blob: dad419782a1280bbff079c4978578f0be54e37a3 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
Gustavo F. Padovance5706b2010-07-13 11:57:11 -03004 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
Gustavo F. Padovan5d8868f2010-07-16 16:18:39 -03005 Copyright (C) 2010 Google Inc.
Gustavo F. Padovan590051d2011-12-18 13:39:33 -02006 Copyright (C) 2011 ProFUSION Embedded Systems
Mat Martineau422e9252012-04-27 16:50:55 -07007 Copyright (c) 2012 Code Aurora Forum. All rights reserved.
Linus Torvalds1da177e2005-04-16 15:20:36 -07008
9 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License version 2 as
13 published by the Free Software Foundation;
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
18 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090019 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070022 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090024 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
25 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070026 SOFTWARE IS DISCLAIMED.
27*/
28
Gustavo F. Padovanbb58f742011-02-03 20:50:35 -020029/* Bluetooth L2CAP core. */
Linus Torvalds1da177e2005-04-16 15:20:36 -070030
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <linux/module.h>
32
Marcel Holtmannaef7d972010-03-21 05:27:45 +010033#include <linux/debugfs.h>
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -030034#include <linux/crc16.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070035
36#include <net/bluetooth/bluetooth.h>
37#include <net/bluetooth/hci_core.h>
38#include <net/bluetooth/l2cap.h>
Marcel Holtmann7ef9fbf2013-10-10 14:54:14 -070039
Marcel Holtmannac4b7232013-10-10 14:54:16 -070040#include "smp.h"
Marcel Holtmann70247282013-10-10 14:54:15 -070041#include "a2mp.h"
Marcel Holtmann7ef9fbf2013-10-10 14:54:14 -070042#include "amp.h"
Linus Torvalds1da177e2005-04-16 15:20:36 -070043
Johan Hedberg0f1bfe42014-01-27 15:11:35 -080044#define LE_FLOWCTL_MAX_CREDITS 65535
45
Mat Martineaud1de6d42012-05-17 20:53:55 -070046bool disable_ertm;
Marcel Holtmannf0709e02007-10-20 13:38:51 +020047
Marcel Holtmann547d1032013-10-12 08:18:19 -070048static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD;
Linus Torvalds1da177e2005-04-16 15:20:36 -070049
Johannes Bergb5ad8b72011-06-01 08:54:45 +020050static LIST_HEAD(chan_list);
51static DEFINE_RWLOCK(chan_list_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -070052
Johan Hedbergf15b8ec2013-12-03 15:08:25 +020053static u16 le_max_credits = L2CAP_LE_MAX_CREDITS;
54static u16 le_default_mps = L2CAP_LE_DEFAULT_MPS;
55
Linus Torvalds1da177e2005-04-16 15:20:36 -070056static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
Gustavo Padovan2d792812012-10-06 10:07:01 +010057 u8 code, u8 ident, u16 dlen, void *data);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -030058static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
Gustavo Padovan2d792812012-10-06 10:07:01 +010059 void *data);
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -030060static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +020061static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
Linus Torvalds1da177e2005-04-16 15:20:36 -070062
Gustavo Padovand6603662012-05-21 13:58:22 -030063static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
Gustavo Padovan2d792812012-10-06 10:07:01 +010064 struct sk_buff_head *skbs, u8 event);
Mat Martineau608bcc62012-05-17 20:53:32 -070065
Johan Hedberga250e042015-01-15 13:06:44 +020066static inline u8 bdaddr_type(u8 link_type, u8 bdaddr_type)
Marcel Holtmann4f1654e2013-10-13 08:50:41 -070067{
Johan Hedberga250e042015-01-15 13:06:44 +020068 if (link_type == LE_LINK) {
69 if (bdaddr_type == ADDR_LE_DEV_PUBLIC)
Marcel Holtmann4f1654e2013-10-13 08:50:41 -070070 return BDADDR_LE_PUBLIC;
71 else
72 return BDADDR_LE_RANDOM;
73 }
74
75 return BDADDR_BREDR;
76}
77
Johan Hedberga250e042015-01-15 13:06:44 +020078static inline u8 bdaddr_src_type(struct hci_conn *hcon)
79{
80 return bdaddr_type(hcon->type, hcon->src_type);
81}
82
83static inline u8 bdaddr_dst_type(struct hci_conn *hcon)
84{
85 return bdaddr_type(hcon->type, hcon->dst_type);
86}
87
Marcel Holtmann01394182006-07-03 10:02:46 +020088/* ---- L2CAP channels ---- */
Gustavo F. Padovan71ba0e52011-05-17 14:34:52 -030089
Gustavo Padovan2d792812012-10-06 10:07:01 +010090static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
91 u16 cid)
Marcel Holtmann01394182006-07-03 10:02:46 +020092{
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +020093 struct l2cap_chan *c;
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -030094
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +020095 list_for_each_entry(c, &conn->chan_l, list) {
96 if (c->dcid == cid)
97 return c;
Marcel Holtmann01394182006-07-03 10:02:46 +020098 }
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +020099 return NULL;
Marcel Holtmann01394182006-07-03 10:02:46 +0200100}
101
Gustavo Padovan2d792812012-10-06 10:07:01 +0100102static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn,
103 u16 cid)
Marcel Holtmann01394182006-07-03 10:02:46 +0200104{
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200105 struct l2cap_chan *c;
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300106
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200107 list_for_each_entry(c, &conn->chan_l, list) {
108 if (c->scid == cid)
109 return c;
Marcel Holtmann01394182006-07-03 10:02:46 +0200110 }
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200111 return NULL;
Marcel Holtmann01394182006-07-03 10:02:46 +0200112}
113
114/* Find channel with given SCID.
Mat Martineauef191ad2012-05-02 09:42:00 -0700115 * Returns locked channel. */
Gustavo Padovan2d792812012-10-06 10:07:01 +0100116static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
117 u16 cid)
Marcel Holtmann01394182006-07-03 10:02:46 +0200118{
Gustavo F. Padovan48454072011-03-25 00:22:30 -0300119 struct l2cap_chan *c;
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300120
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200121 mutex_lock(&conn->chan_lock);
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300122 c = __l2cap_get_chan_by_scid(conn, cid);
Mat Martineauef191ad2012-05-02 09:42:00 -0700123 if (c)
124 l2cap_chan_lock(c);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200125 mutex_unlock(&conn->chan_lock);
126
Gustavo F. Padovan48454072011-03-25 00:22:30 -0300127 return c;
Marcel Holtmann01394182006-07-03 10:02:46 +0200128}
129
Mat Martineaub1a130b2012-10-23 15:24:09 -0700130/* Find channel with given DCID.
131 * Returns locked channel.
132 */
133static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
134 u16 cid)
135{
136 struct l2cap_chan *c;
137
138 mutex_lock(&conn->chan_lock);
139 c = __l2cap_get_chan_by_dcid(conn, cid);
140 if (c)
141 l2cap_chan_lock(c);
142 mutex_unlock(&conn->chan_lock);
143
144 return c;
145}
146
Gustavo Padovan2d792812012-10-06 10:07:01 +0100147static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn,
148 u8 ident)
Marcel Holtmann01394182006-07-03 10:02:46 +0200149{
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200150 struct l2cap_chan *c;
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300151
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200152 list_for_each_entry(c, &conn->chan_l, list) {
153 if (c->ident == ident)
154 return c;
Marcel Holtmann01394182006-07-03 10:02:46 +0200155 }
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200156 return NULL;
Marcel Holtmann01394182006-07-03 10:02:46 +0200157}
158
Mat Martineau5b155ef2012-10-23 15:24:14 -0700159static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn,
160 u8 ident)
161{
162 struct l2cap_chan *c;
163
164 mutex_lock(&conn->chan_lock);
165 c = __l2cap_get_chan_by_ident(conn, ident);
166 if (c)
167 l2cap_chan_lock(c);
168 mutex_unlock(&conn->chan_lock);
169
170 return c;
171}
172
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300173static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300174{
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300175 struct l2cap_chan *c;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300176
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300177 list_for_each_entry(c, &chan_list, global_l) {
Marcel Holtmann7eafc592013-10-13 08:12:47 -0700178 if (c->sport == psm && !bacmp(&c->src, src))
Szymon Janc250938c2011-11-16 09:32:22 +0100179 return c;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300180 }
Szymon Janc250938c2011-11-16 09:32:22 +0100181 return NULL;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300182}
183
184int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
185{
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300186 int err;
187
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200188 write_lock(&chan_list_lock);
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300189
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300190 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300191 err = -EADDRINUSE;
192 goto done;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300193 }
194
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300195 if (psm) {
196 chan->psm = psm;
197 chan->sport = psm;
198 err = 0;
199 } else {
200 u16 p;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300201
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300202 err = -EINVAL;
203 for (p = 0x1001; p < 0x1100; p += 2)
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300204 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300205 chan->psm = cpu_to_le16(p);
206 chan->sport = cpu_to_le16(p);
207 err = 0;
208 break;
209 }
210 }
211
212done:
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200213 write_unlock(&chan_list_lock);
Gustavo F. Padovan73b2ec12011-04-18 19:36:44 -0300214 return err;
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300215}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300216EXPORT_SYMBOL_GPL(l2cap_add_psm);
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300217
218int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
219{
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200220 write_lock(&chan_list_lock);
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300221
Johan Hedberg14824302014-08-07 22:56:50 +0300222 /* Override the defaults (which are for conn-oriented) */
223 chan->omtu = L2CAP_DEFAULT_MTU;
224 chan->chan_type = L2CAP_CHAN_FIXED;
225
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300226 chan->scid = scid;
227
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200228 write_unlock(&chan_list_lock);
Gustavo F. Padovan9e4425f2011-04-18 18:38:43 -0300229
230 return 0;
231}
232
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300233static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
Marcel Holtmann01394182006-07-03 10:02:46 +0200234{
Johan Hedberge77af752013-10-08 10:31:00 +0200235 u16 cid, dyn_end;
Marcel Holtmann01394182006-07-03 10:02:46 +0200236
Johan Hedberge77af752013-10-08 10:31:00 +0200237 if (conn->hcon->type == LE_LINK)
238 dyn_end = L2CAP_CID_LE_DYN_END;
239 else
240 dyn_end = L2CAP_CID_DYN_END;
241
242 for (cid = L2CAP_CID_DYN_START; cid < dyn_end; cid++) {
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300243 if (!__l2cap_get_chan_by_scid(conn, cid))
Marcel Holtmann01394182006-07-03 10:02:46 +0200244 return cid;
245 }
246
247 return 0;
248}
249
Gustavo Padovanf93fa272013-10-21 14:21:40 -0200250static void l2cap_state_change(struct l2cap_chan *chan, int state)
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300251{
Andrei Emeltchenko42d2d872012-02-17 11:40:57 +0200252 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
Gustavo Padovan2d792812012-10-06 10:07:01 +0100253 state_to_string(state));
Gustavo F. Padovanbadaaa02011-11-23 20:11:46 -0200254
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300255 chan->state = state;
Gustavo Padovan53f52122013-10-15 19:24:45 -0300256 chan->ops->state_change(chan, state, 0);
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300257}
258
Gustavo Padovanf8e73012013-10-15 19:24:46 -0300259static inline void l2cap_state_change_and_error(struct l2cap_chan *chan,
260 int state, int err)
Andrei Emeltchenko2e0052e2012-02-21 12:54:58 +0200261{
Gustavo Padovanf8e73012013-10-15 19:24:46 -0300262 chan->state = state;
Gustavo Padovan53f52122013-10-15 19:24:45 -0300263 chan->ops->state_change(chan, chan->state, err);
Andrei Emeltchenko2e0052e2012-02-21 12:54:58 +0200264}
265
266static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
267{
Gustavo Padovanf8e73012013-10-15 19:24:46 -0300268 chan->ops->state_change(chan, chan->state, err);
Andrei Emeltchenko2e0052e2012-02-21 12:54:58 +0200269}
270
Mat Martineau4239d162012-05-17 20:53:49 -0700271static void __set_retrans_timer(struct l2cap_chan *chan)
272{
273 if (!delayed_work_pending(&chan->monitor_timer) &&
274 chan->retrans_timeout) {
275 l2cap_set_timer(chan, &chan->retrans_timer,
276 msecs_to_jiffies(chan->retrans_timeout));
277 }
278}
279
280static void __set_monitor_timer(struct l2cap_chan *chan)
281{
282 __clear_retrans_timer(chan);
283 if (chan->monitor_timeout) {
284 l2cap_set_timer(chan, &chan->monitor_timer,
285 msecs_to_jiffies(chan->monitor_timeout));
286 }
287}
288
Mat Martineau608bcc62012-05-17 20:53:32 -0700289static struct sk_buff *l2cap_ertm_seq_in_queue(struct sk_buff_head *head,
290 u16 seq)
291{
292 struct sk_buff *skb;
293
294 skb_queue_walk(head, skb) {
Johan Hedberga4368ff2015-03-30 23:21:01 +0300295 if (bt_cb(skb)->l2cap.txseq == seq)
Mat Martineau608bcc62012-05-17 20:53:32 -0700296 return skb;
297 }
298
299 return NULL;
300}
301
Mat Martineau3c588192012-04-11 10:48:42 -0700302/* ---- L2CAP sequence number lists ---- */
303
304/* For ERTM, ordered lists of sequence numbers must be tracked for
305 * SREJ requests that are received and for frames that are to be
306 * retransmitted. These seq_list functions implement a singly-linked
307 * list in an array, where membership in the list can also be checked
308 * in constant time. Items can also be added to the tail of the list
309 * and removed from the head in constant time, without further memory
310 * allocs or frees.
311 */
312
313static int l2cap_seq_list_init(struct l2cap_seq_list *seq_list, u16 size)
314{
315 size_t alloc_size, i;
316
317 /* Allocated size is a power of 2 to map sequence numbers
318 * (which may be up to 14 bits) in to a smaller array that is
319 * sized for the negotiated ERTM transmit windows.
320 */
321 alloc_size = roundup_pow_of_two(size);
322
323 seq_list->list = kmalloc(sizeof(u16) * alloc_size, GFP_KERNEL);
324 if (!seq_list->list)
325 return -ENOMEM;
326
327 seq_list->mask = alloc_size - 1;
328 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
329 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
330 for (i = 0; i < alloc_size; i++)
331 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
332
333 return 0;
334}
335
336static inline void l2cap_seq_list_free(struct l2cap_seq_list *seq_list)
337{
338 kfree(seq_list->list);
339}
340
341static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list,
342 u16 seq)
343{
344 /* Constant-time check for list membership */
345 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR;
346}
347
Mat Martineau3c588192012-04-11 10:48:42 -0700348static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list)
349{
Johan Hedberg03a0c5d2014-01-18 21:32:59 +0200350 u16 seq = seq_list->head;
351 u16 mask = seq_list->mask;
352
353 seq_list->head = seq_list->list[seq & mask];
354 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
355
356 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) {
357 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
358 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
359 }
360
361 return seq;
Mat Martineau3c588192012-04-11 10:48:42 -0700362}
363
364static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list)
365{
Gustavo Padovanf522ae32012-05-09 18:28:00 -0300366 u16 i;
Mat Martineau3c588192012-04-11 10:48:42 -0700367
Gustavo Padovanf522ae32012-05-09 18:28:00 -0300368 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR)
369 return;
370
371 for (i = 0; i <= seq_list->mask; i++)
372 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
373
374 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
375 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
Mat Martineau3c588192012-04-11 10:48:42 -0700376}
377
378static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
379{
380 u16 mask = seq_list->mask;
381
382 /* All appends happen in constant time */
383
Gustavo Padovanf522ae32012-05-09 18:28:00 -0300384 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR)
385 return;
Mat Martineau3c588192012-04-11 10:48:42 -0700386
Gustavo Padovanf522ae32012-05-09 18:28:00 -0300387 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR)
388 seq_list->head = seq;
389 else
390 seq_list->list[seq_list->tail & mask] = seq;
391
392 seq_list->tail = seq;
393 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL;
Mat Martineau3c588192012-04-11 10:48:42 -0700394}
395
Gustavo F. Padovan721c4182011-06-23 19:29:58 -0300396static void l2cap_chan_timeout(struct work_struct *work)
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300397{
Gustavo F. Padovan721c4182011-06-23 19:29:58 -0300398 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
Gustavo Padovan2d792812012-10-06 10:07:01 +0100399 chan_timer.work);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200400 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300401 int reason;
402
Andrei Emeltchenkoe05dcc32012-02-17 11:40:56 +0200403 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300404
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200405 mutex_lock(&conn->chan_lock);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +0200406 l2cap_chan_lock(chan);
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300407
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300408 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300409 reason = ECONNREFUSED;
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300410 else if (chan->state == BT_CONNECT &&
Gustavo Padovan2d792812012-10-06 10:07:01 +0100411 chan->sec_level != BT_SECURITY_SDP)
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300412 reason = ECONNREFUSED;
413 else
414 reason = ETIMEDOUT;
415
Gustavo F. Padovan0f852722011-05-04 19:42:50 -0300416 l2cap_chan_close(chan, reason);
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300417
Andrei Emeltchenko6be36552012-02-22 17:11:56 +0200418 l2cap_chan_unlock(chan);
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300419
Gustavo Padovan80b98022012-05-27 22:27:51 -0300420 chan->ops->close(chan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200421 mutex_unlock(&conn->chan_lock);
422
Ulisses Furquim371fd832011-12-21 20:02:36 -0200423 l2cap_chan_put(chan);
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300424}
425
Gustavo Padovaneef1d9b2012-03-25 13:59:16 -0300426struct l2cap_chan *l2cap_chan_create(void)
Marcel Holtmann01394182006-07-03 10:02:46 +0200427{
Gustavo F. Padovan48454072011-03-25 00:22:30 -0300428 struct l2cap_chan *chan;
Marcel Holtmann01394182006-07-03 10:02:46 +0200429
Gustavo F. Padovan48454072011-03-25 00:22:30 -0300430 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
431 if (!chan)
432 return NULL;
Marcel Holtmann01394182006-07-03 10:02:46 +0200433
Andrei Emeltchenkoc03b3552012-02-21 12:54:56 +0200434 mutex_init(&chan->lock);
435
Johan Hedbergff714112014-11-13 09:46:04 +0200436 /* Set default lock nesting level */
437 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL);
438
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200439 write_lock(&chan_list_lock);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300440 list_add(&chan->global_l, &chan_list);
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200441 write_unlock(&chan_list_lock);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300442
Gustavo F. Padovan721c4182011-06-23 19:29:58 -0300443 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
Gustavo F. Padovanab078012011-05-02 18:25:01 -0300444
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300445 chan->state = BT_OPEN;
446
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530447 kref_init(&chan->kref);
Gustavo F. Padovan71ba0e52011-05-17 14:34:52 -0300448
Mat Martineau28270112012-05-17 21:14:09 -0700449 /* This flag is cleared in l2cap_chan_ready() */
450 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
451
Gustavo Padovaneef1d9b2012-03-25 13:59:16 -0300452 BT_DBG("chan %p", chan);
Szymon Jancabc545b2011-11-03 16:05:44 +0100453
Gustavo F. Padovan48454072011-03-25 00:22:30 -0300454 return chan;
Marcel Holtmann01394182006-07-03 10:02:46 +0200455}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300456EXPORT_SYMBOL_GPL(l2cap_chan_create);
Marcel Holtmann01394182006-07-03 10:02:46 +0200457
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530458static void l2cap_chan_destroy(struct kref *kref)
Gustavo F. Padovan6ff5abb2011-04-25 15:10:41 -0300459{
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530460 struct l2cap_chan *chan = container_of(kref, struct l2cap_chan, kref);
461
Jaganath Kanakkassery4af66c62012-07-13 18:17:55 +0530462 BT_DBG("chan %p", chan);
463
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200464 write_lock(&chan_list_lock);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300465 list_del(&chan->global_l);
Gustavo F. Padovan333055f2011-12-22 15:14:39 -0200466 write_unlock(&chan_list_lock);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -0300467
Jaganath Kanakkassery4af66c62012-07-13 18:17:55 +0530468 kfree(chan);
Gustavo F. Padovan6ff5abb2011-04-25 15:10:41 -0300469}
470
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530471void l2cap_chan_hold(struct l2cap_chan *c)
472{
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530473 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->kref.refcount));
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530474
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530475 kref_get(&c->kref);
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530476}
477
478void l2cap_chan_put(struct l2cap_chan *c)
479{
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530480 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->kref.refcount));
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530481
Syam Sidhardhan144ad332012-07-27 23:51:21 +0530482 kref_put(&c->kref, l2cap_chan_destroy);
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530483}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300484EXPORT_SYMBOL_GPL(l2cap_chan_put);
Jaganath Kanakkassery30648372012-07-13 18:17:54 +0530485
Andrei Emeltchenkobd4b1652012-03-28 16:31:25 +0300486void l2cap_chan_set_defaults(struct l2cap_chan *chan)
487{
488 chan->fcs = L2CAP_FCS_CRC16;
489 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
490 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
491 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
Jukka Rissanen6a5e8162014-05-28 14:43:04 +0300492 chan->remote_max_tx = chan->max_tx;
493 chan->remote_tx_win = chan->tx_win;
Mat Martineauc20f8e32012-07-10 05:47:07 -0700494 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW;
Andrei Emeltchenkobd4b1652012-03-28 16:31:25 +0300495 chan->sec_level = BT_SECURITY_LOW;
Jukka Rissanen6a5e8162014-05-28 14:43:04 +0300496 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
497 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
498 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
499 chan->conf_state = 0;
Andrei Emeltchenkobd4b1652012-03-28 16:31:25 +0300500
501 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
502}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300503EXPORT_SYMBOL_GPL(l2cap_chan_set_defaults);
Andrei Emeltchenkobd4b1652012-03-28 16:31:25 +0300504
Johan Hedberg0ce43ce2013-12-05 14:55:33 +0200505static void l2cap_le_flowctl_init(struct l2cap_chan *chan)
Johan Hedberg38319712013-05-17 12:49:23 +0300506{
Johan Hedberg0ce43ce2013-12-05 14:55:33 +0200507 chan->sdu = NULL;
508 chan->sdu_last_frag = NULL;
509 chan->sdu_len = 0;
Johan Hedberg0cd75f72013-05-17 13:09:05 +0300510 chan->tx_credits = 0;
Johan Hedbergf15b8ec2013-12-03 15:08:25 +0200511 chan->rx_credits = le_max_credits;
Johan Hedbergd1d79412014-01-27 15:11:33 -0800512 chan->mps = min_t(u16, chan->imtu, le_default_mps);
Johan Hedberg0ce43ce2013-12-05 14:55:33 +0200513
514 skb_queue_head_init(&chan->tx_q);
Johan Hedberg38319712013-05-17 12:49:23 +0300515}
516
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +0300517void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
Marcel Holtmann01394182006-07-03 10:02:46 +0200518{
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300519 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
Andrei Emeltchenko097db762012-03-09 14:16:17 +0200520 __le16_to_cpu(chan->psm), chan->dcid);
Marcel Holtmann01394182006-07-03 10:02:46 +0200521
Andrei Emeltchenko9f5a0d72011-11-07 14:20:25 +0200522 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
Marcel Holtmann2950f212009-02-12 14:02:50 +0100523
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300524 chan->conn = conn;
Marcel Holtmann01394182006-07-03 10:02:46 +0200525
Andrei Emeltchenko54911202012-02-06 15:04:00 +0200526 switch (chan->chan_type) {
527 case L2CAP_CHAN_CONN_ORIENTED:
Johan Hedberg21626e62014-01-24 10:35:41 +0200528 /* Alloc CID for connection-oriented socket */
529 chan->scid = l2cap_alloc_cid(conn);
530 if (conn->hcon->type == ACL_LINK)
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -0300531 chan->omtu = L2CAP_DEFAULT_MTU;
Andrei Emeltchenko54911202012-02-06 15:04:00 +0200532 break;
533
534 case L2CAP_CHAN_CONN_LESS:
Marcel Holtmann01394182006-07-03 10:02:46 +0200535 /* Connectionless socket */
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -0300536 chan->scid = L2CAP_CID_CONN_LESS;
537 chan->dcid = L2CAP_CID_CONN_LESS;
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -0300538 chan->omtu = L2CAP_DEFAULT_MTU;
Andrei Emeltchenko54911202012-02-06 15:04:00 +0200539 break;
540
Johan Hedberg2338a7e2014-01-24 10:35:40 +0200541 case L2CAP_CHAN_FIXED:
542 /* Caller will set CID and CID specific MTU values */
Andrei Emeltchenko416fa752012-05-29 13:59:16 +0300543 break;
544
Andrei Emeltchenko54911202012-02-06 15:04:00 +0200545 default:
Marcel Holtmann01394182006-07-03 10:02:46 +0200546 /* Raw socket can send/recv signalling messages only */
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -0300547 chan->scid = L2CAP_CID_SIGNALING;
548 chan->dcid = L2CAP_CID_SIGNALING;
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -0300549 chan->omtu = L2CAP_DEFAULT_MTU;
Marcel Holtmann01394182006-07-03 10:02:46 +0200550 }
551
Andrei Emeltchenko8f7975b2011-10-13 16:18:54 +0300552 chan->local_id = L2CAP_BESTEFFORT_ID;
553 chan->local_stype = L2CAP_SERV_BESTEFFORT;
554 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
555 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
556 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
Andrei Emeltchenko8936fa62012-10-08 11:14:41 +0300557 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
Andrei Emeltchenko8f7975b2011-10-13 16:18:54 +0300558
Ulisses Furquim371fd832011-12-21 20:02:36 -0200559 l2cap_chan_hold(chan);
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300560
Johan Hedbergc16900c2014-08-15 21:17:06 +0300561 /* Only keep a reference for fixed channels if they requested it */
562 if (chan->chan_type != L2CAP_CHAN_FIXED ||
563 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
564 hci_conn_hold(conn->hcon);
Johan Hedberg5ee98912013-04-29 19:35:43 +0300565
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200566 list_add(&chan->list, &conn->chan_l);
Andrei Emeltchenko643162a2012-02-22 17:11:55 +0200567}
568
Andrei Emeltchenko466f8002012-05-29 13:59:01 +0300569void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
Andrei Emeltchenko643162a2012-02-22 17:11:55 +0200570{
571 mutex_lock(&conn->chan_lock);
572 __l2cap_chan_add(conn, chan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200573 mutex_unlock(&conn->chan_lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200574}
575
Andrei Emeltchenko466f8002012-05-29 13:59:01 +0300576void l2cap_chan_del(struct l2cap_chan *chan, int err)
Marcel Holtmann01394182006-07-03 10:02:46 +0200577{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300578 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann01394182006-07-03 10:02:46 +0200579
Gustavo F. Padovanc9b66672011-05-17 14:59:01 -0300580 __clear_chan_timer(chan);
Marcel Holtmann01394182006-07-03 10:02:46 +0200581
Johan Hedberg49d11742014-11-13 14:37:50 +0200582 BT_DBG("chan %p, conn %p, err %d, state %s", chan, conn, err,
583 state_to_string(chan->state));
Marcel Holtmann01394182006-07-03 10:02:46 +0200584
Johan Hedberg72847ce2014-08-08 09:28:03 +0300585 chan->ops->teardown(chan, err);
586
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900587 if (conn) {
Andrei Emeltchenko56f60982012-10-15 11:58:44 +0300588 struct amp_mgr *mgr = conn->hcon->amp_mgr;
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300589 /* Delete from channel list */
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +0200590 list_del(&chan->list);
Gustavo F. Padovan3d57dc62011-12-17 10:56:45 -0200591
Ulisses Furquim371fd832011-12-21 20:02:36 -0200592 l2cap_chan_put(chan);
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -0300593
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300594 chan->conn = NULL;
Andrei Emeltchenko3cabbfd2012-05-31 11:01:37 +0300595
Johan Hedbergc16900c2014-08-15 21:17:06 +0300596 /* Reference was only held for non-fixed channels or
597 * fixed channels that explicitly requested it using the
598 * FLAG_HOLD_HCI_CONN flag.
599 */
600 if (chan->chan_type != L2CAP_CHAN_FIXED ||
601 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
David Herrmann76a68ba2013-04-06 20:28:37 +0200602 hci_conn_drop(conn->hcon);
Andrei Emeltchenko56f60982012-10-15 11:58:44 +0300603
604 if (mgr && mgr->bredr_chan == chan)
605 mgr->bredr_chan = NULL;
Marcel Holtmann01394182006-07-03 10:02:46 +0200606 }
607
Andrei Emeltchenko419e08c2012-10-31 15:46:34 +0200608 if (chan->hs_hchan) {
609 struct hci_chan *hs_hchan = chan->hs_hchan;
610
611 BT_DBG("chan %p disconnect hs_hchan %p", chan, hs_hchan);
612 amp_disconnect_logical_link(hs_hchan);
613 }
614
Mat Martineau28270112012-05-17 21:14:09 -0700615 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
Gustavo F. Padovan6ff5abb2011-04-25 15:10:41 -0300616 return;
Gustavo F. Padovan2ead70b2011-04-01 15:13:36 -0300617
Gustavo Padovanee556f62012-05-18 20:22:38 -0300618 switch(chan->mode) {
619 case L2CAP_MODE_BASIC:
620 break;
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -0300621
Johan Hedberg38319712013-05-17 12:49:23 +0300622 case L2CAP_MODE_LE_FLOWCTL:
Johan Hedberg177f8f22013-05-31 17:54:51 +0300623 skb_queue_purge(&chan->tx_q);
Johan Hedberg38319712013-05-17 12:49:23 +0300624 break;
625
Gustavo Padovanee556f62012-05-18 20:22:38 -0300626 case L2CAP_MODE_ERTM:
Gustavo F. Padovan1a09bcb2011-05-17 15:13:19 -0300627 __clear_retrans_timer(chan);
628 __clear_monitor_timer(chan);
629 __clear_ack_timer(chan);
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -0300630
Gustavo F. Padovanf1c67752011-03-25 20:36:10 -0300631 skb_queue_purge(&chan->srej_q);
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -0300632
Mat Martineau3c588192012-04-11 10:48:42 -0700633 l2cap_seq_list_free(&chan->srej_list);
634 l2cap_seq_list_free(&chan->retrans_list);
Gustavo Padovanee556f62012-05-18 20:22:38 -0300635
636 /* fall through */
637
638 case L2CAP_MODE_STREAMING:
639 skb_queue_purge(&chan->tx_q);
640 break;
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -0300641 }
Gustavo Padovanee556f62012-05-18 20:22:38 -0300642
643 return;
Marcel Holtmann01394182006-07-03 10:02:46 +0200644}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300645EXPORT_SYMBOL_GPL(l2cap_chan_del);
Marcel Holtmann01394182006-07-03 10:02:46 +0200646
Johan Hedbergf3d82d02014-09-05 22:19:50 +0300647static void l2cap_conn_update_id_addr(struct work_struct *work)
Johan Hedberg387a33e2014-02-18 21:41:33 +0200648{
Johan Hedbergf3d82d02014-09-05 22:19:50 +0300649 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
650 id_addr_update_work);
651 struct hci_conn *hcon = conn->hcon;
Johan Hedberg387a33e2014-02-18 21:41:33 +0200652 struct l2cap_chan *chan;
653
654 mutex_lock(&conn->chan_lock);
655
656 list_for_each_entry(chan, &conn->chan_l, list) {
657 l2cap_chan_lock(chan);
658 bacpy(&chan->dst, &hcon->dst);
Johan Hedberga250e042015-01-15 13:06:44 +0200659 chan->dst_type = bdaddr_dst_type(hcon);
Johan Hedberg387a33e2014-02-18 21:41:33 +0200660 l2cap_chan_unlock(chan);
661 }
662
663 mutex_unlock(&conn->chan_lock);
664}
665
Johan Hedberg27e2d4c2013-05-14 13:27:21 +0300666static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan)
667{
668 struct l2cap_conn *conn = chan->conn;
669 struct l2cap_le_conn_rsp rsp;
670 u16 result;
671
672 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
673 result = L2CAP_CR_AUTHORIZATION;
674 else
675 result = L2CAP_CR_BAD_PSM;
676
677 l2cap_state_change(chan, BT_DISCONN);
678
679 rsp.dcid = cpu_to_le16(chan->scid);
680 rsp.mtu = cpu_to_le16(chan->imtu);
Johan Hedberg3916aed2013-10-07 15:35:26 +0200681 rsp.mps = cpu_to_le16(chan->mps);
Johan Hedberg0cd75f72013-05-17 13:09:05 +0300682 rsp.credits = cpu_to_le16(chan->rx_credits);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +0300683 rsp.result = cpu_to_le16(result);
684
685 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
686 &rsp);
687}
688
Johan Hedberg791d60f2013-05-14 22:24:44 +0300689static void l2cap_chan_connect_reject(struct l2cap_chan *chan)
690{
691 struct l2cap_conn *conn = chan->conn;
692 struct l2cap_conn_rsp rsp;
693 u16 result;
694
695 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
696 result = L2CAP_CR_SEC_BLOCK;
697 else
698 result = L2CAP_CR_BAD_PSM;
699
700 l2cap_state_change(chan, BT_DISCONN);
701
702 rsp.scid = cpu_to_le16(chan->dcid);
703 rsp.dcid = cpu_to_le16(chan->scid);
704 rsp.result = cpu_to_le16(result);
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700705 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Johan Hedberg791d60f2013-05-14 22:24:44 +0300706
707 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
708}
709
Gustavo F. Padovan0f852722011-05-04 19:42:50 -0300710void l2cap_chan_close(struct l2cap_chan *chan, int reason)
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300711{
712 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300713
Marcel Holtmann7eafc592013-10-13 08:12:47 -0700714 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300715
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -0300716 switch (chan->state) {
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300717 case BT_LISTEN:
Gustavo Padovanb699ec02012-10-06 11:51:54 +0100718 chan->ops->teardown(chan, 0);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300719 break;
720
721 case BT_CONNECTED:
722 case BT_CONFIG:
Johan Hedberg7b25c9b2014-01-28 15:28:04 -0800723 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
Gustavo Padovan8d836d72013-10-15 19:24:47 -0300724 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +0200725 l2cap_send_disconn_req(chan, reason);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300726 } else
727 l2cap_chan_del(chan, reason);
728 break;
729
730 case BT_CONNECT2:
Johan Hedberg791d60f2013-05-14 22:24:44 +0300731 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
732 if (conn->hcon->type == ACL_LINK)
733 l2cap_chan_connect_reject(chan);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +0300734 else if (conn->hcon->type == LE_LINK)
735 l2cap_chan_le_connect_reject(chan);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300736 }
737
738 l2cap_chan_del(chan, reason);
739 break;
740
741 case BT_CONNECT:
742 case BT_DISCONN:
743 l2cap_chan_del(chan, reason);
744 break;
745
746 default:
Gustavo Padovanb699ec02012-10-06 11:51:54 +0100747 chan->ops->teardown(chan, 0);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300748 break;
749 }
750}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +0300751EXPORT_SYMBOL(l2cap_chan_close);
Gustavo F. Padovan4519de92011-04-28 17:55:53 -0300752
Gustavo F. Padovan43434782011-04-12 18:31:57 -0300753static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
Johan Hedberg8556edd32011-01-19 12:06:50 +0530754{
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700755 switch (chan->chan_type) {
756 case L2CAP_CHAN_RAW:
Gustavo F. Padovan43434782011-04-12 18:31:57 -0300757 switch (chan->sec_level) {
Johan Hedberg8556edd32011-01-19 12:06:50 +0530758 case BT_SECURITY_HIGH:
Marcel Holtmann7d513e92014-01-15 22:37:40 -0800759 case BT_SECURITY_FIPS:
Johan Hedberg8556edd32011-01-19 12:06:50 +0530760 return HCI_AT_DEDICATED_BONDING_MITM;
761 case BT_SECURITY_MEDIUM:
762 return HCI_AT_DEDICATED_BONDING;
763 default:
764 return HCI_AT_NO_BONDING;
765 }
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700766 break;
Marcel Holtmann3124b842013-10-12 07:19:32 -0700767 case L2CAP_CHAN_CONN_LESS:
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700768 if (chan->psm == cpu_to_le16(L2CAP_PSM_3DSP)) {
Marcel Holtmann3124b842013-10-12 07:19:32 -0700769 if (chan->sec_level == BT_SECURITY_LOW)
770 chan->sec_level = BT_SECURITY_SDP;
771 }
Marcel Holtmann7d513e92014-01-15 22:37:40 -0800772 if (chan->sec_level == BT_SECURITY_HIGH ||
773 chan->sec_level == BT_SECURITY_FIPS)
Marcel Holtmann3124b842013-10-12 07:19:32 -0700774 return HCI_AT_NO_BONDING_MITM;
775 else
776 return HCI_AT_NO_BONDING;
777 break;
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700778 case L2CAP_CHAN_CONN_ORIENTED:
Joe Perchesdcf4adb2014-03-12 10:52:35 -0700779 if (chan->psm == cpu_to_le16(L2CAP_PSM_SDP)) {
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700780 if (chan->sec_level == BT_SECURITY_LOW)
781 chan->sec_level = BT_SECURITY_SDP;
Johan Hedberg8556edd32011-01-19 12:06:50 +0530782
Marcel Holtmann7d513e92014-01-15 22:37:40 -0800783 if (chan->sec_level == BT_SECURITY_HIGH ||
784 chan->sec_level == BT_SECURITY_FIPS)
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700785 return HCI_AT_NO_BONDING_MITM;
786 else
787 return HCI_AT_NO_BONDING;
788 }
789 /* fall through */
790 default:
Gustavo F. Padovan43434782011-04-12 18:31:57 -0300791 switch (chan->sec_level) {
Johan Hedberg8556edd32011-01-19 12:06:50 +0530792 case BT_SECURITY_HIGH:
Marcel Holtmann7d513e92014-01-15 22:37:40 -0800793 case BT_SECURITY_FIPS:
Johan Hedberg8556edd32011-01-19 12:06:50 +0530794 return HCI_AT_GENERAL_BONDING_MITM;
795 case BT_SECURITY_MEDIUM:
796 return HCI_AT_GENERAL_BONDING;
797 default:
798 return HCI_AT_NO_BONDING;
799 }
Marcel Holtmann6a974b52013-10-12 07:19:31 -0700800 break;
Johan Hedberg8556edd32011-01-19 12:06:50 +0530801 }
802}
803
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200804/* Service level security */
Johan Hedberge7cafc42014-07-17 15:35:38 +0300805int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator)
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200806{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300807 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100808 __u8 auth_type;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200809
Johan Hedberga17de2f2013-05-14 13:25:37 +0300810 if (conn->hcon->type == LE_LINK)
811 return smp_conn_security(conn->hcon, chan->sec_level);
812
Gustavo F. Padovan43434782011-04-12 18:31:57 -0300813 auth_type = l2cap_get_auth_type(chan);
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100814
Johan Hedberge7cafc42014-07-17 15:35:38 +0300815 return hci_conn_security(conn->hcon, chan->sec_level, auth_type,
816 initiator);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200817}
818
Johannes Bergb5ad8b72011-06-01 08:54:45 +0200819static u8 l2cap_get_ident(struct l2cap_conn *conn)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200820{
821 u8 id;
822
823 /* Get next available identificator.
824 * 1 - 128 are used by kernel.
825 * 129 - 199 are reserved.
826 * 200 - 254 are used by utilities like l2ping, etc.
827 */
828
Marcel Holtmann5a54e7c2014-07-13 20:50:15 +0200829 mutex_lock(&conn->ident_lock);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200830
831 if (++conn->tx_ident > 128)
832 conn->tx_ident = 1;
833
834 id = conn->tx_ident;
835
Marcel Holtmann5a54e7c2014-07-13 20:50:15 +0200836 mutex_unlock(&conn->ident_lock);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200837
838 return id;
839}
840
Gustavo Padovan2d792812012-10-06 10:07:01 +0100841static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
842 void *data)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200843{
844 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
Andrei Emeltchenkoe7021122011-01-03 11:14:36 +0200845 u8 flags;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200846
847 BT_DBG("code 0x%2.2x", code);
848
849 if (!skb)
Gustavo F. Padovan9a9c6a32010-05-01 16:15:43 -0300850 return;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200851
Steven Walterf6af6752014-11-19 09:41:17 -0500852 /* Use NO_FLUSH if supported or we have an LE link (which does
853 * not support auto-flushing packets) */
854 if (lmp_no_flush_capable(conn->hcon->hdev) ||
855 conn->hcon->type == LE_LINK)
Andrei Emeltchenkoe7021122011-01-03 11:14:36 +0200856 flags = ACL_START_NO_FLUSH;
857 else
858 flags = ACL_START;
859
Jaikumar Ganesh14b12d02011-05-23 18:06:04 -0700860 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
Luiz Augusto von Dentz5e59b792011-11-01 10:58:57 +0200861 skb->priority = HCI_PRIO_MAX;
Jaikumar Ganesh14b12d02011-05-23 18:06:04 -0700862
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +0200863 hci_send_acl(conn->hchan, skb, flags);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200864}
865
Mat Martineau02b0fbb2012-10-23 15:24:10 -0700866static bool __chan_is_moving(struct l2cap_chan *chan)
867{
868 return chan->move_state != L2CAP_MOVE_STABLE &&
869 chan->move_state != L2CAP_MOVE_WAIT_PREPARE;
870}
871
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +0200872static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
873{
874 struct hci_conn *hcon = chan->conn->hcon;
875 u16 flags;
876
877 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
Gustavo Padovan2d792812012-10-06 10:07:01 +0100878 skb->priority);
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +0200879
Mat Martineaud5f8a752012-10-23 15:24:18 -0700880 if (chan->hs_hcon && !__chan_is_moving(chan)) {
881 if (chan->hs_hchan)
882 hci_send_acl(chan->hs_hchan, skb, ACL_COMPLETE);
883 else
884 kfree_skb(skb);
885
886 return;
887 }
888
Steven Walterf6af6752014-11-19 09:41:17 -0500889 /* Use NO_FLUSH for LE links (where this is the only option) or
890 * if the BR/EDR link supports it and flushing has not been
891 * explicitly requested (through FLAG_FLUSHABLE).
