]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/l2cap_core.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Add legacy pairing info to dev_found events
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
52#include <asm/system.h>
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
eb939922 60bool disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
0139418c 76/* ---- L2CAP channels ---- */
71ba0e56 77
baa7e1fa 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 79{
3df91ea2 80 struct l2cap_chan *c;
3d57dc68 81
3df91ea2
AE		 82 list_for_each_entry(c, &conn->chan_l, list) {
83 if (c->dcid == cid)
84 return c;
0139418c 85 }
3df91ea2 86 return NULL;
0139418c
MH		 87}
88
baa7e1fa 89static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 90{
3df91ea2 91 struct l2cap_chan *c;
3d57dc68 92
3df91ea2
AE		 93 list_for_each_entry(c, &conn->chan_l, list) {
94 if (c->scid == cid)
95 return c;
0139418c 96 }
3df91ea2 97 return NULL;
0139418c
MH		 98}
99
100/* Find channel with given SCID.
101 * Returns locked socket */
baa7e1fa 102static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 103{
48454079 104 struct l2cap_chan *c;
baa7e1fa 105
3df91ea2 106 mutex_lock(&conn->chan_lock);
baa7e1fa 107 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 108 mutex_unlock(&conn->chan_lock);
109
48454079 110 return c;
0139418c
MH		 111}
112
baa7e1fa 113static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 114{
3df91ea2 115 struct l2cap_chan *c;
3d57dc68 116
3df91ea2
AE		 117 list_for_each_entry(c, &conn->chan_l, list) {
118 if (c->ident == ident)
119 return c;
0139418c 120 }
3df91ea2 121 return NULL;
0139418c
MH		 122}
123
baa7e1fa 124static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 125{
48454079 126 struct l2cap_chan *c;
baa7e1fa 127
3df91ea2 128 mutex_lock(&conn->chan_lock);
baa7e1fa 129 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 130 mutex_unlock(&conn->chan_lock);
131
48454079 132 return c;
0139418c
MH		 133}
134
23691d75 135static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 136{
23691d75 137 struct l2cap_chan *c;
9e4425ff 138
23691d75
GP		 139 list_for_each_entry(c, &chan_list, global_l) {
140 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 141 return c;
9e4425ff 142 }
250938cb 143 return NULL;
9e4425ff
GP		 144}
145
146int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
147{
73b2ec18
GP		 148 int err;
149
333055f2 150 write_lock(&chan_list_lock);
9e4425ff 151
23691d75 152 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 153 err = -EADDRINUSE;
154 goto done;
9e4425ff
GP		 155 }
156
73b2ec18
GP		 157 if (psm) {
158 chan->psm = psm;
159 chan->sport = psm;
160 err = 0;
161 } else {
162 u16 p;
163
164 err = -EINVAL;
165 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 166 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 167 chan->psm = cpu_to_le16(p);
168 chan->sport = cpu_to_le16(p);
169 err = 0;
170 break;
171 }
172 }
9e4425ff 173
73b2ec18 174done:
333055f2 175 write_unlock(&chan_list_lock);
73b2ec18 176 return err;
9e4425ff
GP		 177}
178
179int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
180{
333055f2 181 write_lock(&chan_list_lock);
9e4425ff
GP		 182
183 chan->scid = scid;
184
333055f2 185 write_unlock(&chan_list_lock);
9e4425ff
GP		 186
187 return 0;
188}
189
baa7e1fa 190static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 191{
8db4dc46 192 u16 cid = L2CAP_CID_DYN_START;
0139418c 193
8db4dc46 194 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 195 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 196 return cid;
197 }
198
199 return 0;
200}
201
0e587be7 202static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 203{
42d2d87c 204 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 205 state_to_string(state));
206
89bc500e
GP		 207 chan->state = state;
208 chan->ops->state_change(chan->data, state);
209}
210
0e587be7
AE		 211static void l2cap_state_change(struct l2cap_chan *chan, int state)
212{
213 struct sock *sk = chan->sk;
214
215 lock_sock(sk);
216 __l2cap_state_change(chan, state);
217 release_sock(sk);
218}
219
2e0052e4
AE		 220static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
221{
222 struct sock *sk = chan->sk;
223
224 sk->sk_err = err;
225}
226
227static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
228{
229 struct sock *sk = chan->sk;
230
231 lock_sock(sk);
232 __l2cap_chan_set_err(chan, err);
233 release_sock(sk);
234}
235
721c4181 236static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 237{
721c4181
GP		 238 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
239 chan_timer.work);
3df91ea2 240 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 241 struct sock *sk = chan->sk;
242 int reason;
243
e05dcc32 244 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 245
3df91ea2 246 mutex_lock(&conn->chan_lock);
721c4181 247 lock_sock(sk);
ab07801d 248
89bc500e 249 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 250 reason = ECONNREFUSED;
89bc500e 251 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 252 chan->sec_level != BT_SECURITY_SDP)
253 reason = ECONNREFUSED;
254 else
255 reason = ETIMEDOUT;
256
0f852724 257 l2cap_chan_close(chan, reason);
ab07801d 258
721c4181 259 release_sock(sk);
ab07801d 260
ba3bd0ee 261 chan->ops->close(chan->data);
3df91ea2
AE		 262 mutex_unlock(&conn->chan_lock);
263
371fd835 264 l2cap_chan_put(chan);
ab07801d
GP		 265}
266
23691d75 267struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 268{
269 struct l2cap_chan *chan;
270
271 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
272 if (!chan)
273 return NULL;
274
c03b355e
AE		 275 mutex_init(&chan->lock);
276
48454079
GP		 277 chan->sk = sk;
278
333055f2 279 write_lock(&chan_list_lock);
23691d75 280 list_add(&chan->global_l, &chan_list);
333055f2 281 write_unlock(&chan_list_lock);
23691d75 282
721c4181 283 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 284
89bc500e
GP		 285 chan->state = BT_OPEN;
286
71ba0e56
GP		 287 atomic_set(&chan->refcnt, 1);
288
abc545b8
SJ		 289 BT_DBG("sk %p chan %p", sk, chan);
290
48454079
GP		 291 return chan;
292}
293
23691d75 294void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 295{
333055f2 296 write_lock(&chan_list_lock);
23691d75 297 list_del(&chan->global_l);
333055f2 298 write_unlock(&chan_list_lock);
23691d75 299
371fd835 300 l2cap_chan_put(chan);
6ff5abbf
GP		 301}
302
3d57dc68 303static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 304{
af05b30b 305 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 306 chan->psm, chan->dcid);
0139418c 307
9f5a0d7b 308 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 309
8c1d787b 310 chan->conn = conn;
0139418c 311
5491120e
AE		 312 switch (chan->chan_type) {
313 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 314 if (conn->hcon->type == LE_LINK) {
315 /* LE connection */
0c1bc5c6 316 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 317 chan->scid = L2CAP_CID_LE_DATA;
318 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 319 } else {
320 /* Alloc CID for connection-oriented socket */
fe4128e0 321 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 322 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 323 }
5491120e
AE		 324 break;
325
326 case L2CAP_CHAN_CONN_LESS:
0139418c 327 /* Connectionless socket */
fe4128e0
GP		 328 chan->scid = L2CAP_CID_CONN_LESS;
329 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 330 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 331 break;
332
333 default:
0139418c 334 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 335 chan->scid = L2CAP_CID_SIGNALING;
336 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 337 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 338 }
339
8f7975b1
AE		 340 chan->local_id = L2CAP_BESTEFFORT_ID;
341 chan->local_stype = L2CAP_SERV_BESTEFFORT;
342 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
343 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
344 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
345 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
346
371fd835 347 l2cap_chan_hold(chan);
baa7e1fa 348
3df91ea2
AE		 349 mutex_lock(&conn->chan_lock);
350 list_add(&chan->list, &conn->chan_l);
351 mutex_unlock(&conn->chan_lock);
0139418c
MH		 352}
353
8e87d142 354/* Delete channel.
0139418c 355 * Must be called on the locked socket. */
4519de9a 356static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 357{
48454079 358 struct sock *sk = chan->sk;
8c1d787b 359 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 360 struct sock *parent = bt_sk(sk)->parent;
361
c9b66675 362 __clear_chan_timer(chan);
0139418c 363
49208c9c 364 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 365
8e87d142 366 if (conn) {
baa7e1fa 367 /* Delete from channel list */
3df91ea2 368 list_del(&chan->list);
3d57dc68 369
371fd835 370 l2cap_chan_put(chan);
baa7e1fa 371
8c1d787b 372 chan->conn = NULL;
0139418c
MH		 373 hci_conn_put(conn->hcon);
374 }
375
0e587be7 376 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 377 sock_set_flag(sk, SOCK_ZAPPED);
378
379 if (err)
2e0052e4 380 __l2cap_chan_set_err(chan, err);
0139418c
MH		 381
382 if (parent) {
383 bt_accept_unlink(sk);
384 parent->sk_data_ready(parent, 0);
385 } else
386 sk->sk_state_change(sk);
c13ffa62 387
c1360a1c
GP		 388 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
389 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 390 return;
2ead70b8 391
58d35f87 392 skb_queue_purge(&chan->tx_q);
c13ffa62 393
0c1bc5c6 394 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 395 struct srej_list *l, *tmp;
396
1a09bcb9
GP		 397 __clear_retrans_timer(chan);
398 __clear_monitor_timer(chan);
399 __clear_ack_timer(chan);
c13ffa62 400
f1c6775b 401 skb_queue_purge(&chan->srej_q);
c13ffa62 402
39d5a3ee 403 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 404 list_del(&l->list);
405 kfree(l);
406 }
407 }
0139418c
MH		 408}
409
4519de9a
GP		 410static void l2cap_chan_cleanup_listen(struct sock *parent)
411{
412 struct sock *sk;
413
414 BT_DBG("parent %p", parent);
415
416 /* Close not yet accepted channels */
0f852724 417 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 418 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 419
c9b66675 420 __clear_chan_timer(chan);
0f852724 421 lock_sock(sk);
ba3bd0ee 422 l2cap_chan_close(chan, ECONNRESET);
0f852724 423 release_sock(sk);
3df91ea2 424
ba3bd0ee 425 chan->ops->close(chan->data);
0f852724 426 }
4519de9a
GP		 427}
428
0f852724 429void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 430{
431 struct l2cap_conn *conn = chan->conn;
432 struct sock *sk = chan->sk;
433
e05dcc32
AE		 434 BT_DBG("chan %p state %s sk %p", chan,
435 state_to_string(chan->state), sk);
4519de9a 436
89bc500e 437 switch (chan->state) {
4519de9a
GP		 438 case BT_LISTEN:
439 l2cap_chan_cleanup_listen(sk);
89bc500e 440
0e587be7 441 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 442 sock_set_flag(sk, SOCK_ZAPPED);
4519de9a
GP		 443 break;
444
445 case BT_CONNECTED:
446 case BT_CONFIG:
715ec005 447 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 448 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 449 __clear_chan_timer(chan);
450 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 451 l2cap_send_disconn_req(conn, chan, reason);
452 } else
453 l2cap_chan_del(chan, reason);
454 break;
455
456 case BT_CONNECT2:
715ec005 457 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 458 conn->hcon->type == ACL_LINK) {
459 struct l2cap_conn_rsp rsp;
460 __u16 result;
461
462 if (bt_sk(sk)->defer_setup)
463 result = L2CAP_CR_SEC_BLOCK;
464 else
465 result = L2CAP_CR_BAD_PSM;
89bc500e 466 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 467
468 rsp.scid = cpu_to_le16(chan->dcid);
469 rsp.dcid = cpu_to_le16(chan->scid);
470 rsp.result = cpu_to_le16(result);
471 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
472 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
473 sizeof(rsp), &rsp);
474 }
475
476 l2cap_chan_del(chan, reason);
477 break;
478
479 case BT_CONNECT:
480 case BT_DISCONN:
481 l2cap_chan_del(chan, reason);
482 break;
483
484 default:
485 sock_set_flag(sk, SOCK_ZAPPED);
486 break;
487 }
488}
489
4343478f 490static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 491{
715ec005 492 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 493 switch (chan->sec_level) {
8556edd3
JH		 494 case BT_SECURITY_HIGH:
495 return HCI_AT_DEDICATED_BONDING_MITM;
496 case BT_SECURITY_MEDIUM:
497 return HCI_AT_DEDICATED_BONDING;
498 default:
499 return HCI_AT_NO_BONDING;
500 }
fe4128e0 501 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 502 if (chan->sec_level == BT_SECURITY_LOW)
503 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 504
4343478f 505 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 506 return HCI_AT_NO_BONDING_MITM;
00ae4af9 507 else
8556edd3 508 return HCI_AT_NO_BONDING;
00ae4af9 509 } else {
4343478f 510 switch (chan->sec_level) {
00ae4af9 511 case BT_SECURITY_HIGH:
8556edd3 512 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 513 case BT_SECURITY_MEDIUM:
8556edd3 514 return HCI_AT_GENERAL_BONDING;
00ae4af9 515 default:
8556edd3 516 return HCI_AT_NO_BONDING;
00ae4af9 517 }
0684e5f9 518 }
8556edd3
JH		 519}
520
521/* Service level security */
d45fc423 522int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 523{
8c1d787b 524 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 525 __u8 auth_type;
526
4343478f 527 auth_type = l2cap_get_auth_type(chan);
79d554a6 528
4343478f 529 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 530}
531
b5ad8b7f 532static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 533{
534 u8 id;
535
536 /* Get next available identificator.
537 * 1 - 128 are used by kernel.
538 * 129 - 199 are reserved.
539 * 200 - 254 are used by utilities like l2ping, etc.
