aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2011-05-05 13:32:35 -0400
committerJohn W. Linville <linville@tuxdriver.com>2011-05-05 13:32:35 -0400
commita70171dce9cd44cb06c7d299eba9fa87a8933045 (patch)
tree5425df5f33fadc617c7dec99578d06f0d933578e /net
parent5a412ad7f4c95bb5b756aa12b52646e857e7c75d (diff)
parenteaef6a93bd52a2cc47b9fce201310010707afdb4 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
Conflicts: drivers/net/wireless/libertas/if_cs.c drivers/net/wireless/rtlwifi/pci.c net/bluetooth/l2cap_sock.c
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/cmtp/core.c3
-rw-r--r--net/bluetooth/hci_conn.c78
-rw-r--r--net/bluetooth/hci_core.c75
-rw-r--r--net/bluetooth/hci_event.c163
-rw-r--r--net/bluetooth/hci_sysfs.c31
-rw-r--r--net/bluetooth/hidp/core.c6
-rw-r--r--net/bluetooth/l2cap_core.c588
-rw-r--r--net/bluetooth/l2cap_sock.c242
-rw-r--r--net/bluetooth/mgmt.c95
-rw-r--r--net/bluetooth/rfcomm/core.c21
-rw-r--r--net/bluetooth/rfcomm/sock.c5
-rw-r--r--net/mac80211/aes_ccm.c6
-rw-r--r--net/mac80211/cfg.c15
-rw-r--r--net/mac80211/driver-ops.h18
-rw-r--r--net/mac80211/driver-trace.h27
-rw-r--r--net/mac80211/ibss.c7
-rw-r--r--net/mac80211/ieee80211_i.h3
-rw-r--r--net/mac80211/key.c21
-rw-r--r--net/mac80211/main.c18
-rw-r--r--net/mac80211/mesh.c3
-rw-r--r--net/mac80211/mesh_hwmp.c4
-rw-r--r--net/mac80211/pm.c16
-rw-r--r--net/mac80211/rx.c49
-rw-r--r--net/mac80211/sta_info.c2
-rw-r--r--net/mac80211/status.c8
-rw-r--r--net/mac80211/tx.c15
-rw-r--r--net/mac80211/work.c6
-rw-r--r--net/mac80211/wpa.c62
-rw-r--r--net/wireless/core.c17
-rw-r--r--net/wireless/reg.c3
30 files changed, 1008 insertions, 599 deletions
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index cce99b0919f..c5b11af908b 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -346,7 +346,8 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
346 346
347 bacpy(&session->bdaddr, &bt_sk(sock->sk)->dst); 347 bacpy(&session->bdaddr, &bt_sk(sock->sk)->dst);
348 348
349 session->mtu = min_t(uint, l2cap_pi(sock->sk)->omtu, l2cap_pi(sock->sk)->imtu); 349 session->mtu = min_t(uint, l2cap_pi(sock->sk)->chan->omtu,
350 l2cap_pi(sock->sk)->chan->imtu);
350 351
351 BT_DBG("mtu %d", session->mtu); 352 BT_DBG("mtu %d", session->mtu);
352 353
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 7a6f56b2f49..7f5ad8a2b22 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -269,6 +269,19 @@ static void hci_conn_idle(unsigned long arg)
269 hci_conn_enter_sniff_mode(conn); 269 hci_conn_enter_sniff_mode(conn);
270} 270}
271 271
272static void hci_conn_auto_accept(unsigned long arg)
273{
274 struct hci_conn *conn = (void *) arg;
275 struct hci_dev *hdev = conn->hdev;
276
277 hci_dev_lock(hdev);
278
279 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, sizeof(conn->dst),
280 &conn->dst);
281
282 hci_dev_unlock(hdev);
283}
284
272struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) 285struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
273{ 286{
274 struct hci_conn *conn; 287 struct hci_conn *conn;
@@ -287,6 +300,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
287 conn->auth_type = HCI_AT_GENERAL_BONDING; 300 conn->auth_type = HCI_AT_GENERAL_BONDING;
288 conn->io_capability = hdev->io_capability; 301 conn->io_capability = hdev->io_capability;
289 conn->remote_auth = 0xff; 302 conn->remote_auth = 0xff;
303 conn->key_type = 0xff;
290 304
291 conn->power_save = 1; 305 conn->power_save = 1;
292 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 306 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
@@ -311,6 +325,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
311 325
312 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 326 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
313 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 327 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
328 setup_timer(&conn->auto_accept_timer, hci_conn_auto_accept,
329 (unsigned long) conn);
314 330
315 atomic_set(&conn->refcnt, 0); 331 atomic_set(&conn->refcnt, 0);
316 332
@@ -341,6 +357,8 @@ int hci_conn_del(struct hci_conn *conn)
341 357
342 del_timer(&conn->disc_timer); 358 del_timer(&conn->disc_timer);
343 359
360 del_timer(&conn->auto_accept_timer);
361
344 if (conn->type == ACL_LINK) { 362 if (conn->type == ACL_LINK) {
345 struct hci_conn *sco = conn->link; 363 struct hci_conn *sco = conn->link;
346 if (sco) 364 if (sco)
@@ -535,32 +553,72 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
535 return 0; 553 return 0;
536} 554}
537 555
556/* Encrypt the the link */
557static void hci_conn_encrypt(struct hci_conn *conn)
558{
559 BT_DBG("conn %p", conn);
560
561 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
562 struct hci_cp_set_conn_encrypt cp;
563 cp.handle = cpu_to_le16(conn->handle);
564 cp.encrypt = 0x01;
565 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
566 &cp);
567 }
568}
569
538/* Enable security */ 570/* Enable security */
539int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 571int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
540{ 572{
541 BT_DBG("conn %p", conn); 573 BT_DBG("conn %p", conn);
542 574
575 /* For sdp we don't need the link key. */
543 if (sec_level == BT_SECURITY_SDP) 576 if (sec_level == BT_SECURITY_SDP)
544 return 1; 577 return 1;
545 578
579 /* For non 2.1 devices and low security level we don't need the link
580 key. */
546 if (sec_level == BT_SECURITY_LOW && 581 if (sec_level == BT_SECURITY_LOW &&
547 (!conn->ssp_mode || !conn->hdev->ssp_mode)) 582 (!conn->ssp_mode || !conn->hdev->ssp_mode))
548 return 1; 583 return 1;
549 584
550 if (conn->link_mode & HCI_LM_ENCRYPT) 585 /* For other security levels we need the link key. */
551 return hci_conn_auth(conn, sec_level, auth_type); 586 if (!(conn->link_mode & HCI_LM_AUTH))
552 587 goto auth;
588
589 /* An authenticated combination key has sufficient security for any
590 security level. */
591 if (conn->key_type == HCI_LK_AUTH_COMBINATION)
592 goto encrypt;
593
594 /* An unauthenticated combination key has sufficient security for
595 security level 1 and 2. */
596 if (conn->key_type == HCI_LK_UNAUTH_COMBINATION &&
597 (sec_level == BT_SECURITY_MEDIUM ||
598 sec_level == BT_SECURITY_LOW))
599 goto encrypt;
600
601 /* A combination key has always sufficient security for the security
602 levels 1 or 2. High security level requires the combination key
603 is generated using maximum PIN code length (16).
604 For pre 2.1 units. */
605 if (conn->key_type == HCI_LK_COMBINATION &&
606 (sec_level != BT_SECURITY_HIGH ||
607 conn->pin_length == 16))
608 goto encrypt;
609
610auth:
553 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 611 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
554 return 0; 612 return 0;
555 613
556 if (hci_conn_auth(conn, sec_level, auth_type)) { 614 hci_conn_auth(conn, sec_level, auth_type);
557 struct hci_cp_set_conn_encrypt cp; 615 return 0;
558 cp.handle = cpu_to_le16(conn->handle); 616
559 cp.encrypt = 1; 617encrypt:
560 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, 618 if (conn->link_mode & HCI_LM_ENCRYPT)
561 sizeof(cp), &cp); 619 return 1;
562 }
563 620
621 hci_conn_encrypt(conn);
564 return 0; 622 return 0;
565} 623}
566EXPORT_SYMBOL(hci_conn_security); 624EXPORT_SYMBOL(hci_conn_security);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index e057d123599..815269b07f2 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1020,18 +1020,54 @@ struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1020 return NULL; 1020 return NULL;
1021} 1021}
1022 1022
1023int hci_add_link_key(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr, 1023static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1024 u8 *val, u8 type, u8 pin_len) 1024 u8 key_type, u8 old_key_type)
1025{
1026 /* Legacy key */
1027 if (key_type < 0x03)
1028 return 1;
1029
1030 /* Debug keys are insecure so don't store them persistently */
1031 if (key_type == HCI_LK_DEBUG_COMBINATION)
1032 return 0;
1033
1034 /* Changed combination key and there's no previous one */
1035 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1036 return 0;
1037
1038 /* Security mode 3 case */
1039 if (!conn)
1040 return 1;
1041
1042 /* Neither local nor remote side had no-bonding as requirement */
1043 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1044 return 1;
1045
1046 /* Local side had dedicated bonding as requirement */
1047 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1048 return 1;
1049
1050 /* Remote side had dedicated bonding as requirement */
1051 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1052 return 1;
1053
1054 /* If none of the above criteria match, then don't store the key
1055 * persistently */
1056 return 0;
1057}
1058
1059int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1060 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1025{ 1061{
1026 struct link_key *key, *old_key; 1062 struct link_key *key, *old_key;
1027 u8 old_key_type; 1063 u8 old_key_type, persistent;
1028 1064
1029 old_key = hci_find_link_key(hdev, bdaddr); 1065 old_key = hci_find_link_key(hdev, bdaddr);
1030 if (old_key) { 1066 if (old_key) {
1031 old_key_type = old_key->type; 1067 old_key_type = old_key->type;
1032 key = old_key; 1068 key = old_key;
1033 } else { 1069 } else {
1034 old_key_type = 0xff; 1070 old_key_type = conn ? conn->key_type : 0xff;
1035 key = kzalloc(sizeof(*key), GFP_ATOMIC); 1071 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1036 if (!key) 1072 if (!key)
1037 return -ENOMEM; 1073 return -ENOMEM;
@@ -1040,16 +1076,37 @@ int hci_add_link_key(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1040 1076
1041 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1077 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1042 1078
1079 /* Some buggy controller combinations generate a changed
1080 * combination key for legacy pairing even when there's no
1081 * previous key */
1082 if (type == HCI_LK_CHANGED_COMBINATION &&
1083 (!conn || conn->remote_auth == 0xff) &&
1084 old_key_type == 0xff) {
1085 type = HCI_LK_COMBINATION;
1086 if (conn)
1087 conn->key_type = type;
1088 }
1089
1043 bacpy(&key->bdaddr, bdaddr); 1090 bacpy(&key->bdaddr, bdaddr);
1044 memcpy(key->val, val, 16); 1091 memcpy(key->val, val, 16);
1045 key->type = type;
1046 key->pin_len = pin_len; 1092 key->pin_len = pin_len;
1047 1093
1048 if (new_key) 1094 if (type == HCI_LK_CHANGED_COMBINATION)
1049 mgmt_new_key(hdev->id, key, old_key_type);
1050
1051 if (type == 0x06)
1052 key->type = old_key_type; 1095 key->type = old_key_type;
1096 else
1097 key->type = type;
1098
1099 if (!new_key)
1100 return 0;
1101
1102 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1103
1104 mgmt_new_key(hdev->id, key, persistent);
1105
1106 if (!persistent) {
1107 list_del(&key->list);
1108 kfree(key);
1109 }
1053 1110
1054 return 0; 1111 return 0;
1055} 1112}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cb25628c058..d5aa97ee6ff 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -56,7 +56,9 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 if (status) 56 if (status)
57 return; 57 return;
58 58
59 clear_bit(HCI_INQUIRY, &hdev->flags); 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
60 62
61 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
62 64
@@ -72,7 +74,9 @@ static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 if (status) 74 if (status)
73 return; 75 return;
74 76
75 clear_bit(HCI_INQUIRY, &hdev->flags); 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
76 80
77 hci_conn_check_pending(hdev); 81 hci_conn_check_pending(hdev);
78} 82}
@@ -841,10 +845,14 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
841 845
842 if (status) { 846 if (status) {
843 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
844
845 hci_conn_check_pending(hdev); 848 hci_conn_check_pending(hdev);
846 } else 849 return;
847 set_bit(HCI_INQUIRY, &hdev->flags); 850 }
851
852 if (test_bit(HCI_MGMT, &hdev->flags) &&
853 !test_and_set_bit(HCI_INQUIRY,
854 &hdev->flags))
855 mgmt_discovering(hdev->id, 1);
848} 856}
849 857
850static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 858static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
@@ -1013,12 +1021,19 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1013 hci_dev_lock(hdev); 1021 hci_dev_lock(hdev);
1014 1022
1015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1016 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1024 if (!conn)
1025 goto unlock;
1026
1027 if (!hci_outgoing_auth_needed(hdev, conn))
1028 goto unlock;
1029
1030 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1017 struct hci_cp_auth_requested cp; 1031 struct hci_cp_auth_requested cp;
1018 cp.handle = __cpu_to_le16(conn->handle); 1032 cp.handle = __cpu_to_le16(conn->handle);
1019 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1033 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1020 } 1034 }
1021 1035
1036unlock:
1022 hci_dev_unlock(hdev); 1037 hci_dev_unlock(hdev);
1023} 1038}
1024 1039
@@ -1208,7 +1223,9 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
1208 1223
1209 BT_DBG("%s status %d", hdev->name, status); 1224 BT_DBG("%s status %d", hdev->name, status);
1210 1225
1211 clear_bit(HCI_INQUIRY, &hdev->flags); 1226 if (test_bit(HCI_MGMT, &hdev->flags) &&
1227 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1228 mgmt_discovering(hdev->id, 0);
1212 1229
1213 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1230 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1214 1231
@@ -1228,6 +1245,12 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
1228 1245
1229 hci_dev_lock(hdev); 1246 hci_dev_lock(hdev);
1230 1247
1248 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1249
1250 if (test_bit(HCI_MGMT, &hdev->flags))
1251 mgmt_discovering(hdev->id, 1);
1252 }
1253
1231 for (; num_rsp; num_rsp--, info++) { 1254 for (; num_rsp; num_rsp--, info++) {
1232 bacpy(&data.bdaddr, &info->bdaddr); 1255 bacpy(&data.bdaddr, &info->bdaddr);
1233 data.pscan_rep_mode = info->pscan_rep_mode; 1256 data.pscan_rep_mode = info->pscan_rep_mode;
@@ -1443,7 +1466,6 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1443 conn->sec_level = conn->pending_sec_level; 1466 conn->sec_level = conn->pending_sec_level;
1444 } else { 1467 } else {
1445 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 1468 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1446 conn->sec_level = BT_SECURITY_LOW;
1447 } 1469 }
1448 1470
1449 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1471 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
@@ -1501,12 +1523,19 @@ static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb
1501 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name); 1523 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1502 1524
1503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1525 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1504 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1526 if (!conn)
1527 goto unlock;
1528
1529 if (!hci_outgoing_auth_needed(hdev, conn))
1530 goto unlock;
1531
1532 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1505 struct hci_cp_auth_requested cp; 1533 struct hci_cp_auth_requested cp;
1506 cp.handle = __cpu_to_le16(conn->handle); 1534 cp.handle = __cpu_to_le16(conn->handle);
1507 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1535 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1508 } 1536 }
1509 1537
1538unlock:
1510 hci_dev_unlock(hdev); 1539 hci_dev_unlock(hdev);
1511} 1540}
1512 1541
@@ -2006,9 +2035,16 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
2006 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 2035 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2007 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2036 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2008 sizeof(ev->bdaddr), &ev->bdaddr); 2037 sizeof(ev->bdaddr), &ev->bdaddr);
2038 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2039 u8 secure;
2009 2040
2010 if (test_bit(HCI_MGMT, &hdev->flags)) 2041 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2011 mgmt_pin_code_request(hdev->id, &ev->bdaddr); 2042 secure = 1;
2043 else
2044 secure = 0;
2045
2046 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2047 }
2012 2048
2013 hci_dev_unlock(hdev); 2049 hci_dev_unlock(hdev);
2014} 2050}
@@ -2037,17 +2073,30 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
2037 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2073 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2038 batostr(&ev->bdaddr)); 2074 batostr(&ev->bdaddr));
2039 2075
2040 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) { 2076 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2077 key->type == HCI_LK_DEBUG_COMBINATION) {
2041 BT_DBG("%s ignoring debug key", hdev->name); 2078 BT_DBG("%s ignoring debug key", hdev->name);
2042 goto not_found; 2079 goto not_found;
2043 } 2080 }
2044 2081
2045 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2082 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2083 if (conn) {
2084 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2085 conn->auth_type != 0xff &&
2086 (conn->auth_type & 0x01)) {
2087 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2088 goto not_found;
2089 }
2046 2090
2047 if (key->type == 0x04 && conn && conn->auth_type != 0xff && 2091 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2048 (conn->auth_type & 0x01)) { 2092 conn->pending_sec_level == BT_SECURITY_HIGH) {
2049 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2093 BT_DBG("%s ignoring key unauthenticated for high \
2050 goto not_found; 2094 security", hdev->name);
2095 goto not_found;
2096 }
2097
2098 conn->key_type = key->type;
2099 conn->pin_length = key->pin_len;
2051 } 2100 }
2052 2101
2053 bacpy(&cp.bdaddr, &ev->bdaddr); 2102 bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -2079,11 +2128,15 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
2079 hci_conn_hold(conn); 2128 hci_conn_hold(conn);
2080 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2129 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2081 pin_len = conn->pin_length; 2130 pin_len = conn->pin_length;
2131
2132 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2133 conn->key_type = ev->key_type;
2134
2082 hci_conn_put(conn); 2135 hci_conn_put(conn);
2083 } 2136 }
2084 2137
2085 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 2138 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2086 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key, 2139 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2087 ev->key_type, pin_len); 2140 ev->key_type, pin_len);
2088 2141
2089 hci_dev_unlock(hdev); 2142 hci_dev_unlock(hdev);
@@ -2158,6 +2211,12 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
2158 2211
2159 hci_dev_lock(hdev); 2212 hci_dev_lock(hdev);
2160 2213
2214 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2215
2216 if (test_bit(HCI_MGMT, &hdev->flags))
2217 mgmt_discovering(hdev->id, 1);
2218 }
2219
2161 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2220 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2162 struct inquiry_info_with_rssi_and_pscan_mode *info; 2221 struct inquiry_info_with_rssi_and_pscan_mode *info;
2163 info = (void *) (skb->data + 1); 2222 info = (void *) (skb->data + 1);
@@ -2320,6 +2379,12 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
2320 if (!num_rsp) 2379 if (!num_rsp)
2321 return; 2380 return;
2322 2381
2382 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2383
2384 if (test_bit(HCI_MGMT, &hdev->flags))
2385 mgmt_discovering(hdev->id, 1);
2386 }
2387
2323 hci_dev_lock(hdev); 2388 hci_dev_lock(hdev);
2324 2389
2325 for (; num_rsp; num_rsp--, info++) { 2390 for (; num_rsp; num_rsp--, info++) {
@@ -2353,7 +2418,7 @@ static inline u8 hci_get_auth_req(struct hci_conn *conn)
2353 2418
2354 /* If remote requests no-bonding follow that lead */ 2419 /* If remote requests no-bonding follow that lead */
2355 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 2420 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2356 return 0x00; 2421 return conn->remote_auth | (conn->auth_type & 0x01);
2357 2422
2358 return conn->auth_type; 2423 return conn->auth_type;
2359} 2424}
@@ -2382,7 +2447,8 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
2382 2447
2383 bacpy(&cp.bdaddr, &ev->bdaddr); 2448 bacpy(&cp.bdaddr, &ev->bdaddr);
2384 cp.capability = conn->io_capability; 2449 cp.capability = conn->io_capability;
2385 cp.authentication = hci_get_auth_req(conn); 2450 conn->auth_type = hci_get_auth_req(conn);
2451 cp.authentication = conn->auth_type;
2386 2452
2387 if ((conn->out == 0x01 || conn->remote_oob == 0x01) && 2453 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2388 hci_find_remote_oob_data(hdev, &conn->dst)) 2454 hci_find_remote_oob_data(hdev, &conn->dst))
