aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/l2cap_core.c
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2011-05-05 13:32:35 -0400
committerJohn W. Linville <linville@tuxdriver.com>2011-05-05 13:32:35 -0400
commita70171dce9cd44cb06c7d299eba9fa87a8933045 (patch)
tree5425df5f33fadc617c7dec99578d06f0d933578e /net/bluetooth/l2cap_core.c
parent5a412ad7f4c95bb5b756aa12b52646e857e7c75d (diff)
parenteaef6a93bd52a2cc47b9fce201310010707afdb4 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
Conflicts: drivers/net/wireless/libertas/if_cs.c drivers/net/wireless/rtlwifi/pci.c net/bluetooth/l2cap_sock.c
Diffstat (limited to 'net/bluetooth/l2cap_core.c')
-rw-r--r--net/bluetooth/l2cap_core.c588
1 files changed, 289 insertions, 299 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index fd3c1f35aa00..a378acc491ec 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -80,8 +80,7 @@ static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16
80 struct l2cap_chan *c; 80 struct l2cap_chan *c;
81 81
82 list_for_each_entry(c, &conn->chan_l, list) { 82 list_for_each_entry(c, &conn->chan_l, list) {
83 struct sock *s = c->sk; 83 if (c->dcid == cid)
84 if (l2cap_pi(s)->dcid == cid)
85 return c; 84 return c;
86 } 85 }
87 return NULL; 86 return NULL;
@@ -93,8 +92,7 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16
93 struct l2cap_chan *c; 92 struct l2cap_chan *c;
94 93
95 list_for_each_entry(c, &conn->chan_l, list) { 94 list_for_each_entry(c, &conn->chan_l, list) {
96 struct sock *s = c->sk; 95 if (c->scid == cid)
97 if (l2cap_pi(s)->scid == cid)
98 return c; 96 return c;
99 } 97 }
100 return NULL; 98 return NULL;
@@ -149,7 +147,7 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
149 return 0; 147 return 0;
150} 148}
151 149
152static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk) 150struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
153{ 151{
154 struct l2cap_chan *chan; 152 struct l2cap_chan *chan;
155 153
@@ -162,38 +160,43 @@ static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
162 return chan; 160 return chan;
163} 161}
164 162
163void l2cap_chan_free(struct l2cap_chan *chan)
164{
165 kfree(chan);
166}
167
165static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 168static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
166{ 169{
167 struct sock *sk = chan->sk; 170 struct sock *sk = chan->sk;
168 171
169 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 172 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
170 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 173 chan->psm, chan->dcid);
171 174
172 conn->disc_reason = 0x13; 175 conn->disc_reason = 0x13;
173 176
174 l2cap_pi(sk)->conn = conn; 177 chan->conn = conn;
175 178
176 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) { 179 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
177 if (conn->hcon->type == LE_LINK) { 180 if (conn->hcon->type == LE_LINK) {
178 /* LE connection */ 181 /* LE connection */
179 l2cap_pi(sk)->omtu = L2CAP_LE_DEFAULT_MTU; 182 chan->omtu = L2CAP_LE_DEFAULT_MTU;
180 l2cap_pi(sk)->scid = L2CAP_CID_LE_DATA; 183 chan->scid = L2CAP_CID_LE_DATA;
181 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA; 184 chan->dcid = L2CAP_CID_LE_DATA;
182 } else { 185 } else {
183 /* Alloc CID for connection-oriented socket */ 186 /* Alloc CID for connection-oriented socket */
184 l2cap_pi(sk)->scid = l2cap_alloc_cid(conn); 187 chan->scid = l2cap_alloc_cid(conn);
185 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 188 chan->omtu = L2CAP_DEFAULT_MTU;
186 } 189 }
187 } else if (sk->sk_type == SOCK_DGRAM) { 190 } else if (sk->sk_type == SOCK_DGRAM) {
188 /* Connectionless socket */ 191 /* Connectionless socket */
189 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS; 192 chan->scid = L2CAP_CID_CONN_LESS;
190 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS; 193 chan->dcid = L2CAP_CID_CONN_LESS;
191 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 194 chan->omtu = L2CAP_DEFAULT_MTU;
192 } else { 195 } else {
193 /* Raw socket can send/recv signalling messages only */ 196 /* Raw socket can send/recv signalling messages only */
194 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING; 197 chan->scid = L2CAP_CID_SIGNALING;
195 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING; 198 chan->dcid = L2CAP_CID_SIGNALING;
196 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 199 chan->omtu = L2CAP_DEFAULT_MTU;
197 } 200 }
198 201
199 sock_hold(sk); 202 sock_hold(sk);
@@ -206,7 +209,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
206void l2cap_chan_del(struct l2cap_chan *chan, int err) 209void l2cap_chan_del(struct l2cap_chan *chan, int err)
207{ 210{
208 struct sock *sk = chan->sk; 211 struct sock *sk = chan->sk;
209 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 212 struct l2cap_conn *conn = chan->conn;
210 struct sock *parent = bt_sk(sk)->parent; 213 struct sock *parent = bt_sk(sk)->parent;
211 214
212 l2cap_sock_clear_timer(sk); 215 l2cap_sock_clear_timer(sk);
@@ -220,7 +223,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
220 write_unlock_bh(&conn->chan_lock); 223 write_unlock_bh(&conn->chan_lock);
221 __sock_put(sk); 224 __sock_put(sk);
222 225
223 l2cap_pi(sk)->conn = NULL; 226 chan->conn = NULL;
224 hci_conn_put(conn->hcon); 227 hci_conn_put(conn->hcon);
225 } 228 }
226 229
@@ -236,13 +239,13 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
236 } else 239 } else
237 sk->sk_state_change(sk); 240 sk->sk_state_change(sk);
238 241
239 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE && 242 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
240 l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE)) 243 chan->conf_state & L2CAP_CONF_INPUT_DONE))
241 goto free; 244 return;
242 245
243 skb_queue_purge(&chan->tx_q); 246 skb_queue_purge(&chan->tx_q);
244 247
245 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 248 if (chan->mode == L2CAP_MODE_ERTM) {
246 struct srej_list *l, *tmp; 249 struct srej_list *l, *tmp;
247 250
248 del_timer(&chan->retrans_timer); 251 del_timer(&chan->retrans_timer);
@@ -257,15 +260,14 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
257 kfree(l); 260 kfree(l);
258 } 261 }
259 } 262 }
260
261free:
262 kfree(chan);
263} 263}
264 264
265static inline u8 l2cap_get_auth_type(struct sock *sk) 265static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
266{ 266{
267 struct sock *sk = chan->sk;
268
267 if (sk->sk_type == SOCK_RAW) { 269 if (sk->sk_type == SOCK_RAW) {
268 switch (l2cap_pi(sk)->sec_level) { 270 switch (chan->sec_level) {
269 case BT_SECURITY_HIGH: 271 case BT_SECURITY_HIGH:
270 return HCI_AT_DEDICATED_BONDING_MITM; 272 return HCI_AT_DEDICATED_BONDING_MITM;
271 case BT_SECURITY_MEDIUM: 273 case BT_SECURITY_MEDIUM:
@@ -273,16 +275,16 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
273 default: 275 default:
274 return HCI_AT_NO_BONDING; 276 return HCI_AT_NO_BONDING;
275 } 277 }
276 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { 278 } else if (chan->psm == cpu_to_le16(0x0001)) {
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) 279 if (chan->sec_level == BT_SECURITY_LOW)
278 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; 280 chan->sec_level = BT_SECURITY_SDP;
279 281
280 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 282 if (chan->sec_level == BT_SECURITY_HIGH)
281 return HCI_AT_NO_BONDING_MITM; 283 return HCI_AT_NO_BONDING_MITM;
282 else 284 else
283 return HCI_AT_NO_BONDING; 285 return HCI_AT_NO_BONDING;
284 } else { 286 } else {
285 switch (l2cap_pi(sk)->sec_level) { 287 switch (chan->sec_level) {
286 case BT_SECURITY_HIGH: 288 case BT_SECURITY_HIGH:
287 return HCI_AT_GENERAL_BONDING_MITM; 289 return HCI_AT_GENERAL_BONDING_MITM;
288 case BT_SECURITY_MEDIUM: 290 case BT_SECURITY_MEDIUM:
@@ -294,15 +296,14 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
294} 296}
295 297
296/* Service level security */ 298/* Service level security */
297static inline int l2cap_check_security(struct sock *sk) 299static inline int l2cap_check_security(struct l2cap_chan *chan)
298{ 300{
299 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 301 struct l2cap_conn *conn = chan->conn;
300 __u8 auth_type; 302 __u8 auth_type;
301 303
302 auth_type = l2cap_get_auth_type(sk); 304 auth_type = l2cap_get_auth_type(chan);
303 305
304 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, 306 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
305 auth_type);
306} 307}
307 308
308u8 l2cap_get_ident(struct l2cap_conn *conn) 309u8 l2cap_get_ident(struct l2cap_conn *conn)
@@ -350,7 +351,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
350 struct sk_buff *skb; 351 struct sk_buff *skb;
351 struct l2cap_hdr *lh; 352 struct l2cap_hdr *lh;
352 struct l2cap_pinfo *pi = l2cap_pi(chan->sk); 353 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
353 struct l2cap_conn *conn = pi->conn; 354 struct l2cap_conn *conn = chan->conn;
354 struct sock *sk = (struct sock *)pi; 355 struct sock *sk = (struct sock *)pi;
355 int count, hlen = L2CAP_HDR_SIZE + 2; 356 int count, hlen = L2CAP_HDR_SIZE + 2;
356 u8 flags; 357 u8 flags;
@@ -358,7 +359,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
358 if (sk->sk_state != BT_CONNECTED) 359 if (sk->sk_state != BT_CONNECTED)
359 return; 360 return;
360 361
361 if (pi->fcs == L2CAP_FCS_CRC16) 362 if (chan->fcs == L2CAP_FCS_CRC16)
362 hlen += 2; 363 hlen += 2;
363 364
364 BT_DBG("chan %p, control 0x%2.2x", chan, control); 365 BT_DBG("chan %p, control 0x%2.2x", chan, control);
@@ -382,10 +383,10 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
382 383
383 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 384 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
384 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); 385 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
385 lh->cid = cpu_to_le16(pi->dcid); 386 lh->cid = cpu_to_le16(chan->dcid);
386 put_unaligned_le16(control, skb_put(skb, 2)); 387 put_unaligned_le16(control, skb_put(skb, 2));
387 388
388 if (pi->fcs == L2CAP_FCS_CRC16) { 389 if (chan->fcs == L2CAP_FCS_CRC16) {
389 u16 fcs = crc16(0, (u8 *)lh, count - 2); 390 u16 fcs = crc16(0, (u8 *)lh, count - 2);
390 put_unaligned_le16(fcs, skb_put(skb, 2)); 391 put_unaligned_le16(fcs, skb_put(skb, 2));
391 } 392 }