540 */
541
333055f2 542 spin_lock(&conn->lock);
4e8402a3
MH		 543
544 if (++conn->tx_ident > 128)
545 conn->tx_ident = 1;
546
547 id = conn->tx_ident;
548
333055f2 549 spin_unlock(&conn->lock);
4e8402a3
MH		 550
551 return id;
552}
553
4519de9a 554static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 555{
556 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 557 u8 flags;
4e8402a3
MH		 558
559 BT_DBG("code 0x%2.2x", code);
560
561 if (!skb)
9a9c6a34 562 return;
4e8402a3 563
e702112f
AE		 564 if (lmp_no_flush_capable(conn->hcon->hdev))
565 flags = ACL_START_NO_FLUSH;
566 else
567 flags = ACL_START;
568
14b12d0b 569 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 570 skb->priority = HCI_PRIO_MAX;
14b12d0b 571
73d80deb
LAD		 572 hci_send_acl(conn->hchan, skb, flags);
573}
574
575static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
576{
577 struct hci_conn *hcon = chan->conn->hcon;
578 u16 flags;
579
580 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
581 skb->priority);
582
583 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
584 lmp_no_flush_capable(hcon->hdev))
585 flags = ACL_START_NO_FLUSH;
586 else
587 flags = ACL_START;
14b12d0b 588
73d80deb
LAD		 589 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
590 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 591}
592
88843ab0 593static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 594{
595 struct sk_buff *skb;
596 struct l2cap_hdr *lh;
8c1d787b 597 struct l2cap_conn *conn = chan->conn;
e4ca6d98 598 int count, hlen;
fcc203c3 599
89bc500e 600 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 601 return;
602
e4ca6d98
AE		 603 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
604 hlen = L2CAP_EXT_HDR_SIZE;
605 else
606 hlen = L2CAP_ENH_HDR_SIZE;
607
47d1ec61 608 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 609 hlen += L2CAP_FCS_SIZE;
1c2acffb 610
88843ab0 611 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 612
fcc203c3 613 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 614
615 control |= __set_sframe(chan);
1c2acffb 616
e2ab4353 617 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 618 control |= __set_ctrl_final(chan);
9e917af1 619
e2ab4353 620 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 621 control |= __set_ctrl_poll(chan);
f0946ccf 622
1c2acffb
GP		 623 skb = bt_skb_alloc(count, GFP_ATOMIC);
624 if (!skb)
9a9c6a34 625 return;
1c2acffb
GP		 626
627 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 628 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 629 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 630
631 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 632
47d1ec61 633 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 634 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
635 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 636 }
637
73d80deb
LAD		 638 skb->priority = HCI_PRIO_MAX;
639 l2cap_do_send(chan, skb);
1c2acffb
GP		 640}
641
88843ab0 642static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 643{
e2ab4353 644 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 645 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 646 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 647 } else
ab784b73 648 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 649
0b209fae 650 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 651
525cd185 652 l2cap_send_sframe(chan, control);
7e743090
GP		 653}
654
b4450035 655static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 656{
c1360a1c 657 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 658}
659
fc7f8a7e 660static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 661{
8c1d787b 662 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 663
664 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 665 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
666 return;
667
d45fc423 668 if (l2cap_chan_check_security(chan) &&
4343478f 669 __l2cap_no_conn_pending(chan)) {
b1235d79 670 struct l2cap_conn_req req;
fe4128e0
GP		 671 req.scid = cpu_to_le16(chan->scid);
672 req.psm = chan->psm;
79d554a6 673
fc7f8a7e 674 chan->ident = l2cap_get_ident(conn);
c1360a1c 675 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 676
fc7f8a7e
GP		 677 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
678 sizeof(req), &req);
b1235d79 679 }
79d554a6
MH		 680 } else {
681 struct l2cap_info_req req;
682 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
683
684 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
685 conn->info_ident = l2cap_get_ident(conn);
686
030013d8 687 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 688 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
689
690 l2cap_send_cmd(conn, conn->info_ident,
691 L2CAP_INFO_REQ, sizeof(req), &req);
692 }
693}
694
cf6c2c0b
GP		 695static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
696{
697 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 698 if (!disable_ertm)
cf6c2c0b
GP		 699 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
700
701 switch (mode) {
702 case L2CAP_MODE_ERTM:
703 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
704 case L2CAP_MODE_STREAMING:
705 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
706 default:
707 return 0x00;
708 }
709}
710
4519de9a 711static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9
GP		 712{
713 struct l2cap_disconn_req req;
714
c13ffa62
GP		 715 if (!conn)
716 return;
717
0c1bc5c6 718 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 719 __clear_retrans_timer(chan);
720 __clear_monitor_timer(chan);
721 __clear_ack_timer(chan);
c13ffa62
GP		 722 }
723
fe4128e0
GP		 724 req.dcid = cpu_to_le16(chan->dcid);
725 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 726 l2cap_send_cmd(conn, l2cap_get_ident(conn),
727 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 728
0e587be7 729 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 730 __l2cap_chan_set_err(chan, err);
22121fc9
GP		 731}
732
1da177e4 733/* ---- L2CAP connections ---- */
4e8402a3
MH		 734static void l2cap_conn_start(struct l2cap_conn *conn)
735{
3df91ea2 736 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 737
738 BT_DBG("conn %p", conn);
739
3df91ea2 740 mutex_lock(&conn->chan_lock);
4e8402a3 741
3df91ea2 742 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 743 struct sock *sk = chan->sk;
baa7e1fa 744
4e8402a3
MH		 745 bh_lock_sock(sk);
746
715ec005 747 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
79d554a6
MH		 748 bh_unlock_sock(sk);
749 continue;
750 }
751
89bc500e 752 if (chan->state == BT_CONNECT) {
47731de7 753 struct l2cap_conn_req req;
79d554a6 754
d45fc423 755 if (!l2cap_chan_check_security(chan) ||
b4450035 756 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 757 bh_unlock_sock(sk);
758 continue;
759 }
79d554a6 760
c1360a1c
GP		 761 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
762 && test_bit(CONF_STATE2_DEVICE,
763 &chan->conf_state)) {
0f852724 764 /* l2cap_chan_close() calls list_del(chan)
820ffdb3 765 * so release the lock */
89bc500e 766 l2cap_chan_close(chan, ECONNRESET);
47731de7
GP		 767 bh_unlock_sock(sk);
768 continue;
b1235d79 769 }
47731de7 770
fe4128e0
GP		 771 req.scid = cpu_to_le16(chan->scid);
772 req.psm = chan->psm;
47731de7 773
fc7f8a7e 774 chan->ident = l2cap_get_ident(conn);
c1360a1c 775 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 776
fc7f8a7e
GP		 777 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
778 sizeof(req), &req);
47731de7 779
89bc500e 780 } else if (chan->state == BT_CONNECT2) {
79d554a6 781 struct l2cap_conn_rsp rsp;
e9aeb2dd 782 char buf[128];
fe4128e0
GP		 783 rsp.scid = cpu_to_le16(chan->dcid);
784 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 785
d45fc423 786 if (l2cap_chan_check_security(chan)) {
f66dc81f
MH		 787 if (bt_sk(sk)->defer_setup) {
788 struct sock *parent = bt_sk(sk)->parent;
789 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
790 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 791 if (parent)
792 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 793
794 } else {
0e587be7 795 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 796 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
797 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
798 }
79d554a6
MH		 799 } else {
800 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
801 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
802 }
803
fc7f8a7e
GP		 804 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
805 sizeof(rsp), &rsp);
e9aeb2dd 806
c1360a1c 807 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd
GP		 808 rsp.result != L2CAP_CR_SUCCESS) {
809 bh_unlock_sock(sk);
810 continue;
811 }
812
c1360a1c 813 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 814 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 815 l2cap_build_conf_req(chan, buf), buf);
816 chan->num_conf_req++;
4e8402a3
MH		 817 }
818
819 bh_unlock_sock(sk);
820 }
821
3df91ea2 822 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 823}
824
b62f328b
VT		 825/* Find socket with cid and source bdaddr.
826 * Returns closest match, locked.
827 */
23691d75 828static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 829{
23691d75 830 struct l2cap_chan *c, *c1 = NULL;
b62f328b 831
23691d75 832 read_lock(&chan_list_lock);
b62f328b 833
23691d75
GP		 834 list_for_each_entry(c, &chan_list, global_l) {
835 struct sock *sk = c->sk;
fe4128e0 836
89bc500e 837 if (state && c->state != state)
b62f328b
VT		 838 continue;
839
23691d75 840 if (c->scid == cid) {
b62f328b 841 /* Exact match. */
23691d75
GP		 842 if (!bacmp(&bt_sk(sk)->src, src)) {
843 read_unlock(&chan_list_lock);
844 return c;
845 }
b62f328b
VT		 846
847 /* Closest match */
848 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 849 c1 = c;
b62f328b
VT		 850 }
851 }
280f294f 852
23691d75 853 read_unlock(&chan_list_lock);
b62f328b 854
23691d75 855 return c1;
b62f328b
VT		 856}
857
858static void l2cap_le_conn_ready(struct l2cap_conn *conn)
859{
c916fbe4 860 struct sock *parent, *sk;
23691d75 861 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 862
863 BT_DBG("");
864
865 /* Check if we have socket listening on cid */
23691d75 866 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 867 conn->src);
23691d75 868 if (!pchan)
b62f328b
VT		 869 return;
870
23691d75
GP		 871 parent = pchan->sk;
872
aa2ac881 873 lock_sock(parent);
62f3a2cf 874
b62f328b
VT		 875 /* Check for backlog size */
876 if (sk_acceptq_is_full(parent)) {
877 BT_DBG("backlog full %d", parent->sk_ack_backlog);
878 goto clean;
879 }
880
80808e43
GP		 881 chan = pchan->ops->new_connection(pchan->data);
882 if (!chan)
b62f328b
VT		 883 goto clean;
884
80808e43 885 sk = chan->sk;
5d41ce1d 886
b62f328b
VT		 887 hci_conn_hold(conn->hcon);
888
b62f328b
VT		 889 bacpy(&bt_sk(sk)->src, conn->src);
890 bacpy(&bt_sk(sk)->dst, conn->dst);
891
d1010240
GP		 892 bt_accept_enqueue(parent, sk);
893
3d57dc68 894 l2cap_chan_add(conn, chan);
48454079 895
c9b66675 896 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 897
0e587be7 898 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 899 parent->sk_data_ready(parent, 0);
900
b62f328b 901clean:
aa2ac881 902 release_sock(parent);
b62f328b
VT		 903}
904
cf4cd009 905static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 906{
cf4cd009 907 struct sock *sk = chan->sk;
f1cb9af5
VCG		 908 struct sock *parent = bt_sk(sk)->parent;
909
910 BT_DBG("sk %p, parent %p", sk, parent);
911
912 chan->conf_state = 0;
913 __clear_chan_timer(chan);
914
0e587be7 915 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 916 sk->sk_state_change(sk);
917
918 if (parent)
919 parent->sk_data_ready(parent, 0);
920}
921
4e8402a3
MH		 922static void l2cap_conn_ready(struct l2cap_conn *conn)
923{
48454079 924 struct l2cap_chan *chan;
4e8402a3 925
79d554a6 926 BT_DBG("conn %p", conn);
4e8402a3 927
b62f328b
VT		 928 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
929 l2cap_le_conn_ready(conn);
930
160dc6ac
VCG		 931 if (conn->hcon->out && conn->hcon->type == LE_LINK)
932 smp_conn_security(conn, conn->hcon->pending_sec_level);
933
3df91ea2 934 mutex_lock(&conn->chan_lock);
4e8402a3 935
3df91ea2 936 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 937 struct sock *sk = chan->sk;
baa7e1fa 938
79d554a6 939 bh_lock_sock(sk);
4e8402a3 940
63128451 941 if (conn->hcon->type == LE_LINK) {
b501d6a1 942 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 943 l2cap_chan_ready(chan);
acd7d370 944
63128451 945 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 946 __clear_chan_timer(chan);
0e587be7 947 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 948 sk->sk_state_change(sk);
b501d6a1 949
89bc500e 950 } else if (chan->state == BT_CONNECT)
fc7f8a7e 951 l2cap_do_start(chan);
4e8402a3 952
79d554a6 953 bh_unlock_sock(sk);
4e8402a3 954 }
79d554a6 955
3df91ea2 956 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 957}
958
959/* Notify sockets that we cannot guaranty reliability anymore */
960static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
961{
48454079 962 struct l2cap_chan *chan;
4e8402a3
MH		 963
964 BT_DBG("conn %p", conn);
965
3df91ea2 966 mutex_lock(&conn->chan_lock);
4e8402a3 967
3df91ea2 968 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 969 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 970 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 971 }
972
3df91ea2 973 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 974}
975
f878fcad 976static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 977{
f878fcad 978 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 979 info_timer.work);
4e8402a3 980
984947dc 981 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 982 conn->info_ident = 0;
984947dc 983
4e8402a3
MH		 984 l2cap_conn_start(conn);
985}
986
5d3de7df
VCG		 987static void l2cap_conn_del(struct hci_conn *hcon, int err)
988{
989 struct l2cap_conn *conn = hcon->l2cap_data;
990 struct l2cap_chan *chan, *l;
991 struct sock *sk;
992
993 if (!conn)
994 return;
995
996 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
997
998 kfree_skb(conn->rx_skb);
999
3df91ea2
AE		 1000 mutex_lock(&conn->chan_lock);
1001
5d3de7df
VCG		 1002 /* Kill channels */
1003 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
1004 sk = chan->sk;
aa2ac881 1005 lock_sock(sk);
5d3de7df 1006 l2cap_chan_del(chan, err);
aa2ac881 1007 release_sock(sk);
5d3de7df
VCG		 1008 chan->ops->close(chan->data);
1009 }
1010
3df91ea2
AE		 1011 mutex_unlock(&conn->chan_lock);
1012
73d80deb
LAD		 1013 hci_chan_del(conn->hchan);
1014
5d3de7df 1015 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1016 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1017
51a8efd7 1018 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1019 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1020 smp_chan_destroy(conn);
d26a2345 1021 }
5d3de7df
VCG		 1022
1023 hcon->l2cap_data = NULL;
1024 kfree(conn);
1025}
1026
6c9d42a1 1027static void security_timeout(struct work_struct *work)
5d3de7df 1028{
6c9d42a1
GP		 1029 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1030 security_timer.work);
5d3de7df
VCG		 1031
1032 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1033}
1034
1da177e4
LT		 1035static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1036{
0139418c 1037 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1038 struct hci_chan *hchan;
1da177e4 1039
0139418c 1040 if (conn || status)
1da177e4
LT		 1041 return conn;
1042
73d80deb
LAD		 1043 hchan = hci_chan_create(hcon);
1044 if (!hchan)
1045 return NULL;
1046
0139418c 1047 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1048 if (!conn) {
1049 hci_chan_del(hchan);
1da177e4 1050 return NULL;
73d80deb 1051 }
1da177e4
LT		 1052
1053 hcon->l2cap_data = conn;
1054 conn->hcon = hcon;
73d80deb 1055 conn->hchan = hchan;
1da177e4 1056
73d80deb 1057 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1058
acd7d370
VT		 1059 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1060 conn->mtu = hcon->hdev->le_mtu;
1061 else
1062 conn->mtu = hcon->hdev->acl_mtu;
1063
1da177e4
LT		 1064 conn->src = &hcon->hdev->bdaddr;
1065 conn->dst = &hcon->dst;
1066
4e8402a3
MH		 1067 conn->feat_mask = 0;
1068
1da177e4 1069 spin_lock_init(&conn->lock);
3df91ea2 1070 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1071
1072 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1073
5d3de7df 1074 if (hcon->type == LE_LINK)
6c9d42a1 1075 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1076 else
030013d8 1077 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1078
9f5a0d7b 1079 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1080
1da177e4
LT		 1081 return conn;
1082}
1083
1da177e4 1084/* ---- Socket interface ---- */
1da177e4
LT		 1085
1086/* Find socket with psm and source bdaddr.
1087 * Returns closest match.
