Lines Matching +full:break +full:- +full:control
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
62 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
82 return bdaddr_type(hcon->type, hcon->src_type); in bdaddr_src_type()
87 return bdaddr_type(hcon->type, hcon->dst_type); in bdaddr_dst_type()
90 /* ---- L2CAP channels ---- */
97 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_dcid()
98 if (c->dcid == cid) in __l2cap_get_chan_by_dcid()
109 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_scid()
110 if (c->scid == cid) in __l2cap_get_chan_by_scid()
124 mutex_lock(&conn->chan_lock); in l2cap_get_chan_by_scid()
132 mutex_unlock(&conn->chan_lock); in l2cap_get_chan_by_scid()
145 mutex_lock(&conn->chan_lock); in l2cap_get_chan_by_dcid()
153 mutex_unlock(&conn->chan_lock); in l2cap_get_chan_by_dcid()
163 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_ident()
164 if (c->ident == ident) in __l2cap_get_chan_by_ident()
175 mutex_lock(&conn->chan_lock); in l2cap_get_chan_by_ident()
183 mutex_unlock(&conn->chan_lock); in l2cap_get_chan_by_ident()
194 if (src_type == BDADDR_BREDR && c->src_type != BDADDR_BREDR) in __l2cap_global_chan_by_addr()
197 if (src_type != BDADDR_BREDR && c->src_type == BDADDR_BREDR) in __l2cap_global_chan_by_addr()
200 if (c->sport == psm && !bacmp(&c->src, src)) in __l2cap_global_chan_by_addr()
212 if (psm && __l2cap_global_chan_by_addr(psm, src, chan->src_type)) { in l2cap_add_psm()
213 err = -EADDRINUSE; in l2cap_add_psm()
218 chan->psm = psm; in l2cap_add_psm()
219 chan->sport = psm; in l2cap_add_psm()
224 if (chan->src_type == BDADDR_BREDR) { in l2cap_add_psm()
234 err = -EINVAL; in l2cap_add_psm()
237 chan->src_type)) { in l2cap_add_psm()
238 chan->psm = cpu_to_le16(p); in l2cap_add_psm()
239 chan->sport = cpu_to_le16(p); in l2cap_add_psm()
241 break; in l2cap_add_psm()
255 /* Override the defaults (which are for conn-oriented) */ in l2cap_add_scid()
256 chan->omtu = L2CAP_DEFAULT_MTU; in l2cap_add_scid()
257 chan->chan_type = L2CAP_CHAN_FIXED; in l2cap_add_scid()
259 chan->scid = scid; in l2cap_add_scid()
270 if (conn->hcon->type == LE_LINK) in l2cap_alloc_cid()
285 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state), in l2cap_state_change()
288 chan->state = state; in l2cap_state_change()
289 chan->ops->state_change(chan, state, 0); in l2cap_state_change()
295 chan->state = state; in l2cap_state_change_and_error()
296 chan->ops->state_change(chan, chan->state, err); in l2cap_state_change_and_error()
301 chan->ops->state_change(chan, chan->state, err); in l2cap_chan_set_err()
306 if (!delayed_work_pending(&chan->monitor_timer) && in __set_retrans_timer()
307 chan->retrans_timeout) { in __set_retrans_timer()
308 l2cap_set_timer(chan, &chan->retrans_timer, in __set_retrans_timer()
309 msecs_to_jiffies(chan->retrans_timeout)); in __set_retrans_timer()
316 if (chan->monitor_timeout) { in __set_monitor_timer()
317 l2cap_set_timer(chan, &chan->monitor_timer, in __set_monitor_timer()
318 msecs_to_jiffies(chan->monitor_timeout)); in __set_monitor_timer()
328 if (bt_cb(skb)->l2cap.txseq == seq) in l2cap_ertm_seq_in_queue()
335 /* ---- L2CAP sequence number lists ---- */
339 * retransmitted. These seq_list functions implement a singly-linked
356 seq_list->list = kmalloc_array(alloc_size, sizeof(u16), GFP_KERNEL); in l2cap_seq_list_init()
357 if (!seq_list->list) in l2cap_seq_list_init()
358 return -ENOMEM; in l2cap_seq_list_init()
360 seq_list->mask = alloc_size - 1; in l2cap_seq_list_init()
361 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
362 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
364 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
371 kfree(seq_list->list); in l2cap_seq_list_free()
377 /* Constant-time check for list membership */ in l2cap_seq_list_contains()
378 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_contains()
383 u16 seq = seq_list->head; in l2cap_seq_list_pop()
384 u16 mask = seq_list->mask; in l2cap_seq_list_pop()
386 seq_list->head = seq_list->list[seq & mask]; in l2cap_seq_list_pop()
387 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
389 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) { in l2cap_seq_list_pop()
390 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
391 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
401 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_clear()
404 for (i = 0; i <= seq_list->mask; i++) in l2cap_seq_list_clear()
405 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
407 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
408 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
413 u16 mask = seq_list->mask; in l2cap_seq_list_append()
417 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_append()
420 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_append()
421 seq_list->head = seq; in l2cap_seq_list_append()
423 seq_list->list[seq_list->tail & mask] = seq; in l2cap_seq_list_append()
425 seq_list->tail = seq; in l2cap_seq_list_append()
426 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL; in l2cap_seq_list_append()
433 struct l2cap_conn *conn = chan->conn; in l2cap_chan_timeout()
436 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); in l2cap_chan_timeout()
438 mutex_lock(&conn->chan_lock); in l2cap_chan_timeout()
444 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) in l2cap_chan_timeout()
446 else if (chan->state == BT_CONNECT && in l2cap_chan_timeout()
447 chan->sec_level != BT_SECURITY_SDP) in l2cap_chan_timeout()
454 chan->ops->close(chan); in l2cap_chan_timeout()
459 mutex_unlock(&conn->chan_lock); in l2cap_chan_timeout()
470 skb_queue_head_init(&chan->tx_q); in l2cap_chan_create()
471 skb_queue_head_init(&chan->srej_q); in l2cap_chan_create()
472 mutex_init(&chan->lock); in l2cap_chan_create()
475 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL); in l2cap_chan_create()
478 list_add(&chan->global_l, &chan_list); in l2cap_chan_create()
481 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout); in l2cap_chan_create()
482 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout); in l2cap_chan_create()
483 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout); in l2cap_chan_create()
484 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout); in l2cap_chan_create()
486 chan->state = BT_OPEN; in l2cap_chan_create()
488 kref_init(&chan->kref); in l2cap_chan_create()
491 set_bit(CONF_NOT_COMPLETE, &chan->conf_state); in l2cap_chan_create()
506 list_del(&chan->global_l); in l2cap_chan_destroy()
514 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_hold()
516 kref_get(&c->kref); in l2cap_chan_hold()
521 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_hold_unless_zero()
523 if (!kref_get_unless_zero(&c->kref)) in l2cap_chan_hold_unless_zero()
531 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_put()
533 kref_put(&c->kref, l2cap_chan_destroy); in l2cap_chan_put()
539 chan->fcs = L2CAP_FCS_CRC16; in l2cap_chan_set_defaults()
540 chan->max_tx = L2CAP_DEFAULT_MAX_TX; in l2cap_chan_set_defaults()
541 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
542 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
543 chan->remote_max_tx = chan->max_tx; in l2cap_chan_set_defaults()
544 chan->remote_tx_win = chan->tx_win; in l2cap_chan_set_defaults()
545 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
546 chan->sec_level = BT_SECURITY_LOW; in l2cap_chan_set_defaults()
547 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; in l2cap_chan_set_defaults()
548 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO; in l2cap_chan_set_defaults()
549 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO; in l2cap_chan_set_defaults()
551 chan->conf_state = 0; in l2cap_chan_set_defaults()
552 set_bit(CONF_NOT_COMPLETE, &chan->conf_state); in l2cap_chan_set_defaults()
554 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); in l2cap_chan_set_defaults()
560 chan->sdu = NULL; in l2cap_le_flowctl_init()
561 chan->sdu_last_frag = NULL; in l2cap_le_flowctl_init()
562 chan->sdu_len = 0; in l2cap_le_flowctl_init()
563 chan->tx_credits = tx_credits; in l2cap_le_flowctl_init()
565 chan->mps = min_t(u16, chan->imtu, chan->conn->mtu - L2CAP_HDR_SIZE); in l2cap_le_flowctl_init()
567 chan->rx_credits = (chan->imtu / chan->mps) + 1; in l2cap_le_flowctl_init()
569 skb_queue_head_init(&chan->tx_q); in l2cap_le_flowctl_init()
577 if (chan->mps < L2CAP_ECRED_MIN_MPS) { in l2cap_ecred_init()
578 chan->mps = L2CAP_ECRED_MIN_MPS; in l2cap_ecred_init()
579 chan->rx_credits = (chan->imtu / chan->mps) + 1; in l2cap_ecred_init()
586 __le16_to_cpu(chan->psm), chan->dcid); in __l2cap_chan_add()
588 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; in __l2cap_chan_add()
590 chan->conn = conn; in __l2cap_chan_add()
592 switch (chan->chan_type) { in __l2cap_chan_add()
594 /* Alloc CID for connection-oriented socket */ in __l2cap_chan_add()
595 chan->scid = l2cap_alloc_cid(conn); in __l2cap_chan_add()
596 if (conn->hcon->type == ACL_LINK) in __l2cap_chan_add()
597 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
598 break; in __l2cap_chan_add()
602 chan->scid = L2CAP_CID_CONN_LESS; in __l2cap_chan_add()
603 chan->dcid = L2CAP_CID_CONN_LESS; in __l2cap_chan_add()
604 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
605 break; in __l2cap_chan_add()
609 break; in __l2cap_chan_add()
613 chan->scid = L2CAP_CID_SIGNALING; in __l2cap_chan_add()
614 chan->dcid = L2CAP_CID_SIGNALING; in __l2cap_chan_add()
615 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
618 chan->local_id = L2CAP_BESTEFFORT_ID; in __l2cap_chan_add()
619 chan->local_stype = L2CAP_SERV_BESTEFFORT; in __l2cap_chan_add()
620 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE; in __l2cap_chan_add()
621 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME; in __l2cap_chan_add()
622 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; in __l2cap_chan_add()
623 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO; in __l2cap_chan_add()
628 if (chan->chan_type != L2CAP_CHAN_FIXED || in __l2cap_chan_add()
629 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags)) in __l2cap_chan_add()
630 hci_conn_hold(conn->hcon); in __l2cap_chan_add()
632 list_add(&chan->list, &conn->chan_l); in __l2cap_chan_add()
637 mutex_lock(&conn->chan_lock); in l2cap_chan_add()
639 mutex_unlock(&conn->chan_lock); in l2cap_chan_add()
644 struct l2cap_conn *conn = chan->conn; in l2cap_chan_del()
649 state_to_string(chan->state)); in l2cap_chan_del()
651 chan->ops->teardown(chan, err); in l2cap_chan_del()
654 struct amp_mgr *mgr = conn->hcon->amp_mgr; in l2cap_chan_del()
656 list_del(&chan->list); in l2cap_chan_del()
660 chan->conn = NULL; in l2cap_chan_del()
662 /* Reference was only held for non-fixed channels or in l2cap_chan_del()
666 if (chan->chan_type != L2CAP_CHAN_FIXED || in l2cap_chan_del()
667 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags)) in l2cap_chan_del()
668 hci_conn_drop(conn->hcon); in l2cap_chan_del()
670 if (mgr && mgr->bredr_chan == chan) in l2cap_chan_del()
671 mgr->bredr_chan = NULL; in l2cap_chan_del()
674 if (chan->hs_hchan) { in l2cap_chan_del()
675 struct hci_chan *hs_hchan = chan->hs_hchan; in l2cap_chan_del()
681 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) in l2cap_chan_del()
684 switch (chan->mode) { in l2cap_chan_del()
686 break; in l2cap_chan_del()
690 skb_queue_purge(&chan->tx_q); in l2cap_chan_del()
691 break; in l2cap_chan_del()
698 skb_queue_purge(&chan->srej_q); in l2cap_chan_del()
700 l2cap_seq_list_free(&chan->srej_list); in l2cap_chan_del()
701 l2cap_seq_list_free(&chan->retrans_list); in l2cap_chan_del()
705 skb_queue_purge(&chan->tx_q); in l2cap_chan_del()
706 break; in l2cap_chan_del()
716 list_for_each_entry(chan, &conn->chan_l, list) { in __l2cap_chan_list()
727 mutex_lock(&conn->chan_lock); in l2cap_chan_list()
729 mutex_unlock(&conn->chan_lock); in l2cap_chan_list()
738 struct hci_conn *hcon = conn->hcon; in l2cap_conn_update_id_addr()
741 mutex_lock(&conn->chan_lock); in l2cap_conn_update_id_addr()
743 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_update_id_addr()
745 bacpy(&chan->dst, &hcon->dst); in l2cap_conn_update_id_addr()
746 chan->dst_type = bdaddr_dst_type(hcon); in l2cap_conn_update_id_addr()
750 mutex_unlock(&conn->chan_lock); in l2cap_conn_update_id_addr()
755 struct l2cap_conn *conn = chan->conn; in l2cap_chan_le_connect_reject()
759 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_le_connect_reject()
766 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_chan_le_connect_reject()
767 rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_chan_le_connect_reject()
768 rsp.mps = cpu_to_le16(chan->mps); in l2cap_chan_le_connect_reject()
769 rsp.credits = cpu_to_le16(chan->rx_credits); in l2cap_chan_le_connect_reject()
772 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), in l2cap_chan_le_connect_reject()
778 struct l2cap_conn *conn = chan->conn; in l2cap_chan_ecred_connect_reject()
782 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_ecred_connect_reject()
793 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), in l2cap_chan_ecred_connect_reject()
799 struct l2cap_conn *conn = chan->conn; in l2cap_chan_connect_reject()
803 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_connect_reject()
810 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_chan_connect_reject()
811 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_chan_connect_reject()
815 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); in l2cap_chan_connect_reject()
820 struct l2cap_conn *conn = chan->conn; in l2cap_chan_close()
822 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); in l2cap_chan_close()
824 switch (chan->state) { in l2cap_chan_close()
826 chan->ops->teardown(chan, 0); in l2cap_chan_close()
827 break; in l2cap_chan_close()
831 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_close()
832 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_chan_close()
836 break; in l2cap_chan_close()
839 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_close()
840 if (conn->hcon->type == ACL_LINK) in l2cap_chan_close()
842 else if (conn->hcon->type == LE_LINK) { in l2cap_chan_close()
843 switch (chan->mode) { in l2cap_chan_close()
846 break; in l2cap_chan_close()
849 break; in l2cap_chan_close()
855 break; in l2cap_chan_close()
860 break; in l2cap_chan_close()
863 chan->ops->teardown(chan, 0); in l2cap_chan_close()
864 break; in l2cap_chan_close()
871 switch (chan->chan_type) { in l2cap_get_auth_type()
873 switch (chan->sec_level) { in l2cap_get_auth_type()
882 break; in l2cap_get_auth_type()
884 if (chan->psm == cpu_to_le16(L2CAP_PSM_3DSP)) { in l2cap_get_auth_type()
885 if (chan->sec_level == BT_SECURITY_LOW) in l2cap_get_auth_type()
886 chan->sec_level = BT_SECURITY_SDP; in l2cap_get_auth_type()
888 if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_get_auth_type()
889 chan->sec_level == BT_SECURITY_FIPS) in l2cap_get_auth_type()
893 break; in l2cap_get_auth_type()
895 if (chan->psm == cpu_to_le16(L2CAP_PSM_SDP)) { in l2cap_get_auth_type()
896 if (chan->sec_level == BT_SECURITY_LOW) in l2cap_get_auth_type()
897 chan->sec_level = BT_SECURITY_SDP; in l2cap_get_auth_type()
899 if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_get_auth_type()
900 chan->sec_level == BT_SECURITY_FIPS) in l2cap_get_auth_type()
908 switch (chan->sec_level) { in l2cap_get_auth_type()
917 break; in l2cap_get_auth_type()
924 struct l2cap_conn *conn = chan->conn; in l2cap_chan_check_security()
927 if (conn->hcon->type == LE_LINK) in l2cap_chan_check_security()
928 return smp_conn_security(conn->hcon, chan->sec_level); in l2cap_chan_check_security()
932 return hci_conn_security(conn->hcon, chan->sec_level, auth_type, in l2cap_chan_check_security()
941 * 1 - 128 are used by kernel. in l2cap_get_ident()
942 * 129 - 199 are reserved. in l2cap_get_ident()
943 * 200 - 254 are used by utilities like l2ping, etc. in l2cap_get_ident()
946 mutex_lock(&conn->ident_lock); in l2cap_get_ident()
948 if (++conn->tx_ident > 128) in l2cap_get_ident()
949 conn->tx_ident = 1; in l2cap_get_ident()
951 id = conn->tx_ident; in l2cap_get_ident()
953 mutex_unlock(&conn->ident_lock); in l2cap_get_ident()
970 * not support auto-flushing packets) */ in l2cap_send_cmd()
971 if (lmp_no_flush_capable(conn->hcon->hdev) || in l2cap_send_cmd()
972 conn->hcon->type == LE_LINK) in l2cap_send_cmd()
977 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON; in l2cap_send_cmd()
978 skb->priority = HCI_PRIO_MAX; in l2cap_send_cmd()
980 hci_send_acl(conn->hchan, skb, flags); in l2cap_send_cmd()
985 return chan->move_state != L2CAP_MOVE_STABLE && in __chan_is_moving()
986 chan->move_state != L2CAP_MOVE_WAIT_PREPARE; in __chan_is_moving()
991 struct hci_conn *hcon = chan->conn->hcon; in l2cap_do_send()
994 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, in l2cap_do_send()
995 skb->priority); in l2cap_do_send()
997 if (chan->hs_hcon && !__chan_is_moving(chan)) { in l2cap_do_send()
998 if (chan->hs_hchan) in l2cap_do_send()
999 hci_send_acl(chan->hs_hchan, skb, ACL_COMPLETE); in l2cap_do_send()
1010 if (hcon->type == LE_LINK || in l2cap_do_send()
1011 (!test_bit(FLAG_FLUSHABLE, &chan->flags) && in l2cap_do_send()
1012 lmp_no_flush_capable(hcon->hdev))) in l2cap_do_send()
1017 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); in l2cap_do_send()
1018 hci_send_acl(chan->conn->hchan, skb, flags); in l2cap_do_send()
1021 static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control) in __unpack_enhanced_control() argument
1023 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT; in __unpack_enhanced_control()
1024 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT; in __unpack_enhanced_control()
1027 /* S-Frame */ in __unpack_enhanced_control()
1028 control->sframe = 1; in __unpack_enhanced_control()
1029 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT; in __unpack_enhanced_control()
1030 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT; in __unpack_enhanced_control()
1032 control->sar = 0; in __unpack_enhanced_control()
1033 control->txseq = 0; in __unpack_enhanced_control()
1035 /* I-Frame */ in __unpack_enhanced_control()
1036 control->sframe = 0; in __unpack_enhanced_control()
1037 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT; in __unpack_enhanced_control()
1038 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT; in __unpack_enhanced_control()
1040 control->poll = 0; in __unpack_enhanced_control()
1041 control->super = 0; in __unpack_enhanced_control()
1045 static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control) in __unpack_extended_control() argument
1047 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT; in __unpack_extended_control()
1048 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT; in __unpack_extended_control()
1051 /* S-Frame */ in __unpack_extended_control()
1052 control->sframe = 1; in __unpack_extended_control()
1053 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT; in __unpack_extended_control()
1054 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT; in __unpack_extended_control()
1056 control->sar = 0; in __unpack_extended_control()
1057 control->txseq = 0; in __unpack_extended_control()
1059 /* I-Frame */ in __unpack_extended_control()
1060 control->sframe = 0; in __unpack_extended_control()
1061 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT; in __unpack_extended_control()
1062 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT; in __unpack_extended_control()
1064 control->poll = 0; in __unpack_extended_control()
1065 control->super = 0; in __unpack_extended_control()
1072 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in __unpack_control()