892 */
893 if (hcon->type == LE_LINK ||
894 (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
895 lmp_no_flush_capable(hcon->hdev)))
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +0200896 flags = ACL_START_NO_FLUSH;
897 else
898 flags = ACL_START;
899
900 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
901 hci_send_acl(chan->conn->hchan, skb, flags);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700902}
903
Mat Martineaub5c6aae2012-04-25 16:36:15 -0700904static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control)
905{
906 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT;
907 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT;
908
909 if (enh & L2CAP_CTRL_FRAME_TYPE) {
910 /* S-Frame */
911 control->sframe = 1;
912 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT;
913 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT;
914
915 control->sar = 0;
916 control->txseq = 0;
917 } else {
918 /* I-Frame */
919 control->sframe = 0;
920 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT;
921 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT;
922
923 control->poll = 0;
924 control->super = 0;
925 }
926}
927
928static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control)
929{
930 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT;
931 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT;
932
933 if (ext & L2CAP_EXT_CTRL_FRAME_TYPE) {
934 /* S-Frame */
935 control->sframe = 1;
936 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT;
937 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT;
938
939 control->sar = 0;
940 control->txseq = 0;
941 } else {
942 /* I-Frame */
943 control->sframe = 0;
944 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT;
945 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT;
946
947 control->poll = 0;
948 control->super = 0;
949 }
950}
951
952static inline void __unpack_control(struct l2cap_chan *chan,
953 struct sk_buff *skb)
954{
955 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
956 __unpack_extended_control(get_unaligned_le32(skb->data),
Johan Hedberga4368ff2015-03-30 23:21:01 +0300957 &bt_cb(skb)->l2cap);
Mat Martineaucec8ab6e2012-05-17 20:53:36 -0700958 skb_pull(skb, L2CAP_EXT_CTRL_SIZE);
Mat Martineaub5c6aae2012-04-25 16:36:15 -0700959 } else {
960 __unpack_enhanced_control(get_unaligned_le16(skb->data),
Johan Hedberga4368ff2015-03-30 23:21:01 +0300961 &bt_cb(skb)->l2cap);
Mat Martineaucec8ab6e2012-05-17 20:53:36 -0700962 skb_pull(skb, L2CAP_ENH_CTRL_SIZE);
Mat Martineaub5c6aae2012-04-25 16:36:15 -0700963 }
964}
965
966static u32 __pack_extended_control(struct l2cap_ctrl *control)
967{
968 u32 packed;
969
970 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT;
971 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT;
972
973 if (control->sframe) {
974 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT;
975 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT;
976 packed |= L2CAP_EXT_CTRL_FRAME_TYPE;
977 } else {
978 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT;
979 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT;
980 }
981
982 return packed;
983}
984
985static u16 __pack_enhanced_control(struct l2cap_ctrl *control)
986{
987 u16 packed;
988
989 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT;
990 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT;
991
992 if (control->sframe) {
993 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT;
994 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT;
995 packed |= L2CAP_CTRL_FRAME_TYPE;
996 } else {
997 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT;
998 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT;
999 }
1000
1001 return packed;
1002}
1003
1004static inline void __pack_control(struct l2cap_chan *chan,
1005 struct l2cap_ctrl *control,
1006 struct sk_buff *skb)
1007{
1008 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1009 put_unaligned_le32(__pack_extended_control(control),
1010 skb->data + L2CAP_HDR_SIZE);
1011 } else {
1012 put_unaligned_le16(__pack_enhanced_control(control),
1013 skb->data + L2CAP_HDR_SIZE);
1014 }
1015}
1016
Gustavo Padovanba7aa642012-05-29 13:29:16 -03001017static inline unsigned int __ertm_hdr_size(struct l2cap_chan *chan)
1018{
1019 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1020 return L2CAP_EXT_HDR_SIZE;
1021 else
1022 return L2CAP_ENH_HDR_SIZE;
1023}
1024
Mat Martineaua67d7f62012-05-17 20:53:35 -07001025static struct sk_buff *l2cap_create_sframe_pdu(struct l2cap_chan *chan,
1026 u32 control)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001027{
1028 struct sk_buff *skb;
1029 struct l2cap_hdr *lh;
Gustavo Padovanba7aa642012-05-29 13:29:16 -03001030 int hlen = __ertm_hdr_size(chan);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001031
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001032 if (chan->fcs == L2CAP_FCS_CRC16)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03001033 hlen += L2CAP_FCS_SIZE;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001034
Mat Martineaua67d7f62012-05-17 20:53:35 -07001035 skb = bt_skb_alloc(hlen, GFP_KERNEL);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001036
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001037 if (!skb)
Mat Martineaua67d7f62012-05-17 20:53:35 -07001038 return ERR_PTR(-ENOMEM);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001039
1040 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03001041 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03001042 lh->cid = cpu_to_le16(chan->dcid);
Andrei Emeltchenko88843ab2011-10-17 12:19:56 +03001043
Mat Martineaua67d7f62012-05-17 20:53:35 -07001044 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1045 put_unaligned_le32(control, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
1046 else
1047 put_unaligned_le16(control, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001048
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03001049 if (chan->fcs == L2CAP_FCS_CRC16) {
Mat Martineaua67d7f62012-05-17 20:53:35 -07001050 u16 fcs = crc16(0, (u8 *)skb->data, skb->len);
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03001051 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03001052 }
1053
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +02001054 skb->priority = HCI_PRIO_MAX;
Mat Martineaua67d7f62012-05-17 20:53:35 -07001055 return skb;
1056}
1057
1058static void l2cap_send_sframe(struct l2cap_chan *chan,
1059 struct l2cap_ctrl *control)
1060{
1061 struct sk_buff *skb;
1062 u32 control_field;
1063
1064 BT_DBG("chan %p, control %p", chan, control);
1065
1066 if (!control->sframe)
1067 return;
1068
Mat Martineaub99e13a2012-10-23 15:24:19 -07001069 if (__chan_is_moving(chan))
1070 return;
1071
Mat Martineaua67d7f62012-05-17 20:53:35 -07001072 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
1073 !control->poll)
1074 control->final = 1;
1075
1076 if (control->super == L2CAP_SUPER_RR)
1077 clear_bit(CONN_RNR_SENT, &chan->conn_state);
1078 else if (control->super == L2CAP_SUPER_RNR)
1079 set_bit(CONN_RNR_SENT, &chan->conn_state);
1080
1081 if (control->super != L2CAP_SUPER_SREJ) {
1082 chan->last_acked_seq = control->reqseq;
1083 __clear_ack_timer(chan);
1084 }
1085
1086 BT_DBG("reqseq %d, final %d, poll %d, super %d", control->reqseq,
1087 control->final, control->poll, control->super);
1088
1089 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1090 control_field = __pack_extended_control(control);
1091 else
1092 control_field = __pack_enhanced_control(control);
1093
1094 skb = l2cap_create_sframe_pdu(chan, control_field);
1095 if (!IS_ERR(skb))
1096 l2cap_do_send(chan, skb);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001097}
1098
Mat Martineauc9e3d5e2012-05-17 20:53:48 -07001099static void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, bool poll)
Gustavo F. Padovan7e743092009-08-26 04:04:03 -03001100{
Mat Martineauc9e3d5e2012-05-17 20:53:48 -07001101 struct l2cap_ctrl control;
Gustavo F. Padovan7e743092009-08-26 04:04:03 -03001102
Mat Martineauc9e3d5e2012-05-17 20:53:48 -07001103 BT_DBG("chan %p, poll %d", chan, poll);
1104
1105 memset(&control, 0, sizeof(control));
1106 control.sframe = 1;
1107 control.poll = poll;
1108
1109 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1110 control.super = L2CAP_SUPER_RNR;
1111 else
1112 control.super = L2CAP_SUPER_RR;
1113
1114 control.reqseq = chan->buffer_seq;
1115 l2cap_send_sframe(chan, &control);
Gustavo F. Padovan7e743092009-08-26 04:04:03 -03001116}
1117
Gustavo F. Padovanb4450032011-04-12 18:15:09 -03001118static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
Andrei Emeltchenkoe501d052010-07-08 12:14:41 +03001119{
Johan Hedberg5ff6f342014-08-07 22:56:43 +03001120 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
1121 return true;
1122
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03001123 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
Andrei Emeltchenkoe501d052010-07-08 12:14:41 +03001124}
1125
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001126static bool __amp_capable(struct l2cap_chan *chan)
1127{
1128 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann1df7b172013-10-05 11:47:49 -07001129 struct hci_dev *hdev;
1130 bool amp_available = false;
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001131
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02001132 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
Marcel Holtmann1df7b172013-10-05 11:47:49 -07001133 return false;
1134
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02001135 if (!(conn->remote_fixed_chan & L2CAP_FC_A2MP))
Marcel Holtmann1df7b172013-10-05 11:47:49 -07001136 return false;
1137
1138 read_lock(&hci_dev_list_lock);
1139 list_for_each_entry(hdev, &hci_dev_list, list) {
1140 if (hdev->amp_type != AMP_TYPE_BREDR &&
1141 test_bit(HCI_UP, &hdev->flags)) {
1142 amp_available = true;
1143 break;
1144 }
1145 }
1146 read_unlock(&hci_dev_list_lock);
1147
1148 if (chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED)
1149 return amp_available;
Marcel Holtmann848566b2013-10-01 22:59:22 -07001150
1151 return false;
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001152}
1153
Andrei Emeltchenko5ce66b52012-10-31 15:46:30 +02001154static bool l2cap_check_efs(struct l2cap_chan *chan)
1155{
1156 /* Check EFS parameters */
1157 return true;
1158}
1159
Andrei Emeltchenko2766be42012-09-27 17:26:21 +03001160void l2cap_send_conn_req(struct l2cap_chan *chan)
Andrei Emeltchenko9b27f352012-02-24 16:00:00 +02001161{
1162 struct l2cap_conn *conn = chan->conn;
1163 struct l2cap_conn_req req;
1164
1165 req.scid = cpu_to_le16(chan->scid);
1166 req.psm = chan->psm;
1167
1168 chan->ident = l2cap_get_ident(conn);
1169
1170 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1171
1172 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
1173}
1174
Mat Martineau8eb200b2012-10-23 15:24:17 -07001175static void l2cap_send_create_chan_req(struct l2cap_chan *chan, u8 amp_id)
1176{
1177 struct l2cap_create_chan_req req;
1178 req.scid = cpu_to_le16(chan->scid);
1179 req.psm = chan->psm;
1180 req.amp_id = amp_id;
1181
1182 chan->ident = l2cap_get_ident(chan->conn);
1183
1184 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_REQ,
1185 sizeof(req), &req);
1186}
1187
Mat Martineau02b0fbb2012-10-23 15:24:10 -07001188static void l2cap_move_setup(struct l2cap_chan *chan)
1189{
1190 struct sk_buff *skb;
1191
1192 BT_DBG("chan %p", chan);
1193
1194 if (chan->mode != L2CAP_MODE_ERTM)
1195 return;
1196
1197 __clear_retrans_timer(chan);
1198 __clear_monitor_timer(chan);
1199 __clear_ack_timer(chan);
1200
1201 chan->retry_count = 0;
1202 skb_queue_walk(&chan->tx_q, skb) {
Johan Hedberga4368ff2015-03-30 23:21:01 +03001203 if (bt_cb(skb)->l2cap.retries)
1204 bt_cb(skb)->l2cap.retries = 1;
Mat Martineau02b0fbb2012-10-23 15:24:10 -07001205 else
1206 break;
1207 }
1208
1209 chan->expected_tx_seq = chan->buffer_seq;
1210
1211 clear_bit(CONN_REJ_ACT, &chan->conn_state);
1212 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
1213 l2cap_seq_list_clear(&chan->retrans_list);
1214 l2cap_seq_list_clear(&chan->srej_list);
1215 skb_queue_purge(&chan->srej_q);
1216
1217 chan->tx_state = L2CAP_TX_STATE_XMIT;
1218 chan->rx_state = L2CAP_RX_STATE_MOVE;
1219
1220 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
1221}
1222
Mat Martineau5f3847a2012-10-23 15:24:12 -07001223static void l2cap_move_done(struct l2cap_chan *chan)
1224{
1225 u8 move_role = chan->move_role;
1226 BT_DBG("chan %p", chan);
1227
1228 chan->move_state = L2CAP_MOVE_STABLE;
1229 chan->move_role = L2CAP_MOVE_ROLE_NONE;
1230
1231 if (chan->mode != L2CAP_MODE_ERTM)
1232 return;
1233
1234 switch (move_role) {
1235 case L2CAP_MOVE_ROLE_INITIATOR:
1236 l2cap_tx(chan, NULL, NULL, L2CAP_EV_EXPLICIT_POLL);
1237 chan->rx_state = L2CAP_RX_STATE_WAIT_F;
1238 break;
1239 case L2CAP_MOVE_ROLE_RESPONDER:
1240 chan->rx_state = L2CAP_RX_STATE_WAIT_P;
1241 break;
1242 }
1243}
1244
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001245static void l2cap_chan_ready(struct l2cap_chan *chan)
1246{
Johan Hedberg315917e2015-02-16 11:42:11 +02001247 /* The channel may have already been flagged as connected in
1248 * case of receiving data before the L2CAP info req/rsp
1249 * procedure is complete.
1250 */
1251 if (chan->state == BT_CONNECTED)
1252 return;
1253
Mat Martineau28270112012-05-17 21:14:09 -07001254 /* This clears all conf flags, including CONF_NOT_COMPLETE */
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001255 chan->conf_state = 0;
1256 __clear_chan_timer(chan);
1257
Johan Hedberg0ce43ce2013-12-05 14:55:33 +02001258 if (chan->mode == L2CAP_MODE_LE_FLOWCTL && !chan->tx_credits)
1259 chan->ops->suspend(chan);
Johan Hedberg177f8f22013-05-31 17:54:51 +03001260
Andrei Emeltchenko54a59aa2012-05-27 22:27:53 -03001261 chan->state = BT_CONNECTED;
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001262
Andrei Emeltchenkofd83e2c2012-05-30 09:55:32 +03001263 chan->ops->ready(chan);
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001264}
1265
Johan Hedbergf1496de2013-05-13 14:15:56 +03001266static void l2cap_le_connect(struct l2cap_chan *chan)
1267{
1268 struct l2cap_conn *conn = chan->conn;
1269 struct l2cap_le_conn_req req;
1270
Johan Hedberg595177f2013-12-02 22:12:22 +02001271 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags))
1272 return;
1273
Johan Hedbergf1496de2013-05-13 14:15:56 +03001274 req.psm = chan->psm;
1275 req.scid = cpu_to_le16(chan->scid);
1276 req.mtu = cpu_to_le16(chan->imtu);
Johan Hedberg3916aed2013-10-07 15:35:26 +02001277 req.mps = cpu_to_le16(chan->mps);
Johan Hedberg0cd75f72013-05-17 13:09:05 +03001278 req.credits = cpu_to_le16(chan->rx_credits);
Johan Hedbergf1496de2013-05-13 14:15:56 +03001279
1280 chan->ident = l2cap_get_ident(conn);
1281
1282 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ,
1283 sizeof(req), &req);
1284}
1285
1286static void l2cap_le_start(struct l2cap_chan *chan)
1287{
1288 struct l2cap_conn *conn = chan->conn;
1289
1290 if (!smp_conn_security(conn->hcon, chan->sec_level))
1291 return;
1292
1293 if (!chan->psm) {
1294 l2cap_chan_ready(chan);
1295 return;
1296 }
1297
1298 if (chan->state == BT_CONNECT)
1299 l2cap_le_connect(chan);
1300}
1301
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001302static void l2cap_start_connection(struct l2cap_chan *chan)
1303{
1304 if (__amp_capable(chan)) {
1305 BT_DBG("chan %p AMP capable: discover AMPs", chan);
1306 a2mp_discover_amp(chan);
Johan Hedbergf1496de2013-05-13 14:15:56 +03001307 } else if (chan->conn->hcon->type == LE_LINK) {
1308 l2cap_le_start(chan);
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001309 } else {
1310 l2cap_send_conn_req(chan);
1311 }
1312}
1313
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001314static void l2cap_request_info(struct l2cap_conn *conn)
1315{
1316 struct l2cap_info_req req;
1317
1318 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
1319 return;
1320
1321 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1322
1323 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1324 conn->info_ident = l2cap_get_ident(conn);
1325
1326 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
1327
1328 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
1329 sizeof(req), &req);
1330}
1331
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03001332static void l2cap_do_start(struct l2cap_chan *chan)
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001333{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03001334 struct l2cap_conn *conn = chan->conn;
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001335
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001336 if (conn->hcon->type == LE_LINK) {
Johan Hedberg96ac34f2013-05-13 11:15:07 +03001337 l2cap_le_start(chan);
Vinicius Costa Gomes9f0caeb2012-04-20 15:46:08 -03001338 return;
1339 }
1340
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001341 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) {
1342 l2cap_request_info(conn);
1343 return;
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001344 }
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001345
1346 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
1347 return;
1348
1349 if (l2cap_chan_check_security(chan, true) &&
1350 __l2cap_no_conn_pending(chan))
1351 l2cap_start_connection(chan);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001352}
1353
Gustavo F. Padovancf6c2c02010-06-07 20:54:45 -03001354static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1355{
1356 u32 local_feat_mask = l2cap_feat_mask;
Gustavo F. Padovand1c4a172010-07-18 16:25:54 -03001357 if (!disable_ertm)
Gustavo F. Padovancf6c2c02010-06-07 20:54:45 -03001358 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
1359
1360 switch (mode) {
1361 case L2CAP_MODE_ERTM:
1362 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
1363 case L2CAP_MODE_STREAMING:
1364 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
1365 default:
1366 return 0x00;
1367 }
1368}
1369
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02001370static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err)
Gustavo F. Padovan22121fc2009-07-23 10:27:23 -03001371{
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02001372 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan22121fc2009-07-23 10:27:23 -03001373 struct l2cap_disconn_req req;
1374
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -03001375 if (!conn)
1376 return;
1377
Andrei Emeltchenkoaad3d0e2012-09-06 15:05:42 +03001378 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) {
Gustavo F. Padovan1a09bcb2011-05-17 15:13:19 -03001379 __clear_retrans_timer(chan);
1380 __clear_monitor_timer(chan);
1381 __clear_ack_timer(chan);
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -03001382 }
1383
Johan Hedberg2338a7e2014-01-24 10:35:40 +02001384 if (chan->scid == L2CAP_CID_A2MP) {
Gustavo Padovand1177732012-10-06 11:47:38 +01001385 l2cap_state_change(chan, BT_DISCONN);
Andrei Emeltchenko416fa752012-05-29 13:59:16 +03001386 return;
1387 }
1388
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03001389 req.dcid = cpu_to_le16(chan->dcid);
1390 req.scid = cpu_to_le16(chan->scid);
Gustavo Padovan2d792812012-10-06 10:07:01 +01001391 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ,
1392 sizeof(req), &req);
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -03001393
Gustavo Padovanf8e73012013-10-15 19:24:46 -03001394 l2cap_state_change_and_error(chan, BT_DISCONN, err);
Gustavo F. Padovan22121fc2009-07-23 10:27:23 -03001395}
1396
Linus Torvalds1da177e2005-04-16 15:20:36 -07001397/* ---- L2CAP connections ---- */
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001398static void l2cap_conn_start(struct l2cap_conn *conn)
1399{
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001400 struct l2cap_chan *chan, *tmp;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001401
1402 BT_DBG("conn %p", conn);
1403
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001404 mutex_lock(&conn->chan_lock);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001405
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001406 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001407 l2cap_chan_lock(chan);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001408
Gustavo F. Padovan715ec002011-05-02 17:13:55 -03001409 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001410 l2cap_chan_ready(chan);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001411 l2cap_chan_unlock(chan);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001412 continue;
1413 }
1414
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03001415 if (chan->state == BT_CONNECT) {
Johan Hedberge7cafc42014-07-17 15:35:38 +03001416 if (!l2cap_chan_check_security(chan, true) ||
Gustavo Padovan2d792812012-10-06 10:07:01 +01001417 !__l2cap_no_conn_pending(chan)) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001418 l2cap_chan_unlock(chan);
Gustavo F. Padovan47731de2010-07-09 16:38:35 -03001419 continue;
Marcel Holtmannb1235d72008-07-14 20:13:54 +02001420 }
Gustavo F. Padovan47731de2010-07-09 16:38:35 -03001421
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03001422 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
Gustavo Padovan2d792812012-10-06 10:07:01 +01001423 && test_bit(CONF_STATE2_DEVICE,
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03001424 &chan->conf_state)) {
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03001425 l2cap_chan_close(chan, ECONNRESET);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001426 l2cap_chan_unlock(chan);
Gustavo F. Padovan47731de2010-07-09 16:38:35 -03001427 continue;
1428 }
1429
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03001430 l2cap_start_connection(chan);
Gustavo F. Padovan47731de2010-07-09 16:38:35 -03001431
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03001432 } else if (chan->state == BT_CONNECT2) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001433 struct l2cap_conn_rsp rsp;
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03001434 char buf[128];
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03001435 rsp.scid = cpu_to_le16(chan->dcid);
1436 rsp.dcid = cpu_to_le16(chan->scid);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001437
Johan Hedberge7cafc42014-07-17 15:35:38 +03001438 if (l2cap_chan_check_security(chan, false)) {
Marcel Holtmannbdc25782013-10-14 02:45:34 -07001439 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
Joe Perchesdcf4adb2014-03-12 10:52:35 -07001440 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1441 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
Gustavo Padovan2dc4e512012-10-12 19:35:24 +08001442 chan->ops->defer(chan);
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001443
1444 } else {
Gustavo Padovanacdcabf2013-10-21 14:21:39 -02001445 l2cap_state_change(chan, BT_CONFIG);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07001446 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1447 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001448 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001449 } else {
Joe Perchesdcf4adb2014-03-12 10:52:35 -07001450 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1451 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001452 }
1453
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03001454 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
Gustavo Padovan2d792812012-10-06 10:07:01 +01001455 sizeof(rsp), &rsp);
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03001456
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03001457 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
Gustavo Padovan2d792812012-10-06 10:07:01 +01001458 rsp.result != L2CAP_CR_SUCCESS) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001459 l2cap_chan_unlock(chan);
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03001460 continue;
1461 }
1462
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03001463 set_bit(CONF_REQ_SENT, &chan->conf_state);
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03001464 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Gustavo Padovan2d792812012-10-06 10:07:01 +01001465 l2cap_build_conf_req(chan, buf), buf);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03001466 chan->num_conf_req++;
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001467 }
1468
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001469 l2cap_chan_unlock(chan);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001470 }
1471
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001472 mutex_unlock(&conn->chan_lock);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001473}
1474
Ville Tervob62f3282011-02-10 22:38:50 -03001475static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1476{
Marcel Holtmanncc8dba22013-10-18 03:43:01 -07001477 struct hci_conn *hcon = conn->hcon;
Johan Hedbergdcc36c12014-07-09 12:59:13 +03001478 struct hci_dev *hdev = hcon->hdev;
Ville Tervob62f3282011-02-10 22:38:50 -03001479
Johan Hedberge760ec12014-08-07 22:56:47 +03001480 BT_DBG("%s conn %p", hdev->name, conn);
Ville Tervob62f3282011-02-10 22:38:50 -03001481
Johan Hedberge760ec12014-08-07 22:56:47 +03001482 /* For outgoing pairing which doesn't necessarily have an
1483 * associated socket (e.g. mgmt_pair_device).
1484 */
1485 if (hcon->out)
1486 smp_conn_security(hcon, hcon->pending_sec_level);
Marcel Holtmanncc8dba22013-10-18 03:43:01 -07001487
Marcel Holtmann80afeb62014-06-23 12:18:51 +02001488 /* For LE slave connections, make sure the connection interval
1489 * is in the range of the minium and maximum interval that has
1490 * been configured for this connection. If not, then trigger
1491 * the connection update procedure.
1492 */
Johan Hedberg40bef302014-07-16 11:42:27 +03001493 if (hcon->role == HCI_ROLE_SLAVE &&
Marcel Holtmann80afeb62014-06-23 12:18:51 +02001494 (hcon->le_conn_interval < hcon->le_conn_min_interval ||
1495 hcon->le_conn_interval > hcon->le_conn_max_interval)) {
1496 struct l2cap_conn_param_update_req req;
1497
1498 req.min = cpu_to_le16(hcon->le_conn_min_interval);
1499 req.max = cpu_to_le16(hcon->le_conn_max_interval);
1500 req.latency = cpu_to_le16(hcon->le_conn_latency);
1501 req.to_multiplier = cpu_to_le16(hcon->le_supv_timeout);
1502
1503 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1504 L2CAP_CONN_PARAM_UPDATE_REQ, sizeof(req), &req);
1505 }
Ville Tervob62f3282011-02-10 22:38:50 -03001506}
1507
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001508static void l2cap_conn_ready(struct l2cap_conn *conn)
1509{
Gustavo F. Padovan48454072011-03-25 00:22:30 -03001510 struct l2cap_chan *chan;
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03001511 struct hci_conn *hcon = conn->hcon;
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001512
1513 BT_DBG("conn %p", conn);
1514
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001515 if (hcon->type == ACL_LINK)
1516 l2cap_request_info(conn);
1517
Johan Hedberge760ec12014-08-07 22:56:47 +03001518 mutex_lock(&conn->chan_lock);
1519
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001520 list_for_each_entry(chan, &conn->chan_l, list) {
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -03001521
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001522 l2cap_chan_lock(chan);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001523
Johan Hedberg2338a7e2014-01-24 10:35:40 +02001524 if (chan->scid == L2CAP_CID_A2MP) {
Andrei Emeltchenko416fa752012-05-29 13:59:16 +03001525 l2cap_chan_unlock(chan);
1526 continue;
1527 }
1528
Vinicius Costa Gomescc110922012-08-23 21:32:43 -03001529 if (hcon->type == LE_LINK) {
Johan Hedbergf1496de2013-05-13 14:15:56 +03001530 l2cap_le_start(chan);
Vinicius Costa Gomes63128452011-06-17 22:46:26 -03001531 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
Johan Hedbergaeaeb4b2014-09-10 17:37:46 -07001532 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
1533 l2cap_chan_ready(chan);
Gustavo Padovan1c244f72012-12-07 03:29:10 -02001534 } else if (chan->state == BT_CONNECT) {
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03001535 l2cap_do_start(chan);
Gustavo Padovan1c244f72012-12-07 03:29:10 -02001536 }
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001537
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001538 l2cap_chan_unlock(chan);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001539 }
1540
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001541 mutex_unlock(&conn->chan_lock);
Johan Hedberg61a939c2014-01-17 20:45:11 +02001542
Johan Hedberg79a05722014-08-08 09:28:04 +03001543 if (hcon->type == LE_LINK)
1544 l2cap_le_conn_ready(conn);
1545
Johan Hedberg61a939c2014-01-17 20:45:11 +02001546 queue_work(hcon->hdev->workqueue, &conn->pending_rx_work);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001547}
1548
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001549/* Notify sockets that we cannot guaranty reliability anymore */
1550static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1551{
Gustavo F. Padovan48454072011-03-25 00:22:30 -03001552 struct l2cap_chan *chan;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001553
1554 BT_DBG("conn %p", conn);
1555
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001556 mutex_lock(&conn->chan_lock);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001557
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001558 list_for_each_entry(chan, &conn->chan_l, list) {
Andrei Emeltchenkoecf61bd2011-10-11 14:04:32 +03001559 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
Gustavo Padovan1d8b1fd2012-10-06 11:34:52 +01001560 l2cap_chan_set_err(chan, err);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001561 }
1562
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001563 mutex_unlock(&conn->chan_lock);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001564}
1565
Gustavo F. Padovanf878fca2011-12-15 01:16:14 -02001566static void l2cap_info_timeout(struct work_struct *work)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001567{
Gustavo F. Padovanf878fca2011-12-15 01:16:14 -02001568 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
Gustavo Padovan2d792812012-10-06 10:07:01 +01001569 info_timer.work);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001570
Marcel Holtmann984947d2009-02-06 23:35:19 +01001571 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01001572 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01001573
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001574 l2cap_conn_start(conn);
1575}
1576
David Herrmann2c8e1412013-04-06 20:28:45 +02001577/*
1578 * l2cap_user
1579 * External modules can register l2cap_user objects on l2cap_conn. The ->probe
1580 * callback is called during registration. The ->remove callback is called
1581 * during unregistration.
1582 * An l2cap_user object can either be explicitly unregistered or when the
1583 * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon,
1584 * l2cap->hchan, .. are valid as long as the remove callback hasn't been called.
1585 * External modules must own a reference to the l2cap_conn object if they intend
1586 * to call l2cap_unregister_user(). The l2cap_conn object might get destroyed at
1587 * any time if they don't.
1588 */
1589
1590int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user)
1591{
1592 struct hci_dev *hdev = conn->hcon->hdev;
1593 int ret;
1594
1595 /* We need to check whether l2cap_conn is registered. If it is not, we
1596 * must not register the l2cap_user. l2cap_conn_del() is unregisters
1597 * l2cap_conn objects, but doesn't provide its own locking. Instead, it
1598 * relies on the parent hci_conn object to be locked. This itself relies
1599 * on the hci_dev object to be locked. So we must lock the hci device
1600 * here, too. */
1601
1602 hci_dev_lock(hdev);
1603
1604 if (user->list.next || user->list.prev) {
1605 ret = -EINVAL;
1606 goto out_unlock;
1607 }
1608
1609 /* conn->hchan is NULL after l2cap_conn_del() was called */
1610 if (!conn->hchan) {
1611 ret = -ENODEV;
1612 goto out_unlock;
1613 }
1614
1615 ret = user->probe(conn, user);
1616 if (ret)
1617 goto out_unlock;
1618
1619 list_add(&user->list, &conn->users);
1620 ret = 0;
1621
1622out_unlock:
1623 hci_dev_unlock(hdev);
1624 return ret;
1625}
1626EXPORT_SYMBOL(l2cap_register_user);
1627
1628void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user)
1629{
1630 struct hci_dev *hdev = conn->hcon->hdev;
1631
1632 hci_dev_lock(hdev);
1633
1634 if (!user->list.next || !user->list.prev)
1635 goto out_unlock;
1636
1637 list_del(&user->list);
1638 user->list.next = NULL;
1639 user->list.prev = NULL;
1640 user->remove(conn, user);
1641
1642out_unlock:
1643 hci_dev_unlock(hdev);
1644}
1645EXPORT_SYMBOL(l2cap_unregister_user);
1646
1647static void l2cap_unregister_all_users(struct l2cap_conn *conn)
1648{
1649 struct l2cap_user *user;
1650
1651 while (!list_empty(&conn->users)) {
1652 user = list_first_entry(&conn->users, struct l2cap_user, list);
1653 list_del(&user->list);
1654 user->list.next = NULL;
1655 user->list.prev = NULL;
1656 user->remove(conn, user);
1657 }
1658}
1659
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001660static void l2cap_conn_del(struct hci_conn *hcon, int err)
1661{
1662 struct l2cap_conn *conn = hcon->l2cap_data;
1663 struct l2cap_chan *chan, *l;
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001664
1665 if (!conn)
1666 return;
1667
1668 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1669
1670 kfree_skb(conn->rx_skb);
1671
Johan Hedberg61a939c2014-01-17 20:45:11 +02001672 skb_queue_purge(&conn->pending_rx);
Jukka Taimisto7ab56c32014-06-12 10:15:13 +00001673
1674 /* We can not call flush_work(&conn->pending_rx_work) here since we
1675 * might block if we are running on a worker from the same workqueue
1676 * pending_rx_work is waiting on.
1677 */
1678 if (work_pending(&conn->pending_rx_work))
1679 cancel_work_sync(&conn->pending_rx_work);
Johan Hedberg61a939c2014-01-17 20:45:11 +02001680
Johan Hedbergf3d82d02014-09-05 22:19:50 +03001681 if (work_pending(&conn->id_addr_update_work))
1682 cancel_work_sync(&conn->id_addr_update_work);
1683
David Herrmann2c8e1412013-04-06 20:28:45 +02001684 l2cap_unregister_all_users(conn);
1685
Johan Hedberge31fb862014-08-18 20:33:28 +03001686 /* Force the connection to be immediately dropped */
1687 hcon->disc_timeout = 0;
1688
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001689 mutex_lock(&conn->chan_lock);
1690
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001691 /* Kill channels */
1692 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
Mat Martineau61d6ef32012-04-27 16:50:50 -07001693 l2cap_chan_hold(chan);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001694 l2cap_chan_lock(chan);
1695
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001696 l2cap_chan_del(chan, err);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001697
1698 l2cap_chan_unlock(chan);
1699
Gustavo Padovan80b98022012-05-27 22:27:51 -03001700 chan->ops->close(chan);
Mat Martineau61d6ef32012-04-27 16:50:50 -07001701 l2cap_chan_put(chan);
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001702 }
1703
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02001704 mutex_unlock(&conn->chan_lock);
1705
Luiz Augusto von Dentz73d80de2011-11-02 15:52:01 +02001706 hci_chan_del(conn->hchan);
1707
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001708 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
Ulisses Furquim127074b2012-01-30 18:26:29 -02001709 cancel_delayed_work_sync(&conn->info_timer);
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001710
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001711 hcon->l2cap_data = NULL;
David Herrmann9c903e32013-04-06 20:28:44 +02001712 conn->hchan = NULL;
1713 l2cap_conn_put(conn);
Vinicius Costa Gomes5d3de7d2011-06-14 13:37:41 -03001714}
1715
David Herrmann9c903e32013-04-06 20:28:44 +02001716static void l2cap_conn_free(struct kref *ref)
1717{
1718 struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref);
1719
1720 hci_conn_put(conn->hcon);
1721 kfree(conn);
1722}
1723
Johan Hedberg51bb84572014-08-15 21:06:57 +03001724struct l2cap_conn *l2cap_conn_get(struct l2cap_conn *conn)
David Herrmann9c903e32013-04-06 20:28:44 +02001725{
1726 kref_get(&conn->ref);
Johan Hedberg51bb84572014-08-15 21:06:57 +03001727 return conn;
David Herrmann9c903e32013-04-06 20:28:44 +02001728}
1729EXPORT_SYMBOL(l2cap_conn_get);
1730
1731void l2cap_conn_put(struct l2cap_conn *conn)
1732{
1733 kref_put(&conn->ref, l2cap_conn_free);
1734}
1735EXPORT_SYMBOL(l2cap_conn_put);
1736
Linus Torvalds1da177e2005-04-16 15:20:36 -07001737/* ---- Socket interface ---- */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001738
Ido Yarivc2287682012-04-20 15:46:07 -03001739/* Find socket with psm and source / destination bdaddr.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001740 * Returns closest match.
1741 */
Ido Yarivc2287682012-04-20 15:46:07 -03001742static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1743 bdaddr_t *src,
Johan Hedbergbf20fd42013-05-14 13:23:13 +03001744 bdaddr_t *dst,
1745 u8 link_type)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001746{
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001747 struct l2cap_chan *c, *c1 = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001748
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001749 read_lock(&chan_list_lock);
Gustavo F. Padovane0f0cb52010-11-01 18:43:53 +00001750
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001751 list_for_each_entry(c, &chan_list, global_l) {
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03001752 if (state && c->state != state)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001753 continue;
1754
Johan Hedbergbf20fd42013-05-14 13:23:13 +03001755 if (link_type == ACL_LINK && c->src_type != BDADDR_BREDR)
1756 continue;
1757
1758 if (link_type == LE_LINK && c->src_type == BDADDR_BREDR)
1759 continue;
1760
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001761 if (c->psm == psm) {
Ido Yarivc2287682012-04-20 15:46:07 -03001762 int src_match, dst_match;
1763 int src_any, dst_any;
1764
Linus Torvalds1da177e2005-04-16 15:20:36 -07001765 /* Exact match. */
Marcel Holtmann7eafc592013-10-13 08:12:47 -07001766 src_match = !bacmp(&c->src, src);
1767 dst_match = !bacmp(&c->dst, dst);
Ido Yarivc2287682012-04-20 15:46:07 -03001768 if (src_match && dst_match) {
Johan Hedberga24cce12014-08-07 22:56:42 +03001769 l2cap_chan_hold(c);
Johannes Berga7567b22011-06-01 08:29:54 +02001770 read_unlock(&chan_list_lock);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001771 return c;
1772 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001773
1774 /* Closest match */
Marcel Holtmann7eafc592013-10-13 08:12:47 -07001775 src_any = !bacmp(&c->src, BDADDR_ANY);
1776 dst_any = !bacmp(&c->dst, BDADDR_ANY);
Ido Yarivc2287682012-04-20 15:46:07 -03001777 if ((src_match && dst_any) || (src_any && dst_match) ||
1778 (src_any && dst_any))
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001779 c1 = c;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001780 }
1781 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001782
Johan Hedberga24cce12014-08-07 22:56:42 +03001783 if (c1)
1784 l2cap_chan_hold(c1);
1785
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001786 read_unlock(&chan_list_lock);
Gustavo F. Padovane0f0cb52010-11-01 18:43:53 +00001787
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03001788 return c1;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001789}
1790
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03001791static void l2cap_monitor_timeout(struct work_struct *work)
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001792{
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03001793 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
Mat Martineau4239d162012-05-17 20:53:49 -07001794 monitor_timer.work);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001795
Gustavo F. Padovan525cd182011-03-25 19:43:39 -03001796 BT_DBG("chan %p", chan);
Gustavo F. Padovan0e989582010-04-19 14:45:38 -03001797
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001798 l2cap_chan_lock(chan);
1799
Mat Martineau80909e02012-05-17 20:53:50 -07001800 if (!chan->conn) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001801 l2cap_chan_unlock(chan);
Andrei Emeltchenko8d7e1c72012-03-23 09:42:15 +02001802 l2cap_chan_put(chan);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001803 return;
1804 }
1805
Andrei Emeltchenko401bb1f2012-05-21 15:47:46 +03001806 l2cap_tx(chan, NULL, NULL, L2CAP_EV_MONITOR_TO);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001807
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001808 l2cap_chan_unlock(chan);
Andrei Emeltchenko8d7e1c72012-03-23 09:42:15 +02001809 l2cap_chan_put(chan);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001810}
1811
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03001812static void l2cap_retrans_timeout(struct work_struct *work)
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001813{
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03001814 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
Mat Martineau4239d162012-05-17 20:53:49 -07001815 retrans_timer.work);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001816
Gustavo F. Padovan49208c92011-04-04 15:59:54 -03001817 BT_DBG("chan %p", chan);
Gustavo F. Padovan0e989582010-04-19 14:45:38 -03001818
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001819 l2cap_chan_lock(chan);
1820
Mat Martineau80909e02012-05-17 20:53:50 -07001821 if (!chan->conn) {
1822 l2cap_chan_unlock(chan);
1823 l2cap_chan_put(chan);
1824 return;
1825 }
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001826
Andrei Emeltchenko401bb1f2012-05-21 15:47:46 +03001827 l2cap_tx(chan, NULL, NULL, L2CAP_EV_RETRANS_TO);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02001828 l2cap_chan_unlock(chan);
Andrei Emeltchenko8d7e1c72012-03-23 09:42:15 +02001829 l2cap_chan_put(chan);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001830}
1831
Gustavo Padovand6603662012-05-21 13:58:22 -03001832static void l2cap_streaming_send(struct l2cap_chan *chan,
1833 struct sk_buff_head *skbs)
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001834{
Gustavo F. Padovanccbb84a2010-08-30 18:44:44 -03001835 struct sk_buff *skb;
Mat Martineau37339372012-05-17 20:53:33 -07001836 struct l2cap_ctrl *control;
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001837
Mat Martineau37339372012-05-17 20:53:33 -07001838 BT_DBG("chan %p, skbs %p", chan, skbs);
1839
Mat Martineaub99e13a2012-10-23 15:24:19 -07001840 if (__chan_is_moving(chan))
1841 return;
1842
Mat Martineau37339372012-05-17 20:53:33 -07001843 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1844
1845 while (!skb_queue_empty(&chan->tx_q)) {
1846
1847 skb = skb_dequeue(&chan->tx_q);
1848
Johan Hedberga4368ff2015-03-30 23:21:01 +03001849 bt_cb(skb)->l2cap.retries = 1;
1850 control = &bt_cb(skb)->l2cap;
Mat Martineau37339372012-05-17 20:53:33 -07001851
1852 control->reqseq = 0;
1853 control->txseq = chan->next_tx_seq;
1854
1855 __pack_control(chan, control, skb);
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001856
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03001857 if (chan->fcs == L2CAP_FCS_CRC16) {
Mat Martineau37339372012-05-17 20:53:33 -07001858 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1859 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03001860 }
1861
Gustavo F. Padovan43434782011-04-12 18:31:57 -03001862 l2cap_do_send(chan, skb);
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001863
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03001864 BT_DBG("Sent txseq %u", control->txseq);
Mat Martineau37339372012-05-17 20:53:33 -07001865
Andrei Emeltchenko836be932011-10-17 12:19:57 +03001866 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
Mat Martineau37339372012-05-17 20:53:33 -07001867 chan->frames_sent++;
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001868 }
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03001869}
1870
Szymon Janc67c9e842011-07-28 16:24:33 +02001871static int l2cap_ertm_send(struct l2cap_chan *chan)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001872{
1873 struct sk_buff *skb, *tx_skb;
Mat Martineau18a48e72012-05-17 20:53:34 -07001874 struct l2cap_ctrl *control;
1875 int sent = 0;
1876
1877 BT_DBG("chan %p", chan);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001878
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03001879 if (chan->state != BT_CONNECTED)
Gustavo F. Padovanc13ffa62010-05-13 20:50:12 -03001880 return -ENOTCONN;
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001881
Mat Martineau94122bb2012-05-02 09:42:02 -07001882 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1883 return 0;
1884
Mat Martineaub99e13a2012-10-23 15:24:19 -07001885 if (__chan_is_moving(chan))
1886 return 0;
1887
Mat Martineau18a48e72012-05-17 20:53:34 -07001888 while (chan->tx_send_head &&
1889 chan->unacked_frames < chan->remote_tx_win &&
1890 chan->tx_state == L2CAP_TX_STATE_XMIT) {
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001891
Mat Martineau18a48e72012-05-17 20:53:34 -07001892 skb = chan->tx_send_head;
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001893
Johan Hedberga4368ff2015-03-30 23:21:01 +03001894 bt_cb(skb)->l2cap.retries = 1;
1895 control = &bt_cb(skb)->l2cap;
Gustavo F. Padovan95ffa972010-06-18 20:37:33 -03001896
Gustavo F. Padovane2ab4352011-06-10 21:28:49 -03001897 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
Mat Martineau18a48e72012-05-17 20:53:34 -07001898 control->final = 1;
Gustavo F. Padovane2ab4352011-06-10 21:28:49 -03001899
Mat Martineau18a48e72012-05-17 20:53:34 -07001900 control->reqseq = chan->buffer_seq;
1901 chan->last_acked_seq = chan->buffer_seq;
1902 control->txseq = chan->next_tx_seq;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001903
Mat Martineau18a48e72012-05-17 20:53:34 -07001904 __pack_control(chan, control, skb);
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03001905
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03001906 if (chan->fcs == L2CAP_FCS_CRC16) {
Mat Martineau18a48e72012-05-17 20:53:34 -07001907 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1908 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03001909 }
1910
Mat Martineau18a48e72012-05-17 20:53:34 -07001911 /* Clone after data has been modified. Data is assumed to be
1912 read-only (for locking purposes) on cloned sk_buffs.