1088 */
23691d75 1089static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1090{
23691d75 1091 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1092
23691d75 1093 read_lock(&chan_list_lock);
e0f0cb56 1094
23691d75
GP		 1095 list_for_each_entry(c, &chan_list, global_l) {
1096 struct sock *sk = c->sk;
fe4128e0 1097
89bc500e 1098 if (state && c->state != state)
1da177e4
LT		 1099 continue;
1100
23691d75 1101 if (c->psm == psm) {
1da177e4 1102 /* Exact match. */
23691d75 1103 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1104 read_unlock(&chan_list_lock);
23691d75
GP		 1105 return c;
1106 }
1da177e4
LT		 1107
1108 /* Closest match */
1109 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1110 c1 = c;
1da177e4
LT		 1111 }
1112 }
1da177e4 1113
23691d75 1114 read_unlock(&chan_list_lock);
e0f0cb56 1115
23691d75 1116 return c1;
1da177e4
LT		 1117}
1118
cbe8fed4 1119int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1120{
5d41ce1d 1121 struct sock *sk = chan->sk;
1da177e4 1122 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1123 struct l2cap_conn *conn;
1124 struct hci_conn *hcon;
1125 struct hci_dev *hdev;
09ab6f4c 1126 __u8 auth_type;
44d0e48e 1127 int err;
1da177e4 1128
f29972de 1129 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1130 chan->psm);
1da177e4 1131
af05b30b
GP		 1132 hdev = hci_get_route(dst, src);
1133 if (!hdev)
1da177e4
LT		 1134 return -EHOSTUNREACH;
1135
09fd0de5 1136 hci_dev_lock(hdev);
1da177e4 1137
03a00194
GP		 1138 lock_sock(sk);
1139
1140 /* PSM must be odd and lsb of upper byte must be 0 */
1141 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1142 chan->chan_type != L2CAP_CHAN_RAW) {
1143 err = -EINVAL;
1144 goto done;
1145 }
1146
1147 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1148 err = -EINVAL;
1149 goto done;
1150 }
1151
1152 switch (chan->mode) {
1153 case L2CAP_MODE_BASIC:
1154 break;
1155 case L2CAP_MODE_ERTM:
1156 case L2CAP_MODE_STREAMING:
1157 if (!disable_ertm)
1158 break;
1159 /* fall through */
1160 default:
1161 err = -ENOTSUPP;
1162 goto done;
1163 }
1164
1165 switch (sk->sk_state) {
1166 case BT_CONNECT:
1167 case BT_CONNECT2:
1168 case BT_CONFIG:
1169 /* Already connecting */
1170 err = 0;
1171 goto done;
1172
1173 case BT_CONNECTED:
1174 /* Already connected */
1175 err = -EISCONN;
1176 goto done;
1177
1178 case BT_OPEN:
1179 case BT_BOUND:
1180 /* Can connect */
1181 break;
1182
1183 default:
1184 err = -EBADFD;
1185 goto done;
1186 }
1187
1188 /* Set destination address and psm */
9219b2a0 1189 bacpy(&bt_sk(sk)->dst, dst);
03a00194
GP		 1190 chan->psm = psm;
1191 chan->dcid = cid;
1da177e4 1192
4343478f 1193 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1194
fe4128e0 1195 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1196 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1197 chan->sec_level, auth_type);
acd7d370
VT		 1198 else
1199 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1200 chan->sec_level, auth_type);
acd7d370 1201
30e76272
VT		 1202 if (IS_ERR(hcon)) {
1203 err = PTR_ERR(hcon);
1da177e4 1204 goto done;
30e76272 1205 }
1da177e4
LT		 1206
1207 conn = l2cap_conn_add(hcon, 0);
1208 if (!conn) {
1209 hci_conn_put(hcon);
30e76272 1210 err = -ENOMEM;
1da177e4
LT		 1211 goto done;
1212 }
1213
1da177e4
LT		 1214 /* Update source addr of the socket */
1215 bacpy(src, conn->src);
1216
48454079
GP		 1217 l2cap_chan_add(conn, chan);
1218
0e587be7 1219 __l2cap_state_change(chan, BT_CONNECT);
c9b66675 1220 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1221
1222 if (hcon->state == BT_CONNECTED) {
715ec005 1223 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1224 __clear_chan_timer(chan);
d45fc423 1225 if (l2cap_chan_check_security(chan))
0e587be7 1226 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1227 } else
fc7f8a7e 1228 l2cap_do_start(chan);
1da177e4
LT		 1229 }
1230
30e76272
VT		 1231 err = 0;
1232
1da177e4 1233done:
09fd0de5 1234 hci_dev_unlock(hdev);
1da177e4
LT		 1235 hci_dev_put(hdev);
1236 return err;
1237}
1238
dcba0dba 1239int __l2cap_wait_ack(struct sock *sk)
6161c038 1240{
8c1d787b 1241 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1242 DECLARE_WAITQUEUE(wait, current);
1243 int err = 0;
1244 int timeo = HZ/5;
1245
2b0b05dd 1246 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1247 set_current_state(TASK_INTERRUPTIBLE);
1248 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1249 if (!timeo)
1250 timeo = HZ/5;
1251
1252 if (signal_pending(current)) {
1253 err = sock_intr_errno(timeo);
1254 break;
1255 }
1256
1257 release_sock(sk);
1258 timeo = schedule_timeout(timeo);
1259 lock_sock(sk);
a71a0cf4 1260 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1261
1262 err = sock_error(sk);
1263 if (err)
1264 break;
1265 }
1266 set_current_state(TASK_RUNNING);
2b0b05dd 1267 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1268 return err;
1269}
1270
721c4181 1271static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1272{
721c4181
GP		 1273 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1274 monitor_timer.work);
525cd185 1275 struct sock *sk = chan->sk;
e90bac06 1276
525cd185 1277 BT_DBG("chan %p", chan);
0e98958d 1278
721c4181 1279 lock_sock(sk);
2c03a7a4 1280 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1281 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
721c4181 1282 release_sock(sk);
e90bac06
GP		 1283 return;
1284 }
1285
6a026610 1286 chan->retry_count++;
1a09bcb9 1287 __set_monitor_timer(chan);
e90bac06 1288
525cd185 1289 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
721c4181 1290 release_sock(sk);
e90bac06
GP		 1291}
1292
721c4181 1293static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1294{
721c4181
GP		 1295 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1296 retrans_timer.work);
525cd185 1297 struct sock *sk = chan->sk;
e90bac06 1298
49208c9c 1299 BT_DBG("chan %p", chan);
0e98958d 1300
721c4181 1301 lock_sock(sk);
6a026610 1302 chan->retry_count = 1;
1a09bcb9 1303 __set_monitor_timer(chan);
e90bac06 1304
e2ab4353 1305 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1306
525cd185 1307 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
721c4181 1308 release_sock(sk);
e90bac06
GP		 1309}
1310
42e5c802 1311static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1312{
1c2acffb 1313 struct sk_buff *skb;
1da177e4 1314
58d35f87 1315 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1316 chan->unacked_frames) {
42e5c802 1317 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1318 break;
1da177e4 1319
58d35f87 1320 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1321 kfree_skb(skb);
1da177e4 1322
6a026610 1323 chan->unacked_frames--;
1c2acffb 1324 }
1da177e4 1325
6a026610 1326 if (!chan->unacked_frames)
1a09bcb9 1327 __clear_retrans_timer(chan);
1c2acffb 1328}
1da177e4 1329
67c9e840 1330static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1331{
ccbb84af 1332 struct sk_buff *skb;
88843ab0
AE		 1333 u32 control;
1334 u16 fcs;
6840ed07 1335
58d35f87 1336 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1337 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1338 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1339 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1340
47d1ec61 1341 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1342 fcs = crc16(0, (u8 *)skb->data,
1343 skb->len - L2CAP_FCS_SIZE);
1344 put_unaligned_le16(fcs,
1345 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1346 }
1347
4343478f 1348 l2cap_do_send(chan, skb);
6840ed07 1349
836be934 1350 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1351 }
6840ed07
GP		 1352}
1353
fb45de7d 1354static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1355{
8f17154f 1356 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1357 u16 fcs;
1358 u32 control;
8f17154f 1359
58d35f87 1360 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1361 if (!skb)
1362 return;
8f17154f 1363
d1726b6d 1364 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1365 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1366 return;
8f17154f 1367
d1726b6d
SJ		 1368 skb = skb_queue_next(&chan->tx_q, skb);
1369 }
8f17154f 1370
2c03a7a4
GP		 1371 if (chan->remote_max_tx &&
1372 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1373 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1374 return;
1375 }
1376
1377 tx_skb = skb_clone(skb, GFP_ATOMIC);
1378 bt_cb(skb)->retries++;
88843ab0
AE		 1379
1380 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1381 control &= __get_sar_mask(chan);
3cb123d1 1382
e2ab4353 1383 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1384 control |= __set_ctrl_final(chan);
95ffa978 1385
0b209fae 1386 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1387 control |= __set_txseq(chan, tx_seq);
3cb123d1 1388
88843ab0 1389 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1390
47d1ec61 1391 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1392 fcs = crc16(0, (u8 *)tx_skb->data,
1393 tx_skb->len - L2CAP_FCS_SIZE);
1394 put_unaligned_le16(fcs,
1395 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1396 }
1397
4343478f 1398 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1399}
1400
67c9e840 1401static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1402{
1403 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1404 u16 fcs;
1405 u32 control;
9a9c6a34 1406 int nsent = 0;
1c2acffb 1407
89bc500e 1408 if (chan->state != BT_CONNECTED)
c13ffa62 1409 return -ENOTCONN;
e90bac06 1410
58d35f87 1411 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1412
2c03a7a4
GP		 1413 if (chan->remote_max_tx &&
1414 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1415 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1416 break;
1417 }
1418
e420aba3
AE		 1419 tx_skb = skb_clone(skb, GFP_ATOMIC);
1420
e90bac06
GP		 1421 bt_cb(skb)->retries++;
1422
88843ab0 1423 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1424 control &= __get_sar_mask(chan);
95ffa978 1425
e2ab4353 1426 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1427 control |= __set_ctrl_final(chan);
e2ab4353 1428
0b209fae 1429 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1430 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1431
88843ab0 1432 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1433
47d1ec61 1434 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1435 fcs = crc16(0, (u8 *)skb->data,
1436 tx_skb->len - L2CAP_FCS_SIZE);
1437 put_unaligned_le16(fcs, skb->data +
1438 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1439 }
1440
4343478f 1441 l2cap_do_send(chan, tx_skb);
9a9c6a34 1442
1a09bcb9 1443 __set_retrans_timer(chan);
1c2acffb 1444
42e5c802 1445 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1446
1447 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1448
8ed7a0ae 1449 if (bt_cb(skb)->retries == 1) {
6a026610 1450 chan->unacked_frames++;
930fa4ae
SJ		 1451
1452 if (!nsent++)
1453 __clear_ack_timer(chan);
8ed7a0ae 1454 }
23e9fde2 1455
6a026610 1456 chan->frames_sent++;
1c2acffb 1457
58d35f87
GP		 1458 if (skb_queue_is_last(&chan->tx_q, skb))
1459 chan->tx_send_head = NULL;
1c2acffb 1460 else
58d35f87 1461 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1462 }
1463
9e917af1
GP		 1464 return nsent;
1465}
1466
525cd185 1467static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1468{
dfc909be
GP		 1469 int ret;
1470
58d35f87
GP		 1471 if (!skb_queue_empty(&chan->tx_q))
1472 chan->tx_send_head = chan->tx_q.next;
dfc909be 1473
42e5c802 1474 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1475 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1476 return ret;
1477}
1478
b17e73bb 1479static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1480{
88843ab0 1481 u32 control = 0;
9e917af1 1482
0b209fae 1483 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1484
e2ab4353 1485 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1486 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1487 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1488 l2cap_send_sframe(chan, control);
9a9c6a34 1489 return;
9e917af1 1490 }
dfc909be 1491
525cd185 1492 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1493 return;
1494
ab784b73 1495 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1496 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1497}
1498
b17e73bb
SJ		 1499static void l2cap_send_ack(struct l2cap_chan *chan)
1500{
1501 __clear_ack_timer(chan);
1502 __l2cap_send_ack(chan);
1503}
1504
525cd185 1505static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1506{
1507 struct srej_list *tail;
88843ab0 1508 u32 control;
99b0d4b7 1509
ab784b73 1510 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1511 control |= __set_ctrl_final(chan);
99b0d4b7 1512
39d5a3ee 1513 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1514 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1515
525cd185 1516 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1517}
1518
0952a57a 1519static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1c2acffb 1520{
0952a57a 1521 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1522 struct sk_buff **frag;
1523 int err, sent = 0;
1da177e4 1524
59203a21 1525 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1526 return -EFAULT;
1da177e4
LT		 1527
1528 sent += count;
1529 len -= count;
1530
1531 /* Continuation fragments (no L2CAP header) */
1532 frag = &skb_shinfo(skb)->frag_list;
1533 while (len) {
1534 count = min_t(unsigned int, conn->mtu, len);
1535
2f7719ce
AE		 1536 *frag = chan->ops->alloc_skb(chan, count,
1537 msg->msg_flags & MSG_DONTWAIT, &err);
1538
1da177e4 1539 if (!*frag)
0175d629 1540 return err;
1c2acffb
GP		 1541 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1542 return -EFAULT;
1da177e4 1543
5e59b791
LAD		 1544 (*frag)->priority = skb->priority;
1545
1da177e4
LT		 1546 sent += count;
1547 len -= count;
1548
1549 frag = &(*frag)->next;
1550 }
1da177e4
LT		 1551
1552 return sent;
1c2acffb 1553}
1da177e4 1554
5e59b791
LAD		 1555static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1556 struct msghdr *msg, size_t len,
1557 u32 priority)
1c2acffb 1558{
8c1d787b 1559 struct l2cap_conn *conn = chan->conn;
1c2acffb 1560 struct sk_buff *skb;
03a51213 1561 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1562 struct l2cap_hdr *lh;
1563
6d5922b0 1564 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1565
1566 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1567
1568 skb = chan->ops->alloc_skb(chan, count + hlen,
1569 msg->msg_flags & MSG_DONTWAIT, &err);
1570
1c2acffb 1571 if (!skb)
0175d629 1572 return ERR_PTR(err);
1c2acffb 1573
5e59b791
LAD		 1574 skb->priority = priority;
1575
1c2acffb
GP		 1576 /* Create L2CAP header */
1577 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1578 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1579 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1580 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb 1581
0952a57a 1582 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1583 if (unlikely(err < 0)) {
1584 kfree_skb(skb);
1585 return ERR_PTR(err);
1586 }
1587 return skb;
1588}
1589
5e59b791
LAD		 1590static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1591 struct msghdr *msg, size_t len,
1592 u32 priority)
1c2acffb 1593{
8c1d787b 1594 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1595 struct sk_buff *skb;
1596 int err, count, hlen = L2CAP_HDR_SIZE;
1597 struct l2cap_hdr *lh;
1598
6d5922b0 1599 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1600
1601 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1602
1603 skb = chan->ops->alloc_skb(chan, count + hlen,
1604 msg->msg_flags & MSG_DONTWAIT, &err);
1605
1c2acffb 1606 if (!skb)
0175d629 1607 return ERR_PTR(err);
1c2acffb 1608
5e59b791
LAD		 1609 skb->priority = priority;
1610
1c2acffb
GP		 1611 /* Create L2CAP header */
1612 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1613 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1614 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1615
0952a57a 1616 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1617 if (unlikely(err < 0)) {
1618 kfree_skb(skb);
1619 return ERR_PTR(err);
1620 }
1621 return skb;
1622}
1623
ab0ff76d
LAD		 1624static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1625 struct msghdr *msg, size_t len,
88843ab0 1626 u32 control, u16 sdulen)
1c2acffb 1627{
8c1d787b 1628 struct l2cap_conn *conn = chan->conn;
1c2acffb 1629 struct sk_buff *skb;
e4ca6d98 1630 int err, count, hlen;
1c2acffb
GP		 1631 struct l2cap_hdr *lh;
1632
6d5922b0 1633 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1634
0ee0d208
GP		 1635 if (!conn)
1636 return ERR_PTR(-ENOTCONN);
1637
e4ca6d98
AE		 1638 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1639 hlen = L2CAP_EXT_HDR_SIZE;
1640 else
1641 hlen = L2CAP_ENH_HDR_SIZE;
1642
c74e560c 1643 if (sdulen)
03a51213 1644 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1645
47d1ec61 1646 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1647 hlen += L2CAP_FCS_SIZE;
fcc203c3 1648
1c2acffb 1649 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1650
1651 skb = chan->ops->alloc_skb(chan, count + hlen,
1652 msg->msg_flags & MSG_DONTWAIT, &err);
1653
1c2acffb 1654 if (!skb)
0175d629 1655 return ERR_PTR(err);
1c2acffb
GP		 1656
1657 /* Create L2CAP header */
1658 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1659 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1660 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1661
1662 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1663
c74e560c 1664 if (sdulen)
03a51213 1665 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1666
0952a57a 1667 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1668 if (unlikely(err < 0)) {
1669 kfree_skb(skb);
1670 return ERR_PTR(err);
1671 }
e90bac06 1672
47d1ec61 1673 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1674 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1675
e90bac06 1676 bt_cb(skb)->retries = 0;
1c2acffb 1677 return skb;
1da177e4
LT		 1678}
1679
67c9e840 1680static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1681{
c74e560c
GP		 1682 struct sk_buff *skb;
1683 struct sk_buff_head sar_queue;
88843ab0 1684 u32 control;
c74e560c
GP		 1685 size_t size = 0;
1686
ff12fd64 1687 skb_queue_head_init(&sar_queue);
7e0ef6ee 1688 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1689 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1690 if (IS_ERR(skb))
1691 return PTR_ERR(skb);
1692
1693 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1694 len -= chan->remote_mps;
1695 size += chan->remote_mps;
c74e560c
GP		 1696
1697 while (len > 0) {
1698 size_t buflen;
1699
2c03a7a4 1700 if (len > chan->remote_mps) {
7e0ef6ee 1701 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1702 buflen = chan->remote_mps;
c74e560c 1703 } else {
7e0ef6ee 1704 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1705 buflen = len;
1706 }
1707
47d1ec61 1708 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1709 if (IS_ERR(skb)) {
1710 skb_queue_purge(&sar_queue);
1711 return PTR_ERR(skb);
1712 }
1713
1714 __skb_queue_tail(&sar_queue, skb);
1715 len -= buflen;
1716 size += buflen;
c74e560c 1717 }
58d35f87
GP		 1718 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1719 if (chan->tx_send_head == NULL)
1720 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1721
1722 return size;
1723}
1724
5e59b791
LAD		 1725int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1726 u32 priority)
9a91a04a 1727{
9a91a04a 1728 struct sk_buff *skb;
88843ab0 1729 u32 control;
9a91a04a
GP		 1730 int err;
1731
1732 /* Connectionless channel */
715ec005 1733 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1734 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1735 if (IS_ERR(skb))
1736 return PTR_ERR(skb);
1737
1738 l2cap_do_send(chan, skb);
1739 return len;
1740 }
1741
1742 switch (chan->mode) {
1743 case L2CAP_MODE_BASIC:
1744 /* Check outgoing MTU */
1745 if (len > chan->omtu)
1746 return -EMSGSIZE;
1747
1748 /* Create a basic PDU */
5e59b791 1749 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1750 if (IS_ERR(skb))
1751 return PTR_ERR(skb);
1752
1753 l2cap_do_send(chan, skb);
1754 err = len;
1755 break;
1756
1757 case L2CAP_MODE_ERTM:
1758 case L2CAP_MODE_STREAMING:
1759 /* Entire SDU fits into one PDU */
1760 if (len <= chan->remote_mps) {
7e0ef6ee 1761 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1762 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1763 0);
1764 if (IS_ERR(skb))
1765 return PTR_ERR(skb);
1766
1767 __skb_queue_tail(&chan->tx_q, skb);
1768
1769 if (chan->tx_send_head == NULL)
1770 chan->tx_send_head = skb;
1771
1772 } else {
1773 /* Segment SDU into multiples PDUs */
1774 err = l2cap_sar_segment_sdu(chan, msg, len);
1775 if (err < 0)
1776 return err;
1777 }
1778
1779 if (chan->mode == L2CAP_MODE_STREAMING) {
1780 l2cap_streaming_send(chan);
1781 err = len;
1782 break;
1783 }
1784
e2ab4353
GP		 1785 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1786 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1787 err = len;
1788 break;
1789 }
1790
1791 err = l2cap_ertm_send(chan);
1792 if (err >= 0)
1793 err = len;
1794
1795 break;
1796
1797 default:
1798 BT_DBG("bad state %1.1x", chan->mode);
1799 err = -EBADFD;
1800 }
1801
1802 return err;
1803}
1804
1da177e4
LT		 1805/* Copy frame to all raw sockets on that connection */
1806static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1807{
1da177e4 1808 struct sk_buff *nskb;
48454079 1809 struct l2cap_chan *chan;
1da177e4
LT		 1810
1811 BT_DBG("conn %p", conn);
1812
3df91ea2 1813 mutex_lock(&conn->chan_lock);
3d57dc68 1814
3df91ea2 1815 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1816 struct sock *sk = chan->sk;
715ec005 1817 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1818 continue;
1819
1820 /* Don't send frame to the socket it came from */
1821 if (skb->sk == sk)
1822 continue;
af05b30b
GP		 1823 nskb = skb_clone(skb, GFP_ATOMIC);
1824 if (!nskb)
1da177e4
LT		 1825 continue;
1826
23070494 1827 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1828 kfree_skb(nskb);
1829 }
3d57dc68 1830
