2;
4492}
4493
686ebf28 4494int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4495{
0139418c
MH		 4496 struct l2cap_conn *conn;
4497
1da177e4
LT		 4498 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4499
1da177e4 4500 if (!status) {
1da177e4
LT		 4501 conn = l2cap_conn_add(hcon, status);
4502 if (conn)
4503 l2cap_conn_ready(conn);
0139418c 4504 } else
e175072f 4505 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4506
4507 return 0;
4508}
4509
686ebf28 4510int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4511{
4512 struct l2cap_conn *conn = hcon->l2cap_data;
4513
4514 BT_DBG("hcon %p", hcon);
4515
686ebf28 4516 if (!conn)
9f5a0d7b 4517 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4518 return conn->disc_reason;
4519}
4520
686ebf28 4521int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4522{
4523 BT_DBG("hcon %p reason %d", hcon, reason);
4524
e175072f 4525 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4526 return 0;
4527}
4528
4343478f 4529static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4530{
715ec005 4531 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4532 return;
4533
f62e4323 4534 if (encrypt == 0x00) {
4343478f 4535 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675 4536 __clear_chan_timer(chan);
b83ddfe2
AK		 4537 __set_chan_timer(chan,
4538 msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
4343478f 4539 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4540 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4541 } else {
4343478f 4542 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4543 __clear_chan_timer(chan);
f62e4323
MH		 4544 }
4545}
4546
686ebf28 4547int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4548{
0139418c 4549 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4550 struct l2cap_chan *chan;
1da177e4 4551
0139418c 4552 if (!conn)
1da177e4 4553 return 0;
0139418c 4554
1da177e4
LT		 4555 BT_DBG("conn %p", conn);
4556
160dc6ac
VCG		 4557 if (hcon->type == LE_LINK) {
4558 smp_distribute_keys(conn, 0);
17cd3f37 4559 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4560 }
4561
3df91ea2 4562 mutex_lock(&conn->chan_lock);
1da177e4 4563
3df91ea2 4564 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4565 l2cap_chan_lock(chan);
1da177e4 4566
f1cb9af5
VCG		 4567 BT_DBG("chan->scid %d", chan->scid);
4568
4569 if (chan->scid == L2CAP_CID_LE_DATA) {
4570 if (!status && encrypt) {
4571 chan->sec_level = hcon->sec_level;
cf4cd009 4572 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4573 }
4574
6be36555 4575 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4576 continue;
4577 }
4578
c1360a1c 4579 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4580 l2cap_chan_unlock(chan);
6a8d3010
MH		 4581 continue;
4582 }
4583
89bc500e
GP		 4584 if (!status && (chan->state == BT_CONNECTED ||
4585 chan->state == BT_CONFIG)) {
4343478f 4586 l2cap_check_encryption(chan, encrypt);
6be36555 4587 l2cap_chan_unlock(chan);
9719f8af
MH		 4588 continue;
4589 }
4590
89bc500e 4591 if (chan->state == BT_CONNECT) {
b1235d79 4592 if (!status) {
9b27f350 4593 l2cap_send_conn_req(chan);
b1235d79 4594 } else {
c9b66675 4595 __clear_chan_timer(chan);
b83ddfe2
AK		 4596 __set_chan_timer(chan,
4597 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
b1235d79 4598 }
89bc500e 4599 } else if (chan->state == BT_CONNECT2) {
6be36555 4600 struct sock *sk = chan->sk;
b1235d79 4601 struct l2cap_conn_rsp rsp;
df3c3931 4602 __u16 res, stat;
1da177e4 4603
6be36555
AE		 4604 lock_sock(sk);
4605
b1235d79 4606 if (!status) {
df3c3931
JH		 4607 if (bt_sk(sk)->defer_setup) {
4608 struct sock *parent = bt_sk(sk)->parent;
4609 res = L2CAP_CR_PEND;
4610 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4611 if (parent)
4612 parent->sk_data_ready(parent, 0);
df3c3931 4613 } else {
0e587be7 4614 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4615 res = L2CAP_CR_SUCCESS;
4616 stat = L2CAP_CS_NO_INFO;
4617 }
b1235d79 4618 } else {
0e587be7 4619 __l2cap_state_change(chan, BT_DISCONN);
b83ddfe2
AK		 4620 __set_chan_timer(chan,
4621 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
df3c3931
JH		 4622 res = L2CAP_CR_SEC_BLOCK;
4623 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4624 }
4625
6be36555
AE		 4626 release_sock(sk);
4627
fe4128e0
GP		 4628 rsp.scid = cpu_to_le16(chan->dcid);
4629 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4630 rsp.result = cpu_to_le16(res);
4631 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4632 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4633 sizeof(rsp), &rsp);
b1235d79 4634 }
1da177e4 4635
6be36555 4636 l2cap_chan_unlock(chan);
1da177e4
LT		 4637 }
4638
3df91ea2 4639 mutex_unlock(&conn->chan_lock);
b1235d79 4640
1da177e4
LT		 4641 return 0;
4642}
4643
686ebf28 4644int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4645{
4646 struct l2cap_conn *conn = hcon->l2cap_data;
4647
5a08ecce
AE		 4648 if (!conn)