1913 */
1914 tx_skb = skb_clone(skb, GFP_KERNEL);
1915
1916 if (!tx_skb)
1917 break;
Gustavo F. Padovan9a9c6a32010-05-01 16:15:43 -03001918
Gustavo F. Padovan1a09bcb2011-05-17 15:13:19 -03001919 __set_retrans_timer(chan);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001920
Andrei Emeltchenko836be932011-10-17 12:19:57 +03001921 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
Mat Martineau18a48e72012-05-17 20:53:34 -07001922 chan->unacked_frames++;
Gustavo F. Padovan6a026612011-04-01 00:38:50 -03001923 chan->frames_sent++;
Mat Martineau18a48e72012-05-17 20:53:34 -07001924 sent++;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001925
Gustavo F. Padovan58d35f82011-04-04 16:16:44 -03001926 if (skb_queue_is_last(&chan->tx_q, skb))
1927 chan->tx_send_head = NULL;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001928 else
Gustavo F. Padovan58d35f82011-04-04 16:16:44 -03001929 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
Mat Martineau18a48e72012-05-17 20:53:34 -07001930
1931 l2cap_do_send(chan, tx_skb);
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03001932 BT_DBG("Sent txseq %u", control->txseq);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03001933 }
1934
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03001935 BT_DBG("Sent %d, %u unacked, %u in ERTM queue", sent,
1936 chan->unacked_frames, skb_queue_len(&chan->tx_q));
Mat Martineau18a48e72012-05-17 20:53:34 -07001937
1938 return sent;
Gustavo F. Padovan9e917af2010-05-01 16:15:37 -03001939}
1940
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001941static void l2cap_ertm_resend(struct l2cap_chan *chan)
1942{
1943 struct l2cap_ctrl control;
1944 struct sk_buff *skb;
1945 struct sk_buff *tx_skb;
1946 u16 seq;
1947
1948 BT_DBG("chan %p", chan);
1949
1950 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1951 return;
1952
Mat Martineaub99e13a2012-10-23 15:24:19 -07001953 if (__chan_is_moving(chan))
1954 return;
1955
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001956 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) {
1957 seq = l2cap_seq_list_pop(&chan->retrans_list);
1958
1959 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1960 if (!skb) {
1961 BT_DBG("Error: Can't retransmit seq %d, frame missing",
Gustavo Padovan2d792812012-10-06 10:07:01 +01001962 seq);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001963 continue;
1964 }
1965
Johan Hedberga4368ff2015-03-30 23:21:01 +03001966 bt_cb(skb)->l2cap.retries++;
1967 control = bt_cb(skb)->l2cap;
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001968
1969 if (chan->max_tx != 0 &&
Johan Hedberga4368ff2015-03-30 23:21:01 +03001970 bt_cb(skb)->l2cap.retries > chan->max_tx) {
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001971 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02001972 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001973 l2cap_seq_list_clear(&chan->retrans_list);
1974 break;
1975 }
1976
1977 control.reqseq = chan->buffer_seq;
1978 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1979 control.final = 1;
1980 else
1981 control.final = 0;
1982
1983 if (skb_cloned(skb)) {
1984 /* Cloned sk_buffs are read-only, so we need a
1985 * writeable copy
1986 */
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03001987 tx_skb = skb_copy(skb, GFP_KERNEL);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001988 } else {
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03001989 tx_skb = skb_clone(skb, GFP_KERNEL);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07001990 }
1991
1992 if (!tx_skb) {
1993 l2cap_seq_list_clear(&chan->retrans_list);
1994 break;
1995 }
1996
1997 /* Update skb contents */
1998 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1999 put_unaligned_le32(__pack_extended_control(&control),
2000 tx_skb->data + L2CAP_HDR_SIZE);
2001 } else {
2002 put_unaligned_le16(__pack_enhanced_control(&control),
2003 tx_skb->data + L2CAP_HDR_SIZE);
2004 }
2005
Lukasz Rymanowski13cac152014-08-14 09:35:34 +02002006 /* Update FCS */
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07002007 if (chan->fcs == L2CAP_FCS_CRC16) {
Lukasz Rymanowski13cac152014-08-14 09:35:34 +02002008 u16 fcs = crc16(0, (u8 *) tx_skb->data,
2009 tx_skb->len - L2CAP_FCS_SIZE);
2010 put_unaligned_le16(fcs, skb_tail_pointer(tx_skb) -
2011 L2CAP_FCS_SIZE);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07002012 }
2013
2014 l2cap_do_send(chan, tx_skb);
2015
2016 BT_DBG("Resent txseq %d", control.txseq);
2017
2018 chan->last_acked_seq = chan->buffer_seq;
2019 }
2020}
2021
Mat Martineauf80842a2012-05-17 20:53:46 -07002022static void l2cap_retransmit(struct l2cap_chan *chan,
2023 struct l2cap_ctrl *control)
2024{
2025 BT_DBG("chan %p, control %p", chan, control);
2026
2027 l2cap_seq_list_append(&chan->retrans_list, control->reqseq);
2028 l2cap_ertm_resend(chan);
2029}
2030
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002031static void l2cap_retransmit_all(struct l2cap_chan *chan,
2032 struct l2cap_ctrl *control)
2033{
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07002034 struct sk_buff *skb;
2035
2036 BT_DBG("chan %p, control %p", chan, control);
2037
2038 if (control->poll)
2039 set_bit(CONN_SEND_FBIT, &chan->conn_state);
2040
2041 l2cap_seq_list_clear(&chan->retrans_list);
2042
2043 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
2044 return;
2045
2046 if (chan->unacked_frames) {
2047 skb_queue_walk(&chan->tx_q, skb) {
Johan Hedberga4368ff2015-03-30 23:21:01 +03002048 if (bt_cb(skb)->l2cap.txseq == control->reqseq ||
Gustavo Padovan2d792812012-10-06 10:07:01 +01002049 skb == chan->tx_send_head)
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07002050 break;
2051 }
2052
2053 skb_queue_walk_from(&chan->tx_q, skb) {
2054 if (skb == chan->tx_send_head)
2055 break;
2056
2057 l2cap_seq_list_append(&chan->retrans_list,
Johan Hedberga4368ff2015-03-30 23:21:01 +03002058 bt_cb(skb)->l2cap.txseq);
Mat Martineaue1fbd4c2012-05-17 20:53:43 -07002059 }
2060
2061 l2cap_ertm_resend(chan);
2062 }
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002063}
2064
Szymon Jancb17e73b2012-01-11 10:59:47 +01002065static void l2cap_send_ack(struct l2cap_chan *chan)
2066{
Mat Martineau0a0aba42012-05-17 20:53:39 -07002067 struct l2cap_ctrl control;
2068 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
2069 chan->last_acked_seq);
2070 int threshold;
2071
2072 BT_DBG("chan %p last_acked_seq %d buffer_seq %d",
2073 chan, chan->last_acked_seq, chan->buffer_seq);
2074
2075 memset(&control, 0, sizeof(control));
2076 control.sframe = 1;
2077
2078 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
2079 chan->rx_state == L2CAP_RX_STATE_RECV) {
2080 __clear_ack_timer(chan);
2081 control.super = L2CAP_SUPER_RNR;
2082 control.reqseq = chan->buffer_seq;
2083 l2cap_send_sframe(chan, &control);
2084 } else {
2085 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) {
2086 l2cap_ertm_send(chan);
2087 /* If any i-frames were sent, they included an ack */
2088 if (chan->buffer_seq == chan->last_acked_seq)
2089 frames_to_ack = 0;
2090 }
2091
Mat Martineauc20f8e32012-07-10 05:47:07 -07002092 /* Ack now if the window is 3/4ths full.
Mat Martineau0a0aba42012-05-17 20:53:39 -07002093 * Calculate without mul or div
2094 */
Mat Martineauc20f8e32012-07-10 05:47:07 -07002095 threshold = chan->ack_win;
Mat Martineau0a0aba42012-05-17 20:53:39 -07002096 threshold += threshold << 1;
2097 threshold >>= 2;
2098
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002099 BT_DBG("frames_to_ack %u, threshold %d", frames_to_ack,
Mat Martineau0a0aba42012-05-17 20:53:39 -07002100 threshold);
2101
2102 if (frames_to_ack >= threshold) {
2103 __clear_ack_timer(chan);
2104 control.super = L2CAP_SUPER_RR;
2105 control.reqseq = chan->buffer_seq;
2106 l2cap_send_sframe(chan, &control);
2107 frames_to_ack = 0;
2108 }
2109
2110 if (frames_to_ack)
2111 __set_ack_timer(chan);
2112 }
Szymon Jancb17e73b2012-01-11 10:59:47 +01002113}
2114
Gustavo F. Padovan04124682012-03-08 01:25:00 -03002115static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
2116 struct msghdr *msg, int len,
2117 int count, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002118{
Andrei Emeltchenko0952a572012-01-13 17:21:43 +02002119 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002120 struct sk_buff **frag;
Gustavo Padovan90338942012-04-06 20:15:47 -03002121 int sent = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002122
Al Viro17836392014-11-24 17:07:38 -05002123 if (copy_from_iter(skb_put(skb, count), count, &msg->msg_iter) != count)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002124 return -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002125
2126 sent += count;
2127 len -= count;
2128
2129 /* Continuation fragments (no L2CAP header) */
2130 frag = &skb_shinfo(skb)->frag_list;
2131 while (len) {
Gustavo Padovanfbe00702012-05-15 13:22:55 -03002132 struct sk_buff *tmp;
2133
Linus Torvalds1da177e2005-04-16 15:20:36 -07002134 count = min_t(unsigned int, conn->mtu, len);
2135
Marcel Holtmannd9fbd022014-06-08 11:22:28 +02002136 tmp = chan->ops->alloc_skb(chan, 0, count,
Gustavo Padovanfbe00702012-05-15 13:22:55 -03002137 msg->msg_flags & MSG_DONTWAIT);
2138 if (IS_ERR(tmp))
2139 return PTR_ERR(tmp);
Andrei Emeltchenko2f7719c2012-01-20 14:08:03 +02002140
Gustavo Padovanfbe00702012-05-15 13:22:55 -03002141 *frag = tmp;
2142
Al Viro17836392014-11-24 17:07:38 -05002143 if (copy_from_iter(skb_put(*frag, count), count,
2144 &msg->msg_iter) != count)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002145 return -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002146
2147 sent += count;
2148 len -= count;
2149
Gustavo Padovan2d0ed3d2012-05-11 13:16:12 -03002150 skb->len += (*frag)->len;
2151 skb->data_len += (*frag)->len;
2152
Linus Torvalds1da177e2005-04-16 15:20:36 -07002153 frag = &(*frag)->next;
2154 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002155
2156 return sent;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002157}
Linus Torvalds1da177e2005-04-16 15:20:36 -07002158
Luiz Augusto von Dentz5e59b792011-11-01 10:58:57 +02002159static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
Marcel Holtmann8d463212014-06-05 15:22:51 +02002160 struct msghdr *msg, size_t len)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002161{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03002162 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002163 struct sk_buff *skb;
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03002164 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002165 struct l2cap_hdr *lh;
2166
Marcel Holtmann8d463212014-06-05 15:22:51 +02002167 BT_DBG("chan %p psm 0x%2.2x len %zu", chan,
2168 __le16_to_cpu(chan->psm), len);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002169
2170 count = min_t(unsigned int, (conn->mtu - hlen), len);
Andrei Emeltchenko2f7719c2012-01-20 14:08:03 +02002171
Marcel Holtmannd9fbd022014-06-08 11:22:28 +02002172 skb = chan->ops->alloc_skb(chan, hlen, count,
Gustavo Padovan90338942012-04-06 20:15:47 -03002173 msg->msg_flags & MSG_DONTWAIT);
2174 if (IS_ERR(skb))
2175 return skb;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002176
2177 /* Create L2CAP header */
2178 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03002179 lh->cid = cpu_to_le16(chan->dcid);
Andrei Emeltchenkodaf6a78c2012-05-03 10:55:52 +03002180 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
Marcel Holtmann43b1b8d2013-10-12 06:01:26 -07002181 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE));
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002182
Andrei Emeltchenko0952a572012-01-13 17:21:43 +02002183 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002184 if (unlikely(err < 0)) {
2185 kfree_skb(skb);
2186 return ERR_PTR(err);
2187 }
2188 return skb;
2189}
2190
Luiz Augusto von Dentz5e59b792011-11-01 10:58:57 +02002191static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
Marcel Holtmann8d463212014-06-05 15:22:51 +02002192 struct msghdr *msg, size_t len)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002193{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03002194 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002195 struct sk_buff *skb;
Gustavo Padovanf2ba7fa2012-05-03 04:54:21 -03002196 int err, count;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002197 struct l2cap_hdr *lh;
2198
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002199 BT_DBG("chan %p len %zu", chan, len);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002200
Gustavo Padovanf2ba7fa2012-05-03 04:54:21 -03002201 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
Andrei Emeltchenko2f7719c2012-01-20 14:08:03 +02002202
Marcel Holtmannd9fbd022014-06-08 11:22:28 +02002203 skb = chan->ops->alloc_skb(chan, L2CAP_HDR_SIZE, count,
Gustavo Padovan90338942012-04-06 20:15:47 -03002204 msg->msg_flags & MSG_DONTWAIT);
2205 if (IS_ERR(skb))
2206 return skb;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002207
2208 /* Create L2CAP header */
2209 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03002210 lh->cid = cpu_to_le16(chan->dcid);
Gustavo Padovan6ff9b5e2012-05-02 11:56:17 -03002211 lh->len = cpu_to_le16(len);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002212
Andrei Emeltchenko0952a572012-01-13 17:21:43 +02002213 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002214 if (unlikely(err < 0)) {
2215 kfree_skb(skb);
2216 return ERR_PTR(err);
2217 }
2218 return skb;
2219}
2220
Luiz Augusto von Dentzab0ff762011-09-12 20:00:50 +03002221static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002222 struct msghdr *msg, size_t len,
2223 u16 sdulen)
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002224{
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03002225 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002226 struct sk_buff *skb;
Andrei Emeltchenkoe4ca6d92011-10-11 13:37:52 +03002227 int err, count, hlen;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002228 struct l2cap_hdr *lh;
2229
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002230 BT_DBG("chan %p len %zu", chan, len);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002231
Gustavo F. Padovan0ee0d202010-05-01 16:15:41 -03002232 if (!conn)
2233 return ERR_PTR(-ENOTCONN);
2234
Gustavo Padovanba7aa642012-05-29 13:29:16 -03002235 hlen = __ertm_hdr_size(chan);
Andrei Emeltchenkoe4ca6d92011-10-11 13:37:52 +03002236
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002237 if (sdulen)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03002238 hlen += L2CAP_SDULEN_SIZE;
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002239
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03002240 if (chan->fcs == L2CAP_FCS_CRC16)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03002241 hlen += L2CAP_FCS_SIZE;
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03002242
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002243 count = min_t(unsigned int, (conn->mtu - hlen), len);
Andrei Emeltchenko2f7719c2012-01-20 14:08:03 +02002244
Marcel Holtmannd9fbd022014-06-08 11:22:28 +02002245 skb = chan->ops->alloc_skb(chan, hlen, count,
Gustavo Padovan90338942012-04-06 20:15:47 -03002246 msg->msg_flags & MSG_DONTWAIT);
2247 if (IS_ERR(skb))
2248 return skb;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002249
2250 /* Create L2CAP header */
2251 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03002252 lh->cid = cpu_to_le16(chan->dcid);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002253 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
Andrei Emeltchenko88843ab2011-10-17 12:19:56 +03002254
Mat Martineau18a48e72012-05-17 20:53:34 -07002255 /* Control header is populated later */
2256 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2257 put_unaligned_le32(0, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
2258 else
2259 put_unaligned_le16(0, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
Andrei Emeltchenko88843ab2011-10-17 12:19:56 +03002260
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002261 if (sdulen)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03002262 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002263
Andrei Emeltchenko0952a572012-01-13 17:21:43 +02002264 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002265 if (unlikely(err < 0)) {
2266 kfree_skb(skb);
2267 return ERR_PTR(err);
2268 }
Gustavo F. Padovane90bac02009-08-20 22:26:00 -03002269
Johan Hedberga4368ff2015-03-30 23:21:01 +03002270 bt_cb(skb)->l2cap.fcs = chan->fcs;
2271 bt_cb(skb)->l2cap.retries = 0;
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03002272 return skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002273}
2274
Mat Martineau94122bb2012-05-02 09:42:02 -07002275static int l2cap_segment_sdu(struct l2cap_chan *chan,
2276 struct sk_buff_head *seg_queue,
2277 struct msghdr *msg, size_t len)
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002278{
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002279 struct sk_buff *skb;
Mat Martineau94122bb2012-05-02 09:42:02 -07002280 u16 sdu_len;
2281 size_t pdu_len;
Mat Martineau94122bb2012-05-02 09:42:02 -07002282 u8 sar;
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002283
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002284 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002285
Mat Martineau94122bb2012-05-02 09:42:02 -07002286 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2287 * so fragmented skbs are not used. The HCI layer's handling
2288 * of fragmented skbs is not compatible with ERTM's queueing.
2289 */
2290
2291 /* PDU size is derived from the HCI MTU */
2292 pdu_len = chan->conn->mtu;
2293
Mat Martineaua5495742012-10-23 15:24:21 -07002294 /* Constrain PDU size for BR/EDR connections */
2295 if (!chan->hs_hcon)
2296 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
Mat Martineau94122bb2012-05-02 09:42:02 -07002297
2298 /* Adjust for largest possible L2CAP overhead. */
Gustavo Padovan35d401d2012-05-25 18:57:05 -03002299 if (chan->fcs)
2300 pdu_len -= L2CAP_FCS_SIZE;
2301
Gustavo Padovanba7aa642012-05-29 13:29:16 -03002302 pdu_len -= __ertm_hdr_size(chan);
Mat Martineau94122bb2012-05-02 09:42:02 -07002303
2304 /* Remote device may have requested smaller PDUs */
2305 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2306
2307 if (len <= pdu_len) {
2308 sar = L2CAP_SAR_UNSEGMENTED;
2309 sdu_len = 0;
2310 pdu_len = len;
2311 } else {
2312 sar = L2CAP_SAR_START;
2313 sdu_len = len;
Mat Martineau94122bb2012-05-02 09:42:02 -07002314 }
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002315
2316 while (len > 0) {
Mat Martineau94122bb2012-05-02 09:42:02 -07002317 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002318
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002319 if (IS_ERR(skb)) {
Mat Martineau94122bb2012-05-02 09:42:02 -07002320 __skb_queue_purge(seg_queue);
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002321 return PTR_ERR(skb);
2322 }
2323
Johan Hedberga4368ff2015-03-30 23:21:01 +03002324 bt_cb(skb)->l2cap.sar = sar;
Mat Martineau94122bb2012-05-02 09:42:02 -07002325 __skb_queue_tail(seg_queue, skb);
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002326
Mat Martineau94122bb2012-05-02 09:42:02 -07002327 len -= pdu_len;
Lukasz Rymanowski069cb272014-08-13 16:01:41 +02002328 if (sdu_len)
Mat Martineau94122bb2012-05-02 09:42:02 -07002329 sdu_len = 0;
Mat Martineau94122bb2012-05-02 09:42:02 -07002330
2331 if (len <= pdu_len) {
2332 sar = L2CAP_SAR_END;
2333 pdu_len = len;
2334 } else {
2335 sar = L2CAP_SAR_CONTINUE;
2336 }
2337 }
2338
Gustavo Padovanf0f62792012-05-29 13:29:17 -03002339 return 0;
Gustavo F. Padovanc74e5602009-08-20 22:25:58 -03002340}
2341
Johan Hedberg177f8f22013-05-31 17:54:51 +03002342static struct sk_buff *l2cap_create_le_flowctl_pdu(struct l2cap_chan *chan,
2343 struct msghdr *msg,
2344 size_t len, u16 sdulen)
2345{
2346 struct l2cap_conn *conn = chan->conn;
2347 struct sk_buff *skb;
2348 int err, count, hlen;
2349 struct l2cap_hdr *lh;
2350
2351 BT_DBG("chan %p len %zu", chan, len);
2352
2353 if (!conn)
2354 return ERR_PTR(-ENOTCONN);
2355
2356 hlen = L2CAP_HDR_SIZE;
2357
2358 if (sdulen)
2359 hlen += L2CAP_SDULEN_SIZE;
2360
2361 count = min_t(unsigned int, (conn->mtu - hlen), len);
2362
Marcel Holtmannd9fbd022014-06-08 11:22:28 +02002363 skb = chan->ops->alloc_skb(chan, hlen, count,
Johan Hedberg177f8f22013-05-31 17:54:51 +03002364 msg->msg_flags & MSG_DONTWAIT);
2365 if (IS_ERR(skb))
2366 return skb;
2367
2368 /* Create L2CAP header */
2369 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2370 lh->cid = cpu_to_le16(chan->dcid);
2371 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
2372
2373 if (sdulen)
2374 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
2375
2376 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2377 if (unlikely(err < 0)) {
2378 kfree_skb(skb);
2379 return ERR_PTR(err);
2380 }
2381
2382 return skb;
2383}
2384
2385static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
2386 struct sk_buff_head *seg_queue,
2387 struct msghdr *msg, size_t len)
2388{
2389 struct sk_buff *skb;
2390 size_t pdu_len;
2391 u16 sdu_len;
2392
2393 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2394
Johan Hedberg177f8f22013-05-31 17:54:51 +03002395 sdu_len = len;
Johan Hedberg72c6fb92014-08-15 21:06:51 +03002396 pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
Johan Hedberg177f8f22013-05-31 17:54:51 +03002397
2398 while (len > 0) {
2399 if (len <= pdu_len)
2400 pdu_len = len;
2401
2402 skb = l2cap_create_le_flowctl_pdu(chan, msg, pdu_len, sdu_len);
2403 if (IS_ERR(skb)) {
2404 __skb_queue_purge(seg_queue);
2405 return PTR_ERR(skb);
2406 }
2407
2408 __skb_queue_tail(seg_queue, skb);
2409
2410 len -= pdu_len;
2411
2412 if (sdu_len) {
2413 sdu_len = 0;
2414 pdu_len += L2CAP_SDULEN_SIZE;
2415 }
2416 }
2417
2418 return 0;
2419}
2420
Marcel Holtmann8d463212014-06-05 15:22:51 +02002421int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002422{
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002423 struct sk_buff *skb;
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002424 int err;
Mat Martineau94122bb2012-05-02 09:42:02 -07002425 struct sk_buff_head seg_queue;
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002426
Seung-Woo Kim31e8ce82013-11-05 18:46:33 +09002427 if (!chan->conn)
2428 return -ENOTCONN;
2429
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002430 /* Connectionless channel */
Gustavo F. Padovan715ec002011-05-02 17:13:55 -03002431 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
Marcel Holtmann8d463212014-06-05 15:22:51 +02002432 skb = l2cap_create_connless_pdu(chan, msg, len);
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002433 if (IS_ERR(skb))
2434 return PTR_ERR(skb);
2435
Andrzej Kaczmarekede81a22014-02-25 17:16:22 +01002436 /* Channel lock is released before requesting new skb and then
2437 * reacquired thus we need to recheck channel state.
2438 */
2439 if (chan->state != BT_CONNECTED) {
2440 kfree_skb(skb);
2441 return -ENOTCONN;
2442 }
2443
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002444 l2cap_do_send(chan, skb);
2445 return len;
2446 }
2447
2448 switch (chan->mode) {
Johan Hedberg38319712013-05-17 12:49:23 +03002449 case L2CAP_MODE_LE_FLOWCTL:
Johan Hedberg177f8f22013-05-31 17:54:51 +03002450 /* Check outgoing MTU */
2451 if (len > chan->omtu)
2452 return -EMSGSIZE;
2453
Johan Hedbergfad5fc892013-12-05 09:45:01 +02002454 if (!chan->tx_credits)
2455 return -EAGAIN;
2456
Johan Hedberg177f8f22013-05-31 17:54:51 +03002457 __skb_queue_head_init(&seg_queue);
2458
2459 err = l2cap_segment_le_sdu(chan, &seg_queue, msg, len);
2460
2461 if (chan->state != BT_CONNECTED) {
2462 __skb_queue_purge(&seg_queue);
2463 err = -ENOTCONN;
2464 }
2465
2466 if (err)
2467 return err;
2468
2469 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q);
2470
2471 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
2472 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
2473 chan->tx_credits--;
2474 }
2475
2476 if (!chan->tx_credits)
2477 chan->ops->suspend(chan);
2478
2479 err = len;
2480
2481 break;
2482
Johan Hedbergfad5fc892013-12-05 09:45:01 +02002483 case L2CAP_MODE_BASIC:
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002484 /* Check outgoing MTU */
2485 if (len > chan->omtu)
2486 return -EMSGSIZE;
2487
2488 /* Create a basic PDU */
Marcel Holtmann8d463212014-06-05 15:22:51 +02002489 skb = l2cap_create_basic_pdu(chan, msg, len);
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002490 if (IS_ERR(skb))
2491 return PTR_ERR(skb);
2492
Andrzej Kaczmarekede81a22014-02-25 17:16:22 +01002493 /* Channel lock is released before requesting new skb and then
2494 * reacquired thus we need to recheck channel state.
2495 */
2496 if (chan->state != BT_CONNECTED) {
2497 kfree_skb(skb);
2498 return -ENOTCONN;
2499 }
2500
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002501 l2cap_do_send(chan, skb);
2502 err = len;
2503 break;
2504
2505 case L2CAP_MODE_ERTM:
2506 case L2CAP_MODE_STREAMING:
Mat Martineau94122bb2012-05-02 09:42:02 -07002507 /* Check outgoing MTU */
2508 if (len > chan->omtu) {
2509 err = -EMSGSIZE;
2510 break;
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002511 }
2512
Mat Martineau94122bb2012-05-02 09:42:02 -07002513 __skb_queue_head_init(&seg_queue);
2514
2515 /* Do segmentation before calling in to the state machine,
2516 * since it's possible to block while waiting for memory
2517 * allocation.
2518 */
2519 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
2520
2521 /* The channel could have been closed while segmenting,
2522 * check that it is still connected.
2523 */
2524 if (chan->state != BT_CONNECTED) {
2525 __skb_queue_purge(&seg_queue);
2526 err = -ENOTCONN;
2527 }
2528
2529 if (err)
2530 break;
2531
Mat Martineau37339372012-05-17 20:53:33 -07002532 if (chan->mode == L2CAP_MODE_ERTM)
Gustavo Padovand6603662012-05-21 13:58:22 -03002533 l2cap_tx(chan, NULL, &seg_queue, L2CAP_EV_DATA_REQUEST);
Mat Martineau37339372012-05-17 20:53:33 -07002534 else
Gustavo Padovand6603662012-05-21 13:58:22 -03002535 l2cap_streaming_send(chan, &seg_queue);
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002536
Gustavo Padovand6603662012-05-21 13:58:22 -03002537 err = len;
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002538
Mat Martineau94122bb2012-05-02 09:42:02 -07002539 /* If the skbs were not queued for sending, they'll still be in
2540 * seg_queue and need to be purged.
2541 */
2542 __skb_queue_purge(&seg_queue);
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002543 break;
2544
2545 default:
2546 BT_DBG("bad state %1.1x", chan->mode);
2547 err = -EBADFD;
2548 }
2549
2550 return err;
2551}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +03002552EXPORT_SYMBOL_GPL(l2cap_chan_send);
Gustavo F. Padovan9a91a042011-04-28 18:50:17 -03002553
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002554static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2555{
Mat Martineaubed68bd2012-05-17 20:53:44 -07002556 struct l2cap_ctrl control;
2557 u16 seq;
2558
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002559 BT_DBG("chan %p, txseq %u", chan, txseq);
Mat Martineaubed68bd2012-05-17 20:53:44 -07002560
2561 memset(&control, 0, sizeof(control));
2562 control.sframe = 1;
2563 control.super = L2CAP_SUPER_SREJ;
2564
2565 for (seq = chan->expected_tx_seq; seq != txseq;
2566 seq = __next_seq(chan, seq)) {
2567 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) {
2568 control.reqseq = seq;
2569 l2cap_send_sframe(chan, &control);
2570 l2cap_seq_list_append(&chan->srej_list, seq);
2571 }
2572 }
2573
2574 chan->expected_tx_seq = __next_seq(chan, txseq);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002575}
2576
2577static void l2cap_send_srej_tail(struct l2cap_chan *chan)
2578{
Mat Martineaubed68bd2012-05-17 20:53:44 -07002579 struct l2cap_ctrl control;
2580
2581 BT_DBG("chan %p", chan);
2582
2583 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR)
2584 return;
2585
2586 memset(&control, 0, sizeof(control));
2587 control.sframe = 1;
2588 control.super = L2CAP_SUPER_SREJ;
2589 control.reqseq = chan->srej_list.tail;
2590 l2cap_send_sframe(chan, &control);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002591}
2592
2593static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2594{
Mat Martineaubed68bd2012-05-17 20:53:44 -07002595 struct l2cap_ctrl control;
2596 u16 initial_head;
2597 u16 seq;
2598
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002599 BT_DBG("chan %p, txseq %u", chan, txseq);
Mat Martineaubed68bd2012-05-17 20:53:44 -07002600
2601 memset(&control, 0, sizeof(control));
2602 control.sframe = 1;
2603 control.super = L2CAP_SUPER_SREJ;
2604
2605 /* Capture initial list head to allow only one pass through the list. */
2606 initial_head = chan->srej_list.head;
2607
2608 do {
2609 seq = l2cap_seq_list_pop(&chan->srej_list);
2610 if (seq == txseq || seq == L2CAP_SEQ_LIST_CLEAR)
2611 break;
2612
2613 control.reqseq = seq;
2614 l2cap_send_sframe(chan, &control);
2615 l2cap_seq_list_append(&chan->srej_list, seq);
2616 } while (chan->srej_list.head != initial_head);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07002617}
2618
Mat Martineau608bcc62012-05-17 20:53:32 -07002619static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2620{
2621 struct sk_buff *acked_skb;
2622 u16 ackseq;
2623
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002624 BT_DBG("chan %p, reqseq %u", chan, reqseq);
Mat Martineau608bcc62012-05-17 20:53:32 -07002625
2626 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2627 return;
2628
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002629 BT_DBG("expected_ack_seq %u, unacked_frames %u",
Mat Martineau608bcc62012-05-17 20:53:32 -07002630 chan->expected_ack_seq, chan->unacked_frames);
2631
2632 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2633 ackseq = __next_seq(chan, ackseq)) {
2634
2635 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2636 if (acked_skb) {
2637 skb_unlink(acked_skb, &chan->tx_q);
2638 kfree_skb(acked_skb);
2639 chan->unacked_frames--;
2640 }
2641 }
2642
2643 chan->expected_ack_seq = reqseq;
2644
2645 if (chan->unacked_frames == 0)
2646 __clear_retrans_timer(chan);
2647
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002648 BT_DBG("unacked_frames %u", chan->unacked_frames);
Mat Martineau608bcc62012-05-17 20:53:32 -07002649}
2650
2651static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2652{
2653 BT_DBG("chan %p", chan);
2654
2655 chan->expected_tx_seq = chan->buffer_seq;
2656 l2cap_seq_list_clear(&chan->srej_list);
2657 skb_queue_purge(&chan->srej_q);
2658 chan->rx_state = L2CAP_RX_STATE_RECV;
2659}
2660
Gustavo Padovand6603662012-05-21 13:58:22 -03002661static void l2cap_tx_state_xmit(struct l2cap_chan *chan,
2662 struct l2cap_ctrl *control,
2663 struct sk_buff_head *skbs, u8 event)
Mat Martineau608bcc62012-05-17 20:53:32 -07002664{
Mat Martineau608bcc62012-05-17 20:53:32 -07002665 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2666 event);
2667
2668 switch (event) {
2669 case L2CAP_EV_DATA_REQUEST:
2670 if (chan->tx_send_head == NULL)
2671 chan->tx_send_head = skb_peek(skbs);
2672
2673 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2674 l2cap_ertm_send(chan);
2675 break;
2676 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2677 BT_DBG("Enter LOCAL_BUSY");
2678 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2679
2680 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2681 /* The SREJ_SENT state must be aborted if we are to
2682 * enter the LOCAL_BUSY state.
2683 */
2684 l2cap_abort_rx_srej_sent(chan);
2685 }
2686
2687 l2cap_send_ack(chan);
2688
2689 break;
2690 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2691 BT_DBG("Exit LOCAL_BUSY");
2692 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2693
2694 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2695 struct l2cap_ctrl local_control;
2696
2697 memset(&local_control, 0, sizeof(local_control));
2698 local_control.sframe = 1;
2699 local_control.super = L2CAP_SUPER_RR;
2700 local_control.poll = 1;
2701 local_control.reqseq = chan->buffer_seq;
Mat Martineaua67d7f62012-05-17 20:53:35 -07002702 l2cap_send_sframe(chan, &local_control);
Mat Martineau608bcc62012-05-17 20:53:32 -07002703
2704 chan->retry_count = 1;
2705 __set_monitor_timer(chan);
2706 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2707 }
2708 break;
2709 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2710 l2cap_process_reqseq(chan, control->reqseq);
2711 break;
2712 case L2CAP_EV_EXPLICIT_POLL:
2713 l2cap_send_rr_or_rnr(chan, 1);
2714 chan->retry_count = 1;
2715 __set_monitor_timer(chan);
2716 __clear_ack_timer(chan);
2717 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2718 break;
2719 case L2CAP_EV_RETRANS_TO:
2720 l2cap_send_rr_or_rnr(chan, 1);
2721 chan->retry_count = 1;
2722 __set_monitor_timer(chan);
2723 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2724 break;
2725 case L2CAP_EV_RECV_FBIT:
2726 /* Nothing to process */
2727 break;
2728 default:
2729 break;
2730 }
Mat Martineau608bcc62012-05-17 20:53:32 -07002731}
2732
Gustavo Padovand6603662012-05-21 13:58:22 -03002733static void l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2734 struct l2cap_ctrl *control,
2735 struct sk_buff_head *skbs, u8 event)
Mat Martineau608bcc62012-05-17 20:53:32 -07002736{
Mat Martineau608bcc62012-05-17 20:53:32 -07002737 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2738 event);
2739
2740 switch (event) {
2741 case L2CAP_EV_DATA_REQUEST:
2742 if (chan->tx_send_head == NULL)
2743 chan->tx_send_head = skb_peek(skbs);
2744 /* Queue data, but don't send. */
2745 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2746 break;
2747 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2748 BT_DBG("Enter LOCAL_BUSY");
2749 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2750
2751 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2752 /* The SREJ_SENT state must be aborted if we are to
2753 * enter the LOCAL_BUSY state.