3df91ea2 1831 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1832}
1833
1834/* ---- L2CAP signalling commands ---- */
1835static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1836 u8 code, u8 ident, u16 dlen, void *data)
1837{
1838 struct sk_buff *skb, **frag;
1839 struct l2cap_cmd_hdr *cmd;
1840 struct l2cap_hdr *lh;
1841 int len, count;
1842
af05b30b
GP		 1843 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1844 conn, code, ident, dlen);
1da177e4
LT		 1845
1846 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1847 count = min_t(unsigned int, conn->mtu, len);
1848
1849 skb = bt_skb_alloc(count, GFP_ATOMIC);
1850 if (!skb)
1851 return NULL;
1852
1853 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1854 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1855
1856 if (conn->hcon->type == LE_LINK)
1857 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1858 else
1859 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1860
1861 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1862 cmd->code = code;
1863 cmd->ident = ident;
aca3192c 1864 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1865
1866 if (dlen) {
1867 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1868 memcpy(skb_put(skb, count), data, count);
1869 data += count;
1870 }
1871
1872 len -= skb->len;
1873
1874 /* Continuation fragments (no L2CAP header) */
1875 frag = &skb_shinfo(skb)->frag_list;
1876 while (len) {
1877 count = min_t(unsigned int, conn->mtu, len);
1878
1879 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1880 if (!*frag)
1881 goto fail;
1882
1883 memcpy(skb_put(*frag, count), data, count);
1884
1885 len -= count;
1886 data += count;
1887
1888 frag = &(*frag)->next;
1889 }
1890
1891 return skb;
1892
1893fail:
1894 kfree_skb(skb);
1895 return NULL;
1896}
1897
1898static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1899{
1900 struct l2cap_conf_opt *opt = *ptr;
1901 int len;
1902
1903 len = L2CAP_CONF_OPT_SIZE + opt->len;
1904 *ptr += len;
1905
1906 *type = opt->type;
1907 *olen = opt->len;
1908
1909 switch (opt->len) {
1910 case 1:
1911 *val = *((u8 *) opt->val);
1912 break;
1913
1914 case 2:
bfaaeb3e 1915 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1916 break;
1917
1918 case 4:
bfaaeb3e 1919 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1920 break;
1921
1922 default:
1923 *val = (unsigned long) opt->val;
1924 break;
1925 }
1926
1927 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1928 return len;
1929}
1930
1da177e4
LT		 1931static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1932{
1933 struct l2cap_conf_opt *opt = *ptr;
1934
1935 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1936
1937 opt->type = type;
1938 opt->len = len;
1939
1940 switch (len) {
1941 case 1:
1942 *((u8 *) opt->val) = val;
1943 break;
1944
1945 case 2:
4f8b691c 1946 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1947 break;
1948
1949 case 4:
4f8b691c 1950 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1951 break;
1952
1953 default:
1954 memcpy(opt->val, (void *) val, len);
1955 break;
1956 }
1957
1958 *ptr += L2CAP_CONF_OPT_SIZE + len;
1959}
1960
f89cef09
AE		 1961static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1962{
1963 struct l2cap_conf_efs efs;
1964
1ec918ce 1965 switch (chan->mode) {
f89cef09
AE		 1966 case L2CAP_MODE_ERTM:
1967 efs.id = chan->local_id;
1968 efs.stype = chan->local_stype;
1969 efs.msdu = cpu_to_le16(chan->local_msdu);
1970 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
1971 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
1972 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
1973 break;
1974
1975 case L2CAP_MODE_STREAMING:
1976 efs.id = 1;
1977 efs.stype = L2CAP_SERV_BESTEFFORT;
1978 efs.msdu = cpu_to_le16(chan->local_msdu);
1979 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
1980 efs.acc_lat = 0;
1981 efs.flush_to = 0;
1982 break;
1983
1984 default:
1985 return;
1986 }
1987
1988 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
1989 (unsigned long) &efs);
1990}
1991
721c4181 1992static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 1993{
721c4181
GP		 1994 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1995 ack_timer.work);
c1b4f43b 1996
2fb9b3d4
GP		 1997 BT_DBG("chan %p", chan);
1998
721c4181 1999 lock_sock(chan->sk);
b17e73bb 2000 __l2cap_send_ack(chan);
721c4181 2001 release_sock(chan->sk);
09bfb2ee
SJ		 2002
2003 l2cap_chan_put(chan);
c1b4f43b
GP		 2004}
2005
525cd185 2006static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2007{
42e5c802 2008 chan->expected_ack_seq = 0;
6a026610 2009 chan->unacked_frames = 0;
42e5c802 2010 chan->buffer_seq = 0;
6a026610
GP		 2011 chan->num_acked = 0;
2012 chan->frames_sent = 0;
0565c1c2 2013
721c4181
GP		 2014 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2015 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2016 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2017
f1c6775b 2018 skb_queue_head_init(&chan->srej_q);
1890d36b 2019
39d5a3ee 2020 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2021}
2022
f2fcfcd6
GP		 2023static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2024{
2025 switch (mode) {
2026 case L2CAP_MODE_STREAMING:
2027 case L2CAP_MODE_ERTM:
2028 if (l2cap_mode_supported(mode, remote_feat_mask))
2029 return mode;
2030 /* fall through */
2031 default:
2032 return L2CAP_MODE_BASIC;
2033 }
2034}
2035
6327eb98
AE		 2036static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2037{
2038 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2039}
2040
f89cef09
AE		 2041static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2042{
2043 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2044}
2045
6327eb98
AE		 2046static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2047{
2048 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2049 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2050 /* use extended control field */
2051 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2052 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2053 } else {
6327eb98
AE		 2054 chan->tx_win = min_t(u16, chan->tx_win,
2055 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2056 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2057 }
6327eb98
AE		 2058}
2059
710f9b0a 2060static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2061{
1da177e4 2062 struct l2cap_conf_req *req = data;
0c1bc5c6 2063 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2064 void *ptr = req->data;
c8f79162 2065 u16 size;
1da177e4 2066
49208c9c 2067 BT_DBG("chan %p", chan);
1da177e4 2068
73ffa904 2069 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2070 goto done;
2071
0c1bc5c6 2072 switch (chan->mode) {
f2fcfcd6
GP		 2073 case L2CAP_MODE_STREAMING:
2074 case L2CAP_MODE_ERTM:
c1360a1c 2075 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2076 break;
85eb53c6 2077
f89cef09
AE		 2078 if (__l2cap_efs_supported(chan))
2079 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2080
2ba13ed6 2081 /* fall through */
f2fcfcd6 2082 default:
8c1d787b 2083 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2084 break;
2085 }
2086
2087done:
0c1bc5c6
GP		 2088 if (chan->imtu != L2CAP_DEFAULT_MTU)
2089 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2090
0c1bc5c6 2091 switch (chan->mode) {
65c7c491 2092 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2093 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2094 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2095 break;
2096
62547752
GP		 2097 rfc.mode = L2CAP_MODE_BASIC;
2098 rfc.txwin_size = 0;
2099 rfc.max_transmit = 0;
2100 rfc.retrans_timeout = 0;
2101 rfc.monitor_timeout = 0;
2102 rfc.max_pdu_size = 0;
2103
63406504
GP		 2104 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2105 (unsigned long) &rfc);
65c7c491
MH		 2106 break;
2107
2108 case L2CAP_MODE_ERTM:
2109 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2110 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2111 rfc.retrans_timeout = 0;
2112 rfc.monitor_timeout = 0;
c8f79162
AE		 2113
2114 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2115 L2CAP_EXT_HDR_SIZE -
2116 L2CAP_SDULEN_SIZE -
2117 L2CAP_FCS_SIZE);
2118 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2119
6327eb98
AE		 2120 l2cap_txwin_setup(chan);
2121
2122 rfc.txwin_size = min_t(u16, chan->tx_win,
2123 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2124
63406504
GP		 2125 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2126 (unsigned long) &rfc);
2127
f89cef09
AE		 2128 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2129 l2cap_add_opt_efs(&ptr, chan);
2130
8c1d787b 2131 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2132 break;
2133
47d1ec61 2134 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2135 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2136 chan->fcs = L2CAP_FCS_NONE;
2137 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2138 }
6327eb98
AE		 2139
2140 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2141 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2142 chan->tx_win);
f2fcfcd6
GP		 2143 break;
2144
2145 case L2CAP_MODE_STREAMING:
2146 rfc.mode = L2CAP_MODE_STREAMING;
2147 rfc.txwin_size = 0;
2148 rfc.max_transmit = 0;
2149 rfc.retrans_timeout = 0;
2150 rfc.monitor_timeout = 0;
c8f79162
AE		 2151
2152 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2153 L2CAP_EXT_HDR_SIZE -
2154 L2CAP_SDULEN_SIZE -
2155 L2CAP_FCS_SIZE);
2156 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2157
63406504
GP		 2158 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2159 (unsigned long) &rfc);
2160
f89cef09
AE		 2161 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2162 l2cap_add_opt_efs(&ptr, chan);
2163
8c1d787b 2164 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2165 break;
2166
47d1ec61 2167 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2168 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2169 chan->fcs = L2CAP_FCS_NONE;
2170 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2171 }
65c7c491
MH		 2172 break;
2173 }
1da177e4 2174
fe4128e0 2175 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2176 req->flags = cpu_to_le16(0);
1da177e4
LT		 2177
2178 return ptr - data;
2179}
2180
73ffa904 2181static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2182{
5dee9e7c
MH		 2183 struct l2cap_conf_rsp *rsp = data;
2184 void *ptr = rsp->data;
73ffa904
GP		 2185 void *req = chan->conf_req;
2186 int len = chan->conf_len;
5dee9e7c
MH		 2187 int type, hint, olen;
2188 unsigned long val;
6464f35f 2189 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2190 struct l2cap_conf_efs efs;
2191 u8 remote_efs = 0;
861d6882 2192 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2193 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2194 u16 size;
1da177e4 2195
73ffa904 2196 BT_DBG("chan %p", chan);
820ae1b8 2197
5dee9e7c
MH		 2198 while (len >= L2CAP_CONF_OPT_SIZE) {
2199 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2200
589d2746 2201 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2202 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2203
2204 switch (type) {
2205 case L2CAP_CONF_MTU:
861d6882 2206 mtu = val;
5dee9e7c
MH		 2207 break;
2208
2209 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2210 chan->flush_to = val;
5dee9e7c
MH		 2211 break;
2212
2213 case L2CAP_CONF_QOS:
2214 break;
2215
6464f35f
MH		 2216 case L2CAP_CONF_RFC:
2217 if (olen == sizeof(rfc))
2218 memcpy(&rfc, (void *) val, olen);
2219 break;
2220
fcc203c3
GP		 2221 case L2CAP_CONF_FCS:
2222 if (val == L2CAP_FCS_NONE)
c1360a1c 2223 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2224 break;
fcc203c3 2225
42dceae2
AE		 2226 case L2CAP_CONF_EFS:
2227 remote_efs = 1;
2228 if (olen == sizeof(efs))
2229 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2230 break;
2231
6327eb98
AE		 2232 case L2CAP_CONF_EWS:
2233 if (!enable_hs)
2234 return -ECONNREFUSED;
fcc203c3 2235
6327eb98
AE		 2236 set_bit(FLAG_EXT_CTRL, &chan->flags);
2237 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2238 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2239 chan->remote_tx_win = val;
fcc203c3
GP		 2240 break;
2241
5dee9e7c
MH		 2242 default:
2243 if (hint)
2244 break;
2245
2246 result = L2CAP_CONF_UNKNOWN;
2247 *((u8 *) ptr++) = type;
2248 break;
2249 }
2250 }
2251
73ffa904 2252 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2253 goto done;
2254
0c1bc5c6 2255 switch (chan->mode) {
f2fcfcd6
GP		 2256 case L2CAP_MODE_STREAMING:
2257 case L2CAP_MODE_ERTM:
c1360a1c 2258 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2259 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2260 chan->conn->feat_mask);
85eb53c6
GP		 2261 break;
2262 }
2263
42dceae2
AE		 2264 if (remote_efs) {
2265 if (__l2cap_efs_supported(chan))
2266 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2267 else
2268 return -ECONNREFUSED;
2269 }
2270
0c1bc5c6 2271 if (chan->mode != rfc.mode)
f2fcfcd6 2272 return -ECONNREFUSED;
742e519b 2273
f2fcfcd6 2274 break;
f2fcfcd6
GP		 2275 }
2276
2277done:
0c1bc5c6 2278 if (chan->mode != rfc.mode) {
f2fcfcd6 2279 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2280 rfc.mode = chan->mode;
f2fcfcd6 2281
73ffa904 2282 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2283 return -ECONNREFUSED;
2284
2285 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2286 sizeof(rfc), (unsigned long) &rfc);
2287 }
2288
5dee9e7c
MH		 2289 if (result == L2CAP_CONF_SUCCESS) {
2290 /* Configure output options and let the other side know
2291 * which ones we don't like. */
2292
f2fcfcd6
GP		 2293 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2294 result = L2CAP_CONF_UNACCEPT;
2295 else {
0c1bc5c6 2296 chan->omtu = mtu;
c1360a1c 2297 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2298 }
0c1bc5c6 2299 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2300
42dceae2
AE		 2301 if (remote_efs) {
2302 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2303 efs.stype != L2CAP_SERV_NOTRAFIC &&
2304 efs.stype != chan->local_stype) {
2305
2306 result = L2CAP_CONF_UNACCEPT;
2307
2308 if (chan->num_conf_req >= 1)
2309 return -ECONNREFUSED;
2310
2311 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2312 sizeof(efs),
42dceae2 2313 (unsigned long) &efs);
0e8b207e 2314 } else {
3e6b3b95 2315 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2316 result = L2CAP_CONF_PENDING;
2317 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2318 }
2319 }
2320
f2fcfcd6
GP		 2321 switch (rfc.mode) {
2322 case L2CAP_MODE_BASIC:
47d1ec61 2323 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2324 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2325 break;
2326
2327 case L2CAP_MODE_ERTM:
6327eb98
AE		 2328 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2329 chan->remote_tx_win = rfc.txwin_size;
2330 else
2331 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2332
2c03a7a4 2333 chan->remote_max_tx = rfc.max_transmit;
1c762159 2334
c8f79162
AE		 2335 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2336 chan->conn->mtu -
2337 L2CAP_EXT_HDR_SIZE -
2338 L2CAP_SDULEN_SIZE -
2339 L2CAP_FCS_SIZE);
2340 rfc.max_pdu_size = cpu_to_le16(size);
2341 chan->remote_mps = size;
f2fcfcd6 2342
10467e9e
GP		 2343 rfc.retrans_timeout =
2344 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2345 rfc.monitor_timeout =
2346 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2347
c1360a1c 2348 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2349
2350 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2351 sizeof(rfc), (unsigned long) &rfc);
2352
42dceae2
AE		 2353 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2354 chan->remote_id = efs.id;
2355 chan->remote_stype = efs.stype;
2356 chan->remote_msdu = le16_to_cpu(efs.msdu);
2357 chan->remote_flush_to =
2358 le32_to_cpu(efs.flush_to);
2359 chan->remote_acc_lat =
2360 le32_to_cpu(efs.acc_lat);
2361 chan->remote_sdu_itime =
2362 le32_to_cpu(efs.sdu_itime);
2363 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2364 sizeof(efs), (unsigned long) &efs);
2365 }
f2fcfcd6
GP		 2366 break;
2367
2368 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2369 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2370 chan->conn->mtu -
2371 L2CAP_EXT_HDR_SIZE -
2372 L2CAP_SDULEN_SIZE -
2373 L2CAP_FCS_SIZE);
2374 rfc.max_pdu_size = cpu_to_le16(size);
2375 chan->remote_mps = size;
f2fcfcd6 2376
c1360a1c 2377 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2378
2379 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2380 sizeof(rfc), (unsigned long) &rfc);
2381
f2fcfcd6
GP		 2382 break;
2383
2384 default:
5dee9e7c 2385 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2386
6464f35f 2387 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2388 rfc.mode = chan->mode;
f2fcfcd6 2389 }
6464f35f 2390
f2fcfcd6 2391 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2392 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2393 }
fe4128e0 2394 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2395 rsp->result = cpu_to_le16(result);
2396 rsp->flags = cpu_to_le16(0x0000);
2397
2398 return ptr - data;
1da177e4
LT		 2399}
2400
b4450035 2401static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2402{
f2fcfcd6
GP		 2403 struct l2cap_conf_req *req = data;
2404 void *ptr = req->data;
2405 int type, olen;
2406 unsigned long val;
36e999a8 2407 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2408 struct l2cap_conf_efs efs;
f2fcfcd6 2409
fe4128e0 2410 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2411
2412 while (len >= L2CAP_CONF_OPT_SIZE) {
2413 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2414
2415 switch (type) {
2416 case L2CAP_CONF_MTU:
2417 if (val < L2CAP_DEFAULT_MIN_MTU) {
2418 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2419 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2420 } else
0c1bc5c6
GP		 2421 chan->imtu = val;
2422 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2423 break;
2424
2425 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2426 chan->flush_to = val;
f2fcfcd6 2427 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2428 2, chan->flush_to);
f2fcfcd6
GP		 2429 break;
2430
2431 case L2CAP_CONF_RFC:
2432 if (olen == sizeof(rfc))
2433 memcpy(&rfc, (void *)val, olen);
2434
c1360a1c 2435 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2436 rfc.mode != chan->mode)
f2fcfcd6
GP		 2437 return -ECONNREFUSED;
2438
47d1ec61 2439 chan->fcs = 0;
f2fcfcd6
GP		 2440
2441 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2442 sizeof(rfc), (unsigned long) &rfc);
2443 break;
6327eb98
AE		 2444
2445 case L2CAP_CONF_EWS:
2446 chan->tx_win = min_t(u16, val,
2447 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2448 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2449 chan->tx_win);
6327eb98 2450 break;
66af7aaf
AE		 2451
2452 case L2CAP_CONF_EFS:
2453 if (olen == sizeof(efs))
2454 memcpy(&efs, (void *)val, olen);
2455
2456 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2457 efs.stype != L2CAP_SERV_NOTRAFIC &&
2458 efs.stype != chan->local_stype)
2459 return -ECONNREFUSED;
2460
2461 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2462 sizeof(efs), (unsigned long) &efs);
2463 break;
f2fcfcd6
GP		 2464 }
2465 }
2466
0c1bc5c6 2467 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2468 return -ECONNREFUSED;
2469
0c1bc5c6 2470 chan->mode = rfc.mode;
6c2ea7a8 2471
0e8b207e 2472 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2473 switch (rfc.mode) {
2474 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2475 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2476 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2477 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2478
2479 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2480 chan->local_msdu = le16_to_cpu(efs.msdu);
2481 chan->local_sdu_itime =
2482 le32_to_cpu(efs.sdu_itime);
2483 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2484 chan->local_flush_to =
2485 le32_to_cpu(efs.flush_to);
2486 }
f2fcfcd6 2487 break;
66af7aaf 2488
f2fcfcd6 2489 case L2CAP_MODE_STREAMING:
47d1ec61 2490 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2491 }
2492 }
2493
fe4128e0 2494 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2495 req->flags = cpu_to_le16(0x0000);
2496
2497 return ptr - data;
2498}
2499
fe4128e0 2500static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2501{
2502 struct l2cap_conf_rsp *rsp = data;
2503 void *ptr = rsp->data;
1da177e4 2504
fe4128e0 2505 BT_DBG("chan %p", chan);
1da177e4 2506
fe4128e0 2507 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2508 rsp->result = cpu_to_le16(result);
aca3192c 2509 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2510
2511 return ptr - data;
2512}
2513
8c1d787b 2514void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2515{
2516 struct l2cap_conn_rsp rsp;
8c1d787b 2517 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2518 u8 buf[128];
2519
fe4128e0
GP		 2520 rsp.scid = cpu_to_le16(chan->dcid);
2521 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2522 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2523 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2524 l2cap_send_cmd(conn, chan->ident,
2525 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2526
c1360a1c 2527 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2528 return;
2529
710f9b0a
GP		 2530 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2531 l2cap_build_conf_req(chan, buf), buf);
2532 chan->num_conf_req++;
2533}
2534
47d1ec61 2535static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2536{
7b1c0049
GP		 2537 int type, olen;
2538 unsigned long val;
2539 struct l2cap_conf_rfc rfc;
2540
47d1ec61 2541 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2542
0c1bc5c6 2543 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2544 return;
2545
2546 while (len >= L2CAP_CONF_OPT_SIZE) {
2547 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2548
2549 switch (type) {
2550 case L2CAP_CONF_RFC:
2551 if (olen == sizeof(rfc))
2552 memcpy(&rfc, (void *)val, olen);
2553 goto done;
2554 }
2555 }
2556
36e999a8
MM		 2557 /* Use sane default values in case a misbehaving remote device
2558 * did not send an RFC option.