@@ -395,7 +396,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
395 else 396 else
396 flags = ACL_START; 397 flags = ACL_START;
397 398
398 hci_send_acl(pi->conn->hcon, skb, flags); 399 hci_send_acl(chan->conn->hcon, skb, flags);
399} 400}
400 401
401static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control) 402static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
@@ -411,27 +412,27 @@ static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
411 l2cap_send_sframe(chan, control); 412 l2cap_send_sframe(chan, control);
412} 413}
413 414
414static inline int __l2cap_no_conn_pending(struct sock *sk) 415static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
415{ 416{
416 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND); 417 return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND);
417} 418}
418 419
419static void l2cap_do_start(struct l2cap_chan *chan) 420static void l2cap_do_start(struct l2cap_chan *chan)
420{ 421{
421 struct sock *sk = chan->sk; 422 struct l2cap_conn *conn = chan->conn;
422 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
423 423
424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
425 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)) 425 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
426 return; 426 return;
427 427
428 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) { 428 if (l2cap_check_security(chan) &&
429 __l2cap_no_conn_pending(chan)) {
429 struct l2cap_conn_req req; 430 struct l2cap_conn_req req;
430 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 431 req.scid = cpu_to_le16(chan->scid);
431 req.psm = l2cap_pi(sk)->psm; 432 req.psm = chan->psm;
432 433
433 chan->ident = l2cap_get_ident(conn); 434 chan->ident = l2cap_get_ident(conn);
434 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 435 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
435 436
436 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, 437 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
437 sizeof(req), &req); 438 sizeof(req), &req);
@@ -477,14 +478,14 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, in
477 478
478 sk = chan->sk; 479 sk = chan->sk;
479 480
480 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 481 if (chan->mode == L2CAP_MODE_ERTM) {
481 del_timer(&chan->retrans_timer); 482 del_timer(&chan->retrans_timer);
482 del_timer(&chan->monitor_timer); 483 del_timer(&chan->monitor_timer);
483 del_timer(&chan->ack_timer); 484 del_timer(&chan->ack_timer);
484 } 485 }
485 486
486 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 487 req.dcid = cpu_to_le16(chan->dcid);
487 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 488 req.scid = cpu_to_le16(chan->scid);
488 l2cap_send_cmd(conn, l2cap_get_ident(conn), 489 l2cap_send_cmd(conn, l2cap_get_ident(conn),
489 L2CAP_DISCONN_REQ, sizeof(req), &req); 490 L2CAP_DISCONN_REQ, sizeof(req), &req);
490 491
@@ -515,15 +516,15 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
515 if (sk->sk_state == BT_CONNECT) { 516 if (sk->sk_state == BT_CONNECT) {
516 struct l2cap_conn_req req; 517 struct l2cap_conn_req req;
517 518
518 if (!l2cap_check_security(sk) || 519 if (!l2cap_check_security(chan) ||
519 !__l2cap_no_conn_pending(sk)) { 520 !__l2cap_no_conn_pending(chan)) {
520 bh_unlock_sock(sk); 521 bh_unlock_sock(sk);
521 continue; 522 continue;
522 } 523 }
523 524
524 if (!l2cap_mode_supported(l2cap_pi(sk)->mode, 525 if (!l2cap_mode_supported(chan->mode,
525 conn->feat_mask) 526 conn->feat_mask)
526 && l2cap_pi(sk)->conf_state & 527 && chan->conf_state &
527 L2CAP_CONF_STATE2_DEVICE) { 528 L2CAP_CONF_STATE2_DEVICE) {
528 /* __l2cap_sock_close() calls list_del(chan) 529 /* __l2cap_sock_close() calls list_del(chan)
529 * so release the lock */ 530 * so release the lock */
@@ -534,11 +535,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
534 continue; 535 continue;
535 } 536 }
536 537
537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 538 req.scid = cpu_to_le16(chan->scid);
538 req.psm = l2cap_pi(sk)->psm; 539 req.psm = chan->psm;
539 540
540 chan->ident = l2cap_get_ident(conn); 541 chan->ident = l2cap_get_ident(conn);
541 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 542 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
542 543
543 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, 544 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
544 sizeof(req), &req); 545 sizeof(req), &req);
@@ -546,10 +547,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
546 } else if (sk->sk_state == BT_CONNECT2) { 547 } else if (sk->sk_state == BT_CONNECT2) {
547 struct l2cap_conn_rsp rsp; 548 struct l2cap_conn_rsp rsp;
548 char buf[128]; 549 char buf[128];
549 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 550 rsp.scid = cpu_to_le16(chan->dcid);
550 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 551 rsp.dcid = cpu_to_le16(chan->scid);
551 552
552 if (l2cap_check_security(sk)) { 553 if (l2cap_check_security(chan)) {
553 if (bt_sk(sk)->defer_setup) { 554 if (bt_sk(sk)->defer_setup) {
554 struct sock *parent = bt_sk(sk)->parent; 555 struct sock *parent = bt_sk(sk)->parent;
555 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 556 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
@@ -569,13 +570,13 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
569 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 570 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
570 sizeof(rsp), &rsp); 571 sizeof(rsp), &rsp);
571 572
572 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT || 573 if (chan->conf_state & L2CAP_CONF_REQ_SENT ||
573 rsp.result != L2CAP_CR_SUCCESS) { 574 rsp.result != L2CAP_CR_SUCCESS) {
574 bh_unlock_sock(sk); 575 bh_unlock_sock(sk);
575 continue; 576 continue;
576 } 577 }
577 578
578 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 579 chan->conf_state |= L2CAP_CONF_REQ_SENT;
579 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 580 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
580 l2cap_build_conf_req(chan, buf), buf); 581 l2cap_build_conf_req(chan, buf), buf);
581 chan->num_conf_req++; 582 chan->num_conf_req++;
@@ -598,10 +599,12 @@ static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
598 read_lock(&l2cap_sk_list.lock); 599 read_lock(&l2cap_sk_list.lock);
599 600
600 sk_for_each(sk, node, &l2cap_sk_list.head) { 601 sk_for_each(sk, node, &l2cap_sk_list.head) {
602 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
603
601 if (state && sk->sk_state != state) 604 if (state && sk->sk_state != state)
602 continue; 605 continue;
603 606
604 if (l2cap_pi(sk)->scid == cid) { 607 if (chan->scid == cid) {
605 /* Exact match. */ 608 /* Exact match. */
606 if (!bacmp(&bt_sk(sk)->src, src)) 609 if (!bacmp(&bt_sk(sk)->src, src))
607 break; 610 break;
@@ -648,6 +651,8 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
648 goto clean; 651 goto clean;
649 } 652 }
650 653
654 l2cap_pi(sk)->chan = chan;
655
651 write_lock_bh(&conn->chan_lock); 656 write_lock_bh(&conn->chan_lock);
652 657
653 hci_conn_hold(conn->hcon); 658 hci_conn_hold(conn->hcon);
@@ -661,8 +666,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
661 666
662 __l2cap_chan_add(conn, chan); 667 __l2cap_chan_add(conn, chan);
663 668
664 l2cap_pi(sk)->chan = chan;
665
666 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 669 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
667 670
668 sk->sk_state = BT_CONNECTED; 671 sk->sk_state = BT_CONNECTED;
@@ -722,7 +725,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
722 list_for_each_entry(chan, &conn->chan_l, list) { 725 list_for_each_entry(chan, &conn->chan_l, list) {
723 struct sock *sk = chan->sk; 726 struct sock *sk = chan->sk;
724 727
725 if (l2cap_pi(sk)->force_reliable) 728 if (chan->force_reliable)
726 sk->sk_err = err; 729 sk->sk_err = err;
727 } 730 }
728 731
@@ -828,10 +831,12 @@ static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
828 read_lock(&l2cap_sk_list.lock); 831 read_lock(&l2cap_sk_list.lock);
829 832
830 sk_for_each(sk, node, &l2cap_sk_list.head) { 833 sk_for_each(sk, node, &l2cap_sk_list.head) {
834 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
835
831 if (state && sk->sk_state != state) 836 if (state && sk->sk_state != state)
832 continue; 837 continue;
833 838
834 if (l2cap_pi(sk)->psm == psm) { 839 if (chan->psm == psm) {
835 /* Exact match. */ 840 /* Exact match. */
836 if (!bacmp(&bt_sk(sk)->src, src)) 841 if (!bacmp(&bt_sk(sk)->src, src))
837 break; 842 break;
@@ -847,19 +852,19 @@ static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
847 return node ? sk : sk1; 852 return node ? sk : sk1;
848} 853}
849 854
850int l2cap_do_connect(struct sock *sk) 855int l2cap_chan_connect(struct l2cap_chan *chan)
851{ 856{
857 struct sock *sk = chan->sk;
852 bdaddr_t *src = &bt_sk(sk)->src; 858 bdaddr_t *src = &bt_sk(sk)->src;
853 bdaddr_t *dst = &bt_sk(sk)->dst; 859 bdaddr_t *dst = &bt_sk(sk)->dst;
854 struct l2cap_conn *conn; 860 struct l2cap_conn *conn;
855 struct l2cap_chan *chan;
856 struct hci_conn *hcon; 861 struct hci_conn *hcon;
857 struct hci_dev *hdev; 862 struct hci_dev *hdev;
858 __u8 auth_type; 863 __u8 auth_type;
859 int err; 864 int err;
860 865
861 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), 866 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
862 l2cap_pi(sk)->psm); 867 chan->psm);
863 868
864 hdev = hci_get_route(dst, src); 869 hdev = hci_get_route(dst, src);
865 if (!hdev) 870 if (!hdev)
@@ -867,14 +872,14 @@ int l2cap_do_connect(struct sock *sk)
867 872
868 hci_dev_lock_bh(hdev); 873 hci_dev_lock_bh(hdev);
869 874
870 auth_type = l2cap_get_auth_type(sk); 875 auth_type = l2cap_get_auth_type(chan);
871 876
872 if (l2cap_pi(sk)->dcid == L2CAP_CID_LE_DATA) 877 if (chan->dcid == L2CAP_CID_LE_DATA)
873 hcon = hci_connect(hdev, LE_LINK, dst, 878 hcon = hci_connect(hdev, LE_LINK, dst,
874 l2cap_pi(sk)->sec_level, auth_type); 879 chan->sec_level, auth_type);
875 else 880 else
876 hcon = hci_connect(hdev, ACL_LINK, dst, 881 hcon = hci_connect(hdev, ACL_LINK, dst,
877 l2cap_pi(sk)->sec_level, auth_type); 882 chan->sec_level, auth_type);
878 883
879 if (IS_ERR(hcon)) { 884 if (IS_ERR(hcon)) {
880 err = PTR_ERR(hcon); 885 err = PTR_ERR(hcon);
@@ -888,20 +893,11 @@ int l2cap_do_connect(struct sock *sk)
888 goto done; 893 goto done;
889 } 894 }
890 895
