2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core and sockets. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
58 #define VERSION "2.15"
60 static int disable_ertm = 0;
62 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
63 static u8 l2cap_fixed_chan[8] = { 0x02, };
65 static const struct proto_ops l2cap_sock_ops;
67 static struct workqueue_struct *_busy_wq;
69 static struct bt_sock_list l2cap_sk_list = {
70 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
73 static void l2cap_busy_work(struct work_struct *work);
75 static void __l2cap_sock_close(struct sock *sk, int reason);
76 static void l2cap_sock_close(struct sock *sk);
77 static void l2cap_sock_kill(struct sock *sk);
79 static int l2cap_build_conf_req(struct sock *sk, void *data);
80 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
81 u8 code, u8 ident, u16 dlen, void *data);
83 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
85 /* ---- L2CAP timers ---- */
86 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
88 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
89 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
92 static void l2cap_sock_clear_timer(struct sock *sk)
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 sk_stop_timer(sk, &sk->sk_timer);
98 static void l2cap_sock_timeout(unsigned long arg)
100 struct sock *sk = (struct sock *) arg;
103 BT_DBG("sock %p state %d", sk, sk->sk_state);
107 if (sock_owned_by_user(sk)) {
108 /* sk is owned by user. Try again later */
109 l2cap_sock_set_timer(sk, HZ / 5);
115 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
116 reason = ECONNREFUSED;
117 else if (sk->sk_state == BT_CONNECT &&
118 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
119 reason = ECONNREFUSED;
123 __l2cap_sock_close(sk, reason);
131 /* ---- L2CAP channels ---- */
132 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
135 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
136 if (l2cap_pi(s)->dcid == cid)
142 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->scid == cid)
152 /* Find channel with given SCID.
153 * Returns locked socket */
154 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
158 s = __l2cap_get_chan_by_scid(l, cid);
161 read_unlock(&l->lock);
165 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
168 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
169 if (l2cap_pi(s)->ident == ident)
175 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
179 s = __l2cap_get_chan_by_ident(l, ident);
182 read_unlock(&l->lock);
186 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
188 u16 cid = L2CAP_CID_DYN_START;
190 for (; cid < L2CAP_CID_DYN_END; cid++) {
191 if (!__l2cap_get_chan_by_scid(l, cid))
198 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
203 l2cap_pi(l->head)->prev_c = sk;
205 l2cap_pi(sk)->next_c = l->head;
206 l2cap_pi(sk)->prev_c = NULL;
210 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
212 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
214 write_lock_bh(&l->lock);
219 l2cap_pi(next)->prev_c = prev;
221 l2cap_pi(prev)->next_c = next;
222 write_unlock_bh(&l->lock);
227 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
229 struct l2cap_chan_list *l = &conn->chan_list;
231 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
232 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
234 conn->disc_reason = 0x13;
236 l2cap_pi(sk)->conn = conn;
238 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
239 /* Alloc CID for connection-oriented socket */
240 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
241 } else if (sk->sk_type == SOCK_DGRAM) {
242 /* Connectionless socket */
243 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
244 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
245 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
247 /* Raw socket can send/recv signalling messages only */
248 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
249 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
250 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
253 __l2cap_chan_link(l, sk);
256 bt_accept_enqueue(parent, sk);
260 * Must be called on the locked socket. */
261 static void l2cap_chan_del(struct sock *sk, int err)
263 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
264 struct sock *parent = bt_sk(sk)->parent;
266 l2cap_sock_clear_timer(sk);
268 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
271 /* Unlink from channel list */
272 l2cap_chan_unlink(&conn->chan_list, sk);
273 l2cap_pi(sk)->conn = NULL;
274 hci_conn_put(conn->hcon);
277 sk->sk_state = BT_CLOSED;
278 sock_set_flag(sk, SOCK_ZAPPED);
284 bt_accept_unlink(sk);
285 parent->sk_data_ready(parent, 0);
287 sk->sk_state_change(sk);
289 skb_queue_purge(TX_QUEUE(sk));
291 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
292 struct srej_list *l, *tmp;
294 del_timer(&l2cap_pi(sk)->retrans_timer);
295 del_timer(&l2cap_pi(sk)->monitor_timer);
296 del_timer(&l2cap_pi(sk)->ack_timer);
298 skb_queue_purge(SREJ_QUEUE(sk));
299 skb_queue_purge(BUSY_QUEUE(sk));
301 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
308 /* Service level security */
309 static inline int l2cap_check_security(struct sock *sk)
311 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
314 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
315 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
316 auth_type = HCI_AT_NO_BONDING_MITM;
318 auth_type = HCI_AT_NO_BONDING;
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
323 switch (l2cap_pi(sk)->sec_level) {
324 case BT_SECURITY_HIGH:
325 auth_type = HCI_AT_GENERAL_BONDING_MITM;
327 case BT_SECURITY_MEDIUM:
328 auth_type = HCI_AT_GENERAL_BONDING;
331 auth_type = HCI_AT_NO_BONDING;
336 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
340 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
344 /* Get next available identificator.
345 * 1 - 128 are used by kernel.
346 * 129 - 199 are reserved.
347 * 200 - 254 are used by utilities like l2ping, etc.
350 spin_lock_bh(&conn->lock);
352 if (++conn->tx_ident > 128)
357 spin_unlock_bh(&conn->lock);
362 static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
364 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
366 BT_DBG("code 0x%2.2x", code);
371 hci_send_acl(conn->hcon, skb, 0);
374 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
377 struct l2cap_hdr *lh;
378 struct l2cap_conn *conn = pi->conn;
379 struct sock *sk = (struct sock *)pi;
380 int count, hlen = L2CAP_HDR_SIZE + 2;
382 if (sk->sk_state != BT_CONNECTED)
385 if (pi->fcs == L2CAP_FCS_CRC16)
388 BT_DBG("pi %p, control 0x%2.2x", pi, control);
390 count = min_t(unsigned int, conn->mtu, hlen);
391 control |= L2CAP_CTRL_FRAME_TYPE;
393 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
394 control |= L2CAP_CTRL_FINAL;
395 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
398 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
399 control |= L2CAP_CTRL_POLL;
400 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
403 skb = bt_skb_alloc(count, GFP_ATOMIC);
407 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
408 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
409 lh->cid = cpu_to_le16(pi->dcid);
410 put_unaligned_le16(control, skb_put(skb, 2));
412 if (pi->fcs == L2CAP_FCS_CRC16) {
413 u16 fcs = crc16(0, (u8 *)lh, count - 2);
414 put_unaligned_le16(fcs, skb_put(skb, 2));
417 hci_send_acl(pi->conn->hcon, skb, 0);
420 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
422 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
423 control |= L2CAP_SUPER_RCV_NOT_READY;
424 pi->conn_state |= L2CAP_CONN_RNR_SENT;
426 control |= L2CAP_SUPER_RCV_READY;
428 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
430 l2cap_send_sframe(pi, control);
433 static inline int __l2cap_no_conn_pending(struct sock *sk)
435 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
438 static void l2cap_do_start(struct sock *sk)
440 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
442 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
443 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
446 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
447 struct l2cap_conn_req req;
448 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
449 req.psm = l2cap_pi(sk)->psm;
451 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
452 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
454 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
455 L2CAP_CONN_REQ, sizeof(req), &req);
458 struct l2cap_info_req req;
459 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
461 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
462 conn->info_ident = l2cap_get_ident(conn);
464 mod_timer(&conn->info_timer, jiffies +
465 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
467 l2cap_send_cmd(conn, conn->info_ident,
468 L2CAP_INFO_REQ, sizeof(req), &req);
472 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
474 u32 local_feat_mask = l2cap_feat_mask;
476 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
479 case L2CAP_MODE_ERTM:
480 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
481 case L2CAP_MODE_STREAMING:
482 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
488 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
490 struct l2cap_disconn_req req;
495 skb_queue_purge(TX_QUEUE(sk));
497 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
498 del_timer(&l2cap_pi(sk)->retrans_timer);
499 del_timer(&l2cap_pi(sk)->monitor_timer);
500 del_timer(&l2cap_pi(sk)->ack_timer);
503 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
504 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
505 l2cap_send_cmd(conn, l2cap_get_ident(conn),
506 L2CAP_DISCONN_REQ, sizeof(req), &req);
508 sk->sk_state = BT_DISCONN;
512 /* ---- L2CAP connections ---- */
513 static void l2cap_conn_start(struct l2cap_conn *conn)
515 struct l2cap_chan_list *l = &conn->chan_list;
516 struct sock_del_list del, *tmp1, *tmp2;
519 BT_DBG("conn %p", conn);
521 INIT_LIST_HEAD(&del.list);
525 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
528 if (sk->sk_type != SOCK_SEQPACKET &&
529 sk->sk_type != SOCK_STREAM) {
534 if (sk->sk_state == BT_CONNECT) {
535 struct l2cap_conn_req req;
537 if (!l2cap_check_security(sk) ||
538 !__l2cap_no_conn_pending(sk)) {
543 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
545 && l2cap_pi(sk)->conf_state &
546 L2CAP_CONF_STATE2_DEVICE) {
547 tmp1 = kzalloc(sizeof(struct sock_del_list),
550 list_add_tail(&tmp1->list, &del.list);
555 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
556 req.psm = l2cap_pi(sk)->psm;
558 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
559 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
561 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
562 L2CAP_CONN_REQ, sizeof(req), &req);
564 } else if (sk->sk_state == BT_CONNECT2) {
565 struct l2cap_conn_rsp rsp;
567 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
568 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
570 if (l2cap_check_security(sk)) {
571 if (bt_sk(sk)->defer_setup) {
572 struct sock *parent = bt_sk(sk)->parent;
573 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
574 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
575 parent->sk_data_ready(parent, 0);
578 sk->sk_state = BT_CONFIG;
579 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
580 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
583 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
584 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
587 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
588 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
590 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
591 rsp.result != L2CAP_CR_SUCCESS) {
596 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
597 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
598 l2cap_build_conf_req(sk, buf), buf);
599 l2cap_pi(sk)->num_conf_req++;
605 read_unlock(&l->lock);
607 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
608 bh_lock_sock(tmp1->sk);
609 __l2cap_sock_close(tmp1->sk, ECONNRESET);
610 bh_unlock_sock(tmp1->sk);
611 list_del(&tmp1->list);
616 static void l2cap_conn_ready(struct l2cap_conn *conn)
618 struct l2cap_chan_list *l = &conn->chan_list;
621 BT_DBG("conn %p", conn);
625 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
628 if (sk->sk_type != SOCK_SEQPACKET &&
629 sk->sk_type != SOCK_STREAM) {
630 l2cap_sock_clear_timer(sk);
631 sk->sk_state = BT_CONNECTED;
632 sk->sk_state_change(sk);
633 } else if (sk->sk_state == BT_CONNECT)
639 read_unlock(&l->lock);
642 /* Notify sockets that we cannot guaranty reliability anymore */
643 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
645 struct l2cap_chan_list *l = &conn->chan_list;
648 BT_DBG("conn %p", conn);
652 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
653 if (l2cap_pi(sk)->force_reliable)
657 read_unlock(&l->lock);
660 static void l2cap_info_timeout(unsigned long arg)
662 struct l2cap_conn *conn = (void *) arg;
664 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
665 conn->info_ident = 0;
667 l2cap_conn_start(conn);
670 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
672 struct l2cap_conn *conn = hcon->l2cap_data;
677 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
681 hcon->l2cap_data = conn;
684 BT_DBG("hcon %p conn %p", hcon, conn);
686 conn->mtu = hcon->hdev->acl_mtu;
687 conn->src = &hcon->hdev->bdaddr;
688 conn->dst = &hcon->dst;
692 spin_lock_init(&conn->lock);
693 rwlock_init(&conn->chan_list.lock);
695 setup_timer(&conn->info_timer, l2cap_info_timeout,
696 (unsigned long) conn);
698 conn->disc_reason = 0x13;
703 static void l2cap_conn_del(struct hci_conn *hcon, int err)
705 struct l2cap_conn *conn = hcon->l2cap_data;
711 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
713 kfree_skb(conn->rx_skb);
716 while ((sk = conn->chan_list.head)) {
718 l2cap_chan_del(sk, err);
723 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
724 del_timer_sync(&conn->info_timer);
726 hcon->l2cap_data = NULL;
730 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
732 struct l2cap_chan_list *l = &conn->chan_list;
733 write_lock_bh(&l->lock);
734 __l2cap_chan_add(conn, sk, parent);
735 write_unlock_bh(&l->lock);
738 /* ---- Socket interface ---- */
739 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
742 struct hlist_node *node;
743 sk_for_each(sk, node, &l2cap_sk_list.head)
744 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
751 /* Find socket with psm and source bdaddr.