2559 */
2560 rfc.mode = chan->mode;
2561 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2562 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2563 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2564
2565 BT_ERR("Expected RFC option was not found, using defaults");
2566
7b1c0049
GP		 2567done:
2568 switch (rfc.mode) {
2569 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2570 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2571 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2572 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2573 break;
2574 case L2CAP_MODE_STREAMING:
47d1ec61 2575 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2576 }
2577}
2578
4e8402a3
MH		 2579static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2580{
e2fd318e 2581 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2582
e2fd318e 2583 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2584 return 0;
2585
2586 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2587 cmd->ident == conn->info_ident) {
17cd3f37 2588 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2589
2590 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2591 conn->info_ident = 0;
984947dc 2592
4e8402a3
MH		 2593 l2cap_conn_start(conn);
2594 }
2595
2596 return 0;
2597}
2598
1da177e4
LT		 2599static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2600{
1da177e4
LT		 2601 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2602 struct l2cap_conn_rsp rsp;
23691d75 2603 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2604 struct sock *parent, *sk = NULL;
e7c29cb1 2605 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2606
2607 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2608 __le16 psm = req->psm;
1da177e4
LT		 2609
2610 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2611
2612 /* Check if we have socket listening on psm */
23691d75
GP		 2613 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2614 if (!pchan) {
1da177e4
LT		 2615 result = L2CAP_CR_BAD_PSM;
2616 goto sendresp;
2617 }
2618
23691d75
GP		 2619 parent = pchan->sk;
2620
3df91ea2 2621 mutex_lock(&conn->chan_lock);
aa2ac881 2622 lock_sock(parent);
e0f0cb56 2623
e7c29cb1
MH		 2624 /* Check if the ACL is secure enough (if not SDP) */
2625 if (psm != cpu_to_le16(0x0001) &&
2626 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2627 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2628 result = L2CAP_CR_SEC_BLOCK;
2629 goto response;
2630 }
2631
1da177e4
LT		 2632 result = L2CAP_CR_NO_MEM;
2633
2634 /* Check for backlog size */
2635 if (sk_acceptq_is_full(parent)) {
8e87d142 2636 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2637 goto response;
2638 }
2639
80808e43
GP		 2640 chan = pchan->ops->new_connection(pchan->data);
2641 if (!chan)
1da177e4
LT		 2642 goto response;
2643
80808e43
GP		 2644 sk = chan->sk;
2645
1da177e4 2646 /* Check if we already have channel with that dcid */
baa7e1fa 2647 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2648 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2649 chan->ops->close(chan->data);
1da177e4
LT		 2650 goto response;
2651 }
2652
2653 hci_conn_hold(conn->hcon);
2654
1da177e4
LT		 2655 bacpy(&bt_sk(sk)->src, conn->src);
2656 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2657 chan->psm = psm;
2658 chan->dcid = scid;
1da177e4 2659
d1010240
GP		 2660 bt_accept_enqueue(parent, sk);
2661
3d57dc68 2662 l2cap_chan_add(conn, chan);
48454079 2663
fe4128e0 2664 dcid = chan->scid;
1da177e4 2665
c9b66675 2666 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2667
fc7f8a7e 2668 chan->ident = cmd->ident;
1da177e4 2669
984947dc 2670 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2671 if (l2cap_chan_check_security(chan)) {
f66dc81f 2672 if (bt_sk(sk)->defer_setup) {
0e587be7 2673 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2674 result = L2CAP_CR_PEND;
2675 status = L2CAP_CS_AUTHOR_PEND;
2676 parent->sk_data_ready(parent, 0);
2677 } else {
0e587be7 2678 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2679 result = L2CAP_CR_SUCCESS;
2680 status = L2CAP_CS_NO_INFO;
2681 }
79d554a6 2682 } else {
0e587be7 2683 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2684 result = L2CAP_CR_PEND;
2685 status = L2CAP_CS_AUTHEN_PEND;
2686 }
2687 } else {
0e587be7 2688 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2689 result = L2CAP_CR_PEND;
2690 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2691 }
2692
1da177e4 2693response:
aa2ac881 2694 release_sock(parent);
3df91ea2 2695 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2696
2697sendresp:
aca3192c
YH		 2698 rsp.scid = cpu_to_le16(scid);
2699 rsp.dcid = cpu_to_le16(dcid);
2700 rsp.result = cpu_to_le16(result);
2701 rsp.status = cpu_to_le16(status);
1da177e4 2702 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2703
2704 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2705 struct l2cap_info_req info;
2706 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2707
2708 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2709 conn->info_ident = l2cap_get_ident(conn);
2710
030013d8 2711 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 2712 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2713
2714 l2cap_send_cmd(conn, conn->info_ident,
2715 L2CAP_INFO_REQ, sizeof(info), &info);
2716 }
2717
c1360a1c 2718 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2719 result == L2CAP_CR_SUCCESS) {
2720 u8 buf[128];
c1360a1c 2721 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2722 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2723 l2cap_build_conf_req(chan, buf), buf);
2724 chan->num_conf_req++;
e9aeb2dd
GP		 2725 }
2726
1da177e4
LT		 2727 return 0;
2728}
2729
2730static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2731{
2732 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2733 u16 scid, dcid, result, status;
48454079 2734 struct l2cap_chan *chan;
1da177e4
LT		 2735 struct sock *sk;
2736 u8 req[128];
3df91ea2 2737 int err;
1da177e4
LT		 2738
2739 scid = __le16_to_cpu(rsp->scid);
2740 dcid = __le16_to_cpu(rsp->dcid);
2741 result = __le16_to_cpu(rsp->result);
2742 status = __le16_to_cpu(rsp->status);
2743
1b009c98
AE		 2744 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2745 dcid, scid, result, status);
1da177e4 2746
3df91ea2
AE		 2747 mutex_lock(&conn->chan_lock);
2748
1da177e4 2749 if (scid) {
3df91ea2
AE		 2750 chan = __l2cap_get_chan_by_scid(conn, scid);
2751 if (!chan) {
2752 err = -EFAULT;
2753 goto unlock;
2754 }
1da177e4 2755 } else {
3df91ea2
AE		 2756 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2757 if (!chan) {
2758 err = -EFAULT;
2759 goto unlock;
2760 }
1da177e4
LT		 2761 }
2762
3df91ea2
AE		 2763 err = 0;
2764
48454079 2765 sk = chan->sk;
3df91ea2 2766 lock_sock(sk);
48454079 2767
1da177e4
LT		 2768 switch (result) {
2769 case L2CAP_CR_SUCCESS:
89bc500e 2770 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2771 chan->ident = 0;
fe4128e0 2772 chan->dcid = dcid;
c1360a1c 2773 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2774
c1360a1c 2775 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2776 break;
2777
1da177e4 2778 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2779 l2cap_build_conf_req(chan, req), req);
2780 chan->num_conf_req++;
1da177e4
LT		 2781 break;
2782
2783 case L2CAP_CR_PEND:
c1360a1c 2784 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2785 break;
2786
2787 default:
48454079 2788 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2789 break;
2790 }
2791
aa2ac881 2792 release_sock(sk);
3df91ea2
AE		 2793
2794unlock:
2795 mutex_unlock(&conn->chan_lock);
2796
2797 return err;
1da177e4
LT		 2798}
2799
47d1ec61 2800static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2801{
2802 /* FCS is enabled only in ERTM or streaming mode, if one or both
2803 * sides request it.
2804 */
0c1bc5c6 2805 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2806 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2807 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2808 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2809}
2810
88219a0f 2811static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2812{
2813 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2814 u16 dcid, flags;
2815 u8 rsp[64];
48454079 2816 struct l2cap_chan *chan;
1da177e4 2817 struct sock *sk;
5dee9e7c 2818 int len;
1da177e4
LT		 2819
2820 dcid = __le16_to_cpu(req->dcid);
2821 flags = __le16_to_cpu(req->flags);
2822
2823 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2824
baa7e1fa 2825 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2826 if (!chan)
1da177e4
LT		 2827 return -ENOENT;
2828
48454079 2829 sk = chan->sk;
3df91ea2 2830 lock_sock(sk);
48454079 2831
033b1142 2832 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2833 struct l2cap_cmd_rej_cid rej;
2834
2835 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2836 rej.scid = cpu_to_le16(chan->scid);
2837 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2838
df6bd743
GP		 2839 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2840 sizeof(rej), &rej);
354f60a9 2841 goto unlock;
df6bd743 2842 }
354f60a9 2843
5dee9e7c 2844 /* Reject if config buffer is too small. */
88219a0f 2845 len = cmd_len - sizeof(*req);
7ac28817 2846 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2847 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2848 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2849 L2CAP_CONF_REJECT, flags), rsp);
2850 goto unlock;
2851 }
2852
2853 /* Store config. */
73ffa904
GP		 2854 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2855 chan->conf_len += len;
1da177e4
LT		 2856
2857 if (flags & 0x0001) {
2858 /* Incomplete config. Send empty response. */
2859 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2860 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2861 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2862 goto unlock;
2863 }
2864
2865 /* Complete config. */
73ffa904 2866 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2867 if (len < 0) {
e92c8e70 2868 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2869 goto unlock;
f2fcfcd6 2870 }
1da177e4 2871
5dee9e7c 2872 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2873 chan->num_conf_rsp++;
5dee9e7c 2874
5dee9e7c 2875 /* Reset config buffer. */
73ffa904 2876 chan->conf_len = 0;
5dee9e7c 2877
c1360a1c 2878 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2879 goto unlock;
2880
c1360a1c 2881 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2882 set_default_fcs(chan);
fcc203c3 2883
89bc500e 2884 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2885
42e5c802
GP		 2886 chan->next_tx_seq = 0;
2887 chan->expected_tx_seq = 0;
58d35f87 2888 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2889 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2890 l2cap_ertm_init(chan);
0565c1c2 2891
cf4cd009 2892 l2cap_chan_ready(chan);
876d9484
MH		 2893 goto unlock;
2894 }
2895
c1360a1c 2896 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2897 u8 buf[64];
1da177e4 2898 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2899 l2cap_build_conf_req(chan, buf), buf);
2900 chan->num_conf_req++;
1da177e4
LT		 2901 }
2902
0e8b207e
AE		 2903 /* Got Conf Rsp PENDING from remote side and asume we sent
2904 Conf Rsp PENDING in the code above */
2905 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2906 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2907
2908 /* check compatibility */
2909
2910 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2911 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2912
2913 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2914 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2915 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2916 }
2917
1da177e4 2918unlock:
aa2ac881 2919 release_sock(sk);
1da177e4
LT		 2920 return 0;
2921}
2922
2923static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2924{
2925 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2926 u16 scid, flags, result;
48454079 2927 struct l2cap_chan *chan;
1da177e4 2928 struct sock *sk;
7b1c0049 2929 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2930
2931 scid = __le16_to_cpu(rsp->scid);
2932 flags = __le16_to_cpu(rsp->flags);
2933 result = __le16_to_cpu(rsp->result);
2934
af05b30b
GP		 2935 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2936 scid, flags, result);
1da177e4 2937
baa7e1fa 2938 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2939 if (!chan)
1da177e4
LT		 2940 return 0;
2941
48454079 2942 sk = chan->sk;
3df91ea2 2943 lock_sock(sk);
48454079 2944
1da177e4
LT		 2945 switch (result) {
2946 case L2CAP_CONF_SUCCESS:
47d1ec61 2947 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2948 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2949 break;
2950
0e8b207e
AE		 2951 case L2CAP_CONF_PENDING:
2952 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2953
2954 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2955 char buf[64];
2956
2957 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2958 buf, &result);
2959 if (len < 0) {
2960 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2961 goto done;
2962 }
2963
2964 /* check compatibility */
2965
2966 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2967 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2968
2969 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2970 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 2971 L2CAP_CONF_SUCCESS, 0x0000), buf);
2972 }
2973 goto done;
2974
1da177e4 2975 case L2CAP_CONF_UNACCEPT:
73ffa904 2976 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2977 char req[64];
2978
c2c77ec8 2979 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2980 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2981 goto done;
2982 }
2983
f2fcfcd6
GP		 2984 /* throw out any old stored conf requests */
2985 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2986 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2987 req, &result);
f2fcfcd6 2988 if (len < 0) {
e92c8e70 2989 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2990 goto done;
2991 }
2992
2993 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2994 L2CAP_CONF_REQ, len, req);
73ffa904 2995 chan->num_conf_req++;
f2fcfcd6
GP		 2996 if (result != L2CAP_CONF_SUCCESS)
2997 goto done;
2998 break;
1da177e4
LT		 2999 }
3000
8e87d142 3001 default:
2e0052e4
AE		 3002 __l2cap_chan_set_err(chan, ECONNRESET);
3003
b83ddfe2
AK		 3004 __set_chan_timer(chan,
3005 msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT));
e92c8e70 3006 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3007 goto done;
3008 }
3009
3010 if (flags & 0x01)
3011 goto done;
3012
c1360a1c 3013 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3014
c1360a1c 3015 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3016 set_default_fcs(chan);
fcc203c3 3017
89bc500e 3018 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3019 chan->next_tx_seq = 0;
3020 chan->expected_tx_seq = 0;
58d35f87 3021 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3022 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3023 l2cap_ertm_init(chan);
0565c1c2 3024
cf4cd009 3025 l2cap_chan_ready(chan);
1da177e4
LT		 3026 }
3027
3028done:
aa2ac881 3029 release_sock(sk);
1da177e4
LT		 3030 return 0;
3031}
3032
3033static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3034{
3035 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3036 struct l2cap_disconn_rsp rsp;
3037 u16 dcid, scid;
48454079 3038 struct l2cap_chan *chan;
1da177e4
LT		 3039 struct sock *sk;
3040
3041 scid = __le16_to_cpu(req->scid);
3042 dcid = __le16_to_cpu(req->dcid);
3043
3044 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3045
3df91ea2
AE		 3046 mutex_lock(&conn->chan_lock);
3047
3048 chan = __l2cap_get_chan_by_scid(conn, dcid);
3049 if (!chan) {
3050 mutex_unlock(&conn->chan_lock);
1da177e4 3051 return 0;
3df91ea2 3052 }
1da177e4 3053
48454079 3054 sk = chan->sk;
3df91ea2 3055 lock_sock(sk);
48454079 3056
fe4128e0
GP		 3057 rsp.dcid = cpu_to_le16(chan->scid);
3058 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3059 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3060
3061 sk->sk_shutdown = SHUTDOWN_MASK;
3062
48454079 3063 l2cap_chan_del(chan, ECONNRESET);
aa2ac881 3064 release_sock(sk);
1da177e4 3065
ba3bd0ee 3066 chan->ops->close(chan->data);
3df91ea2
AE		 3067
3068 mutex_unlock(&conn->chan_lock);
3069
1da177e4
LT		 3070 return 0;
3071}
3072
3073static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3074{
3075 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3076 u16 dcid, scid;
48454079 3077 struct l2cap_chan *chan;
1da177e4
LT		 3078 struct sock *sk;
3079
3080 scid = __le16_to_cpu(rsp->scid);
3081 dcid = __le16_to_cpu(rsp->dcid);
3082
3083 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3084
3df91ea2
AE		 3085 mutex_lock(&conn->chan_lock);
3086
3087 chan = __l2cap_get_chan_by_scid(conn, scid);
3088 if (!chan) {
3089 mutex_unlock(&conn->chan_lock);
1da177e4 3090 return 0;
3df91ea2 3091 }
1da177e4 3092
48454079 3093 sk = chan->sk;
3df91ea2 3094 lock_sock(sk);
48454079 3095
48454079 3096 l2cap_chan_del(chan, 0);
aa2ac881 3097 release_sock(sk);
1da177e4 3098
ba3bd0ee 3099 chan->ops->close(chan->data);
3df91ea2
AE		 3100
3101 mutex_unlock(&conn->chan_lock);
3102
1da177e4
LT		 3103 return 0;
3104}
3105
3106static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3107{
3108 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3109 u16 type;
3110
3111 type = __le16_to_cpu(req->type);
3112
3113 BT_DBG("type 0x%4.4x", type);
3114
f0709e03
MH		 3115 if (type == L2CAP_IT_FEAT_MASK) {
3116 u8 buf[8];