@@ -2396,7 +2462,7 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
2396 struct hci_cp_io_capability_neg_reply cp; 2462 struct hci_cp_io_capability_neg_reply cp;
2397 2463
2398 bacpy(&cp.bdaddr, &ev->bdaddr); 2464 bacpy(&cp.bdaddr, &ev->bdaddr);
2399 cp.reason = 0x16; /* Pairing not allowed */ 2465 cp.reason = 0x18; /* Pairing not allowed */
2400 2466
2401 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 2467 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2402 sizeof(cp), &cp); 2468 sizeof(cp), &cp);
@@ -2431,14 +2497,67 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2431 struct sk_buff *skb) 2497 struct sk_buff *skb)
2432{ 2498{
2433 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 2499 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2500 int loc_mitm, rem_mitm, confirm_hint = 0;
2501 struct hci_conn *conn;
2434 2502
2435 BT_DBG("%s", hdev->name); 2503 BT_DBG("%s", hdev->name);
2436 2504
2437 hci_dev_lock(hdev); 2505 hci_dev_lock(hdev);
2438 2506
2439 if (test_bit(HCI_MGMT, &hdev->flags)) 2507 if (!test_bit(HCI_MGMT, &hdev->flags))
2440 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey); 2508 goto unlock;
2509
2510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2511 if (!conn)
2512 goto unlock;
2513
2514 loc_mitm = (conn->auth_type & 0x01);
2515 rem_mitm = (conn->remote_auth & 0x01);
2516
2517 /* If we require MITM but the remote device can't provide that
2518 * (it has NoInputNoOutput) then reject the confirmation
2519 * request. The only exception is when we're dedicated bonding
2520 * initiators (connect_cfm_cb set) since then we always have the MITM
2521 * bit set. */
2522 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2523 BT_DBG("Rejecting request: remote device can't provide MITM");
2524 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2525 sizeof(ev->bdaddr), &ev->bdaddr);
2526 goto unlock;
2527 }
2528
2529 /* If no side requires MITM protection; auto-accept */
2530 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2531 (!rem_mitm || conn->io_capability == 0x03)) {
2441 2532
2533 /* If we're not the initiators request authorization to
2534 * proceed from user space (mgmt_user_confirm with
2535 * confirm_hint set to 1). */
2536 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2537 BT_DBG("Confirming auto-accept as acceptor");
2538 confirm_hint = 1;
2539 goto confirm;
2540 }
2541
2542 BT_DBG("Auto-accept of user confirmation with %ums delay",
2543 hdev->auto_accept_delay);
2544
2545 if (hdev->auto_accept_delay > 0) {
2546 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2547 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2548 goto unlock;
2549 }
2550
2551 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2552 sizeof(ev->bdaddr), &ev->bdaddr);
2553 goto unlock;
2554 }
2555
2556confirm:
2557 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2558 confirm_hint);
2559
2560unlock:
2442 hci_dev_unlock(hdev); 2561 hci_dev_unlock(hdev);
2443} 2562}
2444 2563
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 8775933ea83..a6c3aa8be1f 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -511,6 +511,35 @@ static const struct file_operations uuids_fops = {
511 .release = single_release, 511 .release = single_release,
512}; 512};
513 513
514static int auto_accept_delay_set(void *data, u64 val)
515{
516 struct hci_dev *hdev = data;
517
518 hci_dev_lock_bh(hdev);
519
520 hdev->auto_accept_delay = val;
521
522 hci_dev_unlock_bh(hdev);
523
524 return 0;
525}
526
527static int auto_accept_delay_get(void *data, u64 *val)
528{
529 struct hci_dev *hdev = data;
530
531 hci_dev_lock_bh(hdev);
532
533 *val = hdev->auto_accept_delay;
534
535 hci_dev_unlock_bh(hdev);
536
537 return 0;
538}
539
540DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
541 auto_accept_delay_set, "%llu\n");
542
514int hci_register_sysfs(struct hci_dev *hdev) 543int hci_register_sysfs(struct hci_dev *hdev)
515{ 544{
516 struct device *dev = &hdev->dev; 545 struct device *dev = &hdev->dev;
@@ -545,6 +574,8 @@ int hci_register_sysfs(struct hci_dev *hdev)
545 574
546 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops); 575 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
547 576
577 debugfs_create_file("auto_accept_delay", 0444, hdev->debugfs, hdev,
578 &auto_accept_delay_fops);
548 return 0; 579 return 0;
549} 580}
550 581
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index ae6ebc6c348..c405a954a60 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -979,8 +979,10 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
979 979
980 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 980 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
981 981
982 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 982 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
983 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 983 l2cap_pi(ctrl_sock->sk)->chan->imtu);
984 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
985 l2cap_pi(intr_sock->sk)->chan->imtu);
984 986
985 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 987 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
986 988
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index fd3c1f35aa0..a378acc491e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -80,8 +80,7 @@ static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16
80 struct l2cap_chan *c; 80 struct l2cap_chan *c;
81 81
82 list_for_each_entry(c, &conn->chan_l, list) { 82 list_for_each_entry(c, &conn->chan_l, list) {
83 struct sock *s = c->sk; 83 if (c->dcid == cid)
84 if (l2cap_pi(s)->dcid == cid)
85 return c; 84 return c;
86 } 85 }
87 return NULL; 86 return NULL;
@@ -93,8 +92,7 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16
93 struct l2cap_chan *c; 92 struct l2cap_chan *c;
94 93
95 list_for_each_entry(c, &conn->chan_l, list) { 94 list_for_each_entry(c, &conn->chan_l, list) {
96 struct sock *s = c->sk; 95 if (c->scid == cid)
97 if (l2cap_pi(s)->scid == cid)
98 return c; 96 return c;
99 } 97 }
100 return NULL; 98 return NULL;
@@ -149,7 +147,7 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
149 return 0; 147 return 0;
150} 148}
151 149
152static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk) 150struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
153{ 151{
154 struct l2cap_chan *chan; 152 struct l2cap_chan *chan;
155 153
@@ -162,38 +160,43 @@ static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
162 return chan; 160 return chan;
163} 161}
164 162
163void l2cap_chan_free(struct l2cap_chan *chan)
164{
165 kfree(chan);
166}
167
165static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 168static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
166{ 169{
167 struct sock *sk = chan->sk; 170 struct sock *sk = chan->sk;
168 171
169 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 172 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
170 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 173 chan->psm, chan->dcid);
171 174
172 conn->disc_reason = 0x13; 175 conn->disc_reason = 0x13;
173 176
174 l2cap_pi(sk)->conn = conn; 177 chan->conn = conn;
175 178
176 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) { 179 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
177 if (conn->hcon->type == LE_LINK) { 180 if (conn->hcon->type == LE_LINK) {
178 /* LE connection */ 181 /* LE connection */
179 l2cap_pi(sk)->omtu = L2CAP_LE_DEFAULT_MTU; 182 chan->omtu = L2CAP_LE_DEFAULT_MTU;
180 l2cap_pi(sk)->scid = L2CAP_CID_LE_DATA; 183 chan->scid = L2CAP_CID_LE_DATA;
181 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA; 184 chan->dcid = L2CAP_CID_LE_DATA;
182 } else { 185 } else {
183 /* Alloc CID for connection-oriented socket */ 186 /* Alloc CID for connection-oriented socket */
184 l2cap_pi(sk)->scid = l2cap_alloc_cid(conn); 187 chan->scid = l2cap_alloc_cid(conn);
185 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 188 chan->omtu = L2CAP_DEFAULT_MTU;
186 } 189 }
187 } else if (sk->sk_type == SOCK_DGRAM) { 190 } else if (sk->sk_type == SOCK_DGRAM) {
188 /* Connectionless socket */ 191 /* Connectionless socket */
189 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS; 192 chan->scid = L2CAP_CID_CONN_LESS;
190 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS; 193 chan->dcid = L2CAP_CID_CONN_LESS;
191 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 194 chan->omtu = L2CAP_DEFAULT_MTU;
192 } else { 195 } else {
193 /* Raw socket can send/recv signalling messages only */ 196 /* Raw socket can send/recv signalling messages only */
194 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING; 197 chan->scid = L2CAP_CID_SIGNALING;
195 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING; 198 chan->dcid = L2CAP_CID_SIGNALING;
196 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 199 chan->omtu = L2CAP_DEFAULT_MTU;
197 } 200 }
198 201
199 sock_hold(sk); 202 sock_hold(sk);
@@ -206,7 +209,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
206void l2cap_chan_del(struct l2cap_chan *chan, int err) 209void l2cap_chan_del(struct l2cap_chan *chan, int err)
207{ 210{
208 struct sock *sk = chan->sk; 211 struct sock *sk = chan->sk;
209 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 212 struct l2cap_conn *conn = chan->conn;
210 struct sock *parent = bt_sk(sk)->parent; 213 struct sock *parent = bt_sk(sk)->parent;
211 214
212 l2cap_sock_clear_timer(sk); 215 l2cap_sock_clear_timer(sk);
@@ -220,7 +223,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
220 write_unlock_bh(&conn->chan_lock); 223 write_unlock_bh(&conn->chan_lock);
221 __sock_put(sk); 224 __sock_put(sk);
222 225
223 l2cap_pi(sk)->conn = NULL; 226 chan->conn = NULL;
224 hci_conn_put(conn->hcon); 227 hci_conn_put(conn->hcon);
225 } 228 }
226 229
@@ -236,13 +239,13 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
236 } else 239 } else
237 sk->sk_state_change(sk); 240 sk->sk_state_change(sk);
238 241
239 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE && 242 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
240 l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE)) 243 chan->conf_state & L2CAP_CONF_INPUT_DONE))
241 goto free; 244 return;
242 245
243 skb_queue_purge(&chan->tx_q); 246 skb_queue_purge(&chan->tx_q);
244 247
245 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 248 if (chan->mode == L2CAP_MODE_ERTM) {
246 struct srej_list *l, *tmp; 249 struct srej_list *l, *tmp;
247 250
248 del_timer(&chan->retrans_timer); 251 del_timer(&chan->retrans_timer);
@@ -257,15 +260,14 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
257 kfree(l); 260 kfree(l);
258 } 261 }
259 } 262 }
260
261free:
262 kfree(chan);
263} 263}
264 264
265static inline u8 l2cap_get_auth_type(struct sock *sk) 265static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
266{ 266{
267 struct sock *sk = chan->sk;
268
267 if (sk->sk_type == SOCK_RAW) { 269 if (sk->sk_type == SOCK_RAW) {
268 switch (l2cap_pi(sk)->sec_level) { 270 switch (chan->sec_level) {
269 case BT_SECURITY_HIGH: 271 case BT_SECURITY_HIGH:
270 return HCI_AT_DEDICATED_BONDING_MITM; 272 return HCI_AT_DEDICATED_BONDING_MITM;
271 case BT_SECURITY_MEDIUM: 273 case BT_SECURITY_MEDIUM:
@@ -273,16 +275,16 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
273 default: 275 default:
274 return HCI_AT_NO_BONDING; 276 return HCI_AT_NO_BONDING;
275 } 277 }
276 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { 278 } else if (chan->psm == cpu_to_le16(0x0001)) {
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) 279 if (chan->sec_level == BT_SECURITY_LOW)
278 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; 280 chan->sec_level = BT_SECURITY_SDP;
279 281
280 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 282 if (chan->sec_level == BT_SECURITY_HIGH)
281 return HCI_AT_NO_BONDING_MITM; 283 return HCI_AT_NO_BONDING_MITM;
282 else 284 else
283 return HCI_AT_NO_BONDING; 285 return HCI_AT_NO_BONDING;
284 } else { 286 } else {
285 switch (l2cap_pi(sk)->sec_level) { 287 switch (chan->sec_level) {
286 case BT_SECURITY_HIGH: 288 case BT_SECURITY_HIGH:
287 return HCI_AT_GENERAL_BONDING_MITM; 289 return HCI_AT_GENERAL_BONDING_MITM;
288 case BT_SECURITY_MEDIUM: 290 case BT_SECURITY_MEDIUM:
@@ -294,15 +296,14 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
294} 296}
295 297
296/* Service level security */ 298/* Service level security */
297static inline int l2cap_check_security(struct sock *sk) 299static inline int l2cap_check_security(struct l2cap_chan *chan)
298{ 300{
299 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 301 struct l2cap_conn *conn = chan->conn;
300 __u8 auth_type; 302 __u8 auth_type;
301 303
302 auth_type = l2cap_get_auth_type(sk); 304 auth_type = l2cap_get_auth_type(chan);
303 305
304 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, 306 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
305 auth_type);
306} 307}
307 308
308u8 l2cap_get_ident(struct l2cap_conn *conn) 309u8 l2cap_get_ident(struct l2cap_conn *conn)
@@ -350,7 +351,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
350 struct sk_buff *skb; 351 struct sk_buff *skb;
351 struct l2cap_hdr *lh; 352 struct l2cap_hdr *lh;
352 struct l2cap_pinfo *pi = l2cap_pi(chan->sk); 353 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
353 struct l2cap_conn *conn = pi->conn; 354 struct l2cap_conn *conn = chan->conn;
354 struct sock *sk = (struct sock *)pi; 355 struct sock *sk = (struct sock *)pi;
355 int count, hlen = L2CAP_HDR_SIZE + 2; 356 int count, hlen = L2CAP_HDR_SIZE + 2;
356 u8 flags; 357 u8 flags;
@@ -358,7 +359,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
358 if (sk->sk_state != BT_CONNECTED) 359 if (sk->sk_state != BT_CONNECTED)
359 return; 360 return;
360 361
361 if (pi->fcs == L2CAP_FCS_CRC16) 362 if (chan->fcs == L2CAP_FCS_CRC16)
362 hlen += 2; 363 hlen += 2;
363 364
364 BT_DBG("chan %p, control 0x%2.2x", chan, control); 365 BT_DBG("chan %p, control 0x%2.2x", chan, control);
@@ -382,10 +383,10 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
382 383
383 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 384 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
384 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); 385 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
385 lh->cid = cpu_to_le16(pi->dcid); 386 lh->cid = cpu_to_le16(chan->dcid);
386 put_unaligned_le16(control, skb_put(skb, 2)); 387 put_unaligned_le16(control, skb_put(skb, 2));
387 388
388 if (pi->fcs == L2CAP_FCS_CRC16) { 389 if (chan->fcs == L2CAP_FCS_CRC16) {
389 u16 fcs = crc16(0, (u8 *)lh, count - 2); 390 u16 fcs = crc16(0, (u8 *)lh, count - 2);
390 put_unaligned_le16(fcs, skb_put(skb, 2)); 391 put_unaligned_le16(fcs, skb_put(skb, 2));
391 } 392 }
@@ -395,7 +396,7 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
395 else 396 else
396 flags = ACL_START; 397 flags = ACL_START;
397 398
398 hci_send_acl(pi->conn->hcon, skb, flags); 399 hci_send_acl(chan->conn->hcon, skb, flags);
399} 400}
400 401
401static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control) 402static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
@@ -411,27 +412,27 @@ static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
411 l2cap_send_sframe(chan, control); 412 l2cap_send_sframe(chan, control);
412} 413}
413 414
414static inline int __l2cap_no_conn_pending(struct sock *sk) 415static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
415{ 416{
416 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND); 417 return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND);
417} 418}
418 419
419static void l2cap_do_start(struct l2cap_chan *chan) 420static void l2cap_do_start(struct l2cap_chan *chan)
420{ 421{
421 struct sock *sk = chan->sk; 422 struct l2cap_conn *conn = chan->conn;
422 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
423 423
424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
425 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)) 425 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
426 return; 426 return;
427 427
428 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) { 428 if (l2cap_check_security(chan) &&
429 __l2cap_no_conn_pending(chan)) {
429 struct l2cap_conn_req req; 430 struct l2cap_conn_req req;
430 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 431 req.scid = cpu_to_le16(chan->scid);
431 req.psm = l2cap_pi(sk)->psm; 432 req.psm = chan->psm;
432 433
433 chan->ident = l2cap_get_ident(conn); 434 chan->ident = l2cap_get_ident(conn);
434 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 435 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
435 436
436 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, 437 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
437 sizeof(req), &req); 438 sizeof(req), &req);
@@ -477,14 +478,14 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, in
477 478
478 sk = chan->sk; 479 sk = chan->sk;
479 480
480 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 481 if (chan->mode == L2CAP_MODE_ERTM) {
481 del_timer(&chan->retrans_timer); 482 del_timer(&chan->retrans_timer);
482 del_timer(&chan->monitor_timer); 483 del_timer(&chan->monitor_timer);
483 del_timer(&chan->ack_timer); 484 del_timer(&chan->ack_timer);
484 } 485 }
485 486
486 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 487 req.dcid = cpu_to_le16(chan->dcid);
487 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 488 req.scid = cpu_to_le16(chan->scid);
488 l2cap_send_cmd(conn, l2cap_get_ident(conn), 489 l2cap_send_cmd(conn, l2cap_get_ident(conn),
489 L2CAP_DISCONN_REQ, sizeof(req), &req); 490 L2CAP_DISCONN_REQ, sizeof(req), &req);
490 491
@@ -515,15 +516,15 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
515 if (sk->sk_state == BT_CONNECT) { 516 if (sk->sk_state == BT_CONNECT) {
516 struct l2cap_conn_req req; 517 struct l2cap_conn_req req;
517 518
518 if (!l2cap_check_security(sk) || 519 if (!l2cap_check_security(chan) ||
519 !__l2cap_no_conn_pending(sk)) { 520 !__l2cap_no_conn_pending(chan)) {
520 bh_unlock_sock(sk); 521 bh_unlock_sock(sk);
521 continue; 522 continue;
522 } 523 }
523 524
524 if (!l2cap_mode_supported(l2cap_pi(sk)->mode, 525 if (!l2cap_mode_supported(chan->mode,
525 conn->feat_mask) 526 conn->feat_mask)
526 && l2cap_pi(sk)->conf_state & 527 && chan->conf_state &
527 L2CAP_CONF_STATE2_DEVICE) { 528 L2CAP_CONF_STATE2_DEVICE) {
528 /* __l2cap_sock_close() calls list_del(chan) 529 /* __l2cap_sock_close() calls list_del(chan)
529 * so release the lock */ 530 * so release the lock */
@@ -534,11 +535,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
534 continue; 535 continue;
535 } 536 }
536 537
537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 538 req.scid = cpu_to_le16(chan->scid);
538 req.psm = l2cap_pi(sk)->psm; 539 req.psm = chan->psm;
539 540
540 chan->ident = l2cap_get_ident(conn); 541 chan->ident = l2cap_get_ident(conn);
541 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 542 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
542 543
543 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, 544 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
544 sizeof(req), &req); 545 sizeof(req), &req);
@@ -546,10 +547,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
546 } else if (sk->sk_state == BT_CONNECT2) { 547 } else if (sk->sk_state == BT_CONNECT2) {
547 struct l2cap_conn_rsp rsp; 548 struct l2cap_conn_rsp rsp;
548 char buf[128]; 549 char buf[128];
549 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 550 rsp.scid = cpu_to_le16(chan->dcid);
550 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 551 rsp.dcid = cpu_to_le16(chan->scid);
551 552
552 if (l2cap_check_security(sk)) { 553 if (l2cap_check_security(chan)) {
553 if (bt_sk(sk)->defer_setup) { 554 if (bt_sk(sk)->defer_setup) {
554 struct sock *parent = bt_sk(sk)->parent; 555 struct sock *parent = bt_sk(sk)->parent;
555 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 556 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
@@ -569,13 +570,13 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
569 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 570 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
570 sizeof(rsp), &rsp); 571 sizeof(rsp), &rsp);
571 572
572 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT || 573 if (chan->conf_state & L2CAP_CONF_REQ_SENT ||
573 rsp.result != L2CAP_CR_SUCCESS) { 574 rsp.result != L2CAP_CR_SUCCESS) {
574 bh_unlock_sock(sk); 575 bh_unlock_sock(sk);
575 continue; 576 continue;
576 } 577 }
577 578
578 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 579 chan->conf_state |= L2CAP_CONF_REQ_SENT;
579 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 580 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