752 * Returns closest match.
754 static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
756 struct sock *sk = NULL, *sk1 = NULL;
757 struct hlist_node *node;
759 read_lock(&l2cap_sk_list.lock);
761 sk_for_each(sk, node, &l2cap_sk_list.head) {
762 if (state && sk->sk_state != state)
765 if (l2cap_pi(sk)->psm == psm) {
767 if (!bacmp(&bt_sk(sk)->src, src))
771 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
776 read_unlock(&l2cap_sk_list.lock);
778 return node ? sk : sk1;
781 static void l2cap_sock_destruct(struct sock *sk)
785 skb_queue_purge(&sk->sk_receive_queue);
786 skb_queue_purge(&sk->sk_write_queue);
789 static void l2cap_sock_cleanup_listen(struct sock *parent)
793 BT_DBG("parent %p", parent);
795 /* Close not yet accepted channels */
796 while ((sk = bt_accept_dequeue(parent, NULL)))
797 l2cap_sock_close(sk);
799 parent->sk_state = BT_CLOSED;
800 sock_set_flag(parent, SOCK_ZAPPED);
803 /* Kill socket (only if zapped and orphan)
804 * Must be called on unlocked socket.
806 static void l2cap_sock_kill(struct sock *sk)
808 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
811 BT_DBG("sk %p state %d", sk, sk->sk_state);
813 /* Kill poor orphan */
814 bt_sock_unlink(&l2cap_sk_list, sk);
815 sock_set_flag(sk, SOCK_DEAD);
819 static void __l2cap_sock_close(struct sock *sk, int reason)
821 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
823 switch (sk->sk_state) {
825 l2cap_sock_cleanup_listen(sk);
830 if (sk->sk_type == SOCK_SEQPACKET ||
831 sk->sk_type == SOCK_STREAM) {
832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
835 l2cap_send_disconn_req(conn, sk, reason);
837 l2cap_chan_del(sk, reason);
841 if (sk->sk_type == SOCK_SEQPACKET ||
842 sk->sk_type == SOCK_STREAM) {
843 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
844 struct l2cap_conn_rsp rsp;
847 if (bt_sk(sk)->defer_setup)
848 result = L2CAP_CR_SEC_BLOCK;
850 result = L2CAP_CR_BAD_PSM;
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
854 rsp.result = cpu_to_le16(result);
855 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
856 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
857 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
859 l2cap_chan_del(sk, reason);
864 l2cap_chan_del(sk, reason);
868 sock_set_flag(sk, SOCK_ZAPPED);
873 /* Must be called on unlocked socket. */
874 static void l2cap_sock_close(struct sock *sk)
876 l2cap_sock_clear_timer(sk);
878 __l2cap_sock_close(sk, ECONNRESET);
883 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
885 struct l2cap_pinfo *pi = l2cap_pi(sk);
890 sk->sk_type = parent->sk_type;
891 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
893 pi->imtu = l2cap_pi(parent)->imtu;
894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
896 pi->mode = l2cap_pi(parent)->mode;
897 pi->fcs = l2cap_pi(parent)->fcs;
898 pi->max_tx = l2cap_pi(parent)->max_tx;
899 pi->tx_win = l2cap_pi(parent)->tx_win;
900 pi->sec_level = l2cap_pi(parent)->sec_level;
901 pi->role_switch = l2cap_pi(parent)->role_switch;
902 pi->force_reliable = l2cap_pi(parent)->force_reliable;
904 pi->imtu = L2CAP_DEFAULT_MTU;
906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
907 pi->mode = L2CAP_MODE_ERTM;
908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
910 pi->mode = L2CAP_MODE_BASIC;
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
913 pi->fcs = L2CAP_FCS_CRC16;
914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
915 pi->sec_level = BT_SECURITY_LOW;
917 pi->force_reliable = 0;
920 /* Default config options */
922 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
923 skb_queue_head_init(TX_QUEUE(sk));
924 skb_queue_head_init(SREJ_QUEUE(sk));
925 skb_queue_head_init(BUSY_QUEUE(sk));
926 INIT_LIST_HEAD(SREJ_LIST(sk));
929 static struct proto l2cap_proto = {
931 .owner = THIS_MODULE,
932 .obj_size = sizeof(struct l2cap_pinfo)
935 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
939 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
943 sock_init_data(sock, sk);
944 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
946 sk->sk_destruct = l2cap_sock_destruct;
947 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
949 sock_reset_flag(sk, SOCK_ZAPPED);
951 sk->sk_protocol = proto;
952 sk->sk_state = BT_OPEN;
954 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
956 bt_sock_link(&l2cap_sk_list, sk);
960 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
965 BT_DBG("sock %p", sock);
967 sock->state = SS_UNCONNECTED;
969 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
970 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
971 return -ESOCKTNOSUPPORT;
973 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
976 sock->ops = &l2cap_sock_ops;
978 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
982 l2cap_sock_init(sk, NULL);
986 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
988 struct sock *sk = sock->sk;
989 struct sockaddr_l2 la;
994 if (!addr || addr->sa_family != AF_BLUETOOTH)
997 memset(&la, 0, sizeof(la));
998 len = min_t(unsigned int, sizeof(la), alen);
999 memcpy(&la, addr, len);
1006 if (sk->sk_state != BT_OPEN) {
1012 __u16 psm = __le16_to_cpu(la.l2_psm);
1014 /* PSM must be odd and lsb of upper byte must be 0 */
1015 if ((psm & 0x0101) != 0x0001) {
1020 /* Restrict usage of well-known PSMs */
1021 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
1027 write_lock_bh(&l2cap_sk_list.lock);
1029 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1032 /* Save source address */
1033 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
1034 l2cap_pi(sk)->psm = la.l2_psm;
1035 l2cap_pi(sk)->sport = la.l2_psm;
1036 sk->sk_state = BT_BOUND;
1038 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
1039 __le16_to_cpu(la.l2_psm) == 0x0003)
1040 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1043 write_unlock_bh(&l2cap_sk_list.lock);
1050 static int l2cap_do_connect(struct sock *sk)
1052 bdaddr_t *src = &bt_sk(sk)->src;
1053 bdaddr_t *dst = &bt_sk(sk)->dst;
1054 struct l2cap_conn *conn;
1055 struct hci_conn *hcon;
1056 struct hci_dev *hdev;
1060 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
1063 hdev = hci_get_route(dst, src);
1065 return -EHOSTUNREACH;
1067 hci_dev_lock_bh(hdev);
1071 if (sk->sk_type == SOCK_RAW) {
1072 switch (l2cap_pi(sk)->sec_level) {
1073 case BT_SECURITY_HIGH:
1074 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1076 case BT_SECURITY_MEDIUM:
1077 auth_type = HCI_AT_DEDICATED_BONDING;
1080 auth_type = HCI_AT_NO_BONDING;
1083 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1084 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1085 auth_type = HCI_AT_NO_BONDING_MITM;
1087 auth_type = HCI_AT_NO_BONDING;
1089 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1090 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1092 switch (l2cap_pi(sk)->sec_level) {
1093 case BT_SECURITY_HIGH:
1094 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1096 case BT_SECURITY_MEDIUM:
1097 auth_type = HCI_AT_GENERAL_BONDING;
1100 auth_type = HCI_AT_NO_BONDING;
1105 hcon = hci_connect(hdev, ACL_LINK, dst,
1106 l2cap_pi(sk)->sec_level, auth_type);
1110 conn = l2cap_conn_add(hcon, 0);
1118 /* Update source addr of the socket */
1119 bacpy(src, conn->src);
1121 l2cap_chan_add(conn, sk, NULL);
1123 sk->sk_state = BT_CONNECT;
1124 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1126 if (hcon->state == BT_CONNECTED) {
1127 if (sk->sk_type != SOCK_SEQPACKET &&
1128 sk->sk_type != SOCK_STREAM) {
1129 l2cap_sock_clear_timer(sk);
1130 sk->sk_state = BT_CONNECTED;
1136 hci_dev_unlock_bh(hdev);
1141 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1143 struct sock *sk = sock->sk;
1144 struct sockaddr_l2 la;
1147 BT_DBG("sk %p", sk);
1149 if (!addr || alen < sizeof(addr->sa_family) ||
1150 addr->sa_family != AF_BLUETOOTH)
1153 memset(&la, 0, sizeof(la));
1154 len = min_t(unsigned int, sizeof(la), alen);
1155 memcpy(&la, addr, len);
1162 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1168 switch (l2cap_pi(sk)->mode) {
1169 case L2CAP_MODE_BASIC:
1171 case L2CAP_MODE_ERTM:
1172 case L2CAP_MODE_STREAMING:
1181 switch (sk->sk_state) {
1185 /* Already connecting */
1189 /* Already connected */
1203 /* PSM must be odd and lsb of upper byte must be 0 */
1204 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
1205 sk->sk_type != SOCK_RAW) {
1210 /* Set destination address and psm */
1211 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1212 l2cap_pi(sk)->psm = la.l2_psm;
1214 err = l2cap_do_connect(sk);
1219 err = bt_sock_wait_state(sk, BT_CONNECTED,
1220 sock_sndtimeo(sk, flags & O_NONBLOCK));
1226 static int l2cap_sock_listen(struct socket *sock, int backlog)
1228 struct sock *sk = sock->sk;
1231 BT_DBG("sk %p backlog %d", sk, backlog);
1235 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1236 || sk->sk_state != BT_BOUND) {
1241 switch (l2cap_pi(sk)->mode) {
1242 case L2CAP_MODE_BASIC:
1244 case L2CAP_MODE_ERTM:
1245 case L2CAP_MODE_STREAMING:
1254 if (!l2cap_pi(sk)->psm) {
1255 bdaddr_t *src = &bt_sk(sk)->src;
1260 write_lock_bh(&l2cap_sk_list.lock);
1262 for (psm = 0x1001; psm < 0x1100; psm += 2)
1263 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1264 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1265 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1270 write_unlock_bh(&l2cap_sk_list.lock);
1276 sk->sk_max_ack_backlog = backlog;
1277 sk->sk_ack_backlog = 0;
1278 sk->sk_state = BT_LISTEN;
1285 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1287 DECLARE_WAITQUEUE(wait, current);
1288 struct sock *sk = sock->sk, *nsk;
1292 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1294 if (sk->sk_state != BT_LISTEN) {
1299 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1301 BT_DBG("sk %p timeo %ld", sk, timeo);
1303 /* Wait for an incoming connection. (wake-one). */
1304 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1305 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1306 set_current_state(TASK_INTERRUPTIBLE);
1313 timeo = schedule_timeout(timeo);
1314 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1316 if (sk->sk_state != BT_LISTEN) {
1321 if (signal_pending(current)) {
1322 err = sock_intr_errno(timeo);
1326 set_current_state(TASK_RUNNING);
1327 remove_wait_queue(sk_sleep(sk), &wait);
1332 newsock->state = SS_CONNECTED;
1334 BT_DBG("new socket %p", nsk);
1341 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1343 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1344 struct sock *sk = sock->sk;
1346 BT_DBG("sock %p, sk %p", sock, sk);
1348 addr->sa_family = AF_BLUETOOTH;
1349 *len = sizeof(struct sockaddr_l2);
1352 la->l2_psm = l2cap_pi(sk)->psm;
1353 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1354 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1356 la->l2_psm = l2cap_pi(sk)->sport;
1357 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1358 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1364 static int __l2cap_wait_ack(struct sock *sk)
1366 DECLARE_WAITQUEUE(wait, current);
1370 add_wait_queue(sk_sleep(sk), &wait);
1371 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1372 set_current_state(TASK_INTERRUPTIBLE);
1377 if (signal_pending(current)) {
1378 err = sock_intr_errno(timeo);
1383 timeo = schedule_timeout(timeo);
1386 err = sock_error(sk);
1390 set_current_state(TASK_RUNNING);
1391 remove_wait_queue(sk_sleep(sk), &wait);
1395 static void l2cap_monitor_timeout(unsigned long arg)
1397 struct sock *sk = (void *) arg;
1399 BT_DBG("sk %p", sk);
1402 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1403 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1408 l2cap_pi(sk)->retry_count++;
1409 __mod_monitor_timer();
1411 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1415 static void l2cap_retrans_timeout(unsigned long arg)
1417 struct sock *sk = (void *) arg;
1419 BT_DBG("sk %p", sk);
1422 l2cap_pi(sk)->retry_count = 1;
1423 __mod_monitor_timer();
1425 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1427 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1431 static void l2cap_drop_acked_frames(struct sock *sk)
1433 struct sk_buff *skb;