891 chan = l2cap_chan_alloc(sk);
892 if (!chan) {
893 hci_conn_put(hcon);
894 err = -ENOMEM;
895 goto done;
896 }
897
898 /* Update source addr of the socket */ 896 /* Update source addr of the socket */
899 bacpy(src, conn->src); 897 bacpy(src, conn->src);
900 898
901 l2cap_chan_add(conn, chan); 899 l2cap_chan_add(conn, chan);
902 900
903 l2cap_pi(sk)->chan = chan;
904
905 sk->sk_state = BT_CONNECT; 901 sk->sk_state = BT_CONNECT;
906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
907 903
@@ -909,7 +905,7 @@ int l2cap_do_connect(struct sock *sk)
909 if (sk->sk_type != SOCK_SEQPACKET && 905 if (sk->sk_type != SOCK_SEQPACKET &&
910 sk->sk_type != SOCK_STREAM) { 906 sk->sk_type != SOCK_STREAM) {
911 l2cap_sock_clear_timer(sk); 907 l2cap_sock_clear_timer(sk);
912 if (l2cap_check_security(sk)) 908 if (l2cap_check_security(chan))
913 sk->sk_state = BT_CONNECTED; 909 sk->sk_state = BT_CONNECTED;
914 } else 910 } else
915 l2cap_do_start(chan); 911 l2cap_do_start(chan);
@@ -925,12 +921,13 @@ done:
925 921
926int __l2cap_wait_ack(struct sock *sk) 922int __l2cap_wait_ack(struct sock *sk)
927{ 923{
924 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
928 DECLARE_WAITQUEUE(wait, current); 925 DECLARE_WAITQUEUE(wait, current);
929 int err = 0; 926 int err = 0;
930 int timeo = HZ/5; 927 int timeo = HZ/5;
931 928
932 add_wait_queue(sk_sleep(sk), &wait); 929 add_wait_queue(sk_sleep(sk), &wait);
933 while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) { 930 while ((chan->unacked_frames > 0 && chan->conn)) {
934 set_current_state(TASK_INTERRUPTIBLE); 931 set_current_state(TASK_INTERRUPTIBLE);
935 932
936 if (!timeo) 933 if (!timeo)
@@ -963,7 +960,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
963 960
964 bh_lock_sock(sk); 961 bh_lock_sock(sk);
965 if (chan->retry_count >= chan->remote_max_tx) { 962 if (chan->retry_count >= chan->remote_max_tx) {
966 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED); 963 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
967 bh_unlock_sock(sk); 964 bh_unlock_sock(sk);
968 return; 965 return;
969 } 966 }
@@ -1011,15 +1008,14 @@ static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1011 del_timer(&chan->retrans_timer); 1008 del_timer(&chan->retrans_timer);
1012} 1009}
1013 1010
1014void l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1011void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1015{ 1012{
1016 struct l2cap_pinfo *pi = l2cap_pi(sk); 1013 struct hci_conn *hcon = chan->conn->hcon;
1017 struct hci_conn *hcon = pi->conn->hcon;
1018 u16 flags; 1014 u16 flags;
1019 1015
1020 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len); 1016 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1021 1017
1022 if (!pi->flushable && lmp_no_flush_capable(hcon->hdev)) 1018 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
1023 flags = ACL_START_NO_FLUSH; 1019 flags = ACL_START_NO_FLUSH;
1024 else 1020 else
1025 flags = ACL_START; 1021 flags = ACL_START;
@@ -1029,9 +1025,7 @@ void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1029 1025
1030void l2cap_streaming_send(struct l2cap_chan *chan) 1026void l2cap_streaming_send(struct l2cap_chan *chan)
1031{ 1027{
1032 struct sock *sk = chan->sk;
1033 struct sk_buff *skb; 1028 struct sk_buff *skb;
1034 struct l2cap_pinfo *pi = l2cap_pi(sk);
1035 u16 control, fcs; 1029 u16 control, fcs;
1036 1030
1037 while ((skb = skb_dequeue(&chan->tx_q))) { 1031 while ((skb = skb_dequeue(&chan->tx_q))) {
@@ -1039,12 +1033,12 @@ void l2cap_streaming_send(struct l2cap_chan *chan)
1039 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1033 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1040 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE); 1034 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1041 1035
1042 if (pi->fcs == L2CAP_FCS_CRC16) { 1036 if (chan->fcs == L2CAP_FCS_CRC16) {
1043 fcs = crc16(0, (u8 *)skb->data, skb->len - 2); 1037 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1044 put_unaligned_le16(fcs, skb->data + skb->len - 2); 1038 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1045 } 1039 }
1046 1040
1047 l2cap_do_send(sk, skb); 1041 l2cap_do_send(chan, skb);
1048 1042
1049 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64; 1043 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1050 } 1044 }
@@ -1052,8 +1046,6 @@ void l2cap_streaming_send(struct l2cap_chan *chan)
1052 1046
1053static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq) 1047static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1054{ 1048{
1055 struct sock *sk = chan->sk;
1056 struct l2cap_pinfo *pi = l2cap_pi(sk);
1057 struct sk_buff *skb, *tx_skb; 1049 struct sk_buff *skb, *tx_skb;
1058 u16 control, fcs; 1050 u16 control, fcs;
1059 1051
@@ -1072,7 +1064,7 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1072 1064
1073 if (chan->remote_max_tx && 1065 if (chan->remote_max_tx &&
1074 bt_cb(skb)->retries == chan->remote_max_tx) { 1066 bt_cb(skb)->retries == chan->remote_max_tx) {
1075 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED); 1067 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1076 return; 1068 return;
1077 } 1069 }
1078 1070
@@ -1091,19 +1083,18 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1091 1083
1092 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1084 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1093 1085
1094 if (pi->fcs == L2CAP_FCS_CRC16) { 1086 if (chan->fcs == L2CAP_FCS_CRC16) {
1095 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2); 1087 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1096 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2); 1088 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1097 } 1089 }
1098 1090
1099 l2cap_do_send(sk, tx_skb); 1091 l2cap_do_send(chan, tx_skb);
1100} 1092}
1101 1093
1102int l2cap_ertm_send(struct l2cap_chan *chan) 1094int l2cap_ertm_send(struct l2cap_chan *chan)
1103{ 1095{
1104 struct sk_buff *skb, *tx_skb; 1096 struct sk_buff *skb, *tx_skb;
1105 struct sock *sk = chan->sk; 1097 struct sock *sk = chan->sk;
1106 struct l2cap_pinfo *pi = l2cap_pi(sk);
1107 u16 control, fcs; 1098 u16 control, fcs;
1108 int nsent = 0; 1099 int nsent = 0;
1109 1100
@@ -1114,7 +1105,7 @@ int l2cap_ertm_send(struct l2cap_chan *chan)
1114 1105
1115 if (chan->remote_max_tx && 1106 if (chan->remote_max_tx &&
1116 bt_cb(skb)->retries == chan->remote_max_tx) { 1107 bt_cb(skb)->retries == chan->remote_max_tx) {
1117 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED); 1108 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1118 break; 1109 break;
1119 } 1110 }
1120 1111
@@ -1134,12 +1125,12 @@ int l2cap_ertm_send(struct l2cap_chan *chan)
1134 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1125 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1135 1126
1136 1127
1137 if (pi->fcs == L2CAP_FCS_CRC16) { 1128 if (chan->fcs == L2CAP_FCS_CRC16) {
1138 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2); 1129 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1139 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2); 1130 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1140 } 1131 }
1141 1132
1142 l2cap_do_send(sk, tx_skb); 1133 l2cap_do_send(chan, tx_skb);
1143 1134
1144 __mod_retrans_timer(); 1135 __mod_retrans_timer();
1145 1136
@@ -1210,7 +1201,7 @@ static void l2cap_send_srejtail(struct l2cap_chan *chan)
1210 1201
1211static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1202static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1212{ 1203{
1213 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1204 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1214 struct sk_buff **frag; 1205 struct sk_buff **frag;
1215 int err, sent = 0; 1206 int err, sent = 0;
1216 1207
@@ -1240,9 +1231,10 @@ static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, in
1240 return sent; 1231 return sent;
1241} 1232}
1242 1233
1243struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len) 1234struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1244{ 1235{
1245 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1236 struct sock *sk = chan->sk;
1237 struct l2cap_conn *conn = chan->conn;
1246 struct sk_buff *skb; 1238 struct sk_buff *skb;
1247 int err, count, hlen = L2CAP_HDR_SIZE + 2; 1239 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1248 struct l2cap_hdr *lh; 1240 struct l2cap_hdr *lh;
@@ -1257,9 +1249,9 @@ struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, s
1257 1249
1258 /* Create L2CAP header */ 1250 /* Create L2CAP header */
1259 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1251 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1260 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1252 lh->cid = cpu_to_le16(chan->dcid);
1261 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1253 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1262 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2)); 1254 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1263 1255
1264 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1256 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1265 if (unlikely(err < 0)) { 1257 if (unlikely(err < 0)) {
@@ -1269,9 +1261,10 @@ struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, s
1269 return skb; 1261 return skb;
1270} 1262}
1271 1263
1272struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len) 1264struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1273{ 1265{
1274 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1266 struct sock *sk = chan->sk;
1267 struct l2cap_conn *conn = chan->conn;
1275 struct sk_buff *skb; 1268 struct sk_buff *skb;
1276 int err, count, hlen = L2CAP_HDR_SIZE; 1269 int err, count, hlen = L2CAP_HDR_SIZE;
1277 struct l2cap_hdr *lh; 1270 struct l2cap_hdr *lh;
@@ -1286,7 +1279,7 @@ struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size
1286 1279
1287 /* Create L2CAP header */ 1280 /* Create L2CAP header */
1288 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1281 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1289 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1282 lh->cid = cpu_to_le16(chan->dcid);
1290 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1283 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1291 1284