580 l2cap_build_conf_req(chan, buf), buf); 581 l2cap_build_conf_req(chan, buf), buf);
581 chan->num_conf_req++; 582 chan->num_conf_req++;
@@ -598,10 +599,12 @@ static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
598 read_lock(&l2cap_sk_list.lock); 599 read_lock(&l2cap_sk_list.lock);
599 600
600 sk_for_each(sk, node, &l2cap_sk_list.head) { 601 sk_for_each(sk, node, &l2cap_sk_list.head) {
602 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
603
601 if (state && sk->sk_state != state) 604 if (state && sk->sk_state != state)
602 continue; 605 continue;
603 606
604 if (l2cap_pi(sk)->scid == cid) { 607 if (chan->scid == cid) {
605 /* Exact match. */ 608 /* Exact match. */
606 if (!bacmp(&bt_sk(sk)->src, src)) 609 if (!bacmp(&bt_sk(sk)->src, src))
607 break; 610 break;
@@ -648,6 +651,8 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
648 goto clean; 651 goto clean;
649 } 652 }
650 653
654 l2cap_pi(sk)->chan = chan;
655
651 write_lock_bh(&conn->chan_lock); 656 write_lock_bh(&conn->chan_lock);
652 657
653 hci_conn_hold(conn->hcon); 658 hci_conn_hold(conn->hcon);
@@ -661,8 +666,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
661 666
662 __l2cap_chan_add(conn, chan); 667 __l2cap_chan_add(conn, chan);
663 668
664 l2cap_pi(sk)->chan = chan;
665
666 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 669 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
667 670
668 sk->sk_state = BT_CONNECTED; 671 sk->sk_state = BT_CONNECTED;
@@ -722,7 +725,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
722 list_for_each_entry(chan, &conn->chan_l, list) { 725 list_for_each_entry(chan, &conn->chan_l, list) {
723 struct sock *sk = chan->sk; 726 struct sock *sk = chan->sk;
724 727
725 if (l2cap_pi(sk)->force_reliable) 728 if (chan->force_reliable)
726 sk->sk_err = err; 729 sk->sk_err = err;
727 } 730 }
728 731
@@ -828,10 +831,12 @@ static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
828 read_lock(&l2cap_sk_list.lock); 831 read_lock(&l2cap_sk_list.lock);
829 832
830 sk_for_each(sk, node, &l2cap_sk_list.head) { 833 sk_for_each(sk, node, &l2cap_sk_list.head) {
834 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
835
831 if (state && sk->sk_state != state) 836 if (state && sk->sk_state != state)
832 continue; 837 continue;
833 838
834 if (l2cap_pi(sk)->psm == psm) { 839 if (chan->psm == psm) {
835 /* Exact match. */ 840 /* Exact match. */
836 if (!bacmp(&bt_sk(sk)->src, src)) 841 if (!bacmp(&bt_sk(sk)->src, src))
837 break; 842 break;
@@ -847,19 +852,19 @@ static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
847 return node ? sk : sk1; 852 return node ? sk : sk1;
848} 853}
849 854
850int l2cap_do_connect(struct sock *sk) 855int l2cap_chan_connect(struct l2cap_chan *chan)
851{ 856{
857 struct sock *sk = chan->sk;
852 bdaddr_t *src = &bt_sk(sk)->src; 858 bdaddr_t *src = &bt_sk(sk)->src;
853 bdaddr_t *dst = &bt_sk(sk)->dst; 859 bdaddr_t *dst = &bt_sk(sk)->dst;
854 struct l2cap_conn *conn; 860 struct l2cap_conn *conn;
855 struct l2cap_chan *chan;
856 struct hci_conn *hcon; 861 struct hci_conn *hcon;
857 struct hci_dev *hdev; 862 struct hci_dev *hdev;
858 __u8 auth_type; 863 __u8 auth_type;
859 int err; 864 int err;
860 865
861 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), 866 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
862 l2cap_pi(sk)->psm); 867 chan->psm);
863 868
864 hdev = hci_get_route(dst, src); 869 hdev = hci_get_route(dst, src);
865 if (!hdev) 870 if (!hdev)
@@ -867,14 +872,14 @@ int l2cap_do_connect(struct sock *sk)
867 872
868 hci_dev_lock_bh(hdev); 873 hci_dev_lock_bh(hdev);
869 874
870 auth_type = l2cap_get_auth_type(sk); 875 auth_type = l2cap_get_auth_type(chan);
871 876
872 if (l2cap_pi(sk)->dcid == L2CAP_CID_LE_DATA) 877 if (chan->dcid == L2CAP_CID_LE_DATA)
873 hcon = hci_connect(hdev, LE_LINK, dst, 878 hcon = hci_connect(hdev, LE_LINK, dst,
874 l2cap_pi(sk)->sec_level, auth_type); 879 chan->sec_level, auth_type);
875 else 880 else
876 hcon = hci_connect(hdev, ACL_LINK, dst, 881 hcon = hci_connect(hdev, ACL_LINK, dst,
877 l2cap_pi(sk)->sec_level, auth_type); 882 chan->sec_level, auth_type);
878 883
879 if (IS_ERR(hcon)) { 884 if (IS_ERR(hcon)) {
880 err = PTR_ERR(hcon); 885 err = PTR_ERR(hcon);
@@ -888,20 +893,11 @@ int l2cap_do_connect(struct sock *sk)
888 goto done; 893 goto done;
889 } 894 }
890 895
891 chan = l2cap_chan_alloc(sk);
892 if (!chan) {
893 hci_conn_put(hcon);
894 err = -ENOMEM;
895 goto done;
896 }
897
898 /* Update source addr of the socket */ 896 /* Update source addr of the socket */
899 bacpy(src, conn->src); 897 bacpy(src, conn->src);
900 898
901 l2cap_chan_add(conn, chan); 899 l2cap_chan_add(conn, chan);
902 900
903 l2cap_pi(sk)->chan = chan;
904
905 sk->sk_state = BT_CONNECT; 901 sk->sk_state = BT_CONNECT;
906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
907 903
@@ -909,7 +905,7 @@ int l2cap_do_connect(struct sock *sk)
909 if (sk->sk_type != SOCK_SEQPACKET && 905 if (sk->sk_type != SOCK_SEQPACKET &&
910 sk->sk_type != SOCK_STREAM) { 906 sk->sk_type != SOCK_STREAM) {
911 l2cap_sock_clear_timer(sk); 907 l2cap_sock_clear_timer(sk);
912 if (l2cap_check_security(sk)) 908 if (l2cap_check_security(chan))
913 sk->sk_state = BT_CONNECTED; 909 sk->sk_state = BT_CONNECTED;
914 } else 910 } else
915 l2cap_do_start(chan); 911 l2cap_do_start(chan);
@@ -925,12 +921,13 @@ done:
925 921
926int __l2cap_wait_ack(struct sock *sk) 922int __l2cap_wait_ack(struct sock *sk)
927{ 923{
924 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
928 DECLARE_WAITQUEUE(wait, current); 925 DECLARE_WAITQUEUE(wait, current);
929 int err = 0; 926 int err = 0;
930 int timeo = HZ/5; 927 int timeo = HZ/5;
931 928
932 add_wait_queue(sk_sleep(sk), &wait); 929 add_wait_queue(sk_sleep(sk), &wait);
933 while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) { 930 while ((chan->unacked_frames > 0 && chan->conn)) {
934 set_current_state(TASK_INTERRUPTIBLE); 931 set_current_state(TASK_INTERRUPTIBLE);
935 932
936 if (!timeo) 933 if (!timeo)
@@ -963,7 +960,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
963 960
964 bh_lock_sock(sk); 961 bh_lock_sock(sk);
965 if (chan->retry_count >= chan->remote_max_tx) { 962 if (chan->retry_count >= chan->remote_max_tx) {
966 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED); 963 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
967 bh_unlock_sock(sk); 964 bh_unlock_sock(sk);
968 return; 965 return;
969 } 966 }
@@ -1011,15 +1008,14 @@ static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1011 del_timer(&chan->retrans_timer); 1008 del_timer(&chan->retrans_timer);
1012} 1009}
1013 1010
1014void l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1011void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1015{ 1012{
1016 struct l2cap_pinfo *pi = l2cap_pi(sk); 1013 struct hci_conn *hcon = chan->conn->hcon;
1017 struct hci_conn *hcon = pi->conn->hcon;
1018 u16 flags; 1014 u16 flags;
1019 1015
1020 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len); 1016 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1021 1017
1022 if (!pi->flushable && lmp_no_flush_capable(hcon->hdev)) 1018 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
1023 flags = ACL_START_NO_FLUSH; 1019 flags = ACL_START_NO_FLUSH;
1024 else 1020 else
1025 flags = ACL_START; 1021 flags = ACL_START;
@@ -1029,9 +1025,7 @@ void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1029 1025
1030void l2cap_streaming_send(struct l2cap_chan *chan) 1026void l2cap_streaming_send(struct l2cap_chan *chan)
1031{ 1027{
1032 struct sock *sk = chan->sk;
1033 struct sk_buff *skb; 1028 struct sk_buff *skb;
1034 struct l2cap_pinfo *pi = l2cap_pi(sk);
1035 u16 control, fcs; 1029 u16 control, fcs;
1036 1030
1037 while ((skb = skb_dequeue(&chan->tx_q))) { 1031 while ((skb = skb_dequeue(&chan->tx_q))) {
@@ -1039,12 +1033,12 @@ void l2cap_streaming_send(struct l2cap_chan *chan)
1039 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1033 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1040 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE); 1034 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1041 1035
1042 if (pi->fcs == L2CAP_FCS_CRC16) { 1036 if (chan->fcs == L2CAP_FCS_CRC16) {
1043 fcs = crc16(0, (u8 *)skb->data, skb->len - 2); 1037 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1044 put_unaligned_le16(fcs, skb->data + skb->len - 2); 1038 put_unaligned_le16(fcs, skb->data + skb->len - 2);
1045 } 1039 }
1046 1040
1047 l2cap_do_send(sk, skb); 1041 l2cap_do_send(chan, skb);
1048 1042
1049 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64; 1043 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1050 } 1044 }
@@ -1052,8 +1046,6 @@ void l2cap_streaming_send(struct l2cap_chan *chan)
1052 1046
1053static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq) 1047static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1054{ 1048{
1055 struct sock *sk = chan->sk;
1056 struct l2cap_pinfo *pi = l2cap_pi(sk);
1057 struct sk_buff *skb, *tx_skb; 1049 struct sk_buff *skb, *tx_skb;
1058 u16 control, fcs; 1050 u16 control, fcs;
1059 1051
@@ -1072,7 +1064,7 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1072 1064
1073 if (chan->remote_max_tx && 1065 if (chan->remote_max_tx &&
1074 bt_cb(skb)->retries == chan->remote_max_tx) { 1066 bt_cb(skb)->retries == chan->remote_max_tx) {
1075 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED); 1067 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1076 return; 1068 return;
1077 } 1069 }
1078 1070
@@ -1091,19 +1083,18 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1091 1083
1092 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1084 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1093 1085
1094 if (pi->fcs == L2CAP_FCS_CRC16) { 1086 if (chan->fcs == L2CAP_FCS_CRC16) {
1095 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2); 1087 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1096 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2); 1088 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1097 } 1089 }
1098 1090
1099 l2cap_do_send(sk, tx_skb); 1091 l2cap_do_send(chan, tx_skb);
1100} 1092}
1101 1093
1102int l2cap_ertm_send(struct l2cap_chan *chan) 1094int l2cap_ertm_send(struct l2cap_chan *chan)
1103{ 1095{
1104 struct sk_buff *skb, *tx_skb; 1096 struct sk_buff *skb, *tx_skb;
1105 struct sock *sk = chan->sk; 1097 struct sock *sk = chan->sk;
1106 struct l2cap_pinfo *pi = l2cap_pi(sk);
1107 u16 control, fcs; 1098 u16 control, fcs;
1108 int nsent = 0; 1099 int nsent = 0;
1109 1100
@@ -1114,7 +1105,7 @@ int l2cap_ertm_send(struct l2cap_chan *chan)
1114 1105
1115 if (chan->remote_max_tx && 1106 if (chan->remote_max_tx &&
1116 bt_cb(skb)->retries == chan->remote_max_tx) { 1107 bt_cb(skb)->retries == chan->remote_max_tx) {
1117 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED); 1108 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1118 break; 1109 break;
1119 } 1110 }
1120 1111
@@ -1134,12 +1125,12 @@ int l2cap_ertm_send(struct l2cap_chan *chan)
1134 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1125 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1135 1126
1136 1127
1137 if (pi->fcs == L2CAP_FCS_CRC16) { 1128 if (chan->fcs == L2CAP_FCS_CRC16) {
1138 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2); 1129 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1139 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2); 1130 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1140 } 1131 }
1141 1132
1142 l2cap_do_send(sk, tx_skb); 1133 l2cap_do_send(chan, tx_skb);
1143 1134
1144 __mod_retrans_timer(); 1135 __mod_retrans_timer();
1145 1136
@@ -1210,7 +1201,7 @@ static void l2cap_send_srejtail(struct l2cap_chan *chan)
1210 1201
1211static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1202static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1212{ 1203{
1213 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1204 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1214 struct sk_buff **frag; 1205 struct sk_buff **frag;
1215 int err, sent = 0; 1206 int err, sent = 0;
1216 1207
@@ -1240,9 +1231,10 @@ static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, in
1240 return sent; 1231 return sent;
1241} 1232}
1242 1233
1243struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len) 1234struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1244{ 1235{
1245 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1236 struct sock *sk = chan->sk;
1237 struct l2cap_conn *conn = chan->conn;
1246 struct sk_buff *skb; 1238 struct sk_buff *skb;
1247 int err, count, hlen = L2CAP_HDR_SIZE + 2; 1239 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1248 struct l2cap_hdr *lh; 1240 struct l2cap_hdr *lh;
@@ -1257,9 +1249,9 @@ struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, s
1257 1249
1258 /* Create L2CAP header */ 1250 /* Create L2CAP header */
1259 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1251 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1260 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1252 lh->cid = cpu_to_le16(chan->dcid);
1261 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1253 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1262 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2)); 1254 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1263 1255
1264 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1256 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1265 if (unlikely(err < 0)) { 1257 if (unlikely(err < 0)) {
@@ -1269,9 +1261,10 @@ struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, s
1269 return skb; 1261 return skb;
1270} 1262}
1271 1263
1272struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len) 1264struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1273{ 1265{
1274 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1266 struct sock *sk = chan->sk;
1267 struct l2cap_conn *conn = chan->conn;
1275 struct sk_buff *skb; 1268 struct sk_buff *skb;
1276 int err, count, hlen = L2CAP_HDR_SIZE; 1269 int err, count, hlen = L2CAP_HDR_SIZE;
1277 struct l2cap_hdr *lh; 1270 struct l2cap_hdr *lh;
@@ -1286,7 +1279,7 @@ struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size
1286 1279
1287 /* Create L2CAP header */ 1280 /* Create L2CAP header */
1288 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1281 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1289 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1282 lh->cid = cpu_to_le16(chan->dcid);
1290 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1283 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1291 1284
1292 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1285 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
@@ -1297,9 +1290,10 @@ struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size
1297 return skb; 1290 return skb;
1298} 1291}
1299 1292
1300struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen) 1293struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1301{ 1294{
1302 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1295 struct sock *sk = chan->sk;
1296 struct l2cap_conn *conn = chan->conn;
1303 struct sk_buff *skb; 1297 struct sk_buff *skb;
1304 int err, count, hlen = L2CAP_HDR_SIZE + 2; 1298 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1305 struct l2cap_hdr *lh; 1299 struct l2cap_hdr *lh;
@@ -1312,7 +1306,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1312 if (sdulen) 1306 if (sdulen)
1313 hlen += 2; 1307 hlen += 2;
1314 1308
1315 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) 1309 if (chan->fcs == L2CAP_FCS_CRC16)
1316 hlen += 2; 1310 hlen += 2;
1317 1311
1318 count = min_t(unsigned int, (conn->mtu - hlen), len); 1312 count = min_t(unsigned int, (conn->mtu - hlen), len);
@@ -1323,7 +1317,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1323 1317
1324 /* Create L2CAP header */ 1318 /* Create L2CAP header */
1325 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1319 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1326 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1320 lh->cid = cpu_to_le16(chan->dcid);
1327 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1321 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1328 put_unaligned_le16(control, skb_put(skb, 2)); 1322 put_unaligned_le16(control, skb_put(skb, 2));
1329 if (sdulen) 1323 if (sdulen)
@@ -1335,7 +1329,7 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1335 return ERR_PTR(err); 1329 return ERR_PTR(err);
1336 } 1330 }
1337 1331
1338 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) 1332 if (chan->fcs == L2CAP_FCS_CRC16)
1339 put_unaligned_le16(0, skb_put(skb, 2)); 1333 put_unaligned_le16(0, skb_put(skb, 2));
1340 1334
1341 bt_cb(skb)->retries = 0; 1335 bt_cb(skb)->retries = 0;
@@ -1344,7 +1338,6 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1344 1338
1345int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len) 1339int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1346{ 1340{
1347 struct sock *sk = chan->sk;
1348 struct sk_buff *skb; 1341 struct sk_buff *skb;
1349 struct sk_buff_head sar_queue; 1342 struct sk_buff_head sar_queue;
1350 u16 control; 1343 u16 control;
@@ -1352,7 +1345,7 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1352 1345
1353 skb_queue_head_init(&sar_queue); 1346 skb_queue_head_init(&sar_queue);
1354 control = L2CAP_SDU_START; 1347 control = L2CAP_SDU_START;
1355 skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len); 1348 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
1356 if (IS_ERR(skb)) 1349 if (IS_ERR(skb))
1357 return PTR_ERR(skb); 1350 return PTR_ERR(skb);
1358 1351
@@ -1371,7 +1364,7 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1371 buflen = len; 1364 buflen = len;
1372 } 1365 }
1373 1366
1374 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0); 1367 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
1375 if (IS_ERR(skb)) { 1368 if (IS_ERR(skb)) {
1376 skb_queue_purge(&sar_queue); 1369 skb_queue_purge(&sar_queue);
1377 return PTR_ERR(skb); 1370 return PTR_ERR(skb);
@@ -1391,10 +1384,11 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le
1391static void l2cap_chan_ready(struct sock *sk) 1384static void l2cap_chan_ready(struct sock *sk)
1392{ 1385{
1393 struct sock *parent = bt_sk(sk)->parent; 1386 struct sock *parent = bt_sk(sk)->parent;
1387 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1394 1388
1395 BT_DBG("sk %p, parent %p", sk, parent); 1389 BT_DBG("sk %p, parent %p", sk, parent);
1396 1390
1397 l2cap_pi(sk)->conf_state = 0; 1391 chan->conf_state = 0;
1398 l2cap_sock_clear_timer(sk); 1392 l2cap_sock_clear_timer(sk);
1399 1393
1400 if (!parent) { 1394 if (!parent) {
@@ -1615,9 +1609,8 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1615 1609
1616static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data) 1610static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1617{ 1611{
1618 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1619 struct l2cap_conf_req *req = data; 1612 struct l2cap_conf_req *req = data;
1620 struct l2cap_conf_rfc rfc = { .mode = pi->mode }; 1613 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1621 void *ptr = req->data; 1614 void *ptr = req->data;
1622 1615
1623 BT_DBG("chan %p", chan); 1616 BT_DBG("chan %p", chan);
@@ -1625,26 +1618,26 @@ static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1625 if (chan->num_conf_req || chan->num_conf_rsp) 1618 if (chan->num_conf_req || chan->num_conf_rsp)
1626 goto done; 1619 goto done;
1627 1620
1628 switch (pi->mode) { 1621 switch (chan->mode) {
1629 case L2CAP_MODE_STREAMING: 1622 case L2CAP_MODE_STREAMING:
1630 case L2CAP_MODE_ERTM: 1623 case L2CAP_MODE_ERTM:
1631 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE) 1624 if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE)
1632 break; 1625 break;
1633 1626
1634 /* fall through */ 1627 /* fall through */
1635 default: 1628 default:
1636 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask); 1629 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
1637 break; 1630 break;
1638 } 1631 }
1639 1632
1640done: 1633done:
1641 if (pi->imtu != L2CAP_DEFAULT_MTU) 1634 if (chan->imtu != L2CAP_DEFAULT_MTU)
1642 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 1635 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1643 1636
1644 switch (pi->mode) { 1637 switch (chan->mode) {
1645 case L2CAP_MODE_BASIC: 1638 case L2CAP_MODE_BASIC:
1646 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) && 1639 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1647 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING)) 1640 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
1648 break; 1641 break;
1649 1642
1650 rfc.mode = L2CAP_MODE_BASIC; 1643 rfc.mode = L2CAP_MODE_BASIC;