1435 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1436 l2cap_pi(sk)->unacked_frames) {
1437 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1440 skb = skb_dequeue(TX_QUEUE(sk));
1443 l2cap_pi(sk)->unacked_frames--;
1446 if (!l2cap_pi(sk)->unacked_frames)
1447 del_timer(&l2cap_pi(sk)->retrans_timer);
1450 static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1452 struct l2cap_pinfo *pi = l2cap_pi(sk);
1454 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1456 hci_send_acl(pi->conn->hcon, skb, 0);
1459 static void l2cap_streaming_send(struct sock *sk)
1461 struct sk_buff *skb;
1462 struct l2cap_pinfo *pi = l2cap_pi(sk);
1465 while ((skb = skb_dequeue(TX_QUEUE(sk)))) {
1466 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1467 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1468 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1470 if (pi->fcs == L2CAP_FCS_CRC16) {
1471 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1472 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1475 l2cap_do_send(sk, skb);
1477 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1481 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1483 struct l2cap_pinfo *pi = l2cap_pi(sk);
1484 struct sk_buff *skb, *tx_skb;
1487 skb = skb_peek(TX_QUEUE(sk));
1492 if (bt_cb(skb)->tx_seq == tx_seq)
1495 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1498 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1500 if (pi->remote_max_tx &&
1501 bt_cb(skb)->retries == pi->remote_max_tx) {
1502 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1506 tx_skb = skb_clone(skb, GFP_ATOMIC);
1507 bt_cb(skb)->retries++;
1508 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1510 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1511 control |= L2CAP_CTRL_FINAL;
1512 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1515 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1516 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1518 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1520 if (pi->fcs == L2CAP_FCS_CRC16) {
1521 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1522 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1525 l2cap_do_send(sk, tx_skb);
1528 static int l2cap_ertm_send(struct sock *sk)
1530 struct sk_buff *skb, *tx_skb;
1531 struct l2cap_pinfo *pi = l2cap_pi(sk);
1535 if (sk->sk_state != BT_CONNECTED)
1538 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1540 if (pi->remote_max_tx &&
1541 bt_cb(skb)->retries == pi->remote_max_tx) {
1542 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1546 tx_skb = skb_clone(skb, GFP_ATOMIC);
1548 bt_cb(skb)->retries++;
1550 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1551 control &= L2CAP_CTRL_SAR;
1553 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1554 control |= L2CAP_CTRL_FINAL;
1555 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1557 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1558 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1559 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1562 if (pi->fcs == L2CAP_FCS_CRC16) {
1563 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1564 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1567 l2cap_do_send(sk, tx_skb);
1569 __mod_retrans_timer();
1571 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1572 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1574 pi->unacked_frames++;
1577 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1578 sk->sk_send_head = NULL;
1580 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1588 static int l2cap_retransmit_frames(struct sock *sk)
1590 struct l2cap_pinfo *pi = l2cap_pi(sk);
1593 if (!skb_queue_empty(TX_QUEUE(sk)))
1594 sk->sk_send_head = TX_QUEUE(sk)->next;
1596 pi->next_tx_seq = pi->expected_ack_seq;
1597 ret = l2cap_ertm_send(sk);
1601 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1603 struct sock *sk = (struct sock *)pi;
1606 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1608 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1609 control |= L2CAP_SUPER_RCV_NOT_READY;
1610 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1611 l2cap_send_sframe(pi, control);
1615 if (l2cap_ertm_send(sk) > 0)
1618 control |= L2CAP_SUPER_RCV_READY;
1619 l2cap_send_sframe(pi, control);
1622 static void l2cap_send_srejtail(struct sock *sk)
1624 struct srej_list *tail;
1627 control = L2CAP_SUPER_SELECT_REJECT;
1628 control |= L2CAP_CTRL_FINAL;
1630 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1631 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1633 l2cap_send_sframe(l2cap_pi(sk), control);
1636 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1638 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1639 struct sk_buff **frag;
1642 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1648 /* Continuation fragments (no L2CAP header) */
1649 frag = &skb_shinfo(skb)->frag_list;
1651 count = min_t(unsigned int, conn->mtu, len);
1653 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1656 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1662 frag = &(*frag)->next;
1668 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1670 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1671 struct sk_buff *skb;
1672 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1673 struct l2cap_hdr *lh;
1675 BT_DBG("sk %p len %d", sk, (int)len);
1677 count = min_t(unsigned int, (conn->mtu - hlen), len);
1678 skb = bt_skb_send_alloc(sk, count + hlen,
1679 msg->msg_flags & MSG_DONTWAIT, &err);
1681 return ERR_PTR(err);
1683 /* Create L2CAP header */
1684 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1685 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1686 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1687 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1689 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1690 if (unlikely(err < 0)) {
1692 return ERR_PTR(err);
1697 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1699 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1700 struct sk_buff *skb;
1701 int err, count, hlen = L2CAP_HDR_SIZE;
1702 struct l2cap_hdr *lh;
1704 BT_DBG("sk %p len %d", sk, (int)len);
1706 count = min_t(unsigned int, (conn->mtu - hlen), len);
1707 skb = bt_skb_send_alloc(sk, count + hlen,
1708 msg->msg_flags & MSG_DONTWAIT, &err);
1710 return ERR_PTR(err);
1712 /* Create L2CAP header */
1713 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1714 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1715 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1717 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1718 if (unlikely(err < 0)) {
1720 return ERR_PTR(err);
1725 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1727 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1728 struct sk_buff *skb;
1729 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1730 struct l2cap_hdr *lh;
1732 BT_DBG("sk %p len %d", sk, (int)len);
1735 return ERR_PTR(-ENOTCONN);
1740 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1743 count = min_t(unsigned int, (conn->mtu - hlen), len);
1744 skb = bt_skb_send_alloc(sk, count + hlen,
1745 msg->msg_flags & MSG_DONTWAIT, &err);
1747 return ERR_PTR(err);
1749 /* Create L2CAP header */
1750 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1751 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1752 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1753 put_unaligned_le16(control, skb_put(skb, 2));
1755 put_unaligned_le16(sdulen, skb_put(skb, 2));
1757 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1758 if (unlikely(err < 0)) {
1760 return ERR_PTR(err);
1763 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1764 put_unaligned_le16(0, skb_put(skb, 2));
1766 bt_cb(skb)->retries = 0;
1770 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1772 struct l2cap_pinfo *pi = l2cap_pi(sk);
1773 struct sk_buff *skb;
1774 struct sk_buff_head sar_queue;
1778 skb_queue_head_init(&sar_queue);
1779 control = L2CAP_SDU_START;
1780 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1782 return PTR_ERR(skb);
1784 __skb_queue_tail(&sar_queue, skb);
1785 len -= pi->remote_mps;
1786 size += pi->remote_mps;
1791 if (len > pi->remote_mps) {
1792 control = L2CAP_SDU_CONTINUE;
1793 buflen = pi->remote_mps;
1795 control = L2CAP_SDU_END;
1799 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1801 skb_queue_purge(&sar_queue);
1802 return PTR_ERR(skb);
1805 __skb_queue_tail(&sar_queue, skb);
1809 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1810 if (sk->sk_send_head == NULL)
1811 sk->sk_send_head = sar_queue.next;
1816 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1818 struct sock *sk = sock->sk;
1819 struct l2cap_pinfo *pi = l2cap_pi(sk);
1820 struct sk_buff *skb;
1824 BT_DBG("sock %p, sk %p", sock, sk);
1826 err = sock_error(sk);
1830 if (msg->msg_flags & MSG_OOB)
1835 if (sk->sk_state != BT_CONNECTED) {
1840 /* Connectionless channel */
1841 if (sk->sk_type == SOCK_DGRAM) {
1842 skb = l2cap_create_connless_pdu(sk, msg, len);
1846 l2cap_do_send(sk, skb);
1853 case L2CAP_MODE_BASIC:
1854 /* Check outgoing MTU */
1855 if (len > pi->omtu) {
1860 /* Create a basic PDU */
1861 skb = l2cap_create_basic_pdu(sk, msg, len);
1867 l2cap_do_send(sk, skb);
1871 case L2CAP_MODE_ERTM:
1872 case L2CAP_MODE_STREAMING:
1873 /* Entire SDU fits into one PDU */
1874 if (len <= pi->remote_mps) {
1875 control = L2CAP_SDU_UNSEGMENTED;
1876 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1881 __skb_queue_tail(TX_QUEUE(sk), skb);
1883 if (sk->sk_send_head == NULL)
1884 sk->sk_send_head = skb;
1887 /* Segment SDU into multiples PDUs */
1888 err = l2cap_sar_segment_sdu(sk, msg, len);
1893 if (pi->mode == L2CAP_MODE_STREAMING) {
1894 l2cap_streaming_send(sk);
1896 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1897 pi->conn_state && L2CAP_CONN_WAIT_F) {
1901 err = l2cap_ertm_send(sk);
1909 BT_DBG("bad state %1.1x", pi->mode);
1918 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1920 struct sock *sk = sock->sk;
1924 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1925 struct l2cap_conn_rsp rsp;
1926 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1929 sk->sk_state = BT_CONFIG;
1931 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1932 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1933 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1934 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1935 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1936 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1938 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1943 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1944 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1945 l2cap_build_conf_req(sk, buf), buf);
1946 l2cap_pi(sk)->num_conf_req++;
1954 if (sock->type == SOCK_STREAM)
1955 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1957 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1960 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1962 struct sock *sk = sock->sk;
1963 struct l2cap_options opts;
1967 BT_DBG("sk %p", sk);
1973 if (sk->sk_state == BT_CONNECTED) {
1978 opts.imtu = l2cap_pi(sk)->imtu;
1979 opts.omtu = l2cap_pi(sk)->omtu;
1980 opts.flush_to = l2cap_pi(sk)->flush_to;
1981 opts.mode = l2cap_pi(sk)->mode;
1982 opts.fcs = l2cap_pi(sk)->fcs;
1983 opts.max_tx = l2cap_pi(sk)->max_tx;
1984 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1986 len = min_t(unsigned int, sizeof(opts), optlen);
1987 if (copy_from_user((char *) &opts, optval, len)) {
1992 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1997 l2cap_pi(sk)->mode = opts.mode;
1998 switch (l2cap_pi(sk)->mode) {
1999 case L2CAP_MODE_BASIC:
2000 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
2002 case L2CAP_MODE_ERTM:
2003 case L2CAP_MODE_STREAMING:
2012 l2cap_pi(sk)->imtu = opts.imtu;
2013 l2cap_pi(sk)->omtu = opts.omtu;
2014 l2cap_pi(sk)->fcs = opts.fcs;
2015 l2cap_pi(sk)->max_tx = opts.max_tx;
2016 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
2020 if (get_user(opt, (u32 __user *) optval)) {
2025 if (opt & L2CAP_LM_AUTH)