2754 */
2755 l2cap_abort_rx_srej_sent(chan);
2756 }
2757
2758 l2cap_send_ack(chan);
2759
2760 break;
2761 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2762 BT_DBG("Exit LOCAL_BUSY");
2763 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2764
2765 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2766 struct l2cap_ctrl local_control;
2767 memset(&local_control, 0, sizeof(local_control));
2768 local_control.sframe = 1;
2769 local_control.super = L2CAP_SUPER_RR;
2770 local_control.poll = 1;
2771 local_control.reqseq = chan->buffer_seq;
Mat Martineaua67d7f62012-05-17 20:53:35 -07002772 l2cap_send_sframe(chan, &local_control);
Mat Martineau608bcc62012-05-17 20:53:32 -07002773
2774 chan->retry_count = 1;
2775 __set_monitor_timer(chan);
2776 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2777 }
2778 break;
2779 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2780 l2cap_process_reqseq(chan, control->reqseq);
2781
2782 /* Fall through */
2783
2784 case L2CAP_EV_RECV_FBIT:
2785 if (control && control->final) {
2786 __clear_monitor_timer(chan);
2787 if (chan->unacked_frames > 0)
2788 __set_retrans_timer(chan);
2789 chan->retry_count = 0;
2790 chan->tx_state = L2CAP_TX_STATE_XMIT;
2791 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2792 }
2793 break;
2794 case L2CAP_EV_EXPLICIT_POLL:
2795 /* Ignore */
2796 break;
2797 case L2CAP_EV_MONITOR_TO:
2798 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2799 l2cap_send_rr_or_rnr(chan, 1);
2800 __set_monitor_timer(chan);
2801 chan->retry_count++;
2802 } else {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02002803 l2cap_send_disconn_req(chan, ECONNABORTED);
Mat Martineau608bcc62012-05-17 20:53:32 -07002804 }
2805 break;
2806 default:
2807 break;
2808 }
Mat Martineau608bcc62012-05-17 20:53:32 -07002809}
2810
Gustavo Padovand6603662012-05-21 13:58:22 -03002811static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2812 struct sk_buff_head *skbs, u8 event)
Mat Martineau608bcc62012-05-17 20:53:32 -07002813{
Mat Martineau608bcc62012-05-17 20:53:32 -07002814 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2815 chan, control, skbs, event, chan->tx_state);
2816
2817 switch (chan->tx_state) {
2818 case L2CAP_TX_STATE_XMIT:
Gustavo Padovand6603662012-05-21 13:58:22 -03002819 l2cap_tx_state_xmit(chan, control, skbs, event);
Mat Martineau608bcc62012-05-17 20:53:32 -07002820 break;
2821 case L2CAP_TX_STATE_WAIT_F:
Gustavo Padovand6603662012-05-21 13:58:22 -03002822 l2cap_tx_state_wait_f(chan, control, skbs, event);
Mat Martineau608bcc62012-05-17 20:53:32 -07002823 break;
2824 default:
2825 /* Ignore event */
2826 break;
2827 }
Mat Martineau608bcc62012-05-17 20:53:32 -07002828}
2829
Mat Martineau4b51dae92012-05-17 20:53:37 -07002830static void l2cap_pass_to_tx(struct l2cap_chan *chan,
2831 struct l2cap_ctrl *control)
2832{
2833 BT_DBG("chan %p, control %p", chan, control);
Andrei Emeltchenko401bb1f2012-05-21 15:47:46 +03002834 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_REQSEQ_AND_FBIT);
Mat Martineau4b51dae92012-05-17 20:53:37 -07002835}
2836
Mat Martineauf80842a2012-05-17 20:53:46 -07002837static void l2cap_pass_to_tx_fbit(struct l2cap_chan *chan,
2838 struct l2cap_ctrl *control)
2839{
2840 BT_DBG("chan %p, control %p", chan, control);
Andrei Emeltchenko401bb1f2012-05-21 15:47:46 +03002841 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_FBIT);
Mat Martineauf80842a2012-05-17 20:53:46 -07002842}
2843
Linus Torvalds1da177e2005-04-16 15:20:36 -07002844/* Copy frame to all raw sockets on that connection */
2845static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2846{
Linus Torvalds1da177e2005-04-16 15:20:36 -07002847 struct sk_buff *nskb;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03002848 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002849
2850 BT_DBG("conn %p", conn);
2851
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02002852 mutex_lock(&conn->chan_lock);
Gustavo F. Padovan3d57dc62011-12-17 10:56:45 -02002853
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02002854 list_for_each_entry(chan, &conn->chan_l, list) {
Gustavo F. Padovan715ec002011-05-02 17:13:55 -03002855 if (chan->chan_type != L2CAP_CHAN_RAW)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002856 continue;
2857
Gustavo Padovan7f5396a2013-10-21 18:22:25 -02002858 /* Don't send frame to the channel it came from */
Johan Hedberga4368ff2015-03-30 23:21:01 +03002859 if (bt_cb(skb)->l2cap.chan == chan)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002860 continue;
Gustavo Padovan7f5396a2013-10-21 18:22:25 -02002861
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03002862 nskb = skb_clone(skb, GFP_KERNEL);
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002863 if (!nskb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002864 continue;
Gustavo Padovan80b98022012-05-27 22:27:51 -03002865 if (chan->ops->recv(chan, nskb))
Linus Torvalds1da177e2005-04-16 15:20:36 -07002866 kfree_skb(nskb);
2867 }
Gustavo F. Padovan3d57dc62011-12-17 10:56:45 -02002868
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02002869 mutex_unlock(&conn->chan_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002870}
2871
2872/* ---- L2CAP signalling commands ---- */
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002873static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2874 u8 ident, u16 dlen, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002875{
2876 struct sk_buff *skb, **frag;
2877 struct l2cap_cmd_hdr *cmd;
2878 struct l2cap_hdr *lh;
2879 int len, count;
2880
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002881 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %u",
2882 conn, code, ident, dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002883
Anderson Lizardo300b9622013-06-02 16:30:40 -04002884 if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE)
2885 return NULL;
2886
Linus Torvalds1da177e2005-04-16 15:20:36 -07002887 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2888 count = min_t(unsigned int, conn->mtu, len);
2889
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03002890 skb = bt_skb_alloc(count, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002891 if (!skb)
2892 return NULL;
2893
2894 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002895 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02002896
2897 if (conn->hcon->type == LE_LINK)
Joe Perchesdcf4adb2014-03-12 10:52:35 -07002898 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02002899 else
Joe Perchesdcf4adb2014-03-12 10:52:35 -07002900 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002901
2902 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2903 cmd->code = code;
2904 cmd->ident = ident;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002905 cmd->len = cpu_to_le16(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002906
2907 if (dlen) {
2908 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2909 memcpy(skb_put(skb, count), data, count);
2910 data += count;
2911 }
2912
2913 len -= skb->len;
2914
2915 /* Continuation fragments (no L2CAP header) */
2916 frag = &skb_shinfo(skb)->frag_list;
2917 while (len) {
2918 count = min_t(unsigned int, conn->mtu, len);
2919
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03002920 *frag = bt_skb_alloc(count, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002921 if (!*frag)
2922 goto fail;
2923
2924 memcpy(skb_put(*frag, count), data, count);
2925
2926 len -= count;
2927 data += count;
2928
2929 frag = &(*frag)->next;
2930 }
2931
2932 return skb;
2933
2934fail:
2935 kfree_skb(skb);
2936 return NULL;
2937}
2938
Gustavo Padovan2d792812012-10-06 10:07:01 +01002939static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen,
2940 unsigned long *val)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002941{
2942 struct l2cap_conf_opt *opt = *ptr;
2943 int len;
2944
2945 len = L2CAP_CONF_OPT_SIZE + opt->len;
2946 *ptr += len;
2947
2948 *type = opt->type;
2949 *olen = opt->len;
2950
2951 switch (opt->len) {
2952 case 1:
2953 *val = *((u8 *) opt->val);
2954 break;
2955
2956 case 2:
steven miaobfaaeb32010-10-16 18:29:47 -04002957 *val = get_unaligned_le16(opt->val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002958 break;
2959
2960 case 4:
steven miaobfaaeb32010-10-16 18:29:47 -04002961 *val = get_unaligned_le32(opt->val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002962 break;
2963
2964 default:
2965 *val = (unsigned long) opt->val;
2966 break;
2967 }
2968
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002969 BT_DBG("type 0x%2.2x len %u val 0x%lx", *type, opt->len, *val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002970 return len;
2971}
2972
Linus Torvalds1da177e2005-04-16 15:20:36 -07002973static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2974{
2975 struct l2cap_conf_opt *opt = *ptr;
2976
Andrei Emeltchenkob4400672012-07-10 15:27:49 +03002977 BT_DBG("type 0x%2.2x len %u val 0x%lx", type, len, val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002978
2979 opt->type = type;
2980 opt->len = len;
2981
2982 switch (len) {
2983 case 1:
2984 *((u8 *) opt->val) = val;
2985 break;
2986
2987 case 2:
Gustavo F. Padovan4f8b6912010-10-18 14:25:53 -02002988 put_unaligned_le16(val, opt->val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002989 break;
2990
2991 case 4:
Gustavo F. Padovan4f8b6912010-10-18 14:25:53 -02002992 put_unaligned_le32(val, opt->val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002993 break;
2994
2995 default:
2996 memcpy(opt->val, (void *) val, len);
2997 break;
2998 }
2999
3000 *ptr += L2CAP_CONF_OPT_SIZE + len;
3001}
3002
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003003static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
3004{
3005 struct l2cap_conf_efs efs;
3006
Szymon Janc1ec918c2011-11-16 09:32:21 +01003007 switch (chan->mode) {
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003008 case L2CAP_MODE_ERTM:
3009 efs.id = chan->local_id;
3010 efs.stype = chan->local_stype;
3011 efs.msdu = cpu_to_le16(chan->local_msdu);
3012 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003013 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
3014 efs.flush_to = cpu_to_le32(L2CAP_EFS_DEFAULT_FLUSH_TO);
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003015 break;
3016
3017 case L2CAP_MODE_STREAMING:
3018 efs.id = 1;
3019 efs.stype = L2CAP_SERV_BESTEFFORT;
3020 efs.msdu = cpu_to_le16(chan->local_msdu);
3021 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
3022 efs.acc_lat = 0;
3023 efs.flush_to = 0;
3024 break;
3025
3026 default:
3027 return;
3028 }
3029
3030 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
Andrei Emeltchenko8936fa62012-10-08 11:14:41 +03003031 (unsigned long) &efs);
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003032}
3033
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03003034static void l2cap_ack_timeout(struct work_struct *work)
Gustavo F. Padovanc1b4f432010-05-01 16:15:39 -03003035{
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03003036 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
Mat Martineau03625202012-05-17 20:53:51 -07003037 ack_timer.work);
3038 u16 frames_to_ack;
Gustavo F. Padovanc1b4f432010-05-01 16:15:39 -03003039
Gustavo F. Padovan2fb9b3d2011-12-22 16:56:05 -02003040 BT_DBG("chan %p", chan);
3041
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02003042 l2cap_chan_lock(chan);
3043
Mat Martineau03625202012-05-17 20:53:51 -07003044 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
3045 chan->last_acked_seq);
3046
3047 if (frames_to_ack)
3048 l2cap_send_rr_or_rnr(chan, 0);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02003049
3050 l2cap_chan_unlock(chan);
Szymon Janc09bfb2e2012-01-11 10:59:49 +01003051 l2cap_chan_put(chan);
Gustavo F. Padovanc1b4f432010-05-01 16:15:39 -03003052}
3053
Andrei Emeltchenko466f8002012-05-29 13:59:01 +03003054int l2cap_ertm_init(struct l2cap_chan *chan)
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03003055{
Mat Martineau3c588192012-04-11 10:48:42 -07003056 int err;
3057
Mat Martineau105bdf92012-04-27 16:50:48 -07003058 chan->next_tx_seq = 0;
3059 chan->expected_tx_seq = 0;
Gustavo F. Padovan42e5c802011-03-25 19:58:34 -03003060 chan->expected_ack_seq = 0;
Gustavo F. Padovan6a026612011-04-01 00:38:50 -03003061 chan->unacked_frames = 0;
Gustavo F. Padovan42e5c802011-03-25 19:58:34 -03003062 chan->buffer_seq = 0;
Gustavo F. Padovan6a026612011-04-01 00:38:50 -03003063 chan->frames_sent = 0;
Mat Martineau105bdf92012-04-27 16:50:48 -07003064 chan->last_acked_seq = 0;
3065 chan->sdu = NULL;
3066 chan->sdu_last_frag = NULL;
3067 chan->sdu_len = 0;
3068
Mat Martineaud34c34f2012-05-14 14:49:27 -07003069 skb_queue_head_init(&chan->tx_q);
3070
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07003071 chan->local_amp_id = AMP_ID_BREDR;
3072 chan->move_id = AMP_ID_BREDR;
Mat Martineau08333282012-10-23 15:24:06 -07003073 chan->move_state = L2CAP_MOVE_STABLE;
3074 chan->move_role = L2CAP_MOVE_ROLE_NONE;
3075
Mat Martineau105bdf92012-04-27 16:50:48 -07003076 if (chan->mode != L2CAP_MODE_ERTM)
3077 return 0;
3078
3079 chan->rx_state = L2CAP_RX_STATE_RECV;
3080 chan->tx_state = L2CAP_TX_STATE_XMIT;
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03003081
Gustavo F. Padovan721c4182011-06-23 19:29:58 -03003082 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
3083 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
3084 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03003085
Gustavo F. Padovanf1c67752011-03-25 20:36:10 -03003086 skb_queue_head_init(&chan->srej_q);
Gustavo F. Padovan1890d362010-05-01 16:15:44 -03003087
Mat Martineau3c588192012-04-11 10:48:42 -07003088 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
3089 if (err < 0)
3090 return err;
3091
Mat Martineau9dc9aff2012-05-17 16:20:14 -07003092 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
3093 if (err < 0)
3094 l2cap_seq_list_free(&chan->srej_list);
3095
3096 return err;
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03003097}
3098
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003099static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
3100{
3101 switch (mode) {
3102 case L2CAP_MODE_STREAMING:
3103 case L2CAP_MODE_ERTM:
3104 if (l2cap_mode_supported(mode, remote_feat_mask))
3105 return mode;
3106 /* fall through */
3107 default:
3108 return L2CAP_MODE_BASIC;
3109 }
3110}
3111
Marcel Holtmann848566b2013-10-01 22:59:22 -07003112static inline bool __l2cap_ews_supported(struct l2cap_conn *conn)
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003113{
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02003114 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
3115 (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW));
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003116}
3117
Marcel Holtmann848566b2013-10-01 22:59:22 -07003118static inline bool __l2cap_efs_supported(struct l2cap_conn *conn)
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003119{
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02003120 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
3121 (conn->feat_mask & L2CAP_FEAT_EXT_FLOW));
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003122}
3123
Mat Martineau36c86c82012-10-23 15:24:20 -07003124static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
3125 struct l2cap_conf_rfc *rfc)
3126{
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07003127 if (chan->local_amp_id != AMP_ID_BREDR && chan->hs_hcon) {
Mat Martineau36c86c82012-10-23 15:24:20 -07003128 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to;
3129
3130 /* Class 1 devices have must have ERTM timeouts
3131 * exceeding the Link Supervision Timeout. The
3132 * default Link Supervision Timeout for AMP
3133 * controllers is 10 seconds.
3134 *
3135 * Class 1 devices use 0xffffffff for their
3136 * best-effort flush timeout, so the clamping logic
3137 * will result in a timeout that meets the above
3138 * requirement. ERTM timeouts are 16-bit values, so
3139 * the maximum timeout is 65.535 seconds.
3140 */
3141
3142 /* Convert timeout to milliseconds and round */
3143 ertm_to = DIV_ROUND_UP_ULL(ertm_to, 1000);
3144
3145 /* This is the recommended formula for class 2 devices
3146 * that start ERTM timers when packets are sent to the
3147 * controller.
3148 */
3149 ertm_to = 3 * ertm_to + 500;
3150
3151 if (ertm_to > 0xffff)
3152 ertm_to = 0xffff;
3153
3154 rfc->retrans_timeout = cpu_to_le16((u16) ertm_to);
3155 rfc->monitor_timeout = rfc->retrans_timeout;
3156 } else {
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003157 rfc->retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3158 rfc->monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
Mat Martineau36c86c82012-10-23 15:24:20 -07003159 }
3160}
3161
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003162static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
3163{
3164 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
Marcel Holtmann848566b2013-10-01 22:59:22 -07003165 __l2cap_ews_supported(chan->conn)) {
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003166 /* use extended control field */
3167 set_bit(FLAG_EXT_CTRL, &chan->flags);
Andrei Emeltchenko836be932011-10-17 12:19:57 +03003168 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
3169 } else {
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003170 chan->tx_win = min_t(u16, chan->tx_win,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003171 L2CAP_DEFAULT_TX_WINDOW);
Andrei Emeltchenko836be932011-10-17 12:19:57 +03003172 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
3173 }
Mat Martineauc20f8e32012-07-10 05:47:07 -07003174 chan->ack_win = chan->tx_win;
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003175}
3176
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003177static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003178{
Linus Torvalds1da177e2005-04-16 15:20:36 -07003179 struct l2cap_conf_req *req = data;
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003180 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
Linus Torvalds1da177e2005-04-16 15:20:36 -07003181 void *ptr = req->data;
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003182 u16 size;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003183
Gustavo F. Padovan49208c92011-04-04 15:59:54 -03003184 BT_DBG("chan %p", chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003185
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003186 if (chan->num_conf_req || chan->num_conf_rsp)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003187 goto done;
3188
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003189 switch (chan->mode) {
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003190 case L2CAP_MODE_STREAMING:
3191 case L2CAP_MODE_ERTM:
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003192 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
Gustavo F. Padovan85eb53c2010-06-03 18:43:28 -03003193 break;
Gustavo F. Padovan85eb53c2010-06-03 18:43:28 -03003194
Marcel Holtmann848566b2013-10-01 22:59:22 -07003195 if (__l2cap_efs_supported(chan->conn))
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003196 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3197
Gustavo F. Padovan2ba13ed2010-06-09 16:39:05 -03003198 /* fall through */
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003199 default:
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03003200 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003201 break;
3202 }
3203
3204done:
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003205 if (chan->imtu != L2CAP_DEFAULT_MTU)
3206 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
Gustavo F. Padovan7990681c2011-01-24 16:01:43 -02003207
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003208 switch (chan->mode) {
Marcel Holtmann65c7c492009-05-02 23:07:53 -07003209 case L2CAP_MODE_BASIC:
Marcel Holtmann6fea7ad2014-07-09 11:53:35 +02003210 if (disable_ertm)
3211 break;
3212
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03003213 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003214 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003215 break;
3216
Gustavo F. Padovan62547752010-06-08 20:05:31 -03003217 rfc.mode = L2CAP_MODE_BASIC;
3218 rfc.txwin_size = 0;
3219 rfc.max_transmit = 0;
3220 rfc.retrans_timeout = 0;
3221 rfc.monitor_timeout = 0;
3222 rfc.max_pdu_size = 0;
3223
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003224 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
Gustavo Padovan2d792812012-10-06 10:07:01 +01003225 (unsigned long) &rfc);
Marcel Holtmann65c7c492009-05-02 23:07:53 -07003226 break;
3227
3228 case L2CAP_MODE_ERTM:
3229 rfc.mode = L2CAP_MODE_ERTM;
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003230 rfc.max_transmit = chan->max_tx;
Mat Martineau36c86c82012-10-23 15:24:20 -07003231
3232 __l2cap_set_ertm_timeouts(chan, &rfc);
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003233
3234 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
Gustavo Padovan2d792812012-10-06 10:07:01 +01003235 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
3236 L2CAP_FCS_SIZE);
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003237 rfc.max_pdu_size = cpu_to_le16(size);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003238
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003239 l2cap_txwin_setup(chan);
3240
3241 rfc.txwin_size = min_t(u16, chan->tx_win,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003242 L2CAP_DEFAULT_TX_WINDOW);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003243
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003244 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
Gustavo Padovan2d792812012-10-06 10:07:01 +01003245 (unsigned long) &rfc);
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003246
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003247 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3248 l2cap_add_opt_efs(&ptr, chan);
3249
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003250 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3251 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003252 chan->tx_win);
Andrei Emeltchenko60918912012-11-29 17:46:06 +02003253
3254 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3255 if (chan->fcs == L2CAP_FCS_NONE ||
Andrei Emeltchenkof2592d32012-11-29 17:46:08 +02003256 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
Andrei Emeltchenko60918912012-11-29 17:46:06 +02003257 chan->fcs = L2CAP_FCS_NONE;
3258 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
3259 chan->fcs);
3260 }
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003261 break;
3262
3263 case L2CAP_MODE_STREAMING:
Mat Martineau273759e2012-05-17 20:53:53 -07003264 l2cap_txwin_setup(chan);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003265 rfc.mode = L2CAP_MODE_STREAMING;
3266 rfc.txwin_size = 0;
3267 rfc.max_transmit = 0;
3268 rfc.retrans_timeout = 0;
3269 rfc.monitor_timeout = 0;
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003270
3271 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
Gustavo Padovan2d792812012-10-06 10:07:01 +01003272 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
3273 L2CAP_FCS_SIZE);
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003274 rfc.max_pdu_size = cpu_to_le16(size);
Marcel Holtmann65c7c492009-05-02 23:07:53 -07003275
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003276 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
Gustavo Padovan2d792812012-10-06 10:07:01 +01003277 (unsigned long) &rfc);
Gustavo F. Padovan63406502010-08-03 23:49:29 -03003278
Andrei Emeltchenkof89cef02011-10-13 16:18:55 +03003279 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3280 l2cap_add_opt_efs(&ptr, chan);
3281
Andrei Emeltchenko60918912012-11-29 17:46:06 +02003282 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3283 if (chan->fcs == L2CAP_FCS_NONE ||
Andrei Emeltchenkof2592d32012-11-29 17:46:08 +02003284 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
Andrei Emeltchenko60918912012-11-29 17:46:06 +02003285 chan->fcs = L2CAP_FCS_NONE;
3286 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
3287 chan->fcs);
3288 }
Marcel Holtmann65c7c492009-05-02 23:07:53 -07003289 break;
3290 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07003291
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003292 req->dcid = cpu_to_le16(chan->dcid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003293 req->flags = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003294
3295 return ptr - data;
3296}
3297
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003298static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003299{
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003300 struct l2cap_conf_rsp *rsp = data;
3301 void *ptr = rsp->data;
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003302 void *req = chan->conf_req;
3303 int len = chan->conf_len;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003304 int type, hint, olen;
3305 unsigned long val;
Marcel Holtmann6464f352007-10-20 13:39:51 +02003306 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003307 struct l2cap_conf_efs efs;
3308 u8 remote_efs = 0;
Marcel Holtmann861d6882007-10-20 13:37:06 +02003309 u16 mtu = L2CAP_DEFAULT_MTU;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003310 u16 result = L2CAP_CONF_SUCCESS;
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003311 u16 size;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003312
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003313 BT_DBG("chan %p", chan);
Marcel Holtmann820ae1b2006-11-18 22:15:00 +01003314
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003315 while (len >= L2CAP_CONF_OPT_SIZE) {
3316 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003317
Gustavo F. Padovan589d2742009-04-20 01:31:07 -03003318 hint = type & L2CAP_CONF_HINT;
Marcel Holtmann47ec1dcd2009-05-02 18:57:55 -07003319 type &= L2CAP_CONF_MASK;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003320
3321 switch (type) {
3322 case L2CAP_CONF_MTU:
Marcel Holtmann861d6882007-10-20 13:37:06 +02003323 mtu = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003324 break;
3325
3326 case L2CAP_CONF_FLUSH_TO:
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003327 chan->flush_to = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003328 break;
3329
3330 case L2CAP_CONF_QOS:
3331 break;
3332
Marcel Holtmann6464f352007-10-20 13:39:51 +02003333 case L2CAP_CONF_RFC:
3334 if (olen == sizeof(rfc))
3335 memcpy(&rfc, (void *) val, olen);
3336 break;
3337
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03003338 case L2CAP_CONF_FCS:
3339 if (val == L2CAP_FCS_NONE)
Andrei Emeltchenkof2592d32012-11-29 17:46:08 +02003340 set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003341 break;
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03003342
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003343 case L2CAP_CONF_EFS:
3344 remote_efs = 1;
3345 if (olen == sizeof(efs))
3346 memcpy(&efs, (void *) val, olen);
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03003347 break;
3348
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003349 case L2CAP_CONF_EWS:
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02003350 if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP))
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003351 return -ECONNREFUSED;
3352
3353 set_bit(FLAG_EXT_CTRL, &chan->flags);
3354 set_bit(CONF_EWS_RECV, &chan->conf_state);
Andrei Emeltchenko836be932011-10-17 12:19:57 +03003355 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003356 chan->remote_tx_win = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003357 break;
3358
3359 default:
3360 if (hint)
3361 break;
3362
3363 result = L2CAP_CONF_UNKNOWN;
3364 *((u8 *) ptr++) = type;
3365 break;
3366 }
3367 }
3368
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003369 if (chan->num_conf_rsp || chan->num_conf_req > 1)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003370 goto done;
3371
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003372 switch (chan->mode) {
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003373 case L2CAP_MODE_STREAMING:
3374 case L2CAP_MODE_ERTM:
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003375 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003376 chan->mode = l2cap_select_mode(rfc.mode,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003377 chan->conn->feat_mask);
Gustavo F. Padovan85eb53c2010-06-03 18:43:28 -03003378 break;
3379 }
3380
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003381 if (remote_efs) {
Marcel Holtmann848566b2013-10-01 22:59:22 -07003382 if (__l2cap_efs_supported(chan->conn))
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003383 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3384 else
3385 return -ECONNREFUSED;
3386 }
3387
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003388 if (chan->mode != rfc.mode)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003389 return -ECONNREFUSED;
Gustavo F. Padovan742e5192010-06-08 19:09:48 -03003390
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003391 break;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003392 }
3393
3394done:
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003395 if (chan->mode != rfc.mode) {
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003396 result = L2CAP_CONF_UNACCEPT;
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003397 rfc.mode = chan->mode;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003398
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003399 if (chan->num_conf_rsp == 1)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003400 return -ECONNREFUSED;
3401
Gustavo Padovan2d792812012-10-06 10:07:01 +01003402 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3403 (unsigned long) &rfc);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003404 }
3405
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003406 if (result == L2CAP_CONF_SUCCESS) {
3407 /* Configure output options and let the other side know
3408 * which ones we don't like. */
3409
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003410 if (mtu < L2CAP_DEFAULT_MIN_MTU)
3411 result = L2CAP_CONF_UNACCEPT;
3412 else {
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003413 chan->omtu = mtu;
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003414 set_bit(CONF_MTU_DONE, &chan->conf_state);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003415 }
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003416 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003417
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003418 if (remote_efs) {
3419 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003420 efs.stype != L2CAP_SERV_NOTRAFIC &&
3421 efs.stype != chan->local_stype) {
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003422
3423 result = L2CAP_CONF_UNACCEPT;
3424
3425 if (chan->num_conf_req >= 1)
3426 return -ECONNREFUSED;
3427
3428 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003429 sizeof(efs),
3430 (unsigned long) &efs);
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03003431 } else {
Gustavo F. Padovan3e6b3b92011-11-01 14:06:23 -02003432 /* Send PENDING Conf Rsp */
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03003433 result = L2CAP_CONF_PENDING;
3434 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003435 }
3436 }
3437
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003438 switch (rfc.mode) {
3439 case L2CAP_MODE_BASIC:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003440 chan->fcs = L2CAP_FCS_NONE;
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003441 set_bit(CONF_MODE_DONE, &chan->conf_state);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003442 break;
3443
3444 case L2CAP_MODE_ERTM:
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003445 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
3446 chan->remote_tx_win = rfc.txwin_size;
3447 else
3448 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
3449
Gustavo F. Padovan2c03a7a2011-03-25 20:15:28 -03003450 chan->remote_max_tx = rfc.max_transmit;
Mat Martineau86b1b262010-08-05 15:54:22 -07003451
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003452 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
Gustavo Padovan2d792812012-10-06 10:07:01 +01003453 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3454 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003455 rfc.max_pdu_size = cpu_to_le16(size);
3456 chan->remote_mps = size;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003457
Mat Martineau36c86c82012-10-23 15:24:20 -07003458 __l2cap_set_ertm_timeouts(chan, &rfc);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003459
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003460 set_bit(CONF_MODE_DONE, &chan->conf_state);
Gustavo F. Padovan68ae6632009-10-17 21:41:01 -03003461
3462 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003463 sizeof(rfc), (unsigned long) &rfc);
Gustavo F. Padovan68ae6632009-10-17 21:41:01 -03003464
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003465 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3466 chan->remote_id = efs.id;
3467 chan->remote_stype = efs.stype;
3468 chan->remote_msdu = le16_to_cpu(efs.msdu);
3469 chan->remote_flush_to =
Gustavo Padovan2d792812012-10-06 10:07:01 +01003470 le32_to_cpu(efs.flush_to);
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003471 chan->remote_acc_lat =
Gustavo Padovan2d792812012-10-06 10:07:01 +01003472 le32_to_cpu(efs.acc_lat);
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003473 chan->remote_sdu_itime =
3474 le32_to_cpu(efs.sdu_itime);
3475 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003476 sizeof(efs),
3477 (unsigned long) &efs);
Andrei Emeltchenko42dceae2011-10-17 14:35:30 +03003478 }
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003479 break;
3480
3481 case L2CAP_MODE_STREAMING:
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003482 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
Gustavo Padovan2d792812012-10-06 10:07:01 +01003483 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3484 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
Andrei Emeltchenkoc8f79162011-10-17 12:19:59 +03003485 rfc.max_pdu_size = cpu_to_le16(size);
3486 chan->remote_mps = size;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003487
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003488 set_bit(CONF_MODE_DONE, &chan->conf_state);
Gustavo F. Padovan68ae6632009-10-17 21:41:01 -03003489
Gustavo Padovan2d792812012-10-06 10:07:01 +01003490 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3491 (unsigned long) &rfc);
Gustavo F. Padovan68ae6632009-10-17 21:41:01 -03003492
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003493 break;
3494
3495 default:
Marcel Holtmann6464f352007-10-20 13:39:51 +02003496 result = L2CAP_CONF_UNACCEPT;
3497
3498 memset(&rfc, 0, sizeof(rfc));
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003499 rfc.mode = chan->mode;
Marcel Holtmann6464f352007-10-20 13:39:51 +02003500 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003501
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003502 if (result == L2CAP_CONF_SUCCESS)
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003503 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003504 }
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003505 rsp->scid = cpu_to_le16(chan->dcid);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003506 rsp->result = cpu_to_le16(result);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003507 rsp->flags = cpu_to_le16(0);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003508
3509 return ptr - data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003510}
3511
Gustavo Padovan2d792812012-10-06 10:07:01 +01003512static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3513 void *data, u16 *result)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003514{
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003515 struct l2cap_conf_req *req = data;
3516 void *ptr = req->data;
3517 int type, olen;
3518 unsigned long val;
Mat Martineau36e999a2011-12-08 17:23:21 -08003519 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003520 struct l2cap_conf_efs efs;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003521
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003522 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003523
3524 while (len >= L2CAP_CONF_OPT_SIZE) {
3525 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3526
3527 switch (type) {
3528 case L2CAP_CONF_MTU:
3529 if (val < L2CAP_DEFAULT_MIN_MTU) {
3530 *result = L2CAP_CONF_UNACCEPT;
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003531 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003532 } else
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003533 chan->imtu = val;
3534 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003535 break;
3536
3537 case L2CAP_CONF_FLUSH_TO:
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003538 chan->flush_to = val;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003539 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003540 2, chan->flush_to);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003541 break;
3542
3543 case L2CAP_CONF_RFC:
3544 if (olen == sizeof(rfc))
3545 memcpy(&rfc, (void *)val, olen);
3546
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003547 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003548 rfc.mode != chan->mode)
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003549 return -ECONNREFUSED;
3550
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003551 chan->fcs = 0;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003552
3553 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003554 sizeof(rfc), (unsigned long) &rfc);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003555 break;
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003556
3557 case L2CAP_CONF_EWS:
Mat Martineauc20f8e32012-07-10 05:47:07 -07003558 chan->ack_win = min_t(u16, val, chan->ack_win);
Gustavo F. Padovan3e6b3b92011-11-01 14:06:23 -02003559 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
Mat Martineauc20f8e32012-07-10 05:47:07 -07003560 chan->tx_win);
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03003561 break;
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003562
3563 case L2CAP_CONF_EFS:
3564 if (olen == sizeof(efs))
3565 memcpy(&efs, (void *)val, olen);
3566
3567 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003568 efs.stype != L2CAP_SERV_NOTRAFIC &&
3569 efs.stype != chan->local_stype)
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003570 return -ECONNREFUSED;
3571
Gustavo Padovan2d792812012-10-06 10:07:01 +01003572 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
3573 (unsigned long) &efs);
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003574 break;
Andrei Emeltchenkocbabee72012-11-29 17:46:07 +02003575
3576 case L2CAP_CONF_FCS:
3577 if (*result == L2CAP_CONF_PENDING)
3578 if (val == L2CAP_FCS_NONE)
Andrei Emeltchenkof2592d32012-11-29 17:46:08 +02003579 set_bit(CONF_RECV_NO_FCS,
Andrei Emeltchenkocbabee72012-11-29 17:46:07 +02003580 &chan->conf_state);
3581 break;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003582 }
3583 }
3584
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003585 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
Gustavo F. Padovan6c2ea7a2010-06-08 20:08:49 -03003586 return -ECONNREFUSED;
3587
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003588 chan->mode = rfc.mode;
Gustavo F. Padovan6c2ea7a2010-06-08 20:08:49 -03003589
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03003590 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003591 switch (rfc.mode) {
3592 case L2CAP_MODE_ERTM:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003593 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3594 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3595 chan->mps = le16_to_cpu(rfc.max_pdu_size);
Mat Martineauc20f8e32012-07-10 05:47:07 -07003596 if (!test_bit(FLAG_EXT_CTRL, &chan->flags))
3597 chan->ack_win = min_t(u16, chan->ack_win,
3598 rfc.txwin_size);
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003599
3600 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3601 chan->local_msdu = le16_to_cpu(efs.msdu);
3602 chan->local_sdu_itime =
Gustavo Padovan2d792812012-10-06 10:07:01 +01003603 le32_to_cpu(efs.sdu_itime);
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003604 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3605 chan->local_flush_to =
Gustavo Padovan2d792812012-10-06 10:07:01 +01003606 le32_to_cpu(efs.flush_to);
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003607 }
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003608 break;
Andrei Emeltchenko66af7aa2011-11-07 14:20:33 +02003609
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003610 case L2CAP_MODE_STREAMING:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003611 chan->mps = le16_to_cpu(rfc.max_pdu_size);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003612 }
3613 }
3614
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003615 req->dcid = cpu_to_le16(chan->dcid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003616 req->flags = cpu_to_le16(0);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03003617
3618 return ptr - data;
3619}
3620
Gustavo Padovan2d792812012-10-06 10:07:01 +01003621static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3622 u16 result, u16 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003623{
3624 struct l2cap_conf_rsp *rsp = data;
3625 void *ptr = rsp->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003626
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003627 BT_DBG("chan %p", chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003628
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003629 rsp->scid = cpu_to_le16(chan->dcid);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02003630 rsp->result = cpu_to_le16(result);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07003631 rsp->flags = cpu_to_le16(flags);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003632
3633 return ptr - data;
3634}
3635
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03003636void __l2cap_le_connect_rsp_defer(struct l2cap_chan *chan)
3637{
3638 struct l2cap_le_conn_rsp rsp;
3639 struct l2cap_conn *conn = chan->conn;
3640
3641 BT_DBG("chan %p", chan);
3642
3643 rsp.dcid = cpu_to_le16(chan->scid);
3644 rsp.mtu = cpu_to_le16(chan->imtu);
Johan Hedberg3916aed2013-10-07 15:35:26 +02003645 rsp.mps = cpu_to_le16(chan->mps);
Johan Hedberg0cd75f72013-05-17 13:09:05 +03003646 rsp.credits = cpu_to_le16(chan->rx_credits);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003647 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03003648
3649 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
3650 &rsp);
3651}
3652
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03003653void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003654{
3655 struct l2cap_conn_rsp rsp;
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03003656 struct l2cap_conn *conn = chan->conn;
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003657 u8 buf[128];
Andrei Emeltchenko439f34a2012-10-31 15:46:28 +02003658 u8 rsp_code;
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003659
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003660 rsp.scid = cpu_to_le16(chan->dcid);
3661 rsp.dcid = cpu_to_le16(chan->scid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003662 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
3663 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Andrei Emeltchenko439f34a2012-10-31 15:46:28 +02003664
3665 if (chan->hs_hcon)
3666 rsp_code = L2CAP_CREATE_CHAN_RSP;
3667 else
3668 rsp_code = L2CAP_CONN_RSP;
3669
3670 BT_DBG("chan %p rsp_code %u", chan, rsp_code);
3671
3672 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp);
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003673
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003674 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003675 return;
3676
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003677 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003678 l2cap_build_conf_req(chan, buf), buf);
Gustavo F. Padovan710f9b02011-03-25 14:30:37 -03003679 chan->num_conf_req++;
3680}
3681
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003682static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003683{
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003684 int type, olen;
3685 unsigned long val;
Mat Martineauc20f8e32012-07-10 05:47:07 -07003686 /* Use sane default values in case a misbehaving remote device
3687 * did not send an RFC or extended window size option.
3688 */
3689 u16 txwin_ext = chan->ack_win;
3690 struct l2cap_conf_rfc rfc = {
3691 .mode = chan->mode,
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003692 .retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO),
3693 .monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO),
Mat Martineauc20f8e32012-07-10 05:47:07 -07003694 .max_pdu_size = cpu_to_le16(chan->imtu),
3695 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW),
3696 };
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003697
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003698 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003699
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003700 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003701 return;
3702
3703 while (len >= L2CAP_CONF_OPT_SIZE) {
3704 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3705
Mat Martineauc20f8e32012-07-10 05:47:07 -07003706 switch (type) {
3707 case L2CAP_CONF_RFC:
3708 if (olen == sizeof(rfc))
3709 memcpy(&rfc, (void *)val, olen);
Szymon Janc8f321f82012-06-08 11:33:33 +02003710 break;
Mat Martineauc20f8e32012-07-10 05:47:07 -07003711 case L2CAP_CONF_EWS:
3712 txwin_ext = val;
3713 break;
3714 }
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003715 }
3716
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003717 switch (rfc.mode) {
3718 case L2CAP_MODE_ERTM:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003719 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3720 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
Mat Martineauc20f8e32012-07-10 05:47:07 -07003721 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3722 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3723 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext);
3724 else
3725 chan->ack_win = min_t(u16, chan->ack_win,
3726 rfc.txwin_size);
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003727 break;
3728 case L2CAP_MODE_STREAMING:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003729 chan->mps = le16_to_cpu(rfc.max_pdu_size);
Gustavo F. Padovan7b1c0042010-05-01 16:15:39 -03003730 }
3731}
3732
Gustavo Padovan2d792812012-10-06 10:07:01 +01003733static inline int l2cap_command_rej(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003734 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3735 u8 *data)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02003736{
Ilia Kolomisnkye2fd3182011-07-10 08:47:44 +03003737 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02003738
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003739 if (cmd_len < sizeof(*rej))
3740 return -EPROTO;
3741
Ilia Kolomisnkye2fd3182011-07-10 08:47:44 +03003742 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02003743 return 0;
3744
3745 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003746 cmd->ident == conn->info_ident) {
Ulisses Furquim17cd3f32012-01-30 18:26:28 -02003747 cancel_delayed_work(&conn->info_timer);
Marcel Holtmann984947d2009-02-06 23:35:19 +01003748
3749 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01003750 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01003751
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02003752 l2cap_conn_start(conn);
3753 }
3754
3755 return 0;
3756}
3757
Mat Martineau17009152012-10-23 15:24:07 -07003758static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3759 struct l2cap_cmd_hdr *cmd,
3760 u8 *data, u8 rsp_code, u8 amp_id)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003761{
Linus Torvalds1da177e2005-04-16 15:20:36 -07003762 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3763 struct l2cap_conn_rsp rsp;
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03003764 struct l2cap_chan *chan = NULL, *pchan;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02003765 int result, status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003766
3767 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02003768 __le16 psm = req->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003769
Andrei Emeltchenko097db762012-03-09 14:16:17 +02003770 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003771
3772 /* Check if we have socket listening on psm */
Marcel Holtmann6f59b902013-10-13 05:24:01 -07003773 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src,
Johan Hedbergbf20fd42013-05-14 13:23:13 +03003774 &conn->hcon->dst, ACL_LINK);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03003775 if (!pchan) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07003776 result = L2CAP_CR_BAD_PSM;
3777 goto sendresp;
3778 }
3779
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003780 mutex_lock(&conn->chan_lock);
Gustavo Padovan8ffb9292013-10-21 14:21:41 -02003781 l2cap_chan_lock(pchan);
Gustavo F. Padovane0f0cb52010-11-01 18:43:53 +00003782
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02003783 /* Check if the ACL is secure enough (if not SDP) */
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003784 if (psm != cpu_to_le16(L2CAP_PSM_SDP) &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003785 !hci_conn_check_link_mode(conn->hcon)) {
Andrei Emeltchenko9f5a0d72011-11-07 14:20:25 +02003786 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02003787 result = L2CAP_CR_SEC_BLOCK;
3788 goto response;
3789 }
3790
Linus Torvalds1da177e2005-04-16 15:20:36 -07003791 result = L2CAP_CR_NO_MEM;
3792
Gustavo Padovan2dfa1002012-05-27 22:27:58 -03003793 /* Check if we already have channel with that dcid */
3794 if (__l2cap_get_chan_by_dcid(conn, scid))
3795 goto response;
3796
Gustavo Padovan80b98022012-05-27 22:27:51 -03003797 chan = pchan->ops->new_connection(pchan);
Gustavo F. Padovan80808e42011-05-16 17:24:37 -03003798 if (!chan)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003799 goto response;
3800
Syam Sidhardhan330b6c12013-08-06 01:59:12 +09003801 /* For certain devices (ex: HID mouse), support for authentication,
3802 * pairing and bonding is optional. For such devices, inorder to avoid
3803 * the ACL alive for too long after L2CAP disconnection, reset the ACL
3804 * disc_timeout back to HCI_DISCONN_TIMEOUT during L2CAP connect.