1292 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1285 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
@@ -1297,9 +1290,10 @@ struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size
1297 return skb; 1290 return skb;
1298} 1291}
1299 1292
1300struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen) 1293struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1301{ 1294{
1302 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1295 struct sock *sk = chan->sk;
1296 struct l2cap_conn *conn = chan->conn;
1303 struct sk_buff *skb; 1297 struct sk_buff *skb;
1304 int err, count, hlen = L2CAP_HDR_SIZE + 2; 1298 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1305 struct l2cap_hdr *lh; 1299 struct l2cap_hdr *lh;
@@ -1312,7 +1306,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1312 if (sdulen) 1306 if (sdulen)
1313 hlen += 2; 1307 hlen += 2;
1314 1308
1315 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) 1309 if (chan->fcs == L2CAP_FCS_CRC16)
1316 hlen += 2; 1310 hlen += 2;
1317 1311
1318 count = min_t(unsigned int, (conn->mtu - hlen), len); 1312 count = min_t(unsigned int, (conn->mtu - hlen), len);
@@ -1323,7 +1317,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1323 1317
1324 /* Create L2CAP header */ 1318 /* Create L2CAP header */
1325 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1319 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1326 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1320 lh->cid = cpu_to_le16(chan->dcid);
1327 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1321 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1328 put_unaligned_le16(control, skb_put(skb, 2)); 1322 put_unaligned_le16(control, skb_put(skb, 2));
1329 if (sdulen) 1323 if (sdulen)
@@ -1335,7 +1329,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1335 return ERR_PTR(err); 1329 return ERR_PTR(err);
1336 } 1330 }
1337 1331
1338 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) 1332 if (chan->fcs == L2CAP_FCS_CRC16)
1339 put_unaligned_le16(0, skb_put(skb, 2)); 1333 put_unaligned_le16(0, skb_put(skb, 2));
1340 1334
1341 bt_cb(skb)->retries = 0; 1335 bt_cb(skb)->retries = 0;
@@ -1344,7 +1338,6 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1344 1338
1345int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len) 1339int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1346{ 1340{
1347 struct sock *sk = chan->sk;
1348 struct sk_buff *skb; 1341 struct sk_buff *skb;
1349 struct sk_buff_head sar_queue; 1342 struct sk_buff_head sar_queue;
1350 u16 control; 1343 u16 control;
@@ -1352,7 +1345,7 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1352 1345
1353 skb_queue_head_init(&sar_queue); 1346 skb_queue_head_init(&sar_queue);
1354 control = L2CAP_SDU_START; 1347 control = L2CAP_SDU_START;
1355 skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len); 1348 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
1356 if (IS_ERR(skb)) 1349 if (IS_ERR(skb))
1357 return PTR_ERR(skb); 1350 return PTR_ERR(skb);
1358 1351
@@ -1371,7 +1364,7 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1371 buflen = len; 1364 buflen = len;
1372 } 1365 }
1373 1366
1374 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0); 1367 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
1375 if (IS_ERR(skb)) { 1368 if (IS_ERR(skb)) {
1376 skb_queue_purge(&sar_queue); 1369 skb_queue_purge(&sar_queue);
1377 return PTR_ERR(skb); 1370 return PTR_ERR(skb);
@@ -1391,10 +1384,11 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1391static void l2cap_chan_ready(struct sock *sk) 1384static void l2cap_chan_ready(struct sock *sk)
1392{ 1385{
1393 struct sock *parent = bt_sk(sk)->parent; 1386 struct sock *parent = bt_sk(sk)->parent;
1387 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1394 1388
1395 BT_DBG("sk %p, parent %p", sk, parent); 1389 BT_DBG("sk %p, parent %p", sk, parent);
1396 1390
1397 l2cap_pi(sk)->conf_state = 0; 1391 chan->conf_state = 0;
1398 l2cap_sock_clear_timer(sk); 1392 l2cap_sock_clear_timer(sk);
1399 1393
1400 if (!parent) { 1394 if (!parent) {
@@ -1615,9 +1609,8 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1615 1609
1616static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data) 1610static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1617{ 1611{
1618 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1619 struct l2cap_conf_req *req = data; 1612 struct l2cap_conf_req *req = data;
1620 struct l2cap_conf_rfc rfc = { .mode = pi->mode }; 1613 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1621 void *ptr = req->data; 1614 void *ptr = req->data;
1622 1615
1623 BT_DBG("chan %p", chan); 1616 BT_DBG("chan %p", chan);
@@ -1625,26 +1618,26 @@ static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1625 if (chan->num_conf_req || chan->num_conf_rsp) 1618 if (chan->num_conf_req || chan->num_conf_rsp)
1626 goto done; 1619 goto done;
1627 1620
1628 switch (pi->mode) { 1621 switch (chan->mode) {
1629 case L2CAP_MODE_STREAMING: 1622 case L2CAP_MODE_STREAMING:
1630 case L2CAP_MODE_ERTM: 1623 case L2CAP_MODE_ERTM:
1631 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE) 1624 if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE)
1632 break; 1625 break;
1633 1626
1634 /* fall through */ 1627 /* fall through */
1635 default: 1628 default:
1636 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask); 1629 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
1637 break; 1630 break;
1638 } 1631 }
1639 1632
1640done: 1633done:
1641 if (pi->imtu != L2CAP_DEFAULT_MTU) 1634 if (chan->imtu != L2CAP_DEFAULT_MTU)
1642 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 1635 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1643 1636
1644 switch (pi->mode) { 1637 switch (chan->mode) {
1645 case L2CAP_MODE_BASIC: 1638 case L2CAP_MODE_BASIC:
1646 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) && 1639 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1647 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING)) 1640 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
1648 break; 1641 break;
1649 1642
1650 rfc.mode = L2CAP_MODE_BASIC; 1643 rfc.mode = L2CAP_MODE_BASIC;
@@ -1660,24 +1653,24 @@ done:
1660 1653
1661 case L2CAP_MODE_ERTM: 1654 case L2CAP_MODE_ERTM:
1662 rfc.mode = L2CAP_MODE_ERTM; 1655 rfc.mode = L2CAP_MODE_ERTM;
1663 rfc.txwin_size = pi->tx_win; 1656 rfc.txwin_size = chan->tx_win;
1664 rfc.max_transmit = pi->max_tx; 1657 rfc.max_transmit = chan->max_tx;
1665 rfc.retrans_timeout = 0; 1658 rfc.retrans_timeout = 0;
1666 rfc.monitor_timeout = 0; 1659 rfc.monitor_timeout = 0;
1667 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 1660 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1668 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 1661 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1669 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1662 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1670 1663
1671 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 1664 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1672 (unsigned long) &rfc); 1665 (unsigned long) &rfc);
1673 1666
1674 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 1667 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1675 break; 1668 break;
1676 1669
1677 if (pi->fcs == L2CAP_FCS_NONE || 1670 if (chan->fcs == L2CAP_FCS_NONE ||
1678 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { 1671 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1679 pi->fcs = L2CAP_FCS_NONE; 1672 chan->fcs = L2CAP_FCS_NONE;
1680 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); 1673 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1681 } 1674 }
1682 break; 1675 break;
1683 1676
@@ -1688,24 +1681,24 @@ done:
1688 rfc.retrans_timeout = 0; 1681 rfc.retrans_timeout = 0;
1689 rfc.monitor_timeout = 0; 1682 rfc.monitor_timeout = 0;
1690 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 1683 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1691 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 1684 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1692 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1685 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1693 1686
1694 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 1687 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1695 (unsigned long) &rfc); 1688 (unsigned long) &rfc);
1696 1689
1697 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 1690 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1698 break; 1691 break;
1699 1692
1700 if (pi->fcs == L2CAP_FCS_NONE || 1693 if (chan->fcs == L2CAP_FCS_NONE ||
1701 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { 1694 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1702 pi->fcs = L2CAP_FCS_NONE; 1695 chan->fcs = L2CAP_FCS_NONE;
1703 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); 1696 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1704 } 1697 }
1705 break; 1698 break;
1706 } 1699 }
1707 1700
1708 req->dcid = cpu_to_le16(pi->dcid); 1701 req->dcid = cpu_to_le16(chan->dcid);
1709 req->flags = cpu_to_le16(0); 1702 req->flags = cpu_to_le16(0);
1710 1703
1711 return ptr - data; 1704 return ptr - data;
@@ -1713,7 +1706,6 @@ done:
1713 1706
1714static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data) 1707static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1715{ 1708{
1716 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1717 struct l2cap_conf_rsp *rsp = data; 1709 struct l2cap_conf_rsp *rsp = data;
1718 void *ptr = rsp->data; 1710 void *ptr = rsp->data;
1719 void *req = chan->conf_req; 1711 void *req = chan->conf_req;
@@ -1738,7 +1730,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1738 break; 1730 break;
1739 1731
1740 case L2CAP_CONF_FLUSH_TO: 1732 case L2CAP_CONF_FLUSH_TO:
1741 pi->flush_to = val; 1733 chan->flush_to = val;
1742 break; 1734 break;
1743 1735
1744 case L2CAP_CONF_QOS: 1736 case L2CAP_CONF_QOS:
@@ -1751,7 +1743,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1751 1743
1752 case L2CAP_CONF_FCS: 1744 case L2CAP_CONF_FCS:
1753 if (val == L2CAP_FCS_NONE) 1745 if (val == L2CAP_FCS_NONE)
1754 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV; 1746 chan->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1755 1747
1756 break; 1748 break;
1757 1749