2026 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
2027 if (opt & L2CAP_LM_ENCRYPT)
2028 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
2029 if (opt & L2CAP_LM_SECURE)
2030 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
2032 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
2033 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
2045 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
2047 struct sock *sk = sock->sk;
2048 struct bt_security sec;
2052 BT_DBG("sk %p", sk);
2054 if (level == SOL_L2CAP)
2055 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
2057 if (level != SOL_BLUETOOTH)
2058 return -ENOPROTOOPT;
2064 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2065 && sk->sk_type != SOCK_RAW) {
2070 sec.level = BT_SECURITY_LOW;
2072 len = min_t(unsigned int, sizeof(sec), optlen);
2073 if (copy_from_user((char *) &sec, optval, len)) {
2078 if (sec.level < BT_SECURITY_LOW ||
2079 sec.level > BT_SECURITY_HIGH) {
2084 l2cap_pi(sk)->sec_level = sec.level;
2087 case BT_DEFER_SETUP:
2088 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2093 if (get_user(opt, (u32 __user *) optval)) {
2098 bt_sk(sk)->defer_setup = opt;
2110 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
2112 struct sock *sk = sock->sk;
2113 struct l2cap_options opts;
2114 struct l2cap_conninfo cinfo;
2118 BT_DBG("sk %p", sk);
2120 if (get_user(len, optlen))
2127 opts.imtu = l2cap_pi(sk)->imtu;
2128 opts.omtu = l2cap_pi(sk)->omtu;
2129 opts.flush_to = l2cap_pi(sk)->flush_to;
2130 opts.mode = l2cap_pi(sk)->mode;
2131 opts.fcs = l2cap_pi(sk)->fcs;
2132 opts.max_tx = l2cap_pi(sk)->max_tx;
2133 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
2135 len = min_t(unsigned int, len, sizeof(opts));
2136 if (copy_to_user(optval, (char *) &opts, len))
2142 switch (l2cap_pi(sk)->sec_level) {
2143 case BT_SECURITY_LOW:
2144 opt = L2CAP_LM_AUTH;
2146 case BT_SECURITY_MEDIUM:
2147 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
2149 case BT_SECURITY_HIGH:
2150 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2158 if (l2cap_pi(sk)->role_switch)
2159 opt |= L2CAP_LM_MASTER;
2161 if (l2cap_pi(sk)->force_reliable)
2162 opt |= L2CAP_LM_RELIABLE;
2164 if (put_user(opt, (u32 __user *) optval))
2168 case L2CAP_CONNINFO:
2169 if (sk->sk_state != BT_CONNECTED &&
2170 !(sk->sk_state == BT_CONNECT2 &&
2171 bt_sk(sk)->defer_setup)) {
2176 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
2177 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
2179 len = min_t(unsigned int, len, sizeof(cinfo));
2180 if (copy_to_user(optval, (char *) &cinfo, len))
2194 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
2196 struct sock *sk = sock->sk;
2197 struct bt_security sec;
2200 BT_DBG("sk %p", sk);
2202 if (level == SOL_L2CAP)
2203 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
2205 if (level != SOL_BLUETOOTH)
2206 return -ENOPROTOOPT;
2208 if (get_user(len, optlen))
2215 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2216 && sk->sk_type != SOCK_RAW) {
2221 sec.level = l2cap_pi(sk)->sec_level;
2223 len = min_t(unsigned int, len, sizeof(sec));
2224 if (copy_to_user(optval, (char *) &sec, len))
2229 case BT_DEFER_SETUP:
2230 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2235 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2249 static int l2cap_sock_shutdown(struct socket *sock, int how)
2251 struct sock *sk = sock->sk;
2254 BT_DBG("sock %p, sk %p", sock, sk);
2260 if (!sk->sk_shutdown) {
2261 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2262 err = __l2cap_wait_ack(sk);
2264 sk->sk_shutdown = SHUTDOWN_MASK;
2265 l2cap_sock_clear_timer(sk);
2266 __l2cap_sock_close(sk, 0);
2268 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2269 err = bt_sock_wait_state(sk, BT_CLOSED,
2273 if (!err && sk->sk_err)
2280 static int l2cap_sock_release(struct socket *sock)
2282 struct sock *sk = sock->sk;
2285 BT_DBG("sock %p, sk %p", sock, sk);
2290 err = l2cap_sock_shutdown(sock, 2);
2293 l2cap_sock_kill(sk);
2297 static void l2cap_chan_ready(struct sock *sk)
2299 struct sock *parent = bt_sk(sk)->parent;
2301 BT_DBG("sk %p, parent %p", sk, parent);
2303 l2cap_pi(sk)->conf_state = 0;
2304 l2cap_sock_clear_timer(sk);
2307 /* Outgoing channel.
2308 * Wake up socket sleeping on connect.
2310 sk->sk_state = BT_CONNECTED;
2311 sk->sk_state_change(sk);
2313 /* Incoming channel.
2314 * Wake up socket sleeping on accept.
2316 parent->sk_data_ready(parent, 0);
2320 /* Copy frame to all raw sockets on that connection */
2321 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2323 struct l2cap_chan_list *l = &conn->chan_list;
2324 struct sk_buff *nskb;
2327 BT_DBG("conn %p", conn);
2329 read_lock(&l->lock);
2330 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2331 if (sk->sk_type != SOCK_RAW)
2334 /* Don't send frame to the socket it came from */
2337 nskb = skb_clone(skb, GFP_ATOMIC);
2341 if (sock_queue_rcv_skb(sk, nskb))
2344 read_unlock(&l->lock);
2347 /* ---- L2CAP signalling commands ---- */
2348 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2349 u8 code, u8 ident, u16 dlen, void *data)
2351 struct sk_buff *skb, **frag;
2352 struct l2cap_cmd_hdr *cmd;
2353 struct l2cap_hdr *lh;
2356 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2357 conn, code, ident, dlen);
2359 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2360 count = min_t(unsigned int, conn->mtu, len);
2362 skb = bt_skb_alloc(count, GFP_ATOMIC);
2366 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2367 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2368 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2370 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2373 cmd->len = cpu_to_le16(dlen);
2376 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2377 memcpy(skb_put(skb, count), data, count);
2383 /* Continuation fragments (no L2CAP header) */
2384 frag = &skb_shinfo(skb)->frag_list;
2386 count = min_t(unsigned int, conn->mtu, len);
2388 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2392 memcpy(skb_put(*frag, count), data, count);
2397 frag = &(*frag)->next;
2407 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2409 struct l2cap_conf_opt *opt = *ptr;
2412 len = L2CAP_CONF_OPT_SIZE + opt->len;
2420 *val = *((u8 *) opt->val);
2424 *val = get_unaligned_le16(opt->val);
2428 *val = get_unaligned_le32(opt->val);
2432 *val = (unsigned long) opt->val;
2436 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2440 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2442 struct l2cap_conf_opt *opt = *ptr;
2444 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2451 *((u8 *) opt->val) = val;
2455 put_unaligned_le16(val, opt->val);
2459 put_unaligned_le32(val, opt->val);
2463 memcpy(opt->val, (void *) val, len);
2467 *ptr += L2CAP_CONF_OPT_SIZE + len;
2470 static void l2cap_ack_timeout(unsigned long arg)
2472 struct sock *sk = (void *) arg;
2475 l2cap_send_ack(l2cap_pi(sk));
2479 static inline void l2cap_ertm_init(struct sock *sk)
2481 l2cap_pi(sk)->expected_ack_seq = 0;
2482 l2cap_pi(sk)->unacked_frames = 0;
2483 l2cap_pi(sk)->buffer_seq = 0;
2484 l2cap_pi(sk)->num_acked = 0;
2485 l2cap_pi(sk)->frames_sent = 0;
2487 setup_timer(&l2cap_pi(sk)->retrans_timer,
2488 l2cap_retrans_timeout, (unsigned long) sk);
2489 setup_timer(&l2cap_pi(sk)->monitor_timer,
2490 l2cap_monitor_timeout, (unsigned long) sk);
2491 setup_timer(&l2cap_pi(sk)->ack_timer,
2492 l2cap_ack_timeout, (unsigned long) sk);
2494 __skb_queue_head_init(SREJ_QUEUE(sk));
2495 __skb_queue_head_init(BUSY_QUEUE(sk));
2497 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2499 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2502 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2505 case L2CAP_MODE_STREAMING:
2506 case L2CAP_MODE_ERTM:
2507 if (l2cap_mode_supported(mode, remote_feat_mask))
2511 return L2CAP_MODE_BASIC;
2515 static int l2cap_build_conf_req(struct sock *sk, void *data)
2517 struct l2cap_pinfo *pi = l2cap_pi(sk);
2518 struct l2cap_conf_req *req = data;
2519 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2520 void *ptr = req->data;
2522 BT_DBG("sk %p", sk);
2524 if (pi->num_conf_req || pi->num_conf_rsp)
2528 case L2CAP_MODE_STREAMING:
2529 case L2CAP_MODE_ERTM:
2530 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2535 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2541 case L2CAP_MODE_BASIC:
2542 if (pi->imtu != L2CAP_DEFAULT_MTU)
2543 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2545 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2546 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
2549 rfc.mode = L2CAP_MODE_BASIC;
2551 rfc.max_transmit = 0;
2552 rfc.retrans_timeout = 0;
2553 rfc.monitor_timeout = 0;
2554 rfc.max_pdu_size = 0;
2556 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2557 (unsigned long) &rfc);
2560 case L2CAP_MODE_ERTM:
2561 rfc.mode = L2CAP_MODE_ERTM;
2562 rfc.txwin_size = pi->tx_win;
2563 rfc.max_transmit = pi->max_tx;
2564 rfc.retrans_timeout = 0;
2565 rfc.monitor_timeout = 0;
2566 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2567 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2568 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2570 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2571 (unsigned long) &rfc);
2573 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2576 if (pi->fcs == L2CAP_FCS_NONE ||
2577 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2578 pi->fcs = L2CAP_FCS_NONE;
2579 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2583 case L2CAP_MODE_STREAMING:
2584 rfc.mode = L2CAP_MODE_STREAMING;
2586 rfc.max_transmit = 0;
2587 rfc.retrans_timeout = 0;
2588 rfc.monitor_timeout = 0;
2589 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2590 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2591 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2593 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2594 (unsigned long) &rfc);
2596 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2599 if (pi->fcs == L2CAP_FCS_NONE ||
2600 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2601 pi->fcs = L2CAP_FCS_NONE;
2602 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2607 /* FIXME: Need actual value of the flush timeout */
2608 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2609 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2611 req->dcid = cpu_to_le16(pi->dcid);
2612 req->flags = cpu_to_le16(0);
2617 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2619 struct l2cap_pinfo *pi = l2cap_pi(sk);
2620 struct l2cap_conf_rsp *rsp = data;
2621 void *ptr = rsp->data;
2622 void *req = pi->conf_req;
2623 int len = pi->conf_len;
2624 int type, hint, olen;
2626 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2627 u16 mtu = L2CAP_DEFAULT_MTU;
2628 u16 result = L2CAP_CONF_SUCCESS;
2630 BT_DBG("sk %p", sk);
2632 while (len >= L2CAP_CONF_OPT_SIZE) {
2633 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2635 hint = type & L2CAP_CONF_HINT;
2636 type &= L2CAP_CONF_MASK;
2639 case L2CAP_CONF_MTU:
2643 case L2CAP_CONF_FLUSH_TO:
2647 case L2CAP_CONF_QOS:
2650 case L2CAP_CONF_RFC:
2651 if (olen == sizeof(rfc))
2652 memcpy(&rfc, (void *) val, olen);
2655 case L2CAP_CONF_FCS:
2656 if (val == L2CAP_FCS_NONE)
2657 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2665 result = L2CAP_CONF_UNKNOWN;
2666 *((u8 *) ptr++) = type;
2671 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2675 case L2CAP_MODE_STREAMING:
2676 case L2CAP_MODE_ERTM:
2677 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2678 pi->mode = l2cap_select_mode(rfc.mode,
2679 pi->conn->feat_mask);
2683 if (pi->mode != rfc.mode)
2684 return -ECONNREFUSED;
2690 if (pi->mode != rfc.mode) {
2691 result = L2CAP_CONF_UNACCEPT;
2692 rfc.mode = pi->mode;
2694 if (pi->num_conf_rsp == 1)
2695 return -ECONNREFUSED;
2697 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2698 sizeof(rfc), (unsigned long) &rfc);
2702 if (result == L2CAP_CONF_SUCCESS) {
2703 /* Configure output options and let the other side know
2704 * which ones we don't like. */
2706 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2707 result = L2CAP_CONF_UNACCEPT;