@@ -1660,24 +1653,24 @@ done:
1660 1653
1661 case L2CAP_MODE_ERTM: 1654 case L2CAP_MODE_ERTM:
1662 rfc.mode = L2CAP_MODE_ERTM; 1655 rfc.mode = L2CAP_MODE_ERTM;
1663 rfc.txwin_size = pi->tx_win; 1656 rfc.txwin_size = chan->tx_win;
1664 rfc.max_transmit = pi->max_tx; 1657 rfc.max_transmit = chan->max_tx;
1665 rfc.retrans_timeout = 0; 1658 rfc.retrans_timeout = 0;
1666 rfc.monitor_timeout = 0; 1659 rfc.monitor_timeout = 0;
1667 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 1660 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1668 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 1661 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1669 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1662 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1670 1663
1671 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 1664 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1672 (unsigned long) &rfc); 1665 (unsigned long) &rfc);
1673 1666
1674 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 1667 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1675 break; 1668 break;
1676 1669
1677 if (pi->fcs == L2CAP_FCS_NONE || 1670 if (chan->fcs == L2CAP_FCS_NONE ||
1678 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { 1671 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1679 pi->fcs = L2CAP_FCS_NONE; 1672 chan->fcs = L2CAP_FCS_NONE;
1680 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); 1673 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1681 } 1674 }
1682 break; 1675 break;
1683 1676
@@ -1688,24 +1681,24 @@ done:
1688 rfc.retrans_timeout = 0; 1681 rfc.retrans_timeout = 0;
1689 rfc.monitor_timeout = 0; 1682 rfc.monitor_timeout = 0;
1690 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 1683 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
1691 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 1684 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1692 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1685 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1693 1686
1694 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 1687 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1695 (unsigned long) &rfc); 1688 (unsigned long) &rfc);
1696 1689
1697 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 1690 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
1698 break; 1691 break;
1699 1692
1700 if (pi->fcs == L2CAP_FCS_NONE || 1693 if (chan->fcs == L2CAP_FCS_NONE ||
1701 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) { 1694 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
1702 pi->fcs = L2CAP_FCS_NONE; 1695 chan->fcs = L2CAP_FCS_NONE;
1703 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs); 1696 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
1704 } 1697 }
1705 break; 1698 break;
1706 } 1699 }
1707 1700
1708 req->dcid = cpu_to_le16(pi->dcid); 1701 req->dcid = cpu_to_le16(chan->dcid);
1709 req->flags = cpu_to_le16(0); 1702 req->flags = cpu_to_le16(0);
1710 1703
1711 return ptr - data; 1704 return ptr - data;
@@ -1713,7 +1706,6 @@ done:
1713 1706
1714static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data) 1707static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1715{ 1708{
1716 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1717 struct l2cap_conf_rsp *rsp = data; 1709 struct l2cap_conf_rsp *rsp = data;
1718 void *ptr = rsp->data; 1710 void *ptr = rsp->data;
1719 void *req = chan->conf_req; 1711 void *req = chan->conf_req;
@@ -1738,7 +1730,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1738 break; 1730 break;
1739 1731
1740 case L2CAP_CONF_FLUSH_TO: 1732 case L2CAP_CONF_FLUSH_TO:
1741 pi->flush_to = val; 1733 chan->flush_to = val;
1742 break; 1734 break;
1743 1735
1744 case L2CAP_CONF_QOS: 1736 case L2CAP_CONF_QOS:
@@ -1751,7 +1743,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1751 1743
1752 case L2CAP_CONF_FCS: 1744 case L2CAP_CONF_FCS:
1753 if (val == L2CAP_FCS_NONE) 1745 if (val == L2CAP_FCS_NONE)
1754 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV; 1746 chan->conf_state |= L2CAP_CONF_NO_FCS_RECV;
1755 1747
1756 break; 1748 break;
1757 1749
@@ -1768,25 +1760,25 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1768 if (chan->num_conf_rsp || chan->num_conf_req > 1) 1760 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1769 goto done; 1761 goto done;
1770 1762
1771 switch (pi->mode) { 1763 switch (chan->mode) {
1772 case L2CAP_MODE_STREAMING: 1764 case L2CAP_MODE_STREAMING:
1773 case L2CAP_MODE_ERTM: 1765 case L2CAP_MODE_ERTM:
1774 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) { 1766 if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
1775 pi->mode = l2cap_select_mode(rfc.mode, 1767 chan->mode = l2cap_select_mode(rfc.mode,
1776 pi->conn->feat_mask); 1768 chan->conn->feat_mask);
1777 break; 1769 break;
1778 } 1770 }
1779 1771
1780 if (pi->mode != rfc.mode) 1772 if (chan->mode != rfc.mode)
1781 return -ECONNREFUSED; 1773 return -ECONNREFUSED;
1782 1774
1783 break; 1775 break;
1784 } 1776 }
1785 1777
1786done: 1778done:
1787 if (pi->mode != rfc.mode) { 1779 if (chan->mode != rfc.mode) {
1788 result = L2CAP_CONF_UNACCEPT; 1780 result = L2CAP_CONF_UNACCEPT;
1789 rfc.mode = pi->mode; 1781 rfc.mode = chan->mode;
1790 1782
1791 if (chan->num_conf_rsp == 1) 1783 if (chan->num_conf_rsp == 1)
1792 return -ECONNREFUSED; 1784 return -ECONNREFUSED;
@@ -1803,23 +1795,23 @@ done:
1803 if (mtu < L2CAP_DEFAULT_MIN_MTU) 1795 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1804 result = L2CAP_CONF_UNACCEPT; 1796 result = L2CAP_CONF_UNACCEPT;
1805 else { 1797 else {
1806 pi->omtu = mtu; 1798 chan->omtu = mtu;
1807 pi->conf_state |= L2CAP_CONF_MTU_DONE; 1799 chan->conf_state |= L2CAP_CONF_MTU_DONE;
1808 } 1800 }
1809 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); 1801 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
1810 1802
1811 switch (rfc.mode) { 1803 switch (rfc.mode) {
1812 case L2CAP_MODE_BASIC: 1804 case L2CAP_MODE_BASIC:
1813 pi->fcs = L2CAP_FCS_NONE; 1805 chan->fcs = L2CAP_FCS_NONE;
1814 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1806 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1815 break; 1807 break;
1816 1808
1817 case L2CAP_MODE_ERTM: 1809 case L2CAP_MODE_ERTM:
1818 chan->remote_tx_win = rfc.txwin_size; 1810 chan->remote_tx_win = rfc.txwin_size;
1819 chan->remote_max_tx = rfc.max_transmit; 1811 chan->remote_max_tx = rfc.max_transmit;
1820 1812
1821 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1813 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1822 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1814 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1823 1815
1824 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1816 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1825 1817
@@ -1828,7 +1820,7 @@ done:
1828 rfc.monitor_timeout = 1820 rfc.monitor_timeout =
1829 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO); 1821 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
1830 1822
1831 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1823 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1832 1824
1833 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1825 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1834 sizeof(rfc), (unsigned long) &rfc); 1826 sizeof(rfc), (unsigned long) &rfc);
@@ -1836,12 +1828,12 @@ done:
1836 break; 1828 break;
1837 1829
1838 case L2CAP_MODE_STREAMING: 1830 case L2CAP_MODE_STREAMING:
1839 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1831 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1840 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1832 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1841 1833
1842 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1834 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1843 1835
1844 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1836 chan->conf_state |= L2CAP_CONF_MODE_DONE;
1845 1837
1846 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1838 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1847 sizeof(rfc), (unsigned long) &rfc); 1839 sizeof(rfc), (unsigned long) &rfc);
@@ -1852,29 +1844,28 @@ done:
1852 result = L2CAP_CONF_UNACCEPT; 1844 result = L2CAP_CONF_UNACCEPT;
1853 1845
1854 memset(&rfc, 0, sizeof(rfc)); 1846 memset(&rfc, 0, sizeof(rfc));
1855 rfc.mode = pi->mode; 1847 rfc.mode = chan->mode;
1856 } 1848 }
1857 1849
1858 if (result == L2CAP_CONF_SUCCESS) 1850 if (result == L2CAP_CONF_SUCCESS)
1859 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; 1851 chan->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1860 } 1852 }
1861 rsp->scid = cpu_to_le16(pi->dcid); 1853 rsp->scid = cpu_to_le16(chan->dcid);
1862 rsp->result = cpu_to_le16(result); 1854 rsp->result = cpu_to_le16(result);
1863 rsp->flags = cpu_to_le16(0x0000); 1855 rsp->flags = cpu_to_le16(0x0000);
1864 1856
1865 return ptr - data; 1857 return ptr - data;
1866} 1858}
1867 1859
1868static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result) 1860static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
1869{ 1861{
1870 struct l2cap_pinfo *pi = l2cap_pi(sk);
1871 struct l2cap_conf_req *req = data; 1862 struct l2cap_conf_req *req = data;
1872 void *ptr = req->data; 1863 void *ptr = req->data;
1873 int type, olen; 1864 int type, olen;
1874 unsigned long val; 1865 unsigned long val;
1875 struct l2cap_conf_rfc rfc; 1866 struct l2cap_conf_rfc rfc;
1876 1867
1877 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data); 1868 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
1878 1869
1879 while (len >= L2CAP_CONF_OPT_SIZE) { 1870 while (len >= L2CAP_CONF_OPT_SIZE) {
1880 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); 1871 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
@@ -1883,27 +1874,27 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
1883 case L2CAP_CONF_MTU: 1874 case L2CAP_CONF_MTU:
1884 if (val < L2CAP_DEFAULT_MIN_MTU) { 1875 if (val < L2CAP_DEFAULT_MIN_MTU) {
1885 *result = L2CAP_CONF_UNACCEPT; 1876 *result = L2CAP_CONF_UNACCEPT;
1886 pi->imtu = L2CAP_DEFAULT_MIN_MTU; 1877 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
1887 } else 1878 } else
1888 pi->imtu = val; 1879 chan->imtu = val;
1889 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 1880 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
1890 break; 1881 break;
1891 1882
1892 case L2CAP_CONF_FLUSH_TO: 1883 case L2CAP_CONF_FLUSH_TO:
1893 pi->flush_to = val; 1884 chan->flush_to = val;
1894 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 1885 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1895 2, pi->flush_to); 1886 2, chan->flush_to);
1896 break; 1887 break;
1897 1888
1898 case L2CAP_CONF_RFC: 1889 case L2CAP_CONF_RFC:
1899 if (olen == sizeof(rfc)) 1890 if (olen == sizeof(rfc))
1900 memcpy(&rfc, (void *)val, olen); 1891 memcpy(&rfc, (void *)val, olen);
1901 1892
1902 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) && 1893 if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
1903 rfc.mode != pi->mode) 1894 rfc.mode != chan->mode)
1904 return -ECONNREFUSED; 1895 return -ECONNREFUSED;
1905 1896
1906 pi->fcs = 0; 1897 chan->fcs = 0;
1907 1898
1908 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1899 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1909 sizeof(rfc), (unsigned long) &rfc); 1900 sizeof(rfc), (unsigned long) &rfc);
@@ -1911,78 +1902,74 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
1911 } 1902 }
1912 } 1903 }
1913 1904
1914 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode) 1905 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
1915 return -ECONNREFUSED; 1906 return -ECONNREFUSED;
1916 1907
1917 pi->mode = rfc.mode; 1908 chan->mode = rfc.mode;
1918 1909
1919 if (*result == L2CAP_CONF_SUCCESS) { 1910 if (*result == L2CAP_CONF_SUCCESS) {
1920 switch (rfc.mode) { 1911 switch (rfc.mode) {
1921 case L2CAP_MODE_ERTM: 1912 case L2CAP_MODE_ERTM:
1922 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 1913 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
1923 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 1914 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
1924 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1915 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1925 break; 1916 break;
1926 case L2CAP_MODE_STREAMING: 1917 case L2CAP_MODE_STREAMING:
1927 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1918 chan->mps = le16_to_cpu(rfc.max_pdu_size);
1928 } 1919 }
1929 } 1920 }
1930 1921
1931 req->dcid = cpu_to_le16(pi->dcid); 1922 req->dcid = cpu_to_le16(chan->dcid);
1932 req->flags = cpu_to_le16(0x0000); 1923 req->flags = cpu_to_le16(0x0000);
1933 1924
1934 return ptr - data; 1925 return ptr - data;
1935} 1926}
1936 1927
1937static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) 1928static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1938{ 1929{
1939 struct l2cap_conf_rsp *rsp = data; 1930 struct l2cap_conf_rsp *rsp = data;
1940 void *ptr = rsp->data; 1931 void *ptr = rsp->data;
1941 1932
1942 BT_DBG("sk %p", sk); 1933 BT_DBG("chan %p", chan);
1943 1934
1944 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid); 1935 rsp->scid = cpu_to_le16(chan->dcid);
1945 rsp->result = cpu_to_le16(result); 1936 rsp->result = cpu_to_le16(result);
1946 rsp->flags = cpu_to_le16(flags); 1937 rsp->flags = cpu_to_le16(flags);
1947 1938
1948 return ptr - data; 1939 return ptr - data;
1949} 1940}
1950 1941
1951void __l2cap_connect_rsp_defer(struct sock *sk) 1942void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
1952{ 1943{
1953 struct l2cap_conn_rsp rsp; 1944 struct l2cap_conn_rsp rsp;
1954 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1945 struct l2cap_conn *conn = chan->conn;
1955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1956 u8 buf[128]; 1946 u8 buf[128];
1957 1947
1958 sk->sk_state = BT_CONFIG; 1948 rsp.scid = cpu_to_le16(chan->dcid);
1959 1949 rsp.dcid = cpu_to_le16(chan->scid);
1960 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1961 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1962 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 1950 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1963 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 1951 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1964 l2cap_send_cmd(conn, chan->ident, 1952 l2cap_send_cmd(conn, chan->ident,
1965 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1953 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1966 1954
1967 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) 1955 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
1968 return; 1956 return;
1969 1957
1970 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 1958 chan->conf_state |= L2CAP_CONF_REQ_SENT;
1971 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1959 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1972 l2cap_build_conf_req(chan, buf), buf); 1960 l2cap_build_conf_req(chan, buf), buf);
1973 chan->num_conf_req++; 1961 chan->num_conf_req++;
1974} 1962}
1975 1963
1976static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len) 1964static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
1977{ 1965{
1978 struct l2cap_pinfo *pi = l2cap_pi(sk);
1979 int type, olen; 1966 int type, olen;
1980 unsigned long val; 1967 unsigned long val;
1981 struct l2cap_conf_rfc rfc; 1968 struct l2cap_conf_rfc rfc;
1982 1969
1983 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len); 1970 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
1984 1971
1985 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING)) 1972 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
1986 return; 1973 return;
1987 1974
1988 while (len >= L2CAP_CONF_OPT_SIZE) { 1975 while (len >= L2CAP_CONF_OPT_SIZE) {
@@ -1999,12 +1986,12 @@ static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1999done: 1986done:
2000 switch (rfc.mode) { 1987 switch (rfc.mode) {
2001 case L2CAP_MODE_ERTM: 1988 case L2CAP_MODE_ERTM:
2002 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 1989 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2003 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 1990 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2004 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1991 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2005 break; 1992 break;
2006 case L2CAP_MODE_STREAMING: 1993 case L2CAP_MODE_STREAMING:
2007 pi->mps = le16_to_cpu(rfc.max_pdu_size); 1994 chan->mps = le16_to_cpu(rfc.max_pdu_size);
2008 } 1995 }
2009} 1996}
2010 1997
@@ -2076,6 +2063,8 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2076 goto response; 2063 goto response;
2077 } 2064 }
2078 2065
2066 l2cap_pi(sk)->chan = chan;
2067
2079 write_lock_bh(&conn->chan_lock); 2068 write_lock_bh(&conn->chan_lock);
2080 2069
2081 /* Check if we already have channel with that dcid */ 2070 /* Check if we already have channel with that dcid */
@@ -2091,23 +2080,21 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2091 l2cap_sock_init(sk, parent); 2080 l2cap_sock_init(sk, parent);
2092 bacpy(&bt_sk(sk)->src, conn->src); 2081 bacpy(&bt_sk(sk)->src, conn->src);
2093 bacpy(&bt_sk(sk)->dst, conn->dst); 2082 bacpy(&bt_sk(sk)->dst, conn->dst);
2094 l2cap_pi(sk)->psm = psm; 2083 chan->psm = psm;
2095 l2cap_pi(sk)->dcid = scid; 2084 chan->dcid = scid;
2096 2085
2097 bt_accept_enqueue(parent, sk); 2086 bt_accept_enqueue(parent, sk);
2098 2087
2099 __l2cap_chan_add(conn, chan); 2088 __l2cap_chan_add(conn, chan);
2100 2089
2101 l2cap_pi(sk)->chan = chan; 2090 dcid = chan->scid;
2102
2103 dcid = l2cap_pi(sk)->scid;
2104 2091
2105 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 2092 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2106 2093
2107 chan->ident = cmd->ident; 2094 chan->ident = cmd->ident;
2108 2095
2109 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2096 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2110 if (l2cap_check_security(sk)) { 2097 if (l2cap_check_security(chan)) {
2111 if (bt_sk(sk)->defer_setup) { 2098 if (bt_sk(sk)->defer_setup) {
2112 sk->sk_state = BT_CONNECT2; 2099 sk->sk_state = BT_CONNECT2;
2113 result = L2CAP_CR_PEND; 2100 result = L2CAP_CR_PEND;
@@ -2155,10 +2142,10 @@ sendresp:
2155 L2CAP_INFO_REQ, sizeof(info), &info); 2142 L2CAP_INFO_REQ, sizeof(info), &info);
2156 } 2143 }
2157 2144
2158 if (chan && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) && 2145 if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) &&
2159 result == L2CAP_CR_SUCCESS) { 2146 result == L2CAP_CR_SUCCESS) {
2160 u8 buf[128]; 2147 u8 buf[128];
2161 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2148 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2162 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2149 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2163 l2cap_build_conf_req(chan, buf), buf); 2150 l2cap_build_conf_req(chan, buf), buf);
2164 chan->num_conf_req++; 2151 chan->num_conf_req++;
@@ -2198,13 +2185,13 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2198 case L2CAP_CR_SUCCESS: 2185 case L2CAP_CR_SUCCESS:
2199 sk->sk_state = BT_CONFIG; 2186 sk->sk_state = BT_CONFIG;
2200 chan->ident = 0; 2187 chan->ident = 0;
2201 l2cap_pi(sk)->dcid = dcid; 2188 chan->dcid = dcid;
2202 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 2189 chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2203 2190
2204 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) 2191 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
2205 break; 2192 break;
2206 2193
2207 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2194 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2208 2195
2209 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2196 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2210 l2cap_build_conf_req(chan, req), req); 2197 l2cap_build_conf_req(chan, req), req);
@@ -2212,7 +2199,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2212 break; 2199 break;
2213 2200
2214 case L2CAP_CR_PEND: 2201 case L2CAP_CR_PEND:
2215 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 2202 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
2216 break; 2203 break;
2217 2204
2218 default: 2205 default:
@@ -2232,15 +2219,17 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2232 return 0; 2219 return 0;
2233} 2220}
2234 2221
2235static inline void set_default_fcs(struct l2cap_pinfo *pi) 2222static inline void set_default_fcs(struct l2cap_chan *chan)
2236{ 2223{
2224 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2225
2237 /* FCS is enabled only in ERTM or streaming mode, if one or both 2226 /* FCS is enabled only in ERTM or streaming mode, if one or both
2238 * sides request it. 2227 * sides request it.