@@ -1768,25 +1760,25 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1768 if (chan->num_conf_rsp || chan->num_conf_req > 1) 1760 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1769 goto done; 1761 goto done;
1770 1762
1771 switch (pi->mode) { 1763 switch (chan->mode) {
1772 case L2CAP_MODE_STREAMING: 1764 case L2CAP_MODE_STREAMING:
1773 case L2CAP_MODE_ERTM: 1765 case L2CAP_MODE_ERTM:
1774 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) { 1766 if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1775 pi->mode = l2cap_select_mode(rfc.mode, 1767 chan->mode = l2cap_select_mode(rfc.mode,
1776 pi->conn->feat_mask); 1768 chan->conn->feat_mask);
1777 break; 1769 break;
1778 } 1770 }
1779 1771
1780 if (pi->mode != rfc.mode) 1772 if (chan->mode != rfc.mode)
1781 return -ECONNREFUSED; 1773 return -ECONNREFUSED;
1782 1774
1783 break; 1775 break;
1784 } 1776 }
1785 1777
1786done: 1778done:
1787 if (pi->mode != rfc.mode) { 1779 if (chan->mode != rfc.mode) {
1788 result = L2CAP_CONF_UNACCEPT; 1780 result = L2CAP_CONF_UNACCEPT;
1789 rfc.mode = pi->mode; 1781 rfc.mode = chan->mode;
1790 1782
1791 if (chan->num_conf_rsp == 1) 1783 if (chan->num_conf_rsp == 1)
1792 return -ECONNREFUSED; 1784 return -ECONNREFUSED;
@@ -1803,23 +1795,23 @@ done:
1803 if (mtu < L2CAP_DEFAULT_MIN_MTU) 1795 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1804 result = L2CAP_CONF_UNACCEPT; 1796 result = L2CAP_CONF_UNACCEPT;
1805 else { 1797 else {
1806 pi->omtu = mtu; 1798 chan->omtu = mtu;
1807 pi->conf_state |= L2CAP_CONF_MTU_DONE; 1799 chan->conf_state |= L2CAP_CONF_MTU_DONE;
1808 } 1800 }
1809 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); 1801 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
1810 1802
1811 switch (rfc.mode) { 1803 switch (rfc.mode) {
1812 case L2CAP_MODE_BASIC: 1804 case L2CAP_MODE_BASIC:
1813 pi->fcs = L2CAP_FCS_NONE; 1805 chan->fcs = L2CAP_FCS_NONE;
1814 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1806 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1815 break; 1807 break;
1816 1808
1817 case L2CAP_MODE_ERTM: 1809 case L2CAP_MODE_ERTM:
1818 chan->remote_tx_win = rfc.txwin_size; 1810 chan->remote_tx_win = rfc.txwin_size;
1819 chan->remote_max_tx = rfc.max_transmit; 1811 chan->remote_max_tx = rfc.max_transmit;
1820 1812
1821 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1813 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1822 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1814 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1823 1815
1824 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1816 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1825 1817
@@ -1828,7 +1820,7 @@ done:
1828 rfc.monitor_timeout = 1820 rfc.monitor_timeout =
1829 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO); 1821 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
1830 1822
1831 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1823 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1832 1824
1833 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1825 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1834 sizeof(rfc), (unsigned long) &rfc); 1826 sizeof(rfc), (unsigned long) &rfc);
@@ -1836,12 +1828,12 @@ done:
1836 break; 1828 break;
1837 1829
1838 case L2CAP_MODE_STREAMING: 1830 case L2CAP_MODE_STREAMING:
1839 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1831 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1840 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1832 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1841 1833
1842 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1834 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1843 1835
1844 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1836 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1845 1837
1846 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1838 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1847 sizeof(rfc), (unsigned long) &rfc); 1839 sizeof(rfc), (unsigned long) &rfc);
@@ -1852,29 +1844,28 @@ done:
1852 result = L2CAP_CONF_UNACCEPT; 1844 result = L2CAP_CONF_UNACCEPT;
1853 1845
1854 memset(&rfc, 0, sizeof(rfc)); 1846 memset(&rfc, 0, sizeof(rfc));
1855 rfc.mode = pi->mode; 1847 rfc.mode = chan->mode;
1856 } 1848 }
1857 1849
1858 if (result == L2CAP_CONF_SUCCESS) 1850 if (result == L2CAP_CONF_SUCCESS)
1859 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; 1851 chan->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1860 } 1852 }
1861 rsp->scid = cpu_to_le16(pi->dcid); 1853 rsp->scid = cpu_to_le16(chan->dcid);
1862 rsp->result = cpu_to_le16(result); 1854 rsp->result = cpu_to_le16(result);
1863 rsp->flags = cpu_to_le16(0x0000); 1855 rsp->flags = cpu_to_le16(0x0000);
1864 1856
1865 return ptr - data; 1857 return ptr - data;
1866} 1858}
1867 1859
1868static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result) 1860static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
1869{ 1861{
1870 struct l2cap_pinfo *pi = l2cap_pi(sk);
1871 struct l2cap_conf_req *req = data; 1862 struct l2cap_conf_req *req = data;
1872 void *ptr = req->data; 1863 void *ptr = req->data;
1873 int type, olen; 1864 int type, olen;
1874 unsigned long val; 1865 unsigned long val;
1875 struct l2cap_conf_rfc rfc; 1866 struct l2cap_conf_rfc rfc;
1876 1867
1877 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data); 1868 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
1878 1869
1879 while (len >= L2CAP_CONF_OPT_SIZE) { 1870 while (len >= L2CAP_CONF_OPT_SIZE) {
1880 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); 1871 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
@@ -1883,27 +1874,27 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
1883 case L2CAP_CONF_MTU: 1874 case L2CAP_CONF_MTU:
1884 if (val < L2CAP_DEFAULT_MIN_MTU) { 1875 if (val < L2CAP_DEFAULT_MIN_MTU) {
1885 *result = L2CAP_CONF_UNACCEPT; 1876 *result = L2CAP_CONF_UNACCEPT;
1886 pi->imtu = L2CAP_DEFAULT_MIN_MTU; 1877 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
1887 } else 1878 } else
1888 pi->imtu = val; 1879 chan->imtu = val;
1889 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 1880 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1890 break; 1881 break;
1891 1882
1892 case L2CAP_CONF_FLUSH_TO: 1883 case L2CAP_CONF_FLUSH_TO:
1893 pi->flush_to = val; 1884 chan->flush_to = val;
1894 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 1885 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1895 2, pi->flush_to); 1886 2, chan->flush_to);
1896 break; 1887 break;
1897 1888
1898 case L2CAP_CONF_RFC: 1889 case L2CAP_CONF_RFC:
1899 if (olen == sizeof(rfc)) 1890 if (olen == sizeof(rfc))
1900 memcpy(&rfc, (void *)val, olen); 1891 memcpy(&rfc, (void *)val, olen);
1901 1892
1902 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) && 1893 if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1903 rfc.mode != pi->mode) 1894 rfc.mode != chan->mode)
1904 return -ECONNREFUSED; 1895 return -ECONNREFUSED;
1905 1896
1906 pi->fcs = 0; 1897 chan->fcs = 0;
1907 1898
1908 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1899 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1909 sizeof(rfc), (unsigned long) &rfc); 1900 sizeof(rfc), (unsigned long) &rfc);
@@ -1911,78 +1902,74 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
1911 } 1902 }
1912 } 1903 }
1913 1904
1914 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode) 1905 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
1915 return -ECONNREFUSED; 1906 return -ECONNREFUSED;
1916 1907
1917 pi->mode = rfc.mode; 1908 chan->mode = rfc.mode;
1918 1909
1919 if (*result == L2CAP_CONF_SUCCESS) { 1910 if (*result == L2CAP_CONF_SUCCESS) {
1920 switch (rfc.mode) { 1911 switch (rfc.mode) {
1921 case L2CAP_MODE_ERTM: 1912 case L2CAP_MODE_ERTM:
1922 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 1913 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1923 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 1914 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1924 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1915 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1925 break; 1916 break;
1926 case L2CAP_MODE_STREAMING: 1917 case L2CAP_MODE_STREAMING:
1927 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1918 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1928 } 1919 }
1929 } 1920 }
1930 1921
1931 req->dcid = cpu_to_le16(pi->dcid); 1922 req->dcid = cpu_to_le16(chan->dcid);
1932 req->flags = cpu_to_le16(0x0000); 1923 req->flags = cpu_to_le16(0x0000);
1933 1924
1934 return ptr - data; 1925 return ptr - data;
1935} 1926}
1936 1927
1937static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) 1928static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1938{ 1929{
1939 struct l2cap_conf_rsp *rsp = data; 1930 struct l2cap_conf_rsp *rsp = data;
1940 void *ptr = rsp->data; 1931 void *ptr = rsp->data;
1941 1932
1942 BT_DBG("sk %p", sk); 1933 BT_DBG("chan %p", chan);
1943 1934
1944 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid); 1935 rsp->scid = cpu_to_le16(chan->dcid);
1945 rsp->result = cpu_to_le16(result); 1936 rsp->result = cpu_to_le16(result);
1946 rsp->flags = cpu_to_le16(flags); 1937 rsp->flags = cpu_to_le16(flags);
1947 1938
1948 return ptr - data; 1939 return ptr - data;
1949} 1940}
1950 1941
1951void __l2cap_connect_rsp_defer(struct sock *sk) 1942void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
1952{ 1943{
1953 struct l2cap_conn_rsp rsp; 1944 struct l2cap_conn_rsp rsp;
1954 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1945 struct l2cap_conn *conn = chan->conn;
1955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1956 u8 buf[128]; 1946 u8 buf[128];
1957 1947
1958 sk->sk_state = BT_CONFIG; 1948 rsp.scid = cpu_to_le16(chan->dcid);
1959 1949 rsp.dcid = cpu_to_le16(chan->scid);
1960 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1961 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1962 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 1950 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1963 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 1951 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1964 l2cap_send_cmd(conn, chan->ident, 1952 l2cap_send_cmd(conn, chan->ident,
1965 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1953 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1966 1954