2710 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2712 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2715 case L2CAP_MODE_BASIC:
2716 pi->fcs = L2CAP_FCS_NONE;
2717 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2720 case L2CAP_MODE_ERTM:
2721 pi->remote_tx_win = rfc.txwin_size;
2722 pi->remote_max_tx = rfc.max_transmit;
2724 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2725 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2727 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2729 rfc.retrans_timeout =
2730 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2731 rfc.monitor_timeout =
2732 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2734 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2736 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2737 sizeof(rfc), (unsigned long) &rfc);
2741 case L2CAP_MODE_STREAMING:
2742 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2743 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2745 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2747 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2749 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2750 sizeof(rfc), (unsigned long) &rfc);
2755 result = L2CAP_CONF_UNACCEPT;
2757 memset(&rfc, 0, sizeof(rfc));
2758 rfc.mode = pi->mode;
2761 if (result == L2CAP_CONF_SUCCESS)
2762 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2764 rsp->scid = cpu_to_le16(pi->dcid);
2765 rsp->result = cpu_to_le16(result);
2766 rsp->flags = cpu_to_le16(0x0000);
2771 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2773 struct l2cap_pinfo *pi = l2cap_pi(sk);
2774 struct l2cap_conf_req *req = data;
2775 void *ptr = req->data;
2778 struct l2cap_conf_rfc rfc;
2780 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2782 while (len >= L2CAP_CONF_OPT_SIZE) {
2783 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2786 case L2CAP_CONF_MTU:
2787 if (val < L2CAP_DEFAULT_MIN_MTU) {
2788 *result = L2CAP_CONF_UNACCEPT;
2789 pi->imtu = L2CAP_DEFAULT_MIN_MTU;
2792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2795 case L2CAP_CONF_FLUSH_TO:
2797 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2801 case L2CAP_CONF_RFC:
2802 if (olen == sizeof(rfc))
2803 memcpy(&rfc, (void *)val, olen);
2805 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2806 rfc.mode != pi->mode)
2807 return -ECONNREFUSED;
2811 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2812 sizeof(rfc), (unsigned long) &rfc);
2817 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2818 return -ECONNREFUSED;
2820 pi->mode = rfc.mode;
2822 if (*result == L2CAP_CONF_SUCCESS) {
2824 case L2CAP_MODE_ERTM:
2825 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2826 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2827 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2829 case L2CAP_MODE_STREAMING:
2830 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2834 req->dcid = cpu_to_le16(pi->dcid);
2835 req->flags = cpu_to_le16(0x0000);
2840 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2842 struct l2cap_conf_rsp *rsp = data;
2843 void *ptr = rsp->data;
2845 BT_DBG("sk %p", sk);
2847 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2848 rsp->result = cpu_to_le16(result);
2849 rsp->flags = cpu_to_le16(flags);
2854 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2856 struct l2cap_pinfo *pi = l2cap_pi(sk);
2859 struct l2cap_conf_rfc rfc;
2861 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2863 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2866 while (len >= L2CAP_CONF_OPT_SIZE) {
2867 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2870 case L2CAP_CONF_RFC:
2871 if (olen == sizeof(rfc))
2872 memcpy(&rfc, (void *)val, olen);
2879 case L2CAP_MODE_ERTM:
2880 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2881 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2882 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2884 case L2CAP_MODE_STREAMING:
2885 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2889 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2891 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2893 if (rej->reason != 0x0000)
2896 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2897 cmd->ident == conn->info_ident) {
2898 del_timer(&conn->info_timer);
2900 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2901 conn->info_ident = 0;
2903 l2cap_conn_start(conn);
2909 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2911 struct l2cap_chan_list *list = &conn->chan_list;
2912 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2913 struct l2cap_conn_rsp rsp;
2914 struct sock *parent, *sk = NULL;
2915 int result, status = L2CAP_CS_NO_INFO;
2917 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2918 __le16 psm = req->psm;
2920 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2922 /* Check if we have socket listening on psm */
2923 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2925 result = L2CAP_CR_BAD_PSM;
2929 bh_lock_sock(parent);
2931 /* Check if the ACL is secure enough (if not SDP) */
2932 if (psm != cpu_to_le16(0x0001) &&
2933 !hci_conn_check_link_mode(conn->hcon)) {
2934 conn->disc_reason = 0x05;
2935 result = L2CAP_CR_SEC_BLOCK;
2939 result = L2CAP_CR_NO_MEM;
2941 /* Check for backlog size */
2942 if (sk_acceptq_is_full(parent)) {
2943 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2947 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2951 write_lock_bh(&list->lock);
2953 /* Check if we already have channel with that dcid */
2954 if (__l2cap_get_chan_by_dcid(list, scid)) {
2955 write_unlock_bh(&list->lock);
2956 sock_set_flag(sk, SOCK_ZAPPED);
2957 l2cap_sock_kill(sk);
2961 hci_conn_hold(conn->hcon);
2963 l2cap_sock_init(sk, parent);
2964 bacpy(&bt_sk(sk)->src, conn->src);
2965 bacpy(&bt_sk(sk)->dst, conn->dst);
2966 l2cap_pi(sk)->psm = psm;
2967 l2cap_pi(sk)->dcid = scid;
2969 __l2cap_chan_add(conn, sk, parent);
2970 dcid = l2cap_pi(sk)->scid;
2972 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2974 l2cap_pi(sk)->ident = cmd->ident;
2976 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2977 if (l2cap_check_security(sk)) {
2978 if (bt_sk(sk)->defer_setup) {
2979 sk->sk_state = BT_CONNECT2;
2980 result = L2CAP_CR_PEND;
2981 status = L2CAP_CS_AUTHOR_PEND;
2982 parent->sk_data_ready(parent, 0);
2984 sk->sk_state = BT_CONFIG;
2985 result = L2CAP_CR_SUCCESS;
2986 status = L2CAP_CS_NO_INFO;
2989 sk->sk_state = BT_CONNECT2;
2990 result = L2CAP_CR_PEND;
2991 status = L2CAP_CS_AUTHEN_PEND;
2994 sk->sk_state = BT_CONNECT2;
2995 result = L2CAP_CR_PEND;
2996 status = L2CAP_CS_NO_INFO;
2999 write_unlock_bh(&list->lock);
3002 bh_unlock_sock(parent);
3005 rsp.scid = cpu_to_le16(scid);
3006 rsp.dcid = cpu_to_le16(dcid);
3007 rsp.result = cpu_to_le16(result);
3008 rsp.status = cpu_to_le16(status);
3009 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3011 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3012 struct l2cap_info_req info;
3013 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3015 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3016 conn->info_ident = l2cap_get_ident(conn);
3018 mod_timer(&conn->info_timer, jiffies +
3019 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
3021 l2cap_send_cmd(conn, conn->info_ident,
3022 L2CAP_INFO_REQ, sizeof(info), &info);
3025 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3026 result == L2CAP_CR_SUCCESS) {
3028 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3029 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3030 l2cap_build_conf_req(sk, buf), buf);
3031 l2cap_pi(sk)->num_conf_req++;
3037 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3039 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3040 u16 scid, dcid, result, status;
3044 scid = __le16_to_cpu(rsp->scid);
3045 dcid = __le16_to_cpu(rsp->dcid);
3046 result = __le16_to_cpu(rsp->result);
3047 status = __le16_to_cpu(rsp->status);
3049 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
3052 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3056 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
3062 case L2CAP_CR_SUCCESS:
3063 sk->sk_state = BT_CONFIG;
3064 l2cap_pi(sk)->ident = 0;
3065 l2cap_pi(sk)->dcid = dcid;
3066 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
3068 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3071 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3073 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3074 l2cap_build_conf_req(sk, req), req);
3075 l2cap_pi(sk)->num_conf_req++;
3079 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3083 /* don't delete l2cap channel if sk is owned by user */
3084 if (sock_owned_by_user(sk)) {
3085 sk->sk_state = BT_DISCONN;
3086 l2cap_sock_clear_timer(sk);
3087 l2cap_sock_set_timer(sk, HZ / 5);
3091 l2cap_chan_del(sk, ECONNREFUSED);
3099 static inline void set_default_fcs(struct l2cap_pinfo *pi)
3101 /* FCS is enabled only in ERTM or streaming mode, if one or both
3104 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING)
3105 pi->fcs = L2CAP_FCS_NONE;
3106 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV))
3107 pi->fcs = L2CAP_FCS_CRC16;
3110 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3112 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3118 dcid = __le16_to_cpu(req->dcid);
3119 flags = __le16_to_cpu(req->flags);
3121 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3123 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3127 if (sk->sk_state == BT_DISCONN)
3130 /* Reject if config buffer is too small. */
3131 len = cmd_len - sizeof(*req);
3132 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
3133 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3134 l2cap_build_conf_rsp(sk, rsp,
3135 L2CAP_CONF_REJECT, flags), rsp);
3140 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
3141 l2cap_pi(sk)->conf_len += len;
3143 if (flags & 0x0001) {
3144 /* Incomplete config. Send empty response. */
3145 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3146 l2cap_build_conf_rsp(sk, rsp,
3147 L2CAP_CONF_SUCCESS, 0x0001), rsp);
3151 /* Complete config. */
3152 len = l2cap_parse_conf_req(sk, rsp);
3154 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3158 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3159 l2cap_pi(sk)->num_conf_rsp++;
3161 /* Reset config buffer. */
3162 l2cap_pi(sk)->conf_len = 0;
3164 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
3167 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
3168 set_default_fcs(l2cap_pi(sk));
3170 sk->sk_state = BT_CONNECTED;
3172 l2cap_pi(sk)->next_tx_seq = 0;
3173 l2cap_pi(sk)->expected_tx_seq = 0;
3174 __skb_queue_head_init(TX_QUEUE(sk));
3175 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3176 l2cap_ertm_init(sk);
3178 l2cap_chan_ready(sk);
3182 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
3184 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3185 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3186 l2cap_build_conf_req(sk, buf), buf);
3187 l2cap_pi(sk)->num_conf_req++;
3195 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3197 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3198 u16 scid, flags, result;
3200 int len = cmd->len - sizeof(*rsp);
3202 scid = __le16_to_cpu(rsp->scid);
3203 flags = __le16_to_cpu(rsp->flags);
3204 result = __le16_to_cpu(rsp->result);
3206 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
3207 scid, flags, result);
3209 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3214 case L2CAP_CONF_SUCCESS:
3215 l2cap_conf_rfc_get(sk, rsp->data, len);
3218 case L2CAP_CONF_UNACCEPT:
3219 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
3222 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3223 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3227 /* throw out any old stored conf requests */
3228 result = L2CAP_CONF_SUCCESS;
3229 len = l2cap_parse_conf_rsp(sk, rsp->data,
3232 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3236 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3237 L2CAP_CONF_REQ, len, req);
3238 l2cap_pi(sk)->num_conf_req++;