2239 */ 2228 */
2240 if (pi->mode != L2CAP_MODE_ERTM && pi->mode != L2CAP_MODE_STREAMING) 2229 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
2241 pi->fcs = L2CAP_FCS_NONE; 2230 chan->fcs = L2CAP_FCS_NONE;
2242 else if (!(pi->conf_state & L2CAP_CONF_NO_FCS_RECV)) 2231 else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))
2243 pi->fcs = L2CAP_FCS_CRC16; 2232 chan->fcs = L2CAP_FCS_CRC16;
2244} 2233}
2245 2234
2246static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 2235static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
@@ -2276,7 +2265,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2276 len = cmd_len - sizeof(*req); 2265 len = cmd_len - sizeof(*req);
2277 if (chan->conf_len + len > sizeof(chan->conf_req)) { 2266 if (chan->conf_len + len > sizeof(chan->conf_req)) {
2278 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2267 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2279 l2cap_build_conf_rsp(sk, rsp, 2268 l2cap_build_conf_rsp(chan, rsp,
2280 L2CAP_CONF_REJECT, flags), rsp); 2269 L2CAP_CONF_REJECT, flags), rsp);
2281 goto unlock; 2270 goto unlock;
2282 } 2271 }
@@ -2288,7 +2277,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2288 if (flags & 0x0001) { 2277 if (flags & 0x0001) {
2289 /* Incomplete config. Send empty response. */ 2278 /* Incomplete config. Send empty response. */
2290 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2279 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2291 l2cap_build_conf_rsp(sk, rsp, 2280 l2cap_build_conf_rsp(chan, rsp,
2292 L2CAP_CONF_SUCCESS, 0x0001), rsp); 2281 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2293 goto unlock; 2282 goto unlock;
2294 } 2283 }
@@ -2306,27 +2295,27 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2306 /* Reset config buffer. */ 2295 /* Reset config buffer. */
2307 chan->conf_len = 0; 2296 chan->conf_len = 0;
2308 2297
2309 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 2298 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE))
2310 goto unlock; 2299 goto unlock;
2311 2300
2312 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 2301 if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {
2313 set_default_fcs(l2cap_pi(sk)); 2302 set_default_fcs(chan);
2314 2303
2315 sk->sk_state = BT_CONNECTED; 2304 sk->sk_state = BT_CONNECTED;
2316 2305
2317 chan->next_tx_seq = 0; 2306 chan->next_tx_seq = 0;
2318 chan->expected_tx_seq = 0; 2307 chan->expected_tx_seq = 0;
2319 skb_queue_head_init(&chan->tx_q); 2308 skb_queue_head_init(&chan->tx_q);
2320 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2309 if (chan->mode == L2CAP_MODE_ERTM)
2321 l2cap_ertm_init(chan); 2310 l2cap_ertm_init(chan);
2322 2311
2323 l2cap_chan_ready(sk); 2312 l2cap_chan_ready(sk);
2324 goto unlock; 2313 goto unlock;
2325 } 2314 }
2326 2315
2327 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { 2316 if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) {
2328 u8 buf[64]; 2317 u8 buf[64];
2329 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2318 chan->conf_state |= L2CAP_CONF_REQ_SENT;
2330 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2319 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2331 l2cap_build_conf_req(chan, buf), buf); 2320 l2cap_build_conf_req(chan, buf), buf);
2332 chan->num_conf_req++; 2321 chan->num_conf_req++;
@@ -2360,7 +2349,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2360 2349
2361 switch (result) { 2350 switch (result) {
2362 case L2CAP_CONF_SUCCESS: 2351 case L2CAP_CONF_SUCCESS:
2363 l2cap_conf_rfc_get(sk, rsp->data, len); 2352 l2cap_conf_rfc_get(chan, rsp->data, len);
2364 break; 2353 break;
2365 2354
2366 case L2CAP_CONF_UNACCEPT: 2355 case L2CAP_CONF_UNACCEPT:
@@ -2374,8 +2363,8 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2374 2363
2375 /* throw out any old stored conf requests */ 2364 /* throw out any old stored conf requests */
2376 result = L2CAP_CONF_SUCCESS; 2365 result = L2CAP_CONF_SUCCESS;
2377 len = l2cap_parse_conf_rsp(sk, rsp->data, 2366 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2378 len, req, &result); 2367 req, &result);
2379 if (len < 0) { 2368 if (len < 0) {
2380 l2cap_send_disconn_req(conn, chan, ECONNRESET); 2369 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2381 goto done; 2370 goto done;
@@ -2399,16 +2388,16 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2399 if (flags & 0x01) 2388 if (flags & 0x01)
2400 goto done; 2389 goto done;
2401 2390
2402 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2391 chan->conf_state |= L2CAP_CONF_INPUT_DONE;
2403 2392
2404 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2393 if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2405 set_default_fcs(l2cap_pi(sk)); 2394 set_default_fcs(chan);
2406 2395
2407 sk->sk_state = BT_CONNECTED; 2396 sk->sk_state = BT_CONNECTED;
2408 chan->next_tx_seq = 0; 2397 chan->next_tx_seq = 0;
2409 chan->expected_tx_seq = 0; 2398 chan->expected_tx_seq = 0;
2410 skb_queue_head_init(&chan->tx_q); 2399 skb_queue_head_init(&chan->tx_q);
2411 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2400 if (chan->mode == L2CAP_MODE_ERTM)
2412 l2cap_ertm_init(chan); 2401 l2cap_ertm_init(chan);
2413 2402
2414 l2cap_chan_ready(sk); 2403 l2cap_chan_ready(sk);
@@ -2438,8 +2427,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2438 2427
2439 sk = chan->sk; 2428 sk = chan->sk;
2440 2429
2441 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2430 rsp.dcid = cpu_to_le16(chan->scid);
2442 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2431 rsp.scid = cpu_to_le16(chan->dcid);
2443 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2432 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2444 2433
2445 sk->sk_shutdown = SHUTDOWN_MASK; 2434 sk->sk_shutdown = SHUTDOWN_MASK;
@@ -2774,12 +2763,12 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2774 kfree_skb(skb); 2763 kfree_skb(skb);
2775} 2764}
2776 2765
2777static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb) 2766static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
2778{ 2767{
2779 u16 our_fcs, rcv_fcs; 2768 u16 our_fcs, rcv_fcs;
2780 int hdr_size = L2CAP_HDR_SIZE + 2; 2769 int hdr_size = L2CAP_HDR_SIZE + 2;
2781 2770
2782 if (pi->fcs == L2CAP_FCS_CRC16) { 2771 if (chan->fcs == L2CAP_FCS_CRC16) {
2783 skb_trim(skb, skb->len - 2); 2772 skb_trim(skb, skb->len - 2);
2784 rcv_fcs = get_unaligned_le16(skb->data + skb->len); 2773 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2785 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size); 2774 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
@@ -2860,7 +2849,6 @@ static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb,
2860 2849
2861static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) 2850static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2862{ 2851{
2863 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2864 struct sk_buff *_skb; 2852 struct sk_buff *_skb;
2865 int err; 2853 int err;
2866 2854
@@ -2881,7 +2869,7 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk
2881 2869
2882 chan->sdu_len = get_unaligned_le16(skb->data); 2870 chan->sdu_len = get_unaligned_le16(skb->data);
2883 2871
2884 if (chan->sdu_len > pi->imtu) 2872 if (chan->sdu_len > chan->imtu)
2885 goto disconnect; 2873 goto disconnect;
2886 2874
2887 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC); 2875 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
@@ -2924,7 +2912,7 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk
2924 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) { 2912 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2925 chan->partial_sdu_len += skb->len; 2913 chan->partial_sdu_len += skb->len;
2926 2914
2927 if (chan->partial_sdu_len > pi->imtu) 2915 if (chan->partial_sdu_len > chan->imtu)
2928 goto drop; 2916 goto drop;
2929 2917
2930 if (chan->partial_sdu_len != chan->sdu_len) 2918 if (chan->partial_sdu_len != chan->sdu_len)
@@ -2961,7 +2949,7 @@ drop:
2961 chan->sdu = NULL; 2949 chan->sdu = NULL;
2962 2950
2963disconnect: 2951disconnect:
2964 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 2952 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
2965 kfree_skb(skb); 2953 kfree_skb(skb);
2966 return 0; 2954 return 0;
2967} 2955}
@@ -3022,7 +3010,7 @@ static void l2cap_busy_work(struct work_struct *work)
3022 3010
3023 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3011 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3024 err = -EBUSY; 3012 err = -EBUSY;
3025 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY); 3013 l2cap_send_disconn_req(chan->conn, chan, EBUSY);
3026 break; 3014 break;
3027 } 3015 }
3028 3016
@@ -3092,7 +3080,6 @@ static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 c
3092 3080
3093static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) 3081static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3094{ 3082{
3095 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3096 struct sk_buff *_skb; 3083 struct sk_buff *_skb;
3097 int err = -EINVAL; 3084 int err = -EINVAL;
3098 3085
@@ -3123,7 +3110,7 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf
3123 chan->sdu_len = get_unaligned_le16(skb->data); 3110 chan->sdu_len = get_unaligned_le16(skb->data);
3124 skb_pull(skb, 2); 3111 skb_pull(skb, 2);
3125 3112
3126 if (chan->sdu_len > pi->imtu) { 3113 if (chan->sdu_len > chan->imtu) {
3127 err = -EMSGSIZE; 3114 err = -EMSGSIZE;
3128 break; 3115 break;
3129 } 3116 }
@@ -3164,7 +3151,7 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf
3164 chan->conn_state &= ~L2CAP_CONN_SAR_SDU; 3151 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3165 chan->partial_sdu_len += skb->len; 3152 chan->partial_sdu_len += skb->len;
3166 3153
3167 if (chan->partial_sdu_len > pi->imtu) 3154 if (chan->partial_sdu_len > chan->imtu)
3168 goto drop; 3155 goto drop;
3169 3156
3170 if (chan->partial_sdu_len == chan->sdu_len) { 3157 if (chan->partial_sdu_len == chan->sdu_len) {
@@ -3241,12 +3228,11 @@ static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3241 3228
3242static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb) 3229static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3243{ 3230{
3244 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3245 u8 tx_seq = __get_txseq(rx_control); 3231 u8 tx_seq = __get_txseq(rx_control);
3246 u8 req_seq = __get_reqseq(rx_control); 3232 u8 req_seq = __get_reqseq(rx_control);
3247 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3233 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3248 int tx_seq_offset, expected_tx_seq_offset; 3234 int tx_seq_offset, expected_tx_seq_offset;
3249 int num_to_ack = (pi->tx_win/6) + 1; 3235 int num_to_ack = (chan->tx_win/6) + 1;
3250 int err = 0; 3236 int err = 0;
3251 3237
3252 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len, 3238 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
@@ -3271,8 +3257,8 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont
3271 tx_seq_offset += 64; 3257 tx_seq_offset += 64;
3272 3258
3273 /* invalid tx_seq */ 3259 /* invalid tx_seq */
3274 if (tx_seq_offset >= pi->tx_win) { 3260 if (tx_seq_offset >= chan->tx_win) {
3275 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3261 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3276 goto drop; 3262 goto drop;
3277 } 3263 }
3278 3264
@@ -3539,7 +3525,6 @@ static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_cont
3539static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 3525static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3540{ 3526{
3541 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 3527 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3542 struct l2cap_pinfo *pi = l2cap_pi(sk);
3543 u16 control; 3528 u16 control;
3544 u8 req_seq; 3529 u8 req_seq;
3545 int len, next_tx_seq_offset, req_seq_offset; 3530 int len, next_tx_seq_offset, req_seq_offset;
@@ -3553,17 +3538,17 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3553 * Receiver will miss it and start proper recovery 3538 * Receiver will miss it and start proper recovery
3554 * procedures and ask retransmission. 3539 * procedures and ask retransmission.
3555 */ 3540 */
3556 if (l2cap_check_fcs(pi, skb)) 3541 if (l2cap_check_fcs(chan, skb))
3557 goto drop; 3542 goto drop;
3558 3543
3559 if (__is_sar_start(control) && __is_iframe(control)) 3544 if (__is_sar_start(control) && __is_iframe(control))
3560 len -= 2; 3545 len -= 2;
3561 3546
3562 if (pi->fcs == L2CAP_FCS_CRC16) 3547 if (chan->fcs == L2CAP_FCS_CRC16)
3563 len -= 2; 3548 len -= 2;
3564 3549
3565 if (len > pi->mps) { 3550 if (len > chan->mps) {
3566 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3551 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3567 goto drop; 3552 goto drop;
3568 } 3553 }
3569 3554
@@ -3579,13 +3564,13 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3579 3564
3580 /* check for invalid req-seq */ 3565 /* check for invalid req-seq */
3581 if (req_seq_offset > next_tx_seq_offset) { 3566 if (req_seq_offset > next_tx_seq_offset) {
3582 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3567 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3583 goto drop; 3568 goto drop;
3584 } 3569 }
3585 3570
3586 if (__is_iframe(control)) { 3571 if (__is_iframe(control)) {
3587 if (len < 0) { 3572 if (len < 0) {
3588 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3573 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3589 goto drop; 3574 goto drop;
3590 } 3575 }
3591 3576
@@ -3593,7 +3578,7 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3593 } else { 3578 } else {
3594 if (len != 0) { 3579 if (len != 0) {
3595 BT_ERR("%d", len); 3580 BT_ERR("%d", len);
3596 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET); 3581 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3597 goto drop; 3582 goto drop;
3598 } 3583 }
3599 3584
@@ -3630,14 +3615,14 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3630 if (sk->sk_state != BT_CONNECTED) 3615 if (sk->sk_state != BT_CONNECTED)
3631 goto drop; 3616 goto drop;
3632 3617
3633 switch (pi->mode) { 3618 switch (chan->mode) {
3634 case L2CAP_MODE_BASIC: 3619 case L2CAP_MODE_BASIC:
3635 /* If socket recv buffers overflows we drop data here 3620 /* If socket recv buffers overflows we drop data here
3636 * which is *bad* because L2CAP has to be reliable. 3621 * which is *bad* because L2CAP has to be reliable.