1073 __unpack_extended_control(get_unaligned_le32(skb->data), in __unpack_control()
1074 &bt_cb(skb)->l2cap); in __unpack_control()
1077 __unpack_enhanced_control(get_unaligned_le16(skb->data), in __unpack_control()
1078 &bt_cb(skb)->l2cap); in __unpack_control()
1083 static u32 __pack_extended_control(struct l2cap_ctrl *control) in __pack_extended_control() argument
1087 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT; in __pack_extended_control()
1088 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT; in __pack_extended_control()
1090 if (control->sframe) { in __pack_extended_control()
1091 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT; in __pack_extended_control()
1092 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT; in __pack_extended_control()
1095 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT; in __pack_extended_control()
1096 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT; in __pack_extended_control()
1102 static u16 __pack_enhanced_control(struct l2cap_ctrl *control) in __pack_enhanced_control() argument
1106 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT; in __pack_enhanced_control()
1107 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT; in __pack_enhanced_control()
1109 if (control->sframe) { in __pack_enhanced_control()
1110 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT; in __pack_enhanced_control()
1111 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT; in __pack_enhanced_control()
1114 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT; in __pack_enhanced_control()
1115 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT; in __pack_enhanced_control()
1122 struct l2cap_ctrl *control, in __pack_control() argument
1125 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in __pack_control()
1126 put_unaligned_le32(__pack_extended_control(control), in __pack_control()
1127 skb->data + L2CAP_HDR_SIZE); in __pack_control()
1129 put_unaligned_le16(__pack_enhanced_control(control), in __pack_control()
1130 skb->data + L2CAP_HDR_SIZE); in __pack_control()
1136 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in __ertm_hdr_size()
1143 u32 control) in l2cap_create_sframe_pdu() argument
1149 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_create_sframe_pdu()
1155 return ERR_PTR(-ENOMEM); in l2cap_create_sframe_pdu()
1158 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); in l2cap_create_sframe_pdu()
1159 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_sframe_pdu()
1161 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_create_sframe_pdu()
1162 put_unaligned_le32(control, skb_put(skb, L2CAP_EXT_CTRL_SIZE)); in l2cap_create_sframe_pdu()
1164 put_unaligned_le16(control, skb_put(skb, L2CAP_ENH_CTRL_SIZE)); in l2cap_create_sframe_pdu()
1166 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_create_sframe_pdu()
1167 u16 fcs = crc16(0, (u8 *)skb->data, skb->len); in l2cap_create_sframe_pdu()
1171 skb->priority = HCI_PRIO_MAX; in l2cap_create_sframe_pdu()
1176 struct l2cap_ctrl *control) in l2cap_send_sframe() argument
1181 BT_DBG("chan %p, control %p", chan, control); in l2cap_send_sframe()
1183 if (!control->sframe) in l2cap_send_sframe()
1189 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) && in l2cap_send_sframe()
1190 !control->poll) in l2cap_send_sframe()
1191 control->final = 1; in l2cap_send_sframe()
1193 if (control->super == L2CAP_SUPER_RR) in l2cap_send_sframe()
1194 clear_bit(CONN_RNR_SENT, &chan->conn_state); in l2cap_send_sframe()
1195 else if (control->super == L2CAP_SUPER_RNR) in l2cap_send_sframe()
1196 set_bit(CONN_RNR_SENT, &chan->conn_state); in l2cap_send_sframe()
1198 if (control->super != L2CAP_SUPER_SREJ) { in l2cap_send_sframe()
1199 chan->last_acked_seq = control->reqseq; in l2cap_send_sframe()
1203 BT_DBG("reqseq %d, final %d, poll %d, super %d", control->reqseq, in l2cap_send_sframe()
1204 control->final, control->poll, control->super); in l2cap_send_sframe()
1206 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_send_sframe()
1207 control_field = __pack_extended_control(control); in l2cap_send_sframe()
1209 control_field = __pack_enhanced_control(control); in l2cap_send_sframe()
1218 struct l2cap_ctrl control; in l2cap_send_rr_or_rnr() local
1222 memset(&control, 0, sizeof(control)); in l2cap_send_rr_or_rnr()
1223 control.sframe = 1; in l2cap_send_rr_or_rnr()
1224 control.poll = poll; in l2cap_send_rr_or_rnr()
1226 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) in l2cap_send_rr_or_rnr()
1227 control.super = L2CAP_SUPER_RNR; in l2cap_send_rr_or_rnr()
1229 control.super = L2CAP_SUPER_RR; in l2cap_send_rr_or_rnr()
1231 control.reqseq = chan->buffer_seq; in l2cap_send_rr_or_rnr()
1232 l2cap_send_sframe(chan, &control); in l2cap_send_rr_or_rnr()
1237 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) in __l2cap_no_conn_pending()
1240 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); in __l2cap_no_conn_pending()
1245 struct l2cap_conn *conn = chan->conn; in __amp_capable()
1249 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) in __amp_capable()
1252 if (!(conn->remote_fixed_chan & L2CAP_FC_A2MP)) in __amp_capable()
1257 if (hdev->amp_type != AMP_TYPE_BREDR && in __amp_capable()
1258 test_bit(HCI_UP, &hdev->flags)) { in __amp_capable()
1260 break; in __amp_capable()
1265 if (chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED) in __amp_capable()
1279 struct l2cap_conn *conn = chan->conn; in l2cap_send_conn_req()
1282 req.scid = cpu_to_le16(chan->scid); in l2cap_send_conn_req()
1283 req.psm = chan->psm; in l2cap_send_conn_req()
1285 chan->ident = l2cap_get_ident(conn); in l2cap_send_conn_req()
1287 set_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_send_conn_req()
1289 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req); in l2cap_send_conn_req()
1295 req.scid = cpu_to_le16(chan->scid); in l2cap_send_create_chan_req()
1296 req.psm = chan->psm; in l2cap_send_create_chan_req()
1299 chan->ident = l2cap_get_ident(chan->conn); in l2cap_send_create_chan_req()
1301 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_REQ, in l2cap_send_create_chan_req()
1311 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_move_setup()
1318 chan->retry_count = 0; in l2cap_move_setup()
1319 skb_queue_walk(&chan->tx_q, skb) { in l2cap_move_setup()
1320 if (bt_cb(skb)->l2cap.retries) in l2cap_move_setup()
1321 bt_cb(skb)->l2cap.retries = 1; in l2cap_move_setup()
1323 break; in l2cap_move_setup()
1326 chan->expected_tx_seq = chan->buffer_seq; in l2cap_move_setup()
1328 clear_bit(CONN_REJ_ACT, &chan->conn_state); in l2cap_move_setup()
1329 clear_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_move_setup()
1330 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_move_setup()
1331 l2cap_seq_list_clear(&chan->srej_list); in l2cap_move_setup()
1332 skb_queue_purge(&chan->srej_q); in l2cap_move_setup()
1334 chan->tx_state = L2CAP_TX_STATE_XMIT; in l2cap_move_setup()
1335 chan->rx_state = L2CAP_RX_STATE_MOVE; in l2cap_move_setup()
1337 set_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_move_setup()
1342 u8 move_role = chan->move_role; in l2cap_move_done()
1345 chan->move_state = L2CAP_MOVE_STABLE; in l2cap_move_done()
1346 chan->move_role = L2CAP_MOVE_ROLE_NONE; in l2cap_move_done()
1348 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_move_done()
1354 chan->rx_state = L2CAP_RX_STATE_WAIT_F; in l2cap_move_done()
1355 break; in l2cap_move_done()
1357 chan->rx_state = L2CAP_RX_STATE_WAIT_P; in l2cap_move_done()
1358 break; in l2cap_move_done()
1368 if (chan->state == BT_CONNECTED) in l2cap_chan_ready()
1372 chan->conf_state = 0; in l2cap_chan_ready()
1375 switch (chan->mode) { in l2cap_chan_ready()
1378 if (!chan->tx_credits) in l2cap_chan_ready()
1379 chan->ops->suspend(chan); in l2cap_chan_ready()
1380 break; in l2cap_chan_ready()
1383 chan->state = BT_CONNECTED; in l2cap_chan_ready()
1385 chan->ops->ready(chan); in l2cap_chan_ready()
1390 struct l2cap_conn *conn = chan->conn; in l2cap_le_connect()
1393 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags)) in l2cap_le_connect()
1396 if (!chan->imtu) in l2cap_le_connect()
1397 chan->imtu = chan->conn->mtu; in l2cap_le_connect()
1402 req.psm = chan->psm; in l2cap_le_connect()
1403 req.scid = cpu_to_le16(chan->scid); in l2cap_le_connect()
1404 req.mtu = cpu_to_le16(chan->imtu); in l2cap_le_connect()
1405 req.mps = cpu_to_le16(chan->mps); in l2cap_le_connect()
1406 req.credits = cpu_to_le16(chan->rx_credits); in l2cap_le_connect()
1408 chan->ident = l2cap_get_ident(conn); in l2cap_le_connect()
1410 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ, in l2cap_le_connect()
1429 if (chan == conn->chan) in l2cap_ecred_defer_connect()
1432 if (!test_and_clear_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_ecred_defer_connect()
1435 pid = chan->ops->get_peer_pid(chan); in l2cap_ecred_defer_connect()
1438 if (conn->pid != pid || chan->psm != conn->chan->psm || chan->ident || in l2cap_ecred_defer_connect()
1439 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT) in l2cap_ecred_defer_connect()
1442 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags)) in l2cap_ecred_defer_connect()
1448 chan->ident = conn->chan->ident; in l2cap_ecred_defer_connect()
1451 conn->pdu.scid[conn->count] = cpu_to_le16(chan->scid); in l2cap_ecred_defer_connect()
1453 conn->count++; in l2cap_ecred_defer_connect()
1458 struct l2cap_conn *conn = chan->conn; in l2cap_ecred_connect()
1461 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_ecred_connect()
1464 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags)) in l2cap_ecred_connect()
1470 data.pdu.req.psm = chan->psm; in l2cap_ecred_connect()
1471 data.pdu.req.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_connect()
1472 data.pdu.req.mps = cpu_to_le16(chan->mps); in l2cap_ecred_connect()
1473 data.pdu.req.credits = cpu_to_le16(chan->rx_credits); in l2cap_ecred_connect()
1474 data.pdu.scid[0] = cpu_to_le16(chan->scid); in l2cap_ecred_connect()
1476 chan->ident = l2cap_get_ident(conn); in l2cap_ecred_connect()
1480 data.pid = chan->ops->get_peer_pid(chan); in l2cap_ecred_connect()
1484 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_CONN_REQ, in l2cap_ecred_connect()
1491 struct l2cap_conn *conn = chan->conn; in l2cap_le_start()
1493 if (!smp_conn_security(conn->hcon, chan->sec_level)) in l2cap_le_start()
1496 if (!chan->psm) { in l2cap_le_start()
1501 if (chan->state == BT_CONNECT) { in l2cap_le_start()
1502 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL) in l2cap_le_start()
1514 } else if (chan->conn->hcon->type == LE_LINK) { in l2cap_start_connection()
1525 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) in l2cap_request_info()
1530 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; in l2cap_request_info()
1531 conn->info_ident = l2cap_get_ident(conn); in l2cap_request_info()
1533 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); in l2cap_request_info()
1535 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ, in l2cap_request_info()
1550 int min_key_size = hcon->hdev->min_enc_key_size; in l2cap_check_enc_key_size()
1553 if (hcon->sec_level == BT_SECURITY_FIPS) in l2cap_check_enc_key_size()
1556 return (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags) || in l2cap_check_enc_key_size()
1557 hcon->enc_key_size >= min_key_size); in l2cap_check_enc_key_size()
1562 struct l2cap_conn *conn = chan->conn; in l2cap_do_start()
1564 if (conn->hcon->type == LE_LINK) { in l2cap_do_start()
1569 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) { in l2cap_do_start()
1574 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)) in l2cap_do_start()
1581 if (l2cap_check_enc_key_size(conn->hcon)) in l2cap_do_start()
1605 struct l2cap_conn *conn = chan->conn; in l2cap_send_disconn_req()
1611 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) { in l2cap_send_disconn_req()
1617 if (chan->scid == L2CAP_CID_A2MP) { in l2cap_send_disconn_req()
1622 req.dcid = cpu_to_le16(chan->dcid); in l2cap_send_disconn_req()
1623 req.scid = cpu_to_le16(chan->scid); in l2cap_send_disconn_req()
1630 /* ---- L2CAP connections ---- */
1637 mutex_lock(&conn->chan_lock); in l2cap_conn_start()
1639 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_conn_start()
1642 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_conn_start()
1648 if (chan->state == BT_CONNECT) { in l2cap_conn_start()
1655 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) in l2cap_conn_start()
1657 &chan->conf_state)) { in l2cap_conn_start()
1663 if (l2cap_check_enc_key_size(conn->hcon)) in l2cap_conn_start()
1668 } else if (chan->state == BT_CONNECT2) { in l2cap_conn_start()
1671 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_conn_start()
1672 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_conn_start()
1675 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_conn_start()
1678 chan->ops->defer(chan); in l2cap_conn_start()
1690 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, in l2cap_conn_start()
1693 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || in l2cap_conn_start()
1699 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_conn_start()
1702 chan->num_conf_req++; in l2cap_conn_start()
1708 mutex_unlock(&conn->chan_lock); in l2cap_conn_start()
1713 struct hci_conn *hcon = conn->hcon; in l2cap_le_conn_ready()
1714 struct hci_dev *hdev = hcon->hdev; in l2cap_le_conn_ready()
1716 BT_DBG("%s conn %p", hdev->name, conn); in l2cap_le_conn_ready()
1721 if (hcon->out) in l2cap_le_conn_ready()
1722 smp_conn_security(hcon, hcon->pending_sec_level); in l2cap_le_conn_ready()
1729 if (hcon->role == HCI_ROLE_SLAVE && in l2cap_le_conn_ready()
1730 (hcon->le_conn_interval < hcon->le_conn_min_interval || in l2cap_le_conn_ready()
1731 hcon->le_conn_interval > hcon->le_conn_max_interval)) { in l2cap_le_conn_ready()
1734 req.min = cpu_to_le16(hcon->le_conn_min_interval); in l2cap_le_conn_ready()
1735 req.max = cpu_to_le16(hcon->le_conn_max_interval); in l2cap_le_conn_ready()
1736 req.latency = cpu_to_le16(hcon->le_conn_latency); in l2cap_le_conn_ready()
1737 req.to_multiplier = cpu_to_le16(hcon->le_supv_timeout); in l2cap_le_conn_ready()
1747 struct hci_conn *hcon = conn->hcon; in l2cap_conn_ready()
1751 if (hcon->type == ACL_LINK) in l2cap_conn_ready()
1754 mutex_lock(&conn->chan_lock); in l2cap_conn_ready()
1756 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_ready()
1760 if (chan->scid == L2CAP_CID_A2MP) { in l2cap_conn_ready()
1765 if (hcon->type == LE_LINK) { in l2cap_conn_ready()
1767 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_conn_ready()
1768 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) in l2cap_conn_ready()
1770 } else if (chan->state == BT_CONNECT) { in l2cap_conn_ready()
1777 mutex_unlock(&conn->chan_lock); in l2cap_conn_ready()
1779 if (hcon->type == LE_LINK) in l2cap_conn_ready()
1782 queue_work(hcon->hdev->workqueue, &conn->pending_rx_work); in l2cap_conn_ready()
1792 mutex_lock(&conn->chan_lock); in l2cap_conn_unreliable()
1794 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_unreliable()
1795 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) in l2cap_conn_unreliable()
1799 mutex_unlock(&conn->chan_lock); in l2cap_conn_unreliable()
1807 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_info_timeout()
1808 conn->info_ident = 0; in l2cap_info_timeout()
1815 * External modules can register l2cap_user objects on l2cap_conn. The ->probe
1816 * callback is called during registration. The ->remove callback is called
1819 * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon,
1820 * l2cap->hchan, .. are valid as long as the remove callback hasn't been called.
1828 struct hci_dev *hdev = conn->hcon->hdev; in l2cap_register_user()
1840 if (!list_empty(&user->list)) { in l2cap_register_user()
1841 ret = -EINVAL; in l2cap_register_user()
1845 /* conn->hchan is NULL after l2cap_conn_del() was called */ in l2cap_register_user()
1846 if (!conn->hchan) { in l2cap_register_user()
1847 ret = -ENODEV; in l2cap_register_user()
1851 ret = user->probe(conn, user); in l2cap_register_user()
1855 list_add(&user->list, &conn->users); in l2cap_register_user()
1866 struct hci_dev *hdev = conn->hcon->hdev; in l2cap_unregister_user()
1870 if (list_empty(&user->list)) in l2cap_unregister_user()
1873 list_del_init(&user->list); in l2cap_unregister_user()
1874 user->remove(conn, user); in l2cap_unregister_user()
1885 while (!list_empty(&conn->users)) { in l2cap_unregister_all_users()
1886 user = list_first_entry(&conn->users, struct l2cap_user, list); in l2cap_unregister_all_users()
1887 list_del_init(&user->list); in l2cap_unregister_all_users()
1888 user->remove(conn, user); in l2cap_unregister_all_users()
1894 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_conn_del()
1902 kfree_skb(conn->rx_skb); in l2cap_conn_del()
1904 skb_queue_purge(&conn->pending_rx); in l2cap_conn_del()
1906 /* We can not call flush_work(&conn->pending_rx_work) here since we in l2cap_conn_del()
1910 if (work_pending(&conn->pending_rx_work)) in l2cap_conn_del()
1911 cancel_work_sync(&conn->pending_rx_work); in l2cap_conn_del()
1913 if (work_pending(&conn->id_addr_update_work)) in l2cap_conn_del()
1914 cancel_work_sync(&conn->id_addr_update_work); in l2cap_conn_del()
1919 hcon->disc_timeout = 0; in l2cap_conn_del()
1921 mutex_lock(&conn->chan_lock); in l2cap_conn_del()
1924 list_for_each_entry_safe(chan, l, &conn->chan_l, list) { in l2cap_conn_del()
1930 chan->ops->close(chan); in l2cap_conn_del()
1936 mutex_unlock(&conn->chan_lock); in l2cap_conn_del()
1938 hci_chan_del(conn->hchan); in l2cap_conn_del()
1940 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) in l2cap_conn_del()
1941 cancel_delayed_work_sync(&conn->info_timer); in l2cap_conn_del()
1943 hcon->l2cap_data = NULL; in l2cap_conn_del()
1944 conn->hchan = NULL; in l2cap_conn_del()
1952 hci_conn_put(conn->hcon); in l2cap_conn_free()
1958 kref_get(&conn->ref); in l2cap_conn_get()
1965 kref_put(&conn->ref, l2cap_conn_free); in l2cap_conn_put()
1969 /* ---- Socket interface ---- */
1984 if (state && c->state != state) in l2cap_global_chan_by_psm()
1987 if (link_type == ACL_LINK && c->src_type != BDADDR_BREDR) in l2cap_global_chan_by_psm()
1990 if (link_type == LE_LINK && c->src_type == BDADDR_BREDR) in l2cap_global_chan_by_psm()
1993 if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) { in l2cap_global_chan_by_psm()
1998 src_match = !bacmp(&c->src, src); in l2cap_global_chan_by_psm()
1999 dst_match = !bacmp(&c->dst, dst); in l2cap_global_chan_by_psm()
2009 src_any = !bacmp(&c->src, BDADDR_ANY); in l2cap_global_chan_by_psm()
2010 dst_any = !bacmp(&c->dst, BDADDR_ANY); in l2cap_global_chan_by_psm()
2034 if (!chan->conn) { in l2cap_monitor_timeout()
2055 if (!chan->conn) { in l2cap_retrans_timeout()
2070 struct l2cap_ctrl *control; in l2cap_streaming_send() local
2077 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_streaming_send()
2079 while (!skb_queue_empty(&chan->tx_q)) { in l2cap_streaming_send()
2081 skb = skb_dequeue(&chan->tx_q); in l2cap_streaming_send()
2083 bt_cb(skb)->l2cap.retries = 1; in l2cap_streaming_send()
2084 control = &bt_cb(skb)->l2cap; in l2cap_streaming_send()
2086 control->reqseq = 0; in l2cap_streaming_send()
2087 control->txseq = chan->next_tx_seq; in l2cap_streaming_send()
2089 __pack_control(chan, control, skb); in l2cap_streaming_send()
2091 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_streaming_send()
2092 u16 fcs = crc16(0, (u8 *) skb->data, skb->len); in l2cap_streaming_send()
2098 BT_DBG("Sent txseq %u", control->txseq); in l2cap_streaming_send()
2100 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); in l2cap_streaming_send()