3239 if (result != L2CAP_CONF_SUCCESS)
3245 sk->sk_err = ECONNRESET;
3246 l2cap_sock_set_timer(sk, HZ * 5);
3247 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3254 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
3256 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
3257 set_default_fcs(l2cap_pi(sk));
3259 sk->sk_state = BT_CONNECTED;
3260 l2cap_pi(sk)->next_tx_seq = 0;
3261 l2cap_pi(sk)->expected_tx_seq = 0;
3262 __skb_queue_head_init(TX_QUEUE(sk));
3263 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3264 l2cap_ertm_init(sk);
3266 l2cap_chan_ready(sk);
3274 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3276 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3277 struct l2cap_disconn_rsp rsp;
3281 scid = __le16_to_cpu(req->scid);
3282 dcid = __le16_to_cpu(req->dcid);
3284 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3286 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3290 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3291 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3292 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3294 sk->sk_shutdown = SHUTDOWN_MASK;
3296 /* don't delete l2cap channel if sk is owned by user */
3297 if (sock_owned_by_user(sk)) {
3298 sk->sk_state = BT_DISCONN;
3299 l2cap_sock_clear_timer(sk);
3300 l2cap_sock_set_timer(sk, HZ / 5);
3305 l2cap_chan_del(sk, ECONNRESET);
3308 l2cap_sock_kill(sk);
3312 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3314 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3318 scid = __le16_to_cpu(rsp->scid);
3319 dcid = __le16_to_cpu(rsp->dcid);
3321 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3323 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3327 /* don't delete l2cap channel if sk is owned by user */
3328 if (sock_owned_by_user(sk)) {
3329 sk->sk_state = BT_DISCONN;
3330 l2cap_sock_clear_timer(sk);
3331 l2cap_sock_set_timer(sk, HZ / 5);
3336 l2cap_chan_del(sk, 0);
3339 l2cap_sock_kill(sk);
3343 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3345 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3348 type = __le16_to_cpu(req->type);
3350 BT_DBG("type 0x%4.4x", type);
3352 if (type == L2CAP_IT_FEAT_MASK) {
3354 u32 feat_mask = l2cap_feat_mask;
3355 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3356 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3357 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3359 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3361 put_unaligned_le32(feat_mask, rsp->data);
3362 l2cap_send_cmd(conn, cmd->ident,
3363 L2CAP_INFO_RSP, sizeof(buf), buf);
3364 } else if (type == L2CAP_IT_FIXED_CHAN) {
3366 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3367 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3368 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3369 memcpy(buf + 4, l2cap_fixed_chan, 8);
3370 l2cap_send_cmd(conn, cmd->ident,
3371 L2CAP_INFO_RSP, sizeof(buf), buf);
3373 struct l2cap_info_rsp rsp;
3374 rsp.type = cpu_to_le16(type);
3375 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3376 l2cap_send_cmd(conn, cmd->ident,
3377 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3383 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3385 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3388 type = __le16_to_cpu(rsp->type);
3389 result = __le16_to_cpu(rsp->result);
3391 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3393 del_timer(&conn->info_timer);
3395 if (result != L2CAP_IR_SUCCESS) {
3396 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3397 conn->info_ident = 0;
3399 l2cap_conn_start(conn);
3404 if (type == L2CAP_IT_FEAT_MASK) {
3405 conn->feat_mask = get_unaligned_le32(rsp->data);
3407 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3408 struct l2cap_info_req req;
3409 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3411 conn->info_ident = l2cap_get_ident(conn);
3413 l2cap_send_cmd(conn, conn->info_ident,
3414 L2CAP_INFO_REQ, sizeof(req), &req);
3416 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3417 conn->info_ident = 0;
3419 l2cap_conn_start(conn);
3421 } else if (type == L2CAP_IT_FIXED_CHAN) {
3422 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3423 conn->info_ident = 0;
3425 l2cap_conn_start(conn);
3431 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3433 u8 *data = skb->data;
3435 struct l2cap_cmd_hdr cmd;
3438 l2cap_raw_recv(conn, skb);
3440 while (len >= L2CAP_CMD_HDR_SIZE) {
3442 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3443 data += L2CAP_CMD_HDR_SIZE;
3444 len -= L2CAP_CMD_HDR_SIZE;
3446 cmd_len = le16_to_cpu(cmd.len);
3448 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3450 if (cmd_len > len || !cmd.ident) {
3451 BT_DBG("corrupted command");
3456 case L2CAP_COMMAND_REJ:
3457 l2cap_command_rej(conn, &cmd, data);
3460 case L2CAP_CONN_REQ:
3461 err = l2cap_connect_req(conn, &cmd, data);
3464 case L2CAP_CONN_RSP:
3465 err = l2cap_connect_rsp(conn, &cmd, data);
3468 case L2CAP_CONF_REQ:
3469 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3472 case L2CAP_CONF_RSP:
3473 err = l2cap_config_rsp(conn, &cmd, data);
3476 case L2CAP_DISCONN_REQ:
3477 err = l2cap_disconnect_req(conn, &cmd, data);
3480 case L2CAP_DISCONN_RSP:
3481 err = l2cap_disconnect_rsp(conn, &cmd, data);
3484 case L2CAP_ECHO_REQ:
3485 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3488 case L2CAP_ECHO_RSP:
3491 case L2CAP_INFO_REQ:
3492 err = l2cap_information_req(conn, &cmd, data);
3495 case L2CAP_INFO_RSP:
3496 err = l2cap_information_rsp(conn, &cmd, data);
3500 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3506 struct l2cap_cmd_rej rej;
3507 BT_DBG("error %d", err);
3509 /* FIXME: Map err to a valid reason */
3510 rej.reason = cpu_to_le16(0);
3511 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3521 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3523 u16 our_fcs, rcv_fcs;
3524 int hdr_size = L2CAP_HDR_SIZE + 2;
3526 if (pi->fcs == L2CAP_FCS_CRC16) {
3527 skb_trim(skb, skb->len - 2);
3528 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3529 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3531 if (our_fcs != rcv_fcs)
3537 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3539 struct l2cap_pinfo *pi = l2cap_pi(sk);
3542 pi->frames_sent = 0;
3544 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3546 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3547 control |= L2CAP_SUPER_RCV_NOT_READY;
3548 l2cap_send_sframe(pi, control);
3549 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3552 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3553 l2cap_retransmit_frames(sk);
3555 l2cap_ertm_send(sk);
3557 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3558 pi->frames_sent == 0) {
3559 control |= L2CAP_SUPER_RCV_READY;
3560 l2cap_send_sframe(pi, control);
3564 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3566 struct sk_buff *next_skb;
3567 struct l2cap_pinfo *pi = l2cap_pi(sk);
3568 int tx_seq_offset, next_tx_seq_offset;
3570 bt_cb(skb)->tx_seq = tx_seq;
3571 bt_cb(skb)->sar = sar;
3573 next_skb = skb_peek(SREJ_QUEUE(sk));
3575 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3579 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3580 if (tx_seq_offset < 0)
3581 tx_seq_offset += 64;
3584 if (bt_cb(next_skb)->tx_seq == tx_seq)
3587 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3588 pi->buffer_seq) % 64;
3589 if (next_tx_seq_offset < 0)
3590 next_tx_seq_offset += 64;
3592 if (next_tx_seq_offset > tx_seq_offset) {
3593 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3597 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3600 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3602 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3607 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3609 struct l2cap_pinfo *pi = l2cap_pi(sk);
3610 struct sk_buff *_skb;
3613 switch (control & L2CAP_CTRL_SAR) {
3614 case L2CAP_SDU_UNSEGMENTED:
3615 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3618 err = sock_queue_rcv_skb(sk, skb);
3624 case L2CAP_SDU_START:
3625 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3628 pi->sdu_len = get_unaligned_le16(skb->data);
3630 if (pi->sdu_len > pi->imtu)
3633 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3637 /* pull sdu_len bytes only after alloc, because of Local Busy
3638 * condition we have to be sure that this will be executed
3639 * only once, i.e., when alloc does not fail */
3642 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3644 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3645 pi->partial_sdu_len = skb->len;
3648 case L2CAP_SDU_CONTINUE:
3649 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3655 pi->partial_sdu_len += skb->len;
3656 if (pi->partial_sdu_len > pi->sdu_len)
3659 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3664 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3670 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3671 pi->partial_sdu_len += skb->len;
3673 if (pi->partial_sdu_len > pi->imtu)
3676 if (pi->partial_sdu_len != pi->sdu_len)
3679 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3682 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3684 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3688 err = sock_queue_rcv_skb(sk, _skb);
3691 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3695 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3696 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3710 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3715 static int l2cap_try_push_rx_skb(struct sock *sk)
3717 struct l2cap_pinfo *pi = l2cap_pi(sk);
3718 struct sk_buff *skb;
3722 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3723 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3724 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3726 skb_queue_head(BUSY_QUEUE(sk), skb);
3730 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3733 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3736 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3737 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3738 l2cap_send_sframe(pi, control);
3739 l2cap_pi(sk)->retry_count = 1;
3741 del_timer(&pi->retrans_timer);
3742 __mod_monitor_timer();
3744 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3747 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3748 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3750 BT_DBG("sk %p, Exit local busy", sk);
3755 static void l2cap_busy_work(struct work_struct *work)
3757 DECLARE_WAITQUEUE(wait, current);
3758 struct l2cap_pinfo *pi =
3759 container_of(work, struct l2cap_pinfo, busy_work);
3760 struct sock *sk = (struct sock *)pi;
3761 int n_tries = 0, timeo = HZ/5, err;
3762 struct sk_buff *skb;
3766 add_wait_queue(sk_sleep(sk), &wait);
3767 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3768 set_current_state(TASK_INTERRUPTIBLE);
3770 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3772 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3779 if (signal_pending(current)) {
3780 err = sock_intr_errno(timeo);
3785 timeo = schedule_timeout(timeo);
3788 err = sock_error(sk);
3792 if (l2cap_try_push_rx_skb(sk) == 0)
3796 set_current_state(TASK_RUNNING);
3797 remove_wait_queue(sk_sleep(sk), &wait);
3802 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3804 struct l2cap_pinfo *pi = l2cap_pi(sk);
3807 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3808 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3809 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3810 return l2cap_try_push_rx_skb(sk);
3815 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3817 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3821 /* Busy Condition */
3822 BT_DBG("sk %p, Enter local busy", sk);
3824 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3825 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3826 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3828 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3829 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3830 l2cap_send_sframe(pi, sctrl);
3832 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3834 del_timer(&pi->ack_timer);