3805 */
3806 conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3807
Marcel Holtmann7eafc592013-10-13 08:12:47 -07003808 bacpy(&chan->src, &conn->hcon->src);
3809 bacpy(&chan->dst, &conn->hcon->dst);
Johan Hedberga250e042015-01-15 13:06:44 +02003810 chan->src_type = bdaddr_src_type(conn->hcon);
3811 chan->dst_type = bdaddr_dst_type(conn->hcon);
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003812 chan->psm = psm;
3813 chan->dcid = scid;
Mat Martineau17009152012-10-23 15:24:07 -07003814 chan->local_amp_id = amp_id;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003815
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02003816 __l2cap_chan_add(conn, chan);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03003817
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003818 dcid = chan->scid;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003819
Gustavo Padovan8d836d72013-10-15 19:24:47 -03003820 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
Linus Torvalds1da177e2005-04-16 15:20:36 -07003821
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03003822 chan->ident = cmd->ident;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003823
Marcel Holtmann984947d2009-02-06 23:35:19 +01003824 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
Johan Hedberge7cafc42014-07-17 15:35:38 +03003825 if (l2cap_chan_check_security(chan, false)) {
Marcel Holtmannbdc25782013-10-14 02:45:34 -07003826 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02003827 l2cap_state_change(chan, BT_CONNECT2);
Marcel Holtmannf66dc812009-01-15 21:57:00 +01003828 result = L2CAP_CR_PEND;
3829 status = L2CAP_CS_AUTHOR_PEND;
Gustavo Padovan2dc4e512012-10-12 19:35:24 +08003830 chan->ops->defer(chan);
Marcel Holtmannf66dc812009-01-15 21:57:00 +01003831 } else {
Mat Martineau17009152012-10-23 15:24:07 -07003832 /* Force pending result for AMP controllers.
3833 * The connection will succeed after the
3834 * physical link is up.
3835 */
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07003836 if (amp_id == AMP_ID_BREDR) {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02003837 l2cap_state_change(chan, BT_CONFIG);
Mat Martineau17009152012-10-23 15:24:07 -07003838 result = L2CAP_CR_SUCCESS;
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07003839 } else {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02003840 l2cap_state_change(chan, BT_CONNECT2);
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07003841 result = L2CAP_CR_PEND;
Mat Martineau17009152012-10-23 15:24:07 -07003842 }
Marcel Holtmannf66dc812009-01-15 21:57:00 +01003843 status = L2CAP_CS_NO_INFO;
3844 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003845 } else {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02003846 l2cap_state_change(chan, BT_CONNECT2);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003847 result = L2CAP_CR_PEND;
3848 status = L2CAP_CS_AUTHEN_PEND;
3849 }
3850 } else {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02003851 l2cap_state_change(chan, BT_CONNECT2);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003852 result = L2CAP_CR_PEND;
3853 status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003854 }
3855
Linus Torvalds1da177e2005-04-16 15:20:36 -07003856response:
Gustavo Padovan8ffb9292013-10-21 14:21:41 -02003857 l2cap_chan_unlock(pchan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003858 mutex_unlock(&conn->chan_lock);
Johan Hedberga24cce12014-08-07 22:56:42 +03003859 l2cap_chan_put(pchan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003860
3861sendresp:
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07003862 rsp.scid = cpu_to_le16(scid);
3863 rsp.dcid = cpu_to_le16(dcid);
3864 rsp.result = cpu_to_le16(result);
3865 rsp.status = cpu_to_le16(status);
Mat Martineau4c89b6a2012-10-11 17:48:22 +03003866 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003867
3868 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3869 struct l2cap_info_req info;
Joe Perchesdcf4adb2014-03-12 10:52:35 -07003870 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003871
3872 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3873 conn->info_ident = l2cap_get_ident(conn);
3874
Marcel Holtmannba13ccd2012-03-01 14:25:33 -08003875 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003876
Gustavo Padovan2d792812012-10-06 10:07:01 +01003877 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
3878 sizeof(info), &info);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02003879 }
3880
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003881 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
Gustavo Padovan2d792812012-10-06 10:07:01 +01003882 result == L2CAP_CR_SUCCESS) {
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03003883 u8 buf[128];
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003884 set_bit(CONF_REQ_SENT, &chan->conf_state);
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03003885 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003886 l2cap_build_conf_req(chan, buf), buf);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003887 chan->num_conf_req++;
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03003888 }
Mat Martineau17009152012-10-23 15:24:07 -07003889
3890 return chan;
Mat Martineau4c89b6a2012-10-11 17:48:22 +03003891}
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03003892
Mat Martineau4c89b6a2012-10-11 17:48:22 +03003893static int l2cap_connect_req(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003894 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
Mat Martineau4c89b6a2012-10-11 17:48:22 +03003895{
Jaganath Kanakkassery7b064ed2013-01-10 10:28:35 +05303896 struct hci_dev *hdev = conn->hcon->hdev;
3897 struct hci_conn *hcon = conn->hcon;
3898
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003899 if (cmd_len < sizeof(struct l2cap_conn_req))
3900 return -EPROTO;
3901
Jaganath Kanakkassery7b064ed2013-01-10 10:28:35 +05303902 hci_dev_lock(hdev);
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07003903 if (hci_dev_test_flag(hdev, HCI_MGMT) &&
Jaganath Kanakkassery7b064ed2013-01-10 10:28:35 +05303904 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
Alfonso Acosta48ec92f2014-10-07 08:44:10 +00003905 mgmt_device_connected(hdev, hcon, 0, NULL, 0);
Jaganath Kanakkassery7b064ed2013-01-10 10:28:35 +05303906 hci_dev_unlock(hdev);
3907
Gustavo Padovan300229f2012-10-12 19:40:40 +08003908 l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003909 return 0;
3910}
3911
Mat Martineau5909cf32012-10-23 15:24:08 -07003912static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003913 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3914 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07003915{
3916 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3917 u16 scid, dcid, result, status;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03003918 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003919 u8 req[128];
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003920 int err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003921
Johan Hedbergcb3b3152013-05-28 13:46:30 +03003922 if (cmd_len < sizeof(*rsp))
3923 return -EPROTO;
3924
Linus Torvalds1da177e2005-04-16 15:20:36 -07003925 scid = __le16_to_cpu(rsp->scid);
3926 dcid = __le16_to_cpu(rsp->dcid);
3927 result = __le16_to_cpu(rsp->result);
3928 status = __le16_to_cpu(rsp->status);
3929
Andrei Emeltchenko1b009c92012-02-21 12:54:54 +02003930 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
Gustavo Padovan2d792812012-10-06 10:07:01 +01003931 dcid, scid, result, status);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003932
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003933 mutex_lock(&conn->chan_lock);
3934
Linus Torvalds1da177e2005-04-16 15:20:36 -07003935 if (scid) {
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003936 chan = __l2cap_get_chan_by_scid(conn, scid);
3937 if (!chan) {
Johan Hedberg21870b52013-09-16 13:05:14 +03003938 err = -EBADSLT;
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003939 goto unlock;
3940 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07003941 } else {
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003942 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3943 if (!chan) {
Johan Hedberg21870b52013-09-16 13:05:14 +03003944 err = -EBADSLT;
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003945 goto unlock;
3946 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07003947 }
3948
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003949 err = 0;
3950
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02003951 l2cap_chan_lock(chan);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03003952
Linus Torvalds1da177e2005-04-16 15:20:36 -07003953 switch (result) {
3954 case L2CAP_CR_SUCCESS:
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03003955 l2cap_state_change(chan, BT_CONFIG);
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03003956 chan->ident = 0;
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03003957 chan->dcid = dcid;
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003958 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01003959
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003960 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
Gustavo F. Padovane9aeb2d2010-07-08 20:08:18 -03003961 break;
3962
Linus Torvalds1da177e2005-04-16 15:20:36 -07003963 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Gustavo Padovan2d792812012-10-06 10:07:01 +01003964 l2cap_build_conf_req(chan, req), req);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03003965 chan->num_conf_req++;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003966 break;
3967
3968 case L2CAP_CR_PEND:
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03003969 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003970 break;
3971
3972 default:
Gustavo F. Padovan48454072011-03-25 00:22:30 -03003973 l2cap_chan_del(chan, ECONNREFUSED);
Linus Torvalds1da177e2005-04-16 15:20:36 -07003974 break;
3975 }
3976
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02003977 l2cap_chan_unlock(chan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02003978
3979unlock:
3980 mutex_unlock(&conn->chan_lock);
3981
3982 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07003983}
3984
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003985static inline void set_default_fcs(struct l2cap_chan *chan)
Mat Martineau8c462b62010-08-24 15:35:42 -07003986{
3987 /* FCS is enabled only in ERTM or streaming mode, if one or both
3988 * sides request it.
3989 */
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03003990 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003991 chan->fcs = L2CAP_FCS_NONE;
Andrei Emeltchenkof2592d32012-11-29 17:46:08 +02003992 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state))
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03003993 chan->fcs = L2CAP_FCS_CRC16;
Mat Martineau8c462b62010-08-24 15:35:42 -07003994}
3995
Andrei Emeltchenko29d8a592012-09-21 12:30:05 +03003996static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
3997 u8 ident, u16 flags)
3998{
3999 struct l2cap_conn *conn = chan->conn;
4000
4001 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
4002 flags);
4003
4004 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
4005 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
4006
4007 l2cap_send_cmd(conn, ident, L2CAP_CONF_RSP,
4008 l2cap_build_conf_rsp(chan, data,
4009 L2CAP_CONF_SUCCESS, flags), data);
4010}
4011
Johan Hedberg662d6522013-10-16 11:20:47 +03004012static void cmd_reject_invalid_cid(struct l2cap_conn *conn, u8 ident,
4013 u16 scid, u16 dcid)
4014{
4015 struct l2cap_cmd_rej_cid rej;
4016
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004017 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
Johan Hedberg662d6522013-10-16 11:20:47 +03004018 rej.scid = __cpu_to_le16(scid);
4019 rej.dcid = __cpu_to_le16(dcid);
4020
4021 l2cap_send_cmd(conn, ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
4022}
4023
Gustavo Padovan2d792812012-10-06 10:07:01 +01004024static inline int l2cap_config_req(struct l2cap_conn *conn,
4025 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4026 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004027{
4028 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
4029 u16 dcid, flags;
4030 u8 rsp[64];
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004031 struct l2cap_chan *chan;
Mat Martineau3c588192012-04-11 10:48:42 -07004032 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004033
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004034 if (cmd_len < sizeof(*req))
4035 return -EPROTO;
4036
Linus Torvalds1da177e2005-04-16 15:20:36 -07004037 dcid = __le16_to_cpu(req->dcid);
4038 flags = __le16_to_cpu(req->flags);
4039
4040 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
4041
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -03004042 chan = l2cap_get_chan_by_scid(conn, dcid);
Johan Hedberg662d6522013-10-16 11:20:47 +03004043 if (!chan) {
4044 cmd_reject_invalid_cid(conn, cmd->ident, dcid, 0);
4045 return 0;
4046 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07004047
David S. Miller033b1142011-07-21 13:38:42 -07004048 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
Johan Hedberg662d6522013-10-16 11:20:47 +03004049 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid,
4050 chan->dcid);
Marcel Holtmann354f60a2006-11-18 22:15:20 +01004051 goto unlock;
Gustavo F. Padovandf6bd742010-06-14 02:26:15 -03004052 }
Marcel Holtmann354f60a2006-11-18 22:15:20 +01004053
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004054 /* Reject if config buffer is too small. */
Al Viro88219a02007-07-29 00:17:25 -07004055 len = cmd_len - sizeof(*req);
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004056 if (chan->conf_len + len > sizeof(chan->conf_req)) {
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004057 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004058 l2cap_build_conf_rsp(chan, rsp,
4059 L2CAP_CONF_REJECT, flags), rsp);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004060 goto unlock;
4061 }
4062
4063 /* Store config. */
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004064 memcpy(chan->conf_req + chan->conf_len, req->data, len);
4065 chan->conf_len += len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004066
Andrei Emeltchenko59e54bd2012-05-23 15:44:06 +03004067 if (flags & L2CAP_CONF_FLAG_CONTINUATION) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07004068 /* Incomplete config. Send empty response. */
4069 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004070 l2cap_build_conf_rsp(chan, rsp,
4071 L2CAP_CONF_SUCCESS, flags), rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004072 goto unlock;
4073 }
4074
4075 /* Complete config. */
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004076 len = l2cap_parse_conf_req(chan, rsp);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004077 if (len < 0) {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004078 l2cap_send_disconn_req(chan, ECONNRESET);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004079 goto unlock;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004080 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07004081
Mat Martineau1500109b2012-10-23 15:24:15 -07004082 chan->ident = cmd->ident;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004083 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004084 chan->num_conf_rsp++;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004085
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004086 /* Reset config buffer. */
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004087 chan->conf_len = 0;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02004088
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03004089 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
Marcel Holtmann876d9482007-10-20 13:35:42 +02004090 goto unlock;
4091
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03004092 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03004093 set_default_fcs(chan);
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03004094
Mat Martineau105bdf92012-04-27 16:50:48 -07004095 if (chan->mode == L2CAP_MODE_ERTM ||
4096 chan->mode == L2CAP_MODE_STREAMING)
Mat Martineau3c588192012-04-11 10:48:42 -07004097 err = l2cap_ertm_init(chan);
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03004098
Mat Martineau3c588192012-04-11 10:48:42 -07004099 if (err < 0)
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004100 l2cap_send_disconn_req(chan, -err);
Mat Martineau3c588192012-04-11 10:48:42 -07004101 else
4102 l2cap_chan_ready(chan);
4103
Marcel Holtmann876d9482007-10-20 13:35:42 +02004104 goto unlock;
4105 }
4106
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03004107 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +02004108 u8 buf[64];
Linus Torvalds1da177e2005-04-16 15:20:36 -07004109 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004110 l2cap_build_conf_req(chan, buf), buf);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004111 chan->num_conf_req++;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004112 }
4113
Stephen Hemminger49c922b2014-10-27 21:12:20 -07004114 /* Got Conf Rsp PENDING from remote side and assume we sent
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004115 Conf Rsp PENDING in the code above */
4116 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
Andrei Emeltchenko29d8a592012-09-21 12:30:05 +03004117 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004118
4119 /* check compatibility */
4120
Andrei Emeltchenko79de8862012-10-15 11:58:42 +03004121 /* Send rsp for BR/EDR channel */
Andrei Emeltchenkof351bc72012-10-31 15:46:35 +02004122 if (!chan->hs_hcon)
Andrei Emeltchenko79de8862012-10-15 11:58:42 +03004123 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
4124 else
4125 chan->ident = cmd->ident;
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004126 }
4127
Linus Torvalds1da177e2005-04-16 15:20:36 -07004128unlock:
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004129 l2cap_chan_unlock(chan);
Mat Martineau3c588192012-04-11 10:48:42 -07004130 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004131}
4132
Gustavo Padovan2d792812012-10-06 10:07:01 +01004133static inline int l2cap_config_rsp(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004134 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4135 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004136{
4137 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
4138 u16 scid, flags, result;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004139 struct l2cap_chan *chan;
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004140 int len = cmd_len - sizeof(*rsp);
Mat Martineau3c588192012-04-11 10:48:42 -07004141 int err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004142
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004143 if (cmd_len < sizeof(*rsp))
4144 return -EPROTO;
4145
Linus Torvalds1da177e2005-04-16 15:20:36 -07004146 scid = __le16_to_cpu(rsp->scid);
4147 flags = __le16_to_cpu(rsp->flags);
4148 result = __le16_to_cpu(rsp->result);
4149
Andrei Emeltchenko61386cb2012-03-12 12:13:07 +02004150 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
4151 result, len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004152
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -03004153 chan = l2cap_get_chan_by_scid(conn, scid);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004154 if (!chan)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004155 return 0;
4156
4157 switch (result) {
4158 case L2CAP_CONF_SUCCESS:
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03004159 l2cap_conf_rfc_get(chan, rsp->data, len);
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004160 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004161 break;
4162
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004163 case L2CAP_CONF_PENDING:
4164 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
4165
4166 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
4167 char buf[64];
4168
4169 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004170 buf, &result);
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004171 if (len < 0) {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004172 l2cap_send_disconn_req(chan, ECONNRESET);
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004173 goto done;
4174 }
4175
Andrei Emeltchenkof351bc72012-10-31 15:46:35 +02004176 if (!chan->hs_hcon) {
Andrei Emeltchenko79de8862012-10-15 11:58:42 +03004177 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident,
4178 0);
Andrei Emeltchenko5ce66b52012-10-31 15:46:30 +02004179 } else {
4180 if (l2cap_check_efs(chan)) {
4181 amp_create_logical_link(chan);
4182 chan->ident = cmd->ident;
4183 }
4184 }
Andrei Emeltchenko0e8b2072011-10-17 14:35:32 +03004185 }
4186 goto done;
4187
Linus Torvalds1da177e2005-04-16 15:20:36 -07004188 case L2CAP_CONF_UNACCEPT:
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004189 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004190 char req[64];
4191
Andrei Emeltchenkoc2c77ec2010-03-19 10:26:28 +02004192 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004193 l2cap_send_disconn_req(chan, ECONNRESET);
Andrei Emeltchenkoc2c77ec2010-03-19 10:26:28 +02004194 goto done;
4195 }
4196
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004197 /* throw out any old stored conf requests */
4198 result = L2CAP_CONF_SUCCESS;
Gustavo F. Padovanb4450032011-04-12 18:15:09 -03004199 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004200 req, &result);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004201 if (len < 0) {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004202 l2cap_send_disconn_req(chan, ECONNRESET);
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004203 goto done;
4204 }
4205
4206 l2cap_send_cmd(conn, l2cap_get_ident(conn),
Gustavo Padovan2d792812012-10-06 10:07:01 +01004207 L2CAP_CONF_REQ, len, req);
Gustavo F. Padovan73ffa902011-03-25 14:16:54 -03004208 chan->num_conf_req++;
Gustavo F. Padovanf2fcfcd2009-07-04 15:06:24 -03004209 if (result != L2CAP_CONF_SUCCESS)
4210 goto done;
4211 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004212 }
4213
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09004214 default:
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004215 l2cap_chan_set_err(chan, ECONNRESET);
Andrei Emeltchenko2e0052e2012-02-21 12:54:58 +02004216
Marcel Holtmannba13ccd2012-03-01 14:25:33 -08004217 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004218 l2cap_send_disconn_req(chan, ECONNRESET);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004219 goto done;
4220 }
4221
Andrei Emeltchenko59e54bd2012-05-23 15:44:06 +03004222 if (flags & L2CAP_CONF_FLAG_CONTINUATION)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004223 goto done;
4224
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03004225 set_bit(CONF_INPUT_DONE, &chan->conf_state);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004226
Gustavo F. Padovanc1360a12011-06-10 17:02:12 -03004227 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03004228 set_default_fcs(chan);
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03004229
Mat Martineau105bdf92012-04-27 16:50:48 -07004230 if (chan->mode == L2CAP_MODE_ERTM ||
4231 chan->mode == L2CAP_MODE_STREAMING)
Mat Martineau3c588192012-04-11 10:48:42 -07004232 err = l2cap_ertm_init(chan);
Gustavo F. Padovan0565c1c2009-10-03 02:34:36 -03004233
Mat Martineau3c588192012-04-11 10:48:42 -07004234 if (err < 0)
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004235 l2cap_send_disconn_req(chan, -err);
Mat Martineau3c588192012-04-11 10:48:42 -07004236 else
4237 l2cap_chan_ready(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004238 }
4239
4240done:
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004241 l2cap_chan_unlock(chan);
Mat Martineau3c588192012-04-11 10:48:42 -07004242 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004243}
4244
Gustavo Padovan2d792812012-10-06 10:07:01 +01004245static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004246 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4247 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004248{
4249 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
4250 struct l2cap_disconn_rsp rsp;
4251 u16 dcid, scid;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004252 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004253
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004254 if (cmd_len != sizeof(*req))
4255 return -EPROTO;
4256
Linus Torvalds1da177e2005-04-16 15:20:36 -07004257 scid = __le16_to_cpu(req->scid);
4258 dcid = __le16_to_cpu(req->dcid);
4259
4260 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
4261
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004262 mutex_lock(&conn->chan_lock);
4263
4264 chan = __l2cap_get_chan_by_scid(conn, dcid);
4265 if (!chan) {
4266 mutex_unlock(&conn->chan_lock);
Johan Hedberg662d6522013-10-16 11:20:47 +03004267 cmd_reject_invalid_cid(conn, cmd->ident, dcid, scid);
4268 return 0;
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004269 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07004270
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004271 l2cap_chan_lock(chan);
4272
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03004273 rsp.dcid = cpu_to_le16(chan->scid);
4274 rsp.scid = cpu_to_le16(chan->dcid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004275 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
4276
Gustavo Padovan5ec1bbe2013-10-15 19:24:48 -03004277 chan->ops->set_shutdown(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004278
Mat Martineau61d6ef32012-04-27 16:50:50 -07004279 l2cap_chan_hold(chan);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004280 l2cap_chan_del(chan, ECONNRESET);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004281
4282 l2cap_chan_unlock(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004283
Gustavo Padovan80b98022012-05-27 22:27:51 -03004284 chan->ops->close(chan);
Mat Martineau61d6ef32012-04-27 16:50:50 -07004285 l2cap_chan_put(chan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004286
4287 mutex_unlock(&conn->chan_lock);
4288
Linus Torvalds1da177e2005-04-16 15:20:36 -07004289 return 0;
4290}
4291
Gustavo Padovan2d792812012-10-06 10:07:01 +01004292static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004293 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4294 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004295{
4296 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
4297 u16 dcid, scid;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004298 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004299
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004300 if (cmd_len != sizeof(*rsp))
4301 return -EPROTO;
4302
Linus Torvalds1da177e2005-04-16 15:20:36 -07004303 scid = __le16_to_cpu(rsp->scid);
4304 dcid = __le16_to_cpu(rsp->dcid);
4305
4306 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
4307
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004308 mutex_lock(&conn->chan_lock);
4309
4310 chan = __l2cap_get_chan_by_scid(conn, scid);
4311 if (!chan) {
4312 mutex_unlock(&conn->chan_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004313 return 0;
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004314 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07004315
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004316 l2cap_chan_lock(chan);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004317
Mat Martineau61d6ef32012-04-27 16:50:50 -07004318 l2cap_chan_hold(chan);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03004319 l2cap_chan_del(chan, 0);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02004320
4321 l2cap_chan_unlock(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07004322
Gustavo Padovan80b98022012-05-27 22:27:51 -03004323 chan->ops->close(chan);
Mat Martineau61d6ef32012-04-27 16:50:50 -07004324 l2cap_chan_put(chan);
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02004325
4326 mutex_unlock(&conn->chan_lock);
4327
Linus Torvalds1da177e2005-04-16 15:20:36 -07004328 return 0;
4329}
4330
Gustavo Padovan2d792812012-10-06 10:07:01 +01004331static inline int l2cap_information_req(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004332 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4333 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004334{
4335 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07004336 u16 type;
4337
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004338 if (cmd_len != sizeof(*req))
4339 return -EPROTO;
4340
Linus Torvalds1da177e2005-04-16 15:20:36 -07004341 type = __le16_to_cpu(req->type);
4342
4343 BT_DBG("type 0x%4.4x", type);
4344
Marcel Holtmannf0709e02007-10-20 13:38:51 +02004345 if (type == L2CAP_IT_FEAT_MASK) {
4346 u8 buf[8];
Marcel Holtmann44dd46d2009-05-02 19:09:01 -07004347 u32 feat_mask = l2cap_feat_mask;
Marcel Holtmannf0709e02007-10-20 13:38:51 +02004348 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004349 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
4350 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
Gustavo F. Padovand1c4a172010-07-18 16:25:54 -03004351 if (!disable_ertm)
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03004352 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
Gustavo Padovan2d792812012-10-06 10:07:01 +01004353 | L2CAP_FEAT_FCS;
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02004354 if (conn->local_fixed_chan & L2CAP_FC_A2MP)
Andrei Emeltchenko6327eb92011-10-11 13:37:42 +03004355 feat_mask |= L2CAP_FEAT_EXT_FLOW
Gustavo Padovan2d792812012-10-06 10:07:01 +01004356 | L2CAP_FEAT_EXT_WINDOW;
Andrei Emeltchenkoa5fd6f32011-09-16 16:26:32 +03004357
Gustavo F. Padovan1b7bf4e2009-08-24 00:45:20 -03004358 put_unaligned_le32(feat_mask, rsp->data);
Gustavo Padovan2d792812012-10-06 10:07:01 +01004359 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
4360 buf);
Marcel Holtmanne1027a72009-02-09 09:18:02 +01004361 } else if (type == L2CAP_IT_FIXED_CHAN) {
4362 u8 buf[12];
4363 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
Mat Martineau50a147c2011-11-02 16:18:34 -07004364
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004365 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
4366 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02004367 rsp->data[0] = conn->local_fixed_chan;
4368 memset(rsp->data + 1, 0, 7);
Gustavo Padovan2d792812012-10-06 10:07:01 +01004369 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
4370 buf);
Marcel Holtmannf0709e02007-10-20 13:38:51 +02004371 } else {
4372 struct l2cap_info_rsp rsp;
4373 rsp.type = cpu_to_le16(type);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004374 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
Gustavo Padovan2d792812012-10-06 10:07:01 +01004375 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp),
4376 &rsp);
Marcel Holtmannf0709e02007-10-20 13:38:51 +02004377 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07004378
4379 return 0;
4380}
4381
Gustavo Padovan2d792812012-10-06 10:07:01 +01004382static inline int l2cap_information_rsp(struct l2cap_conn *conn,
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004383 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4384 u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07004385{
4386 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
4387 u16 type, result;
4388
Jaganath Kanakkassery3f6fa3d2013-06-21 19:55:11 +05304389 if (cmd_len < sizeof(*rsp))
Johan Hedbergcb3b3152013-05-28 13:46:30 +03004390 return -EPROTO;
4391
Linus Torvalds1da177e2005-04-16 15:20:36 -07004392 type = __le16_to_cpu(rsp->type);
4393 result = __le16_to_cpu(rsp->result);
4394
4395 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
4396
Andrei Emeltchenkoe90165b2011-03-25 11:31:41 +02004397 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
4398 if (cmd->ident != conn->info_ident ||
Gustavo Padovan2d792812012-10-06 10:07:01 +01004399 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
Andrei Emeltchenkoe90165b2011-03-25 11:31:41 +02004400 return 0;
4401
Ulisses Furquim17cd3f32012-01-30 18:26:28 -02004402 cancel_delayed_work(&conn->info_timer);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02004403
Ville Tervoadb08ed2010-08-04 09:43:33 +03004404 if (result != L2CAP_IR_SUCCESS) {
4405 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
4406 conn->info_ident = 0;
4407
4408 l2cap_conn_start(conn);
4409
4410 return 0;
4411 }
4412
Andrei Emeltchenko978c93b2012-02-29 10:41:41 +02004413 switch (type) {
4414 case L2CAP_IT_FEAT_MASK:
Harvey Harrison83985312008-05-02 16:25:46 -07004415 conn->feat_mask = get_unaligned_le32(rsp->data);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02004416
Marcel Holtmann47ec1dcd2009-05-02 18:57:55 -07004417 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
Marcel Holtmanne1027a72009-02-09 09:18:02 +01004418 struct l2cap_info_req req;
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004419 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
Marcel Holtmanne1027a72009-02-09 09:18:02 +01004420
4421 conn->info_ident = l2cap_get_ident(conn);
4422
4423 l2cap_send_cmd(conn, conn->info_ident,
Gustavo Padovan2d792812012-10-06 10:07:01 +01004424 L2CAP_INFO_REQ, sizeof(req), &req);
Marcel Holtmanne1027a72009-02-09 09:18:02 +01004425 } else {
4426 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
4427 conn->info_ident = 0;
4428
4429 l2cap_conn_start(conn);
4430 }
Andrei Emeltchenko978c93b2012-02-29 10:41:41 +02004431 break;
4432
4433 case L2CAP_IT_FIXED_CHAN:
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02004434 conn->remote_fixed_chan = rsp->data[0];
Marcel Holtmann984947d2009-02-06 23:35:19 +01004435 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01004436 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01004437
4438 l2cap_conn_start(conn);
Andrei Emeltchenko978c93b2012-02-29 10:41:41 +02004439 break;
Marcel Holtmann984947d2009-02-06 23:35:19 +01004440 }
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02004441
Linus Torvalds1da177e2005-04-16 15:20:36 -07004442 return 0;
4443}
4444
Mat Martineau17009152012-10-23 15:24:07 -07004445static int l2cap_create_channel_req(struct l2cap_conn *conn,
4446 struct l2cap_cmd_hdr *cmd,
4447 u16 cmd_len, void *data)
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004448{
4449 struct l2cap_create_chan_req *req = data;
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004450 struct l2cap_create_chan_rsp rsp;
Mat Martineau17009152012-10-23 15:24:07 -07004451 struct l2cap_chan *chan;
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004452 struct hci_dev *hdev;
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004453 u16 psm, scid;
4454
4455 if (cmd_len != sizeof(*req))
4456 return -EPROTO;
4457
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02004458 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004459 return -EINVAL;
4460
4461 psm = le16_to_cpu(req->psm);
4462 scid = le16_to_cpu(req->scid);
4463
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03004464 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id);
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004465
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004466 /* For controller id 0 make BR/EDR connection */
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07004467 if (req->amp_id == AMP_ID_BREDR) {
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004468 l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4469 req->amp_id);
4470 return 0;
4471 }
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004472
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004473 /* Validate AMP controller id */
4474 hdev = hci_dev_get(req->amp_id);
4475 if (!hdev)
4476 goto error;
Mat Martineau17009152012-10-23 15:24:07 -07004477
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004478 if (hdev->dev_type != HCI_AMP || !test_bit(HCI_UP, &hdev->flags)) {
Mat Martineau17009152012-10-23 15:24:07 -07004479 hci_dev_put(hdev);
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004480 goto error;
Mat Martineau17009152012-10-23 15:24:07 -07004481 }
4482
4483 chan = l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4484 req->amp_id);
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004485 if (chan) {
4486 struct amp_mgr *mgr = conn->hcon->amp_mgr;
4487 struct hci_conn *hs_hcon;
4488
Marcel Holtmann98e0f7e2013-10-13 02:23:40 -07004489 hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK,
4490 &conn->hcon->dst);
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004491 if (!hs_hcon) {
4492 hci_dev_put(hdev);
Johan Hedberg662d6522013-10-16 11:20:47 +03004493 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid,
4494 chan->dcid);
4495 return 0;
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004496 }
4497
4498 BT_DBG("mgr %p bredr_chan %p hs_hcon %p", mgr, chan, hs_hcon);
4499
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004500 mgr->bredr_chan = chan;
4501 chan->hs_hcon = hs_hcon;
Andrei Emeltchenkofd45bf42012-11-20 17:16:22 +02004502 chan->fcs = L2CAP_FCS_NONE;
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004503 conn->mtu = hdev->block_mtu;
4504 }
4505
4506 hci_dev_put(hdev);
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004507
4508 return 0;
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004509
4510error:
4511 rsp.dcid = 0;
4512 rsp.scid = cpu_to_le16(scid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004513 rsp.result = cpu_to_le16(L2CAP_CR_BAD_AMP);
4514 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Andrei Emeltchenko6e1df6a2012-11-01 15:37:02 +02004515
4516 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
4517 sizeof(rsp), &rsp);
4518
Johan Hedbergdc280802013-09-16 13:05:13 +03004519 return 0;
Mat Martineauf94ff6f2011-11-02 16:18:32 -07004520}
4521
Mat Martineau8eb200b2012-10-23 15:24:17 -07004522static void l2cap_send_move_chan_req(struct l2cap_chan *chan, u8 dest_amp_id)
4523{
4524 struct l2cap_move_chan_req req;
4525 u8 ident;
4526
4527 BT_DBG("chan %p, dest_amp_id %d", chan, dest_amp_id);
4528
4529 ident = l2cap_get_ident(chan->conn);
4530 chan->ident = ident;
4531
4532 req.icid = cpu_to_le16(chan->scid);
4533 req.dest_amp_id = dest_amp_id;
4534
4535 l2cap_send_cmd(chan->conn, ident, L2CAP_MOVE_CHAN_REQ, sizeof(req),
4536 &req);
4537
4538 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4539}
4540
Mat Martineau1500109b2012-10-23 15:24:15 -07004541static void l2cap_send_move_chan_rsp(struct l2cap_chan *chan, u16 result)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004542{
4543 struct l2cap_move_chan_rsp rsp;
4544
Mat Martineau1500109b2012-10-23 15:24:15 -07004545 BT_DBG("chan %p, result 0x%4.4x", chan, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004546
Mat Martineau1500109b2012-10-23 15:24:15 -07004547 rsp.icid = cpu_to_le16(chan->dcid);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004548 rsp.result = cpu_to_le16(result);
4549
Mat Martineau1500109b2012-10-23 15:24:15 -07004550 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_RSP,
4551 sizeof(rsp), &rsp);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004552}
4553
Mat Martineau5b155ef2012-10-23 15:24:14 -07004554static void l2cap_send_move_chan_cfm(struct l2cap_chan *chan, u16 result)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004555{
4556 struct l2cap_move_chan_cfm cfm;
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004557
Mat Martineau5b155ef2012-10-23 15:24:14 -07004558 BT_DBG("chan %p, result 0x%4.4x", chan, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004559
Mat Martineau5b155ef2012-10-23 15:24:14 -07004560 chan->ident = l2cap_get_ident(chan->conn);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004561
Mat Martineau5b155ef2012-10-23 15:24:14 -07004562 cfm.icid = cpu_to_le16(chan->scid);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004563 cfm.result = cpu_to_le16(result);
4564
Mat Martineau5b155ef2012-10-23 15:24:14 -07004565 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_CFM,
4566 sizeof(cfm), &cfm);
4567
4568 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4569}
4570
4571static void l2cap_send_move_chan_cfm_icid(struct l2cap_conn *conn, u16 icid)
4572{
4573 struct l2cap_move_chan_cfm cfm;
4574
4575 BT_DBG("conn %p, icid 0x%4.4x", conn, icid);
4576
4577 cfm.icid = cpu_to_le16(icid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004578 cfm.result = cpu_to_le16(L2CAP_MC_UNCONFIRMED);
Mat Martineau5b155ef2012-10-23 15:24:14 -07004579
4580 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_MOVE_CHAN_CFM,
4581 sizeof(cfm), &cfm);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004582}
4583
4584static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03004585 u16 icid)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004586{
4587 struct l2cap_move_chan_cfm_rsp rsp;
4588
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03004589 BT_DBG("icid 0x%4.4x", icid);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004590
4591 rsp.icid = cpu_to_le16(icid);
4592 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
4593}
4594
Mat Martineau5f3847a2012-10-23 15:24:12 -07004595static void __release_logical_link(struct l2cap_chan *chan)
4596{
4597 chan->hs_hchan = NULL;
4598 chan->hs_hcon = NULL;
4599
4600 /* Placeholder - release the logical link */
4601}
4602
Mat Martineau1500109b2012-10-23 15:24:15 -07004603static void l2cap_logical_fail(struct l2cap_chan *chan)
4604{
4605 /* Logical link setup failed */
4606 if (chan->state != BT_CONNECTED) {
4607 /* Create channel failure, disconnect */
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004608 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineau1500109b2012-10-23 15:24:15 -07004609 return;
4610 }
4611
4612 switch (chan->move_role) {
4613 case L2CAP_MOVE_ROLE_RESPONDER:
4614 l2cap_move_done(chan);
4615 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_SUPP);
4616 break;
4617 case L2CAP_MOVE_ROLE_INITIATOR:
4618 if (chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_COMP ||
4619 chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_CFM) {
4620 /* Remote has only sent pending or
4621 * success responses, clean up
4622 */
4623 l2cap_move_done(chan);
4624 }
4625
4626 /* Other amp move states imply that the move
4627 * has already aborted
4628 */
4629 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4630 break;
4631 }
4632}
4633
4634static void l2cap_logical_finish_create(struct l2cap_chan *chan,
4635 struct hci_chan *hchan)
4636{
4637 struct l2cap_conf_rsp rsp;
Mat Martineau1500109b2012-10-23 15:24:15 -07004638
Andrei Emeltchenko336178a2012-10-31 15:46:27 +02004639 chan->hs_hchan = hchan;
Mat Martineau1500109b2012-10-23 15:24:15 -07004640 chan->hs_hcon->l2cap_data = chan->conn;
4641
Andrei Emeltchenko35ba9562012-10-25 15:20:43 +03004642 l2cap_send_efs_conf_rsp(chan, &rsp, chan->ident, 0);
Mat Martineau1500109b2012-10-23 15:24:15 -07004643
4644 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
Andrei Emeltchenkofe79c6f2012-10-25 15:20:42 +03004645 int err;
Mat Martineau1500109b2012-10-23 15:24:15 -07004646
4647 set_default_fcs(chan);
4648
4649 err = l2cap_ertm_init(chan);
4650 if (err < 0)
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02004651 l2cap_send_disconn_req(chan, -err);
Mat Martineau1500109b2012-10-23 15:24:15 -07004652 else
4653 l2cap_chan_ready(chan);
4654 }
4655}
4656
4657static void l2cap_logical_finish_move(struct l2cap_chan *chan,
4658 struct hci_chan *hchan)
4659{
4660 chan->hs_hcon = hchan->conn;
4661 chan->hs_hcon->l2cap_data = chan->conn;
4662
4663 BT_DBG("move_state %d", chan->move_state);
4664
4665 switch (chan->move_state) {
4666 case L2CAP_MOVE_WAIT_LOGICAL_COMP:
4667 /* Move confirm will be sent after a success
4668 * response is received
4669 */
4670 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4671 break;
4672 case L2CAP_MOVE_WAIT_LOGICAL_CFM:
4673 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4674 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4675 } else if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
4676 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
4677 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4678 } else if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4679 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4680 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4681 }
4682 break;
4683 default:
4684 /* Move was not in expected state, free the channel */
4685 __release_logical_link(chan);
4686
4687 chan->move_state = L2CAP_MOVE_STABLE;
4688 }
4689}
4690
4691/* Call with chan locked */
Andrei Emeltchenko27695fb2012-10-25 15:20:45 +03004692void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan,
4693 u8 status)
Mat Martineau5b155ef2012-10-23 15:24:14 -07004694{
Mat Martineau1500109b2012-10-23 15:24:15 -07004695 BT_DBG("chan %p, hchan %p, status %d", chan, hchan, status);
4696
4697 if (status) {
4698 l2cap_logical_fail(chan);
4699 __release_logical_link(chan);
4700 return;
4701 }
4702
4703 if (chan->state != BT_CONNECTED) {
4704 /* Ignore logical link if channel is on BR/EDR */
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07004705 if (chan->local_amp_id != AMP_ID_BREDR)
Mat Martineau1500109b2012-10-23 15:24:15 -07004706 l2cap_logical_finish_create(chan, hchan);
4707 } else {
4708 l2cap_logical_finish_move(chan, hchan);
4709 }
Mat Martineau5b155ef2012-10-23 15:24:14 -07004710}
4711
Mat Martineau3f7a56c2012-10-23 15:24:23 -07004712void l2cap_move_start(struct l2cap_chan *chan)
4713{
4714 BT_DBG("chan %p", chan);
4715
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07004716 if (chan->local_amp_id == AMP_ID_BREDR) {
Mat Martineau3f7a56c2012-10-23 15:24:23 -07004717 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED)
4718 return;
4719 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4720 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4721 /* Placeholder - start physical link setup */
4722 } else {
4723 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4724 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4725 chan->move_id = 0;
4726 l2cap_move_setup(chan);
4727 l2cap_send_move_chan_req(chan, 0);
4728 }
4729}
4730
Mat Martineau8eb200b2012-10-23 15:24:17 -07004731static void l2cap_do_create(struct l2cap_chan *chan, int result,
4732 u8 local_amp_id, u8 remote_amp_id)
4733{
Andrei Emeltchenko62748ca2012-11-20 17:16:19 +02004734 BT_DBG("chan %p state %s %u -> %u", chan, state_to_string(chan->state),
4735 local_amp_id, remote_amp_id);
4736
Andrei Emeltchenko12d6cc62012-11-14 17:39:31 +02004737 chan->fcs = L2CAP_FCS_NONE;
4738
Andrei Emeltchenko62748ca2012-11-20 17:16:19 +02004739 /* Outgoing channel on AMP */
4740 if (chan->state == BT_CONNECT) {
4741 if (result == L2CAP_CR_SUCCESS) {
4742 chan->local_amp_id = local_amp_id;
4743 l2cap_send_create_chan_req(chan, remote_amp_id);
4744 } else {
4745 /* Revert to BR/EDR connect */
4746 l2cap_send_conn_req(chan);
4747 }
4748
4749 return;
4750 }
4751
4752 /* Incoming channel on AMP */
4753 if (__l2cap_no_conn_pending(chan)) {
Mat Martineau8eb200b2012-10-23 15:24:17 -07004754 struct l2cap_conn_rsp rsp;
4755 char buf[128];
4756 rsp.scid = cpu_to_le16(chan->dcid);
4757 rsp.dcid = cpu_to_le16(chan->scid);
4758
Mat Martineau8eb200b2012-10-23 15:24:17 -07004759 if (result == L2CAP_CR_SUCCESS) {
4760 /* Send successful response */
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004761 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
4762 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Mat Martineau8eb200b2012-10-23 15:24:17 -07004763 } else {
4764 /* Send negative response */
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004765 rsp.result = cpu_to_le16(L2CAP_CR_NO_MEM);
4766 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Mat Martineau8eb200b2012-10-23 15:24:17 -07004767 }
4768
4769 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_RSP,
4770 sizeof(rsp), &rsp);
4771
4772 if (result == L2CAP_CR_SUCCESS) {
Gustavo Padovanf93fa272013-10-21 14:21:40 -02004773 l2cap_state_change(chan, BT_CONFIG);
Mat Martineau8eb200b2012-10-23 15:24:17 -07004774 set_bit(CONF_REQ_SENT, &chan->conf_state);
4775 l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn),
4776 L2CAP_CONF_REQ,
4777 l2cap_build_conf_req(chan, buf), buf);
4778 chan->num_conf_req++;
4779 }
Mat Martineau8eb200b2012-10-23 15:24:17 -07004780 }
4781}
4782
4783static void l2cap_do_move_initiate(struct l2cap_chan *chan, u8 local_amp_id,
4784 u8 remote_amp_id)
4785{
4786 l2cap_move_setup(chan);
4787 chan->move_id = local_amp_id;
4788 chan->move_state = L2CAP_MOVE_WAIT_RSP;
4789
4790 l2cap_send_move_chan_req(chan, remote_amp_id);
4791}
4792
4793static void l2cap_do_move_respond(struct l2cap_chan *chan, int result)
4794{
4795 struct hci_chan *hchan = NULL;
4796
4797 /* Placeholder - get hci_chan for logical link */
4798
4799 if (hchan) {
4800 if (hchan->state == BT_CONNECTED) {
4801 /* Logical link is ready to go */
4802 chan->hs_hcon = hchan->conn;
4803 chan->hs_hcon->l2cap_data = chan->conn;
4804 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4805 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4806
4807 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
4808 } else {
4809 /* Wait for logical link to be ready */
4810 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4811 }
4812 } else {
4813 /* Logical link not available */
4814 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_ALLOWED);
4815 }
4816}
4817
4818static void l2cap_do_move_cancel(struct l2cap_chan *chan, int result)
4819{
4820 if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4821 u8 rsp_result;
4822 if (result == -EINVAL)
4823 rsp_result = L2CAP_MR_BAD_ID;
4824 else
4825 rsp_result = L2CAP_MR_NOT_ALLOWED;
4826
4827 l2cap_send_move_chan_rsp(chan, rsp_result);
4828 }
4829
4830 chan->move_role = L2CAP_MOVE_ROLE_NONE;
4831 chan->move_state = L2CAP_MOVE_STABLE;
4832
4833 /* Restart data transmission */
4834 l2cap_ertm_send(chan);
4835}
4836
Andrei Emeltchenkoa514b172012-11-14 17:39:30 +02004837/* Invoke with locked chan */
4838void __l2cap_physical_cfm(struct l2cap_chan *chan, int result)
Mat Martineau8eb200b2012-10-23 15:24:17 -07004839{
Andrei Emeltchenko770bfef2012-10-31 15:46:29 +02004840 u8 local_amp_id = chan->local_amp_id;
Andrei Emeltchenkofffadc02012-11-01 15:37:03 +02004841 u8 remote_amp_id = chan->remote_amp_id;
Andrei Emeltchenko770bfef2012-10-31 15:46:29 +02004842
Mat Martineau8eb200b2012-10-23 15:24:17 -07004843 BT_DBG("chan %p, result %d, local_amp_id %d, remote_amp_id %d",
4844 chan, result, local_amp_id, remote_amp_id);
4845
Mat Martineau8eb200b2012-10-23 15:24:17 -07004846 if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) {
4847 l2cap_chan_unlock(chan);
4848 return;
4849 }
4850
4851 if (chan->state != BT_CONNECTED) {
4852 l2cap_do_create(chan, result, local_amp_id, remote_amp_id);
4853 } else if (result != L2CAP_MR_SUCCESS) {
4854 l2cap_do_move_cancel(chan, result);
4855 } else {
4856 switch (chan->move_role) {
4857 case L2CAP_MOVE_ROLE_INITIATOR:
4858 l2cap_do_move_initiate(chan, local_amp_id,
4859 remote_amp_id);
4860 break;
4861 case L2CAP_MOVE_ROLE_RESPONDER:
4862 l2cap_do_move_respond(chan, result);
4863 break;
4864 default:
4865 l2cap_do_move_cancel(chan, result);
4866 break;
4867 }
4868 }
Mat Martineau8eb200b2012-10-23 15:24:17 -07004869}
4870
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004871static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03004872 struct l2cap_cmd_hdr *cmd,
4873 u16 cmd_len, void *data)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004874{
4875 struct l2cap_move_chan_req *req = data;
Mat Martineau1500109b2012-10-23 15:24:15 -07004876 struct l2cap_move_chan_rsp rsp;
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004877 struct l2cap_chan *chan;
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004878 u16 icid = 0;
4879 u16 result = L2CAP_MR_NOT_ALLOWED;
4880
4881 if (cmd_len != sizeof(*req))
4882 return -EPROTO;
4883
4884 icid = le16_to_cpu(req->icid);
4885
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03004886 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004887
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02004888 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004889 return -EINVAL;
4890
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004891 chan = l2cap_get_chan_by_dcid(conn, icid);
4892 if (!chan) {
Mat Martineau1500109b2012-10-23 15:24:15 -07004893 rsp.icid = cpu_to_le16(icid);
Joe Perchesdcf4adb2014-03-12 10:52:35 -07004894 rsp.result = cpu_to_le16(L2CAP_MR_NOT_ALLOWED);
Mat Martineau1500109b2012-10-23 15:24:15 -07004895 l2cap_send_cmd(conn, cmd->ident, L2CAP_MOVE_CHAN_RSP,
4896 sizeof(rsp), &rsp);
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004897 return 0;
4898 }
4899
Mat Martineau1500109b2012-10-23 15:24:15 -07004900 chan->ident = cmd->ident;
4901
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004902 if (chan->scid < L2CAP_CID_DYN_START ||
4903 chan->chan_policy == BT_CHANNEL_POLICY_BREDR_ONLY ||
4904 (chan->mode != L2CAP_MODE_ERTM &&
4905 chan->mode != L2CAP_MODE_STREAMING)) {
4906 result = L2CAP_MR_NOT_ALLOWED;
4907 goto send_move_response;
4908 }
4909
4910 if (chan->local_amp_id == req->dest_amp_id) {
4911 result = L2CAP_MR_SAME_ID;
4912 goto send_move_response;
4913 }
4914
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07004915 if (req->dest_amp_id != AMP_ID_BREDR) {
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004916 struct hci_dev *hdev;
4917 hdev = hci_dev_get(req->dest_amp_id);
4918 if (!hdev || hdev->dev_type != HCI_AMP ||
4919 !test_bit(HCI_UP, &hdev->flags)) {
4920 if (hdev)
4921 hci_dev_put(hdev);
4922
4923 result = L2CAP_MR_BAD_ID;
4924 goto send_move_response;
4925 }
4926 hci_dev_put(hdev);
4927 }
4928
4929 /* Detect a move collision. Only send a collision response
4930 * if this side has "lost", otherwise proceed with the move.