3637 * But we don't have any other choice. L2CAP doesn't 3622 * But we don't have any other choice. L2CAP doesn't
3638 * provide flow control mechanism. */ 3623 * provide flow control mechanism. */
3639 3624
3640 if (pi->imtu < skb->len) 3625 if (chan->imtu < skb->len)
3641 goto drop; 3626 goto drop;
3642 3627
3643 if (!sock_queue_rcv_skb(sk, skb)) 3628 if (!sock_queue_rcv_skb(sk, skb))
@@ -3659,16 +3644,16 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3659 skb_pull(skb, 2); 3644 skb_pull(skb, 2);
3660 len = skb->len; 3645 len = skb->len;
3661 3646
3662 if (l2cap_check_fcs(pi, skb)) 3647 if (l2cap_check_fcs(chan, skb))
3663 goto drop; 3648 goto drop;
3664 3649
3665 if (__is_sar_start(control)) 3650 if (__is_sar_start(control))
3666 len -= 2; 3651 len -= 2;
3667 3652
3668 if (pi->fcs == L2CAP_FCS_CRC16) 3653 if (chan->fcs == L2CAP_FCS_CRC16)
3669 len -= 2; 3654 len -= 2;
3670 3655
3671 if (len > pi->mps || len < 0 || __is_sframe(control)) 3656 if (len > chan->mps || len < 0 || __is_sframe(control))
3672 goto drop; 3657 goto drop;
3673 3658
3674 tx_seq = __get_txseq(control); 3659 tx_seq = __get_txseq(control);
@@ -3683,7 +3668,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3683 goto done; 3668 goto done;
3684 3669
3685 default: 3670 default:
3686 BT_DBG("chan %p: bad mode 0x%2.2x", chan, pi->mode); 3671 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
3687 break; 3672 break;
3688 } 3673 }
3689 3674
@@ -3712,7 +3697,7 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
3712 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) 3697 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3713 goto drop; 3698 goto drop;
3714 3699
3715 if (l2cap_pi(sk)->imtu < skb->len) 3700 if (l2cap_pi(sk)->chan->imtu < skb->len)
3716 goto drop; 3701 goto drop;
3717 3702
3718 if (!sock_queue_rcv_skb(sk, skb)) 3703 if (!sock_queue_rcv_skb(sk, skb))
@@ -3742,7 +3727,7 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct
3742 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) 3727 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3743 goto drop; 3728 goto drop;
3744 3729
3745 if (l2cap_pi(sk)->imtu < skb->len) 3730 if (l2cap_pi(sk)->chan->imtu < skb->len)
3746 goto drop; 3731 goto drop;
3747 3732
3748 if (!sock_queue_rcv_skb(sk, skb)) 3733 if (!sock_queue_rcv_skb(sk, skb))
@@ -3812,17 +3797,19 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3812 /* Find listening sockets and check their link_mode */ 3797 /* Find listening sockets and check their link_mode */
3813 read_lock(&l2cap_sk_list.lock); 3798 read_lock(&l2cap_sk_list.lock);
3814 sk_for_each(sk, node, &l2cap_sk_list.head) { 3799 sk_for_each(sk, node, &l2cap_sk_list.head) {
3800 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3801
3815 if (sk->sk_state != BT_LISTEN) 3802 if (sk->sk_state != BT_LISTEN)
3816 continue; 3803 continue;
3817 3804
3818 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { 3805 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3819 lm1 |= HCI_LM_ACCEPT; 3806 lm1 |= HCI_LM_ACCEPT;
3820 if (l2cap_pi(sk)->role_switch) 3807 if (chan->role_switch)
3821 lm1 |= HCI_LM_MASTER; 3808 lm1 |= HCI_LM_MASTER;
3822 exact++; 3809 exact++;
3823 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 3810 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3824 lm2 |= HCI_LM_ACCEPT; 3811 lm2 |= HCI_LM_ACCEPT;
3825 if (l2cap_pi(sk)->role_switch) 3812 if (chan->role_switch)
3826 lm2 |= HCI_LM_MASTER; 3813 lm2 |= HCI_LM_MASTER;
3827 } 3814 }
3828 } 3815 }
@@ -3874,19 +3861,21 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3874 return 0; 3861 return 0;
3875} 3862}
3876 3863
3877static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) 3864static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
3878{ 3865{
3866 struct sock *sk = chan->sk;
3867
3879 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) 3868 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3880 return; 3869 return;
3881 3870
3882 if (encrypt == 0x00) { 3871 if (encrypt == 0x00) {
3883 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) { 3872 if (chan->sec_level == BT_SECURITY_MEDIUM) {
3884 l2cap_sock_clear_timer(sk); 3873 l2cap_sock_clear_timer(sk);
3885 l2cap_sock_set_timer(sk, HZ * 5); 3874 l2cap_sock_set_timer(sk, HZ * 5);
3886 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 3875 } else if (chan->sec_level == BT_SECURITY_HIGH)
3887 __l2cap_sock_close(sk, ECONNREFUSED); 3876 __l2cap_sock_close(sk, ECONNREFUSED);
3888 } else { 3877 } else {
3889 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) 3878 if (chan->sec_level == BT_SECURITY_MEDIUM)
3890 l2cap_sock_clear_timer(sk); 3879 l2cap_sock_clear_timer(sk);
3891 } 3880 }
3892} 3881}
@@ -3908,14 +3897,14 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3908 3897
3909 bh_lock_sock(sk); 3898 bh_lock_sock(sk);
3910 3899
3911 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { 3900 if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) {
3912 bh_unlock_sock(sk); 3901 bh_unlock_sock(sk);
3913 continue; 3902 continue;
3914 } 3903 }
3915 3904
3916 if (!status && (sk->sk_state == BT_CONNECTED || 3905 if (!status && (sk->sk_state == BT_CONNECTED ||
3917 sk->sk_state == BT_CONFIG)) { 3906 sk->sk_state == BT_CONFIG)) {
3918 l2cap_check_encryption(sk, encrypt); 3907 l2cap_check_encryption(chan, encrypt);
3919 bh_unlock_sock(sk); 3908 bh_unlock_sock(sk);
3920 continue; 3909 continue;
3921 } 3910 }
@@ -3923,11 +3912,11 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3923 if (sk->sk_state == BT_CONNECT) { 3912 if (sk->sk_state == BT_CONNECT) {
3924 if (!status) { 3913 if (!status) {
3925 struct l2cap_conn_req req; 3914 struct l2cap_conn_req req;
3926 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 3915 req.scid = cpu_to_le16(chan->scid);
3927 req.psm = l2cap_pi(sk)->psm; 3916 req.psm = chan->psm;
3928 3917
3929 chan->ident = l2cap_get_ident(conn); 3918 chan->ident = l2cap_get_ident(conn);
3930 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 3919 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
3931 3920
3932 l2cap_send_cmd(conn, chan->ident, 3921 l2cap_send_cmd(conn, chan->ident,
3933 L2CAP_CONN_REQ, sizeof(req), &req); 3922 L2CAP_CONN_REQ, sizeof(req), &req);
@@ -3948,8 +3937,8 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3948 result = L2CAP_CR_SEC_BLOCK; 3937 result = L2CAP_CR_SEC_BLOCK;
3949 } 3938 }
3950 3939
3951 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 3940 rsp.scid = cpu_to_le16(chan->dcid);
3952 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 3941 rsp.dcid = cpu_to_le16(chan->scid);
3953 rsp.result = cpu_to_le16(result); 3942 rsp.result = cpu_to_le16(result);
3954 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3943 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3955 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 3944 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
@@ -4021,10 +4010,10 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
4021 if (chan && chan->sk) { 4010 if (chan && chan->sk) {
4022 struct sock *sk = chan->sk; 4011 struct sock *sk = chan->sk;
4023 4012
4024 if (l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) { 4013 if (chan->imtu < len - L2CAP_HDR_SIZE) {
4025 BT_ERR("Frame exceeding recv MTU (len %d, " 4014 BT_ERR("Frame exceeding recv MTU (len %d, "
4026 "MTU %d)", len, 4015 "MTU %d)", len,
4027 l2cap_pi(sk)->imtu); 4016 chan->imtu);
4028 bh_unlock_sock(sk); 4017 bh_unlock_sock(sk);
4029 l2cap_conn_unreliable(conn, ECOMM); 4018 l2cap_conn_unreliable(conn, ECOMM);
4030 goto drop; 4019 goto drop;
@@ -4084,14 +4073,15 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
4084 4073
4085 sk_for_each(sk, node, &l2cap_sk_list.head) { 4074 sk_for_each(sk, node, &l2cap_sk_list.head) {
4086 struct l2cap_pinfo *pi = l2cap_pi(sk); 4075 struct l2cap_pinfo *pi = l2cap_pi(sk);
4076 struct l2cap_chan *chan = pi->chan;
4087 4077
4088 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 4078 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
4089 batostr(&bt_sk(sk)->src), 4079 batostr(&bt_sk(sk)->src),
4090 batostr(&bt_sk(sk)->dst), 4080 batostr(&bt_sk(sk)->dst),
4091 sk->sk_state, __le16_to_cpu(pi->psm), 4081 sk->sk_state, __le16_to_cpu(chan->psm),
4092 pi->scid, pi->dcid, 4082 chan->scid, chan->dcid,
4093 pi->imtu, pi->omtu, pi->sec_level, 4083 chan->imtu, chan->omtu, chan->sec_level,
4094 pi->mode); 4084 chan->mode);
4095 } 4085 }
4096 4086
4097 read_unlock_bh(&l2cap_sk_list.lock); 4087 read_unlock_bh(&l2cap_sk_list.lock);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 47394a178bd..7c4a9ae9b3c 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -30,6 +30,8 @@
30#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/l2cap.h> 31#include <net/bluetooth/l2cap.h>
32 32
33static const struct proto_ops l2cap_sock_ops;
34
33/* ---- L2CAP timers ---- */ 35/* ---- L2CAP timers ---- */
34static void l2cap_sock_timeout(unsigned long arg) 36static void l2cap_sock_timeout(unsigned long arg)
35{ 37{
@@ -51,7 +53,7 @@ static void l2cap_sock_timeout(unsigned long arg)
51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
52 reason = ECONNREFUSED; 54 reason = ECONNREFUSED;
53 else if (sk->sk_state == BT_CONNECT && 55 else if (sk->sk_state == BT_CONNECT &&
54 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP) 56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
55 reason = ECONNREFUSED; 57 reason = ECONNREFUSED;
56 else 58 else
57 reason = ETIMEDOUT; 59 reason = ETIMEDOUT;
@@ -80,9 +82,13 @@ static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
80{ 82{
81 struct sock *sk; 83 struct sock *sk;
82 struct hlist_node *node; 84 struct hlist_node *node;
83 sk_for_each(sk, node, &l2cap_sk_list.head) 85 sk_for_each(sk, node, &l2cap_sk_list.head) {
84 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src)) 86 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
87
88 if (chan->sport == psm && !bacmp(&bt_sk(sk)->src, src))
85 goto found; 89 goto found;
90 }
91
86 sk = NULL; 92 sk = NULL;
87found: 93found:
88 return sk; 94 return sk;
@@ -91,6 +97,7 @@ found:
91static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 97static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
92{ 98{
93 struct sock *sk = sock->sk; 99 struct sock *sk = sock->sk;
100 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
94 struct sockaddr_l2 la; 101 struct sockaddr_l2 la;
95 int len, err = 0; 102 int len, err = 0;
96 103
@@ -136,17 +143,17 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
136 } else { 143 } else {
137 /* Save source address */ 144 /* Save source address */
138 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 145 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
139 l2cap_pi(sk)->psm = la.l2_psm; 146 chan->psm = la.l2_psm;
140 l2cap_pi(sk)->sport = la.l2_psm; 147 chan->sport = la.l2_psm;
141 sk->sk_state = BT_BOUND; 148 sk->sk_state = BT_BOUND;
142 149
143 if (__le16_to_cpu(la.l2_psm) == 0x0001 || 150 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
144 __le16_to_cpu(la.l2_psm) == 0x0003) 151 __le16_to_cpu(la.l2_psm) == 0x0003)
145 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; 152 chan->sec_level = BT_SECURITY_SDP;
146 } 153 }
147 154
148 if (la.l2_cid) 155 if (la.l2_cid)
149 l2cap_pi(sk)->scid = la.l2_cid; 156 chan->scid = la.l2_cid;
150 157
151 write_unlock_bh(&l2cap_sk_list.lock); 158 write_unlock_bh(&l2cap_sk_list.lock);
152 159
@@ -158,6 +165,7 @@ done:
158static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 165static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
159{ 166{
160 struct sock *sk = sock->sk; 167 struct sock *sk = sock->sk;
168 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
161 struct sockaddr_l2 la; 169 struct sockaddr_l2 la;
162 int len, err = 0; 170 int len, err = 0;
163 171
@@ -182,7 +190,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
182 goto done; 190 goto done;
183 } 191 }
184 192
185 switch (l2cap_pi(sk)->mode) { 193 switch (chan->mode) {
186 case L2CAP_MODE_BASIC: 194 case L2CAP_MODE_BASIC:
187 break; 195 break;
188 case L2CAP_MODE_ERTM: 196 case L2CAP_MODE_ERTM:
@@ -226,10 +234,10 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
226 234
227 /* Set destination address and psm */ 235 /* Set destination address and psm */
228 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); 236 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
229 l2cap_pi(sk)->psm = la.l2_psm; 237 chan->psm = la.l2_psm;
230 l2cap_pi(sk)->dcid = la.l2_cid; 238 chan->dcid = la.l2_cid;
231 239
232 err = l2cap_do_connect(sk); 240 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
233 if (err) 241 if (err)
234 goto done; 242 goto done;
235 243
@@ -244,6 +252,7 @@ done:
244static int l2cap_sock_listen(struct socket *sock, int backlog) 252static int l2cap_sock_listen(struct socket *sock, int backlog)
245{ 253{
246 struct sock *sk = sock->sk; 254 struct sock *sk = sock->sk;
255 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
247 int err = 0; 256 int err = 0;
248 257
249 BT_DBG("sk %p backlog %d", sk, backlog); 258 BT_DBG("sk %p backlog %d", sk, backlog);
@@ -256,7 +265,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
256 goto done; 265 goto done;
257 } 266 }
258 267
259 switch (l2cap_pi(sk)->mode) { 268 switch (chan->mode) {
260 case L2CAP_MODE_BASIC: 269 case L2CAP_MODE_BASIC:
261 break; 270 break;
262 case L2CAP_MODE_ERTM: 271 case L2CAP_MODE_ERTM:
@@ -269,7 +278,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
269 goto done; 278 goto done;
270 } 279 }
271 280
272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->scid) { 281 if (!chan->psm && !chan->scid) {
273 bdaddr_t *src = &bt_sk(sk)->src; 282 bdaddr_t *src = &bt_sk(sk)->src;
274 u16 psm; 283 u16 psm;
275 284
@@ -279,8 +288,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
279 288
280 for (psm = 0x1001; psm < 0x1100; psm += 2) 289 for (psm = 0x1001; psm < 0x1100; psm += 2)
281 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) { 290 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
282 l2cap_pi(sk)->psm = cpu_to_le16(psm); 291 chan->psm = cpu_to_le16(psm);
283 l2cap_pi(sk)->sport = cpu_to_le16(psm); 292 chan->sport = cpu_to_le16(psm);
284 err = 0; 293 err = 0;
285 break; 294 break;
286 } 295 }
@@ -360,6 +369,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
360{ 369{
361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 370 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
362 struct sock *sk = sock->sk; 371 struct sock *sk = sock->sk;
372 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
363 373
364 BT_DBG("sock %p, sk %p", sock, sk); 374 BT_DBG("sock %p, sk %p", sock, sk);
365 375
@@ -367,13 +377,13 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
367 *len = sizeof(struct sockaddr_l2); 377 *len = sizeof(struct sockaddr_l2);
368 378
369 if (peer) { 379 if (peer) {
370 la->l2_psm = l2cap_pi(sk)->psm; 380 la->l2_psm = chan->psm;
371 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 381 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
372 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid); 382 la->l2_cid = cpu_to_le16(chan->dcid);
373 } else { 383 } else {
374 la->l2_psm = l2cap_pi(sk)->sport; 384 la->l2_psm = chan->sport;
375 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 385 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
376 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid); 386 la->l2_cid = cpu_to_le16(chan->scid);
377 } 387 }
378 388
379 return 0; 389 return 0;
@@ -382,6 +392,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
382static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 392static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
383{ 393{
384 struct sock *sk = sock->sk; 394 struct sock *sk = sock->sk;
395 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
385 struct l2cap_options opts; 396 struct l2cap_options opts;
386 struct l2cap_conninfo cinfo; 397 struct l2cap_conninfo cinfo;
387 int len, err = 0; 398 int len, err = 0;
@@ -397,13 +408,13 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
397 switch (optname) { 408 switch (optname) {
398 case L2CAP_OPTIONS: 409 case L2CAP_OPTIONS:
399 memset(&opts, 0, sizeof(opts)); 410 memset(&opts, 0, sizeof(opts));
400 opts.imtu = l2cap_pi(sk)->imtu; 411 opts.imtu = chan->imtu;
401 opts.omtu = l2cap_pi(sk)->omtu; 412 opts.omtu = chan->omtu;
402 opts.flush_to = l2cap_pi(sk)->flush_to; 413 opts.flush_to = chan->flush_to;
403 opts.mode = l2cap_pi(sk)->mode; 414 opts.mode = chan->mode;
404 opts.fcs = l2cap_pi(sk)->fcs; 415 opts.fcs = chan->fcs;
405 opts.max_tx = l2cap_pi(sk)->max_tx; 416 opts.max_tx = chan->max_tx;
406 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win; 417 opts.txwin_size = (__u16)chan->tx_win;
407 418
408 len = min_t(unsigned int, len, sizeof(opts)); 419 len = min_t(unsigned int, len, sizeof(opts));
409 if (copy_to_user(optval, (char *) &opts, len)) 420 if (copy_to_user(optval, (char *) &opts, len))
@@ -412,7 +423,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
412 break; 423 break;
413 424
414 case L2CAP_LM: 425 case L2CAP_LM:
415 switch (l2cap_pi(sk)->sec_level) { 426 switch (chan->sec_level) {
416 case BT_SECURITY_LOW: 427 case BT_SECURITY_LOW:
417 opt = L2CAP_LM_AUTH; 428 opt = L2CAP_LM_AUTH;
418 break; 429 break;
@@ -428,10 +439,10 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
428 break; 439 break;
429 } 440 }
430 441
431 if (l2cap_pi(sk)->role_switch) 442 if (chan->role_switch)
432 opt |= L2CAP_LM_MASTER; 443 opt |= L2CAP_LM_MASTER;
433 444
434 if (l2cap_pi(sk)->force_reliable) 445 if (chan->force_reliable)
435 opt |= L2CAP_LM_RELIABLE; 446 opt |= L2CAP_LM_RELIABLE;
436 447
437 if (put_user(opt, (u32 __user *) optval)) 448 if (put_user(opt, (u32 __user *) optval))
@@ -446,8 +457,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
446 break; 457 break;
447 } 458 }
448 459
449 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle; 460 cinfo.hci_handle = chan->conn->hcon->handle;
450 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3); 461 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
451 462
452 len = min_t(unsigned int, len, sizeof(cinfo)); 463 len = min_t(unsigned int, len, sizeof(cinfo));