4649 conn = l2cap_conn_add(hcon, 0);
4650
4651 if (!conn)
1da177e4
LT		 4652 goto drop;
4653
4654 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4655
e702112f 4656 if (!(flags & ACL_CONT)) {
1da177e4 4657 struct l2cap_hdr *hdr;
48454079 4658 struct l2cap_chan *chan;
89794813 4659 u16 cid;
1da177e4
LT		 4660 int len;
4661
4662 if (conn->rx_len) {
4663 BT_ERR("Unexpected start frame (len %d)", skb->len);
4664 kfree_skb(conn->rx_skb);
4665 conn->rx_skb = NULL;
4666 conn->rx_len = 0;
4667 l2cap_conn_unreliable(conn, ECOMM);
4668 }
4669
aae7fe22
AE		 4670 /* Start fragment always begin with Basic L2CAP header */
4671 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4672 BT_ERR("Frame is too short (len %d)", skb->len);
4673 l2cap_conn_unreliable(conn, ECOMM);
4674 goto drop;
4675 }
4676
4677 hdr = (struct l2cap_hdr *) skb->data;
4678 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4679 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4680
4681 if (len == skb->len) {
4682 /* Complete frame received */
4683 l2cap_recv_frame(conn, skb);
4684 return 0;
4685 }
4686
4687 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4688
4689 if (skb->len > len) {
4690 BT_ERR("Frame is too long (len %d, expected len %d)",
4691 skb->len, len);
4692 l2cap_conn_unreliable(conn, ECOMM);
4693 goto drop;
4694 }
4695
baa7e1fa 4696 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4697
48454079
GP		 4698 if (chan && chan->sk) {
4699 struct sock *sk = chan->sk;
3df91ea2 4700 lock_sock(sk);
89794813 4701
0c1bc5c6 4702 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4703 BT_ERR("Frame exceeding recv MTU (len %d, "
4704 "MTU %d)", len,
0c1bc5c6 4705 chan->imtu);
aa2ac881 4706 release_sock(sk);
48454079
GP		 4707 l2cap_conn_unreliable(conn, ECOMM);
4708 goto drop;
4709 }
aa2ac881 4710 release_sock(sk);
48454079 4711 }
89794813 4712
1da177e4 4713 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4714 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4715 if (!conn->rx_skb)
1da177e4
LT		 4716 goto drop;
4717
d626f62b 4718 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4719 skb->len);
1da177e4
LT		 4720 conn->rx_len = len - skb->len;
4721 } else {
4722 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4723
4724 if (!conn->rx_len) {
4725 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4726 l2cap_conn_unreliable(conn, ECOMM);
4727 goto drop;
4728 }
4729
4730 if (skb->len > conn->rx_len) {
4731 BT_ERR("Fragment is too long (len %d, expected %d)",
4732 skb->len, conn->rx_len);
4733 kfree_skb(conn->rx_skb);
4734 conn->rx_skb = NULL;
4735 conn->rx_len = 0;
4736 l2cap_conn_unreliable(conn, ECOMM);
4737 goto drop;
4738 }
4739
d626f62b 4740 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4741 skb->len);
1da177e4
LT		 4742 conn->rx_len -= skb->len;
4743
4744 if (!conn->rx_len) {
4745 /* Complete frame received */
4746 l2cap_recv_frame(conn, conn->rx_skb);
4747 conn->rx_skb = NULL;
4748 }
4749 }
4750
4751drop:
4752 kfree_skb(skb);
4753 return 0;
4754}
4755
aef7d97c 4756static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4757{
23691d75 4758 struct l2cap_chan *c;
1da177e4 4759
333055f2 4760 read_lock(&chan_list_lock);
1da177e4 4761
23691d75
GP		 4762 list_for_each_entry(c, &chan_list, global_l) {
4763 struct sock *sk = c->sk;
101545f6 4764
903d343e 4765 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4766 batostr(&bt_sk(sk)->src),
4767 batostr(&bt_sk(sk)->dst),
89bc500e 4768 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4769 c->scid, c->dcid, c->imtu, c->omtu,
4770 c->sec_level, c->mode);
61e1b4b7 4771 }
1da177e4 4772
333055f2 4773 read_unlock(&chan_list_lock);
1da177e4 4774
aef7d97c 4775 return 0;
1da177e4
LT		 4776}
4777
aef7d97c
MH		 4778static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4779{
4780 return single_open(file, l2cap_debugfs_show, inode->i_private);
4781}
4782
4783static const struct file_operations l2cap_debugfs_fops = {
4784 .open = l2cap_debugfs_open,
4785 .read = seq_read,
4786 .llseek = seq_lseek,
4787 .release = single_release,
4788};
4789
4790static struct dentry *l2cap_debugfs;
1da177e4 4791
64274518 4792int __init l2cap_init(void)
1da177e4
LT		 4793{
4794 int err;
be9d1227 4795
bb58f747 4796 err = l2cap_init_sockets();
1da177e4
LT		 4797 if (err < 0)
4798 return err;
4799
aef7d97c
MH		 4800 if (bt_debugfs) {
4801 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4802 bt_debugfs, NULL, &l2cap_debugfs_fops);
4803 if (!l2cap_debugfs)
4804 BT_ERR("Failed to create L2CAP debug file");
4805 }
1da177e4 4806
1da177e4 4807 return 0;
1da177e4
LT		 4808}
4809
64274518 4810void l2cap_exit(void)
1da177e4 4811{
aef7d97c 4812 debugfs_remove(l2cap_debugfs);
bb58f747 4813 l2cap_cleanup_sockets();
1da177e4
LT		 4814}
4815
d1c4a17d
GP		 4816module_param(disable_ertm, bool, 0644);
4817MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
Linux 6.x block layer and io_uring tree(s)