2101 chan->frames_sent++; in l2cap_streaming_send()
2108 struct l2cap_ctrl *control; in l2cap_ertm_send() local
2113 if (chan->state != BT_CONNECTED) in l2cap_ertm_send()
2114 return -ENOTCONN; in l2cap_ertm_send()
2116 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_ertm_send()
2122 while (chan->tx_send_head && in l2cap_ertm_send()
2123 chan->unacked_frames < chan->remote_tx_win && in l2cap_ertm_send()
2124 chan->tx_state == L2CAP_TX_STATE_XMIT) { in l2cap_ertm_send()
2126 skb = chan->tx_send_head; in l2cap_ertm_send()
2128 bt_cb(skb)->l2cap.retries = 1; in l2cap_ertm_send()
2129 control = &bt_cb(skb)->l2cap; in l2cap_ertm_send()
2131 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) in l2cap_ertm_send()
2132 control->final = 1; in l2cap_ertm_send()
2134 control->reqseq = chan->buffer_seq; in l2cap_ertm_send()
2135 chan->last_acked_seq = chan->buffer_seq; in l2cap_ertm_send()
2136 control->txseq = chan->next_tx_seq; in l2cap_ertm_send()
2138 __pack_control(chan, control, skb); in l2cap_ertm_send()
2140 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_ertm_send()
2141 u16 fcs = crc16(0, (u8 *) skb->data, skb->len); in l2cap_ertm_send()
2146 read-only (for locking purposes) on cloned sk_buffs. in l2cap_ertm_send()
2151 break; in l2cap_ertm_send()
2155 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); in l2cap_ertm_send()
2156 chan->unacked_frames++; in l2cap_ertm_send()
2157 chan->frames_sent++; in l2cap_ertm_send()
2160 if (skb_queue_is_last(&chan->tx_q, skb)) in l2cap_ertm_send()
2161 chan->tx_send_head = NULL; in l2cap_ertm_send()
2163 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb); in l2cap_ertm_send()
2166 BT_DBG("Sent txseq %u", control->txseq); in l2cap_ertm_send()
2170 chan->unacked_frames, skb_queue_len(&chan->tx_q)); in l2cap_ertm_send()
2177 struct l2cap_ctrl control; in l2cap_ertm_resend() local
2184 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_ertm_resend()
2190 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) { in l2cap_ertm_resend()
2191 seq = l2cap_seq_list_pop(&chan->retrans_list); in l2cap_ertm_resend()
2193 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq); in l2cap_ertm_resend()
2200 bt_cb(skb)->l2cap.retries++; in l2cap_ertm_resend()
2201 control = bt_cb(skb)->l2cap; in l2cap_ertm_resend()
2203 if (chan->max_tx != 0 && in l2cap_ertm_resend()
2204 bt_cb(skb)->l2cap.retries > chan->max_tx) { in l2cap_ertm_resend()
2205 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_ertm_resend()
2207 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_ertm_resend()
2208 break; in l2cap_ertm_resend()
2211 control.reqseq = chan->buffer_seq; in l2cap_ertm_resend()
2212 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) in l2cap_ertm_resend()
2213 control.final = 1; in l2cap_ertm_resend()
2215 control.final = 0; in l2cap_ertm_resend()
2218 /* Cloned sk_buffs are read-only, so we need a in l2cap_ertm_resend()
2227 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_ertm_resend()
2228 break; in l2cap_ertm_resend()
2232 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in l2cap_ertm_resend()
2233 put_unaligned_le32(__pack_extended_control(&control), in l2cap_ertm_resend()
2234 tx_skb->data + L2CAP_HDR_SIZE); in l2cap_ertm_resend()
2236 put_unaligned_le16(__pack_enhanced_control(&control), in l2cap_ertm_resend()
2237 tx_skb->data + L2CAP_HDR_SIZE); in l2cap_ertm_resend()
2241 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_ertm_resend()
2242 u16 fcs = crc16(0, (u8 *) tx_skb->data, in l2cap_ertm_resend()
2243 tx_skb->len - L2CAP_FCS_SIZE); in l2cap_ertm_resend()
2244 put_unaligned_le16(fcs, skb_tail_pointer(tx_skb) - in l2cap_ertm_resend()
2250 BT_DBG("Resent txseq %d", control.txseq); in l2cap_ertm_resend()
2252 chan->last_acked_seq = chan->buffer_seq; in l2cap_ertm_resend()
2257 struct l2cap_ctrl *control) in l2cap_retransmit() argument
2259 BT_DBG("chan %p, control %p", chan, control); in l2cap_retransmit()
2261 l2cap_seq_list_append(&chan->retrans_list, control->reqseq); in l2cap_retransmit()
2266 struct l2cap_ctrl *control) in l2cap_retransmit_all() argument
2270 BT_DBG("chan %p, control %p", chan, control); in l2cap_retransmit_all()
2272 if (control->poll) in l2cap_retransmit_all()
2273 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_retransmit_all()
2275 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_retransmit_all()
2277 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_retransmit_all()
2280 if (chan->unacked_frames) { in l2cap_retransmit_all()
2281 skb_queue_walk(&chan->tx_q, skb) { in l2cap_retransmit_all()
2282 if (bt_cb(skb)->l2cap.txseq == control->reqseq || in l2cap_retransmit_all()
2283 skb == chan->tx_send_head) in l2cap_retransmit_all()
2284 break; in l2cap_retransmit_all()
2287 skb_queue_walk_from(&chan->tx_q, skb) { in l2cap_retransmit_all()
2288 if (skb == chan->tx_send_head) in l2cap_retransmit_all()
2289 break; in l2cap_retransmit_all()
2291 l2cap_seq_list_append(&chan->retrans_list, in l2cap_retransmit_all()
2292 bt_cb(skb)->l2cap.txseq); in l2cap_retransmit_all()
2301 struct l2cap_ctrl control; in l2cap_send_ack() local
2302 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq, in l2cap_send_ack()
2303 chan->last_acked_seq); in l2cap_send_ack()
2307 chan, chan->last_acked_seq, chan->buffer_seq); in l2cap_send_ack()
2309 memset(&control, 0, sizeof(control)); in l2cap_send_ack()
2310 control.sframe = 1; in l2cap_send_ack()
2312 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) && in l2cap_send_ack()
2313 chan->rx_state == L2CAP_RX_STATE_RECV) { in l2cap_send_ack()
2315 control.super = L2CAP_SUPER_RNR; in l2cap_send_ack()
2316 control.reqseq = chan->buffer_seq; in l2cap_send_ack()
2317 l2cap_send_sframe(chan, &control); in l2cap_send_ack()
2319 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) { in l2cap_send_ack()
2321 /* If any i-frames were sent, they included an ack */ in l2cap_send_ack()
2322 if (chan->buffer_seq == chan->last_acked_seq) in l2cap_send_ack()
2329 threshold = chan->ack_win; in l2cap_send_ack()
2338 control.super = L2CAP_SUPER_RR; in l2cap_send_ack()
2339 control.reqseq = chan->buffer_seq; in l2cap_send_ack()
2340 l2cap_send_sframe(chan, &control); in l2cap_send_ack()
2353 struct l2cap_conn *conn = chan->conn; in l2cap_skbuff_fromiovec()
2357 if (!copy_from_iter_full(skb_put(skb, count), count, &msg->msg_iter)) in l2cap_skbuff_fromiovec()
2358 return -EFAULT; in l2cap_skbuff_fromiovec()
2361 len -= count; in l2cap_skbuff_fromiovec()
2364 frag = &skb_shinfo(skb)->frag_list; in l2cap_skbuff_fromiovec()
2368 count = min_t(unsigned int, conn->mtu, len); in l2cap_skbuff_fromiovec()
2370 tmp = chan->ops->alloc_skb(chan, 0, count, in l2cap_skbuff_fromiovec()
2371 msg->msg_flags & MSG_DONTWAIT); in l2cap_skbuff_fromiovec()
2378 &msg->msg_iter)) in l2cap_skbuff_fromiovec()
2379 return -EFAULT; in l2cap_skbuff_fromiovec()
2382 len -= count; in l2cap_skbuff_fromiovec()
2384 skb->len += (*frag)->len; in l2cap_skbuff_fromiovec()
2385 skb->data_len += (*frag)->len; in l2cap_skbuff_fromiovec()
2387 frag = &(*frag)->next; in l2cap_skbuff_fromiovec()
2396 struct l2cap_conn *conn = chan->conn; in l2cap_create_connless_pdu()
2402 __le16_to_cpu(chan->psm), len); in l2cap_create_connless_pdu()
2404 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_connless_pdu()
2406 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_connless_pdu()
2407 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_connless_pdu()
2413 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_connless_pdu()
2414 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE); in l2cap_create_connless_pdu()
2415 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE)); in l2cap_create_connless_pdu()
2428 struct l2cap_conn *conn = chan->conn; in l2cap_create_basic_pdu()
2435 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len); in l2cap_create_basic_pdu()
2437 skb = chan->ops->alloc_skb(chan, L2CAP_HDR_SIZE, count, in l2cap_create_basic_pdu()
2438 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_basic_pdu()
2444 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_basic_pdu()
2445 lh->len = cpu_to_le16(len); in l2cap_create_basic_pdu()
2459 struct l2cap_conn *conn = chan->conn; in l2cap_create_iframe_pdu()
2467 return ERR_PTR(-ENOTCONN); in l2cap_create_iframe_pdu()
2474 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_create_iframe_pdu()
2477 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_iframe_pdu()
2479 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_iframe_pdu()
2480 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_iframe_pdu()
2486 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_iframe_pdu()
2487 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); in l2cap_create_iframe_pdu()
2489 /* Control header is populated later */ in l2cap_create_iframe_pdu()
2490 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_create_iframe_pdu()
2504 bt_cb(skb)->l2cap.fcs = chan->fcs; in l2cap_create_iframe_pdu()
2505 bt_cb(skb)->l2cap.retries = 0; in l2cap_create_iframe_pdu()
2526 pdu_len = chan->conn->mtu; in l2cap_segment_sdu()
2529 if (!chan->hs_hcon) in l2cap_segment_sdu()
2533 if (chan->fcs) in l2cap_segment_sdu()
2534 pdu_len -= L2CAP_FCS_SIZE; in l2cap_segment_sdu()
2536 pdu_len -= __ertm_hdr_size(chan); in l2cap_segment_sdu()
2539 pdu_len = min_t(size_t, pdu_len, chan->remote_mps); in l2cap_segment_sdu()
2558 bt_cb(skb)->l2cap.sar = sar; in l2cap_segment_sdu()
2561 len -= pdu_len; in l2cap_segment_sdu()
2580 struct l2cap_conn *conn = chan->conn; in l2cap_create_le_flowctl_pdu()
2588 return ERR_PTR(-ENOTCONN); in l2cap_create_le_flowctl_pdu()
2595 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_le_flowctl_pdu()
2597 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_le_flowctl_pdu()
2598 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_le_flowctl_pdu()
2604 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_le_flowctl_pdu()
2605 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); in l2cap_create_le_flowctl_pdu()
2630 pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE; in l2cap_segment_le_sdu()
2644 len -= pdu_len; in l2cap_segment_le_sdu()
2661 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { in l2cap_le_flowctl_send()
2662 l2cap_do_send(chan, skb_dequeue(&chan->tx_q)); in l2cap_le_flowctl_send()
2663 chan->tx_credits--; in l2cap_le_flowctl_send()
2667 BT_DBG("Sent %d credits %u queued %u", sent, chan->tx_credits, in l2cap_le_flowctl_send()
2668 skb_queue_len(&chan->tx_q)); in l2cap_le_flowctl_send()
2677 if (!chan->conn) in l2cap_chan_send()
2678 return -ENOTCONN; in l2cap_chan_send()
2681 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { in l2cap_chan_send()
2689 if (chan->state != BT_CONNECTED) { in l2cap_chan_send()
2691 return -ENOTCONN; in l2cap_chan_send()
2698 switch (chan->mode) { in l2cap_chan_send()
2702 if (len > chan->omtu) in l2cap_chan_send()
2703 return -EMSGSIZE; in l2cap_chan_send()
2709 if (chan->state != BT_CONNECTED) { in l2cap_chan_send()
2711 err = -ENOTCONN; in l2cap_chan_send()
2717 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q); in l2cap_chan_send()
2721 if (!chan->tx_credits) in l2cap_chan_send()
2722 chan->ops->suspend(chan); in l2cap_chan_send()
2726 break; in l2cap_chan_send()
2730 if (len > chan->omtu) in l2cap_chan_send()
2731 return -EMSGSIZE; in l2cap_chan_send()
2741 if (chan->state != BT_CONNECTED) { in l2cap_chan_send()
2743 return -ENOTCONN; in l2cap_chan_send()
2748 break; in l2cap_chan_send()
2753 if (len > chan->omtu) { in l2cap_chan_send()
2754 err = -EMSGSIZE; in l2cap_chan_send()
2755 break; in l2cap_chan_send()
2769 if (chan->state != BT_CONNECTED) { in l2cap_chan_send()
2771 err = -ENOTCONN; in l2cap_chan_send()
2775 break; in l2cap_chan_send()
2777 if (chan->mode == L2CAP_MODE_ERTM) in l2cap_chan_send()
2788 break; in l2cap_chan_send()
2791 BT_DBG("bad state %1.1x", chan->mode); in l2cap_chan_send()
2792 err = -EBADFD; in l2cap_chan_send()
2801 struct l2cap_ctrl control; in l2cap_send_srej() local
2806 memset(&control, 0, sizeof(control)); in l2cap_send_srej()
2807 control.sframe = 1; in l2cap_send_srej()
2808 control.super = L2CAP_SUPER_SREJ; in l2cap_send_srej()
2810 for (seq = chan->expected_tx_seq; seq != txseq; in l2cap_send_srej()
2812 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) { in l2cap_send_srej()
2813 control.reqseq = seq; in l2cap_send_srej()
2814 l2cap_send_sframe(chan, &control); in l2cap_send_srej()
2815 l2cap_seq_list_append(&chan->srej_list, seq); in l2cap_send_srej()
2819 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_send_srej()
2824 struct l2cap_ctrl control; in l2cap_send_srej_tail() local
2828 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR) in l2cap_send_srej_tail()
2831 memset(&control, 0, sizeof(control)); in l2cap_send_srej_tail()
2832 control.sframe = 1; in l2cap_send_srej_tail()
2833 control.super = L2CAP_SUPER_SREJ; in l2cap_send_srej_tail()
2834 control.reqseq = chan->srej_list.tail; in l2cap_send_srej_tail()
2835 l2cap_send_sframe(chan, &control); in l2cap_send_srej_tail()
2840 struct l2cap_ctrl control; in l2cap_send_srej_list() local
2846 memset(&control, 0, sizeof(control)); in l2cap_send_srej_list()
2847 control.sframe = 1; in l2cap_send_srej_list()
2848 control.super = L2CAP_SUPER_SREJ; in l2cap_send_srej_list()
2851 initial_head = chan->srej_list.head; in l2cap_send_srej_list()
2854 seq = l2cap_seq_list_pop(&chan->srej_list); in l2cap_send_srej_list()
2856 break; in l2cap_send_srej_list()
2858 control.reqseq = seq; in l2cap_send_srej_list()
2859 l2cap_send_sframe(chan, &control); in l2cap_send_srej_list()
2860 l2cap_seq_list_append(&chan->srej_list, seq); in l2cap_send_srej_list()
2861 } while (chan->srej_list.head != initial_head); in l2cap_send_srej_list()
2871 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq) in l2cap_process_reqseq()
2875 chan->expected_ack_seq, chan->unacked_frames); in l2cap_process_reqseq()
2877 for (ackseq = chan->expected_ack_seq; ackseq != reqseq; in l2cap_process_reqseq()
2880 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq); in l2cap_process_reqseq()
2882 skb_unlink(acked_skb, &chan->tx_q); in l2cap_process_reqseq()
2884 chan->unacked_frames--; in l2cap_process_reqseq()
2888 chan->expected_ack_seq = reqseq; in l2cap_process_reqseq()
2890 if (chan->unacked_frames == 0) in l2cap_process_reqseq()
2893 BT_DBG("unacked_frames %u", chan->unacked_frames); in l2cap_process_reqseq()
2900 chan->expected_tx_seq = chan->buffer_seq; in l2cap_abort_rx_srej_sent()
2901 l2cap_seq_list_clear(&chan->srej_list); in l2cap_abort_rx_srej_sent()
2902 skb_queue_purge(&chan->srej_q); in l2cap_abort_rx_srej_sent()
2903 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_abort_rx_srej_sent()
2907 struct l2cap_ctrl *control, in l2cap_tx_state_xmit() argument
2910 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs, in l2cap_tx_state_xmit()
2915 if (chan->tx_send_head == NULL) in l2cap_tx_state_xmit()
2916 chan->tx_send_head = skb_peek(skbs); in l2cap_tx_state_xmit()
2918 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_tx_state_xmit()
2920 break; in l2cap_tx_state_xmit()
2923 set_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_xmit()
2925 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_tx_state_xmit()
2934 break; in l2cap_tx_state_xmit()
2937 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_xmit()
2939 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) { in l2cap_tx_state_xmit()
2946 local_control.reqseq = chan->buffer_seq; in l2cap_tx_state_xmit()
2949 chan->retry_count = 1; in l2cap_tx_state_xmit()
2951 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2953 break; in l2cap_tx_state_xmit()
2955 l2cap_process_reqseq(chan, control->reqseq); in l2cap_tx_state_xmit()
2956 break; in l2cap_tx_state_xmit()
2959 chan->retry_count = 1; in l2cap_tx_state_xmit()
2962 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2963 break; in l2cap_tx_state_xmit()
2966 chan->retry_count = 1; in l2cap_tx_state_xmit()
2968 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2969 break; in l2cap_tx_state_xmit()
2972 break; in l2cap_tx_state_xmit()
2974 break; in l2cap_tx_state_xmit()
2979 struct l2cap_ctrl *control, in l2cap_tx_state_wait_f() argument
2982 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs, in l2cap_tx_state_wait_f()
2987 if (chan->tx_send_head == NULL) in l2cap_tx_state_wait_f()
2988 chan->tx_send_head = skb_peek(skbs); in l2cap_tx_state_wait_f()
2990 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_tx_state_wait_f()
2991 break; in l2cap_tx_state_wait_f()
2994 set_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_wait_f()
2996 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_tx_state_wait_f()
3005 break; in l2cap_tx_state_wait_f()
3008 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_wait_f()
3010 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) { in l2cap_tx_state_wait_f()
3016 local_control.reqseq = chan->buffer_seq; in l2cap_tx_state_wait_f()
3019 chan->retry_count = 1; in l2cap_tx_state_wait_f()
3021 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_wait_f()
3023 break; in l2cap_tx_state_wait_f()
3025 l2cap_process_reqseq(chan, control->reqseq); in l2cap_tx_state_wait_f()
3029 if (control && control->final) { in l2cap_tx_state_wait_f()
3031 if (chan->unacked_frames > 0) in l2cap_tx_state_wait_f()
3033 chan->retry_count = 0; in l2cap_tx_state_wait_f()
3034 chan->tx_state = L2CAP_TX_STATE_XMIT; in l2cap_tx_state_wait_f()
3035 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state); in l2cap_tx_state_wait_f()
3037 break; in l2cap_tx_state_wait_f()
3040 break; in l2cap_tx_state_wait_f()
3042 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) { in l2cap_tx_state_wait_f()
3045 chan->retry_count++; in l2cap_tx_state_wait_f()
3049 break; in l2cap_tx_state_wait_f()
3051 break; in l2cap_tx_state_wait_f()
3055 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, in l2cap_tx() argument
3058 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d", in l2cap_tx()
3059 chan, control, skbs, event, chan->tx_state); in l2cap_tx()
3061 switch (chan->tx_state) { in l2cap_tx()
3063 l2cap_tx_state_xmit(chan, control, skbs, event); in l2cap_tx()
3064 break; in l2cap_tx()
3066 l2cap_tx_state_wait_f(chan, control, skbs, event); in l2cap_tx()
3067 break; in l2cap_tx()
3070 break; in l2cap_tx()
3075 struct l2cap_ctrl *control) in l2cap_pass_to_tx() argument
3077 BT_DBG("chan %p, control %p", chan, control); in l2cap_pass_to_tx()
3078 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_REQSEQ_AND_FBIT); in l2cap_pass_to_tx()
3082 struct l2cap_ctrl *control) in l2cap_pass_to_tx_fbit() argument
3084 BT_DBG("chan %p, control %p", chan, control); in l2cap_pass_to_tx_fbit()
3085 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_FBIT); in l2cap_pass_to_tx_fbit()
3096 mutex_lock(&conn->chan_lock); in l2cap_raw_recv()
3098 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_raw_recv()
3099 if (chan->chan_type != L2CAP_CHAN_RAW) in l2cap_raw_recv()
3103 if (bt_cb(skb)->l2cap.chan == chan) in l2cap_raw_recv()
3109 if (chan->ops->recv(chan, nskb)) in l2cap_raw_recv()
3113 mutex_unlock(&conn->chan_lock); in l2cap_raw_recv()
3116 /* ---- L2CAP signalling commands ---- */
3128 if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE) in l2cap_build_cmd()
3132 count = min_t(unsigned int, conn->mtu, len); in l2cap_build_cmd()
3139 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen); in l2cap_build_cmd()
3141 if (conn->hcon->type == LE_LINK) in l2cap_build_cmd()
3142 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING); in l2cap_build_cmd()
3144 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING); in l2cap_build_cmd()