4931 * The winner has the larger bd_addr.
4932 */
4933 if ((__chan_is_moving(chan) ||
4934 chan->move_role != L2CAP_MOVE_ROLE_NONE) &&
Marcel Holtmann6f59b902013-10-13 05:24:01 -07004935 bacmp(&conn->hcon->src, &conn->hcon->dst) > 0) {
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004936 result = L2CAP_MR_COLLISION;
4937 goto send_move_response;
4938 }
4939
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004940 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
4941 l2cap_move_setup(chan);
4942 chan->move_id = req->dest_amp_id;
4943 icid = chan->dcid;
4944
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07004945 if (req->dest_amp_id == AMP_ID_BREDR) {
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004946 /* Moving to BR/EDR */
4947 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4948 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4949 result = L2CAP_MR_PEND;
4950 } else {
4951 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4952 result = L2CAP_MR_SUCCESS;
4953 }
4954 } else {
4955 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4956 /* Placeholder - uncomment when amp functions are available */
4957 /*amp_accept_physical(chan, req->dest_amp_id);*/
4958 result = L2CAP_MR_PEND;
4959 }
4960
4961send_move_response:
Mat Martineau1500109b2012-10-23 15:24:15 -07004962 l2cap_send_move_chan_rsp(chan, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004963
Mat Martineau02b0fbb2012-10-23 15:24:10 -07004964 l2cap_chan_unlock(chan);
4965
Mat Martineau8d5a04a2011-11-02 16:18:35 -07004966 return 0;
4967}
4968
Mat Martineau5b155ef2012-10-23 15:24:14 -07004969static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result)
4970{
4971 struct l2cap_chan *chan;
4972 struct hci_chan *hchan = NULL;
4973
4974 chan = l2cap_get_chan_by_scid(conn, icid);
4975 if (!chan) {
4976 l2cap_send_move_chan_cfm_icid(conn, icid);
4977 return;
4978 }
4979
4980 __clear_chan_timer(chan);
4981 if (result == L2CAP_MR_PEND)
4982 __set_chan_timer(chan, L2CAP_MOVE_ERTX_TIMEOUT);
4983
4984 switch (chan->move_state) {
4985 case L2CAP_MOVE_WAIT_LOGICAL_COMP:
4986 /* Move confirm will be sent when logical link
4987 * is complete.
4988 */
4989 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4990 break;
4991 case L2CAP_MOVE_WAIT_RSP_SUCCESS:
4992 if (result == L2CAP_MR_PEND) {
4993 break;
4994 } else if (test_bit(CONN_LOCAL_BUSY,
4995 &chan->conn_state)) {
4996 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4997 } else {
4998 /* Logical link is up or moving to BR/EDR,
4999 * proceed with move
5000 */
5001 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
5002 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
5003 }
5004 break;
5005 case L2CAP_MOVE_WAIT_RSP:
5006 /* Moving to AMP */
5007 if (result == L2CAP_MR_SUCCESS) {
5008 /* Remote is ready, send confirm immediately
5009 * after logical link is ready
5010 */
5011 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
5012 } else {
5013 /* Both logical link and move success
5014 * are required to confirm
5015 */
5016 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_COMP;
5017 }
5018
5019 /* Placeholder - get hci_chan for logical link */
5020 if (!hchan) {
5021 /* Logical link not available */
5022 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5023 break;
5024 }
5025
5026 /* If the logical link is not yet connected, do not
5027 * send confirmation.
5028 */
5029 if (hchan->state != BT_CONNECTED)
5030 break;
5031
5032 /* Logical link is already ready to go */
5033
5034 chan->hs_hcon = hchan->conn;
5035 chan->hs_hcon->l2cap_data = chan->conn;
5036
5037 if (result == L2CAP_MR_SUCCESS) {
5038 /* Can confirm now */
5039 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
5040 } else {
5041 /* Now only need move success
5042 * to confirm
5043 */
5044 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
5045 }
5046
5047 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
5048 break;
5049 default:
5050 /* Any other amp move state means the move failed. */
5051 chan->move_id = chan->local_amp_id;
5052 l2cap_move_done(chan);
5053 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5054 }
5055
5056 l2cap_chan_unlock(chan);
5057}
5058
5059static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid,
5060 u16 result)
5061{
5062 struct l2cap_chan *chan;
5063
5064 chan = l2cap_get_chan_by_ident(conn, ident);
5065 if (!chan) {
5066 /* Could not locate channel, icid is best guess */
5067 l2cap_send_move_chan_cfm_icid(conn, icid);
5068 return;
5069 }
5070
5071 __clear_chan_timer(chan);
5072
5073 if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
5074 if (result == L2CAP_MR_COLLISION) {
5075 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
5076 } else {
5077 /* Cleanup - cancel move */
5078 chan->move_id = chan->local_amp_id;
5079 l2cap_move_done(chan);
5080 }
5081 }
5082
5083 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5084
5085 l2cap_chan_unlock(chan);
5086}
5087
5088static int l2cap_move_channel_rsp(struct l2cap_conn *conn,
5089 struct l2cap_cmd_hdr *cmd,
5090 u16 cmd_len, void *data)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005091{
5092 struct l2cap_move_chan_rsp *rsp = data;
5093 u16 icid, result;
5094
5095 if (cmd_len != sizeof(*rsp))
5096 return -EPROTO;
5097
5098 icid = le16_to_cpu(rsp->icid);
5099 result = le16_to_cpu(rsp->result);
5100
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03005101 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005102
Mat Martineau5b155ef2012-10-23 15:24:14 -07005103 if (result == L2CAP_MR_SUCCESS || result == L2CAP_MR_PEND)
5104 l2cap_move_continue(conn, icid, result);
5105 else
5106 l2cap_move_fail(conn, cmd->ident, icid, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005107
5108 return 0;
5109}
5110
Mat Martineau5f3847a2012-10-23 15:24:12 -07005111static int l2cap_move_channel_confirm(struct l2cap_conn *conn,
5112 struct l2cap_cmd_hdr *cmd,
5113 u16 cmd_len, void *data)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005114{
5115 struct l2cap_move_chan_cfm *cfm = data;
Mat Martineau5f3847a2012-10-23 15:24:12 -07005116 struct l2cap_chan *chan;
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005117 u16 icid, result;
5118
5119 if (cmd_len != sizeof(*cfm))
5120 return -EPROTO;
5121
5122 icid = le16_to_cpu(cfm->icid);
5123 result = le16_to_cpu(cfm->result);
5124
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03005125 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005126
Mat Martineau5f3847a2012-10-23 15:24:12 -07005127 chan = l2cap_get_chan_by_dcid(conn, icid);
5128 if (!chan) {
5129 /* Spec requires a response even if the icid was not found */
5130 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
5131 return 0;
5132 }
5133
5134 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) {
5135 if (result == L2CAP_MC_CONFIRMED) {
5136 chan->local_amp_id = chan->move_id;
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07005137 if (chan->local_amp_id == AMP_ID_BREDR)
Mat Martineau5f3847a2012-10-23 15:24:12 -07005138 __release_logical_link(chan);
5139 } else {
5140 chan->move_id = chan->local_amp_id;
5141 }
5142
5143 l2cap_move_done(chan);
5144 }
5145
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005146 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
5147
Mat Martineau5f3847a2012-10-23 15:24:12 -07005148 l2cap_chan_unlock(chan);
5149
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005150 return 0;
5151}
5152
5153static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03005154 struct l2cap_cmd_hdr *cmd,
5155 u16 cmd_len, void *data)
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005156{
5157 struct l2cap_move_chan_cfm_rsp *rsp = data;
Mat Martineau3fd71a02012-10-23 15:24:16 -07005158 struct l2cap_chan *chan;
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005159 u16 icid;
5160
5161 if (cmd_len != sizeof(*rsp))
5162 return -EPROTO;
5163
5164 icid = le16_to_cpu(rsp->icid);
5165
Andrei Emeltchenkoad0ac6c2012-07-10 15:27:50 +03005166 BT_DBG("icid 0x%4.4x", icid);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005167
Mat Martineau3fd71a02012-10-23 15:24:16 -07005168 chan = l2cap_get_chan_by_scid(conn, icid);
5169 if (!chan)
5170 return 0;
5171
5172 __clear_chan_timer(chan);
5173
5174 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) {
5175 chan->local_amp_id = chan->move_id;
5176
Marcel Holtmann6ed971c2013-10-05 11:47:44 -07005177 if (chan->local_amp_id == AMP_ID_BREDR && chan->hs_hchan)
Mat Martineau3fd71a02012-10-23 15:24:16 -07005178 __release_logical_link(chan);
5179
5180 l2cap_move_done(chan);
5181 }
5182
5183 l2cap_chan_unlock(chan);
5184
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005185 return 0;
5186}
5187
Claudio Takahaside731152011-02-11 19:28:55 -02005188static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
Gustavo Padovan2d792812012-10-06 10:07:01 +01005189 struct l2cap_cmd_hdr *cmd,
Johan Hedberg203e6392013-05-15 10:07:15 +03005190 u16 cmd_len, u8 *data)
Claudio Takahaside731152011-02-11 19:28:55 -02005191{
5192 struct hci_conn *hcon = conn->hcon;
5193 struct l2cap_conn_param_update_req *req;
5194 struct l2cap_conn_param_update_rsp rsp;
Johan Hedberg203e6392013-05-15 10:07:15 +03005195 u16 min, max, latency, to_multiplier;
Claudio Takahasi2ce603e2011-02-16 20:44:53 -02005196 int err;
Claudio Takahaside731152011-02-11 19:28:55 -02005197
Johan Hedberg40bef302014-07-16 11:42:27 +03005198 if (hcon->role != HCI_ROLE_MASTER)
Claudio Takahaside731152011-02-11 19:28:55 -02005199 return -EINVAL;
5200
Claudio Takahaside731152011-02-11 19:28:55 -02005201 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
5202 return -EPROTO;
5203
5204 req = (struct l2cap_conn_param_update_req *) data;
Gustavo F. Padovane2174ca2011-02-17 19:16:55 -03005205 min = __le16_to_cpu(req->min);
5206 max = __le16_to_cpu(req->max);
Claudio Takahaside731152011-02-11 19:28:55 -02005207 latency = __le16_to_cpu(req->latency);
5208 to_multiplier = __le16_to_cpu(req->to_multiplier);
5209
5210 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
Gustavo Padovan2d792812012-10-06 10:07:01 +01005211 min, max, latency, to_multiplier);
Claudio Takahaside731152011-02-11 19:28:55 -02005212
5213 memset(&rsp, 0, sizeof(rsp));
Claudio Takahasi2ce603e2011-02-16 20:44:53 -02005214
Andre Guedesd4905f22014-06-25 21:52:52 -03005215 err = hci_check_conn_params(min, max, latency, to_multiplier);
Claudio Takahasi2ce603e2011-02-16 20:44:53 -02005216 if (err)
Joe Perchesdcf4adb2014-03-12 10:52:35 -07005217 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
Claudio Takahaside731152011-02-11 19:28:55 -02005218 else
Joe Perchesdcf4adb2014-03-12 10:52:35 -07005219 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
Claudio Takahaside731152011-02-11 19:28:55 -02005220
5221 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
Gustavo Padovan2d792812012-10-06 10:07:01 +01005222 sizeof(rsp), &rsp);
Claudio Takahaside731152011-02-11 19:28:55 -02005223
Andre Guedesffb5a8272014-07-01 18:10:11 -03005224 if (!err) {
Johan Hedbergf4869e22014-07-02 17:37:32 +03005225 u8 store_hint;
Andre Guedesffb5a8272014-07-01 18:10:11 -03005226
Johan Hedbergf4869e22014-07-02 17:37:32 +03005227 store_hint = hci_le_conn_update(hcon, min, max, latency,
5228 to_multiplier);
5229 mgmt_new_conn_param(hcon->hdev, &hcon->dst, hcon->dst_type,
5230 store_hint, min, max, latency,
5231 to_multiplier);
5232
Andre Guedesffb5a8272014-07-01 18:10:11 -03005233 }
Claudio Takahasi2ce603e2011-02-16 20:44:53 -02005234
Claudio Takahaside731152011-02-11 19:28:55 -02005235 return 0;
5236}
5237
Johan Hedbergf1496de2013-05-13 14:15:56 +03005238static int l2cap_le_connect_rsp(struct l2cap_conn *conn,
5239 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5240 u8 *data)
5241{
5242 struct l2cap_le_conn_rsp *rsp = (struct l2cap_le_conn_rsp *) data;
Johan Hedberg3e64b7b2014-11-13 10:55:19 +02005243 struct hci_conn *hcon = conn->hcon;
Johan Hedbergf1496de2013-05-13 14:15:56 +03005244 u16 dcid, mtu, mps, credits, result;
5245 struct l2cap_chan *chan;
Johan Hedberg3e64b7b2014-11-13 10:55:19 +02005246 int err, sec_level;
Johan Hedbergf1496de2013-05-13 14:15:56 +03005247
5248 if (cmd_len < sizeof(*rsp))
5249 return -EPROTO;
5250
5251 dcid = __le16_to_cpu(rsp->dcid);
5252 mtu = __le16_to_cpu(rsp->mtu);
5253 mps = __le16_to_cpu(rsp->mps);
5254 credits = __le16_to_cpu(rsp->credits);
5255 result = __le16_to_cpu(rsp->result);
5256
5257 if (result == L2CAP_CR_SUCCESS && (mtu < 23 || mps < 23))
5258 return -EPROTO;
5259
5260 BT_DBG("dcid 0x%4.4x mtu %u mps %u credits %u result 0x%2.2x",
5261 dcid, mtu, mps, credits, result);
5262
5263 mutex_lock(&conn->chan_lock);
5264
5265 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5266 if (!chan) {
5267 err = -EBADSLT;
5268 goto unlock;
5269 }
5270
5271 err = 0;
5272
5273 l2cap_chan_lock(chan);
5274
5275 switch (result) {
5276 case L2CAP_CR_SUCCESS:
5277 chan->ident = 0;
5278 chan->dcid = dcid;
5279 chan->omtu = mtu;
5280 chan->remote_mps = mps;
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005281 chan->tx_credits = credits;
Johan Hedbergf1496de2013-05-13 14:15:56 +03005282 l2cap_chan_ready(chan);
5283 break;
5284
Johan Hedberg3e64b7b2014-11-13 10:55:19 +02005285 case L2CAP_CR_AUTHENTICATION:
5286 case L2CAP_CR_ENCRYPTION:
5287 /* If we already have MITM protection we can't do
5288 * anything.
5289 */
5290 if (hcon->sec_level > BT_SECURITY_MEDIUM) {
5291 l2cap_chan_del(chan, ECONNREFUSED);
5292 break;
5293 }
5294
5295 sec_level = hcon->sec_level + 1;
5296 if (chan->sec_level < sec_level)
5297 chan->sec_level = sec_level;
5298
5299 /* We'll need to send a new Connect Request */
5300 clear_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags);
5301
5302 smp_conn_security(hcon, chan->sec_level);
5303 break;
5304
Johan Hedbergf1496de2013-05-13 14:15:56 +03005305 default:
5306 l2cap_chan_del(chan, ECONNREFUSED);
5307 break;
5308 }
5309
5310 l2cap_chan_unlock(chan);
5311
5312unlock:
5313 mutex_unlock(&conn->chan_lock);
5314
5315 return err;
5316}
5317
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005318static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
Gustavo Padovan2d792812012-10-06 10:07:01 +01005319 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5320 u8 *data)
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005321{
5322 int err = 0;
5323
5324 switch (cmd->code) {
5325 case L2CAP_COMMAND_REJ:
Johan Hedbergcb3b3152013-05-28 13:46:30 +03005326 l2cap_command_rej(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005327 break;
5328
5329 case L2CAP_CONN_REQ:
Johan Hedbergcb3b3152013-05-28 13:46:30 +03005330 err = l2cap_connect_req(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005331 break;
5332
5333 case L2CAP_CONN_RSP:
Mat Martineauf5a25982012-10-11 17:48:21 +03005334 case L2CAP_CREATE_CHAN_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005335 l2cap_connect_create_rsp(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005336 break;
5337
5338 case L2CAP_CONF_REQ:
5339 err = l2cap_config_req(conn, cmd, cmd_len, data);
5340 break;
5341
5342 case L2CAP_CONF_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005343 l2cap_config_rsp(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005344 break;
5345
5346 case L2CAP_DISCONN_REQ:
Johan Hedbergcb3b3152013-05-28 13:46:30 +03005347 err = l2cap_disconnect_req(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005348 break;
5349
5350 case L2CAP_DISCONN_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005351 l2cap_disconnect_rsp(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005352 break;
5353
5354 case L2CAP_ECHO_REQ:
5355 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
5356 break;
5357
5358 case L2CAP_ECHO_RSP:
5359 break;
5360
5361 case L2CAP_INFO_REQ:
Johan Hedbergcb3b3152013-05-28 13:46:30 +03005362 err = l2cap_information_req(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005363 break;
5364
5365 case L2CAP_INFO_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005366 l2cap_information_rsp(conn, cmd, cmd_len, data);
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005367 break;
5368
Mat Martineauf94ff6f2011-11-02 16:18:32 -07005369 case L2CAP_CREATE_CHAN_REQ:
5370 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
5371 break;
5372
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005373 case L2CAP_MOVE_CHAN_REQ:
5374 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
5375 break;
5376
5377 case L2CAP_MOVE_CHAN_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005378 l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005379 break;
5380
5381 case L2CAP_MOVE_CHAN_CFM:
5382 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
5383 break;
5384
5385 case L2CAP_MOVE_CHAN_CFM_RSP:
Johan Hedberg9245e732013-09-16 13:05:17 +03005386 l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
Mat Martineau8d5a04a2011-11-02 16:18:35 -07005387 break;
5388
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005389 default:
5390 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
5391 err = -EINVAL;
5392 break;
5393 }
5394
5395 return err;
5396}
5397
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005398static int l2cap_le_connect_req(struct l2cap_conn *conn,
5399 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5400 u8 *data)
5401{
5402 struct l2cap_le_conn_req *req = (struct l2cap_le_conn_req *) data;
5403 struct l2cap_le_conn_rsp rsp;
5404 struct l2cap_chan *chan, *pchan;
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005405 u16 dcid, scid, credits, mtu, mps;
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005406 __le16 psm;
5407 u8 result;
5408
5409 if (cmd_len != sizeof(*req))
5410 return -EPROTO;
5411
5412 scid = __le16_to_cpu(req->scid);
5413 mtu = __le16_to_cpu(req->mtu);
5414 mps = __le16_to_cpu(req->mps);
5415 psm = req->psm;
5416 dcid = 0;
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005417 credits = 0;
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005418
5419 if (mtu < 23 || mps < 23)
5420 return -EPROTO;
5421
5422 BT_DBG("psm 0x%2.2x scid 0x%4.4x mtu %u mps %u", __le16_to_cpu(psm),
5423 scid, mtu, mps);
5424
5425 /* Check if we have socket listening on psm */
5426 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src,
5427 &conn->hcon->dst, LE_LINK);
5428 if (!pchan) {
5429 result = L2CAP_CR_BAD_PSM;
5430 chan = NULL;
5431 goto response;
5432 }
5433
5434 mutex_lock(&conn->chan_lock);
5435 l2cap_chan_lock(pchan);
5436
Johan Hedberg35dc6f82014-11-13 10:55:18 +02005437 if (!smp_sufficient_security(conn->hcon, pchan->sec_level,
5438 SMP_ALLOW_STK)) {
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005439 result = L2CAP_CR_AUTHENTICATION;
5440 chan = NULL;
5441 goto response_unlock;
5442 }
5443
5444 /* Check if we already have channel with that dcid */
5445 if (__l2cap_get_chan_by_dcid(conn, scid)) {
5446 result = L2CAP_CR_NO_MEM;
5447 chan = NULL;
5448 goto response_unlock;
5449 }
5450
5451 chan = pchan->ops->new_connection(pchan);
5452 if (!chan) {
5453 result = L2CAP_CR_NO_MEM;
5454 goto response_unlock;
5455 }
5456
Johan Hedberg0ce43ce2013-12-05 14:55:33 +02005457 l2cap_le_flowctl_init(chan);
5458
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005459 bacpy(&chan->src, &conn->hcon->src);
5460 bacpy(&chan->dst, &conn->hcon->dst);
Johan Hedberga250e042015-01-15 13:06:44 +02005461 chan->src_type = bdaddr_src_type(conn->hcon);
5462 chan->dst_type = bdaddr_dst_type(conn->hcon);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005463 chan->psm = psm;
5464 chan->dcid = scid;
5465 chan->omtu = mtu;
5466 chan->remote_mps = mps;
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005467 chan->tx_credits = __le16_to_cpu(req->credits);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005468
5469 __l2cap_chan_add(conn, chan);
5470 dcid = chan->scid;
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005471 credits = chan->rx_credits;
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005472
5473 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
5474
5475 chan->ident = cmd->ident;
5476
5477 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
5478 l2cap_state_change(chan, BT_CONNECT2);
Johan Hedberg434714d2014-09-01 09:45:03 +03005479 /* The following result value is actually not defined
5480 * for LE CoC but we use it to let the function know
5481 * that it should bail out after doing its cleanup
5482 * instead of sending a response.
5483 */
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005484 result = L2CAP_CR_PEND;
5485 chan->ops->defer(chan);
5486 } else {
5487 l2cap_chan_ready(chan);
5488 result = L2CAP_CR_SUCCESS;
5489 }
5490
5491response_unlock:
5492 l2cap_chan_unlock(pchan);
5493 mutex_unlock(&conn->chan_lock);
Johan Hedberga24cce12014-08-07 22:56:42 +03005494 l2cap_chan_put(pchan);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005495
5496 if (result == L2CAP_CR_PEND)
5497 return 0;
5498
5499response:
5500 if (chan) {
5501 rsp.mtu = cpu_to_le16(chan->imtu);
Johan Hedberg3916aed2013-10-07 15:35:26 +02005502 rsp.mps = cpu_to_le16(chan->mps);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005503 } else {
5504 rsp.mtu = 0;
5505 rsp.mps = 0;
5506 }
5507
5508 rsp.dcid = cpu_to_le16(dcid);
Johan Hedberg0cd75f72013-05-17 13:09:05 +03005509 rsp.credits = cpu_to_le16(credits);
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005510 rsp.result = cpu_to_le16(result);
5511
5512 l2cap_send_cmd(conn, cmd->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), &rsp);
5513
5514 return 0;
5515}
5516
Johan Hedbergfad5fc892013-12-05 09:45:01 +02005517static inline int l2cap_le_credits(struct l2cap_conn *conn,
5518 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5519 u8 *data)
5520{
5521 struct l2cap_le_credits *pkt;
5522 struct l2cap_chan *chan;
Johan Hedberg0f1bfe42014-01-27 15:11:35 -08005523 u16 cid, credits, max_credits;
Johan Hedbergfad5fc892013-12-05 09:45:01 +02005524
5525 if (cmd_len != sizeof(*pkt))
5526 return -EPROTO;
5527
5528 pkt = (struct l2cap_le_credits *) data;
5529 cid = __le16_to_cpu(pkt->cid);
5530 credits = __le16_to_cpu(pkt->credits);
5531
5532 BT_DBG("cid 0x%4.4x credits 0x%4.4x", cid, credits);
5533
5534 chan = l2cap_get_chan_by_dcid(conn, cid);
5535 if (!chan)
5536 return -EBADSLT;
5537
Johan Hedberg0f1bfe42014-01-27 15:11:35 -08005538 max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits;
5539 if (credits > max_credits) {
5540 BT_ERR("LE credits overflow");
5541 l2cap_send_disconn_req(chan, ECONNRESET);
Martin Townsendee930532014-10-13 19:24:45 +01005542 l2cap_chan_unlock(chan);
Johan Hedberg0f1bfe42014-01-27 15:11:35 -08005543
5544 /* Return 0 so that we don't trigger an unnecessary
5545 * command reject packet.
5546 */
5547 return 0;
5548 }
5549
Johan Hedbergfad5fc892013-12-05 09:45:01 +02005550 chan->tx_credits += credits;
5551
5552 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
5553 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
5554 chan->tx_credits--;
5555 }
5556
5557 if (chan->tx_credits)
5558 chan->ops->resume(chan);
5559
5560 l2cap_chan_unlock(chan);
5561
5562 return 0;
5563}
5564
Johan Hedberg71fb4192013-12-10 10:52:48 +02005565static inline int l2cap_le_command_rej(struct l2cap_conn *conn,
5566 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5567 u8 *data)
5568{
5569 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
5570 struct l2cap_chan *chan;
5571
5572 if (cmd_len < sizeof(*rej))
5573 return -EPROTO;
5574
5575 mutex_lock(&conn->chan_lock);
5576
5577 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5578 if (!chan)
5579 goto done;
5580
5581 l2cap_chan_lock(chan);
5582 l2cap_chan_del(chan, ECONNREFUSED);
5583 l2cap_chan_unlock(chan);
5584
5585done:
5586 mutex_unlock(&conn->chan_lock);
5587 return 0;
5588}
5589
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005590static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
Johan Hedberg203e6392013-05-15 10:07:15 +03005591 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5592 u8 *data)
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005593{
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005594 int err = 0;
5595
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005596 switch (cmd->code) {
5597 case L2CAP_COMMAND_REJ:
Johan Hedberg71fb4192013-12-10 10:52:48 +02005598 l2cap_le_command_rej(conn, cmd, cmd_len, data);
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005599 break;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005600
5601 case L2CAP_CONN_PARAM_UPDATE_REQ:
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005602 err = l2cap_conn_param_update_req(conn, cmd, cmd_len, data);
5603 break;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005604
5605 case L2CAP_CONN_PARAM_UPDATE_RSP:
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005606 break;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005607
Johan Hedbergf1496de2013-05-13 14:15:56 +03005608 case L2CAP_LE_CONN_RSP:
5609 l2cap_le_connect_rsp(conn, cmd, cmd_len, data);
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005610 break;
Johan Hedbergf1496de2013-05-13 14:15:56 +03005611
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005612 case L2CAP_LE_CONN_REQ:
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005613 err = l2cap_le_connect_req(conn, cmd, cmd_len, data);
5614 break;
Johan Hedberg27e2d4c2013-05-14 13:27:21 +03005615
Johan Hedbergfad5fc892013-12-05 09:45:01 +02005616 case L2CAP_LE_CREDITS:
5617 err = l2cap_le_credits(conn, cmd, cmd_len, data);
5618 break;
5619
Johan Hedberg3defe012013-05-15 10:16:06 +03005620 case L2CAP_DISCONN_REQ:
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005621 err = l2cap_disconnect_req(conn, cmd, cmd_len, data);
5622 break;
Johan Hedberg3defe012013-05-15 10:16:06 +03005623
5624 case L2CAP_DISCONN_RSP:
5625 l2cap_disconnect_rsp(conn, cmd, cmd_len, data);
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005626 break;
Johan Hedberg3defe012013-05-15 10:16:06 +03005627
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005628 default:
5629 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005630 err = -EINVAL;
5631 break;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005632 }
Johan Hedbergb5ecba62013-12-02 12:21:29 +02005633
5634 return err;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005635}
5636
Johan Hedbergc5623552013-04-29 19:35:33 +03005637static inline void l2cap_le_sig_channel(struct l2cap_conn *conn,
5638 struct sk_buff *skb)
5639{
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005640 struct hci_conn *hcon = conn->hcon;
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005641 struct l2cap_cmd_hdr *cmd;
5642 u16 len;
Johan Hedbergc5623552013-04-29 19:35:33 +03005643 int err;
5644
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005645 if (hcon->type != LE_LINK)
Marcel Holtmann3b166292013-10-02 08:28:21 -07005646 goto drop;
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005647
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005648 if (skb->len < L2CAP_CMD_HDR_SIZE)
5649 goto drop;
Johan Hedbergc5623552013-04-29 19:35:33 +03005650
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005651 cmd = (void *) skb->data;
5652 skb_pull(skb, L2CAP_CMD_HDR_SIZE);
Johan Hedbergc5623552013-04-29 19:35:33 +03005653
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005654 len = le16_to_cpu(cmd->len);
Johan Hedbergc5623552013-04-29 19:35:33 +03005655
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005656 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, cmd->ident);
Johan Hedbergc5623552013-04-29 19:35:33 +03005657
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005658 if (len != skb->len || !cmd->ident) {
5659 BT_DBG("corrupted command");
5660 goto drop;
5661 }
Johan Hedbergc5623552013-04-29 19:35:33 +03005662
Johan Hedberg203e6392013-05-15 10:07:15 +03005663 err = l2cap_le_sig_cmd(conn, cmd, len, skb->data);
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005664 if (err) {
5665 struct l2cap_cmd_rej_unk rej;
Johan Hedbergc5623552013-04-29 19:35:33 +03005666
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005667 BT_ERR("Wrong link type (%d)", err);
Johan Hedbergc5623552013-04-29 19:35:33 +03005668
Joe Perchesdcf4adb2014-03-12 10:52:35 -07005669 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
Marcel Holtmann4f3e2192013-10-03 01:26:37 -07005670 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
5671 sizeof(rej), &rej);
Johan Hedbergc5623552013-04-29 19:35:33 +03005672 }
5673
Marcel Holtmann3b166292013-10-02 08:28:21 -07005674drop:
Johan Hedbergc5623552013-04-29 19:35:33 +03005675 kfree_skb(skb);
5676}
5677
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005678static inline void l2cap_sig_channel(struct l2cap_conn *conn,
Gustavo Padovan2d792812012-10-06 10:07:01 +01005679 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07005680{
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005681 struct hci_conn *hcon = conn->hcon;
Linus Torvalds1da177e2005-04-16 15:20:36 -07005682 u8 *data = skb->data;
5683 int len = skb->len;
5684 struct l2cap_cmd_hdr cmd;
Claudio Takahasi3300d9a2011-02-11 19:28:54 -02005685 int err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07005686
5687 l2cap_raw_recv(conn, skb);
5688
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005689 if (hcon->type != ACL_LINK)
Marcel Holtmann3b166292013-10-02 08:28:21 -07005690 goto drop;
Johan Hedberg69c4e4e2013-09-16 13:05:18 +03005691
Linus Torvalds1da177e2005-04-16 15:20:36 -07005692 while (len >= L2CAP_CMD_HDR_SIZE) {
Al Viro88219a02007-07-29 00:17:25 -07005693 u16 cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07005694 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
5695 data += L2CAP_CMD_HDR_SIZE;
5696 len -= L2CAP_CMD_HDR_SIZE;
5697
Al Viro88219a02007-07-29 00:17:25 -07005698 cmd_len = le16_to_cpu(cmd.len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07005699
Gustavo Padovan2d792812012-10-06 10:07:01 +01005700 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len,
5701 cmd.ident);
Linus Torvalds1da177e2005-04-16 15:20:36 -07005702
Al Viro88219a02007-07-29 00:17:25 -07005703 if (cmd_len > len || !cmd.ident) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07005704 BT_DBG("corrupted command");
5705 break;
5706 }
5707
Johan Hedbergc5623552013-04-29 19:35:33 +03005708 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07005709 if (err) {
Ilia Kolomisnkye2fd3182011-07-10 08:47:44 +03005710 struct l2cap_cmd_rej_unk rej;
Gustavo F. Padovan2c6d1a22011-03-23 14:38:32 -03005711
5712 BT_ERR("Wrong link type (%d)", err);
Linus Torvalds1da177e2005-04-16 15:20:36 -07005713
Joe Perchesdcf4adb2014-03-12 10:52:35 -07005714 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
Gustavo Padovan2d792812012-10-06 10:07:01 +01005715 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ,
5716 sizeof(rej), &rej);
Linus Torvalds1da177e2005-04-16 15:20:36 -07005717 }
5718
Al Viro88219a02007-07-29 00:17:25 -07005719 data += cmd_len;
5720 len -= cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07005721 }
5722
Marcel Holtmann3b166292013-10-02 08:28:21 -07005723drop:
Linus Torvalds1da177e2005-04-16 15:20:36 -07005724 kfree_skb(skb);
5725}
5726
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03005727static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03005728{
5729 u16 our_fcs, rcv_fcs;
Andrei Emeltchenkoe4ca6d92011-10-11 13:37:52 +03005730 int hdr_size;
5731
5732 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
5733 hdr_size = L2CAP_EXT_HDR_SIZE;
5734 else
5735 hdr_size = L2CAP_ENH_HDR_SIZE;
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03005736
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03005737 if (chan->fcs == L2CAP_FCS_CRC16) {
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03005738 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03005739 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
5740 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
5741
5742 if (our_fcs != rcv_fcs)
João Paulo Rechi Vita7a560e52010-06-22 13:56:27 -03005743 return -EBADMSG;
Gustavo F. Padovanfcc203c2009-08-20 22:26:02 -03005744 }
5745 return 0;
5746}
5747
Mat Martineau6ea00482012-05-17 20:53:52 -07005748static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005749{
Mat Martineaue31f7632012-05-17 20:53:41 -07005750 struct l2cap_ctrl control;
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005751
Mat Martineaue31f7632012-05-17 20:53:41 -07005752 BT_DBG("chan %p", chan);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005753
Mat Martineaue31f7632012-05-17 20:53:41 -07005754 memset(&control, 0, sizeof(control));
5755 control.sframe = 1;
5756 control.final = 1;
5757 control.reqseq = chan->buffer_seq;
5758 set_bit(CONN_SEND_FBIT, &chan->conn_state);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005759
Gustavo F. Padovane2ab4352011-06-10 21:28:49 -03005760 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
Mat Martineaue31f7632012-05-17 20:53:41 -07005761 control.super = L2CAP_SUPER_RNR;
5762 l2cap_send_sframe(chan, &control);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005763 }
5764
Mat Martineaue31f7632012-05-17 20:53:41 -07005765 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
5766 chan->unacked_frames > 0)
5767 __set_retrans_timer(chan);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005768
Mat Martineaue31f7632012-05-17 20:53:41 -07005769 /* Send pending iframes */
Gustavo F. Padovan525cd182011-03-25 19:43:39 -03005770 l2cap_ertm_send(chan);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005771
Gustavo F. Padovane2ab4352011-06-10 21:28:49 -03005772 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
Mat Martineaue31f7632012-05-17 20:53:41 -07005773 test_bit(CONN_SEND_FBIT, &chan->conn_state)) {
5774 /* F-bit wasn't sent in an s-frame or i-frame yet, so
5775 * send it now.