1967 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) 1955 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
1968 return; 1956 return;
1969 1957
1970 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 1958 chan->conf_state |= L2CAP_CONF_REQ_SENT;
1971 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1959 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1972 l2cap_build_conf_req(chan, buf), buf); 1960 l2cap_build_conf_req(chan, buf), buf);
1973 chan->num_conf_req++; 1961 chan->num_conf_req++;
1974} 1962}
1975 1963
1976static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len) 1964static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
1977{ 1965{
1978 struct l2cap_pinfo *pi = l2cap_pi(sk);
1979 int type, olen; 1966 int type, olen;
1980 unsigned long val; 1967 unsigned long val;
1981 struct l2cap_conf_rfc rfc; 1968 struct l2cap_conf_rfc rfc;
1982 1969
1983 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len); 1970 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
1984 1971
1985 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING)) 1972 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
1986 return; 1973 return;
1987 1974
1988 while (len >= L2CAP_CONF_OPT_SIZE) { 1975 while (len >= L2CAP_CONF_OPT_SIZE) {
@@ -1999,12 +1986,12 @@ static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1999done: 1986done:
2000 switch (rfc.mode) { 1987 switch (rfc.mode) {
2001 case L2CAP_MODE_ERTM: 1988 case L2CAP_MODE_ERTM:
2002 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 1989 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2003 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 1990 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2004 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1991 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2005 break; 1992 break;
2006 case L2CAP_MODE_STREAMING: 1993 case L2CAP_MODE_STREAMING:
2007 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1994 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2008 } 1995 }
2009} 1996}
2010 1997
@@ -2076,6 +2063,8 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2076 goto response; 2063 goto response;
2077 } 2064 }
2078 2065
2066 l2cap_pi(sk)->chan = chan;
2067
2079 write_lock_bh(&conn->chan_lock); 2068 write_lock_bh(&conn->chan_lock);
2080 2069
2081 /* Check if we already have channel with that dcid */ 2070 /* Check if we already have channel with that dcid */
@@ -2091,23 +2080,21 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2091 l2cap_sock_init(sk, parent); 2080 l2cap_sock_init(sk, parent);
2092 bacpy(&bt_sk(sk)->src, conn->src); 2081 bacpy(&bt_sk(sk)->src, conn->src);
2093 bacpy(&bt_sk(sk)->dst, conn->dst); 2082 bacpy(&bt_sk(sk)->dst, conn->dst);
2094 l2cap_pi(sk)->psm = psm; 2083 chan->psm = psm;
2095 l2cap_pi(sk)->dcid = scid; 2084 chan->dcid = scid;
2096 2085
2097 bt_accept_enqueue(parent, sk); 2086 bt_accept_enqueue(parent, sk);
2098 2087
2099 __l2cap_chan_add(conn, chan); 2088 __l2cap_chan_add(conn, chan);
2100 2089
2101 l2cap_pi(sk)->chan = chan; 2090 dcid = chan->scid;
2102
2103 dcid = l2cap_pi(sk)->scid;
2104 2091
2105 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 2092 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2106 2093
2107 chan->ident = cmd->ident; 2094 chan->ident = cmd->ident;
2108 2095
2109 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2096 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2110 if (l2cap_check_security(sk)) { 2097 if (l2cap_check_security(chan)) {
2111 if (bt_sk(sk)->defer_setup) { 2098 if (bt_sk(sk)->defer_setup) {
2112 sk->sk_state = BT_CONNECT2; 2099 sk->sk_state = BT_CONNECT2;
2113 result = L2CAP_CR_PEND; 2100 result = L2CAP_CR_PEND;
@@ -2155,10 +2142,10 @@ sendresp:
2155 L2CAP_INFO_REQ, sizeof(info), &info); 2142 L2CAP_INFO_REQ, sizeof(info), &info);
2156 } 2143 }
2157 2144
2158 if (chan && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) && 2145 if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) &&
2159 result == L2CAP_CR_SUCCESS) { 2146 result == L2CAP_CR_SUCCESS) {
2160 u8 buf[128]; 2147 u8 buf[128];
2161 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2148 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2162 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2149 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2163 l2cap_build_conf_req(chan, buf), buf); 2150 l2cap_build_conf_req(chan, buf), buf);
2164 chan->num_conf_req++; 2151 chan->num_conf_req++;
@@ -2198,13 +2185,13 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2198 case L2CAP_CR_SUCCESS: 2185 case L2CAP_CR_SUCCESS:
2199 sk->sk_state = BT_CONFIG; 2186 sk->sk_state = BT_CONFIG;
2200 chan->ident = 0; 2187 chan->ident = 0;
2201 l2cap_pi(sk)->dcid = dcid; 2188 chan->dcid = dcid;
2202 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 2189 chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2203 2190
2204 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) 2191 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
2205 break; 2192 break;
2206 2193
2207 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2194 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2208 2195
2209 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2196 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2210 l2cap_build_conf_req(chan, req), req); 2197 l2cap_build_conf_req(chan, req), req);
@@ -2212,7 +2199,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2212 break; 2199 break;
2213 2200
2214 case L2CAP_CR_PEND: 2201 case L2CAP_CR_PEND:
2215 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 2202 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
2216 break; 2203 break;
2217 2204
2218 default: 2205 default:
@@ -2232,15 +2219,17 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2232 return 0; 2219 return 0;
2233} 2220}
2234 2221
2235static inline void set_default_fcs(struct l2cap_pinfo *pi) 2222static inline void set_default_fcs(struct l2cap_chan *chan)
2236{ 2223{
2224 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2225
2237 /* FCS is enabled only in ERTM or streaming mode, if one or both 2226 /* FCS is enabled only in ERTM or streaming mode, if one or both
2238 * sides request it. 2227 * sides request it.
2239 */ 2228 */
2240 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING) 2229 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
2241 pi->fcs = L2CAP_FCS_NONE; 2230 chan->fcs = L2CAP_FCS_NONE;
2242 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV)) 2231 else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))
2243 pi->fcs = L2CAP_FCS_CRC16; 2232 chan->fcs = L2CAP_FCS_CRC16;
2244} 2233}
2245 2234
2246static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 2235static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
@@ -2276,7 +2265,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2276 len = cmd_len - sizeof(*req); 2265 len = cmd_len - sizeof(*req);
2277 if (chan->conf_len + len > sizeof(chan->conf_req)) { 2266 if (chan->conf_len + len > sizeof(chan->conf_req)) {
2278 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2267 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2279 l2cap_build_conf_rsp(sk, rsp, 2268 l2cap_build_conf_rsp(chan, rsp,
2280 L2CAP_CONF_REJECT, flags), rsp); 2269 L2CAP_CONF_REJECT, flags), rsp);
2281 goto unlock; 2270 goto unlock;
2282 } 2271 }
@@ -2288,7 +2277,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2288 if (flags & 0x0001) { 2277 if (flags & 0x0001) {
2289 /* Incomplete config. Send empty response. */ 2278 /* Incomplete config. Send empty response. */
2290 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2279 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2291 l2cap_build_conf_rsp(sk, rsp, 2280 l2cap_build_conf_rsp(chan, rsp,
2292 L2CAP_CONF_SUCCESS, 0x0001), rsp); 2281 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2293 goto unlock; 2282 goto unlock;
2294 } 2283 }
@@ -2306,27 +2295,27 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2306 /* Reset config buffer. */ 2295 /* Reset config buffer. */
2307 chan->conf_len = 0; 2296 chan->conf_len = 0;
2308 2297
2309 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 2298 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE))
2310 goto unlock; 2299 goto unlock;
2311 2300
2312 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 2301 if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {
2313 set_default_fcs(l2cap_pi(sk)); 2302 set_default_fcs(chan);
2314 2303
2315 sk->sk_state = BT_CONNECTED; 2304 sk->sk_state = BT_CONNECTED;
2316 2305
2317 chan->next_tx_seq = 0; 2306 chan->next_tx_seq = 0;
2318 chan->expected_tx_seq = 0; 2307 chan->expected_tx_seq = 0;
2319 skb_queue_head_init(&chan->tx_q); 2308 skb_queue_head_init(&chan->tx_q);
2320 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2309 if (chan->mode == L2CAP_MODE_ERTM)
2321 l2cap_ertm_init(chan); 2310 l2cap_ertm_init(chan);
2322 2311
2323 l2cap_chan_ready(sk); 2312 l2cap_chan_ready(sk);
2324 goto unlock; 2313 goto unlock;
2325 } 2314 }
2326 2315
2327 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { 2316 if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) {
2328 u8 buf[64]; 2317 u8 buf[64];
2329 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2318 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2330 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2319 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2331 l2cap_build_conf_req(chan, buf), buf); 2320 l2cap_build_conf_req(chan, buf), buf);
2332 chan->num_conf_req++; 2321 chan->num_conf_req++;
@@ -2360,7 +2349,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2360 2349
2361 switch (result) { 2350 switch (result) {
2362 case L2CAP_CONF_SUCCESS: 2351 case L2CAP_CONF_SUCCESS:
2363 l2cap_conf_rfc_get(sk, rsp->data, len); 2352 l2cap_conf_rfc_get(chan, rsp->data, len);
2364 break; 2353 break;
2365 2354
2366 case L2CAP_CONF_UNACCEPT: 2355 case L2CAP_CONF_UNACCEPT:
@@ -2374,8 +2363,8 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2374 2363
2375 /* throw out any old stored conf requests */ 2364 /* throw out any old stored conf requests */
2376 result = L2CAP_CONF_SUCCESS; 2365 result = L2CAP_CONF_SUCCESS;
2377 len = l2cap_parse_conf_rsp(sk, rsp->data, 2366 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2378 len, req, &result); 2367 req, &result);