3147 cmd->code = code; in l2cap_build_cmd()
3148 cmd->ident = ident; in l2cap_build_cmd()
3149 cmd->len = cpu_to_le16(dlen); in l2cap_build_cmd()
3152 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE; in l2cap_build_cmd()
3157 len -= skb->len; in l2cap_build_cmd()
3160 frag = &skb_shinfo(skb)->frag_list; in l2cap_build_cmd()
3162 count = min_t(unsigned int, conn->mtu, len); in l2cap_build_cmd()
3170 len -= count; in l2cap_build_cmd()
3173 frag = &(*frag)->next; in l2cap_build_cmd()
3189 len = L2CAP_CONF_OPT_SIZE + opt->len; in l2cap_get_conf_opt()
3192 *type = opt->type; in l2cap_get_conf_opt()
3193 *olen = opt->len; in l2cap_get_conf_opt()
3195 switch (opt->len) { in l2cap_get_conf_opt()
3197 *val = *((u8 *) opt->val); in l2cap_get_conf_opt()
3198 break; in l2cap_get_conf_opt()
3201 *val = get_unaligned_le16(opt->val); in l2cap_get_conf_opt()
3202 break; in l2cap_get_conf_opt()
3205 *val = get_unaligned_le32(opt->val); in l2cap_get_conf_opt()
3206 break; in l2cap_get_conf_opt()
3209 *val = (unsigned long) opt->val; in l2cap_get_conf_opt()
3210 break; in l2cap_get_conf_opt()
3213 BT_DBG("type 0x%2.2x len %u val 0x%lx", *type, opt->len, *val); in l2cap_get_conf_opt()
3226 opt->type = type; in l2cap_add_conf_opt()
3227 opt->len = len; in l2cap_add_conf_opt()
3231 *((u8 *) opt->val) = val; in l2cap_add_conf_opt()
3232 break; in l2cap_add_conf_opt()
3235 put_unaligned_le16(val, opt->val); in l2cap_add_conf_opt()
3236 break; in l2cap_add_conf_opt()
3239 put_unaligned_le32(val, opt->val); in l2cap_add_conf_opt()
3240 break; in l2cap_add_conf_opt()
3243 memcpy(opt->val, (void *) val, len); in l2cap_add_conf_opt()
3244 break; in l2cap_add_conf_opt()
3254 switch (chan->mode) { in l2cap_add_opt_efs()
3256 efs.id = chan->local_id; in l2cap_add_opt_efs()
3257 efs.stype = chan->local_stype; in l2cap_add_opt_efs()
3258 efs.msdu = cpu_to_le16(chan->local_msdu); in l2cap_add_opt_efs()
3259 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); in l2cap_add_opt_efs()
3262 break; in l2cap_add_opt_efs()
3267 efs.msdu = cpu_to_le16(chan->local_msdu); in l2cap_add_opt_efs()
3268 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); in l2cap_add_opt_efs()
3271 break; in l2cap_add_opt_efs()
3291 frames_to_ack = __seq_offset(chan, chan->buffer_seq, in l2cap_ack_timeout()
3292 chan->last_acked_seq); in l2cap_ack_timeout()
3305 chan->next_tx_seq = 0; in l2cap_ertm_init()
3306 chan->expected_tx_seq = 0; in l2cap_ertm_init()
3307 chan->expected_ack_seq = 0; in l2cap_ertm_init()
3308 chan->unacked_frames = 0; in l2cap_ertm_init()
3309 chan->buffer_seq = 0; in l2cap_ertm_init()
3310 chan->frames_sent = 0; in l2cap_ertm_init()
3311 chan->last_acked_seq = 0; in l2cap_ertm_init()
3312 chan->sdu = NULL; in l2cap_ertm_init()
3313 chan->sdu_last_frag = NULL; in l2cap_ertm_init()
3314 chan->sdu_len = 0; in l2cap_ertm_init()
3316 skb_queue_head_init(&chan->tx_q); in l2cap_ertm_init()
3318 chan->local_amp_id = AMP_ID_BREDR; in l2cap_ertm_init()
3319 chan->move_id = AMP_ID_BREDR; in l2cap_ertm_init()
3320 chan->move_state = L2CAP_MOVE_STABLE; in l2cap_ertm_init()
3321 chan->move_role = L2CAP_MOVE_ROLE_NONE; in l2cap_ertm_init()
3323 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_ertm_init()
3326 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_ertm_init()
3327 chan->tx_state = L2CAP_TX_STATE_XMIT; in l2cap_ertm_init()
3329 skb_queue_head_init(&chan->srej_q); in l2cap_ertm_init()
3331 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win); in l2cap_ertm_init()
3335 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win); in l2cap_ertm_init()
3337 l2cap_seq_list_free(&chan->srej_list); in l2cap_ertm_init()
3357 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) && in __l2cap_ews_supported()
3358 (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW)); in __l2cap_ews_supported()
3363 return ((conn->local_fixed_chan & L2CAP_FC_A2MP) && in __l2cap_efs_supported()
3364 (conn->feat_mask & L2CAP_FEAT_EXT_FLOW)); in __l2cap_efs_supported()
3370 if (chan->local_amp_id != AMP_ID_BREDR && chan->hs_hcon) { in __l2cap_set_ertm_timeouts()
3371 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to; in __l2cap_set_ertm_timeouts()
3379 * best-effort flush timeout, so the clamping logic in __l2cap_set_ertm_timeouts()
3381 * requirement. ERTM timeouts are 16-bit values, so in __l2cap_set_ertm_timeouts()
3397 rfc->retrans_timeout = cpu_to_le16((u16) ertm_to); in __l2cap_set_ertm_timeouts()
3398 rfc->monitor_timeout = rfc->retrans_timeout; in __l2cap_set_ertm_timeouts()
3400 rfc->retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); in __l2cap_set_ertm_timeouts()
3401 rfc->monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); in __l2cap_set_ertm_timeouts()
3407 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && in l2cap_txwin_setup()
3408 __l2cap_ews_supported(chan->conn)) { in l2cap_txwin_setup()
3409 /* use extended control field */ in l2cap_txwin_setup()
3410 set_bit(FLAG_EXT_CTRL, &chan->flags); in l2cap_txwin_setup()
3411 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; in l2cap_txwin_setup()
3413 chan->tx_win = min_t(u16, chan->tx_win, in l2cap_txwin_setup()
3415 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; in l2cap_txwin_setup()
3417 chan->ack_win = chan->tx_win; in l2cap_txwin_setup()
3422 struct hci_conn *conn = chan->conn->hcon; in l2cap_mtu_auto()
3424 chan->imtu = L2CAP_DEFAULT_MIN_MTU; in l2cap_mtu_auto()
3426 /* The 2-DH1 packet has between 2 and 56 information bytes in l2cap_mtu_auto()
3427 * (including the 2-byte payload header) in l2cap_mtu_auto()
3429 if (!(conn->pkt_type & HCI_2DH1)) in l2cap_mtu_auto()
3430 chan->imtu = 54; in l2cap_mtu_auto()
3432 /* The 3-DH1 packet has between 2 and 85 information bytes in l2cap_mtu_auto()
3433 * (including the 2-byte payload header) in l2cap_mtu_auto()
3435 if (!(conn->pkt_type & HCI_3DH1)) in l2cap_mtu_auto()
3436 chan->imtu = 83; in l2cap_mtu_auto()
3438 /* The 2-DH3 packet has between 2 and 369 information bytes in l2cap_mtu_auto()
3439 * (including the 2-byte payload header) in l2cap_mtu_auto()
3441 if (!(conn->pkt_type & HCI_2DH3)) in l2cap_mtu_auto()
3442 chan->imtu = 367; in l2cap_mtu_auto()
3444 /* The 3-DH3 packet has between 2 and 554 information bytes in l2cap_mtu_auto()
3445 * (including the 2-byte payload header) in l2cap_mtu_auto()
3447 if (!(conn->pkt_type & HCI_3DH3)) in l2cap_mtu_auto()
3448 chan->imtu = 552; in l2cap_mtu_auto()
3450 /* The 2-DH5 packet has between 2 and 681 information bytes in l2cap_mtu_auto()
3451 * (including the 2-byte payload header) in l2cap_mtu_auto()
3453 if (!(conn->pkt_type & HCI_2DH5)) in l2cap_mtu_auto()
3454 chan->imtu = 679; in l2cap_mtu_auto()
3456 /* The 3-DH5 packet has between 2 and 1023 information bytes in l2cap_mtu_auto()
3457 * (including the 2-byte payload header) in l2cap_mtu_auto()
3459 if (!(conn->pkt_type & HCI_3DH5)) in l2cap_mtu_auto()
3460 chan->imtu = 1021; in l2cap_mtu_auto()
3466 struct l2cap_conf_rfc rfc = { .mode = chan->mode }; in l2cap_build_conf_req()
3467 void *ptr = req->data; in l2cap_build_conf_req()
3473 if (chan->num_conf_req || chan->num_conf_rsp) in l2cap_build_conf_req()
3476 switch (chan->mode) { in l2cap_build_conf_req()
3479 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) in l2cap_build_conf_req()
3480 break; in l2cap_build_conf_req()
3482 if (__l2cap_efs_supported(chan->conn)) in l2cap_build_conf_req()
3483 set_bit(FLAG_EFS_ENABLE, &chan->flags); in l2cap_build_conf_req()
3487 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask); in l2cap_build_conf_req()
3488 break; in l2cap_build_conf_req()
3492 if (chan->imtu != L2CAP_DEFAULT_MTU) { in l2cap_build_conf_req()
3493 if (!chan->imtu) in l2cap_build_conf_req()
3495 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, in l2cap_build_conf_req()
3496 endptr - ptr); in l2cap_build_conf_req()
3499 switch (chan->mode) { in l2cap_build_conf_req()
3502 break; in l2cap_build_conf_req()
3504 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) && in l2cap_build_conf_req()
3505 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING)) in l2cap_build_conf_req()
3506 break; in l2cap_build_conf_req()
3516 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3517 break; in l2cap_build_conf_req()
3521 rfc.max_transmit = chan->max_tx; in l2cap_build_conf_req()
3525 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - in l2cap_build_conf_req()
3526 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - in l2cap_build_conf_req()
3532 rfc.txwin_size = min_t(u16, chan->tx_win, in l2cap_build_conf_req()
3536 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3538 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) in l2cap_build_conf_req()
3539 l2cap_add_opt_efs(&ptr, chan, endptr - ptr); in l2cap_build_conf_req()
3541 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_build_conf_req()
3543 chan->tx_win, endptr - ptr); in l2cap_build_conf_req()
3545 if (chan->conn->feat_mask & L2CAP_FEAT_FCS) in l2cap_build_conf_req()
3546 if (chan->fcs == L2CAP_FCS_NONE || in l2cap_build_conf_req()
3547 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { in l2cap_build_conf_req()
3548 chan->fcs = L2CAP_FCS_NONE; in l2cap_build_conf_req()
3550 chan->fcs, endptr - ptr); in l2cap_build_conf_req()
3552 break; in l2cap_build_conf_req()
3562 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - in l2cap_build_conf_req()
3563 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - in l2cap_build_conf_req()
3568 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3570 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) in l2cap_build_conf_req()
3571 l2cap_add_opt_efs(&ptr, chan, endptr - ptr); in l2cap_build_conf_req()
3573 if (chan->conn->feat_mask & L2CAP_FEAT_FCS) in l2cap_build_conf_req()
3574 if (chan->fcs == L2CAP_FCS_NONE || in l2cap_build_conf_req()
3575 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { in l2cap_build_conf_req()
3576 chan->fcs = L2CAP_FCS_NONE; in l2cap_build_conf_req()
3578 chan->fcs, endptr - ptr); in l2cap_build_conf_req()
3580 break; in l2cap_build_conf_req()
3583 req->dcid = cpu_to_le16(chan->dcid); in l2cap_build_conf_req()
3584 req->flags = cpu_to_le16(0); in l2cap_build_conf_req()
3586 return ptr - data; in l2cap_build_conf_req()
3592 void *ptr = rsp->data; in l2cap_parse_conf_req()
3594 void *req = chan->conf_req; in l2cap_parse_conf_req()
3595 int len = chan->conf_len; in l2cap_parse_conf_req()
3608 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); in l2cap_parse_conf_req()
3610 break; in l2cap_parse_conf_req()
3618 break; in l2cap_parse_conf_req()
3620 break; in l2cap_parse_conf_req()
3624 break; in l2cap_parse_conf_req()
3625 chan->flush_to = val; in l2cap_parse_conf_req()
3626 break; in l2cap_parse_conf_req()
3629 break; in l2cap_parse_conf_req()
3633 break; in l2cap_parse_conf_req()
3635 break; in l2cap_parse_conf_req()
3639 break; in l2cap_parse_conf_req()
3641 set_bit(CONF_RECV_NO_FCS, &chan->conf_state); in l2cap_parse_conf_req()
3642 break; in l2cap_parse_conf_req()
3646 break; in l2cap_parse_conf_req()
3649 break; in l2cap_parse_conf_req()
3653 break; in l2cap_parse_conf_req()
3654 if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP)) in l2cap_parse_conf_req()
3655 return -ECONNREFUSED; in l2cap_parse_conf_req()
3656 set_bit(FLAG_EXT_CTRL, &chan->flags); in l2cap_parse_conf_req()
3657 set_bit(CONF_EWS_RECV, &chan->conf_state); in l2cap_parse_conf_req()
3658 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; in l2cap_parse_conf_req()
3659 chan->remote_tx_win = val; in l2cap_parse_conf_req()
3660 break; in l2cap_parse_conf_req()
3664 break; in l2cap_parse_conf_req()
3666 l2cap_add_conf_opt(&ptr, (u8)type, sizeof(u8), type, endptr - ptr); in l2cap_parse_conf_req()
3667 break; in l2cap_parse_conf_req()
3671 if (chan->num_conf_rsp || chan->num_conf_req > 1) in l2cap_parse_conf_req()
3674 switch (chan->mode) { in l2cap_parse_conf_req()
3677 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { in l2cap_parse_conf_req()
3678 chan->mode = l2cap_select_mode(rfc.mode, in l2cap_parse_conf_req()
3679 chan->conn->feat_mask); in l2cap_parse_conf_req()
3680 break; in l2cap_parse_conf_req()
3684 if (__l2cap_efs_supported(chan->conn)) in l2cap_parse_conf_req()
3685 set_bit(FLAG_EFS_ENABLE, &chan->flags); in l2cap_parse_conf_req()
3687 return -ECONNREFUSED; in l2cap_parse_conf_req()
3690 if (chan->mode != rfc.mode) in l2cap_parse_conf_req()
3691 return -ECONNREFUSED; in l2cap_parse_conf_req()
3693 break; in l2cap_parse_conf_req()
3697 if (chan->mode != rfc.mode) { in l2cap_parse_conf_req()
3699 rfc.mode = chan->mode; in l2cap_parse_conf_req()
3701 if (chan->num_conf_rsp == 1) in l2cap_parse_conf_req()
3702 return -ECONNREFUSED; in l2cap_parse_conf_req()
3705 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3715 chan->omtu = mtu; in l2cap_parse_conf_req()
3716 set_bit(CONF_MTU_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3718 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr); in l2cap_parse_conf_req()
3721 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && in l2cap_parse_conf_req()
3723 efs.stype != chan->local_stype) { in l2cap_parse_conf_req()
3727 if (chan->num_conf_req >= 1) in l2cap_parse_conf_req()
3728 return -ECONNREFUSED; in l2cap_parse_conf_req()
3732 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_req()
3736 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state); in l2cap_parse_conf_req()
3742 chan->fcs = L2CAP_FCS_NONE; in l2cap_parse_conf_req()
3743 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3744 break; in l2cap_parse_conf_req()
3747 if (!test_bit(CONF_EWS_RECV, &chan->conf_state)) in l2cap_parse_conf_req()
3748 chan->remote_tx_win = rfc.txwin_size; in l2cap_parse_conf_req()
3752 chan->remote_max_tx = rfc.max_transmit; in l2cap_parse_conf_req()
3755 chan->conn->mtu - L2CAP_EXT_HDR_SIZE - in l2cap_parse_conf_req()
3756 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); in l2cap_parse_conf_req()
3758 chan->remote_mps = size; in l2cap_parse_conf_req()
3762 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3765 sizeof(rfc), (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3768 test_bit(FLAG_EFS_ENABLE, &chan->flags)) { in l2cap_parse_conf_req()
3769 chan->remote_id = efs.id; in l2cap_parse_conf_req()
3770 chan->remote_stype = efs.stype; in l2cap_parse_conf_req()
3771 chan->remote_msdu = le16_to_cpu(efs.msdu); in l2cap_parse_conf_req()
3772 chan->remote_flush_to = in l2cap_parse_conf_req()
3774 chan->remote_acc_lat = in l2cap_parse_conf_req()
3776 chan->remote_sdu_itime = in l2cap_parse_conf_req()
3780 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_req()
3782 break; in l2cap_parse_conf_req()
3786 chan->conn->mtu - L2CAP_EXT_HDR_SIZE - in l2cap_parse_conf_req()
3787 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); in l2cap_parse_conf_req()
3789 chan->remote_mps = size; in l2cap_parse_conf_req()
3791 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3794 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3796 break; in l2cap_parse_conf_req()
3802 rfc.mode = chan->mode; in l2cap_parse_conf_req()
3806 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3808 rsp->scid = cpu_to_le16(chan->dcid); in l2cap_parse_conf_req()
3809 rsp->result = cpu_to_le16(result); in l2cap_parse_conf_req()
3810 rsp->flags = cpu_to_le16(0); in l2cap_parse_conf_req()
3812 return ptr - data; in l2cap_parse_conf_req()
3819 void *ptr = req->data; in l2cap_parse_conf_rsp()
3829 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); in l2cap_parse_conf_rsp()
3831 break; in l2cap_parse_conf_rsp()
3836 break; in l2cap_parse_conf_rsp()
3839 chan->imtu = L2CAP_DEFAULT_MIN_MTU; in l2cap_parse_conf_rsp()
3841 chan->imtu = val; in l2cap_parse_conf_rsp()
3842 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, in l2cap_parse_conf_rsp()
3843 endptr - ptr); in l2cap_parse_conf_rsp()
3844 break; in l2cap_parse_conf_rsp()
3848 break; in l2cap_parse_conf_rsp()
3849 chan->flush_to = val; in l2cap_parse_conf_rsp()
3851 chan->flush_to, endptr - ptr); in l2cap_parse_conf_rsp()
3852 break; in l2cap_parse_conf_rsp()
3856 break; in l2cap_parse_conf_rsp()
3858 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && in l2cap_parse_conf_rsp()
3859 rfc.mode != chan->mode) in l2cap_parse_conf_rsp()
3860 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3861 chan->fcs = 0; in l2cap_parse_conf_rsp()
3863 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_rsp()
3864 break; in l2cap_parse_conf_rsp()
3868 break; in l2cap_parse_conf_rsp()
3869 chan->ack_win = min_t(u16, val, chan->ack_win); in l2cap_parse_conf_rsp()
3871 chan->tx_win, endptr - ptr); in l2cap_parse_conf_rsp()
3872 break; in l2cap_parse_conf_rsp()
3876 break; in l2cap_parse_conf_rsp()
3878 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && in l2cap_parse_conf_rsp()
3880 efs.stype != chan->local_stype) in l2cap_parse_conf_rsp()
3881 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3883 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_rsp()
3884 break; in l2cap_parse_conf_rsp()
3888 break; in l2cap_parse_conf_rsp()
3892 &chan->conf_state); in l2cap_parse_conf_rsp()
3893 break; in l2cap_parse_conf_rsp()
3897 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode) in l2cap_parse_conf_rsp()
3898 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3900 chan->mode = rfc.mode; in l2cap_parse_conf_rsp()
3905 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); in l2cap_parse_conf_rsp()
3906 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); in l2cap_parse_conf_rsp()
3907 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_parse_conf_rsp()
3908 if (!test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_parse_conf_rsp()
3909 chan->ack_win = min_t(u16, chan->ack_win, in l2cap_parse_conf_rsp()
3912 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { in l2cap_parse_conf_rsp()
3913 chan->local_msdu = le16_to_cpu(efs.msdu); in l2cap_parse_conf_rsp()
3914 chan->local_sdu_itime = in l2cap_parse_conf_rsp()
3916 chan->local_acc_lat = le32_to_cpu(efs.acc_lat); in l2cap_parse_conf_rsp()
3917 chan->local_flush_to = in l2cap_parse_conf_rsp()
3920 break; in l2cap_parse_conf_rsp()
3923 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_parse_conf_rsp()
3927 req->dcid = cpu_to_le16(chan->dcid); in l2cap_parse_conf_rsp()
3928 req->flags = cpu_to_le16(0); in l2cap_parse_conf_rsp()
3930 return ptr - data; in l2cap_parse_conf_rsp()
3937 void *ptr = rsp->data; in l2cap_build_conf_rsp()
3941 rsp->scid = cpu_to_le16(chan->dcid); in l2cap_build_conf_rsp()
3942 rsp->result = cpu_to_le16(result); in l2cap_build_conf_rsp()
3943 rsp->flags = cpu_to_le16(flags); in l2cap_build_conf_rsp()
3945 return ptr - data; in l2cap_build_conf_rsp()
3951 struct l2cap_conn *conn = chan->conn; in __l2cap_le_connect_rsp_defer()
3955 rsp.dcid = cpu_to_le16(chan->scid); in __l2cap_le_connect_rsp_defer()
3956 rsp.mtu = cpu_to_le16(chan->imtu); in __l2cap_le_connect_rsp_defer()
3957 rsp.mps = cpu_to_le16(chan->mps); in __l2cap_le_connect_rsp_defer()
3958 rsp.credits = cpu_to_le16(chan->rx_credits); in __l2cap_le_connect_rsp_defer()
3961 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), in __l2cap_le_connect_rsp_defer()
3971 struct l2cap_conn *conn = chan->conn; in __l2cap_ecred_conn_rsp_defer()
3972 u16 ident = chan->ident; in __l2cap_ecred_conn_rsp_defer()
3980 pdu.rsp.mtu = cpu_to_le16(chan->imtu); in __l2cap_ecred_conn_rsp_defer()
3981 pdu.rsp.mps = cpu_to_le16(chan->mps); in __l2cap_ecred_conn_rsp_defer()
3982 pdu.rsp.credits = cpu_to_le16(chan->rx_credits); in __l2cap_ecred_conn_rsp_defer()
3985 mutex_lock(&conn->chan_lock); in __l2cap_ecred_conn_rsp_defer()