5776 */
5777 control.super = L2CAP_SUPER_RR;
5778 l2cap_send_sframe(chan, &control);
Gustavo F. Padovand5392c82010-05-01 16:15:36 -03005779 }
5780}
5781
Gustavo Padovan2d792812012-10-06 10:07:01 +01005782static void append_skb_frag(struct sk_buff *skb, struct sk_buff *new_frag,
5783 struct sk_buff **last_frag)
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005784{
Mat Martineau84084a32011-07-22 14:54:00 -07005785 /* skb->len reflects data in skb as well as all fragments
5786 * skb->data_len reflects only data in fragments
5787 */
5788 if (!skb_has_frag_list(skb))
5789 skb_shinfo(skb)->frag_list = new_frag;
5790
5791 new_frag->next = NULL;
5792
5793 (*last_frag)->next = new_frag;
5794 *last_frag = new_frag;
5795
5796 skb->len += new_frag->len;
5797 skb->data_len += new_frag->len;
5798 skb->truesize += new_frag->truesize;
5799}
5800
Mat Martineau4b51dae92012-05-17 20:53:37 -07005801static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
5802 struct l2cap_ctrl *control)
Mat Martineau84084a32011-07-22 14:54:00 -07005803{
5804 int err = -EINVAL;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005805
Mat Martineau4b51dae92012-05-17 20:53:37 -07005806 switch (control->sar) {
Andrei Emeltchenko7e0ef6e2011-10-11 13:37:45 +03005807 case L2CAP_SAR_UNSEGMENTED:
Mat Martineau84084a32011-07-22 14:54:00 -07005808 if (chan->sdu)
5809 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005810
Gustavo Padovan80b98022012-05-27 22:27:51 -03005811 err = chan->ops->recv(chan, skb);
Mat Martineau84084a32011-07-22 14:54:00 -07005812 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005813
Andrei Emeltchenko7e0ef6e2011-10-11 13:37:45 +03005814 case L2CAP_SAR_START:
Mat Martineau84084a32011-07-22 14:54:00 -07005815 if (chan->sdu)
5816 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005817
Gustavo F. Padovan6f61fd472011-03-25 20:09:37 -03005818 chan->sdu_len = get_unaligned_le16(skb->data);
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03005819 skb_pull(skb, L2CAP_SDULEN_SIZE);
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005820
Mat Martineau84084a32011-07-22 14:54:00 -07005821 if (chan->sdu_len > chan->imtu) {
5822 err = -EMSGSIZE;
5823 break;
5824 }
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005825
Mat Martineau84084a32011-07-22 14:54:00 -07005826 if (skb->len >= chan->sdu_len)
5827 break;
5828
5829 chan->sdu = skb;
5830 chan->sdu_last_frag = skb;
5831
5832 skb = NULL;
5833 err = 0;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005834 break;
5835
Andrei Emeltchenko7e0ef6e2011-10-11 13:37:45 +03005836 case L2CAP_SAR_CONTINUE:
Gustavo F. Padovan6f61fd472011-03-25 20:09:37 -03005837 if (!chan->sdu)
Mat Martineau84084a32011-07-22 14:54:00 -07005838 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005839
Mat Martineau84084a32011-07-22 14:54:00 -07005840 append_skb_frag(chan->sdu, skb,
5841 &chan->sdu_last_frag);
5842 skb = NULL;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005843
Mat Martineau84084a32011-07-22 14:54:00 -07005844 if (chan->sdu->len >= chan->sdu_len)
5845 break;
Gustavo F. Padovan4178ba42010-05-01 16:15:45 -03005846
Mat Martineau84084a32011-07-22 14:54:00 -07005847 err = 0;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005848 break;
5849
Andrei Emeltchenko7e0ef6e2011-10-11 13:37:45 +03005850 case L2CAP_SAR_END:
Gustavo F. Padovan6f61fd472011-03-25 20:09:37 -03005851 if (!chan->sdu)
Mat Martineau84084a32011-07-22 14:54:00 -07005852 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005853
Mat Martineau84084a32011-07-22 14:54:00 -07005854 append_skb_frag(chan->sdu, skb,
5855 &chan->sdu_last_frag);
5856 skb = NULL;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005857
Mat Martineau84084a32011-07-22 14:54:00 -07005858 if (chan->sdu->len != chan->sdu_len)
5859 break;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005860
Gustavo Padovan80b98022012-05-27 22:27:51 -03005861 err = chan->ops->recv(chan, chan->sdu);
Gustavo F. Padovan4178ba42010-05-01 16:15:45 -03005862
Mat Martineau84084a32011-07-22 14:54:00 -07005863 if (!err) {
5864 /* Reassembly complete */
5865 chan->sdu = NULL;
5866 chan->sdu_last_frag = NULL;
5867 chan->sdu_len = 0;
Gustavo F. Padovan1890d362010-05-01 16:15:44 -03005868 }
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005869 break;
5870 }
5871
Mat Martineau84084a32011-07-22 14:54:00 -07005872 if (err) {
5873 kfree_skb(skb);
5874 kfree_skb(chan->sdu);
5875 chan->sdu = NULL;
5876 chan->sdu_last_frag = NULL;
5877 chan->sdu_len = 0;
5878 }
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005879
Mat Martineau84084a32011-07-22 14:54:00 -07005880 return err;
Gustavo F. Padovan18778a62010-05-01 16:15:44 -03005881}
5882
Mat Martineau32b32732012-10-23 15:24:11 -07005883static int l2cap_resegment(struct l2cap_chan *chan)
5884{
5885 /* Placeholder */
5886 return 0;
5887}
5888
Mat Martineaue3281402011-07-07 09:39:02 -07005889void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
Gustavo F. Padovan712132e2010-06-21 19:39:50 -03005890{
Mat Martineau61aa4f52012-05-17 20:53:40 -07005891 u8 event;
5892
5893 if (chan->mode != L2CAP_MODE_ERTM)
5894 return;
5895
5896 event = busy ? L2CAP_EV_LOCAL_BUSY_DETECTED : L2CAP_EV_LOCAL_BUSY_CLEAR;
Andrei Emeltchenko401bb1f2012-05-21 15:47:46 +03005897 l2cap_tx(chan, NULL, NULL, event);
Gustavo F. Padovan1890d362010-05-01 16:15:44 -03005898}
5899
Mat Martineaud2a7ac52012-05-17 20:53:42 -07005900static int l2cap_rx_queued_iframes(struct l2cap_chan *chan)
5901{
Mat Martineau63838722012-05-17 20:53:45 -07005902 int err = 0;
5903 /* Pass sequential frames to l2cap_reassemble_sdu()
5904 * until a gap is encountered.
5905 */
5906
5907 BT_DBG("chan %p", chan);
5908
5909 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5910 struct sk_buff *skb;
5911 BT_DBG("Searching for skb with txseq %d (queue len %d)",
5912 chan->buffer_seq, skb_queue_len(&chan->srej_q));
5913
5914 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq);
5915
5916 if (!skb)
5917 break;
5918
5919 skb_unlink(skb, &chan->srej_q);
5920 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
Johan Hedberga4368ff2015-03-30 23:21:01 +03005921 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->l2cap);
Mat Martineau63838722012-05-17 20:53:45 -07005922 if (err)
5923 break;
5924 }
5925
5926 if (skb_queue_empty(&chan->srej_q)) {
5927 chan->rx_state = L2CAP_RX_STATE_RECV;
5928 l2cap_send_ack(chan);
5929 }
5930
5931 return err;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07005932}
5933
5934static void l2cap_handle_srej(struct l2cap_chan *chan,
5935 struct l2cap_ctrl *control)
5936{
Mat Martineauf80842a2012-05-17 20:53:46 -07005937 struct sk_buff *skb;
5938
5939 BT_DBG("chan %p, control %p", chan, control);
5940
5941 if (control->reqseq == chan->next_tx_seq) {
5942 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02005943 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineauf80842a2012-05-17 20:53:46 -07005944 return;
5945 }
5946
5947 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
5948
5949 if (skb == NULL) {
5950 BT_DBG("Seq %d not available for retransmission",
5951 control->reqseq);
5952 return;
5953 }
5954
Johan Hedberga4368ff2015-03-30 23:21:01 +03005955 if (chan->max_tx != 0 && bt_cb(skb)->l2cap.retries >= chan->max_tx) {
Mat Martineauf80842a2012-05-17 20:53:46 -07005956 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02005957 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineauf80842a2012-05-17 20:53:46 -07005958 return;
5959 }
5960
5961 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5962
5963 if (control->poll) {
5964 l2cap_pass_to_tx(chan, control);
5965
5966 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5967 l2cap_retransmit(chan, control);
5968 l2cap_ertm_send(chan);
5969
5970 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5971 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5972 chan->srej_save_reqseq = control->reqseq;
5973 }
5974 } else {
5975 l2cap_pass_to_tx_fbit(chan, control);
5976
5977 if (control->final) {
5978 if (chan->srej_save_reqseq != control->reqseq ||
5979 !test_and_clear_bit(CONN_SREJ_ACT,
5980 &chan->conn_state))
5981 l2cap_retransmit(chan, control);
5982 } else {
5983 l2cap_retransmit(chan, control);
5984 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5985 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5986 chan->srej_save_reqseq = control->reqseq;
5987 }
5988 }
5989 }
Mat Martineaud2a7ac52012-05-17 20:53:42 -07005990}
5991
5992static void l2cap_handle_rej(struct l2cap_chan *chan,
5993 struct l2cap_ctrl *control)
5994{
Mat Martineaufcd289d2012-05-17 20:53:47 -07005995 struct sk_buff *skb;
5996
5997 BT_DBG("chan %p, control %p", chan, control);
5998
5999 if (control->reqseq == chan->next_tx_seq) {
6000 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006001 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaufcd289d2012-05-17 20:53:47 -07006002 return;
6003 }
6004
6005 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
6006
6007 if (chan->max_tx && skb &&
Johan Hedberga4368ff2015-03-30 23:21:01 +03006008 bt_cb(skb)->l2cap.retries >= chan->max_tx) {
Mat Martineaufcd289d2012-05-17 20:53:47 -07006009 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006010 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaufcd289d2012-05-17 20:53:47 -07006011 return;
6012 }
6013
6014 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6015
6016 l2cap_pass_to_tx(chan, control);
6017
6018 if (control->final) {
6019 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
6020 l2cap_retransmit_all(chan, control);
6021 } else {
6022 l2cap_retransmit_all(chan, control);
6023 l2cap_ertm_send(chan);
6024 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F)
6025 set_bit(CONN_REJ_ACT, &chan->conn_state);
6026 }
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006027}
6028
Mat Martineau4b51dae92012-05-17 20:53:37 -07006029static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
6030{
6031 BT_DBG("chan %p, txseq %d", chan, txseq);
6032
6033 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq,
6034 chan->expected_tx_seq);
6035
6036 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
6037 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
Gustavo Padovan2d792812012-10-06 10:07:01 +01006038 chan->tx_win) {
Mat Martineau4b51dae92012-05-17 20:53:37 -07006039 /* See notes below regarding "double poll" and
6040 * invalid packets.
6041 */
6042 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
6043 BT_DBG("Invalid/Ignore - after SREJ");
6044 return L2CAP_TXSEQ_INVALID_IGNORE;
6045 } else {
6046 BT_DBG("Invalid - in window after SREJ sent");
6047 return L2CAP_TXSEQ_INVALID;
6048 }
6049 }
6050
6051 if (chan->srej_list.head == txseq) {
6052 BT_DBG("Expected SREJ");
6053 return L2CAP_TXSEQ_EXPECTED_SREJ;
6054 }
6055
6056 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) {
6057 BT_DBG("Duplicate SREJ - txseq already stored");
6058 return L2CAP_TXSEQ_DUPLICATE_SREJ;
6059 }
6060
6061 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) {
6062 BT_DBG("Unexpected SREJ - not requested");
6063 return L2CAP_TXSEQ_UNEXPECTED_SREJ;
6064 }
6065 }
6066
6067 if (chan->expected_tx_seq == txseq) {
6068 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
6069 chan->tx_win) {
6070 BT_DBG("Invalid - txseq outside tx window");
6071 return L2CAP_TXSEQ_INVALID;
6072 } else {
6073 BT_DBG("Expected");
6074 return L2CAP_TXSEQ_EXPECTED;
6075 }
6076 }
6077
6078 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
Gustavo Padovan2d792812012-10-06 10:07:01 +01006079 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
Mat Martineau4b51dae92012-05-17 20:53:37 -07006080 BT_DBG("Duplicate - expected_tx_seq later than txseq");
6081 return L2CAP_TXSEQ_DUPLICATE;
6082 }
6083
6084 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) {
6085 /* A source of invalid packets is a "double poll" condition,
6086 * where delays cause us to send multiple poll packets. If
6087 * the remote stack receives and processes both polls,
6088 * sequence numbers can wrap around in such a way that a
6089 * resent frame has a sequence number that looks like new data
6090 * with a sequence gap. This would trigger an erroneous SREJ
6091 * request.
6092 *
6093 * Fortunately, this is impossible with a tx window that's
6094 * less than half of the maximum sequence number, which allows
6095 * invalid frames to be safely ignored.
6096 *
6097 * With tx window sizes greater than half of the tx window
6098 * maximum, the frame is invalid and cannot be ignored. This
6099 * causes a disconnect.
6100 */
6101
6102 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
6103 BT_DBG("Invalid/Ignore - txseq outside tx window");
6104 return L2CAP_TXSEQ_INVALID_IGNORE;
6105 } else {
6106 BT_DBG("Invalid - txseq outside tx window");
6107 return L2CAP_TXSEQ_INVALID;
6108 }
6109 } else {
6110 BT_DBG("Unexpected - txseq indicates missing frames");
6111 return L2CAP_TXSEQ_UNEXPECTED;
6112 }
6113}
6114
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006115static int l2cap_rx_state_recv(struct l2cap_chan *chan,
6116 struct l2cap_ctrl *control,
6117 struct sk_buff *skb, u8 event)
6118{
6119 int err = 0;
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006120 bool skb_in_use = false;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006121
6122 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6123 event);
6124
6125 switch (event) {
6126 case L2CAP_EV_RECV_IFRAME:
6127 switch (l2cap_classify_txseq(chan, control->txseq)) {
6128 case L2CAP_TXSEQ_EXPECTED:
6129 l2cap_pass_to_tx(chan, control);
6130
6131 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
6132 BT_DBG("Busy, discarding expected seq %d",
6133 control->txseq);
6134 break;
6135 }
6136
6137 chan->expected_tx_seq = __next_seq(chan,
6138 control->txseq);
6139
6140 chan->buffer_seq = chan->expected_tx_seq;
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006141 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006142
6143 err = l2cap_reassemble_sdu(chan, skb, control);
6144 if (err)
6145 break;
6146
6147 if (control->final) {
6148 if (!test_and_clear_bit(CONN_REJ_ACT,
6149 &chan->conn_state)) {
6150 control->final = 0;
6151 l2cap_retransmit_all(chan, control);
6152 l2cap_ertm_send(chan);
6153 }
6154 }
6155
6156 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
6157 l2cap_send_ack(chan);
6158 break;
6159 case L2CAP_TXSEQ_UNEXPECTED:
6160 l2cap_pass_to_tx(chan, control);
6161
6162 /* Can't issue SREJ frames in the local busy state.
6163 * Drop this frame, it will be seen as missing
6164 * when local busy is exited.
6165 */
6166 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
6167 BT_DBG("Busy, discarding unexpected seq %d",
6168 control->txseq);
6169 break;
6170 }
6171
6172 /* There was a gap in the sequence, so an SREJ
6173 * must be sent for each missing frame. The
6174 * current frame is stored for later use.
6175 */
6176 skb_queue_tail(&chan->srej_q, skb);
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006177 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006178 BT_DBG("Queued %p (queue len %d)", skb,
6179 skb_queue_len(&chan->srej_q));
6180
6181 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
6182 l2cap_seq_list_clear(&chan->srej_list);
6183 l2cap_send_srej(chan, control->txseq);
6184
6185 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT;
6186 break;
6187 case L2CAP_TXSEQ_DUPLICATE:
6188 l2cap_pass_to_tx(chan, control);
6189 break;
6190 case L2CAP_TXSEQ_INVALID_IGNORE:
6191 break;
6192 case L2CAP_TXSEQ_INVALID:
6193 default:
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006194 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006195 break;
6196 }
6197 break;
6198 case L2CAP_EV_RECV_RR:
6199 l2cap_pass_to_tx(chan, control);
6200 if (control->final) {
6201 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6202
Mat Martineaue6a3ee62012-10-23 15:24:22 -07006203 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state) &&
6204 !__chan_is_moving(chan)) {
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006205 control->final = 0;
6206 l2cap_retransmit_all(chan, control);
6207 }
6208
6209 l2cap_ertm_send(chan);
6210 } else if (control->poll) {
6211 l2cap_send_i_or_rr_or_rnr(chan);
6212 } else {
6213 if (test_and_clear_bit(CONN_REMOTE_BUSY,
6214 &chan->conn_state) &&
6215 chan->unacked_frames)
6216 __set_retrans_timer(chan);
6217
6218 l2cap_ertm_send(chan);
6219 }
6220 break;
6221 case L2CAP_EV_RECV_RNR:
6222 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6223 l2cap_pass_to_tx(chan, control);
6224 if (control && control->poll) {
6225 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6226 l2cap_send_rr_or_rnr(chan, 0);
6227 }
6228 __clear_retrans_timer(chan);
6229 l2cap_seq_list_clear(&chan->retrans_list);
6230 break;
6231 case L2CAP_EV_RECV_REJ:
6232 l2cap_handle_rej(chan, control);
6233 break;
6234 case L2CAP_EV_RECV_SREJ:
6235 l2cap_handle_srej(chan, control);
6236 break;
6237 default:
6238 break;
6239 }
6240
6241 if (skb && !skb_in_use) {
6242 BT_DBG("Freeing %p", skb);
6243 kfree_skb(skb);
6244 }
6245
6246 return err;
6247}
6248
6249static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
6250 struct l2cap_ctrl *control,
6251 struct sk_buff *skb, u8 event)
6252{
6253 int err = 0;
6254 u16 txseq = control->txseq;
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006255 bool skb_in_use = false;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006256
6257 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6258 event);
6259
6260 switch (event) {
6261 case L2CAP_EV_RECV_IFRAME:
6262 switch (l2cap_classify_txseq(chan, txseq)) {
6263 case L2CAP_TXSEQ_EXPECTED:
6264 /* Keep frame for reassembly later */
6265 l2cap_pass_to_tx(chan, control);
6266 skb_queue_tail(&chan->srej_q, skb);
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006267 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006268 BT_DBG("Queued %p (queue len %d)", skb,
6269 skb_queue_len(&chan->srej_q));
6270
6271 chan->expected_tx_seq = __next_seq(chan, txseq);
6272 break;
6273 case L2CAP_TXSEQ_EXPECTED_SREJ:
6274 l2cap_seq_list_pop(&chan->srej_list);
6275
6276 l2cap_pass_to_tx(chan, control);
6277 skb_queue_tail(&chan->srej_q, skb);
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006278 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006279 BT_DBG("Queued %p (queue len %d)", skb,
6280 skb_queue_len(&chan->srej_q));
6281
6282 err = l2cap_rx_queued_iframes(chan);
6283 if (err)
6284 break;
6285
6286 break;
6287 case L2CAP_TXSEQ_UNEXPECTED:
6288 /* Got a frame that can't be reassembled yet.
6289 * Save it for later, and send SREJs to cover
6290 * the missing frames.
6291 */
6292 skb_queue_tail(&chan->srej_q, skb);
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006293 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006294 BT_DBG("Queued %p (queue len %d)", skb,
6295 skb_queue_len(&chan->srej_q));
6296
6297 l2cap_pass_to_tx(chan, control);
6298 l2cap_send_srej(chan, control->txseq);
6299 break;
6300 case L2CAP_TXSEQ_UNEXPECTED_SREJ:
6301 /* This frame was requested with an SREJ, but
6302 * some expected retransmitted frames are
6303 * missing. Request retransmission of missing
6304 * SREJ'd frames.
6305 */
6306 skb_queue_tail(&chan->srej_q, skb);
Peter Senna Tschudin941247f2013-09-22 20:44:10 +02006307 skb_in_use = true;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006308 BT_DBG("Queued %p (queue len %d)", skb,
6309 skb_queue_len(&chan->srej_q));
6310
6311 l2cap_pass_to_tx(chan, control);
6312 l2cap_send_srej_list(chan, control->txseq);
6313 break;
6314 case L2CAP_TXSEQ_DUPLICATE_SREJ:
6315 /* We've already queued this frame. Drop this copy. */
6316 l2cap_pass_to_tx(chan, control);
6317 break;
6318 case L2CAP_TXSEQ_DUPLICATE:
6319 /* Expecting a later sequence number, so this frame
6320 * was already received. Ignore it completely.
6321 */
6322 break;
6323 case L2CAP_TXSEQ_INVALID_IGNORE:
6324 break;
6325 case L2CAP_TXSEQ_INVALID:
6326 default:
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006327 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006328 break;
6329 }
6330 break;
6331 case L2CAP_EV_RECV_RR:
6332 l2cap_pass_to_tx(chan, control);
6333 if (control->final) {
6334 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6335
6336 if (!test_and_clear_bit(CONN_REJ_ACT,
6337 &chan->conn_state)) {
6338 control->final = 0;
6339 l2cap_retransmit_all(chan, control);
6340 }
6341
6342 l2cap_ertm_send(chan);
6343 } else if (control->poll) {
6344 if (test_and_clear_bit(CONN_REMOTE_BUSY,
6345 &chan->conn_state) &&
6346 chan->unacked_frames) {
6347 __set_retrans_timer(chan);
6348 }
6349
6350 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6351 l2cap_send_srej_tail(chan);
6352 } else {
6353 if (test_and_clear_bit(CONN_REMOTE_BUSY,
6354 &chan->conn_state) &&
6355 chan->unacked_frames)
6356 __set_retrans_timer(chan);
6357
6358 l2cap_send_ack(chan);
6359 }
6360 break;
6361 case L2CAP_EV_RECV_RNR:
6362 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6363 l2cap_pass_to_tx(chan, control);
6364 if (control->poll) {
6365 l2cap_send_srej_tail(chan);
6366 } else {
6367 struct l2cap_ctrl rr_control;
6368 memset(&rr_control, 0, sizeof(rr_control));
6369 rr_control.sframe = 1;
6370 rr_control.super = L2CAP_SUPER_RR;
6371 rr_control.reqseq = chan->buffer_seq;
6372 l2cap_send_sframe(chan, &rr_control);
6373 }
6374
6375 break;
6376 case L2CAP_EV_RECV_REJ:
6377 l2cap_handle_rej(chan, control);
6378 break;
6379 case L2CAP_EV_RECV_SREJ:
6380 l2cap_handle_srej(chan, control);
6381 break;
6382 }
6383
6384 if (skb && !skb_in_use) {
6385 BT_DBG("Freeing %p", skb);
6386 kfree_skb(skb);
6387 }
6388
6389 return err;
6390}
6391
Mat Martineau32b32732012-10-23 15:24:11 -07006392static int l2cap_finish_move(struct l2cap_chan *chan)
6393{
6394 BT_DBG("chan %p", chan);
6395
6396 chan->rx_state = L2CAP_RX_STATE_RECV;
6397
6398 if (chan->hs_hcon)
6399 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
6400 else
6401 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6402
6403 return l2cap_resegment(chan);
6404}
6405
6406static int l2cap_rx_state_wait_p(struct l2cap_chan *chan,
6407 struct l2cap_ctrl *control,
6408 struct sk_buff *skb, u8 event)
6409{
6410 int err;
6411
6412 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6413 event);
6414
6415 if (!control->poll)
6416 return -EPROTO;
6417
6418 l2cap_process_reqseq(chan, control->reqseq);
6419
6420 if (!skb_queue_empty(&chan->tx_q))
6421 chan->tx_send_head = skb_peek(&chan->tx_q);
6422 else
6423 chan->tx_send_head = NULL;
6424
6425 /* Rewind next_tx_seq to the point expected
6426 * by the receiver.
6427 */
6428 chan->next_tx_seq = control->reqseq;
6429 chan->unacked_frames = 0;
6430
6431 err = l2cap_finish_move(chan);
6432 if (err)
6433 return err;
6434
6435 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6436 l2cap_send_i_or_rr_or_rnr(chan);
6437
6438 if (event == L2CAP_EV_RECV_IFRAME)
6439 return -EPROTO;
6440
6441 return l2cap_rx_state_recv(chan, control, NULL, event);
6442}
6443
6444static int l2cap_rx_state_wait_f(struct l2cap_chan *chan,
6445 struct l2cap_ctrl *control,
6446 struct sk_buff *skb, u8 event)
6447{
6448 int err;
6449
6450 if (!control->final)
6451 return -EPROTO;
6452
6453 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6454
6455 chan->rx_state = L2CAP_RX_STATE_RECV;
6456 l2cap_process_reqseq(chan, control->reqseq);
6457
6458 if (!skb_queue_empty(&chan->tx_q))
6459 chan->tx_send_head = skb_peek(&chan->tx_q);
6460 else
6461 chan->tx_send_head = NULL;
6462
6463 /* Rewind next_tx_seq to the point expected
6464 * by the receiver.
6465 */
6466 chan->next_tx_seq = control->reqseq;
6467 chan->unacked_frames = 0;
6468
6469 if (chan->hs_hcon)
6470 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
6471 else
6472 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6473
6474 err = l2cap_resegment(chan);
6475
6476 if (!err)
6477 err = l2cap_rx_state_recv(chan, control, skb, event);
6478
6479 return err;
6480}
6481
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006482static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq)
6483{
6484 /* Make sure reqseq is for a packet that has been sent but not acked */
6485 u16 unacked;
6486
6487 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq);
6488 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked;
6489}
6490
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006491static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6492 struct sk_buff *skb, u8 event)
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006493{
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006494 int err = 0;
6495
6496 BT_DBG("chan %p, control %p, skb %p, event %d, state %d", chan,
6497 control, skb, event, chan->rx_state);
6498
6499 if (__valid_reqseq(chan, control->reqseq)) {
6500 switch (chan->rx_state) {
6501 case L2CAP_RX_STATE_RECV:
6502 err = l2cap_rx_state_recv(chan, control, skb, event);
6503 break;
6504 case L2CAP_RX_STATE_SREJ_SENT:
6505 err = l2cap_rx_state_srej_sent(chan, control, skb,
6506 event);
6507 break;
Mat Martineau32b32732012-10-23 15:24:11 -07006508 case L2CAP_RX_STATE_WAIT_P:
6509 err = l2cap_rx_state_wait_p(chan, control, skb, event);
6510 break;
6511 case L2CAP_RX_STATE_WAIT_F:
6512 err = l2cap_rx_state_wait_f(chan, control, skb, event);
6513 break;
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006514 default:
6515 /* shut it down */
6516 break;
6517 }
6518 } else {
6519 BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d",
6520 control->reqseq, chan->next_tx_seq,
6521 chan->expected_ack_seq);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006522 l2cap_send_disconn_req(chan, ECONNRESET);
Mat Martineaud2a7ac52012-05-17 20:53:42 -07006523 }
6524
6525 return err;
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006526}
6527
6528static int l2cap_stream_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6529 struct sk_buff *skb)
6530{
Mat Martineau4b51dae92012-05-17 20:53:37 -07006531 int err = 0;
6532
6533 BT_DBG("chan %p, control %p, skb %p, state %d", chan, control, skb,
6534 chan->rx_state);
6535
6536 if (l2cap_classify_txseq(chan, control->txseq) ==
6537 L2CAP_TXSEQ_EXPECTED) {
6538 l2cap_pass_to_tx(chan, control);
6539
6540 BT_DBG("buffer_seq %d->%d", chan->buffer_seq,
6541 __next_seq(chan, chan->buffer_seq));
6542
6543 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
6544
6545 l2cap_reassemble_sdu(chan, skb, control);
6546 } else {
6547 if (chan->sdu) {
6548 kfree_skb(chan->sdu);
6549 chan->sdu = NULL;
6550 }
6551 chan->sdu_last_frag = NULL;
6552 chan->sdu_len = 0;
6553
6554 if (skb) {
6555 BT_DBG("Freeing %p", skb);
6556 kfree_skb(skb);
6557 }
6558 }
6559
6560 chan->last_acked_seq = control->txseq;
6561 chan->expected_tx_seq = __next_seq(chan, control->txseq);
6562
6563 return err;
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006564}
6565
6566static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6567{
Johan Hedberga4368ff2015-03-30 23:21:01 +03006568 struct l2cap_ctrl *control = &bt_cb(skb)->l2cap;
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006569 u16 len;
6570 u8 event;
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006571
Mat Martineaub76bbd62012-04-11 10:48:43 -07006572 __unpack_control(chan, skb);
6573
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006574 len = skb->len;
6575
6576 /*
6577 * We can just drop the corrupted I-frame here.
6578 * Receiver will miss it and start proper recovery
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006579 * procedures and ask for retransmission.
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006580 */
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03006581 if (l2cap_check_fcs(chan, skb))
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006582 goto drop;
6583
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006584 if (!control->sframe && control->sar == L2CAP_SAR_START)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03006585 len -= L2CAP_SDULEN_SIZE;
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006586
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03006587 if (chan->fcs == L2CAP_FCS_CRC16)
Andrei Emeltchenko03a51212011-10-17 12:19:58 +03006588 len -= L2CAP_FCS_SIZE;
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006589
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -03006590 if (len > chan->mps) {
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006591 l2cap_send_disconn_req(chan, ECONNRESET);
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006592 goto drop;
6593 }
6594
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006595 if (!control->sframe) {
6596 int err;
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006597
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006598 BT_DBG("iframe sar %d, reqseq %d, final %d, txseq %d",
6599 control->sar, control->reqseq, control->final,
6600 control->txseq);
Andrei Emeltchenko836be932011-10-17 12:19:57 +03006601
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006602 /* Validate F-bit - F=0 always valid, F=1 only
6603 * valid in TX WAIT_F
6604 */
6605 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F)
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006606 goto drop;
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006607
6608 if (chan->mode != L2CAP_MODE_STREAMING) {
6609 event = L2CAP_EV_RECV_IFRAME;
6610 err = l2cap_rx(chan, control, skb, event);
6611 } else {
6612 err = l2cap_stream_rx(chan, control, skb);
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006613 }
6614
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006615 if (err)
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006616 l2cap_send_disconn_req(chan, ECONNRESET);
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006617 } else {
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006618 const u8 rx_func_to_event[4] = {
6619 L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ,
6620 L2CAP_EV_RECV_RNR, L2CAP_EV_RECV_SREJ
6621 };
6622
6623 /* Only I-frames are expected in streaming mode */
6624 if (chan->mode == L2CAP_MODE_STREAMING)
6625 goto drop;
6626
6627 BT_DBG("sframe reqseq %d, final %d, poll %d, super %d",
6628 control->reqseq, control->final, control->poll,
6629 control->super);
6630
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006631 if (len != 0) {
Andrei Emeltchenko1bb166e2012-11-20 17:16:21 +02006632 BT_ERR("Trailing bytes: %d in sframe", len);
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006633 l2cap_send_disconn_req(chan, ECONNRESET);
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006634 goto drop;
6635 }
6636
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006637 /* Validate F and P bits */
6638 if (control->final && (control->poll ||
6639 chan->tx_state != L2CAP_TX_STATE_WAIT_F))
6640 goto drop;
6641
6642 event = rx_func_to_event[control->super];
6643 if (l2cap_rx(chan, control, skb, event))
Andrei Emeltchenko5e4e3972012-11-28 17:59:39 +02006644 l2cap_send_disconn_req(chan, ECONNRESET);
Gustavo F. Padovan218bb9d2010-06-21 18:53:22 -03006645 }
6646
6647 return 0;
6648
6649drop:
6650 kfree_skb(skb);
6651 return 0;
6652}
6653
Johan Hedbergb1c325c2013-12-05 09:43:34 +02006654static void l2cap_chan_le_send_credits(struct l2cap_chan *chan)
6655{
6656 struct l2cap_conn *conn = chan->conn;
6657 struct l2cap_le_credits pkt;
6658 u16 return_credits;
6659
6660 /* We return more credits to the sender only after the amount of
6661 * credits falls below half of the initial amount.
6662 */
Johan Hedbergf15b8ec2013-12-03 15:08:25 +02006663 if (chan->rx_credits >= (le_max_credits + 1) / 2)
Johan Hedbergb1c325c2013-12-05 09:43:34 +02006664 return;
6665
Johan Hedbergf15b8ec2013-12-03 15:08:25 +02006666 return_credits = le_max_credits - chan->rx_credits;
Johan Hedbergb1c325c2013-12-05 09:43:34 +02006667
6668 BT_DBG("chan %p returning %u credits to sender", chan, return_credits);
6669
6670 chan->rx_credits += return_credits;
6671
6672 pkt.cid = cpu_to_le16(chan->scid);
6673 pkt.credits = cpu_to_le16(return_credits);
6674
6675 chan->ident = l2cap_get_ident(conn);
6676
6677 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt);
6678}
6679
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006680static int l2cap_le_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6681{
Johan Hedbergaac23bf2013-06-01 10:14:57 +03006682 int err;
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006683
Johan Hedbergaac23bf2013-06-01 10:14:57 +03006684 if (!chan->rx_credits) {
6685 BT_ERR("No credits to receive LE L2CAP data");
Johan Hedbergdfd97742014-01-27 15:11:34 -08006686 l2cap_send_disconn_req(chan, ECONNRESET);
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006687 return -ENOBUFS;
Johan Hedbergaac23bf2013-06-01 10:14:57 +03006688 }
6689
6690 if (chan->imtu < skb->len) {
6691 BT_ERR("Too big LE L2CAP PDU");
6692 return -ENOBUFS;
6693 }
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006694
6695 chan->rx_credits--;
6696 BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits);
6697
6698 l2cap_chan_le_send_credits(chan);
6699
Johan Hedbergaac23bf2013-06-01 10:14:57 +03006700 err = 0;
6701
6702 if (!chan->sdu) {
6703 u16 sdu_len;
6704
6705 sdu_len = get_unaligned_le16(skb->data);
6706 skb_pull(skb, L2CAP_SDULEN_SIZE);
6707
6708 BT_DBG("Start of new SDU. sdu_len %u skb->len %u imtu %u",
6709 sdu_len, skb->len, chan->imtu);
6710
6711 if (sdu_len > chan->imtu) {
6712 BT_ERR("Too big LE L2CAP SDU length received");
6713 err = -EMSGSIZE;
6714 goto failed;
6715 }
6716
6717 if (skb->len > sdu_len) {
6718 BT_ERR("Too much LE L2CAP data received");
6719 err = -EINVAL;
6720 goto failed;
6721 }
6722
6723 if (skb->len == sdu_len)
6724 return chan->ops->recv(chan, skb);
6725
6726 chan->sdu = skb;
6727 chan->sdu_len = sdu_len;
6728 chan->sdu_last_frag = skb;
6729
6730 return 0;
6731 }
6732
6733 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u",
6734 chan->sdu->len, skb->len, chan->sdu_len);
6735
6736 if (chan->sdu->len + skb->len > chan->sdu_len) {
6737 BT_ERR("Too much LE L2CAP data received");
6738 err = -EINVAL;
6739 goto failed;
6740 }
6741
6742 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag);
6743 skb = NULL;
6744
6745 if (chan->sdu->len == chan->sdu_len) {
6746 err = chan->ops->recv(chan, chan->sdu);
6747 if (!err) {
6748 chan->sdu = NULL;
6749 chan->sdu_last_frag = NULL;
6750 chan->sdu_len = 0;
6751 }
6752 }
6753
6754failed:
6755 if (err) {
6756 kfree_skb(skb);
6757 kfree_skb(chan->sdu);
6758 chan->sdu = NULL;
6759 chan->sdu_last_frag = NULL;
6760 chan->sdu_len = 0;
6761 }
6762
6763 /* We can't return an error here since we took care of the skb
6764 * freeing internally. An error return would cause the caller to
6765 * do a double-free of the skb.
6766 */
6767 return 0;
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006768}
6769
Andrei Emeltchenko13ca56e2012-05-31 11:18:55 +03006770static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid,
6771 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07006772{
Gustavo F. Padovan48454072011-03-25 00:22:30 -03006773 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07006774
Gustavo F. Padovanbaa7e1f2011-03-31 16:17:41 -03006775 chan = l2cap_get_chan_by_scid(conn, cid);
Gustavo F. Padovan48454072011-03-25 00:22:30 -03006776 if (!chan) {
Andrei Emeltchenko97e8e892012-05-29 13:59:17 +03006777 if (cid == L2CAP_CID_A2MP) {
6778 chan = a2mp_channel_create(conn, skb);
6779 if (!chan) {
6780 kfree_skb(skb);
Andrei Emeltchenko13ca56e2012-05-31 11:18:55 +03006781 return;
Andrei Emeltchenko97e8e892012-05-29 13:59:17 +03006782 }
6783
6784 l2cap_chan_lock(chan);
6785 } else {
6786 BT_DBG("unknown cid 0x%4.4x", cid);
6787 /* Drop packet and return */
6788 kfree_skb(skb);
Andrei Emeltchenko13ca56e2012-05-31 11:18:55 +03006789 return;
Andrei Emeltchenko97e8e892012-05-29 13:59:17 +03006790 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07006791 }
6792
Gustavo F. Padovan49208c92011-04-04 15:59:54 -03006793 BT_DBG("chan %p, len %d", chan, skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07006794
Johan Hedberg315917e2015-02-16 11:42:11 +02006795 /* If we receive data on a fixed channel before the info req/rsp
6796 * procdure is done simply assume that the channel is supported
6797 * and mark it as ready.
6798 */
6799 if (chan->chan_type == L2CAP_CHAN_FIXED)
6800 l2cap_chan_ready(chan);
6801
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03006802 if (chan->state != BT_CONNECTED)
Linus Torvalds1da177e2005-04-16 15:20:36 -07006803 goto drop;
6804
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03006805 switch (chan->mode) {
Johan Hedberg38319712013-05-17 12:49:23 +03006806 case L2CAP_MODE_LE_FLOWCTL:
Johan Hedbergfad5fc892013-12-05 09:45:01 +02006807 if (l2cap_le_data_rcv(chan, skb) < 0)
6808 goto drop;
6809
6810 goto done;
6811
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006812 case L2CAP_MODE_BASIC:
6813 /* If socket recv buffers overflows we drop data here
6814 * which is *bad* because L2CAP has to be reliable.