453 if (copy_to_user(optval, (char *) &cinfo, len)) 464 if (copy_to_user(optval, (char *) &cinfo, len))
@@ -467,6 +478,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
467static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 478static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
468{ 479{
469 struct sock *sk = sock->sk; 480 struct sock *sk = sock->sk;
481 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
470 struct bt_security sec; 482 struct bt_security sec;
471 int len, err = 0; 483 int len, err = 0;
472 484
@@ -491,7 +503,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
491 break; 503 break;
492 } 504 }
493 505
494 sec.level = l2cap_pi(sk)->sec_level; 506 sec.level = chan->sec_level;
495 507
496 len = min_t(unsigned int, len, sizeof(sec)); 508 len = min_t(unsigned int, len, sizeof(sec));
497 if (copy_to_user(optval, (char *) &sec, len)) 509 if (copy_to_user(optval, (char *) &sec, len))
@@ -511,7 +523,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
511 break; 523 break;
512 524
513 case BT_FLUSHABLE: 525 case BT_FLUSHABLE:
514 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval)) 526 if (put_user(chan->flushable, (u32 __user *) optval))
515 err = -EFAULT; 527 err = -EFAULT;
516 528
517 break; 529 break;
@@ -528,6 +540,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
528static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 540static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
529{ 541{
530 struct sock *sk = sock->sk; 542 struct sock *sk = sock->sk;
543 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
531 struct l2cap_options opts; 544 struct l2cap_options opts;
532 int len, err = 0; 545 int len, err = 0;
533 u32 opt; 546 u32 opt;
@@ -543,13 +556,13 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
543 break; 556 break;
544 } 557 }
545 558
546 opts.imtu = l2cap_pi(sk)->imtu; 559 opts.imtu = chan->imtu;
547 opts.omtu = l2cap_pi(sk)->omtu; 560 opts.omtu = chan->omtu;
548 opts.flush_to = l2cap_pi(sk)->flush_to; 561 opts.flush_to = chan->flush_to;
549 opts.mode = l2cap_pi(sk)->mode; 562 opts.mode = chan->mode;
550 opts.fcs = l2cap_pi(sk)->fcs; 563 opts.fcs = chan->fcs;
551 opts.max_tx = l2cap_pi(sk)->max_tx; 564 opts.max_tx = chan->max_tx;
552 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win; 565 opts.txwin_size = (__u16)chan->tx_win;
553 566
554 len = min_t(unsigned int, sizeof(opts), optlen); 567 len = min_t(unsigned int, sizeof(opts), optlen);
555 if (copy_from_user((char *) &opts, optval, len)) { 568 if (copy_from_user((char *) &opts, optval, len)) {
@@ -562,10 +575,10 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
562 break; 575 break;
563 } 576 }
564 577
565 l2cap_pi(sk)->mode = opts.mode; 578 chan->mode = opts.mode;
566 switch (l2cap_pi(sk)->mode) { 579 switch (chan->mode) {
567 case L2CAP_MODE_BASIC: 580 case L2CAP_MODE_BASIC:
568 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; 581 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
569 break; 582 break;
570 case L2CAP_MODE_ERTM: 583 case L2CAP_MODE_ERTM:
571 case L2CAP_MODE_STREAMING: 584 case L2CAP_MODE_STREAMING:
@@ -577,11 +590,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
577 break; 590 break;
578 } 591 }
579 592
580 l2cap_pi(sk)->imtu = opts.imtu; 593 chan->imtu = opts.imtu;
581 l2cap_pi(sk)->omtu = opts.omtu; 594 chan->omtu = opts.omtu;
582 l2cap_pi(sk)->fcs = opts.fcs; 595 chan->fcs = opts.fcs;
583 l2cap_pi(sk)->max_tx = opts.max_tx; 596 chan->max_tx = opts.max_tx;
584 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size; 597 chan->tx_win = (__u8)opts.txwin_size;
585 break; 598 break;
586 599
587 case L2CAP_LM: 600 case L2CAP_LM:
@@ -591,14 +604,14 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
591 } 604 }
592 605
593 if (opt & L2CAP_LM_AUTH) 606 if (opt & L2CAP_LM_AUTH)
594 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW; 607 chan->sec_level = BT_SECURITY_LOW;
595 if (opt & L2CAP_LM_ENCRYPT) 608 if (opt & L2CAP_LM_ENCRYPT)
596 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 609 chan->sec_level = BT_SECURITY_MEDIUM;
597 if (opt & L2CAP_LM_SECURE) 610 if (opt & L2CAP_LM_SECURE)
598 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH; 611 chan->sec_level = BT_SECURITY_HIGH;
599 612
600 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER); 613 chan->role_switch = (opt & L2CAP_LM_MASTER);
601 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE); 614 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
602 break; 615 break;
603 616
604 default: 617 default:
@@ -613,6 +626,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
613static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 626static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
614{ 627{
615 struct sock *sk = sock->sk; 628 struct sock *sk = sock->sk;
629 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
616 struct bt_security sec; 630 struct bt_security sec;
617 int len, err = 0; 631 int len, err = 0;
618 u32 opt; 632 u32 opt;
@@ -649,7 +663,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
649 break; 663 break;
650 } 664 }
651 665
652 l2cap_pi(sk)->sec_level = sec.level; 666 chan->sec_level = sec.level;
653 break; 667 break;
654 668
655 case BT_DEFER_SETUP: 669 case BT_DEFER_SETUP:
@@ -678,7 +692,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
678 } 692 }
679 693
680 if (opt == BT_FLUSHABLE_OFF) { 694 if (opt == BT_FLUSHABLE_OFF) {
681 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 695 struct l2cap_conn *conn = chan->conn;
682 /* proceed further only when we have l2cap_conn and 696 /* proceed further only when we have l2cap_conn and
683 No Flush support in the LM */ 697 No Flush support in the LM */
684 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 698 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
@@ -687,7 +701,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
687 } 701 }
688 } 702 }
689 703
690 l2cap_pi(sk)->flushable = opt; 704 chan->flushable = opt;
691 break; 705 break;
692 706
693 default: 707 default:
@@ -702,7 +716,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
702static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 716static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
703{ 717{
704 struct sock *sk = sock->sk; 718 struct sock *sk = sock->sk;
705 struct l2cap_pinfo *pi = l2cap_pi(sk); 719 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
706 struct sk_buff *skb; 720 struct sk_buff *skb;
707 u16 control; 721 u16 control;
708 int err; 722 int err;
@@ -725,76 +739,77 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
725 739
726 /* Connectionless channel */ 740 /* Connectionless channel */
727 if (sk->sk_type == SOCK_DGRAM) { 741 if (sk->sk_type == SOCK_DGRAM) {
728 skb = l2cap_create_connless_pdu(sk, msg, len); 742 skb = l2cap_create_connless_pdu(chan, msg, len);
729 if (IS_ERR(skb)) { 743 if (IS_ERR(skb)) {
730 err = PTR_ERR(skb); 744 err = PTR_ERR(skb);
731 } else { 745 } else {
732 l2cap_do_send(sk, skb); 746 l2cap_do_send(chan, skb);
733 err = len; 747 err = len;
734 } 748 }
735 goto done; 749 goto done;
736 } 750 }
737 751
738 switch (pi->mode) { 752 switch (chan->mode) {
739 case L2CAP_MODE_BASIC: 753 case L2CAP_MODE_BASIC:
740 /* Check outgoing MTU */ 754 /* Check outgoing MTU */
741 if (len > pi->omtu) { 755 if (len > chan->omtu) {
742 err = -EMSGSIZE; 756 err = -EMSGSIZE;
743 goto done; 757 goto done;
744 } 758 }
745 759
746 /* Create a basic PDU */ 760 /* Create a basic PDU */
747 skb = l2cap_create_basic_pdu(sk, msg, len); 761 skb = l2cap_create_basic_pdu(chan, msg, len);
748 if (IS_ERR(skb)) { 762 if (IS_ERR(skb)) {
749 err = PTR_ERR(skb); 763 err = PTR_ERR(skb);
750 goto done; 764 goto done;
751 } 765 }
752 766
753 l2cap_do_send(sk, skb); 767 l2cap_do_send(chan, skb);
754 err = len; 768 err = len;
755 break; 769 break;
756 770
757 case L2CAP_MODE_ERTM: 771 case L2CAP_MODE_ERTM:
758 case L2CAP_MODE_STREAMING: 772 case L2CAP_MODE_STREAMING:
759 /* Entire SDU fits into one PDU */ 773 /* Entire SDU fits into one PDU */
760 if (len <= pi->chan->remote_mps) { 774 if (len <= chan->remote_mps) {
761 control = L2CAP_SDU_UNSEGMENTED; 775 control = L2CAP_SDU_UNSEGMENTED;
762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 776 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
777 0);
763 if (IS_ERR(skb)) { 778 if (IS_ERR(skb)) {
764 err = PTR_ERR(skb); 779 err = PTR_ERR(skb);
765 goto done; 780 goto done;
766 } 781 }
767 __skb_queue_tail(&pi->chan->tx_q, skb); 782 __skb_queue_tail(&chan->tx_q, skb);
768 783
769 if (pi->chan->tx_send_head == NULL) 784 if (chan->tx_send_head == NULL)
770 pi->chan->tx_send_head = skb; 785 chan->tx_send_head = skb;
771 786
772 } else { 787 } else {
773 /* Segment SDU into multiples PDUs */ 788 /* Segment SDU into multiples PDUs */
774 err = l2cap_sar_segment_sdu(pi->chan, msg, len); 789 err = l2cap_sar_segment_sdu(chan, msg, len);
775 if (err < 0) 790 if (err < 0)
776 goto done; 791 goto done;
777 } 792 }
778 793
779 if (pi->mode == L2CAP_MODE_STREAMING) { 794 if (chan->mode == L2CAP_MODE_STREAMING) {
780 l2cap_streaming_send(pi->chan); 795 l2cap_streaming_send(chan);
781 err = len; 796 err = len;
782 break; 797 break;
783 } 798 }
784 799
785 if ((pi->chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && 800 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
786 (pi->chan->conn_state & L2CAP_CONN_WAIT_F)) { 801 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
787 err = len; 802 err = len;
788 break; 803 break;
789 } 804 }
790 err = l2cap_ertm_send(pi->chan); 805 err = l2cap_ertm_send(chan);
791 806
792 if (err >= 0) 807 if (err >= 0)
793 err = len; 808 err = len;
794 break; 809 break;
795 810
796 default: 811 default:
797 BT_DBG("bad state %1.1x", pi->mode); 812 BT_DBG("bad state %1.1x", chan->mode);
798 err = -EBADFD; 813 err = -EBADFD;
799 } 814 }
800 815
@@ -810,7 +825,9 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
810 lock_sock(sk); 825 lock_sock(sk);
811 826
812 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 827 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
813 __l2cap_connect_rsp_defer(sk); 828 sk->sk_state = BT_CONFIG;
829
830 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
814 release_sock(sk); 831 release_sock(sk);
815 return 0; 832 return 0;
816 } 833 }
@@ -834,6 +851,8 @@ void l2cap_sock_kill(struct sock *sk)
834 BT_DBG("sk %p state %d", sk, sk->sk_state); 851 BT_DBG("sk %p state %d", sk, sk->sk_state);
835 852
836 /* Kill poor orphan */ 853 /* Kill poor orphan */
854
855 l2cap_chan_free(l2cap_pi(sk)->chan);
837 bt_sock_unlink(&l2cap_sk_list, sk); 856 bt_sock_unlink(&l2cap_sk_list, sk);
838 sock_set_flag(sk, SOCK_DEAD); 857 sock_set_flag(sk, SOCK_DEAD);
839 sock_put(sk); 858 sock_put(sk);
@@ -865,8 +884,8 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
865 884
866void __l2cap_sock_close(struct sock *sk, int reason) 885void __l2cap_sock_close(struct sock *sk, int reason)
867{ 886{
868 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
869 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 887 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
888 struct l2cap_conn *conn = chan->conn;
870 889
871 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 890 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
872 891
@@ -898,8 +917,8 @@ void __l2cap_sock_close(struct sock *sk, int reason)
898 else 917 else
899 result = L2CAP_CR_BAD_PSM; 918 result = L2CAP_CR_BAD_PSM;
900 919
901 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 920 rsp.scid = cpu_to_le16(chan->dcid);
902 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 921 rsp.dcid = cpu_to_le16(chan->scid);
903 rsp.result = cpu_to_le16(result); 922 rsp.result = cpu_to_le16(result);
904 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 923 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
905 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 924 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
@@ -923,6 +942,7 @@ void __l2cap_sock_close(struct sock *sk, int reason)
923static int l2cap_sock_shutdown(struct socket *sock, int how) 942static int l2cap_sock_shutdown(struct socket *sock, int how)
924{ 943{
925 struct sock *sk = sock->sk; 944 struct sock *sk = sock->sk;
945 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
926 int err = 0; 946 int err = 0;
927 947
928 BT_DBG("sock %p, sk %p", sock, sk); 948 BT_DBG("sock %p, sk %p", sock, sk);
@@ -932,7 +952,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
932 952
933 lock_sock(sk); 953 lock_sock(sk);
934 if (!sk->sk_shutdown) { 954 if (!sk->sk_shutdown) {
935 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 955 if (chan->mode == L2CAP_MODE_ERTM)
936 err = __l2cap_wait_ack(sk); 956 err = __l2cap_wait_ack(sk);
937 957
938 sk->sk_shutdown = SHUTDOWN_MASK; 958 sk->sk_shutdown = SHUTDOWN_MASK;
@@ -979,44 +999,47 @@ static void l2cap_sock_destruct(struct sock *sk)
979void l2cap_sock_init(struct sock *sk, struct sock *parent) 999void l2cap_sock_init(struct sock *sk, struct sock *parent)
980{ 1000{
981 struct l2cap_pinfo *pi = l2cap_pi(sk); 1001 struct l2cap_pinfo *pi = l2cap_pi(sk);
1002 struct l2cap_chan *chan = pi->chan;
982 1003
983 BT_DBG("sk %p", sk); 1004 BT_DBG("sk %p", sk);
984 1005
985 if (parent) { 1006 if (parent) {
1007 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1008
986 sk->sk_type = parent->sk_type; 1009 sk->sk_type = parent->sk_type;
987 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 1010 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
988 1011
989 pi->imtu = l2cap_pi(parent)->imtu; 1012 chan->imtu = pchan->imtu;
990 pi->omtu = l2cap_pi(parent)->omtu; 1013 chan->omtu = pchan->omtu;
991 pi->conf_state = l2cap_pi(parent)->conf_state; 1014 chan->conf_state = pchan->conf_state;
992 pi->mode = l2cap_pi(parent)->mode; 1015 chan->mode = pchan->mode;
993 pi->fcs = l2cap_pi(parent)->fcs; 1016 chan->fcs = pchan->fcs;
994 pi->max_tx = l2cap_pi(parent)->max_tx; 1017 chan->max_tx = pchan->max_tx;
995 pi->tx_win = l2cap_pi(parent)->tx_win; 1018 chan->tx_win = pchan->tx_win;
996 pi->sec_level = l2cap_pi(parent)->sec_level; 1019 chan->sec_level = pchan->sec_level;
997 pi->role_switch = l2cap_pi(parent)->role_switch; 1020 chan->role_switch = pchan->role_switch;
998 pi->force_reliable = l2cap_pi(parent)->force_reliable; 1021 chan->force_reliable = pchan->force_reliable;
999 pi->flushable = l2cap_pi(parent)->flushable; 1022 chan->flushable = pchan->flushable;
1000 } else { 1023 } else {
1001 pi->imtu = L2CAP_DEFAULT_MTU; 1024 chan->imtu = L2CAP_DEFAULT_MTU;
1002 pi->omtu = 0; 1025 chan->omtu = 0;
1003 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1026 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1004 pi->mode = L2CAP_MODE_ERTM; 1027 chan->mode = L2CAP_MODE_ERTM;
1005 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE; 1028 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1006 } else { 1029 } else {
1007 pi->mode = L2CAP_MODE_BASIC; 1030 chan->mode = L2CAP_MODE_BASIC;
1008 } 1031 }
1009 pi->max_tx = L2CAP_DEFAULT_MAX_TX; 1032 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
1010 pi->fcs = L2CAP_FCS_CRC16; 1033 chan->fcs = L2CAP_FCS_CRC16;
1011 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW; 1034 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
1012 pi->sec_level = BT_SECURITY_LOW; 1035 chan->sec_level = BT_SECURITY_LOW;
1013 pi->role_switch = 0; 1036 chan->role_switch = 0;
1014 pi->force_reliable = 0; 1037 chan->force_reliable = 0;
1015 pi->flushable = BT_FLUSHABLE_OFF; 1038 chan->flushable = BT_FLUSHABLE_OFF;
1016 } 1039 }
1017 1040
1018 /* Default config options */ 1041 /* Default config options */
1019 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1042 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1020} 1043}
1021 1044
1022static struct proto l2cap_proto = { 1045static struct proto l2cap_proto = {
@@ -1054,6 +1077,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1054 int kern) 1077 int kern)
1055{ 1078{
1056 struct sock *sk; 1079 struct sock *sk;
1080 struct l2cap_chan *chan;
1057 1081
1058 BT_DBG("sock %p", sock); 1082 BT_DBG("sock %p", sock);
1059 1083
@@ -1072,11 +1096,19 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1072 if (!sk) 1096 if (!sk)
1073 return -ENOMEM; 1097 return -ENOMEM;
1074 1098
1099 chan = l2cap_chan_alloc(sk);
1100 if (!chan) {
1101 l2cap_sock_kill(sk);
1102 return -ENOMEM;
1103 }
1104
1105 l2cap_pi(sk)->chan = chan;
1106
1075 l2cap_sock_init(sk, NULL); 1107 l2cap_sock_init(sk, NULL);
1076 return 0; 1108 return 0;
1077} 1109}
1078 1110
1079const struct proto_ops l2cap_sock_ops = { 1111static const struct proto_ops l2cap_sock_ops = {
1080 .family = PF_BLUETOOTH, 1112 .family = PF_BLUETOOTH,
1081 .owner = THIS_MODULE, 1113 .owner = THIS_MODULE,
1082 .release = l2cap_sock_release, 1114 .release = l2cap_sock_release,
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index c304688252b..2481d257ed9 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -945,7 +945,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
945 for (i = 0; i < key_count; i++) { 945 for (i = 0; i < key_count; i++) {
946 struct mgmt_key_info *key = &cp->keys[i]; 946 struct mgmt_key_info *key = &cp->keys[i];
947 947
948 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type, 948 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
949 key->pin_len); 949 key->pin_len);
950 } 950 }
951 951
@@ -1569,6 +1569,75 @@ static int remove_remote_oob_data(struct sock *sk, u16 index,
1569 return err; 1569 return err;
1570} 1570}
1571 1571
1572static int start_discovery(struct sock *sk, u16 index)
1573{
1574 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1575 struct hci_cp_inquiry cp;
1576 struct pending_cmd *cmd;
1577 struct hci_dev *hdev;
1578 int err;
1579
1580 BT_DBG("hci%u", index);
1581
1582 hdev = hci_dev_get(index);
1583 if (!hdev)
1584 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1585
1586 hci_dev_lock_bh(hdev);
1587
1588 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1589 if (!cmd) {
1590 err = -ENOMEM;
1591 goto failed;
1592 }
1593
1594 memset(&cp, 0, sizeof(cp));
1595 memcpy(&cp.lap, lap, 3);
1596 cp.length = 0x08;
1597 cp.num_rsp = 0x00;
1598
1599 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1600 if (err < 0)