3987 list_for_each_entry(chan, &conn->chan_l, list) { in __l2cap_ecred_conn_rsp_defer()
3988 if (chan->ident != ident) in __l2cap_ecred_conn_rsp_defer()
3992 chan->ident = 0; in __l2cap_ecred_conn_rsp_defer()
3995 pdu.dcid[i++] = cpu_to_le16(chan->scid); in __l2cap_ecred_conn_rsp_defer()
3998 mutex_unlock(&conn->chan_lock); in __l2cap_ecred_conn_rsp_defer()
4007 struct l2cap_conn *conn = chan->conn; in __l2cap_connect_rsp_defer()
4011 rsp.scid = cpu_to_le16(chan->dcid); in __l2cap_connect_rsp_defer()
4012 rsp.dcid = cpu_to_le16(chan->scid); in __l2cap_connect_rsp_defer()
4016 if (chan->hs_hcon) in __l2cap_connect_rsp_defer()
4023 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp); in __l2cap_connect_rsp_defer()
4025 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) in __l2cap_connect_rsp_defer()
4030 chan->num_conf_req++; in __l2cap_connect_rsp_defer()
4040 u16 txwin_ext = chan->ack_win; in l2cap_conf_rfc_get()
4042 .mode = chan->mode, in l2cap_conf_rfc_get()
4045 .max_pdu_size = cpu_to_le16(chan->imtu), in l2cap_conf_rfc_get()
4046 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW), in l2cap_conf_rfc_get()
4051 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING)) in l2cap_conf_rfc_get()
4055 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); in l2cap_conf_rfc_get()
4057 break; in l2cap_conf_rfc_get()
4062 break; in l2cap_conf_rfc_get()
4064 break; in l2cap_conf_rfc_get()
4067 break; in l2cap_conf_rfc_get()
4069 break; in l2cap_conf_rfc_get()
4075 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); in l2cap_conf_rfc_get()
4076 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); in l2cap_conf_rfc_get()
4077 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_conf_rfc_get()
4078 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_conf_rfc_get()
4079 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext); in l2cap_conf_rfc_get()
4081 chan->ack_win = min_t(u16, chan->ack_win, in l2cap_conf_rfc_get()
4083 break; in l2cap_conf_rfc_get()
4085 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_conf_rfc_get()
4096 return -EPROTO; in l2cap_command_rej()
4098 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD) in l2cap_command_rej()
4101 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && in l2cap_command_rej()
4102 cmd->ident == conn->info_ident) { in l2cap_command_rej()
4103 cancel_delayed_work(&conn->info_timer); in l2cap_command_rej()
4105 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_command_rej()
4106 conn->info_ident = 0; in l2cap_command_rej()
4123 u16 dcid = 0, scid = __le16_to_cpu(req->scid); in l2cap_connect()
4124 __le16 psm = req->psm; in l2cap_connect()
4129 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_connect()
4130 &conn->hcon->dst, ACL_LINK); in l2cap_connect()
4136 mutex_lock(&conn->chan_lock); in l2cap_connect()
4141 !hci_conn_check_link_mode(conn->hcon)) { in l2cap_connect()
4142 conn->disc_reason = HCI_ERROR_AUTH_FAILURE; in l2cap_connect()
4161 chan = pchan->ops->new_connection(pchan); in l2cap_connect()
4170 conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT; in l2cap_connect()
4172 bacpy(&chan->src, &conn->hcon->src); in l2cap_connect()
4173 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_connect()
4174 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_connect()
4175 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_connect()
4176 chan->psm = psm; in l2cap_connect()
4177 chan->dcid = scid; in l2cap_connect()
4178 chan->local_amp_id = amp_id; in l2cap_connect()
4182 dcid = chan->scid; in l2cap_connect()
4184 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_connect()
4186 chan->ident = cmd->ident; in l2cap_connect()
4188 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { in l2cap_connect()
4190 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_connect()
4194 chan->ops->defer(chan); in l2cap_connect()
4222 mutex_unlock(&conn->chan_lock); in l2cap_connect()
4230 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); in l2cap_connect()
4236 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; in l2cap_connect()
4237 conn->info_ident = l2cap_get_ident(conn); in l2cap_connect()
4239 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); in l2cap_connect()
4241 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ, in l2cap_connect()
4245 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && in l2cap_connect()
4248 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_connect()
4251 chan->num_conf_req++; in l2cap_connect()
4260 struct hci_dev *hdev = conn->hcon->hdev; in l2cap_connect_req()
4261 struct hci_conn *hcon = conn->hcon; in l2cap_connect_req()
4264 return -EPROTO; in l2cap_connect_req()
4268 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags)) in l2cap_connect_req()
4287 return -EPROTO; in l2cap_connect_create_rsp()
4289 scid = __le16_to_cpu(rsp->scid); in l2cap_connect_create_rsp()
4290 dcid = __le16_to_cpu(rsp->dcid); in l2cap_connect_create_rsp()
4291 result = __le16_to_cpu(rsp->result); in l2cap_connect_create_rsp()
4292 status = __le16_to_cpu(rsp->status); in l2cap_connect_create_rsp()
4297 mutex_lock(&conn->chan_lock); in l2cap_connect_create_rsp()
4302 err = -EBADSLT; in l2cap_connect_create_rsp()
4306 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_connect_create_rsp()
4308 err = -EBADSLT; in l2cap_connect_create_rsp()
4315 err = -EBADSLT; in l2cap_connect_create_rsp()
4326 chan->ident = 0; in l2cap_connect_create_rsp()
4327 chan->dcid = dcid; in l2cap_connect_create_rsp()
4328 clear_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_connect_create_rsp()
4330 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) in l2cap_connect_create_rsp()
4331 break; in l2cap_connect_create_rsp()
4335 chan->num_conf_req++; in l2cap_connect_create_rsp()
4336 break; in l2cap_connect_create_rsp()
4339 set_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_connect_create_rsp()
4340 break; in l2cap_connect_create_rsp()
4344 break; in l2cap_connect_create_rsp()
4351 mutex_unlock(&conn->chan_lock); in l2cap_connect_create_rsp()
4361 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) in set_default_fcs()
4362 chan->fcs = L2CAP_FCS_NONE; in set_default_fcs()
4363 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) in set_default_fcs()
4364 chan->fcs = L2CAP_FCS_CRC16; in set_default_fcs()
4370 struct l2cap_conn *conn = chan->conn; in l2cap_send_efs_conf_rsp()
4375 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); in l2cap_send_efs_conf_rsp()
4376 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); in l2cap_send_efs_conf_rsp()
4406 return -EPROTO; in l2cap_config_req()
4408 dcid = __le16_to_cpu(req->dcid); in l2cap_config_req()
4409 flags = __le16_to_cpu(req->flags); in l2cap_config_req()
4415 cmd_reject_invalid_cid(conn, cmd->ident, dcid, 0); in l2cap_config_req()
4419 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2 && in l2cap_config_req()
4420 chan->state != BT_CONNECTED) { in l2cap_config_req()
4421 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, in l2cap_config_req()
4422 chan->dcid); in l2cap_config_req()
4427 len = cmd_len - sizeof(*req); in l2cap_config_req()
4428 if (chan->conf_len + len > sizeof(chan->conf_req)) { in l2cap_config_req()
4429 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, in l2cap_config_req()
4436 memcpy(chan->conf_req + chan->conf_len, req->data, len); in l2cap_config_req()
4437 chan->conf_len += len; in l2cap_config_req()
4441 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, in l2cap_config_req()
4454 chan->ident = cmd->ident; in l2cap_config_req()
4455 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); in l2cap_config_req()
4456 if (chan->num_conf_rsp < L2CAP_CONF_MAX_CONF_RSP) in l2cap_config_req()
4457 chan->num_conf_rsp++; in l2cap_config_req()
4460 chan->conf_len = 0; in l2cap_config_req()
4462 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) in l2cap_config_req()
4465 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) { in l2cap_config_req()
4468 if (chan->mode == L2CAP_MODE_ERTM || in l2cap_config_req()
4469 chan->mode == L2CAP_MODE_STREAMING) in l2cap_config_req()
4473 l2cap_send_disconn_req(chan, -err); in l2cap_config_req()
4480 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { in l2cap_config_req()
4484 chan->num_conf_req++; in l2cap_config_req()
4489 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) && in l2cap_config_req()
4490 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { in l2cap_config_req()
4495 if (!chan->hs_hcon) in l2cap_config_req()
4496 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags); in l2cap_config_req()
4498 chan->ident = cmd->ident; in l2cap_config_req()
4514 int len = cmd_len - sizeof(*rsp); in l2cap_config_rsp()
4518 return -EPROTO; in l2cap_config_rsp()
4520 scid = __le16_to_cpu(rsp->scid); in l2cap_config_rsp()
4521 flags = __le16_to_cpu(rsp->flags); in l2cap_config_rsp()
4522 result = __le16_to_cpu(rsp->result); in l2cap_config_rsp()
4533 l2cap_conf_rfc_get(chan, rsp->data, len); in l2cap_config_rsp()
4534 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state); in l2cap_config_rsp()
4535 break; in l2cap_config_rsp()
4538 set_bit(CONF_REM_CONF_PEND, &chan->conf_state); in l2cap_config_rsp()
4540 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { in l2cap_config_rsp()
4543 len = l2cap_parse_conf_rsp(chan, rsp->data, len, in l2cap_config_rsp()
4550 if (!chan->hs_hcon) { in l2cap_config_rsp()
4551 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident, in l2cap_config_rsp()
4556 chan->ident = cmd->ident; in l2cap_config_rsp()
4564 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { in l2cap_config_rsp()
4567 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { in l2cap_config_rsp()
4574 len = l2cap_parse_conf_rsp(chan, rsp->data, len, in l2cap_config_rsp()
4583 chan->num_conf_req++; in l2cap_config_rsp()
4586 break; in l2cap_config_rsp()
4601 set_bit(CONF_INPUT_DONE, &chan->conf_state); in l2cap_config_rsp()
4603 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) { in l2cap_config_rsp()
4606 if (chan->mode == L2CAP_MODE_ERTM || in l2cap_config_rsp()
4607 chan->mode == L2CAP_MODE_STREAMING) in l2cap_config_rsp()
4611 l2cap_send_disconn_req(chan, -err); in l2cap_config_rsp()
4632 return -EPROTO; in l2cap_disconnect_req()
4634 scid = __le16_to_cpu(req->scid); in l2cap_disconnect_req()
4635 dcid = __le16_to_cpu(req->dcid); in l2cap_disconnect_req()
4639 mutex_lock(&conn->chan_lock); in l2cap_disconnect_req()
4643 mutex_unlock(&conn->chan_lock); in l2cap_disconnect_req()
4644 cmd_reject_invalid_cid(conn, cmd->ident, dcid, scid); in l2cap_disconnect_req()
4651 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_disconnect_req()
4652 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_disconnect_req()
4653 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); in l2cap_disconnect_req()
4655 chan->ops->set_shutdown(chan); in l2cap_disconnect_req()
4659 chan->ops->close(chan); in l2cap_disconnect_req()
4664 mutex_unlock(&conn->chan_lock); in l2cap_disconnect_req()
4678 return -EPROTO; in l2cap_disconnect_rsp()
4680 scid = __le16_to_cpu(rsp->scid); in l2cap_disconnect_rsp()
4681 dcid = __le16_to_cpu(rsp->dcid); in l2cap_disconnect_rsp()
4685 mutex_lock(&conn->chan_lock); in l2cap_disconnect_rsp()
4689 mutex_unlock(&conn->chan_lock); in l2cap_disconnect_rsp()
4696 if (chan->state != BT_DISCONN) { in l2cap_disconnect_rsp()
4699 mutex_unlock(&conn->chan_lock); in l2cap_disconnect_rsp()
4705 chan->ops->close(chan); in l2cap_disconnect_rsp()
4710 mutex_unlock(&conn->chan_lock); in l2cap_disconnect_rsp()
4723 return -EPROTO; in l2cap_information_req()
4725 type = __le16_to_cpu(req->type); in l2cap_information_req()
4733 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); in l2cap_information_req()
4734 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); in l2cap_information_req()
4738 if (conn->local_fixed_chan & L2CAP_FC_A2MP) in l2cap_information_req()
4742 put_unaligned_le32(feat_mask, rsp->data); in l2cap_information_req()
4743 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), in l2cap_information_req()
4749 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN); in l2cap_information_req()
4750 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); in l2cap_information_req()
4751 rsp->data[0] = conn->local_fixed_chan; in l2cap_information_req()
4752 memset(rsp->data + 1, 0, 7); in l2cap_information_req()
4753 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), in l2cap_information_req()
4759 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp), in l2cap_information_req()
4774 return -EPROTO; in l2cap_information_rsp()
4776 type = __le16_to_cpu(rsp->type); in l2cap_information_rsp()
4777 result = __le16_to_cpu(rsp->result); in l2cap_information_rsp()
4782 if (cmd->ident != conn->info_ident || in l2cap_information_rsp()
4783 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) in l2cap_information_rsp()
4786 cancel_delayed_work(&conn->info_timer); in l2cap_information_rsp()
4789 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4790 conn->info_ident = 0; in l2cap_information_rsp()
4799 conn->feat_mask = get_unaligned_le32(rsp->data); in l2cap_information_rsp()
4801 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) { in l2cap_information_rsp()
4805 conn->info_ident = l2cap_get_ident(conn); in l2cap_information_rsp()
4807 l2cap_send_cmd(conn, conn->info_ident, in l2cap_information_rsp()
4810 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4811 conn->info_ident = 0; in l2cap_information_rsp()
4815 break; in l2cap_information_rsp()
4818 conn->remote_fixed_chan = rsp->data[0]; in l2cap_information_rsp()
4819 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4820 conn->info_ident = 0; in l2cap_information_rsp()
4823 break; in l2cap_information_rsp()
4840 return -EPROTO; in l2cap_create_channel_req()
4842 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) in l2cap_create_channel_req()
4843 return -EINVAL; in l2cap_create_channel_req()
4845 psm = le16_to_cpu(req->psm); in l2cap_create_channel_req()
4846 scid = le16_to_cpu(req->scid); in l2cap_create_channel_req()
4848 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id); in l2cap_create_channel_req()
4851 if (req->amp_id == AMP_ID_BREDR) { in l2cap_create_channel_req()
4853 req->amp_id); in l2cap_create_channel_req()
4858 hdev = hci_dev_get(req->amp_id); in l2cap_create_channel_req()
4862 if (hdev->dev_type != HCI_AMP || !test_bit(HCI_UP, &hdev->flags)) { in l2cap_create_channel_req()
4868 req->amp_id); in l2cap_create_channel_req()
4870 struct amp_mgr *mgr = conn->hcon->amp_mgr; in l2cap_create_channel_req()
4874 &conn->hcon->dst); in l2cap_create_channel_req()
4877 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, in l2cap_create_channel_req()
4878 chan->dcid); in l2cap_create_channel_req()
4884 mgr->bredr_chan = chan; in l2cap_create_channel_req()
4885 chan->hs_hcon = hs_hcon; in l2cap_create_channel_req()
4886 chan->fcs = L2CAP_FCS_NONE; in l2cap_create_channel_req()
4887 conn->mtu = hdev->block_mtu; in l2cap_create_channel_req()
4900 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP, in l2cap_create_channel_req()
4913 ident = l2cap_get_ident(chan->conn); in l2cap_send_move_chan_req()
4914 chan->ident = ident; in l2cap_send_move_chan_req()
4916 req.icid = cpu_to_le16(chan->scid); in l2cap_send_move_chan_req()
4919 l2cap_send_cmd(chan->conn, ident, L2CAP_MOVE_CHAN_REQ, sizeof(req), in l2cap_send_move_chan_req()
4931 rsp.icid = cpu_to_le16(chan->dcid); in l2cap_send_move_chan_rsp()
4934 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_RSP, in l2cap_send_move_chan_rsp()
4944 chan->ident = l2cap_get_ident(chan->conn); in l2cap_send_move_chan_cfm()
4946 cfm.icid = cpu_to_le16(chan->scid); in l2cap_send_move_chan_cfm()
4949 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_CFM, in l2cap_send_move_chan_cfm()
4981 chan->hs_hchan = NULL; in __release_logical_link()
4982 chan->hs_hcon = NULL; in __release_logical_link()
4984 /* Placeholder - release the logical link */ in __release_logical_link()
4990 if (chan->state != BT_CONNECTED) { in l2cap_logical_fail()
4996 switch (chan->move_role) { in l2cap_logical_fail()
5000 break; in l2cap_logical_fail()
5002 if (chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_COMP || in l2cap_logical_fail()
5003 chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_CFM) { in l2cap_logical_fail()
5014 break; in l2cap_logical_fail()
5023 chan->hs_hchan = hchan; in l2cap_logical_finish_create()
5024 chan->hs_hcon->l2cap_data = chan->conn; in l2cap_logical_finish_create()
5026 l2cap_send_efs_conf_rsp(chan, &rsp, chan->ident, 0); in l2cap_logical_finish_create()
5028 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) { in l2cap_logical_finish_create()
5035 l2cap_send_disconn_req(chan, -err); in l2cap_logical_finish_create()
5044 chan->hs_hcon = hchan->conn; in l2cap_logical_finish_move()
5045 chan->hs_hcon->l2cap_data = chan->conn; in l2cap_logical_finish_move()
5047 BT_DBG("move_state %d", chan->move_state); in l2cap_logical_finish_move()
5049 switch (chan->move_state) { in l2cap_logical_finish_move()
5054 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; in l2cap_logical_finish_move()
5055 break; in l2cap_logical_finish_move()
5057 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_logical_finish_move()
5058 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; in l2cap_logical_finish_move()
5059 } else if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) { in l2cap_logical_finish_move()
5060 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP; in l2cap_logical_finish_move()
5062 } else if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) { in l2cap_logical_finish_move()
5063 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; in l2cap_logical_finish_move()
5066 break; in l2cap_logical_finish_move()
5071 chan->move_state = L2CAP_MOVE_STABLE; in l2cap_logical_finish_move()
5087 if (chan->state != BT_CONNECTED) { in l2cap_logical_cfm()
5089 if (chan->local_amp_id != AMP_ID_BREDR) in l2cap_logical_cfm()
5100 if (chan->local_amp_id == AMP_ID_BREDR) { in l2cap_move_start()
5101 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED) in l2cap_move_start()
5103 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR; in l2cap_move_start()
5104 chan->move_state = L2CAP_MOVE_WAIT_PREPARE; in l2cap_move_start()
5105 /* Placeholder - start physical link setup */ in l2cap_move_start()
5107 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR; in l2cap_move_start()
5108 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; in l2cap_move_start()
5109 chan->move_id = 0; in l2cap_move_start()
5118 BT_DBG("chan %p state %s %u -> %u", chan, state_to_string(chan->state), in l2cap_do_create()
5121 chan->fcs = L2CAP_FCS_NONE; in l2cap_do_create()
5124 if (chan->state == BT_CONNECT) { in l2cap_do_create()
5126 chan->local_amp_id = local_amp_id; in l2cap_do_create()
5140 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_do_create()
5141 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_do_create()
5153 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_RSP, in l2cap_do_create()
5158 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_do_create()
5159 l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn), in l2cap_do_create()
5162 chan->num_conf_req++; in l2cap_do_create()
5171 chan->move_id = local_amp_id; in l2cap_do_move_initiate()
5172 chan->move_state = L2CAP_MOVE_WAIT_RSP; in l2cap_do_move_initiate()
5181 /* Placeholder - get hci_chan for logical link */ in l2cap_do_move_respond()
5184 if (hchan->state == BT_CONNECTED) { in l2cap_do_move_respond()
5186 chan->hs_hcon = hchan->conn; in l2cap_do_move_respond()