2379 if (len < 0) { 2368 if (len < 0) {
2380 l2cap_send_disconn_req(conn, chan, ECONNRESET); 2369 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2381 goto done; 2370 goto done;
@@ -2399,16 +2388,16 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2399 if (flags & 0x01) 2388 if (flags & 0x01)
2400 goto done; 2389 goto done;
2401 2390
2402 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2391 chan->conf_state |= L2CAP_CONF_INPUT_DONE;
2403 2392
2404 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2393 if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2405 set_default_fcs(l2cap_pi(sk)); 2394 set_default_fcs(chan);
2406 2395
2407 sk->sk_state = BT_CONNECTED; 2396 sk->sk_state = BT_CONNECTED;
2408 chan->next_tx_seq = 0; 2397 chan->next_tx_seq = 0;
2409 chan->expected_tx_seq = 0; 2398 chan->expected_tx_seq = 0;
2410 skb_queue_head_init(&chan->tx_q); 2399 skb_queue_head_init(&chan->tx_q);
2411 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2400 if (chan->mode == L2CAP_MODE_ERTM)
2412 l2cap_ertm_init(chan); 2401 l2cap_ertm_init(chan);
2413 2402
2414 l2cap_chan_ready(sk); 2403 l2cap_chan_ready(sk);
@@ -2438,8 +2427,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2438 2427
2439 sk = chan->sk; 2428 sk = chan->sk;
2440 2429
2441 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2430 rsp.dcid = cpu_to_le16(chan->scid);
2442 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2431 rsp.scid = cpu_to_le16(chan->dcid);
2443 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2432 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2444 2433
2445 sk->sk_shutdown = SHUTDOWN_MASK; 2434 sk->sk_shutdown = SHUTDOWN_MASK;
@@ -2774,12 +2763,12 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2774 kfree_skb(skb); 2763 kfree_skb(skb);
2775} 2764}
2776 2765
2777static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb) 2766static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
2778{ 2767{
2779 u16 our_fcs, rcv_fcs; 2768 u16 our_fcs, rcv_fcs;
2780 int hdr_size = L2CAP_HDR_SIZE + 2; 2769 int hdr_size = L2CAP_HDR_SIZE + 2;
2781 2770
2782 if (pi->fcs == L2CAP_FCS_CRC16) { 2771 if (chan->fcs == L2CAP_FCS_CRC16) {
2783 skb_trim(skb, skb->len - 2); 2772 skb_trim(skb, skb->len - 2);
2784 rcv_fcs = get_unaligned_le16(skb->data + skb->len); 2773 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2785 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size); 2774 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
@@ -2860,7 +2849,6 @@ static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb,
2860 2849
2861static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) 2850static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2862{ 2851{
2863 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2864 struct sk_buff *_skb; 2852 struct sk_buff *_skb;
2865 int err; 2853 int err;
2866 2854
@@ -2881,7 +2869,7 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk
2881 2869
2882 chan->sdu_len = get_unaligned_le16(skb->data); 2870 chan->sdu_len = get_unaligned_le16(skb->data);
2883 2871
2884 if (chan->sdu_len > pi->imtu) 2872 if (chan->sdu_len > chan->imtu)
2885 goto disconnect; 2873 goto disconnect;
2886 2874
2887 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC); 2875 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
@@ -2924,7 +2912,7 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk
2924 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) { 2912 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2925 chan->partial_sdu_len += skb->len; 2913 chan->partial_sdu_len += skb->len;
2926 2914
2927 if (chan->partial_sdu_len > pi->imtu) 2915 if (chan->partial_sdu_len > chan->imtu)
2928 goto drop; 2916 goto drop;
2929 2917
2930 if (chan->partial_sdu_len != chan->sdu_len) 2918 if (chan->partial_sdu_len != chan->sdu_len)
@@ -2961,7 +2949,7 @@ drop:
2961 chan->sdu = NULL; 2949 chan->sdu = NULL;
2962 2950
2963disconnect: 2951disconnect:
2964 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 2952 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
2965 kfree_skb(skb); 2953 kfree_skb(skb);
2966 return 0; 2954 return 0;
2967} 2955}
@@ -3022,7 +3010,7 @@ static void l2cap_busy_work(struct work_struct *work)
3022 3010
3023 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3011 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3024 err = -EBUSY; 3012 err = -EBUSY;
3025 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY); 3013 l2cap_send_disconn_req(chan->conn, chan, EBUSY);
3026 break; 3014 break;
3027 } 3015 }
3028 3016
@@ -3092,7 +3080,6 @@ static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 c
3092 3080
3093static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) 3081static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3094{ 3082{
3095 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3096 struct sk_buff *_skb; 3083 struct sk_buff *_skb;
3097 int err = -EINVAL; 3084 int err = -EINVAL;
3098 3085
@@ -3123,7 +3110,7 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf
3123 chan->sdu_len = get_unaligned_le16(skb->data); 3110 chan->sdu_len = get_unaligned_le16(skb->data);
3124 skb_pull(skb, 2); 3111 skb_pull(skb, 2);
3125 3112
3126 if (chan->sdu_len > pi->imtu) { 3113 if (chan->sdu_len > chan->imtu) {
3127 err = -EMSGSIZE; 3114 err = -EMSGSIZE;
3128 break; 3115 break;
3129 } 3116 }
@@ -3164,7 +3151,7 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf
3164 chan->conn_state &= ~L2CAP_CONN_SAR_SDU; 3151 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3165 chan->partial_sdu_len += skb->len; 3152 chan->partial_sdu_len += skb->len;
3166 3153
3167 if (chan->partial_sdu_len > pi->imtu) 3154 if (chan->partial_sdu_len > chan->imtu)
3168 goto drop; 3155 goto drop;
3169 3156
3170 if (chan->partial_sdu_len == chan->sdu_len) { 3157 if (chan->partial_sdu_len == chan->sdu_len) {
@@ -3241,12 +3228,11 @@ static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3241 3228
3242static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb) 3229static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3243{ 3230{
3244 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3245 u8 tx_seq = __get_txseq(rx_control); 3231 u8 tx_seq = __get_txseq(rx_control);
3246 u8 req_seq = __get_reqseq(rx_control); 3232 u8 req_seq = __get_reqseq(rx_control);
3247 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3233 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3248 int tx_seq_offset, expected_tx_seq_offset; 3234 int tx_seq_offset, expected_tx_seq_offset;
3249 int num_to_ack = (pi->tx_win/6) + 1; 3235 int num_to_ack = (chan->tx_win/6) + 1;
3250 int err = 0; 3236 int err = 0;
3251 3237
3252 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len, 3238 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
@@ -3271,8 +3257,8 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont
3271 tx_seq_offset += 64; 3257 tx_seq_offset += 64;
3272 3258
3273 /* invalid tx_seq */ 3259 /* invalid tx_seq */
3274 if (tx_seq_offset >= pi->tx_win) { 3260 if (tx_seq_offset >= chan->tx_win) {
3275 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3261 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3276 goto drop; 3262 goto drop;
3277 } 3263 }
3278 3264
@@ -3539,7 +3525,6 @@ static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_cont
3539static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 3525static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3540{ 3526{
3541 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 3527 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3542 struct l2cap_pinfo *pi = l2cap_pi(sk);
3543 u16 control; 3528 u16 control;
3544 u8 req_seq; 3529 u8 req_seq;
3545 int len, next_tx_seq_offset, req_seq_offset; 3530 int len, next_tx_seq_offset, req_seq_offset;
@@ -3553,17 +3538,17 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3553 * Receiver will miss it and start proper recovery 3538 * Receiver will miss it and start proper recovery
3554 * procedures and ask retransmission. 3539 * procedures and ask retransmission.
3555 */ 3540 */
3556 if (l2cap_check_fcs(pi, skb)) 3541 if (l2cap_check_fcs(chan, skb))
3557 goto drop; 3542 goto drop;
3558 3543
3559 if (__is_sar_start(control) && __is_iframe(control)) 3544 if (__is_sar_start(control) && __is_iframe(control))
3560 len -= 2; 3545 len -= 2;
3561 3546
3562 if (pi->fcs == L2CAP_FCS_CRC16) 3547 if (chan->fcs == L2CAP_FCS_CRC16)
3563 len -= 2; 3548 len -= 2;
3564 3549
3565 if (len > pi->mps) { 3550 if (len > chan->mps) {
3566 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3551 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3567 goto drop; 3552 goto drop;
3568 } 3553 }
3569 3554
@@ -3579,13 +3564,13 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3579 3564
3580 /* check for invalid req-seq */ 3565 /* check for invalid req-seq */
3581 if (req_seq_offset > next_tx_seq_offset) { 3566 if (req_seq_offset > next_tx_seq_offset) {
3582 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3567 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3583 goto drop; 3568 goto drop;
3584 } 3569 }
3585 3570
3586 if (__is_iframe(control)) { 3571 if (__is_iframe(control)) {
3587 if (len < 0) { 3572 if (len < 0) {
3588 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3573 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3589 goto drop; 3574 goto drop;
3590 } 3575 }
3591 3576
@@ -3593,7 +3578,7 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3593 } else { 3578 } else {
3594 if (len != 0) { 3579 if (len != 0) {
3595 BT_ERR("%d", len); 3580 BT_ERR("%d", len);
3596 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3581 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3597 goto drop; 3582 goto drop;
3598 } 3583 }
3599 3584
@@ -3630,14 +3615,14 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3630 if (sk->sk_state != BT_CONNECTED) 3615 if (sk->sk_state != BT_CONNECTED)
3631 goto drop; 3616 goto drop;
3632 3617
3633 switch (pi->mode) { 3618 switch (chan->mode) {
3634 case L2CAP_MODE_BASIC: 3619 case L2CAP_MODE_BASIC:
3635 /* If socket recv buffers overflows we drop data here 3620 /* If socket recv buffers overflows we drop data here
3636 * which is *bad* because L2CAP has to be reliable. 3621 * which is *bad* because L2CAP has to be reliable.