44dd46de 3117 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3118 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3119 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3120 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3121 if (!disable_ertm)
fcc203c3
GP		 3122 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3123 | L2CAP_FEAT_FCS;
a5fd6f30 3124 if (enable_hs)
6327eb98
AE		 3125 feat_mask |= L2CAP_FEAT_EXT_FLOW
3126 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3127
1b7bf4ed 3128 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3129 l2cap_send_cmd(conn, cmd->ident,
3130 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3131 } else if (type == L2CAP_IT_FIXED_CHAN) {
3132 u8 buf[12];
3133 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3134
3135 if (enable_hs)
3136 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3137 else
3138 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3139
e1027a7c
MH		 3140 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3141 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3142 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3143 l2cap_send_cmd(conn, cmd->ident,
3144 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3145 } else {
3146 struct l2cap_info_rsp rsp;
3147 rsp.type = cpu_to_le16(type);
3148 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3149 l2cap_send_cmd(conn, cmd->ident,
3150 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3151 }
1da177e4
LT		 3152
3153 return 0;
3154}
3155
3156static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3157{
3158 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3159 u16 type, result;
3160
3161 type = __le16_to_cpu(rsp->type);
3162 result = __le16_to_cpu(rsp->result);
3163
3164 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3165
e90165be
AE		 3166 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3167 if (cmd->ident != conn->info_ident ||
3168 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3169 return 0;
3170
17cd3f37 3171 cancel_delayed_work(&conn->info_timer);
4e8402a3 3172
adb08ede
VT		 3173 if (result != L2CAP_IR_SUCCESS) {
3174 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3175 conn->info_ident = 0;
3176
3177 l2cap_conn_start(conn);
3178
3179 return 0;
3180 }
3181
984947dc 3182 if (type == L2CAP_IT_FEAT_MASK) {
83985319 3183 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3184
47ec1dcd 3185 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3186 struct l2cap_info_req req;
3187 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3188
3189 conn->info_ident = l2cap_get_ident(conn);
3190
3191 l2cap_send_cmd(conn, conn->info_ident,
3192 L2CAP_INFO_REQ, sizeof(req), &req);
3193 } else {
3194 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3195 conn->info_ident = 0;
3196
3197 l2cap_conn_start(conn);
3198 }
3199 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 3200 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3201 conn->info_ident = 0;
984947dc
MH		 3202
3203 l2cap_conn_start(conn);
3204 }
4e8402a3 3205
1da177e4
LT		 3206 return 0;
3207}
3208
f94ff6ff
MM		 3209static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3210 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3211 void *data)
3212{
3213 struct l2cap_create_chan_req *req = data;
3214 struct l2cap_create_chan_rsp rsp;
3215 u16 psm, scid;
3216
3217 if (cmd_len != sizeof(*req))
3218 return -EPROTO;
3219
3220 if (!enable_hs)
3221 return -EINVAL;
3222
3223 psm = le16_to_cpu(req->psm);
3224 scid = le16_to_cpu(req->scid);
3225
3226 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3227
3228 /* Placeholder: Always reject */
3229 rsp.dcid = 0;
3230 rsp.scid = cpu_to_le16(scid);
3231 rsp.result = L2CAP_CR_NO_MEM;
3232 rsp.status = L2CAP_CS_NO_INFO;
3233
3234 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3235 sizeof(rsp), &rsp);
3236
3237 return 0;
3238}
3239
3240static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3241 struct l2cap_cmd_hdr *cmd, void *data)
3242{
3243 BT_DBG("conn %p", conn);
3244
3245 return l2cap_connect_rsp(conn, cmd, data);
3246}
3247
8d5a04a1
MM		 3248static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3249 u16 icid, u16 result)
3250{
3251 struct l2cap_move_chan_rsp rsp;
3252
3253 BT_DBG("icid %d, result %d", icid, result);
3254
3255 rsp.icid = cpu_to_le16(icid);
3256 rsp.result = cpu_to_le16(result);
3257
3258 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3259}
3260
3261static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3262 struct l2cap_chan *chan, u16 icid, u16 result)
3263{
3264 struct l2cap_move_chan_cfm cfm;
3265 u8 ident;
3266
3267 BT_DBG("icid %d, result %d", icid, result);
3268
3269 ident = l2cap_get_ident(conn);
3270 if (chan)
3271 chan->ident = ident;
3272
3273 cfm.icid = cpu_to_le16(icid);
3274 cfm.result = cpu_to_le16(result);
3275
3276 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3277}
3278
3279static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3280 u16 icid)
3281{
3282 struct l2cap_move_chan_cfm_rsp rsp;
3283
3284 BT_DBG("icid %d", icid);
3285
3286 rsp.icid = cpu_to_le16(icid);
3287 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3288}
3289
3290static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3291 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3292{
3293 struct l2cap_move_chan_req *req = data;
3294 u16 icid = 0;
3295 u16 result = L2CAP_MR_NOT_ALLOWED;
3296
3297 if (cmd_len != sizeof(*req))
3298 return -EPROTO;
3299
3300 icid = le16_to_cpu(req->icid);
3301
3302 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3303
3304 if (!enable_hs)
3305 return -EINVAL;
3306
3307 /* Placeholder: Always refuse */
3308 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3309
3310 return 0;
3311}
3312
3313static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3314 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3315{
3316 struct l2cap_move_chan_rsp *rsp = data;
3317 u16 icid, result;
3318
3319 if (cmd_len != sizeof(*rsp))
3320 return -EPROTO;
3321
3322 icid = le16_to_cpu(rsp->icid);
3323 result = le16_to_cpu(rsp->result);
3324
3325 BT_DBG("icid %d, result %d", icid, result);
3326
3327 /* Placeholder: Always unconfirmed */
3328 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3329
3330 return 0;
3331}
3332
3333static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3334 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3335{
3336 struct l2cap_move_chan_cfm *cfm = data;
3337 u16 icid, result;
3338
3339 if (cmd_len != sizeof(*cfm))
3340 return -EPROTO;
3341
3342 icid = le16_to_cpu(cfm->icid);
3343 result = le16_to_cpu(cfm->result);
3344
3345 BT_DBG("icid %d, result %d", icid, result);
3346
3347 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3348
3349 return 0;
3350}
3351
3352static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3353 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3354{
3355 struct l2cap_move_chan_cfm_rsp *rsp = data;
3356 u16 icid;
3357
3358 if (cmd_len != sizeof(*rsp))
3359 return -EPROTO;
3360
3361 icid = le16_to_cpu(rsp->icid);
3362
3363 BT_DBG("icid %d", icid);
3364
3365 return 0;
3366}
3367
e2174ca4 3368static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3369 u16 to_multiplier)
3370{
3371 u16 max_latency;
3372
3373 if (min > max || min < 6 || max > 3200)
3374 return -EINVAL;
3375
3376 if (to_multiplier < 10 || to_multiplier > 3200)
3377 return -EINVAL;
3378
3379 if (max >= to_multiplier * 8)
3380 return -EINVAL;
3381
3382 max_latency = (to_multiplier * 8 / max) - 1;
3383 if (latency > 499 || latency > max_latency)
3384 return -EINVAL;
3385
3386 return 0;
3387}
3388
3389static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3390 struct l2cap_cmd_hdr *cmd, u8 *data)
3391{
3392 struct hci_conn *hcon = conn->hcon;
3393 struct l2cap_conn_param_update_req *req;
3394 struct l2cap_conn_param_update_rsp rsp;
3395 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3396 int err;
de73115a
CT		 3397
3398 if (!(hcon->link_mode & HCI_LM_MASTER))
3399 return -EINVAL;
3400
3401 cmd_len = __le16_to_cpu(cmd->len);
3402 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3403 return -EPROTO;
3404
3405 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3406 min = __le16_to_cpu(req->min);
3407 max = __le16_to_cpu(req->max);
de73115a
CT		 3408 latency = __le16_to_cpu(req->latency);
3409 to_multiplier = __le16_to_cpu(req->to_multiplier);
3410
3411 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3412 min, max, latency, to_multiplier);
3413
3414 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3415
3416 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3417 if (err)
de73115a
CT		 3418 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3419 else
3420 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3421
3422 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3423 sizeof(rsp), &rsp);
3424
2ce603eb
CT		 3425 if (!err)
3426 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3427
de73115a
CT		 3428 return 0;
3429}
3430
3300d9a9
CT		 3431static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3432 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3433{
3434 int err = 0;
3435
3436 switch (cmd->code) {
3437 case L2CAP_COMMAND_REJ:
3438 l2cap_command_rej(conn, cmd, data);
3439 break;
3440
3441 case L2CAP_CONN_REQ:
3442 err = l2cap_connect_req(conn, cmd, data);
3443 break;
3444
3445 case L2CAP_CONN_RSP:
3446 err = l2cap_connect_rsp(conn, cmd, data);
3447 break;
3448
3449 case L2CAP_CONF_REQ:
3450 err = l2cap_config_req(conn, cmd, cmd_len, data);
3451 break;
3452
3453 case L2CAP_CONF_RSP:
3454 err = l2cap_config_rsp(conn, cmd, data);
3455 break;
3456
3457 case L2CAP_DISCONN_REQ:
3458 err = l2cap_disconnect_req(conn, cmd, data);
3459 break;
3460
3461 case L2CAP_DISCONN_RSP:
3462 err = l2cap_disconnect_rsp(conn, cmd, data);
3463 break;
3464
3465 case L2CAP_ECHO_REQ:
3466 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3467 break;
3468
3469 case L2CAP_ECHO_RSP:
3470 break;
3471
3472 case L2CAP_INFO_REQ:
3473 err = l2cap_information_req(conn, cmd, data);
3474 break;
3475
3476 case L2CAP_INFO_RSP:
3477 err = l2cap_information_rsp(conn, cmd, data);
3478 break;
3479
f94ff6ff
MM		 3480 case L2CAP_CREATE_CHAN_REQ:
3481 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3482 break;
3483
3484 case L2CAP_CREATE_CHAN_RSP:
3485 err = l2cap_create_channel_rsp(conn, cmd, data);
3486 break;
3487
8d5a04a1
MM		 3488 case L2CAP_MOVE_CHAN_REQ:
3489 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3490 break;
3491
3492 case L2CAP_MOVE_CHAN_RSP:
3493 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3494 break;
3495
3496 case L2CAP_MOVE_CHAN_CFM:
3497 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3498 break;
3499
3500 case L2CAP_MOVE_CHAN_CFM_RSP:
3501 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3502 break;
3503
3300d9a9
CT		 3504 default:
3505 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3506 err = -EINVAL;
3507 break;
3508 }
3509
3510 return err;
3511}
3512
3513static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3514 struct l2cap_cmd_hdr *cmd, u8 *data)
3515{
3516 switch (cmd->code) {
3517 case L2CAP_COMMAND_REJ:
3518 return 0;
3519
3520 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3521 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3522
3523 case L2CAP_CONN_PARAM_UPDATE_RSP:
3524 return 0;
3525
3526 default:
3527 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3528 return -EINVAL;
3529 }
3530}
3531
3532static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3533 struct sk_buff *skb)
1da177e4
LT		 3534{
3535 u8 *data = skb->data;
3536 int len = skb->len;
3537 struct l2cap_cmd_hdr cmd;
3300d9a9 3538 int err;
1da177e4
LT		 3539
3540 l2cap_raw_recv(conn, skb);
3541
3542 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3543 u16 cmd_len;
1da177e4
LT		 3544 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3545 data += L2CAP_CMD_HDR_SIZE;
3546 len -= L2CAP_CMD_HDR_SIZE;
3547
88219a0f 3548 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3549
88219a0f 3550 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3551
88219a0f 3552 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3553 BT_DBG("corrupted command");
3554 break;
3555 }
3556
3300d9a9
CT		 3557 if (conn->hcon->type == LE_LINK)
3558 err = l2cap_le_sig_cmd(conn, &cmd, data);
3559 else
3560 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3561
3562 if (err) {
e2fd318e 3563 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3564
3565 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3566
3567 /* FIXME: Map err to a valid reason */
e2fd318e 3568 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3569 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3570 }
3571
88219a0f
AV		 3572 data += cmd_len;
3573 len -= cmd_len;
1da177e4
LT		 3574 }
3575
3576 kfree_skb(skb);
3577}
3578
47d1ec61 3579static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3580{
3581 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3582 int hdr_size;
3583
3584 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3585 hdr_size = L2CAP_EXT_HDR_SIZE;
3586 else
3587 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3588
47d1ec61 3589 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3590 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3591 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3592 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3593
3594 if (our_fcs != rcv_fcs)
7a560e5c 3595 return -EBADMSG;
fcc203c3
GP		 3596 }
3597 return 0;
3598}
3599
525cd185 3600static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3601{
88843ab0 3602 u32 control = 0;
d5392c8f 3603
6a026610 3604 chan->frames_sent = 0;
d5392c8f 3605
0b209fae 3606 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3607
e2ab4353 3608 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3609 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3610 l2cap_send_sframe(chan, control);
e2ab4353 3611 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3612 }
3613
e2ab4353 3614 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3615 l2cap_retransmit_frames(chan);
d5392c8f 3616
525cd185 3617 l2cap_ertm_send(chan);
d5392c8f 3618
e2ab4353 3619 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3620 chan->frames_sent == 0) {
ab784b73 3621 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3622 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3623 }
3624}
3625
fb45de7d 3626static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3627{
3628 struct sk_buff *next_skb;
bfbacc11 3629 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3630
3631 bt_cb(skb)->tx_seq = tx_seq;
3632 bt_cb(skb)->sar = sar;
3633
f1c6775b 3634 next_skb = skb_peek(&chan->srej_q);
8f17154f 3635
836be934 3636 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3637
039d9572 3638 while (next_skb) {
9b53350d
JPRV		 3639 if (bt_cb(next_skb)->tx_seq == tx_seq)
3640 return -EINVAL;
3641
836be934
AE		 3642 next_tx_seq_offset = __seq_offset(chan,
3643 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3644
3645 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3646 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3647 return 0;
8f17154f
GP		 3648 }
3649
f1c6775b 3650 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3651 next_skb = NULL;
3652 else
3653 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3654 }
8f17154f 3655
f1c6775b 3656 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3657
3658 return 0;
8f17154f
GP		 3659}
3660
84084a31
MM		 3661static void append_skb_frag(struct sk_buff *skb,
3662 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3663{
84084a31
MM		 3664 /* skb->len reflects data in skb as well as all fragments
3665 * skb->data_len reflects only data in fragments
3666 */
3667 if (!skb_has_frag_list(skb))
3668 skb_shinfo(skb)->frag_list = new_frag;
3669
3670 new_frag->next = NULL;
3671
3672 (*last_frag)->next = new_frag;
3673 *last_frag = new_frag;
3674
3675 skb->len += new_frag->len;
3676 skb->data_len += new_frag->len;
3677 skb->truesize += new_frag->truesize;
3678}
3679
88843ab0 3680static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3681{
3682 int err = -EINVAL;
18778a63 3683
7e0ef6ee
AE		 3684 switch (__get_ctrl_sar(chan, control)) {
3685 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3686 if (chan->sdu)
3687 break;
18778a63 3688
84084a31
MM		 3689 err = chan->ops->recv(chan->data, skb);
3690 break;
18778a63 3691
7e0ef6ee 3692 case L2CAP_SAR_START:
84084a31
MM		 3693 if (chan->sdu)
3694 break;
18778a63 3695
6f61fd47 3696 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3697 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3698
84084a31
MM		 3699 if (chan->sdu_len > chan->imtu) {
3700 err = -EMSGSIZE;
3701 break;
3702 }
1890d36b 3703
84084a31
MM		 3704 if (skb->len >= chan->sdu_len)
3705 break;
18778a63 3706
84084a31
MM		 3707 chan->sdu = skb;
3708 chan->sdu_last_frag = skb;
18778a63 3709
84084a31
MM		 3710 skb = NULL;
3711 err = 0;
18778a63
GP		 3712 break;
3713
7e0ef6ee 3714 case L2CAP_SAR_CONTINUE:
6f61fd47 3715 if (!chan->sdu)
84084a31 3716 break;
18778a63 3717
84084a31
MM		 3718 append_skb_frag(chan->sdu, skb,
3719 &chan->sdu_last_frag);
3720 skb = NULL;
18778a63 3721
84084a31
MM		 3722 if (chan->sdu->len >= chan->sdu_len)
3723 break;
4178ba46 3724
84084a31 3725 err = 0;
18778a63
GP		 3726 break;
3727
7e0ef6ee 3728 case L2CAP_SAR_END:
6f61fd47 3729 if (!chan->sdu)
84084a31 3730 break;
18778a63 3731
84084a31
MM		 3732 append_skb_frag(chan->sdu, skb,
3733 &chan->sdu_last_frag);
3734 skb = NULL;
4178ba46 3735
84084a31
MM		 3736 if (chan->sdu->len != chan->sdu_len)
3737 break;
18778a63 3738