5187 chan->hs_hcon->l2cap_data = chan->conn; in l2cap_do_move_respond()
5188 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; in l2cap_do_move_respond()
5194 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; in l2cap_do_move_respond()
5204 if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) { in l2cap_do_move_cancel()
5206 if (result == -EINVAL) in l2cap_do_move_cancel()
5214 chan->move_role = L2CAP_MOVE_ROLE_NONE; in l2cap_do_move_cancel()
5215 chan->move_state = L2CAP_MOVE_STABLE; in l2cap_do_move_cancel()
5224 u8 local_amp_id = chan->local_amp_id; in __l2cap_physical_cfm()
5225 u8 remote_amp_id = chan->remote_amp_id; in __l2cap_physical_cfm()
5230 if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) in __l2cap_physical_cfm()
5233 if (chan->state != BT_CONNECTED) { in __l2cap_physical_cfm()
5238 switch (chan->move_role) { in __l2cap_physical_cfm()
5242 break; in __l2cap_physical_cfm()
5245 break; in __l2cap_physical_cfm()
5248 break; in __l2cap_physical_cfm()
5264 return -EPROTO; in l2cap_move_channel_req()
5266 icid = le16_to_cpu(req->icid); in l2cap_move_channel_req()
5268 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id); in l2cap_move_channel_req()
5270 if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) in l2cap_move_channel_req()
5271 return -EINVAL; in l2cap_move_channel_req()
5277 l2cap_send_cmd(conn, cmd->ident, L2CAP_MOVE_CHAN_RSP, in l2cap_move_channel_req()
5282 chan->ident = cmd->ident; in l2cap_move_channel_req()
5284 if (chan->scid < L2CAP_CID_DYN_START || in l2cap_move_channel_req()
5285 chan->chan_policy == BT_CHANNEL_POLICY_BREDR_ONLY || in l2cap_move_channel_req()
5286 (chan->mode != L2CAP_MODE_ERTM && in l2cap_move_channel_req()
5287 chan->mode != L2CAP_MODE_STREAMING)) { in l2cap_move_channel_req()
5292 if (chan->local_amp_id == req->dest_amp_id) { in l2cap_move_channel_req()
5297 if (req->dest_amp_id != AMP_ID_BREDR) { in l2cap_move_channel_req()
5299 hdev = hci_dev_get(req->dest_amp_id); in l2cap_move_channel_req()
5300 if (!hdev || hdev->dev_type != HCI_AMP || in l2cap_move_channel_req()
5301 !test_bit(HCI_UP, &hdev->flags)) { in l2cap_move_channel_req()
5316 chan->move_role != L2CAP_MOVE_ROLE_NONE) && in l2cap_move_channel_req()
5317 bacmp(&conn->hcon->src, &conn->hcon->dst) > 0) { in l2cap_move_channel_req()
5322 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER; in l2cap_move_channel_req()
5324 chan->move_id = req->dest_amp_id; in l2cap_move_channel_req()
5326 if (req->dest_amp_id == AMP_ID_BREDR) { in l2cap_move_channel_req()
5328 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_move_channel_req()
5329 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; in l2cap_move_channel_req()
5332 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; in l2cap_move_channel_req()
5336 chan->move_state = L2CAP_MOVE_WAIT_PREPARE; in l2cap_move_channel_req()
5337 /* Placeholder - uncomment when amp functions are available */ in l2cap_move_channel_req()
5338 /*amp_accept_physical(chan, req->dest_amp_id);*/ in l2cap_move_channel_req()
5366 switch (chan->move_state) { in l2cap_move_continue()
5371 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; in l2cap_move_continue()
5372 break; in l2cap_move_continue()
5375 break; in l2cap_move_continue()
5377 &chan->conn_state)) { in l2cap_move_continue()
5378 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; in l2cap_move_continue()
5383 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP; in l2cap_move_continue()
5386 break; in l2cap_move_continue()
5393 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; in l2cap_move_continue()
5398 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_COMP; in l2cap_move_continue()
5401 /* Placeholder - get hci_chan for logical link */ in l2cap_move_continue()
5405 break; in l2cap_move_continue()
5411 if (hchan->state != BT_CONNECTED) in l2cap_move_continue()
5412 break; in l2cap_move_continue()
5416 chan->hs_hcon = hchan->conn; in l2cap_move_continue()
5417 chan->hs_hcon->l2cap_data = chan->conn; in l2cap_move_continue()
5426 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; in l2cap_move_continue()
5430 break; in l2cap_move_continue()
5433 chan->move_id = chan->local_amp_id; in l2cap_move_continue()
5456 if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) { in l2cap_move_fail()
5458 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER; in l2cap_move_fail()
5460 /* Cleanup - cancel move */ in l2cap_move_fail()
5461 chan->move_id = chan->local_amp_id; in l2cap_move_fail()
5480 return -EPROTO; in l2cap_move_channel_rsp()
5482 icid = le16_to_cpu(rsp->icid); in l2cap_move_channel_rsp()
5483 result = le16_to_cpu(rsp->result); in l2cap_move_channel_rsp()
5490 l2cap_move_fail(conn, cmd->ident, icid, result); in l2cap_move_channel_rsp()
5504 return -EPROTO; in l2cap_move_channel_confirm()
5506 icid = le16_to_cpu(cfm->icid); in l2cap_move_channel_confirm()
5507 result = le16_to_cpu(cfm->result); in l2cap_move_channel_confirm()
5514 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); in l2cap_move_channel_confirm()
5518 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) { in l2cap_move_channel_confirm()
5520 chan->local_amp_id = chan->move_id; in l2cap_move_channel_confirm()
5521 if (chan->local_amp_id == AMP_ID_BREDR) in l2cap_move_channel_confirm()
5524 chan->move_id = chan->local_amp_id; in l2cap_move_channel_confirm()
5530 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); in l2cap_move_channel_confirm()
5547 return -EPROTO; in l2cap_move_channel_confirm_rsp()
5549 icid = le16_to_cpu(rsp->icid); in l2cap_move_channel_confirm_rsp()
5559 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) { in l2cap_move_channel_confirm_rsp()
5560 chan->local_amp_id = chan->move_id; in l2cap_move_channel_confirm_rsp()
5562 if (chan->local_amp_id == AMP_ID_BREDR && chan->hs_hchan) in l2cap_move_channel_confirm_rsp()
5578 struct hci_conn *hcon = conn->hcon; in l2cap_conn_param_update_req()
5584 if (hcon->role != HCI_ROLE_MASTER) in l2cap_conn_param_update_req()
5585 return -EINVAL; in l2cap_conn_param_update_req()
5588 return -EPROTO; in l2cap_conn_param_update_req()
5591 min = __le16_to_cpu(req->min); in l2cap_conn_param_update_req()
5592 max = __le16_to_cpu(req->max); in l2cap_conn_param_update_req()
5593 latency = __le16_to_cpu(req->latency); in l2cap_conn_param_update_req()
5594 to_multiplier = __le16_to_cpu(req->to_multiplier); in l2cap_conn_param_update_req()
5607 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP, in l2cap_conn_param_update_req()
5615 mgmt_new_conn_param(hcon->hdev, &hcon->dst, hcon->dst_type, in l2cap_conn_param_update_req()
5629 struct hci_conn *hcon = conn->hcon; in l2cap_le_connect_rsp()
5635 return -EPROTO; in l2cap_le_connect_rsp()
5637 dcid = __le16_to_cpu(rsp->dcid); in l2cap_le_connect_rsp()
5638 mtu = __le16_to_cpu(rsp->mtu); in l2cap_le_connect_rsp()
5639 mps = __le16_to_cpu(rsp->mps); in l2cap_le_connect_rsp()
5640 credits = __le16_to_cpu(rsp->credits); in l2cap_le_connect_rsp()
5641 result = __le16_to_cpu(rsp->result); in l2cap_le_connect_rsp()
5646 return -EPROTO; in l2cap_le_connect_rsp()
5651 mutex_lock(&conn->chan_lock); in l2cap_le_connect_rsp()
5653 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_le_connect_rsp()
5655 err = -EBADSLT; in l2cap_le_connect_rsp()
5666 err = -EBADSLT; in l2cap_le_connect_rsp()
5667 break; in l2cap_le_connect_rsp()
5670 chan->ident = 0; in l2cap_le_connect_rsp()
5671 chan->dcid = dcid; in l2cap_le_connect_rsp()
5672 chan->omtu = mtu; in l2cap_le_connect_rsp()
5673 chan->remote_mps = mps; in l2cap_le_connect_rsp()
5674 chan->tx_credits = credits; in l2cap_le_connect_rsp()
5676 break; in l2cap_le_connect_rsp()
5683 if (hcon->sec_level > BT_SECURITY_MEDIUM) { in l2cap_le_connect_rsp()
5685 break; in l2cap_le_connect_rsp()
5688 sec_level = hcon->sec_level + 1; in l2cap_le_connect_rsp()
5689 if (chan->sec_level < sec_level) in l2cap_le_connect_rsp()
5690 chan->sec_level = sec_level; in l2cap_le_connect_rsp()
5693 clear_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags); in l2cap_le_connect_rsp()
5695 smp_conn_security(hcon, chan->sec_level); in l2cap_le_connect_rsp()
5696 break; in l2cap_le_connect_rsp()
5700 break; in l2cap_le_connect_rsp()
5706 mutex_unlock(&conn->chan_lock); in l2cap_le_connect_rsp()
5717 switch (cmd->code) { in l2cap_bredr_sig_cmd()
5720 break; in l2cap_bredr_sig_cmd()
5724 break; in l2cap_bredr_sig_cmd()
5729 break; in l2cap_bredr_sig_cmd()
5733 break; in l2cap_bredr_sig_cmd()
5737 break; in l2cap_bredr_sig_cmd()
5741 break; in l2cap_bredr_sig_cmd()
5745 break; in l2cap_bredr_sig_cmd()
5748 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data); in l2cap_bredr_sig_cmd()
5749 break; in l2cap_bredr_sig_cmd()
5752 break; in l2cap_bredr_sig_cmd()
5756 break; in l2cap_bredr_sig_cmd()
5760 break; in l2cap_bredr_sig_cmd()
5764 break; in l2cap_bredr_sig_cmd()
5768 break; in l2cap_bredr_sig_cmd()
5772 break; in l2cap_bredr_sig_cmd()
5776 break; in l2cap_bredr_sig_cmd()
5780 break; in l2cap_bredr_sig_cmd()
5783 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code); in l2cap_bredr_sig_cmd()
5784 err = -EINVAL; in l2cap_bredr_sig_cmd()
5785 break; in l2cap_bredr_sig_cmd()
5803 return -EPROTO; in l2cap_le_connect_req()
5805 scid = __le16_to_cpu(req->scid); in l2cap_le_connect_req()
5806 mtu = __le16_to_cpu(req->mtu); in l2cap_le_connect_req()
5807 mps = __le16_to_cpu(req->mps); in l2cap_le_connect_req()
5808 psm = req->psm; in l2cap_le_connect_req()
5813 return -EPROTO; in l2cap_le_connect_req()
5821 * Valid range: 0x0001-0x00ff in l2cap_le_connect_req()
5832 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_le_connect_req()
5833 &conn->hcon->dst, LE_LINK); in l2cap_le_connect_req()
5840 mutex_lock(&conn->chan_lock); in l2cap_le_connect_req()
5843 if (!smp_sufficient_security(conn->hcon, pchan->sec_level, in l2cap_le_connect_req()
5864 chan = pchan->ops->new_connection(pchan); in l2cap_le_connect_req()
5870 bacpy(&chan->src, &conn->hcon->src); in l2cap_le_connect_req()
5871 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_le_connect_req()
5872 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_le_connect_req()
5873 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_le_connect_req()
5874 chan->psm = psm; in l2cap_le_connect_req()
5875 chan->dcid = scid; in l2cap_le_connect_req()
5876 chan->omtu = mtu; in l2cap_le_connect_req()
5877 chan->remote_mps = mps; in l2cap_le_connect_req()
5881 l2cap_le_flowctl_init(chan, __le16_to_cpu(req->credits)); in l2cap_le_connect_req()
5883 dcid = chan->scid; in l2cap_le_connect_req()
5884 credits = chan->rx_credits; in l2cap_le_connect_req()
5886 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_le_connect_req()
5888 chan->ident = cmd->ident; in l2cap_le_connect_req()
5890 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_le_connect_req()
5898 chan->ops->defer(chan); in l2cap_le_connect_req()
5906 mutex_unlock(&conn->chan_lock); in l2cap_le_connect_req()
5914 rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_le_connect_req()
5915 rsp.mps = cpu_to_le16(chan->mps); in l2cap_le_connect_req()
5925 l2cap_send_cmd(conn, cmd->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), &rsp); in l2cap_le_connect_req()
5939 return -EPROTO; in l2cap_le_credits()
5942 cid = __le16_to_cpu(pkt->cid); in l2cap_le_credits()
5943 credits = __le16_to_cpu(pkt->credits); in l2cap_le_credits()
5949 return -EBADSLT; in l2cap_le_credits()
5951 max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits; in l2cap_le_credits()
5962 chan->tx_credits += credits; in l2cap_le_credits()
5967 if (chan->tx_credits) in l2cap_le_credits()
5968 chan->ops->resume(chan); in l2cap_le_credits()
5994 return -EINVAL; in l2cap_ecred_conn_req()
5996 if (cmd_len < sizeof(*req) || (cmd_len - sizeof(*req)) % sizeof(u16)) { in l2cap_ecred_conn_req()
6001 cmd_len -= sizeof(*req); in l2cap_ecred_conn_req()
6009 mtu = __le16_to_cpu(req->mtu); in l2cap_ecred_conn_req()
6010 mps = __le16_to_cpu(req->mps); in l2cap_ecred_conn_req()
6017 psm = req->psm; in l2cap_ecred_conn_req()
6022 * Valid range: 0x0001-0x00ff in l2cap_ecred_conn_req()
6036 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_ecred_conn_req()
6037 &conn->hcon->dst, LE_LINK); in l2cap_ecred_conn_req()
6043 mutex_lock(&conn->chan_lock); in l2cap_ecred_conn_req()
6046 if (!smp_sufficient_security(conn->hcon, pchan->sec_level, in l2cap_ecred_conn_req()
6055 u16 scid = __le16_to_cpu(req->scid[i]); in l2cap_ecred_conn_req()
6074 chan = pchan->ops->new_connection(pchan); in l2cap_ecred_conn_req()
6080 bacpy(&chan->src, &conn->hcon->src); in l2cap_ecred_conn_req()
6081 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_ecred_conn_req()
6082 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_ecred_conn_req()
6083 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_ecred_conn_req()
6084 chan->psm = psm; in l2cap_ecred_conn_req()
6085 chan->dcid = scid; in l2cap_ecred_conn_req()
6086 chan->omtu = mtu; in l2cap_ecred_conn_req()
6087 chan->remote_mps = mps; in l2cap_ecred_conn_req()
6091 l2cap_ecred_init(chan, __le16_to_cpu(req->credits)); in l2cap_ecred_conn_req()
6095 pdu.rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_conn_req()
6096 pdu.rsp.mps = cpu_to_le16(chan->mps); in l2cap_ecred_conn_req()
6097 pdu.rsp.credits = cpu_to_le16(chan->rx_credits); in l2cap_ecred_conn_req()
6100 pdu.dcid[i] = cpu_to_le16(chan->scid); in l2cap_ecred_conn_req()
6102 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_ecred_conn_req()
6104 chan->ident = cmd->ident; in l2cap_ecred_conn_req()
6106 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_ecred_conn_req()
6109 chan->ops->defer(chan); in l2cap_ecred_conn_req()
6117 mutex_unlock(&conn->chan_lock); in l2cap_ecred_conn_req()
6126 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECRED_CONN_RSP, in l2cap_ecred_conn_req()
6137 struct hci_conn *hcon = conn->hcon; in l2cap_ecred_conn_rsp()
6144 return -EPROTO; in l2cap_ecred_conn_rsp()
6146 mtu = __le16_to_cpu(rsp->mtu); in l2cap_ecred_conn_rsp()
6147 mps = __le16_to_cpu(rsp->mps); in l2cap_ecred_conn_rsp()
6148 credits = __le16_to_cpu(rsp->credits); in l2cap_ecred_conn_rsp()
6149 result = __le16_to_cpu(rsp->result); in l2cap_ecred_conn_rsp()
6154 mutex_lock(&conn->chan_lock); in l2cap_ecred_conn_rsp()
6156 cmd_len -= sizeof(*rsp); in l2cap_ecred_conn_rsp()
6158 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_ecred_conn_rsp()
6161 if (chan->ident != cmd->ident || in l2cap_ecred_conn_rsp()
6162 chan->mode != L2CAP_MODE_EXT_FLOWCTL || in l2cap_ecred_conn_rsp()
6163 chan->state == BT_CONNECTED) in l2cap_ecred_conn_rsp()
6175 dcid = __le16_to_cpu(rsp->dcid[i++]); in l2cap_ecred_conn_rsp()
6176 cmd_len -= sizeof(u16); in l2cap_ecred_conn_rsp()
6184 * already-assigned Destination CID, then both the in l2cap_ecred_conn_rsp()
6203 if (hcon->sec_level > BT_SECURITY_MEDIUM) { in l2cap_ecred_conn_rsp()
6205 break; in l2cap_ecred_conn_rsp()
6208 sec_level = hcon->sec_level + 1; in l2cap_ecred_conn_rsp()
6209 if (chan->sec_level < sec_level) in l2cap_ecred_conn_rsp()
6210 chan->sec_level = sec_level; in l2cap_ecred_conn_rsp()
6213 clear_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags); in l2cap_ecred_conn_rsp()
6215 smp_conn_security(hcon, chan->sec_level); in l2cap_ecred_conn_rsp()
6216 break; in l2cap_ecred_conn_rsp()
6220 break; in l2cap_ecred_conn_rsp()
6226 break; in l2cap_ecred_conn_rsp()
6229 chan->ident = 0; in l2cap_ecred_conn_rsp()
6230 chan->dcid = dcid; in l2cap_ecred_conn_rsp()
6231 chan->omtu = mtu; in l2cap_ecred_conn_rsp()
6232 chan->remote_mps = mps; in l2cap_ecred_conn_rsp()
6233 chan->tx_credits = credits; in l2cap_ecred_conn_rsp()
6235 break; in l2cap_ecred_conn_rsp()
6241 mutex_unlock(&conn->chan_lock); in l2cap_ecred_conn_rsp()
6257 return -EINVAL; in l2cap_ecred_reconf_req()
6259 if (cmd_len < sizeof(*req) || cmd_len - sizeof(*req) % sizeof(u16)) { in l2cap_ecred_reconf_req()
6264 mtu = __le16_to_cpu(req->mtu); in l2cap_ecred_reconf_req()
6265 mps = __le16_to_cpu(req->mps); in l2cap_ecred_reconf_req()
6279 cmd_len -= sizeof(*req); in l2cap_ecred_reconf_req()
6286 scid = __le16_to_cpu(req->scid[i]); in l2cap_ecred_reconf_req()
6288 return -EPROTO; in l2cap_ecred_reconf_req()
6298 if (chan->omtu > mtu) { in l2cap_ecred_reconf_req()
6299 BT_ERR("chan %p decreased MTU %u -> %u", chan, in l2cap_ecred_reconf_req()
6300 chan->omtu, mtu); in l2cap_ecred_reconf_req()
6304 chan->omtu = mtu; in l2cap_ecred_reconf_req()
6305 chan->remote_mps = mps; in l2cap_ecred_reconf_req()
6311 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECRED_RECONF_RSP, sizeof(rsp), in l2cap_ecred_reconf_req()
6326 return -EPROTO; in l2cap_ecred_reconf_rsp()
6328 result = __le16_to_cpu(rsp->result); in l2cap_ecred_reconf_rsp()
6330 BT_DBG("result 0x%4.4x", rsp->result); in l2cap_ecred_reconf_rsp()
6335 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_ecred_reconf_rsp()
6336 if (chan->ident != cmd->ident) in l2cap_ecred_reconf_rsp()
6353 return -EPROTO; in l2cap_le_command_rej()
6355 mutex_lock(&conn->chan_lock); in l2cap_le_command_rej()
6357 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_le_command_rej()
6366 mutex_unlock(&conn->chan_lock); in l2cap_le_command_rej()
6376 switch (cmd->code) { in l2cap_le_sig_cmd()
6379 break; in l2cap_le_sig_cmd()
6383 break; in l2cap_le_sig_cmd()
6386 break; in l2cap_le_sig_cmd()
6390 break; in l2cap_le_sig_cmd()
6394 break; in l2cap_le_sig_cmd()
6398 break; in l2cap_le_sig_cmd()
6402 break; in l2cap_le_sig_cmd()
6406 break; in l2cap_le_sig_cmd()
6410 break; in l2cap_le_sig_cmd()
6414 break; in l2cap_le_sig_cmd()
6418 break; in l2cap_le_sig_cmd()
6422 break; in l2cap_le_sig_cmd()
6425 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code); in l2cap_le_sig_cmd()
6426 err = -EINVAL; in l2cap_le_sig_cmd()
6427 break; in l2cap_le_sig_cmd()
6436 struct hci_conn *hcon = conn->hcon; in l2cap_le_sig_channel()
6441 if (hcon->type != LE_LINK) in l2cap_le_sig_channel()
6444 if (skb->len < L2CAP_CMD_HDR_SIZE) in l2cap_le_sig_channel()
6447 cmd = (void *) skb->data; in l2cap_le_sig_channel()
6450 len = le16_to_cpu(cmd->len); in l2cap_le_sig_channel()
6452 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, cmd->ident); in l2cap_le_sig_channel()
6454 if (len != skb->len || !cmd->ident) { in l2cap_le_sig_channel()
6459 err = l2cap_le_sig_cmd(conn, cmd, len, skb->data); in l2cap_le_sig_channel()
6466 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, in l2cap_le_sig_channel()
6477 struct hci_conn *hcon = conn->hcon; in l2cap_sig_channel()
6483 if (hcon->type != ACL_LINK) in l2cap_sig_channel()
6486 while (skb->len >= L2CAP_CMD_HDR_SIZE) { in l2cap_sig_channel()
6489 cmd = (void *) skb->data; in l2cap_sig_channel()
6492 len = le16_to_cpu(cmd->len); in l2cap_sig_channel()
6494 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, in l2cap_sig_channel()
6495 cmd->ident); in l2cap_sig_channel()
6497 if (len > skb->len || !cmd->ident) { in l2cap_sig_channel()
6499 break; in l2cap_sig_channel()
6502 err = l2cap_bredr_sig_cmd(conn, cmd, len, skb->data); in l2cap_sig_channel()
6509 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, in l2cap_sig_channel()
6525 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_check_fcs()
6530 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_check_fcs()
6531 skb_trim(skb, skb->len - L2CAP_FCS_SIZE); in l2cap_check_fcs()
6532 rcv_fcs = get_unaligned_le16(skb->data + skb->len); in l2cap_check_fcs()
6533 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size); in l2cap_check_fcs()
6536 return -EBADMSG; in l2cap_check_fcs()
6543 struct l2cap_ctrl control; in l2cap_send_i_or_rr_or_rnr() local