3836 queue_work(_busy_wq, &pi->busy_work);
3841 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3843 struct l2cap_pinfo *pi = l2cap_pi(sk);
3844 struct sk_buff *_skb;
3848 * TODO: We have to notify the userland if some data is lost with the
3852 switch (control & L2CAP_CTRL_SAR) {
3853 case L2CAP_SDU_UNSEGMENTED:
3854 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3859 err = sock_queue_rcv_skb(sk, skb);
3865 case L2CAP_SDU_START:
3866 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3871 pi->sdu_len = get_unaligned_le16(skb->data);
3874 if (pi->sdu_len > pi->imtu) {
3879 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3885 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3887 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3888 pi->partial_sdu_len = skb->len;
3892 case L2CAP_SDU_CONTINUE:
3893 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3896 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3898 pi->partial_sdu_len += skb->len;
3899 if (pi->partial_sdu_len > pi->sdu_len)
3907 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3910 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3912 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3913 pi->partial_sdu_len += skb->len;
3915 if (pi->partial_sdu_len > pi->imtu)
3918 if (pi->partial_sdu_len == pi->sdu_len) {
3919 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3920 err = sock_queue_rcv_skb(sk, _skb);
3935 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3937 struct sk_buff *skb;
3940 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3941 if (bt_cb(skb)->tx_seq != tx_seq)
3944 skb = skb_dequeue(SREJ_QUEUE(sk));
3945 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3946 l2cap_ertm_reassembly_sdu(sk, skb, control);
3947 l2cap_pi(sk)->buffer_seq_srej =
3948 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3949 tx_seq = (tx_seq + 1) % 64;
3953 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3955 struct l2cap_pinfo *pi = l2cap_pi(sk);
3956 struct srej_list *l, *tmp;
3959 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3960 if (l->tx_seq == tx_seq) {
3965 control = L2CAP_SUPER_SELECT_REJECT;
3966 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3967 l2cap_send_sframe(pi, control);
3969 list_add_tail(&l->list, SREJ_LIST(sk));
3973 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3975 struct l2cap_pinfo *pi = l2cap_pi(sk);
3976 struct srej_list *new;
3979 while (tx_seq != pi->expected_tx_seq) {
3980 control = L2CAP_SUPER_SELECT_REJECT;
3981 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3982 l2cap_send_sframe(pi, control);
3984 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3985 new->tx_seq = pi->expected_tx_seq;
3986 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3987 list_add_tail(&new->list, SREJ_LIST(sk));
3989 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3992 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3994 struct l2cap_pinfo *pi = l2cap_pi(sk);
3995 u8 tx_seq = __get_txseq(rx_control);
3996 u8 req_seq = __get_reqseq(rx_control);
3997 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3998 int tx_seq_offset, expected_tx_seq_offset;
3999 int num_to_ack = (pi->tx_win/6) + 1;
4002 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
4005 if (L2CAP_CTRL_FINAL & rx_control &&
4006 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4007 del_timer(&pi->monitor_timer);
4008 if (pi->unacked_frames > 0)
4009 __mod_retrans_timer();
4010 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
4013 pi->expected_ack_seq = req_seq;
4014 l2cap_drop_acked_frames(sk);
4016 if (tx_seq == pi->expected_tx_seq)
4019 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
4020 if (tx_seq_offset < 0)
4021 tx_seq_offset += 64;
4023 /* invalid tx_seq */
4024 if (tx_seq_offset >= pi->tx_win) {
4025 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4029 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
4032 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4033 struct srej_list *first;
4035 first = list_first_entry(SREJ_LIST(sk),
4036 struct srej_list, list);
4037 if (tx_seq == first->tx_seq) {
4038 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4039 l2cap_check_srej_gap(sk, tx_seq);
4041 list_del(&first->list);
4044 if (list_empty(SREJ_LIST(sk))) {
4045 pi->buffer_seq = pi->buffer_seq_srej;
4046 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
4048 BT_DBG("sk %p, Exit SREJ_SENT", sk);
4051 struct srej_list *l;
4053 /* duplicated tx_seq */
4054 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
4057 list_for_each_entry(l, SREJ_LIST(sk), list) {
4058 if (l->tx_seq == tx_seq) {
4059 l2cap_resend_srejframe(sk, tx_seq);
4063 l2cap_send_srejframe(sk, tx_seq);
4066 expected_tx_seq_offset =
4067 (pi->expected_tx_seq - pi->buffer_seq) % 64;
4068 if (expected_tx_seq_offset < 0)
4069 expected_tx_seq_offset += 64;
4071 /* duplicated tx_seq */
4072 if (tx_seq_offset < expected_tx_seq_offset)
4075 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
4077 BT_DBG("sk %p, Enter SREJ", sk);
4079 INIT_LIST_HEAD(SREJ_LIST(sk));
4080 pi->buffer_seq_srej = pi->buffer_seq;
4082 __skb_queue_head_init(SREJ_QUEUE(sk));
4083 __skb_queue_head_init(BUSY_QUEUE(sk));
4084 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4086 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
4088 l2cap_send_srejframe(sk, tx_seq);
4090 del_timer(&pi->ack_timer);
4095 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4097 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4098 bt_cb(skb)->tx_seq = tx_seq;
4099 bt_cb(skb)->sar = sar;
4100 __skb_queue_tail(SREJ_QUEUE(sk), skb);
4104 err = l2cap_push_rx_skb(sk, skb, rx_control);
4108 if (rx_control & L2CAP_CTRL_FINAL) {
4109 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4110 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4112 l2cap_retransmit_frames(sk);
4117 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
4118 if (pi->num_acked == num_to_ack - 1)
4128 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
4130 struct l2cap_pinfo *pi = l2cap_pi(sk);
4132 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4135 pi->expected_ack_seq = __get_reqseq(rx_control);
4136 l2cap_drop_acked_frames(sk);
4138 if (rx_control & L2CAP_CTRL_POLL) {
4139 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4140 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4141 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4142 (pi->unacked_frames > 0))
4143 __mod_retrans_timer();
4145 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4146 l2cap_send_srejtail(sk);
4148 l2cap_send_i_or_rr_or_rnr(sk);
4151 } else if (rx_control & L2CAP_CTRL_FINAL) {
4152 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4154 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4155 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4157 l2cap_retransmit_frames(sk);
4160 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4161 (pi->unacked_frames > 0))
4162 __mod_retrans_timer();
4164 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4165 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4168 l2cap_ertm_send(sk);
4173 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
4175 struct l2cap_pinfo *pi = l2cap_pi(sk);
4176 u8 tx_seq = __get_reqseq(rx_control);
4178 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4180 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4182 pi->expected_ack_seq = tx_seq;
4183 l2cap_drop_acked_frames(sk);
4185 if (rx_control & L2CAP_CTRL_FINAL) {
4186 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4187 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4189 l2cap_retransmit_frames(sk);
4191 l2cap_retransmit_frames(sk);
4193 if (pi->conn_state & L2CAP_CONN_WAIT_F)
4194 pi->conn_state |= L2CAP_CONN_REJ_ACT;
4197 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
4199 struct l2cap_pinfo *pi = l2cap_pi(sk);
4200 u8 tx_seq = __get_reqseq(rx_control);
4202 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4204 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4206 if (rx_control & L2CAP_CTRL_POLL) {
4207 pi->expected_ack_seq = tx_seq;
4208 l2cap_drop_acked_frames(sk);
4210 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4211 l2cap_retransmit_one_frame(sk, tx_seq);
4213 l2cap_ertm_send(sk);
4215 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4216 pi->srej_save_reqseq = tx_seq;
4217 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4219 } else if (rx_control & L2CAP_CTRL_FINAL) {
4220 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4221 pi->srej_save_reqseq == tx_seq)
4222 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4224 l2cap_retransmit_one_frame(sk, tx_seq);
4226 l2cap_retransmit_one_frame(sk, tx_seq);
4227 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4228 pi->srej_save_reqseq = tx_seq;
4229 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4234 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4236 struct l2cap_pinfo *pi = l2cap_pi(sk);
4237 u8 tx_seq = __get_reqseq(rx_control);
4239 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4241 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4242 pi->expected_ack_seq = tx_seq;
4243 l2cap_drop_acked_frames(sk);
4245 if (rx_control & L2CAP_CTRL_POLL)
4246 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4248 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4249 del_timer(&pi->retrans_timer);
4250 if (rx_control & L2CAP_CTRL_POLL)
4251 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4255 if (rx_control & L2CAP_CTRL_POLL)
4256 l2cap_send_srejtail(sk);
4258 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4261 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4263 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4265 if (L2CAP_CTRL_FINAL & rx_control &&
4266 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4267 del_timer(&l2cap_pi(sk)->monitor_timer);
4268 if (l2cap_pi(sk)->unacked_frames > 0)
4269 __mod_retrans_timer();
4270 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4273 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4274 case L2CAP_SUPER_RCV_READY:
4275 l2cap_data_channel_rrframe(sk, rx_control);
4278 case L2CAP_SUPER_REJECT:
4279 l2cap_data_channel_rejframe(sk, rx_control);
4282 case L2CAP_SUPER_SELECT_REJECT:
4283 l2cap_data_channel_srejframe(sk, rx_control);
4286 case L2CAP_SUPER_RCV_NOT_READY:
4287 l2cap_data_channel_rnrframe(sk, rx_control);
4295 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4297 struct l2cap_pinfo *pi = l2cap_pi(sk);
4300 int len, next_tx_seq_offset, req_seq_offset;
4302 control = get_unaligned_le16(skb->data);
4307 * We can just drop the corrupted I-frame here.
4308 * Receiver will miss it and start proper recovery
4309 * procedures and ask retransmission.
4311 if (l2cap_check_fcs(pi, skb))
4314 if (__is_sar_start(control) && __is_iframe(control))
4317 if (pi->fcs == L2CAP_FCS_CRC16)
4320 if (len > pi->mps) {
4321 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4325 req_seq = __get_reqseq(control);
4326 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4327 if (req_seq_offset < 0)
4328 req_seq_offset += 64;
4330 next_tx_seq_offset =
4331 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4332 if (next_tx_seq_offset < 0)
4333 next_tx_seq_offset += 64;
4335 /* check for invalid req-seq */
4336 if (req_seq_offset > next_tx_seq_offset) {
4337 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4341 if (__is_iframe(control)) {
4343 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4347 l2cap_data_channel_iframe(sk, control, skb);
4351 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4355 l2cap_data_channel_sframe(sk, control, skb);
4365 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4368 struct l2cap_pinfo *pi;
4373 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4375 BT_DBG("unknown cid 0x%4.4x", cid);
4381 BT_DBG("sk %p, len %d", sk, skb->len);
4383 if (sk->sk_state != BT_CONNECTED)
4387 case L2CAP_MODE_BASIC:
4388 /* If socket recv buffers overflows we drop data here
4389 * which is *bad* because L2CAP has to be reliable.