3637 * But we don't have any other choice. L2CAP doesn't 3622 * But we don't have any other choice. L2CAP doesn't
3638 * provide flow control mechanism. */ 3623 * provide flow control mechanism. */
3639 3624
3640 if (pi->imtu < skb->len) 3625 if (chan->imtu < skb->len)
3641 goto drop; 3626 goto drop;
3642 3627
3643 if (!sock_queue_rcv_skb(sk, skb)) 3628 if (!sock_queue_rcv_skb(sk, skb))
@@ -3659,16 +3644,16 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3659 skb_pull(skb, 2); 3644 skb_pull(skb, 2);
3660 len = skb->len; 3645 len = skb->len;
3661 3646
3662 if (l2cap_check_fcs(pi, skb)) 3647 if (l2cap_check_fcs(chan, skb))
3663 goto drop; 3648 goto drop;
3664 3649
3665 if (__is_sar_start(control)) 3650 if (__is_sar_start(control))
3666 len -= 2; 3651 len -= 2;
3667 3652
3668 if (pi->fcs == L2CAP_FCS_CRC16) 3653 if (chan->fcs == L2CAP_FCS_CRC16)
3669 len -= 2; 3654 len -= 2;
3670 3655
3671 if (len > pi->mps || len < 0 || __is_sframe(control)) 3656 if (len > chan->mps || len < 0 || __is_sframe(control))
3672 goto drop; 3657 goto drop;
3673 3658
3674 tx_seq = __get_txseq(control); 3659 tx_seq = __get_txseq(control);
@@ -3683,7 +3668,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3683 goto done; 3668 goto done;
3684 3669
3685 default: 3670 default:
3686 BT_DBG("chan %p: bad mode 0x%2.2x", chan, pi->mode); 3671 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
3687 break; 3672 break;
3688 } 3673 }
3689 3674
@@ -3712,7 +3697,7 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
3712 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) 3697 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3713 goto drop; 3698 goto drop;
3714 3699
3715 if (l2cap_pi(sk)->imtu < skb->len) 3700 if (l2cap_pi(sk)->chan->imtu < skb->len)
3716 goto drop; 3701 goto drop;
3717 3702
3718 if (!sock_queue_rcv_skb(sk, skb)) 3703 if (!sock_queue_rcv_skb(sk, skb))
@@ -3742,7 +3727,7 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct
3742 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) 3727 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3743 goto drop; 3728 goto drop;
3744 3729
3745 if (l2cap_pi(sk)->imtu < skb->len) 3730 if (l2cap_pi(sk)->chan->imtu < skb->len)
3746 goto drop; 3731 goto drop;
3747 3732
3748 if (!sock_queue_rcv_skb(sk, skb)) 3733 if (!sock_queue_rcv_skb(sk, skb))
@@ -3812,17 +3797,19 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3812 /* Find listening sockets and check their link_mode */ 3797 /* Find listening sockets and check their link_mode */
3813 read_lock(&l2cap_sk_list.lock); 3798 read_lock(&l2cap_sk_list.lock);
3814 sk_for_each(sk, node, &l2cap_sk_list.head) { 3799 sk_for_each(sk, node, &l2cap_sk_list.head) {
3800 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3801
3815 if (sk->sk_state != BT_LISTEN) 3802 if (sk->sk_state != BT_LISTEN)
3816 continue; 3803 continue;
3817 3804
3818 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { 3805 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3819 lm1 |= HCI_LM_ACCEPT; 3806 lm1 |= HCI_LM_ACCEPT;
3820 if (l2cap_pi(sk)->role_switch) 3807 if (chan->role_switch)
3821 lm1 |= HCI_LM_MASTER; 3808 lm1 |= HCI_LM_MASTER;
3822 exact++; 3809 exact++;
3823 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 3810 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3824 lm2 |= HCI_LM_ACCEPT; 3811 lm2 |= HCI_LM_ACCEPT;
3825 if (l2cap_pi(sk)->role_switch) 3812 if (chan->role_switch)
3826 lm2 |= HCI_LM_MASTER; 3813 lm2 |= HCI_LM_MASTER;
3827 } 3814 }
3828 } 3815 }
@@ -3874,19 +3861,21 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3874 return 0; 3861 return 0;
3875} 3862}
3876 3863
3877static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) 3864static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
3878{ 3865{
3866 struct sock *sk = chan->sk;
3867
3879 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) 3868 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3880 return; 3869 return;
3881 3870
3882 if (encrypt == 0x00) { 3871 if (encrypt == 0x00) {
3883 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) { 3872 if (chan->sec_level == BT_SECURITY_MEDIUM) {
3884 l2cap_sock_clear_timer(sk); 3873 l2cap_sock_clear_timer(sk);
3885 l2cap_sock_set_timer(sk, HZ * 5); 3874 l2cap_sock_set_timer(sk, HZ * 5);
3886 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 3875 } else if (chan->sec_level == BT_SECURITY_HIGH)
3887 __l2cap_sock_close(sk, ECONNREFUSED); 3876 __l2cap_sock_close(sk, ECONNREFUSED);
3888 } else { 3877 } else {
3889 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) 3878 if (chan->sec_level == BT_SECURITY_MEDIUM)
3890 l2cap_sock_clear_timer(sk); 3879 l2cap_sock_clear_timer(sk);
3891 } 3880 }
3892} 3881}
@@ -3908,14 +3897,14 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3908 3897
3909 bh_lock_sock(sk); 3898 bh_lock_sock(sk);
3910 3899
3911 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { 3900 if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) {
3912 bh_unlock_sock(sk); 3901 bh_unlock_sock(sk);
3913 continue; 3902 continue;
3914 } 3903 }
3915 3904
3916 if (!status && (sk->sk_state == BT_CONNECTED || 3905 if (!status && (sk->sk_state == BT_CONNECTED ||
3917 sk->sk_state == BT_CONFIG)) { 3906 sk->sk_state == BT_CONFIG)) {
3918 l2cap_check_encryption(sk, encrypt); 3907 l2cap_check_encryption(chan, encrypt);
3919 bh_unlock_sock(sk); 3908 bh_unlock_sock(sk);
3920 continue; 3909 continue;
3921 } 3910 }
@@ -3923,11 +3912,11 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3923 if (sk->sk_state == BT_CONNECT) { 3912 if (sk->sk_state == BT_CONNECT) {
3924 if (!status) { 3913 if (!status) {
3925 struct l2cap_conn_req req; 3914 struct l2cap_conn_req req;
3926 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 3915 req.scid = cpu_to_le16(chan->scid);
3927 req.psm = l2cap_pi(sk)->psm; 3916 req.psm = chan->psm;
3928 3917
3929 chan->ident = l2cap_get_ident(conn); 3918 chan->ident = l2cap_get_ident(conn);
3930 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 3919 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
3931 3920
3932 l2cap_send_cmd(conn, chan->ident, 3921 l2cap_send_cmd(conn, chan->ident,
3933 L2CAP_CONN_REQ, sizeof(req), &req); 3922 L2CAP_CONN_REQ, sizeof(req), &req);
@@ -3948,8 +3937,8 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3948 result = L2CAP_CR_SEC_BLOCK; 3937 result = L2CAP_CR_SEC_BLOCK;
3949 } 3938 }
3950 3939
3951 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 3940 rsp.scid = cpu_to_le16(chan->dcid);
3952 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 3941 rsp.dcid = cpu_to_le16(chan->scid);
3953 rsp.result = cpu_to_le16(result); 3942 rsp.result = cpu_to_le16(result);
3954 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3943 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3955 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 3944 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
@@ -4021,10 +4010,10 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
4021 if (chan && chan->sk) { 4010 if (chan && chan->sk) {
4022 struct sock *sk = chan->sk; 4011 struct sock *sk = chan->sk;
4023 4012
4024 if (l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) { 4013 if (chan->imtu < len - L2CAP_HDR_SIZE) {
4025 BT_ERR("Frame exceeding recv MTU (len %d, " 4014 BT_ERR("Frame exceeding recv MTU (len %d, "
4026 "MTU %d)", len, 4015 "MTU %d)", len,
4027 l2cap_pi(sk)->imtu); 4016 chan->imtu);
4028 bh_unlock_sock(sk); 4017 bh_unlock_sock(sk);
4029 l2cap_conn_unreliable(conn, ECOMM); 4018 l2cap_conn_unreliable(conn, ECOMM);
4030 goto drop; 4019 goto drop;
@@ -4084,14 +4073,15 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
4084 4073
4085 sk_for_each(sk, node, &l2cap_sk_list.head) { 4074 sk_for_each(sk, node, &l2cap_sk_list.head) {
4086 struct l2cap_pinfo *pi = l2cap_pi(sk); 4075 struct l2cap_pinfo *pi = l2cap_pi(sk);
4076 struct l2cap_chan *chan = pi->chan;
4087 4077
4088 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 4078 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
4089 batostr(&bt_sk(sk)->src), 4079 batostr(&bt_sk(sk)->src),
4090 batostr(&bt_sk(sk)->dst), 4080 batostr(&bt_sk(sk)->dst),
4091 sk->sk_state, __le16_to_cpu(pi->psm), 4081 sk->sk_state, __le16_to_cpu(chan->psm),
4092 pi->scid, pi->dcid, 4082 chan->scid, chan->dcid,
4093 pi->imtu, pi->omtu, pi->sec_level, 4083 chan->imtu, chan->omtu, chan->sec_level,
4094 pi->mode); 4084 chan->mode);
4095 } 4085 }
4096 4086
4097 read_unlock_bh(&l2cap_sk_list.lock); 4087 read_unlock_bh(&l2cap_sk_list.lock);
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-01 14:44:52 -0400