84084a31 3739 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3740
84084a31
MM		 3741 if (!err) {
3742 /* Reassembly complete */
3743 chan->sdu = NULL;
3744 chan->sdu_last_frag = NULL;
3745 chan->sdu_len = 0;
1890d36b 3746 }
18778a63
GP		 3747 break;
3748 }
3749
84084a31
MM		 3750 if (err) {
3751 kfree_skb(skb);
3752 kfree_skb(chan->sdu);
3753 chan->sdu = NULL;
3754 chan->sdu_last_frag = NULL;
3755 chan->sdu_len = 0;
3756 }
18778a63 3757
84084a31 3758 return err;
18778a63
GP		 3759}
3760
26f880d2 3761static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3762{
26f880d2 3763 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3764
26f880d2
MM		 3765 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3766
77f918bc 3767 __set_ack_timer(chan);
26f880d2
MM		 3768}
3769
3770static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3771{
88843ab0 3772 u32 control;
712132eb 3773
e2ab4353 3774 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3775 goto done;
3776
0b209fae 3777 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3778 control |= __set_ctrl_poll(chan);
ab784b73 3779 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3780 l2cap_send_sframe(chan, control);
6a026610 3781 chan->retry_count = 1;
712132eb 3782
1a09bcb9
GP		 3783 __clear_retrans_timer(chan);
3784 __set_monitor_timer(chan);
712132eb 3785
e2ab4353 3786 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3787
3788done:
e2ab4353
GP		 3789 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3790 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3791
49208c9c 3792 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3793}
3794
e328140f 3795void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3796{
e328140f
MM		 3797 if (chan->mode == L2CAP_MODE_ERTM) {
3798 if (busy)
3799 l2cap_ertm_enter_local_busy(chan);
3800 else
3801 l2cap_ertm_exit_local_busy(chan);
1890d36b 3802 }
1890d36b
GP		 3803}
3804
fb45de7d 3805static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3806{
3807 struct sk_buff *skb;
88843ab0 3808 u32 control;
8f17154f 3809
e328140f
MM		 3810 while ((skb = skb_peek(&chan->srej_q)) &&
3811 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3812 int err;
3813
8f17154f
GP		 3814 if (bt_cb(skb)->tx_seq != tx_seq)
3815 break;
3816
f1c6775b 3817 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3818 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3819 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3820
3821 if (err < 0) {
3822 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3823 break;
3824 }
3825
836be934
AE		 3826 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3827 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3828 }
3829}
3830
fb45de7d 3831static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3832{
8f17154f 3833 struct srej_list *l, *tmp;
88843ab0 3834 u32 control;
8f17154f 3835
39d5a3ee 3836 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3837 if (l->tx_seq == tx_seq) {
3838 list_del(&l->list);
3839 kfree(l);
3840 return;
3841 }
ab784b73 3842 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3843 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3844 l2cap_send_sframe(chan, control);
8f17154f 3845 list_del(&l->list);
39d5a3ee 3846 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3847 }
3848}
3849
aef89f21 3850static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3851{
8f17154f 3852 struct srej_list *new;
88843ab0 3853 u32 control;
8f17154f 3854
42e5c802 3855 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3856 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3857 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3858 l2cap_send_sframe(chan, control);
8f17154f
GP		 3859
3860 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3861 if (!new)
3862 return -ENOMEM;
3863
42e5c802 3864 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3865
3866 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3867
39d5a3ee 3868 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3869 }
836be934
AE		 3870
3871 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3872
3873 return 0;
8f17154f
GP		 3874}
3875
88843ab0 3876static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3877{
fb45de7d 3878 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3879 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3880 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3881 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3882 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3883 int err = 0;
3884
88843ab0 3885 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3886 tx_seq, rx_control);
1c2acffb 3887
03f6715d 3888 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3889 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3890 __clear_monitor_timer(chan);
6a026610 3891 if (chan->unacked_frames > 0)
1a09bcb9 3892 __set_retrans_timer(chan);
e2ab4353 3893 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3894 }
3895
42e5c802
GP		 3896 chan->expected_ack_seq = req_seq;
3897 l2cap_drop_acked_frames(chan);
9f121a5a 3898
836be934 3899 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3900
3901 /* invalid tx_seq */
47d1ec61 3902 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3903 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3904 goto drop;
3905 }
3906
77f918bc
SJ		 3907 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3908 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3909 l2cap_send_ack(chan);
1890d36b 3910 goto drop;
77f918bc 3911 }
1890d36b 3912
02f1b641
MM		 3913 if (tx_seq == chan->expected_tx_seq)
3914 goto expected;
3915
e2ab4353 3916 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3917 struct srej_list *first;
30afb5b2 3918
39d5a3ee 3919 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3920 struct srej_list, list);
3921 if (tx_seq == first->tx_seq) {
42e5c802 3922 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3923 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3924
3925 list_del(&first->list);
3926 kfree(first);
3927
39d5a3ee 3928 if (list_empty(&chan->srej_l)) {
42e5c802 3929 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3930 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3931 l2cap_send_ack(chan);
49208c9c 3932 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3933 }
3934 } else {
3935 struct srej_list *l;
9b53350d
JPRV		 3936
3937 /* duplicated tx_seq */
42e5c802 3938 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3939 goto drop;
8f17154f 3940
39d5a3ee 3941 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3942 if (l->tx_seq == tx_seq) {
525cd185 3943 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3944 return 0;
3945 }
3946 }
aef89f21
SJ		 3947
3948 err = l2cap_send_srejframe(chan, tx_seq);
3949 if (err < 0) {
3950 l2cap_send_disconn_req(chan->conn, chan, -err);
3951 return err;
3952 }
30afb5b2
GP		 3953 }
3954 } else {
836be934
AE		 3955 expected_tx_seq_offset = __seq_offset(chan,
3956 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3957
3958 /* duplicated tx_seq */
3959 if (tx_seq_offset < expected_tx_seq_offset)
3960 goto drop;
3961
e2ab4353 3962 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3963
49208c9c 3964 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3965
39d5a3ee 3966 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3967 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3968
f1c6775b 3969 __skb_queue_head_init(&chan->srej_q);
42e5c802 3970 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3971
0ef3ef0f
SJ		 3972 /* Set P-bit only if there are some I-frames to ack. */
3973 if (__clear_ack_timer(chan))
3974 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 3975
aef89f21
SJ		 3976 err = l2cap_send_srejframe(chan, tx_seq);
3977 if (err < 0) {
3978 l2cap_send_disconn_req(chan->conn, chan, -err);
3979 return err;
3980 }
1c2acffb 3981 }
30afb5b2
GP		 3982 return 0;
3983
8f17154f 3984expected:
836be934 3985 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 3986
e2ab4353 3987 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 3988 bt_cb(skb)->tx_seq = tx_seq;
3989 bt_cb(skb)->sar = sar;
f1c6775b 3990 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3991 return 0;
3992 }
3993
84084a31 3994 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 3995 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
3996
e328140f
MM		 3997 if (err < 0) {
3998 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3999 return err;
4000 }
2ece3684 4001
03f6715d 4002 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4003 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4004 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4005 }
4006
c1b4f43b 4007
6a026610
GP		 4008 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4009 if (chan->num_acked == num_to_ack - 1)
525cd185 4010 l2cap_send_ack(chan);
4d611e4d
GP		 4011 else
4012 __set_ack_timer(chan);
9e917af1 4013
8f17154f 4014 return 0;
9b53350d
JPRV		 4015
4016drop:
4017 kfree_skb(skb);
4018 return 0;
1c2acffb
GP		 4019}
4020
88843ab0 4021static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4022{
88843ab0 4023 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4024 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4025
0b209fae 4026 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4027 l2cap_drop_acked_frames(chan);
1c2acffb 4028
e3781735 4029 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4030 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4031 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4032 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4033 (chan->unacked_frames > 0))
1a09bcb9 4034 __set_retrans_timer(chan);
05fbd89d 4035
e2ab4353 4036 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4037 l2cap_send_srejtail(chan);
05fbd89d 4038 } else {
525cd185 4039 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4040 }
1d8f5d16 4041
03f6715d 4042 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4043 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4044
e2ab4353 4045 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4046 l2cap_retransmit_frames(chan);
2246b2f1 4047
e072745f 4048 } else {
e2ab4353 4049 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4050 (chan->unacked_frames > 0))
1a09bcb9 4051 __set_retrans_timer(chan);
1c2acffb 4052
e2ab4353
GP		 4053 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4054 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4055 l2cap_send_ack(chan);
894718a6 4056 else
525cd185 4057 l2cap_ertm_send(chan);
e072745f
GP		 4058 }
4059}
2246b2f1 4060
88843ab0 4061static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4062{
0b209fae 4063 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4064
88843ab0 4065 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4066
e2ab4353 4067 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4068
42e5c802
GP		 4069 chan->expected_ack_seq = tx_seq;
4070 l2cap_drop_acked_frames(chan);
e072745f 4071
03f6715d 4072 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4073 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4074 l2cap_retransmit_frames(chan);
e072745f 4075 } else {
525cd185 4076 l2cap_retransmit_frames(chan);
30afb5b2 4077
e2ab4353
GP		 4078 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4079 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4080 }
4081}
88843ab0 4082static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4083{
0b209fae 4084 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4085
88843ab0 4086 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4087
e2ab4353 4088 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4089
e3781735 4090 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4091 chan->expected_ack_seq = tx_seq;
4092 l2cap_drop_acked_frames(chan);
3cb123d1 4093
e2ab4353 4094 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4095 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4096
525cd185 4097 l2cap_ertm_send(chan);
dfc909be 4098
e2ab4353 4099 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4100 chan->srej_save_reqseq = tx_seq;
e2ab4353 4101 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4102 }
03f6715d 4103 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4104 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4105 chan->srej_save_reqseq == tx_seq)
e2ab4353 4106 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4107 else
525cd185 4108 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4109 } else {
525cd185 4110 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4111 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4112 chan->srej_save_reqseq = tx_seq;
e2ab4353 4113 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4114 }
e072745f
GP		 4115 }
4116}
4117
88843ab0 4118static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4119{
0b209fae 4120 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4121
88843ab0 4122 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4123
e2ab4353 4124 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4125 chan->expected_ack_seq = tx_seq;
4126 l2cap_drop_acked_frames(chan);
e072745f 4127
e3781735 4128 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4129 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4130
e2ab4353 4131 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4132 __clear_retrans_timer(chan);
e3781735 4133 if (__is_ctrl_poll(chan, rx_control))
525cd185 4134 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4135 return;
e072745f 4136 }
99b0d4b7 4137
e3781735 4138 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4139 l2cap_send_srejtail(chan);
ab784b73
AE		 4140 } else {
4141 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4142 l2cap_send_sframe(chan, rx_control);
4143 }
e072745f
GP		 4144}
4145
88843ab0 4146static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4147{
88843ab0 4148 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4149
03f6715d 4150 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4151 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4152 __clear_monitor_timer(chan);
6a026610 4153 if (chan->unacked_frames > 0)
1a09bcb9 4154 __set_retrans_timer(chan);
e2ab4353 4155 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4156 }
4157
ab784b73
AE		 4158 switch (__get_ctrl_super(chan, rx_control)) {
4159 case L2CAP_SUPER_RR:
525cd185 4160 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4161 break;
4162
ab784b73 4163 case L2CAP_SUPER_REJ:
525cd185 4164 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4165 break;
2246b2f1 4166
ab784b73 4167 case L2CAP_SUPER_SREJ:
525cd185 4168 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4169 break;
4170
ab784b73 4171 case L2CAP_SUPER_RNR:
525cd185 4172 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4173 break;
4174 }
4175
faaebd19 4176 kfree_skb(skb);
1c2acffb
GP		 4177 return 0;
4178}
4179
cad8f1d0 4180static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4181{
88843ab0 4182 u32 control;
0b209fae 4183 u16 req_seq;
218bb9df
GP		 4184 int len, next_tx_seq_offset, req_seq_offset;
4185
88843ab0
AE		 4186 control = __get_control(chan, skb->data);
4187 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4188 len = skb->len;
4189
4190 /*
4191 * We can just drop the corrupted I-frame here.
4192 * Receiver will miss it and start proper recovery
4193 * procedures and ask retransmission.
4194 */
47d1ec61 4195 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4196 goto drop;
4197
793c2f1c 4198 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4199 len -= L2CAP_SDULEN_SIZE;
218bb9df 4200
47d1ec61 4201 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4202 len -= L2CAP_FCS_SIZE;
218bb9df 4203
47d1ec61 4204 if (len > chan->mps) {
8c1d787b 4205 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4206 goto drop;
4207 }
4208
0b209fae 4209 req_seq = __get_reqseq(chan, control);
218bb9df 4210
836be934
AE		 4211 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4212
4213 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4214 chan->expected_ack_seq);
218bb9df
GP		 4215
4216 /* check for invalid req-seq */
4217 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4218 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4219 goto drop;
4220 }
4221
793c2f1c 4222 if (!__is_sframe(chan, control)) {
218bb9df 4223 if (len < 0) {
8c1d787b 4224 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4225 goto drop;
4226 }
4227
525cd185 4228 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4229 } else {
4230 if (len != 0) {
4231 BT_ERR("%d", len);
8c1d787b 4232 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4233 goto drop;
4234 }
4235
525cd185 4236 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4237 }
4238
4239 return 0;
4240
4241drop:
4242 kfree_skb(skb);
4243 return 0;
4244}
4245
1da177e4
LT		 4246static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4247{
48454079 4248 struct l2cap_chan *chan;
bf734843 4249 struct sock *sk = NULL;
88843ab0 4250 u32 control;
fb45de7d 4251 u16 tx_seq;
218bb9df 4252 int len;
1da177e4 4253
baa7e1fa 4254 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4255 if (!chan) {
1da177e4
LT		 4256 BT_DBG("unknown cid 0x%4.4x", cid);
4257 goto drop;
4258 }
4259
48454079 4260 sk = chan->sk;
3df91ea2 4261 lock_sock(sk);
6840ed07 4262
49208c9c 4263 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4264
89bc500e 4265 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4266 goto drop;
4267
0c1bc5c6 4268 switch (chan->mode) {
1c2acffb
GP		 4269 case L2CAP_MODE_BASIC:
4270 /* If socket recv buffers overflows we drop data here
4271 * which is *bad* because L2CAP has to be reliable.