6815 * But we don't have any other choice. L2CAP doesn't
6816 * provide flow control mechanism. */
Linus Torvalds1da177e2005-04-16 15:20:36 -07006817
Szymon Janc2c96e032014-02-18 20:48:34 +01006818 if (chan->imtu < skb->len) {
6819 BT_ERR("Dropping L2CAP data: receive buffer overflow");
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006820 goto drop;
Szymon Janc2c96e032014-02-18 20:48:34 +01006821 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07006822
Gustavo Padovan80b98022012-05-27 22:27:51 -03006823 if (!chan->ops->recv(chan, skb))
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006824 goto done;
6825 break;
6826
6827 case L2CAP_MODE_ERTM:
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03006828 case L2CAP_MODE_STREAMING:
Mat Martineaucec8ab6e2012-05-17 20:53:36 -07006829 l2cap_data_rcv(chan, skb);
Gustavo F. Padovan6840ed02009-08-20 22:26:01 -03006830 goto done;
6831
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006832 default:
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03006833 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006834 break;
6835 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07006836
6837drop:
6838 kfree_skb(skb);
6839
6840done:
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02006841 l2cap_chan_unlock(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07006842}
6843
Andrei Emeltchenko84104b22012-05-31 11:18:56 +03006844static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
6845 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07006846{
Marcel Holtmannae4fd2d2013-10-03 00:03:39 -07006847 struct hci_conn *hcon = conn->hcon;
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03006848 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07006849
Marcel Holtmannae4fd2d2013-10-03 00:03:39 -07006850 if (hcon->type != ACL_LINK)
Johan Hedberga24cce12014-08-07 22:56:42 +03006851 goto free_skb;
Marcel Holtmannae4fd2d2013-10-03 00:03:39 -07006852
Johan Hedbergbf20fd42013-05-14 13:23:13 +03006853 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst,
6854 ACL_LINK);
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03006855 if (!chan)
Johan Hedberga24cce12014-08-07 22:56:42 +03006856 goto free_skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -07006857
Andrei Emeltchenko5b4ceda2012-02-24 16:35:32 +02006858 BT_DBG("chan %p, len %d", chan, skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07006859
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03006860 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
Linus Torvalds1da177e2005-04-16 15:20:36 -07006861 goto drop;
6862
Vinicius Costa Gomese13e21d2011-06-17 22:46:27 -03006863 if (chan->imtu < skb->len)
Linus Torvalds1da177e2005-04-16 15:20:36 -07006864 goto drop;
6865
Marcel Holtmann2edf8702013-10-13 12:55:29 -07006866 /* Store remote BD_ADDR and PSM for msg_name */
Johan Hedberga4368ff2015-03-30 23:21:01 +03006867 bacpy(&bt_cb(skb)->l2cap.bdaddr, &hcon->dst);
6868 bt_cb(skb)->l2cap.psm = psm;
Marcel Holtmann2edf8702013-10-13 12:55:29 -07006869
Johan Hedberga24cce12014-08-07 22:56:42 +03006870 if (!chan->ops->recv(chan, skb)) {
6871 l2cap_chan_put(chan);
Andrei Emeltchenko84104b22012-05-31 11:18:56 +03006872 return;
Johan Hedberga24cce12014-08-07 22:56:42 +03006873 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07006874
6875drop:
Johan Hedberga24cce12014-08-07 22:56:42 +03006876 l2cap_chan_put(chan);
6877free_skb:
Linus Torvalds1da177e2005-04-16 15:20:36 -07006878 kfree_skb(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -07006879}
6880
6881static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
6882{
6883 struct l2cap_hdr *lh = (void *) skb->data;
Johan Hedberg61a939c2014-01-17 20:45:11 +02006884 struct hci_conn *hcon = conn->hcon;
Al Viro8e036fc2007-07-29 00:16:36 -07006885 u16 cid, len;
6886 __le16 psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07006887
Johan Hedberg61a939c2014-01-17 20:45:11 +02006888 if (hcon->state != BT_CONNECTED) {
6889 BT_DBG("queueing pending rx skb");
6890 skb_queue_tail(&conn->pending_rx, skb);
6891 return;
6892 }
6893
Linus Torvalds1da177e2005-04-16 15:20:36 -07006894 skb_pull(skb, L2CAP_HDR_SIZE);
6895 cid = __le16_to_cpu(lh->cid);
6896 len = __le16_to_cpu(lh->len);
6897
Gustavo F. Padovan1c2acff2009-08-20 22:25:57 -03006898 if (len != skb->len) {
6899 kfree_skb(skb);
6900 return;
6901 }
6902
Johan Hedberg9e1d7e12014-07-06 11:03:36 +03006903 /* Since we can't actively block incoming LE connections we must
6904 * at least ensure that we ignore incoming data from them.
6905 */
6906 if (hcon->type == LE_LINK &&
Johan Hedbergdcc36c12014-07-09 12:59:13 +03006907 hci_bdaddr_list_lookup(&hcon->hdev->blacklist, &hcon->dst,
Johan Hedberga250e042015-01-15 13:06:44 +02006908 bdaddr_dst_type(hcon))) {
Johan Hedberge4931502014-07-02 09:36:21 +03006909 kfree_skb(skb);
6910 return;
6911 }
6912
Linus Torvalds1da177e2005-04-16 15:20:36 -07006913 BT_DBG("len %d, cid 0x%4.4x", len, cid);
6914
6915 switch (cid) {
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03006916 case L2CAP_CID_SIGNALING:
Linus Torvalds1da177e2005-04-16 15:20:36 -07006917 l2cap_sig_channel(conn, skb);
6918 break;
6919
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03006920 case L2CAP_CID_CONN_LESS:
Andrei Emeltchenko097db762012-03-09 14:16:17 +02006921 psm = get_unaligned((__le16 *) skb->data);
Andrei Emeltchenko0181a702012-05-29 10:04:05 +03006922 skb_pull(skb, L2CAP_PSMLEN_SIZE);
Linus Torvalds1da177e2005-04-16 15:20:36 -07006923 l2cap_conless_channel(conn, psm, skb);
6924 break;
6925
Marcel Holtmanna2877622013-10-02 23:46:54 -07006926 case L2CAP_CID_LE_SIGNALING:
6927 l2cap_le_sig_channel(conn, skb);
6928 break;
6929
Linus Torvalds1da177e2005-04-16 15:20:36 -07006930 default:
6931 l2cap_data_channel(conn, cid, skb);
6932 break;
6933 }
6934}
6935
Johan Hedberg61a939c2014-01-17 20:45:11 +02006936static void process_pending_rx(struct work_struct *work)
6937{
6938 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
6939 pending_rx_work);
6940 struct sk_buff *skb;
6941
6942 BT_DBG("");
6943
6944 while ((skb = skb_dequeue(&conn->pending_rx)))
6945 l2cap_recv_frame(conn, skb);
6946}
6947
Johan Hedberg162b49e2014-01-17 20:45:10 +02006948static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
6949{
6950 struct l2cap_conn *conn = hcon->l2cap_data;
6951 struct hci_chan *hchan;
6952
6953 if (conn)
6954 return conn;
6955
6956 hchan = hci_chan_create(hcon);
6957 if (!hchan)
6958 return NULL;
6959
Johan Hedberg27f70f32014-07-21 10:50:06 +03006960 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
Johan Hedberg162b49e2014-01-17 20:45:10 +02006961 if (!conn) {
6962 hci_chan_del(hchan);
6963 return NULL;
6964 }
6965
6966 kref_init(&conn->ref);
6967 hcon->l2cap_data = conn;
Johan Hedberg51bb84572014-08-15 21:06:57 +03006968 conn->hcon = hci_conn_get(hcon);
Johan Hedberg162b49e2014-01-17 20:45:10 +02006969 conn->hchan = hchan;
6970
6971 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
6972
6973 switch (hcon->type) {
6974 case LE_LINK:
6975 if (hcon->hdev->le_mtu) {
6976 conn->mtu = hcon->hdev->le_mtu;
6977 break;
6978 }
6979 /* fall through */
6980 default:
6981 conn->mtu = hcon->hdev->acl_mtu;
6982 break;
6983 }
6984
6985 conn->feat_mask = 0;
6986
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02006987 conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS;
6988
6989 if (hcon->type == ACL_LINK &&
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07006990 hci_dev_test_flag(hcon->hdev, HCI_HS_ENABLED))
Johan Hedberg0bd49fc2014-12-02 10:09:26 +02006991 conn->local_fixed_chan |= L2CAP_FC_A2MP;
Johan Hedberg162b49e2014-01-17 20:45:10 +02006992
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07006993 if (hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED) &&
Marcel Holtmannf9be9e82014-12-06 00:35:45 +01006994 (bredr_sc_enabled(hcon->hdev) ||
Marcel Holtmannb7cb93e2015-03-13 10:20:35 -07006995 hci_dev_test_flag(hcon->hdev, HCI_FORCE_BREDR_SMP)))
Johan Hedbergb5ae3442014-08-14 12:34:26 +03006996 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR;
6997
Marcel Holtmann5a54e7c2014-07-13 20:50:15 +02006998 mutex_init(&conn->ident_lock);
Johan Hedberg162b49e2014-01-17 20:45:10 +02006999 mutex_init(&conn->chan_lock);
7000
7001 INIT_LIST_HEAD(&conn->chan_l);
7002 INIT_LIST_HEAD(&conn->users);
7003
Johan Hedberg276d8072014-08-11 22:06:41 +03007004 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
Johan Hedberg162b49e2014-01-17 20:45:10 +02007005
Johan Hedberg61a939c2014-01-17 20:45:11 +02007006 skb_queue_head_init(&conn->pending_rx);
7007 INIT_WORK(&conn->pending_rx_work, process_pending_rx);
Johan Hedbergf3d82d02014-09-05 22:19:50 +03007008 INIT_WORK(&conn->id_addr_update_work, l2cap_conn_update_id_addr);
Johan Hedberg61a939c2014-01-17 20:45:11 +02007009
Johan Hedberg162b49e2014-01-17 20:45:10 +02007010 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
7011
7012 return conn;
7013}
7014
7015static bool is_valid_psm(u16 psm, u8 dst_type) {
7016 if (!psm)
7017 return false;
7018
7019 if (bdaddr_type_is_le(dst_type))
7020 return (psm <= 0x00ff);
7021
7022 /* PSM must be odd and lsb of upper byte must be 0 */
7023 return ((psm & 0x0101) == 0x0001);
7024}
7025
7026int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
7027 bdaddr_t *dst, u8 dst_type)
7028{
7029 struct l2cap_conn *conn;
7030 struct hci_conn *hcon;
7031 struct hci_dev *hdev;
Johan Hedberg162b49e2014-01-17 20:45:10 +02007032 int err;
7033
7034 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", &chan->src, dst,
7035 dst_type, __le16_to_cpu(psm));
7036
7037 hdev = hci_get_route(dst, &chan->src);
7038 if (!hdev)
7039 return -EHOSTUNREACH;
7040
7041 hci_dev_lock(hdev);
7042
Johan Hedberg162b49e2014-01-17 20:45:10 +02007043 if (!is_valid_psm(__le16_to_cpu(psm), dst_type) && !cid &&
7044 chan->chan_type != L2CAP_CHAN_RAW) {
7045 err = -EINVAL;
7046 goto done;
7047 }
7048
Johan Hedberg21626e62014-01-24 10:35:41 +02007049 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) {
7050 err = -EINVAL;
7051 goto done;
7052 }
7053
7054 if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) {
Johan Hedberg162b49e2014-01-17 20:45:10 +02007055 err = -EINVAL;
7056 goto done;
7057 }
7058
7059 switch (chan->mode) {
7060 case L2CAP_MODE_BASIC:
7061 break;
7062 case L2CAP_MODE_LE_FLOWCTL:
7063 l2cap_le_flowctl_init(chan);
7064 break;
7065 case L2CAP_MODE_ERTM:
7066 case L2CAP_MODE_STREAMING:
7067 if (!disable_ertm)
7068 break;
7069 /* fall through */
7070 default:
Johan Hedbergbeb19e42014-07-18 11:15:26 +03007071 err = -EOPNOTSUPP;
Johan Hedberg162b49e2014-01-17 20:45:10 +02007072 goto done;
7073 }
7074
7075 switch (chan->state) {
7076 case BT_CONNECT:
7077 case BT_CONNECT2:
7078 case BT_CONFIG:
7079 /* Already connecting */
7080 err = 0;
7081 goto done;
7082
7083 case BT_CONNECTED:
7084 /* Already connected */
7085 err = -EISCONN;
7086 goto done;
7087
7088 case BT_OPEN:
7089 case BT_BOUND:
7090 /* Can connect */
7091 break;
7092
7093 default:
7094 err = -EBADFD;
7095 goto done;
7096 }
7097
7098 /* Set destination address and psm */
7099 bacpy(&chan->dst, dst);
7100 chan->dst_type = dst_type;
7101
7102 chan->psm = psm;
7103 chan->dcid = cid;
7104
Andre Guedes6f77d8c2014-02-26 20:21:45 -03007105 if (bdaddr_type_is_le(dst_type)) {
Johan Hedberge804d252014-07-16 11:42:28 +03007106 u8 role;
Johan Hedbergcdd62752014-07-07 15:02:28 +03007107
Andre Guedes6f77d8c2014-02-26 20:21:45 -03007108 /* Convert from L2CAP channel address type to HCI address type
7109 */
7110 if (dst_type == BDADDR_LE_PUBLIC)
7111 dst_type = ADDR_LE_DEV_PUBLIC;
7112 else
7113 dst_type = ADDR_LE_DEV_RANDOM;
7114
Marcel Holtmannd7a5a112015-03-13 02:11:00 -07007115 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
Johan Hedberge804d252014-07-16 11:42:28 +03007116 role = HCI_ROLE_SLAVE;
7117 else
7118 role = HCI_ROLE_MASTER;
Johan Hedbergcdd62752014-07-07 15:02:28 +03007119
Andre Guedes04a6c582014-02-26 20:21:44 -03007120 hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level,
Johan Hedberge804d252014-07-16 11:42:28 +03007121 HCI_LE_CONN_TIMEOUT, role);
Andre Guedes6f77d8c2014-02-26 20:21:45 -03007122 } else {
Johan Hedbergd93375a2014-07-07 15:02:27 +03007123 u8 auth_type = l2cap_get_auth_type(chan);
Andre Guedes04a6c582014-02-26 20:21:44 -03007124 hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type);
Andre Guedes6f77d8c2014-02-26 20:21:45 -03007125 }
Johan Hedberg162b49e2014-01-17 20:45:10 +02007126
7127 if (IS_ERR(hcon)) {
7128 err = PTR_ERR(hcon);
7129 goto done;
7130 }
7131
7132 conn = l2cap_conn_add(hcon);
7133 if (!conn) {
7134 hci_conn_drop(hcon);
7135 err = -ENOMEM;
7136 goto done;
7137 }
7138
Johan Hedberg02e246ae2014-10-02 10:16:22 +03007139 mutex_lock(&conn->chan_lock);
7140 l2cap_chan_lock(chan);
7141
Johan Hedberg162b49e2014-01-17 20:45:10 +02007142 if (cid && __l2cap_get_chan_by_dcid(conn, cid)) {
7143 hci_conn_drop(hcon);
7144 err = -EBUSY;
Johan Hedberg02e246ae2014-10-02 10:16:22 +03007145 goto chan_unlock;
Johan Hedberg162b49e2014-01-17 20:45:10 +02007146 }
7147
7148 /* Update source addr of the socket */
7149 bacpy(&chan->src, &hcon->src);
Johan Hedberga250e042015-01-15 13:06:44 +02007150 chan->src_type = bdaddr_src_type(hcon);
Johan Hedberg162b49e2014-01-17 20:45:10 +02007151
Johan Hedberg02e246ae2014-10-02 10:16:22 +03007152 __l2cap_chan_add(conn, chan);
Johan Hedberg162b49e2014-01-17 20:45:10 +02007153
7154 /* l2cap_chan_add takes its own ref so we can drop this one */
7155 hci_conn_drop(hcon);
7156
7157 l2cap_state_change(chan, BT_CONNECT);
7158 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
7159
Johan Hedberg61202e42014-01-28 15:16:48 -08007160 /* Release chan->sport so that it can be reused by other
7161 * sockets (as it's only used for listening sockets).
7162 */
7163 write_lock(&chan_list_lock);
7164 chan->sport = 0;
7165 write_unlock(&chan_list_lock);
7166
Johan Hedberg162b49e2014-01-17 20:45:10 +02007167 if (hcon->state == BT_CONNECTED) {
7168 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
7169 __clear_chan_timer(chan);
Johan Hedberge7cafc42014-07-17 15:35:38 +03007170 if (l2cap_chan_check_security(chan, true))
Johan Hedberg162b49e2014-01-17 20:45:10 +02007171 l2cap_state_change(chan, BT_CONNECTED);
7172 } else
7173 l2cap_do_start(chan);
7174 }
7175
7176 err = 0;
7177
Johan Hedberg02e246ae2014-10-02 10:16:22 +03007178chan_unlock:
Johan Hedberg162b49e2014-01-17 20:45:10 +02007179 l2cap_chan_unlock(chan);
Johan Hedberg02e246ae2014-10-02 10:16:22 +03007180 mutex_unlock(&conn->chan_lock);
7181done:
Johan Hedberg162b49e2014-01-17 20:45:10 +02007182 hci_dev_unlock(hdev);
7183 hci_dev_put(hdev);
7184 return err;
7185}
Jukka Rissanen6b8d4a62014-06-18 16:37:08 +03007186EXPORT_SYMBOL_GPL(l2cap_chan_connect);
Johan Hedberg162b49e2014-01-17 20:45:10 +02007187
Linus Torvalds1da177e2005-04-16 15:20:36 -07007188/* ---- L2CAP interface with lower layer (HCI) ---- */
7189
Ulisses Furquim686ebf22011-12-21 10:11:33 -02007190int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007191{
7192 int exact = 0, lm1 = 0, lm2 = 0;
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03007193 struct l2cap_chan *c;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007194
Andrei Emeltchenko6ed93dc2012-09-25 12:49:43 +03007195 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007196
7197 /* Find listening sockets and check their link_mode */
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03007198 read_lock(&chan_list_lock);
7199 list_for_each_entry(c, &chan_list, global_l) {
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03007200 if (c->state != BT_LISTEN)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007201 continue;
7202
Marcel Holtmann7eafc592013-10-13 08:12:47 -07007203 if (!bacmp(&c->src, &hdev->bdaddr)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01007204 lm1 |= HCI_LM_ACCEPT;
Andrei Emeltchenko43bd0f32011-10-11 14:04:34 +03007205 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01007206 lm1 |= HCI_LM_MASTER;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007207 exact++;
Marcel Holtmann7eafc592013-10-13 08:12:47 -07007208 } else if (!bacmp(&c->src, BDADDR_ANY)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01007209 lm2 |= HCI_LM_ACCEPT;
Andrei Emeltchenko43bd0f32011-10-11 14:04:34 +03007210 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01007211 lm2 |= HCI_LM_MASTER;
7212 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07007213 }
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03007214 read_unlock(&chan_list_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007215
7216 return exact ? lm1 : lm2;
7217}
7218
Johan Hedberge760ec12014-08-07 22:56:47 +03007219/* Find the next fixed channel in BT_LISTEN state, continue iteration
7220 * from an existing channel in the list or from the beginning of the
7221 * global list (by passing NULL as first parameter).
7222 */
7223static struct l2cap_chan *l2cap_global_fixed_chan(struct l2cap_chan *c,
Johan Hedberg327a7192015-01-15 13:06:45 +02007224 struct hci_conn *hcon)
Johan Hedberge760ec12014-08-07 22:56:47 +03007225{
Johan Hedberg327a7192015-01-15 13:06:45 +02007226 u8 src_type = bdaddr_src_type(hcon);
7227
Johan Hedberge760ec12014-08-07 22:56:47 +03007228 read_lock(&chan_list_lock);
7229
7230 if (c)
7231 c = list_next_entry(c, global_l);
7232 else
7233 c = list_entry(chan_list.next, typeof(*c), global_l);
7234
7235 list_for_each_entry_from(c, &chan_list, global_l) {
7236 if (c->chan_type != L2CAP_CHAN_FIXED)
7237 continue;
7238 if (c->state != BT_LISTEN)
7239 continue;
Johan Hedberg327a7192015-01-15 13:06:45 +02007240 if (bacmp(&c->src, &hcon->src) && bacmp(&c->src, BDADDR_ANY))
Johan Hedberge760ec12014-08-07 22:56:47 +03007241 continue;
Johan Hedberg327a7192015-01-15 13:06:45 +02007242 if (src_type != c->src_type)
Johan Hedberg54a1b622014-08-07 22:56:48 +03007243 continue;
Johan Hedberge760ec12014-08-07 22:56:47 +03007244
7245 l2cap_chan_hold(c);
7246 read_unlock(&chan_list_lock);
7247 return c;
7248 }
7249
7250 read_unlock(&chan_list_lock);
7251
7252 return NULL;
7253}
7254
Johan Hedberg539c4962015-02-18 14:53:57 +02007255static void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007256{
Johan Hedberge760ec12014-08-07 22:56:47 +03007257 struct hci_dev *hdev = hcon->hdev;
Marcel Holtmann01394182006-07-03 10:02:46 +02007258 struct l2cap_conn *conn;
Johan Hedberge760ec12014-08-07 22:56:47 +03007259 struct l2cap_chan *pchan;
7260 u8 dst_type;
Marcel Holtmann01394182006-07-03 10:02:46 +02007261
Johan Hedberg539c4962015-02-18 14:53:57 +02007262 if (hcon->type != ACL_LINK && hcon->type != LE_LINK)
7263 return;
7264
Andrei Emeltchenko6ed93dc2012-09-25 12:49:43 +03007265 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007266
Johan Hedbergdc0f5082014-08-07 22:56:46 +03007267 if (status) {
Joe Perchese1750722011-06-29 18:18:29 -07007268 l2cap_conn_del(hcon, bt_to_errno(status));
Johan Hedbergdc0f5082014-08-07 22:56:46 +03007269 return;
Andrei Emeltchenkoba6fc312012-10-31 15:46:26 +02007270 }
Johan Hedbergdc0f5082014-08-07 22:56:46 +03007271
7272 conn = l2cap_conn_add(hcon);
7273 if (!conn)
7274 return;
7275
Johan Hedberga250e042015-01-15 13:06:44 +02007276 dst_type = bdaddr_dst_type(hcon);
Johan Hedberge760ec12014-08-07 22:56:47 +03007277
7278 /* If device is blocked, do not create channels for it */
7279 if (hci_bdaddr_list_lookup(&hdev->blacklist, &hcon->dst, dst_type))
7280 return;
7281
7282 /* Find fixed channels and notify them of the new connection. We
7283 * use multiple individual lookups, continuing each time where
7284 * we left off, because the list lock would prevent calling the
7285 * potentially sleeping l2cap_chan_lock() function.
7286 */
Johan Hedberg327a7192015-01-15 13:06:45 +02007287 pchan = l2cap_global_fixed_chan(NULL, hcon);
Johan Hedberge760ec12014-08-07 22:56:47 +03007288 while (pchan) {
7289 struct l2cap_chan *chan, *next;
7290
7291 /* Client fixed channels should override server ones */
7292 if (__l2cap_get_chan_by_dcid(conn, pchan->scid))
7293 goto next;
7294
7295 l2cap_chan_lock(pchan);
7296 chan = pchan->ops->new_connection(pchan);
7297 if (chan) {
7298 bacpy(&chan->src, &hcon->src);
7299 bacpy(&chan->dst, &hcon->dst);
Johan Hedberga250e042015-01-15 13:06:44 +02007300 chan->src_type = bdaddr_src_type(hcon);
Johan Hedberge760ec12014-08-07 22:56:47 +03007301 chan->dst_type = dst_type;
7302
7303 __l2cap_chan_add(conn, chan);
7304 }
7305
7306 l2cap_chan_unlock(pchan);
7307next:
Johan Hedberg327a7192015-01-15 13:06:45 +02007308 next = l2cap_global_fixed_chan(pchan, hcon);
Johan Hedberge760ec12014-08-07 22:56:47 +03007309 l2cap_chan_put(pchan);
7310 pchan = next;
7311 }
7312
Johan Hedbergdc0f5082014-08-07 22:56:46 +03007313 l2cap_conn_ready(conn);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007314}
7315
Ulisses Furquim686ebf22011-12-21 10:11:33 -02007316int l2cap_disconn_ind(struct hci_conn *hcon)
Marcel Holtmann2950f212009-02-12 14:02:50 +01007317{
7318 struct l2cap_conn *conn = hcon->l2cap_data;
7319
7320 BT_DBG("hcon %p", hcon);
7321
Ulisses Furquim686ebf22011-12-21 10:11:33 -02007322 if (!conn)
Andrei Emeltchenko9f5a0d72011-11-07 14:20:25 +02007323 return HCI_ERROR_REMOTE_USER_TERM;
Marcel Holtmann2950f212009-02-12 14:02:50 +01007324 return conn->disc_reason;
7325}
7326
Johan Hedberg3a6d5762015-02-18 14:53:58 +02007327static void l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007328{
Johan Hedberg3a6d5762015-02-18 14:53:58 +02007329 if (hcon->type != ACL_LINK && hcon->type != LE_LINK)
7330 return;
7331
Linus Torvalds1da177e2005-04-16 15:20:36 -07007332 BT_DBG("hcon %p reason %d", hcon, reason);
7333
Joe Perchese1750722011-06-29 18:18:29 -07007334 l2cap_conn_del(hcon, bt_to_errno(reason));
Linus Torvalds1da177e2005-04-16 15:20:36 -07007335}
7336
Gustavo F. Padovan43434782011-04-12 18:31:57 -03007337static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
Marcel Holtmannf62e4322009-01-15 21:58:44 +01007338{
Gustavo F. Padovan715ec002011-05-02 17:13:55 -03007339 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
Marcel Holtmann255c7602009-02-04 21:07:19 +01007340 return;
7341
Marcel Holtmannf62e4322009-01-15 21:58:44 +01007342 if (encrypt == 0x00) {
Gustavo F. Padovan43434782011-04-12 18:31:57 -03007343 if (chan->sec_level == BT_SECURITY_MEDIUM) {
Marcel Holtmannba13ccd2012-03-01 14:25:33 -08007344 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
Marcel Holtmann7d513e92014-01-15 22:37:40 -08007345 } else if (chan->sec_level == BT_SECURITY_HIGH ||
7346 chan->sec_level == BT_SECURITY_FIPS)
Gustavo F. Padovan0f852722011-05-04 19:42:50 -03007347 l2cap_chan_close(chan, ECONNREFUSED);
Marcel Holtmannf62e4322009-01-15 21:58:44 +01007348 } else {
Gustavo F. Padovan43434782011-04-12 18:31:57 -03007349 if (chan->sec_level == BT_SECURITY_MEDIUM)
Gustavo F. Padovanc9b66672011-05-17 14:59:01 -03007350 __clear_chan_timer(chan);
Marcel Holtmannf62e4322009-01-15 21:58:44 +01007351 }
7352}
7353
Johan Hedberg354fe802015-02-18 14:53:56 +02007354static void l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007355{
Marcel Holtmann40be4922008-07-14 20:13:50 +02007356 struct l2cap_conn *conn = hcon->l2cap_data;
Gustavo F. Padovan48454072011-03-25 00:22:30 -03007357 struct l2cap_chan *chan;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007358
Marcel Holtmann01394182006-07-03 10:02:46 +02007359 if (!conn)
Johan Hedberg354fe802015-02-18 14:53:56 +02007360 return;
Marcel Holtmann01394182006-07-03 10:02:46 +02007361
Andrei Emeltchenko89d8b402012-07-10 15:27:51 +03007362 BT_DBG("conn %p status 0x%2.2x encrypt %u", conn, status, encrypt);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007363
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02007364 mutex_lock(&conn->chan_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007365
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02007366 list_for_each_entry(chan, &conn->chan_l, list) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02007367 l2cap_chan_lock(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007368
Andrei Emeltchenko89d8b402012-07-10 15:27:51 +03007369 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid,
7370 state_to_string(chan->state));
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03007371
Johan Hedberg2338a7e2014-01-24 10:35:40 +02007372 if (chan->scid == L2CAP_CID_A2MP) {
Andrei Emeltchenko78eb2f92012-07-19 17:03:47 +03007373 l2cap_chan_unlock(chan);
7374 continue;
7375 }
7376
Johan Hedberg191eb392014-08-07 22:56:45 +03007377 if (!status && encrypt)
7378 chan->sec_level = hcon->sec_level;
Vinicius Costa Gomesf1cb9af2011-01-26 21:42:57 -03007379
Andrei Emeltchenko96eff462012-11-15 18:14:53 +02007380 if (!__l2cap_no_conn_pending(chan)) {
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02007381 l2cap_chan_unlock(chan);
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01007382 continue;
7383 }
7384
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03007385 if (!status && (chan->state == BT_CONNECTED ||
Gustavo Padovan2d792812012-10-06 10:07:01 +01007386 chan->state == BT_CONFIG)) {
Marcel Holtmannd97c8992013-10-14 02:53:54 -07007387 chan->ops->resume(chan);
Gustavo F. Padovan43434782011-04-12 18:31:57 -03007388 l2cap_check_encryption(chan, encrypt);
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02007389 l2cap_chan_unlock(chan);
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02007390 continue;
7391 }
7392
Gustavo F. Padovan89bc5002011-06-03 00:19:47 -03007393 if (chan->state == BT_CONNECT) {
Johan Hedberg6d3c15d2013-12-02 22:13:24 +02007394 if (!status)
Andrei Emeltchenko93c3e8f2012-09-27 17:26:16 +03007395 l2cap_start_connection(chan);
Johan Hedberg6d3c15d2013-12-02 22:13:24 +02007396 else
Marcel Holtmannba13ccd2012-03-01 14:25:33 -08007397 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
Johan Hedbergfa37c1a2014-11-13 10:55:17 +02007398 } else if (chan->state == BT_CONNECT2 &&
7399 chan->mode != L2CAP_MODE_LE_FLOWCTL) {
Marcel Holtmannb1235d72008-07-14 20:13:54 +02007400 struct l2cap_conn_rsp rsp;
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007401 __u16 res, stat;
Marcel Holtmannb1235d72008-07-14 20:13:54 +02007402
7403 if (!status) {
Marcel Holtmannbdc25782013-10-14 02:45:34 -07007404 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007405 res = L2CAP_CR_PEND;
7406 stat = L2CAP_CS_AUTHOR_PEND;
Gustavo Padovan2dc4e512012-10-12 19:35:24 +08007407 chan->ops->defer(chan);
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007408 } else {
Gustavo Padovanacdcabf2013-10-21 14:21:39 -02007409 l2cap_state_change(chan, BT_CONFIG);
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007410 res = L2CAP_CR_SUCCESS;
7411 stat = L2CAP_CS_NO_INFO;
7412 }
Marcel Holtmannb1235d72008-07-14 20:13:54 +02007413 } else {
Gustavo Padovanacdcabf2013-10-21 14:21:39 -02007414 l2cap_state_change(chan, BT_DISCONN);
Marcel Holtmannba13ccd2012-03-01 14:25:33 -08007415 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007416 res = L2CAP_CR_SEC_BLOCK;
7417 stat = L2CAP_CS_NO_INFO;
Marcel Holtmannb1235d72008-07-14 20:13:54 +02007418 }
7419
Gustavo F. Padovanfe4128e2011-04-13 19:50:45 -03007420 rsp.scid = cpu_to_le16(chan->dcid);
7421 rsp.dcid = cpu_to_le16(chan->scid);
Johan Hedbergdf3c3932011-06-14 12:48:19 +03007422 rsp.result = cpu_to_le16(res);
7423 rsp.status = cpu_to_le16(stat);
Gustavo F. Padovanfc7f8a72011-03-25 13:59:37 -03007424 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
Gustavo Padovan2d792812012-10-06 10:07:01 +01007425 sizeof(rsp), &rsp);
Mat Martineau2d369352012-05-23 14:59:30 -07007426
7427 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
7428 res == L2CAP_CR_SUCCESS) {
7429 char buf[128];
7430 set_bit(CONF_REQ_SENT, &chan->conf_state);
7431 l2cap_send_cmd(conn, l2cap_get_ident(conn),
7432 L2CAP_CONF_REQ,
7433 l2cap_build_conf_req(chan, buf),
7434 buf);
7435 chan->num_conf_req++;
7436 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07007437 }
7438
Andrei Emeltchenko6be36552012-02-22 17:11:56 +02007439 l2cap_chan_unlock(chan);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007440 }
7441
Andrei Emeltchenko3df91ea2012-02-21 12:54:55 +02007442 mutex_unlock(&conn->chan_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007443}
7444
Ulisses Furquim686ebf22011-12-21 10:11:33 -02007445int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007446{
7447 struct l2cap_conn *conn = hcon->l2cap_data;
Andrei Emeltchenkod73a0982012-10-15 11:58:40 +03007448 struct l2cap_hdr *hdr;
7449 int len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007450
Andrei Emeltchenko1d13a252012-10-15 11:58:41 +03007451 /* For AMP controller do not create l2cap conn */
7452 if (!conn && hcon->hdev->dev_type != HCI_BREDR)
7453 goto drop;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007454
Andrei Emeltchenko5a08ecc2011-01-11 17:20:20 +02007455 if (!conn)
Claudio Takahasibaf43252013-04-11 13:55:50 -03007456 conn = l2cap_conn_add(hcon);
Andrei Emeltchenko5a08ecc2011-01-11 17:20:20 +02007457
7458 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007459 goto drop;
7460
7461 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
7462
Andrei Emeltchenkod73a0982012-10-15 11:58:40 +03007463 switch (flags) {
7464 case ACL_START:
7465 case ACL_START_NO_FLUSH:
7466 case ACL_COMPLETE:
Linus Torvalds1da177e2005-04-16 15:20:36 -07007467 if (conn->rx_len) {
7468 BT_ERR("Unexpected start frame (len %d)", skb->len);
7469 kfree_skb(conn->rx_skb);
7470 conn->rx_skb = NULL;
7471 conn->rx_len = 0;
7472 l2cap_conn_unreliable(conn, ECOMM);
7473 }
7474
Andrei Emeltchenkoaae7fe22010-09-15 14:28:43 +03007475 /* Start fragment always begin with Basic L2CAP header */
7476 if (skb->len < L2CAP_HDR_SIZE) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07007477 BT_ERR("Frame is too short (len %d)", skb->len);
7478 l2cap_conn_unreliable(conn, ECOMM);
7479 goto drop;
7480 }
7481
7482 hdr = (struct l2cap_hdr *) skb->data;
7483 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
7484
7485 if (len == skb->len) {
7486 /* Complete frame received */
7487 l2cap_recv_frame(conn, skb);
7488 return 0;
7489 }
7490
7491 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
7492
7493 if (skb->len > len) {
7494 BT_ERR("Frame is too long (len %d, expected len %d)",
Gustavo Padovan2d792812012-10-06 10:07:01 +01007495 skb->len, len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007496 l2cap_conn_unreliable(conn, ECOMM);
7497 goto drop;
7498 }
7499
7500 /* Allocate skb for the complete frame (with header) */
Gustavo Padovan8bcde1f2012-05-28 19:18:14 -03007501 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03007502 if (!conn->rx_skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007503 goto drop;
7504
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03007505 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Gustavo Padovan2d792812012-10-06 10:07:01 +01007506 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007507 conn->rx_len = len - skb->len;
Andrei Emeltchenkod73a0982012-10-15 11:58:40 +03007508 break;
7509
7510 case ACL_CONT:
Linus Torvalds1da177e2005-04-16 15:20:36 -07007511 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
7512
7513 if (!conn->rx_len) {
7514 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
7515 l2cap_conn_unreliable(conn, ECOMM);
7516 goto drop;
7517 }
7518
7519 if (skb->len > conn->rx_len) {
7520 BT_ERR("Fragment is too long (len %d, expected %d)",
Gustavo Padovan2d792812012-10-06 10:07:01 +01007521 skb->len, conn->rx_len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007522 kfree_skb(conn->rx_skb);
7523 conn->rx_skb = NULL;
7524 conn->rx_len = 0;
7525 l2cap_conn_unreliable(conn, ECOMM);
7526 goto drop;
7527 }
7528
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03007529 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Gustavo Padovan2d792812012-10-06 10:07:01 +01007530 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007531 conn->rx_len -= skb->len;
7532
7533 if (!conn->rx_len) {
Johan Hedbergc4e5baf2013-10-10 13:33:37 +02007534 /* Complete frame received. l2cap_recv_frame
7535 * takes ownership of the skb so set the global
7536 * rx_skb pointer to NULL first.
7537 */
7538 struct sk_buff *rx_skb = conn->rx_skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007539 conn->rx_skb = NULL;
Johan Hedbergc4e5baf2013-10-10 13:33:37 +02007540 l2cap_recv_frame(conn, rx_skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007541 }
Andrei Emeltchenkod73a0982012-10-15 11:58:40 +03007542 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007543 }
7544
7545drop:
7546 kfree_skb(skb);
7547 return 0;
7548}
7549
Johan Hedberg354fe802015-02-18 14:53:56 +02007550static struct hci_cb l2cap_cb = {
7551 .name = "L2CAP",
Johan Hedberg539c4962015-02-18 14:53:57 +02007552 .connect_cfm = l2cap_connect_cfm,
Johan Hedberg3a6d5762015-02-18 14:53:58 +02007553 .disconn_cfm = l2cap_disconn_cfm,
Johan Hedberg354fe802015-02-18 14:53:56 +02007554 .security_cfm = l2cap_security_cfm,
7555};
7556
Marcel Holtmannaef7d972010-03-21 05:27:45 +01007557static int l2cap_debugfs_show(struct seq_file *f, void *p)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007558{
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03007559 struct l2cap_chan *c;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007560
Gustavo F. Padovan333055f2011-12-22 15:14:39 -02007561 read_lock(&chan_list_lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007562
Gustavo F. Padovan23691d72011-04-27 18:26:32 -03007563 list_for_each_entry(c, &chan_list, global_l) {
Marcel Holtmanneeb5a062015-01-14 13:44:21 -08007564 seq_printf(f, "%pMR (%u) %pMR (%u) %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
7565 &c->src, c->src_type, &c->dst, c->dst_type,
Andrei Emeltchenkofcb73332012-09-25 12:49:44 +03007566 c->state, __le16_to_cpu(c->psm),
7567 c->scid, c->dcid, c->imtu, c->omtu,
7568 c->sec_level, c->mode);
Andrei Emeltchenko61e1b4b2012-01-19 11:19:50 +02007569 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07007570
Gustavo F. Padovan333055f2011-12-22 15:14:39 -02007571 read_unlock(&chan_list_lock);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08007572
Marcel Holtmannaef7d972010-03-21 05:27:45 +01007573 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007574}
7575
Marcel Holtmannaef7d972010-03-21 05:27:45 +01007576static int l2cap_debugfs_open(struct inode *inode, struct file *file)
7577{
7578 return single_open(file, l2cap_debugfs_show, inode->i_private);
7579}
7580
7581static const struct file_operations l2cap_debugfs_fops = {
7582 .open = l2cap_debugfs_open,
7583 .read = seq_read,
7584 .llseek = seq_lseek,
7585 .release = single_release,
7586};
7587
7588static struct dentry *l2cap_debugfs;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007589
Gustavo F. Padovan64274512011-02-07 20:08:52 -02007590int __init l2cap_init(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007591{
7592 int err;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08007593
Gustavo F. Padovanbb58f742011-02-03 20:50:35 -02007594 err = l2cap_init_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -07007595 if (err < 0)
7596 return err;
7597
Johan Hedberg354fe802015-02-18 14:53:56 +02007598 hci_register_cb(&l2cap_cb);
7599
Marcel Holtmann1120e4b2013-10-17 17:24:16 -07007600 if (IS_ERR_OR_NULL(bt_debugfs))
7601 return 0;
7602
7603 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs,
7604 NULL, &l2cap_debugfs_fops);
Linus Torvalds1da177e2005-04-16 15:20:36 -07007605
Samuel Ortiz40b93972014-05-14 17:53:35 +02007606 debugfs_create_u16("l2cap_le_max_credits", 0644, bt_debugfs,
Johan Hedbergf15b8ec2013-12-03 15:08:25 +02007607 &le_max_credits);
Samuel Ortiz40b93972014-05-14 17:53:35 +02007608 debugfs_create_u16("l2cap_le_default_mps", 0644, bt_debugfs,
Johan Hedbergf15b8ec2013-12-03 15:08:25 +02007609 &le_default_mps);
7610
Linus Torvalds1da177e2005-04-16 15:20:36 -07007611 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07007612}
7613
Gustavo F. Padovan64274512011-02-07 20:08:52 -02007614void l2cap_exit(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -07007615{
Marcel Holtmannaef7d972010-03-21 05:27:45 +01007616 debugfs_remove(l2cap_debugfs);
Johan Hedberg354fe802015-02-18 14:53:56 +02007617 hci_unregister_cb(&l2cap_cb);
Gustavo F. Padovanbb58f742011-02-03 20:50:35 -02007618 l2cap_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -07007619}
7620
Gustavo F. Padovand1c4a172010-07-18 16:25:54 -03007621module_param(disable_ertm, bool, 0644);
7622MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");