6547 memset(&control, 0, sizeof(control)); in l2cap_send_i_or_rr_or_rnr()
6548 control.sframe = 1; in l2cap_send_i_or_rr_or_rnr()
6549 control.final = 1; in l2cap_send_i_or_rr_or_rnr()
6550 control.reqseq = chan->buffer_seq; in l2cap_send_i_or_rr_or_rnr()
6551 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_send_i_or_rr_or_rnr()
6553 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_send_i_or_rr_or_rnr()
6554 control.super = L2CAP_SUPER_RNR; in l2cap_send_i_or_rr_or_rnr()
6555 l2cap_send_sframe(chan, &control); in l2cap_send_i_or_rr_or_rnr()
6558 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) && in l2cap_send_i_or_rr_or_rnr()
6559 chan->unacked_frames > 0) in l2cap_send_i_or_rr_or_rnr()
6565 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) && in l2cap_send_i_or_rr_or_rnr()
6566 test_bit(CONN_SEND_FBIT, &chan->conn_state)) { in l2cap_send_i_or_rr_or_rnr()
6567 /* F-bit wasn't sent in an s-frame or i-frame yet, so in l2cap_send_i_or_rr_or_rnr()
6570 control.super = L2CAP_SUPER_RR; in l2cap_send_i_or_rr_or_rnr()
6571 l2cap_send_sframe(chan, &control); in l2cap_send_i_or_rr_or_rnr()
6578 /* skb->len reflects data in skb as well as all fragments in append_skb_frag()
6579 * skb->data_len reflects only data in fragments in append_skb_frag()
6582 skb_shinfo(skb)->frag_list = new_frag; in append_skb_frag()
6584 new_frag->next = NULL; in append_skb_frag()
6586 (*last_frag)->next = new_frag; in append_skb_frag()
6589 skb->len += new_frag->len; in append_skb_frag()
6590 skb->data_len += new_frag->len; in append_skb_frag()
6591 skb->truesize += new_frag->truesize; in append_skb_frag()
6595 struct l2cap_ctrl *control) in l2cap_reassemble_sdu() argument
6597 int err = -EINVAL; in l2cap_reassemble_sdu()
6599 switch (control->sar) { in l2cap_reassemble_sdu()
6601 if (chan->sdu) in l2cap_reassemble_sdu()
6602 break; in l2cap_reassemble_sdu()
6604 err = chan->ops->recv(chan, skb); in l2cap_reassemble_sdu()
6605 break; in l2cap_reassemble_sdu()
6608 if (chan->sdu) in l2cap_reassemble_sdu()
6609 break; in l2cap_reassemble_sdu()
6612 break; in l2cap_reassemble_sdu()
6614 chan->sdu_len = get_unaligned_le16(skb->data); in l2cap_reassemble_sdu()
6617 if (chan->sdu_len > chan->imtu) { in l2cap_reassemble_sdu()
6618 err = -EMSGSIZE; in l2cap_reassemble_sdu()
6619 break; in l2cap_reassemble_sdu()
6622 if (skb->len >= chan->sdu_len) in l2cap_reassemble_sdu()
6623 break; in l2cap_reassemble_sdu()
6625 chan->sdu = skb; in l2cap_reassemble_sdu()
6626 chan->sdu_last_frag = skb; in l2cap_reassemble_sdu()
6630 break; in l2cap_reassemble_sdu()
6633 if (!chan->sdu) in l2cap_reassemble_sdu()
6634 break; in l2cap_reassemble_sdu()
6636 append_skb_frag(chan->sdu, skb, in l2cap_reassemble_sdu()
6637 &chan->sdu_last_frag); in l2cap_reassemble_sdu()
6640 if (chan->sdu->len >= chan->sdu_len) in l2cap_reassemble_sdu()
6641 break; in l2cap_reassemble_sdu()
6644 break; in l2cap_reassemble_sdu()
6647 if (!chan->sdu) in l2cap_reassemble_sdu()
6648 break; in l2cap_reassemble_sdu()
6650 append_skb_frag(chan->sdu, skb, in l2cap_reassemble_sdu()
6651 &chan->sdu_last_frag); in l2cap_reassemble_sdu()
6654 if (chan->sdu->len != chan->sdu_len) in l2cap_reassemble_sdu()
6655 break; in l2cap_reassemble_sdu()
6657 err = chan->ops->recv(chan, chan->sdu); in l2cap_reassemble_sdu()
6661 chan->sdu = NULL; in l2cap_reassemble_sdu()
6662 chan->sdu_last_frag = NULL; in l2cap_reassemble_sdu()
6663 chan->sdu_len = 0; in l2cap_reassemble_sdu()
6665 break; in l2cap_reassemble_sdu()
6670 kfree_skb(chan->sdu); in l2cap_reassemble_sdu()
6671 chan->sdu = NULL; in l2cap_reassemble_sdu()
6672 chan->sdu_last_frag = NULL; in l2cap_reassemble_sdu()
6673 chan->sdu_len = 0; in l2cap_reassemble_sdu()
6689 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_chan_busy()
6705 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_queued_iframes()
6708 chan->buffer_seq, skb_queue_len(&chan->srej_q)); in l2cap_rx_queued_iframes()
6710 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq); in l2cap_rx_queued_iframes()
6713 break; in l2cap_rx_queued_iframes()
6715 skb_unlink(skb, &chan->srej_q); in l2cap_rx_queued_iframes()
6716 chan->buffer_seq = __next_seq(chan, chan->buffer_seq); in l2cap_rx_queued_iframes()
6717 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->l2cap); in l2cap_rx_queued_iframes()
6719 break; in l2cap_rx_queued_iframes()
6722 if (skb_queue_empty(&chan->srej_q)) { in l2cap_rx_queued_iframes()
6723 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_rx_queued_iframes()
6731 struct l2cap_ctrl *control) in l2cap_handle_srej() argument
6735 BT_DBG("chan %p, control %p", chan, control); in l2cap_handle_srej()
6737 if (control->reqseq == chan->next_tx_seq) { in l2cap_handle_srej()
6738 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); in l2cap_handle_srej()
6743 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq); in l2cap_handle_srej()
6747 control->reqseq); in l2cap_handle_srej()
6751 if (chan->max_tx != 0 && bt_cb(skb)->l2cap.retries >= chan->max_tx) { in l2cap_handle_srej()
6752 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_handle_srej()
6757 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_handle_srej()
6759 if (control->poll) { in l2cap_handle_srej()
6760 l2cap_pass_to_tx(chan, control); in l2cap_handle_srej()
6762 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_handle_srej()
6763 l2cap_retransmit(chan, control); in l2cap_handle_srej()
6766 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) { in l2cap_handle_srej()
6767 set_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_handle_srej()
6768 chan->srej_save_reqseq = control->reqseq; in l2cap_handle_srej()
6771 l2cap_pass_to_tx_fbit(chan, control); in l2cap_handle_srej()
6773 if (control->final) { in l2cap_handle_srej()
6774 if (chan->srej_save_reqseq != control->reqseq || in l2cap_handle_srej()
6776 &chan->conn_state)) in l2cap_handle_srej()
6777 l2cap_retransmit(chan, control); in l2cap_handle_srej()
6779 l2cap_retransmit(chan, control); in l2cap_handle_srej()
6780 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) { in l2cap_handle_srej()
6781 set_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_handle_srej()
6782 chan->srej_save_reqseq = control->reqseq; in l2cap_handle_srej()
6789 struct l2cap_ctrl *control) in l2cap_handle_rej() argument
6793 BT_DBG("chan %p, control %p", chan, control); in l2cap_handle_rej()
6795 if (control->reqseq == chan->next_tx_seq) { in l2cap_handle_rej()
6796 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); in l2cap_handle_rej()
6801 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq); in l2cap_handle_rej()
6803 if (chan->max_tx && skb && in l2cap_handle_rej()
6804 bt_cb(skb)->l2cap.retries >= chan->max_tx) { in l2cap_handle_rej()
6805 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_handle_rej()
6810 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_handle_rej()
6812 l2cap_pass_to_tx(chan, control); in l2cap_handle_rej()
6814 if (control->final) { in l2cap_handle_rej()
6815 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) in l2cap_handle_rej()
6816 l2cap_retransmit_all(chan, control); in l2cap_handle_rej()
6818 l2cap_retransmit_all(chan, control); in l2cap_handle_rej()
6820 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) in l2cap_handle_rej()
6821 set_bit(CONN_REJ_ACT, &chan->conn_state); in l2cap_handle_rej()
6829 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq, in l2cap_classify_txseq()
6830 chan->expected_tx_seq); in l2cap_classify_txseq()
6832 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_classify_txseq()
6833 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= in l2cap_classify_txseq()
6834 chan->tx_win) { in l2cap_classify_txseq()
6838 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) { in l2cap_classify_txseq()
6839 BT_DBG("Invalid/Ignore - after SREJ"); in l2cap_classify_txseq()
6842 BT_DBG("Invalid - in window after SREJ sent"); in l2cap_classify_txseq()
6847 if (chan->srej_list.head == txseq) { in l2cap_classify_txseq()
6852 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) { in l2cap_classify_txseq()
6853 BT_DBG("Duplicate SREJ - txseq already stored"); in l2cap_classify_txseq()
6857 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) { in l2cap_classify_txseq()
6858 BT_DBG("Unexpected SREJ - not requested"); in l2cap_classify_txseq()
6863 if (chan->expected_tx_seq == txseq) { in l2cap_classify_txseq()
6864 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= in l2cap_classify_txseq()
6865 chan->tx_win) { in l2cap_classify_txseq()
6866 BT_DBG("Invalid - txseq outside tx window"); in l2cap_classify_txseq()
6874 if (__seq_offset(chan, txseq, chan->last_acked_seq) < in l2cap_classify_txseq()
6875 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) { in l2cap_classify_txseq()
6876 BT_DBG("Duplicate - expected_tx_seq later than txseq"); in l2cap_classify_txseq()
6880 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) { in l2cap_classify_txseq()
6898 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) { in l2cap_classify_txseq()
6899 BT_DBG("Invalid/Ignore - txseq outside tx window"); in l2cap_classify_txseq()
6902 BT_DBG("Invalid - txseq outside tx window"); in l2cap_classify_txseq()
6906 BT_DBG("Unexpected - txseq indicates missing frames"); in l2cap_classify_txseq()
6912 struct l2cap_ctrl *control, in l2cap_rx_state_recv() argument
6919 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb, in l2cap_rx_state_recv()
6924 switch (l2cap_classify_txseq(chan, control->txseq)) { in l2cap_rx_state_recv()
6926 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_recv()
6928 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_state_recv()
6930 control->txseq); in l2cap_rx_state_recv()
6931 break; in l2cap_rx_state_recv()
6934 chan->expected_tx_seq = __next_seq(chan, in l2cap_rx_state_recv()
6935 control->txseq); in l2cap_rx_state_recv()
6937 chan->buffer_seq = chan->expected_tx_seq; in l2cap_rx_state_recv()
6941 * control, so make a copy in advance to use it after in l2cap_rx_state_recv()
6947 * chan->ops->recv == l2cap_sock_recv_cb in l2cap_rx_state_recv()
6953 * Then the current thread tries to access control, but in l2cap_rx_state_recv()
6956 local_control = *control; in l2cap_rx_state_recv()
6957 err = l2cap_reassemble_sdu(chan, skb, control); in l2cap_rx_state_recv()
6959 break; in l2cap_rx_state_recv()
6963 &chan->conn_state)) { in l2cap_rx_state_recv()
6970 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) in l2cap_rx_state_recv()
6972 break; in l2cap_rx_state_recv()
6974 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_recv()
6980 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_state_recv()
6982 control->txseq); in l2cap_rx_state_recv()
6983 break; in l2cap_rx_state_recv()
6990 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_recv()
6993 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_recv()
6995 clear_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_rx_state_recv()
6996 l2cap_seq_list_clear(&chan->srej_list); in l2cap_rx_state_recv()
6997 l2cap_send_srej(chan, control->txseq); in l2cap_rx_state_recv()
6999 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT; in l2cap_rx_state_recv()
7000 break; in l2cap_rx_state_recv()
7002 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_recv()
7003 break; in l2cap_rx_state_recv()
7005 break; in l2cap_rx_state_recv()
7009 break; in l2cap_rx_state_recv()
7011 break; in l2cap_rx_state_recv()
7013 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_recv()
7014 if (control->final) { in l2cap_rx_state_recv()
7015 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_recv()
7017 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state) && in l2cap_rx_state_recv()
7019 control->final = 0; in l2cap_rx_state_recv()
7020 l2cap_retransmit_all(chan, control); in l2cap_rx_state_recv()
7024 } else if (control->poll) { in l2cap_rx_state_recv()
7028 &chan->conn_state) && in l2cap_rx_state_recv()
7029 chan->unacked_frames) in l2cap_rx_state_recv()
7034 break; in l2cap_rx_state_recv()
7036 set_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_recv()
7037 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_recv()
7038 if (control && control->poll) { in l2cap_rx_state_recv()
7039 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_recv()
7043 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_rx_state_recv()
7044 break; in l2cap_rx_state_recv()
7046 l2cap_handle_rej(chan, control); in l2cap_rx_state_recv()
7047 break; in l2cap_rx_state_recv()
7049 l2cap_handle_srej(chan, control); in l2cap_rx_state_recv()
7050 break; in l2cap_rx_state_recv()
7052 break; in l2cap_rx_state_recv()
7064 struct l2cap_ctrl *control, in l2cap_rx_state_srej_sent() argument
7068 u16 txseq = control->txseq; in l2cap_rx_state_srej_sent()
7071 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb, in l2cap_rx_state_srej_sent()
7079 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7080 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
7083 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
7085 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_rx_state_srej_sent()
7086 break; in l2cap_rx_state_srej_sent()
7088 l2cap_seq_list_pop(&chan->srej_list); in l2cap_rx_state_srej_sent()
7090 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7091 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
7094 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
7098 break; in l2cap_rx_state_srej_sent()
7100 break; in l2cap_rx_state_srej_sent()
7106 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
7109 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
7111 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7112 l2cap_send_srej(chan, control->txseq); in l2cap_rx_state_srej_sent()
7113 break; in l2cap_rx_state_srej_sent()
7120 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
7123 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
7125 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7126 l2cap_send_srej_list(chan, control->txseq); in l2cap_rx_state_srej_sent()
7127 break; in l2cap_rx_state_srej_sent()
7130 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7131 break; in l2cap_rx_state_srej_sent()
7136 break; in l2cap_rx_state_srej_sent()
7138 break; in l2cap_rx_state_srej_sent()
7142 break; in l2cap_rx_state_srej_sent()
7144 break; in l2cap_rx_state_srej_sent()
7146 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7147 if (control->final) { in l2cap_rx_state_srej_sent()
7148 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_srej_sent()
7151 &chan->conn_state)) { in l2cap_rx_state_srej_sent()
7152 control->final = 0; in l2cap_rx_state_srej_sent()
7153 l2cap_retransmit_all(chan, control); in l2cap_rx_state_srej_sent()
7157 } else if (control->poll) { in l2cap_rx_state_srej_sent()
7159 &chan->conn_state) && in l2cap_rx_state_srej_sent()
7160 chan->unacked_frames) { in l2cap_rx_state_srej_sent()
7164 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_srej_sent()
7168 &chan->conn_state) && in l2cap_rx_state_srej_sent()
7169 chan->unacked_frames) in l2cap_rx_state_srej_sent()
7174 break; in l2cap_rx_state_srej_sent()
7176 set_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_srej_sent()
7177 l2cap_pass_to_tx(chan, control); in l2cap_rx_state_srej_sent()
7178 if (control->poll) { in l2cap_rx_state_srej_sent()
7185 rr_control.reqseq = chan->buffer_seq; in l2cap_rx_state_srej_sent()
7189 break; in l2cap_rx_state_srej_sent()
7191 l2cap_handle_rej(chan, control); in l2cap_rx_state_srej_sent()
7192 break; in l2cap_rx_state_srej_sent()
7194 l2cap_handle_srej(chan, control); in l2cap_rx_state_srej_sent()
7195 break; in l2cap_rx_state_srej_sent()
7210 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_finish_move()
7212 if (chan->hs_hcon) in l2cap_finish_move()
7213 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu; in l2cap_finish_move()
7215 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; in l2cap_finish_move()
7221 struct l2cap_ctrl *control, in l2cap_rx_state_wait_p() argument
7226 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb, in l2cap_rx_state_wait_p()
7229 if (!control->poll) in l2cap_rx_state_wait_p()
7230 return -EPROTO; in l2cap_rx_state_wait_p()
7232 l2cap_process_reqseq(chan, control->reqseq); in l2cap_rx_state_wait_p()
7234 if (!skb_queue_empty(&chan->tx_q)) in l2cap_rx_state_wait_p()
7235 chan->tx_send_head = skb_peek(&chan->tx_q); in l2cap_rx_state_wait_p()
7237 chan->tx_send_head = NULL; in l2cap_rx_state_wait_p()
7242 chan->next_tx_seq = control->reqseq; in l2cap_rx_state_wait_p()
7243 chan->unacked_frames = 0; in l2cap_rx_state_wait_p()
7249 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_wait_p()
7253 return -EPROTO; in l2cap_rx_state_wait_p()
7255 return l2cap_rx_state_recv(chan, control, NULL, event); in l2cap_rx_state_wait_p()
7259 struct l2cap_ctrl *control, in l2cap_rx_state_wait_f() argument
7264 if (!control->final) in l2cap_rx_state_wait_f()
7265 return -EPROTO; in l2cap_rx_state_wait_f()
7267 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_wait_f()
7269 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_rx_state_wait_f()
7270 l2cap_process_reqseq(chan, control->reqseq); in l2cap_rx_state_wait_f()
7272 if (!skb_queue_empty(&chan->tx_q)) in l2cap_rx_state_wait_f()
7273 chan->tx_send_head = skb_peek(&chan->tx_q); in l2cap_rx_state_wait_f()
7275 chan->tx_send_head = NULL; in l2cap_rx_state_wait_f()
7280 chan->next_tx_seq = control->reqseq; in l2cap_rx_state_wait_f()
7281 chan->unacked_frames = 0; in l2cap_rx_state_wait_f()
7283 if (chan->hs_hcon) in l2cap_rx_state_wait_f()
7284 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu; in l2cap_rx_state_wait_f()
7286 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; in l2cap_rx_state_wait_f()
7291 err = l2cap_rx_state_recv(chan, control, skb, event); in l2cap_rx_state_wait_f()
7301 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq); in __valid_reqseq()
7302 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked; in __valid_reqseq()
7305 static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control, in l2cap_rx() argument
7310 BT_DBG("chan %p, control %p, skb %p, event %d, state %d", chan, in l2cap_rx()
7311 control, skb, event, chan->rx_state); in l2cap_rx()
7313 if (__valid_reqseq(chan, control->reqseq)) { in l2cap_rx()
7314 switch (chan->rx_state) { in l2cap_rx()
7316 err = l2cap_rx_state_recv(chan, control, skb, event); in l2cap_rx()
7317 break; in l2cap_rx()
7319 err = l2cap_rx_state_srej_sent(chan, control, skb, in l2cap_rx()
7321 break; in l2cap_rx()
7323 err = l2cap_rx_state_wait_p(chan, control, skb, event); in l2cap_rx()
7324 break; in l2cap_rx()
7326 err = l2cap_rx_state_wait_f(chan, control, skb, event); in l2cap_rx()
7327 break; in l2cap_rx()
7330 break; in l2cap_rx()
7334 control->reqseq, chan->next_tx_seq, in l2cap_rx()
7335 chan->expected_ack_seq); in l2cap_rx()
7342 static int l2cap_stream_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control, in l2cap_stream_rx() argument
7345 /* l2cap_reassemble_sdu may free skb, hence invalidate control, so store in l2cap_stream_rx()
7351 * chan->ops->recv == l2cap_sock_recv_cb in l2cap_stream_rx()
7357 * Then the current thread tries to access control, but it was freed by in l2cap_stream_rx()
7360 u16 txseq = control->txseq; in l2cap_stream_rx()
7362 BT_DBG("chan %p, control %p, skb %p, state %d", chan, control, skb, in l2cap_stream_rx()
7363 chan->rx_state); in l2cap_stream_rx()
7366 l2cap_pass_to_tx(chan, control); in l2cap_stream_rx()
7368 BT_DBG("buffer_seq %u->%u", chan->buffer_seq, in l2cap_stream_rx()
7369 __next_seq(chan, chan->buffer_seq)); in l2cap_stream_rx()
7371 chan->buffer_seq = __next_seq(chan, chan->buffer_seq); in l2cap_stream_rx()