4272 * But we don't have any other choice. L2CAP doesn't
4273 * provide flow control mechanism. */
1da177e4 4274
0c1bc5c6 4275 if (chan->imtu < skb->len)
1c2acffb 4276 goto drop;
1da177e4 4277
23070494 4278 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4279 goto done;
4280 break;
4281
4282 case L2CAP_MODE_ERTM:
5ef8cb9e 4283 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4284
fcafde2e 4285 goto done;
1c2acffb 4286
6840ed07 4287 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4288 control = __get_control(chan, skb->data);
4289 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4290 len = skb->len;
4291
47d1ec61 4292 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4293 goto drop;
4294
7e0ef6ee 4295 if (__is_sar_start(chan, control))
03a51213 4296 len -= L2CAP_SDULEN_SIZE;
6840ed07 4297
47d1ec61 4298 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4299 len -= L2CAP_FCS_SIZE;
fcc203c3 4300
793c2f1c 4301 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4302 goto drop;
4303
fb45de7d 4304 tx_seq = __get_txseq(chan, control);
6840ed07 4305
84084a31
MM		 4306 if (chan->expected_tx_seq != tx_seq) {
4307 /* Frame(s) missing - must discard partial SDU */
4308 kfree_skb(chan->sdu);
4309 chan->sdu = NULL;
4310 chan->sdu_last_frag = NULL;
4311 chan->sdu_len = 0;
6840ed07 4312
84084a31
MM		 4313 /* TODO: Notify userland of missing data */
4314 }
4315
836be934 4316 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4317
4318 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4319 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4320
4321 goto done;
4322
1c2acffb 4323 default:
0c1bc5c6 4324 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4325 break;
4326 }
1da177e4
LT		 4327
4328drop:
4329 kfree_skb(skb);
4330
4331done:
0139418c 4332 if (sk)
aa2ac881 4333 release_sock(sk);
0139418c 4334
1da177e4
LT		 4335 return 0;
4336}
4337
8e036fc3 4338static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4339{
6dcae1ea 4340 struct sock *sk = NULL;
23691d75 4341 struct l2cap_chan *chan;
1da177e4 4342
23691d75
GP		 4343 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4344 if (!chan)
1da177e4
LT		 4345 goto drop;
4346
23691d75
GP		 4347 sk = chan->sk;
4348
aa2ac881 4349 lock_sock(sk);
e0f0cb56 4350
1da177e4
LT		 4351 BT_DBG("sk %p, len %d", sk, skb->len);
4352
89bc500e 4353 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4354 goto drop;
4355
e13e21dc 4356 if (chan->imtu < skb->len)
1da177e4
LT		 4357 goto drop;
4358
23070494 4359 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 4360 goto done;
4361
4362drop:
4363 kfree_skb(skb);
4364
4365done:
af05b30b 4366 if (sk)
aa2ac881 4367 release_sock(sk);
1da177e4
LT		 4368 return 0;
4369}
4370
9f69bda6
GP		 4371static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4372{
6dcae1ea 4373 struct sock *sk = NULL;
23691d75 4374 struct l2cap_chan *chan;
9f69bda6 4375
23691d75
GP		 4376 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4377 if (!chan)
9f69bda6
GP		 4378 goto drop;
4379
23691d75
GP		 4380 sk = chan->sk;
4381
aa2ac881 4382 lock_sock(sk);
9f69bda6
GP		 4383
4384 BT_DBG("sk %p, len %d", sk, skb->len);
4385
89bc500e 4386 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4387 goto drop;
4388
e13e21dc 4389 if (chan->imtu < skb->len)
9f69bda6
GP		 4390 goto drop;
4391
23070494 4392 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 4393 goto done;
4394
4395drop:
4396 kfree_skb(skb);
4397
4398done:
4399 if (sk)
aa2ac881 4400 release_sock(sk);
9f69bda6
GP		 4401 return 0;
4402}
4403
1da177e4
LT		 4404static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4405{
4406 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4407 u16 cid, len;
4408 __le16 psm;
1da177e4
LT		 4409
4410 skb_pull(skb, L2CAP_HDR_SIZE);
4411 cid = __le16_to_cpu(lh->cid);
4412 len = __le16_to_cpu(lh->len);
4413
1c2acffb
GP		 4414 if (len != skb->len) {
4415 kfree_skb(skb);
4416 return;
4417 }
4418
1da177e4
LT		 4419 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4420
4421 switch (cid) {
3300d9a9 4422 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4423 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4424 l2cap_sig_channel(conn, skb);
4425 break;
4426
8db4dc46 4427 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4428 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4429 skb_pull(skb, 2);
4430 l2cap_conless_channel(conn, psm, skb);
4431 break;
4432
9f69bda6
GP		 4433 case L2CAP_CID_LE_DATA:
4434 l2cap_att_channel(conn, cid, skb);
4435 break;
4436
b501d6a1
AB		 4437 case L2CAP_CID_SMP:
4438 if (smp_sig_channel(conn, skb))
4439 l2cap_conn_del(conn->hcon, EACCES);
4440 break;
4441
1da177e4
LT		 4442 default:
4443 l2cap_data_channel(conn, cid, skb);
4444 break;
4445 }
4446}
4447
4448/* ---- L2CAP interface with lower layer (HCI) ---- */
4449
686ebf28 4450int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4451{
4452 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4453 struct l2cap_chan *c;
1da177e4 4454
1da177e4
LT		 4455 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4456
4457 /* Find listening sockets and check their link_mode */
23691d75
GP		 4458 read_lock(&chan_list_lock);
4459 list_for_each_entry(c, &chan_list, global_l) {
4460 struct sock *sk = c->sk;
4343478f 4461
89bc500e 4462 if (c->state != BT_LISTEN)
1da177e4
LT		 4463 continue;
4464
4465 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4466 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4467 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4468 lm1 |= HCI_LM_MASTER;
1da177e4 4469 exact++;
2af6b9d5
MH		 4470 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4471 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4472 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4473 lm2 |= HCI_LM_MASTER;
4474 }
1da177e4 4475 }
23691d75 4476 read_unlock(&chan_list_lock);
1da177e4
LT		 4477
4478 return exact ? lm1 : lm2;
4479}
4480
686ebf28 4481int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4482{
0139418c
MH		 4483 struct l2cap_conn *conn;
4484
1da177e4
LT		 4485 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4486
1da177e4 4487 if (!status) {
1da177e4
LT		 4488 conn = l2cap_conn_add(hcon, status);
4489 if (conn)
4490 l2cap_conn_ready(conn);
0139418c 4491 } else
e175072f 4492 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4493
4494 return 0;
4495}
4496
686ebf28 4497int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4498{
4499 struct l2cap_conn *conn = hcon->l2cap_data;
4500
4501 BT_DBG("hcon %p", hcon);
4502
686ebf28 4503 if (!conn)
9f5a0d7b 4504 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4505 return conn->disc_reason;
4506}
4507
686ebf28 4508int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4509{
4510 BT_DBG("hcon %p reason %d", hcon, reason);
4511
e175072f 4512 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4513 return 0;
4514}
4515
4343478f 4516static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4517{
715ec005 4518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4519 return;
4520
f62e4323 4521 if (encrypt == 0x00) {
4343478f 4522 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675 4523 __clear_chan_timer(chan);
b83ddfe2
AK		 4524 __set_chan_timer(chan,
4525 msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
4343478f 4526 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4527 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4528 } else {
4343478f 4529 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4530 __clear_chan_timer(chan);
f62e4323
MH		 4531 }
4532}
4533
686ebf28 4534int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4535{
0139418c 4536 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4537 struct l2cap_chan *chan;
1da177e4 4538
0139418c 4539 if (!conn)
1da177e4 4540 return 0;
0139418c 4541
1da177e4
LT		 4542 BT_DBG("conn %p", conn);
4543
160dc6ac
VCG		 4544 if (hcon->type == LE_LINK) {
4545 smp_distribute_keys(conn, 0);
17cd3f37 4546 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4547 }
4548
3df91ea2 4549 mutex_lock(&conn->chan_lock);
1da177e4 4550
3df91ea2 4551 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4552 struct sock *sk = chan->sk;
baa7e1fa 4553
1da177e4
LT		 4554 bh_lock_sock(sk);
4555
f1cb9af5
VCG		 4556 BT_DBG("chan->scid %d", chan->scid);
4557
4558 if (chan->scid == L2CAP_CID_LE_DATA) {
4559 if (!status && encrypt) {
4560 chan->sec_level = hcon->sec_level;
cf4cd009 4561 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4562 }
4563
4564 bh_unlock_sock(sk);
4565 continue;
4566 }
4567
c1360a1c 4568 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6a8d3010
MH		 4569 bh_unlock_sock(sk);
4570 continue;
4571 }
4572
89bc500e
GP		 4573 if (!status && (chan->state == BT_CONNECTED ||
4574 chan->state == BT_CONFIG)) {
4343478f 4575 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4576 bh_unlock_sock(sk);
4577 continue;
4578 }
4579
89bc500e 4580 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4581 if (!status) {
4582 struct l2cap_conn_req req;
fe4128e0
GP		 4583 req.scid = cpu_to_le16(chan->scid);
4584 req.psm = chan->psm;
1da177e4 4585
fc7f8a7e 4586 chan->ident = l2cap_get_ident(conn);
c1360a1c 4587 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4588
fc7f8a7e 4589 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4590 L2CAP_CONN_REQ, sizeof(req), &req);
4591 } else {
c9b66675 4592 __clear_chan_timer(chan);
b83ddfe2
AK		 4593 __set_chan_timer(chan,
4594 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
b1235d79 4595 }
89bc500e 4596 } else if (chan->state == BT_CONNECT2) {
b1235d79 4597 struct l2cap_conn_rsp rsp;
df3c3931 4598 __u16 res, stat;
1da177e4 4599
b1235d79 4600 if (!status) {
df3c3931
JH		 4601 if (bt_sk(sk)->defer_setup) {
4602 struct sock *parent = bt_sk(sk)->parent;
4603 res = L2CAP_CR_PEND;
4604 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4605 if (parent)
4606 parent->sk_data_ready(parent, 0);
df3c3931 4607 } else {
0e587be7 4608 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4609 res = L2CAP_CR_SUCCESS;
4610 stat = L2CAP_CS_NO_INFO;
4611 }
b1235d79 4612 } else {
0e587be7 4613 __l2cap_state_change(chan, BT_DISCONN);
b83ddfe2
AK		 4614 __set_chan_timer(chan,
4615 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
df3c3931
JH		 4616 res = L2CAP_CR_SEC_BLOCK;
4617 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4618 }
4619
fe4128e0
GP		 4620 rsp.scid = cpu_to_le16(chan->dcid);
4621 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4622 rsp.result = cpu_to_le16(res);
4623 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4624 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4625 sizeof(rsp), &rsp);
b1235d79 4626 }
1da177e4
LT		 4627
4628 bh_unlock_sock(sk);
4629 }
4630
3df91ea2 4631 mutex_unlock(&conn->chan_lock);
b1235d79 4632
1da177e4
LT		 4633 return 0;
4634}
4635
686ebf28 4636int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4637{
4638 struct l2cap_conn *conn = hcon->l2cap_data;
4639
5a08ecce
AE		 4640 if (!conn)
4641 conn = l2cap_conn_add(hcon, 0);
4642
4643 if (!conn)
1da177e4
LT		 4644 goto drop;
4645
4646 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4647
e702112f 4648 if (!(flags & ACL_CONT)) {
1da177e4 4649 struct l2cap_hdr *hdr;
48454079 4650 struct l2cap_chan *chan;
89794813 4651 u16 cid;
1da177e4
LT		 4652 int len;
4653
4654 if (conn->rx_len) {
4655 BT_ERR("Unexpected start frame (len %d)", skb->len);
4656 kfree_skb(conn->rx_skb);
4657 conn->rx_skb = NULL;
4658 conn->rx_len = 0;
4659 l2cap_conn_unreliable(conn, ECOMM);
4660 }
4661
aae7fe22
AE		 4662 /* Start fragment always begin with Basic L2CAP header */
4663 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4664 BT_ERR("Frame is too short (len %d)", skb->len);
4665 l2cap_conn_unreliable(conn, ECOMM);
4666 goto drop;
4667 }
4668
4669 hdr = (struct l2cap_hdr *) skb->data;
4670 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4671 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4672
4673 if (len == skb->len) {
4674 /* Complete frame received */
4675 l2cap_recv_frame(conn, skb);
4676 return 0;
4677 }
4678
4679 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4680
4681 if (skb->len > len) {
4682 BT_ERR("Frame is too long (len %d, expected len %d)",
4683 skb->len, len);
4684 l2cap_conn_unreliable(conn, ECOMM);
4685 goto drop;
4686 }
4687
baa7e1fa 4688 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4689
48454079
GP		 4690 if (chan && chan->sk) {
4691 struct sock *sk = chan->sk;
3df91ea2 4692 lock_sock(sk);
89794813 4693
0c1bc5c6 4694 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4695 BT_ERR("Frame exceeding recv MTU (len %d, "
4696 "MTU %d)", len,
0c1bc5c6 4697 chan->imtu);
aa2ac881 4698 release_sock(sk);
48454079
GP		 4699 l2cap_conn_unreliable(conn, ECOMM);
4700 goto drop;
4701 }
aa2ac881 4702 release_sock(sk);
48454079 4703 }
89794813 4704
1da177e4 4705 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4706 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4707 if (!conn->rx_skb)
1da177e4
LT		 4708 goto drop;
4709
d626f62b 4710 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4711 skb->len);
1da177e4
LT		 4712 conn->rx_len = len - skb->len;
4713 } else {
4714 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4715
4716 if (!conn->rx_len) {
4717 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4718 l2cap_conn_unreliable(conn, ECOMM);
4719 goto drop;
4720 }
4721
4722 if (skb->len > conn->rx_len) {
4723 BT_ERR("Fragment is too long (len %d, expected %d)",
4724 skb->len, conn->rx_len);
4725 kfree_skb(conn->rx_skb);
4726 conn->rx_skb = NULL;
4727 conn->rx_len = 0;
4728 l2cap_conn_unreliable(conn, ECOMM);
4729 goto drop;
4730 }
4731
d626f62b 4732 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4733 skb->len);
1da177e4
LT		 4734 conn->rx_len -= skb->len;
4735
4736 if (!conn->rx_len) {
4737 /* Complete frame received */
4738 l2cap_recv_frame(conn, conn->rx_skb);
4739 conn->rx_skb = NULL;
4740 }
4741 }
4742
4743drop:
4744 kfree_skb(skb);
4745 return 0;
4746}
4747
aef7d97c 4748static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4749{
23691d75 4750 struct l2cap_chan *c;
1da177e4 4751
333055f2 4752 read_lock(&chan_list_lock);
1da177e4 4753
23691d75
GP		 4754 list_for_each_entry(c, &chan_list, global_l) {
4755 struct sock *sk = c->sk;
101545f6 4756
903d343e 4757 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4758 batostr(&bt_sk(sk)->src),
4759 batostr(&bt_sk(sk)->dst),
89bc500e 4760 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4761 c->scid, c->dcid, c->imtu, c->omtu,
4762 c->sec_level, c->mode);
61e1b4b7 4763 }
1da177e4 4764
333055f2 4765 read_unlock(&chan_list_lock);
1da177e4 4766
aef7d97c 4767 return 0;
1da177e4
LT		 4768}
4769
aef7d97c
MH		 4770static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4771{
4772 return single_open(file, l2cap_debugfs_show, inode->i_private);
4773}
4774
4775static const struct file_operations l2cap_debugfs_fops = {
4776 .open = l2cap_debugfs_open,
4777 .read = seq_read,
4778 .llseek = seq_lseek,
4779 .release = single_release,
4780};
4781
4782static struct dentry *l2cap_debugfs;
1da177e4 4783
64274518 4784int __init l2cap_init(void)
1da177e4
LT		 4785{
4786 int err;
be9d1227 4787
bb58f747 4788 err = l2cap_init_sockets();
1da177e4
LT		 4789 if (err < 0)
4790 return err;
4791
aef7d97c
MH		 4792 if (bt_debugfs) {
4793 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4794 bt_debugfs, NULL, &l2cap_debugfs_fops);
4795 if (!l2cap_debugfs)
4796 BT_ERR("Failed to create L2CAP debug file");
4797 }
1da177e4 4798
1da177e4 4799 return 0;
1da177e4
LT		 4800}
4801
64274518 4802void l2cap_exit(void)
1da177e4 4803{
aef7d97c 4804 debugfs_remove(l2cap_debugfs);
bb58f747 4805 l2cap_cleanup_sockets();
1da177e4
LT		 4806}
4807
d1c4a17d
GP		 4808module_param(disable_ertm, bool, 0644);
4809MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
Ubuntu Artful kernel mirror