4390 * But we don't have any other choice. L2CAP doesn't
4391 * provide flow control mechanism. */
4393 if (pi->imtu < skb->len)
4396 if (!sock_queue_rcv_skb(sk, skb))
4400 case L2CAP_MODE_ERTM:
4401 if (!sock_owned_by_user(sk)) {
4402 l2cap_ertm_data_rcv(sk, skb);
4404 if (sk_add_backlog(sk, skb))
4410 case L2CAP_MODE_STREAMING:
4411 control = get_unaligned_le16(skb->data);
4415 if (l2cap_check_fcs(pi, skb))
4418 if (__is_sar_start(control))
4421 if (pi->fcs == L2CAP_FCS_CRC16)
4424 if (len > pi->mps || len < 0 || __is_sframe(control))
4427 tx_seq = __get_txseq(control);
4429 if (pi->expected_tx_seq == tx_seq)
4430 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4432 pi->expected_tx_seq = (tx_seq + 1) % 64;
4434 l2cap_streaming_reassembly_sdu(sk, skb, control);
4439 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
4453 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4457 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
4463 BT_DBG("sk %p, len %d", sk, skb->len);
4465 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
4468 if (l2cap_pi(sk)->imtu < skb->len)
4471 if (!sock_queue_rcv_skb(sk, skb))
4483 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4485 struct l2cap_hdr *lh = (void *) skb->data;
4489 skb_pull(skb, L2CAP_HDR_SIZE);
4490 cid = __le16_to_cpu(lh->cid);
4491 len = __le16_to_cpu(lh->len);
4493 if (len != skb->len) {
4498 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4501 case L2CAP_CID_SIGNALING:
4502 l2cap_sig_channel(conn, skb);
4505 case L2CAP_CID_CONN_LESS:
4506 psm = get_unaligned_le16(skb->data);
4508 l2cap_conless_channel(conn, psm, skb);
4512 l2cap_data_channel(conn, cid, skb);
4517 /* ---- L2CAP interface with lower layer (HCI) ---- */
4519 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4521 int exact = 0, lm1 = 0, lm2 = 0;
4522 register struct sock *sk;
4523 struct hlist_node *node;
4525 if (type != ACL_LINK)
4528 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4530 /* Find listening sockets and check their link_mode */
4531 read_lock(&l2cap_sk_list.lock);
4532 sk_for_each(sk, node, &l2cap_sk_list.head) {
4533 if (sk->sk_state != BT_LISTEN)
4536 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
4537 lm1 |= HCI_LM_ACCEPT;
4538 if (l2cap_pi(sk)->role_switch)
4539 lm1 |= HCI_LM_MASTER;
4541 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4542 lm2 |= HCI_LM_ACCEPT;
4543 if (l2cap_pi(sk)->role_switch)
4544 lm2 |= HCI_LM_MASTER;
4547 read_unlock(&l2cap_sk_list.lock);
4549 return exact ? lm1 : lm2;
4552 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4554 struct l2cap_conn *conn;
4556 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4558 if (hcon->type != ACL_LINK)
4562 conn = l2cap_conn_add(hcon, status);
4564 l2cap_conn_ready(conn);
4566 l2cap_conn_del(hcon, bt_err(status));
4571 static int l2cap_disconn_ind(struct hci_conn *hcon)
4573 struct l2cap_conn *conn = hcon->l2cap_data;
4575 BT_DBG("hcon %p", hcon);
4577 if (hcon->type != ACL_LINK || !conn)
4580 return conn->disc_reason;
4583 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4585 BT_DBG("hcon %p reason %d", hcon, reason);
4587 if (hcon->type != ACL_LINK)
4590 l2cap_conn_del(hcon, bt_err(reason));
4595 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
4597 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
4600 if (encrypt == 0x00) {
4601 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
4602 l2cap_sock_clear_timer(sk);
4603 l2cap_sock_set_timer(sk, HZ * 5);
4604 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
4605 __l2cap_sock_close(sk, ECONNREFUSED);
4607 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
4608 l2cap_sock_clear_timer(sk);
4612 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4614 struct l2cap_chan_list *l;
4615 struct l2cap_conn *conn = hcon->l2cap_data;
4621 l = &conn->chan_list;
4623 BT_DBG("conn %p", conn);
4625 read_lock(&l->lock);
4627 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
4630 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
4635 if (!status && (sk->sk_state == BT_CONNECTED ||
4636 sk->sk_state == BT_CONFIG)) {
4637 l2cap_check_encryption(sk, encrypt);
4642 if (sk->sk_state == BT_CONNECT) {
4644 struct l2cap_conn_req req;
4645 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
4646 req.psm = l2cap_pi(sk)->psm;
4648 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
4649 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
4651 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4652 L2CAP_CONN_REQ, sizeof(req), &req);
4654 l2cap_sock_clear_timer(sk);
4655 l2cap_sock_set_timer(sk, HZ / 10);
4657 } else if (sk->sk_state == BT_CONNECT2) {
4658 struct l2cap_conn_rsp rsp;
4662 sk->sk_state = BT_CONFIG;
4663 result = L2CAP_CR_SUCCESS;
4665 sk->sk_state = BT_DISCONN;
4666 l2cap_sock_set_timer(sk, HZ / 10);
4667 result = L2CAP_CR_SEC_BLOCK;
4670 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
4671 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
4672 rsp.result = cpu_to_le16(result);
4673 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4674 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4675 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4681 read_unlock(&l->lock);
4686 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4688 struct l2cap_conn *conn = hcon->l2cap_data;
4690 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4693 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4695 if (flags & ACL_START) {
4696 struct l2cap_hdr *hdr;
4702 BT_ERR("Unexpected start frame (len %d)", skb->len);
4703 kfree_skb(conn->rx_skb);
4704 conn->rx_skb = NULL;
4706 l2cap_conn_unreliable(conn, ECOMM);
4709 /* Start fragment always begin with Basic L2CAP header */
4710 if (skb->len < L2CAP_HDR_SIZE) {
4711 BT_ERR("Frame is too short (len %d)", skb->len);
4712 l2cap_conn_unreliable(conn, ECOMM);
4716 hdr = (struct l2cap_hdr *) skb->data;
4717 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4718 cid = __le16_to_cpu(hdr->cid);
4720 if (len == skb->len) {
4721 /* Complete frame received */
4722 l2cap_recv_frame(conn, skb);
4726 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4728 if (skb->len > len) {
4729 BT_ERR("Frame is too long (len %d, expected len %d)",
4731 l2cap_conn_unreliable(conn, ECOMM);
4735 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4737 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
4738 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)",
4739 len, l2cap_pi(sk)->imtu);
4741 l2cap_conn_unreliable(conn, ECOMM);
4748 /* Allocate skb for the complete frame (with header) */
4749 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4753 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4755 conn->rx_len = len - skb->len;
4757 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4759 if (!conn->rx_len) {
4760 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4761 l2cap_conn_unreliable(conn, ECOMM);
4765 if (skb->len > conn->rx_len) {
4766 BT_ERR("Fragment is too long (len %d, expected %d)",
4767 skb->len, conn->rx_len);
4768 kfree_skb(conn->rx_skb);
4769 conn->rx_skb = NULL;
4771 l2cap_conn_unreliable(conn, ECOMM);
4775 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4777 conn->rx_len -= skb->len;
4779 if (!conn->rx_len) {
4780 /* Complete frame received */
4781 l2cap_recv_frame(conn, conn->rx_skb);
4782 conn->rx_skb = NULL;
4791 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4794 struct hlist_node *node;
4796 read_lock_bh(&l2cap_sk_list.lock);
4798 sk_for_each(sk, node, &l2cap_sk_list.head) {
4799 struct l2cap_pinfo *pi = l2cap_pi(sk);
4801 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4802 batostr(&bt_sk(sk)->src),
4803 batostr(&bt_sk(sk)->dst),
4804 sk->sk_state, __le16_to_cpu(pi->psm),
4806 pi->imtu, pi->omtu, pi->sec_level);
4809 read_unlock_bh(&l2cap_sk_list.lock);
4814 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4816 return single_open(file, l2cap_debugfs_show, inode->i_private);
4819 static const struct file_operations l2cap_debugfs_fops = {
4820 .open = l2cap_debugfs_open,
4822 .llseek = seq_lseek,
4823 .release = single_release,
4826 static struct dentry *l2cap_debugfs;
4828 static const struct proto_ops l2cap_sock_ops = {
4829 .family = PF_BLUETOOTH,
4830 .owner = THIS_MODULE,
4831 .release = l2cap_sock_release,
4832 .bind = l2cap_sock_bind,
4833 .connect = l2cap_sock_connect,
4834 .listen = l2cap_sock_listen,
4835 .accept = l2cap_sock_accept,
4836 .getname = l2cap_sock_getname,
4837 .sendmsg = l2cap_sock_sendmsg,
4838 .recvmsg = l2cap_sock_recvmsg,
4839 .poll = bt_sock_poll,
4840 .ioctl = bt_sock_ioctl,
4841 .mmap = sock_no_mmap,
4842 .socketpair = sock_no_socketpair,
4843 .shutdown = l2cap_sock_shutdown,
4844 .setsockopt = l2cap_sock_setsockopt,
4845 .getsockopt = l2cap_sock_getsockopt
4848 static const struct net_proto_family l2cap_sock_family_ops = {
4849 .family = PF_BLUETOOTH,
4850 .owner = THIS_MODULE,
4851 .create = l2cap_sock_create,
4854 static struct hci_proto l2cap_hci_proto = {
4856 .id = HCI_PROTO_L2CAP,
4857 .connect_ind = l2cap_connect_ind,
4858 .connect_cfm = l2cap_connect_cfm,
4859 .disconn_ind = l2cap_disconn_ind,
4860 .disconn_cfm = l2cap_disconn_cfm,
4861 .security_cfm = l2cap_security_cfm,
4862 .recv_acldata = l2cap_recv_acldata
4865 static int __init l2cap_init(void)
4869 err = proto_register(&l2cap_proto, 0);
4873 _busy_wq = create_singlethread_workqueue("l2cap");
4877 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4879 BT_ERR("L2CAP socket registration failed");
4883 err = hci_register_proto(&l2cap_hci_proto);
4885 BT_ERR("L2CAP protocol registration failed");
4886 bt_sock_unregister(BTPROTO_L2CAP);
4891 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4892 bt_debugfs, NULL, &l2cap_debugfs_fops);
4894 BT_ERR("Failed to create L2CAP debug file");
4897 BT_INFO("L2CAP ver %s", VERSION);
4898 BT_INFO("L2CAP socket layer initialized");
4903 proto_unregister(&l2cap_proto);
4907 static void __exit l2cap_exit(void)
4909 debugfs_remove(l2cap_debugfs);
4911 flush_workqueue(_busy_wq);
4912 destroy_workqueue(_busy_wq);
4914 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4915 BT_ERR("L2CAP socket unregistration failed");
4917 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4918 BT_ERR("L2CAP protocol unregistration failed");
4920 proto_unregister(&l2cap_proto);
4923 void l2cap_load(void)
4925 /* Dummy function to trigger automatic L2CAP module loading by
4926 * other modules that use L2CAP sockets but don't use any other
4927 * symbols from it. */
4929 EXPORT_SYMBOL(l2cap_load);
4931 module_init(l2cap_init);
4932 module_exit(l2cap_exit);
4934 module_param(disable_ertm, bool, 0644);
4935 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4937 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4938 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4939 MODULE_VERSION(VERSION);
4940 MODULE_LICENSE("GPL");
4941 MODULE_ALIAS("bt-proto-0");
projects / mv-sheeva.git / blob