7373 l2cap_reassemble_sdu(chan, skb, control); in l2cap_stream_rx()
7375 if (chan->sdu) { in l2cap_stream_rx()
7376 kfree_skb(chan->sdu); in l2cap_stream_rx()
7377 chan->sdu = NULL; in l2cap_stream_rx()
7379 chan->sdu_last_frag = NULL; in l2cap_stream_rx()
7380 chan->sdu_len = 0; in l2cap_stream_rx()
7388 chan->last_acked_seq = txseq; in l2cap_stream_rx()
7389 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_stream_rx()
7396 struct l2cap_ctrl *control = &bt_cb(skb)->l2cap; in l2cap_data_rcv() local
7402 len = skb->len; in l2cap_data_rcv()
7405 * We can just drop the corrupted I-frame here. in l2cap_data_rcv()
7412 if (!control->sframe && control->sar == L2CAP_SAR_START) in l2cap_data_rcv()
7413 len -= L2CAP_SDULEN_SIZE; in l2cap_data_rcv()
7415 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_data_rcv()
7416 len -= L2CAP_FCS_SIZE; in l2cap_data_rcv()
7418 if (len > chan->mps) { in l2cap_data_rcv()
7423 if (chan->ops->filter) { in l2cap_data_rcv()
7424 if (chan->ops->filter(chan, skb)) in l2cap_data_rcv()
7428 if (!control->sframe) { in l2cap_data_rcv()
7432 control->sar, control->reqseq, control->final, in l2cap_data_rcv()
7433 control->txseq); in l2cap_data_rcv()
7435 /* Validate F-bit - F=0 always valid, F=1 only in l2cap_data_rcv()
7438 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F) in l2cap_data_rcv()
7441 if (chan->mode != L2CAP_MODE_STREAMING) { in l2cap_data_rcv()
7443 err = l2cap_rx(chan, control, skb, event); in l2cap_data_rcv()
7445 err = l2cap_stream_rx(chan, control, skb); in l2cap_data_rcv()
7456 /* Only I-frames are expected in streaming mode */ in l2cap_data_rcv()
7457 if (chan->mode == L2CAP_MODE_STREAMING) in l2cap_data_rcv()
7461 control->reqseq, control->final, control->poll, in l2cap_data_rcv()
7462 control->super); in l2cap_data_rcv()
7471 if (control->final && (control->poll || in l2cap_data_rcv()
7472 chan->tx_state != L2CAP_TX_STATE_WAIT_F)) in l2cap_data_rcv()
7475 event = rx_func_to_event[control->super]; in l2cap_data_rcv()
7476 if (l2cap_rx(chan, control, skb, event)) in l2cap_data_rcv()
7489 struct l2cap_conn *conn = chan->conn; in l2cap_chan_le_send_credits()
7493 return_credits = (chan->imtu / chan->mps) + 1; in l2cap_chan_le_send_credits()
7495 if (chan->rx_credits >= return_credits) in l2cap_chan_le_send_credits()
7498 return_credits -= chan->rx_credits; in l2cap_chan_le_send_credits()
7502 chan->rx_credits += return_credits; in l2cap_chan_le_send_credits()
7504 pkt.cid = cpu_to_le16(chan->scid); in l2cap_chan_le_send_credits()
7507 chan->ident = l2cap_get_ident(conn); in l2cap_chan_le_send_credits()
7509 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt); in l2cap_chan_le_send_credits()
7516 BT_DBG("SDU reassemble complete: chan %p skb->len %u", chan, skb->len); in l2cap_ecred_recv()
7519 err = chan->ops->recv(chan, skb); in l2cap_ecred_recv()
7531 if (!chan->rx_credits) { in l2cap_ecred_data_rcv()
7534 return -ENOBUFS; in l2cap_ecred_data_rcv()
7537 if (chan->imtu < skb->len) { in l2cap_ecred_data_rcv()
7539 return -ENOBUFS; in l2cap_ecred_data_rcv()
7542 chan->rx_credits--; in l2cap_ecred_data_rcv()
7543 BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits); in l2cap_ecred_data_rcv()
7548 if (!chan->rx_credits) in l2cap_ecred_data_rcv()
7553 if (!chan->sdu) { in l2cap_ecred_data_rcv()
7556 sdu_len = get_unaligned_le16(skb->data); in l2cap_ecred_data_rcv()
7559 BT_DBG("Start of new SDU. sdu_len %u skb->len %u imtu %u", in l2cap_ecred_data_rcv()
7560 sdu_len, skb->len, chan->imtu); in l2cap_ecred_data_rcv()
7562 if (sdu_len > chan->imtu) { in l2cap_ecred_data_rcv()
7564 err = -EMSGSIZE; in l2cap_ecred_data_rcv()
7568 if (skb->len > sdu_len) { in l2cap_ecred_data_rcv()
7570 err = -EINVAL; in l2cap_ecred_data_rcv()
7574 if (skb->len == sdu_len) in l2cap_ecred_data_rcv()
7577 chan->sdu = skb; in l2cap_ecred_data_rcv()
7578 chan->sdu_len = sdu_len; in l2cap_ecred_data_rcv()
7579 chan->sdu_last_frag = skb; in l2cap_ecred_data_rcv()
7582 if (skb->len + L2CAP_SDULEN_SIZE < chan->mps) { in l2cap_ecred_data_rcv()
7583 u16 mps_len = skb->len + L2CAP_SDULEN_SIZE; in l2cap_ecred_data_rcv()
7586 BT_DBG("chan->mps %u -> %u", chan->mps, mps_len); in l2cap_ecred_data_rcv()
7587 chan->mps = mps_len; in l2cap_ecred_data_rcv()
7594 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u", in l2cap_ecred_data_rcv()
7595 chan->sdu->len, skb->len, chan->sdu_len); in l2cap_ecred_data_rcv()
7597 if (chan->sdu->len + skb->len > chan->sdu_len) { in l2cap_ecred_data_rcv()
7599 err = -EINVAL; in l2cap_ecred_data_rcv()
7603 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag); in l2cap_ecred_data_rcv()
7606 if (chan->sdu->len == chan->sdu_len) { in l2cap_ecred_data_rcv()
7607 err = l2cap_ecred_recv(chan, chan->sdu); in l2cap_ecred_data_rcv()
7609 chan->sdu = NULL; in l2cap_ecred_data_rcv()
7610 chan->sdu_last_frag = NULL; in l2cap_ecred_data_rcv()
7611 chan->sdu_len = 0; in l2cap_ecred_data_rcv()
7618 kfree_skb(chan->sdu); in l2cap_ecred_data_rcv()
7619 chan->sdu = NULL; in l2cap_ecred_data_rcv()
7620 chan->sdu_last_frag = NULL; in l2cap_ecred_data_rcv()
7621 chan->sdu_len = 0; in l2cap_ecred_data_rcv()
7626 * do a double-free of the skb. in l2cap_ecred_data_rcv()
7655 BT_DBG("chan %p, len %d", chan, skb->len); in l2cap_data_channel()
7661 if (chan->chan_type == L2CAP_CHAN_FIXED) in l2cap_data_channel()
7664 if (chan->state != BT_CONNECTED) in l2cap_data_channel()
7667 switch (chan->mode) { in l2cap_data_channel()
7679 * provide flow control mechanism. */ in l2cap_data_channel()
7681 if (chan->imtu < skb->len) { in l2cap_data_channel()
7686 if (!chan->ops->recv(chan, skb)) in l2cap_data_channel()
7688 break; in l2cap_data_channel()
7696 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode); in l2cap_data_channel()
7697 break; in l2cap_data_channel()
7711 struct hci_conn *hcon = conn->hcon; in l2cap_conless_channel()
7714 if (hcon->type != ACL_LINK) in l2cap_conless_channel()
7717 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst, in l2cap_conless_channel()
7722 BT_DBG("chan %p, len %d", chan, skb->len); in l2cap_conless_channel()
7724 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) in l2cap_conless_channel()
7727 if (chan->imtu < skb->len) in l2cap_conless_channel()
7731 bacpy(&bt_cb(skb)->l2cap.bdaddr, &hcon->dst); in l2cap_conless_channel()
7732 bt_cb(skb)->l2cap.psm = psm; in l2cap_conless_channel()
7734 if (!chan->ops->recv(chan, skb)) { in l2cap_conless_channel()
7747 struct l2cap_hdr *lh = (void *) skb->data; in l2cap_recv_frame()
7748 struct hci_conn *hcon = conn->hcon; in l2cap_recv_frame()
7752 if (hcon->state != BT_CONNECTED) { in l2cap_recv_frame()
7754 skb_queue_tail(&conn->pending_rx, skb); in l2cap_recv_frame()
7759 cid = __le16_to_cpu(lh->cid); in l2cap_recv_frame()
7760 len = __le16_to_cpu(lh->len); in l2cap_recv_frame()
7762 if (len != skb->len) { in l2cap_recv_frame()
7770 if (hcon->type == LE_LINK && in l2cap_recv_frame()
7771 hci_bdaddr_list_lookup(&hcon->hdev->reject_list, &hcon->dst, in l2cap_recv_frame()
7782 break; in l2cap_recv_frame()
7785 psm = get_unaligned((__le16 *) skb->data); in l2cap_recv_frame()
7788 break; in l2cap_recv_frame()
7792 break; in l2cap_recv_frame()
7796 break; in l2cap_recv_frame()
7808 while ((skb = skb_dequeue(&conn->pending_rx))) in process_pending_rx()
7814 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_conn_add()
7830 kref_init(&conn->ref); in l2cap_conn_add()
7831 hcon->l2cap_data = conn; in l2cap_conn_add()
7832 conn->hcon = hci_conn_get(hcon); in l2cap_conn_add()
7833 conn->hchan = hchan; in l2cap_conn_add()
7837 switch (hcon->type) { in l2cap_conn_add()
7839 if (hcon->hdev->le_mtu) { in l2cap_conn_add()
7840 conn->mtu = hcon->hdev->le_mtu; in l2cap_conn_add()
7841 break; in l2cap_conn_add()
7845 conn->mtu = hcon->hdev->acl_mtu; in l2cap_conn_add()
7846 break; in l2cap_conn_add()
7849 conn->feat_mask = 0; in l2cap_conn_add()
7851 conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; in l2cap_conn_add()
7853 if (hcon->type == ACL_LINK && in l2cap_conn_add()
7854 hci_dev_test_flag(hcon->hdev, HCI_HS_ENABLED)) in l2cap_conn_add()
7855 conn->local_fixed_chan |= L2CAP_FC_A2MP; in l2cap_conn_add()
7857 if (hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED) && in l2cap_conn_add()
7858 (bredr_sc_enabled(hcon->hdev) || in l2cap_conn_add()
7859 hci_dev_test_flag(hcon->hdev, HCI_FORCE_BREDR_SMP))) in l2cap_conn_add()
7860 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR; in l2cap_conn_add()
7862 mutex_init(&conn->ident_lock); in l2cap_conn_add()
7863 mutex_init(&conn->chan_lock); in l2cap_conn_add()
7865 INIT_LIST_HEAD(&conn->chan_l); in l2cap_conn_add()
7866 INIT_LIST_HEAD(&conn->users); in l2cap_conn_add()
7868 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout); in l2cap_conn_add()
7870 skb_queue_head_init(&conn->pending_rx); in l2cap_conn_add()
7871 INIT_WORK(&conn->pending_rx_work, process_pending_rx); in l2cap_conn_add()
7872 INIT_WORK(&conn->id_addr_update_work, l2cap_conn_update_id_addr); in l2cap_conn_add()
7874 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; in l2cap_conn_add()
7902 if (chan == d->chan) in l2cap_chan_by_pid()
7905 if (!test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_by_pid()
7908 pid = chan->ops->get_peer_pid(chan); in l2cap_chan_by_pid()
7911 if (d->pid != pid || chan->psm != d->chan->psm || chan->ident || in l2cap_chan_by_pid()
7912 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT) in l2cap_chan_by_pid()
7915 d->count++; in l2cap_chan_by_pid()
7926 BT_DBG("%pMR -> %pMR (type %u) psm 0x%4.4x mode 0x%2.2x", &chan->src, in l2cap_chan_connect()
7927 dst, dst_type, __le16_to_cpu(psm), chan->mode); in l2cap_chan_connect()
7929 hdev = hci_get_route(dst, &chan->src, chan->src_type); in l2cap_chan_connect()
7931 return -EHOSTUNREACH; in l2cap_chan_connect()
7936 chan->chan_type != L2CAP_CHAN_RAW) { in l2cap_chan_connect()
7937 err = -EINVAL; in l2cap_chan_connect()
7941 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) { in l2cap_chan_connect()
7942 err = -EINVAL; in l2cap_chan_connect()
7946 if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) { in l2cap_chan_connect()
7947 err = -EINVAL; in l2cap_chan_connect()
7951 switch (chan->mode) { in l2cap_chan_connect()
7953 break; in l2cap_chan_connect()
7955 break; in l2cap_chan_connect()
7958 err = -EOPNOTSUPP; in l2cap_chan_connect()
7961 break; in l2cap_chan_connect()
7965 break; in l2cap_chan_connect()
7968 err = -EOPNOTSUPP; in l2cap_chan_connect()
7972 switch (chan->state) { in l2cap_chan_connect()
7982 err = -EISCONN; in l2cap_chan_connect()
7988 break; in l2cap_chan_connect()
7991 err = -EBADFD; in l2cap_chan_connect()
7996 bacpy(&chan->dst, dst); in l2cap_chan_connect()
7997 chan->dst_type = dst_type; in l2cap_chan_connect()
7999 chan->psm = psm; in l2cap_chan_connect()
8000 chan->dcid = cid; in l2cap_chan_connect()
8012 chan->sec_level, in l2cap_chan_connect()
8017 chan->sec_level, in l2cap_chan_connect()
8023 hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type, in l2cap_chan_connect()
8035 err = -ENOMEM; in l2cap_chan_connect()
8039 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL) { in l2cap_chan_connect()
8043 data.pid = chan->ops->get_peer_pid(chan); in l2cap_chan_connect()
8051 err = -EPROTO; in l2cap_chan_connect()
8056 mutex_lock(&conn->chan_lock); in l2cap_chan_connect()
8061 err = -EBUSY; in l2cap_chan_connect()
8066 bacpy(&chan->src, &hcon->src); in l2cap_chan_connect()
8067 chan->src_type = bdaddr_src_type(hcon); in l2cap_chan_connect()
8075 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_chan_connect()
8077 /* Release chan->sport so that it can be reused by other in l2cap_chan_connect()
8081 chan->sport = 0; in l2cap_chan_connect()
8084 if (hcon->state == BT_CONNECTED) { in l2cap_chan_connect()
8085 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_connect()
8097 mutex_unlock(&conn->chan_lock); in l2cap_chan_connect()
8107 struct l2cap_conn *conn = chan->conn; in l2cap_ecred_reconfigure()
8113 pdu.req.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_reconfigure()
8114 pdu.req.mps = cpu_to_le16(chan->mps); in l2cap_ecred_reconfigure()
8115 pdu.scid = cpu_to_le16(chan->scid); in l2cap_ecred_reconfigure()
8117 chan->ident = l2cap_get_ident(conn); in l2cap_ecred_reconfigure()
8119 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_RECONF_REQ, in l2cap_ecred_reconfigure()
8125 if (chan->imtu > mtu) in l2cap_chan_reconfigure()
8126 return -EINVAL; in l2cap_chan_reconfigure()
8130 chan->imtu = mtu; in l2cap_chan_reconfigure()
8137 /* ---- L2CAP interface with lower layer (HCI) ---- */
8144 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); in l2cap_connect_ind()
8149 if (c->state != BT_LISTEN) in l2cap_connect_ind()
8152 if (!bacmp(&c->src, &hdev->bdaddr)) { in l2cap_connect_ind()
8154 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) in l2cap_connect_ind()
8157 } else if (!bacmp(&c->src, BDADDR_ANY)) { in l2cap_connect_ind()
8159 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) in l2cap_connect_ind()
8185 if (c->chan_type != L2CAP_CHAN_FIXED) in l2cap_global_fixed_chan()
8187 if (c->state != BT_LISTEN) in l2cap_global_fixed_chan()
8189 if (bacmp(&c->src, &hcon->src) && bacmp(&c->src, BDADDR_ANY)) in l2cap_global_fixed_chan()
8191 if (src_type != c->src_type) in l2cap_global_fixed_chan()
8206 struct hci_dev *hdev = hcon->hdev; in l2cap_connect_cfm()
8211 if (hcon->type != ACL_LINK && hcon->type != LE_LINK) in l2cap_connect_cfm()
8214 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); in l2cap_connect_cfm()
8228 if (hci_bdaddr_list_lookup(&hdev->reject_list, &hcon->dst, dst_type)) in l2cap_connect_cfm()
8241 if (__l2cap_get_chan_by_dcid(conn, pchan->scid)) in l2cap_connect_cfm()
8245 chan = pchan->ops->new_connection(pchan); in l2cap_connect_cfm()
8247 bacpy(&chan->src, &hcon->src); in l2cap_connect_cfm()
8248 bacpy(&chan->dst, &hcon->dst); in l2cap_connect_cfm()
8249 chan->src_type = bdaddr_src_type(hcon); in l2cap_connect_cfm()
8250 chan->dst_type = dst_type; in l2cap_connect_cfm()
8267 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_disconn_ind()
8273 return conn->disc_reason; in l2cap_disconn_ind()
8278 if (hcon->type != ACL_LINK && hcon->type != LE_LINK) in l2cap_disconn_cfm()
8288 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) in l2cap_check_encryption()
8292 if (chan->sec_level == BT_SECURITY_MEDIUM) { in l2cap_check_encryption()
8294 } else if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_check_encryption()
8295 chan->sec_level == BT_SECURITY_FIPS) in l2cap_check_encryption()
8298 if (chan->sec_level == BT_SECURITY_MEDIUM) in l2cap_check_encryption()
8305 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_security_cfm()
8313 mutex_lock(&conn->chan_lock); in l2cap_security_cfm()
8315 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_security_cfm()
8318 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid, in l2cap_security_cfm()
8319 state_to_string(chan->state)); in l2cap_security_cfm()
8321 if (chan->scid == L2CAP_CID_A2MP) { in l2cap_security_cfm()
8327 chan->sec_level = hcon->sec_level; in l2cap_security_cfm()
8334 if (!status && (chan->state == BT_CONNECTED || in l2cap_security_cfm()
8335 chan->state == BT_CONFIG)) { in l2cap_security_cfm()
8336 chan->ops->resume(chan); in l2cap_security_cfm()
8342 if (chan->state == BT_CONNECT) { in l2cap_security_cfm()
8347 } else if (chan->state == BT_CONNECT2 && in l2cap_security_cfm()
8348 !(chan->mode == L2CAP_MODE_EXT_FLOWCTL || in l2cap_security_cfm()
8349 chan->mode == L2CAP_MODE_LE_FLOWCTL)) { in l2cap_security_cfm()
8354 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_security_cfm()
8357 chan->ops->defer(chan); in l2cap_security_cfm()
8370 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_security_cfm()
8371 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_security_cfm()
8374 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, in l2cap_security_cfm()
8377 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) && in l2cap_security_cfm()
8380 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_security_cfm()
8385 chan->num_conf_req++; in l2cap_security_cfm()
8392 mutex_unlock(&conn->chan_lock); in l2cap_security_cfm()
8399 if (!conn->rx_skb) { in l2cap_recv_frag()
8401 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); in l2cap_recv_frag()
8402 if (!conn->rx_skb) in l2cap_recv_frag()
8403 return -ENOMEM; in l2cap_recv_frag()
8405 conn->rx_len = len; in l2cap_recv_frag()
8409 len = min_t(u16, len, skb->len); in l2cap_recv_frag()
8410 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, len), len); in l2cap_recv_frag()
8412 conn->rx_len -= len; in l2cap_recv_frag()
8423 len = l2cap_recv_frag(conn, skb, L2CAP_LEN_SIZE - conn->rx_skb->len); in l2cap_recv_len()
8426 if (len < 0 || conn->rx_skb->len < L2CAP_LEN_SIZE) in l2cap_recv_len()
8429 rx_skb = conn->rx_skb; in l2cap_recv_len()
8430 len = get_unaligned_le16(rx_skb->data); in l2cap_recv_len()
8433 if (len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE) <= skb_tailroom(rx_skb)) { in l2cap_recv_len()
8435 conn->rx_len = len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE); in l2cap_recv_len()
8439 /* Reset conn->rx_skb since it will need to be reallocated in order to in l2cap_recv_len()
8442 conn->rx_skb = NULL; in l2cap_recv_len()
8446 len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE)); in l2cap_recv_len()
8454 kfree_skb(conn->rx_skb); in l2cap_recv_reset()
8455 conn->rx_skb = NULL; in l2cap_recv_reset()
8456 conn->rx_len = 0; in l2cap_recv_reset()
8461 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_recv_acldata()
8465 if (!conn && hcon->hdev->dev_type != HCI_PRIMARY) in l2cap_recv_acldata()
8474 BT_DBG("conn %p len %u flags 0x%x", conn, skb->len, flags); in l2cap_recv_acldata()
8480 if (conn->rx_skb) { in l2cap_recv_acldata()
8481 BT_ERR("Unexpected start frame (len %d)", skb->len); in l2cap_recv_acldata()
8487 * copy the initial byte when that happens and use conn->mtu as in l2cap_recv_acldata()
8490 if (skb->len < L2CAP_LEN_SIZE) { in l2cap_recv_acldata()
8491 l2cap_recv_frag(conn, skb, conn->mtu); in l2cap_recv_acldata()
8492 break; in l2cap_recv_acldata()
8495 len = get_unaligned_le16(skb->data) + L2CAP_HDR_SIZE; in l2cap_recv_acldata()
8497 if (len == skb->len) { in l2cap_recv_acldata()
8503 BT_DBG("Start: total len %d, frag len %u", len, skb->len); in l2cap_recv_acldata()
8505 if (skb->len > len) { in l2cap_recv_acldata()
8507 skb->len, len); in l2cap_recv_acldata()
8516 break; in l2cap_recv_acldata()
8519 BT_DBG("Cont: frag len %u (expecting %u)", skb->len, conn->rx_len); in l2cap_recv_acldata()
8521 if (!conn->rx_skb) { in l2cap_recv_acldata()
8522 BT_ERR("Unexpected continuation frame (len %d)", skb->len); in l2cap_recv_acldata()
8528 if (conn->rx_skb->len < L2CAP_LEN_SIZE) { in l2cap_recv_acldata()
8535 if (conn->rx_skb->len < L2CAP_LEN_SIZE) in l2cap_recv_acldata()
8536 break; in l2cap_recv_acldata()
8539 if (skb->len > conn->rx_len) { in l2cap_recv_acldata()
8541 skb->len, conn->rx_len); in l2cap_recv_acldata()
8548 l2cap_recv_frag(conn, skb, skb->len); in l2cap_recv_acldata()
8550 if (!conn->rx_len) { in l2cap_recv_acldata()
8555 struct sk_buff *rx_skb = conn->rx_skb; in l2cap_recv_acldata()
8556 conn->rx_skb = NULL; in l2cap_recv_acldata()
8559 break; in l2cap_recv_acldata()
8581 &c->src, c->src_type, &c->dst, c->dst_type, in l2cap_debugfs_show()
8582 c->state, __le16_to_cpu(c->psm), in l2cap_debugfs_show()
8583 c->scid, c->dcid, c->imtu, c->omtu, in l2cap_debugfs_show()
8584 c->sec_level, c->mode); in l2cap_debugfs_show()
8626 MODULE_PARM_DESC(enable_ecred, "Enable enhanced credit flow control mode");