1601 mgmt_pending_remove(cmd);
1602
1603failed:
1604 hci_dev_unlock_bh(hdev);
1605 hci_dev_put(hdev);
1606
1607 return err;
1608}
1609
1610static int stop_discovery(struct sock *sk, u16 index)
1611{
1612 struct hci_dev *hdev;
1613 struct pending_cmd *cmd;
1614 int err;
1615
1616 BT_DBG("hci%u", index);
1617
1618 hdev = hci_dev_get(index);
1619 if (!hdev)
1620 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1621
1622 hci_dev_lock_bh(hdev);
1623
1624 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1625 if (!cmd) {
1626 err = -ENOMEM;
1627 goto failed;
1628 }
1629
1630 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1631 if (err < 0)
1632 mgmt_pending_remove(cmd);
1633
1634failed:
1635 hci_dev_unlock_bh(hdev);
1636 hci_dev_put(hdev);
1637
1638 return err;
1639}
1640
1572int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1641int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1573{ 1642{
1574 unsigned char *buf; 1643 unsigned char *buf;
@@ -1677,7 +1746,12 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1677 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 1746 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1678 len); 1747 len);
1679 break; 1748 break;
1680 1749 case MGMT_OP_START_DISCOVERY:
1750 err = start_discovery(sk, index);
1751 break;
1752 case MGMT_OP_STOP_DISCOVERY:
1753 err = stop_discovery(sk, index);
1754 break;
1681 default: 1755 default:
1682 BT_DBG("Unknown op %u", opcode); 1756 BT_DBG("Unknown op %u", opcode);
1683 err = cmd_status(sk, index, opcode, 0x01); 1757 err = cmd_status(sk, index, opcode, 0x01);
@@ -1784,17 +1858,17 @@ int mgmt_connectable(u16 index, u8 connectable)
1784 return ret; 1858 return ret;
1785} 1859}
1786 1860
1787int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type) 1861int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
1788{ 1862{
1789 struct mgmt_ev_new_key ev; 1863 struct mgmt_ev_new_key ev;
1790 1864
1791 memset(&ev, 0, sizeof(ev)); 1865 memset(&ev, 0, sizeof(ev));
1792 1866
1867 ev.store_hint = persistent;
1793 bacpy(&ev.key.bdaddr, &key->bdaddr); 1868 bacpy(&ev.key.bdaddr, &key->bdaddr);
1794 ev.key.type = key->type; 1869 ev.key.type = key->type;
1795 memcpy(ev.key.val, key->val, 16); 1870 memcpy(ev.key.val, key->val, 16);
1796 ev.key.pin_len = key->pin_len; 1871 ev.key.pin_len = key->pin_len;
1797 ev.old_key_type = old_key_type;
1798 1872
1799 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); 1873 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1800} 1874}
@@ -1868,11 +1942,12 @@ int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1868 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL); 1942 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1869} 1943}
1870 1944
1871int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr) 1945int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
1872{ 1946{
1873 struct mgmt_ev_pin_code_request ev; 1947 struct mgmt_ev_pin_code_request ev;
1874 1948
1875 bacpy(&ev.bdaddr, bdaddr); 1949 bacpy(&ev.bdaddr, bdaddr);
1950 ev.secure = secure;
1876 1951
1877 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev), 1952 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1878 NULL); 1953 NULL);
@@ -1920,13 +1995,15 @@ int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1920 return err; 1995 return err;
1921} 1996}
1922 1997
1923int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value) 1998int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
1999 u8 confirm_hint)
1924{ 2000{
1925 struct mgmt_ev_user_confirm_request ev; 2001 struct mgmt_ev_user_confirm_request ev;
1926 2002
1927 BT_DBG("hci%u", index); 2003 BT_DBG("hci%u", index);
1928 2004
1929 bacpy(&ev.bdaddr, bdaddr); 2005 bacpy(&ev.bdaddr, bdaddr);
2006 ev.confirm_hint = confirm_hint;
1930 put_unaligned_le32(value, &ev.value); 2007 put_unaligned_le32(value, &ev.value);
1931 2008
1932 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev), 2009 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
@@ -2075,3 +2152,9 @@ int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2075 2152
2076 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL); 2153 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2077} 2154}
2155
2156int mgmt_discovering(u16 index, u8 discovering)
2157{
2158 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2159 sizeof(discovering), NULL);
2160}
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index c9973932456..121a5c13b98 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -232,6 +232,8 @@ static int rfcomm_l2sock_create(struct socket **sock)
232static inline int rfcomm_check_security(struct rfcomm_dlc *d) 232static inline int rfcomm_check_security(struct rfcomm_dlc *d)
233{ 233{
234 struct sock *sk = d->session->sock->sk; 234 struct sock *sk = d->session->sock->sk;
235 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
236
235 __u8 auth_type; 237 __u8 auth_type;
236 238
237 switch (d->sec_level) { 239 switch (d->sec_level) {
@@ -246,8 +248,7 @@ static inline int rfcomm_check_security(struct rfcomm_dlc *d)
246 break; 248 break;
247 } 249 }
248 250
249 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 251 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
250 auth_type);
251} 252}
252 253
253static void rfcomm_session_timeout(unsigned long arg) 254static void rfcomm_session_timeout(unsigned long arg)
@@ -710,10 +711,10 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
710 /* Set L2CAP options */ 711 /* Set L2CAP options */
711 sk = sock->sk; 712 sk = sock->sk;
712 lock_sock(sk); 713 lock_sock(sk);
713 l2cap_pi(sk)->imtu = l2cap_mtu; 714 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
714 l2cap_pi(sk)->sec_level = sec_level; 715 l2cap_pi(sk)->chan->sec_level = sec_level;
715 if (l2cap_ertm) 716 if (l2cap_ertm)
716 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 717 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
717 release_sock(sk); 718 release_sock(sk);
718 719
719 s = rfcomm_session_add(sock, BT_BOUND); 720 s = rfcomm_session_add(sock, BT_BOUND);
@@ -1241,6 +1242,7 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1241void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1242void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1242{ 1243{
1243 struct sock *sk = d->session->sock->sk; 1244 struct sock *sk = d->session->sock->sk;
1245 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1244 1246
1245 BT_DBG("dlc %p", d); 1247 BT_DBG("dlc %p", d);
1246 1248
@@ -1254,7 +1256,7 @@ void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1254 rfcomm_dlc_unlock(d); 1256 rfcomm_dlc_unlock(d);
1255 1257
1256 if (d->role_switch) 1258 if (d->role_switch)
1257 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1259 hci_conn_switch_role(conn->hcon, 0x00);
1258 1260
1259 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1261 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1260} 1262}
@@ -1890,7 +1892,8 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1890 1892
1891 /* We should adjust MTU on incoming sessions. 1893 /* We should adjust MTU on incoming sessions.
1892 * L2CAP MTU minus UIH header and FCS. */ 1894 * L2CAP MTU minus UIH header and FCS. */
1893 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1895 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1896 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1894 1897
1895 rfcomm_schedule(); 1898 rfcomm_schedule();
1896 } else 1899 } else
@@ -1909,7 +1912,7 @@ static inline void rfcomm_check_connection(struct rfcomm_session *s)
1909 1912
1910 /* We can adjust MTU on outgoing sessions. 1913 /* We can adjust MTU on outgoing sessions.
1911 * L2CAP MTU minus UIH header and FCS. */ 1914 * L2CAP MTU minus UIH header and FCS. */
1912 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1915 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1913 1916
1914 rfcomm_send_sabm(s, 0); 1917 rfcomm_send_sabm(s, 0);
1915 break; 1918 break;
@@ -1992,7 +1995,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1992 /* Set L2CAP options */ 1995 /* Set L2CAP options */
1993 sk = sock->sk; 1996 sk = sock->sk;
1994 lock_sock(sk); 1997 lock_sock(sk);
1995 l2cap_pi(sk)->imtu = l2cap_mtu; 1998 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1996 release_sock(sk); 1999 release_sock(sk);
1997 2000
1998 /* Start listening on the socket */ 2001 /* Start listening on the socket */
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 66cc1f0c3df..386cfaffd4b 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -743,6 +743,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
743 struct sock *sk = sock->sk; 743 struct sock *sk = sock->sk;
744 struct sock *l2cap_sk; 744 struct sock *l2cap_sk;
745 struct rfcomm_conninfo cinfo; 745 struct rfcomm_conninfo cinfo;
746 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
746 int len, err = 0; 747 int len, err = 0;
747 u32 opt; 748 u32 opt;
748 749
@@ -787,8 +788,8 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
787 788
788 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 789 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
789 790
790 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 791 cinfo.hci_handle = conn->hcon->handle;
791 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 792 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
792 793
793 len = min_t(unsigned int, len, sizeof(cinfo)); 794 len = min_t(unsigned int, len, sizeof(cinfo));
794 if (copy_to_user(optval, (char *) &cinfo, len)) 795 if (copy_to_user(optval, (char *) &cinfo, len))
diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c
index 4bd6ef0be38..b9b595c0811 100644
--- a/net/mac80211/aes_ccm.c
+++ b/net/mac80211/aes_ccm.c
@@ -54,13 +54,12 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
54 u8 *cdata, u8 *mic) 54 u8 *cdata, u8 *mic)
55{ 55{
56 int i, j, last_len, num_blocks; 56 int i, j, last_len, num_blocks;
57 u8 *pos, *cpos, *b, *s_0, *e, *b_0, *aad; 57 u8 *pos, *cpos, *b, *s_0, *e, *b_0;
58 58
59 b = scratch; 59 b = scratch;
60 s_0 = scratch + AES_BLOCK_LEN; 60 s_0 = scratch + AES_BLOCK_LEN;
61 e = scratch + 2 * AES_BLOCK_LEN; 61 e = scratch + 2 * AES_BLOCK_LEN;
62 b_0 = scratch + 3 * AES_BLOCK_LEN; 62 b_0 = scratch + 3 * AES_BLOCK_LEN;
63 aad = scratch + 4 * AES_BLOCK_LEN;
64 63
65 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 64 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
66 last_len = data_len % AES_BLOCK_LEN; 65 last_len = data_len % AES_BLOCK_LEN;
@@ -94,13 +93,12 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
94 u8 *cdata, size_t data_len, u8 *mic, u8 *data) 93 u8 *cdata, size_t data_len, u8 *mic, u8 *data)
95{ 94{
96 int i, j, last_len, num_blocks; 95 int i, j, last_len, num_blocks;
97 u8 *pos, *cpos, *b, *s_0, *a, *b_0, *aad; 96 u8 *pos, *cpos, *b, *s_0, *a, *b_0;
98 97
99 b = scratch; 98 b = scratch;
100 s_0 = scratch + AES_BLOCK_LEN; 99 s_0 = scratch + AES_BLOCK_LEN;
101 a = scratch + 2 * AES_BLOCK_LEN; 100 a = scratch + 2 * AES_BLOCK_LEN;
102 b_0 = scratch + 3 * AES_BLOCK_LEN; 101 b_0 = scratch + 3 * AES_BLOCK_LEN;
103 aad = scratch + 4 * AES_BLOCK_LEN;
104 102
105 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 103 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
106 last_len = data_len % AES_BLOCK_LEN; 104 last_len = data_len % AES_BLOCK_LEN;
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index a9ddaf63ee1..12d52cec951 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1633,16 +1633,13 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1633{ 1633{
1634 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1634 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1635 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1635 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1636 int i; 1636 int i, ret;
1637
1638 /*
1639 * This _could_ be supported by providing a hook for
1640 * drivers for this function, but at this point it
1641 * doesn't seem worth bothering.
1642 */
1643 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
1644 return -EOPNOTSUPP;
1645 1637
1638 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
1639 ret = drv_set_bitrate_mask(local, sdata, mask);
1640 if (ret)
1641 return ret;
1642 }
1646 1643
1647 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1644 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1648 sdata->rc_rateidx_mask[i] = mask->control[i].legacy; 1645 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 00a0685f240..2ddb56e5b51 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -565,4 +565,22 @@ static inline bool drv_tx_frames_pending(struct ieee80211_local *local)
565 565
566 return ret; 566 return ret;
567} 567}
568
569static inline int drv_set_bitrate_mask(struct ieee80211_local *local,
570 struct ieee80211_sub_if_data *sdata,
571 const struct cfg80211_bitrate_mask *mask)
572{
573 int ret = -EOPNOTSUPP;
574
575 might_sleep();
576
577 trace_drv_set_bitrate_mask(local, sdata, mask);
578 if (local->ops->set_bitrate_mask)
579 ret = local->ops->set_bitrate_mask(&local->hw,
580 &sdata->vif, mask);
581 trace_drv_return_int(local, ret);
582
583 return ret;
584}
585
568#endif /* __MAC80211_DRIVER_OPS */ 586#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index c8c934d48b7..191e834ec46 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -989,6 +989,33 @@ DEFINE_EVENT(local_only_evt, drv_offchannel_tx_cancel_wait,
989 TP_ARGS(local) 989 TP_ARGS(local)
990); 990);
991 991
992TRACE_EVENT(drv_set_bitrate_mask,
993 TP_PROTO(struct ieee80211_local *local,
994 struct ieee80211_sub_if_data *sdata,
995 const struct cfg80211_bitrate_mask *mask),
996
997 TP_ARGS(local, sdata, mask),
998
999 TP_STRUCT__entry(
1000 LOCAL_ENTRY
1001 VIF_ENTRY
1002 __field(u32, legacy_2g)
1003 __field(u32, legacy_5g)
1004 ),
1005
1006 TP_fast_assign(
1007 LOCAL_ASSIGN;
1008 VIF_ASSIGN;
1009 __entry->legacy_2g = mask->control[IEEE80211_BAND_2GHZ].legacy;
1010 __entry->legacy_5g = mask->control[IEEE80211_BAND_5GHZ].legacy;
1011 ),
1012
1013 TP_printk(
1014 LOCAL_PR_FMT VIF_PR_FMT " 2G Mask:0x%x 5G Mask:0x%x",
1015 LOCAL_PR_ARG, VIF_PR_ARG, __entry->legacy_2g, __entry->legacy_5g
1016 )
1017);
1018
992/* 1019/*
993 * Tracing for API calls that drivers call. 1020 * Tracing for API calls that drivers call.
994 */ 1021 */
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 14883966374..b81860c9469 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -40,7 +40,7 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
40 struct ieee80211_mgmt *mgmt, 40 struct ieee80211_mgmt *mgmt,
41 size_t len) 41 size_t len)
42{ 42{
43 u16 auth_alg, auth_transaction, status_code; 43 u16 auth_alg, auth_transaction;
44 44
45 lockdep_assert_held(&sdata->u.ibss.mtx); 45 lockdep_assert_held(&sdata->u.ibss.mtx);
46 46
@@ -49,7 +49,6 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
49 49
50 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 50 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
51 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 51 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
52 status_code = le16_to_cpu(mgmt->u.auth.status_code);
53 52
54 /* 53 /*
55 * IEEE 802.11 standard does not require authentication in IBSS 54 * IEEE 802.11 standard does not require authentication in IBSS
@@ -527,8 +526,6 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
527static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 526static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
528{ 527{
529 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 528 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
530 struct ieee80211_local *local = sdata->local;
531 struct ieee80211_supported_band *sband;
532 u8 bssid[ETH_ALEN]; 529 u8 bssid[ETH_ALEN];
533 u16 capability; 530 u16 capability;
534 int i; 531 int i;
@@ -551,8 +548,6 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
551 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n", 548 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n",
552 sdata->name, bssid); 549 sdata->name, bssid);
553 550
554 sband = local->hw.wiphy->bands[ifibss->channel->band];
555
556 capability = WLAN_CAPABILITY_IBSS; 551 capability = WLAN_CAPABILITY_IBSS;
557 552
558 if (ifibss->privacy) 553 if (ifibss->privacy)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a7784997091..027c0467d7a 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -766,6 +766,9 @@ struct ieee80211_local {
766 766
767 int tx_headroom; /* required headroom for hardware/radiotap */ 767 int tx_headroom; /* required headroom for hardware/radiotap */
768 768
769 /* count for keys needing tailroom space allocation */
770 int crypto_tx_tailroom_needed_cnt;
771
769 /* Tasklet and skb queue to process calls from IRQ mode. All frames 772 /* Tasklet and skb queue to process calls from IRQ mode. All frames
770 * added to skb_queue will be processed, but frames in 773 * added to skb_queue will be processed, but frames in
771 * skb_queue_unreliable may be dropped if the total length of these 774 * skb_queue_unreliable may be dropped if the total length of these
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index af3c56482c8..b510721e3b3 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -101,6 +101,11 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
101 101
102 if (!ret) { 102 if (!ret) {
103 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 103 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
104
105 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
106 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
107 key->local->crypto_tx_tailroom_needed_cnt--;
108
104 return 0; 109 return 0;
105 } 110 }
106 111
@@ -156,6 +161,10 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
156 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 161 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
157 162
158 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 163 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
164
165 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
166 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
167 key->local->crypto_tx_tailroom_needed_cnt++;
159} 168}
160 169
161void ieee80211_key_removed(struct ieee80211_key_conf *key_conf) 170void ieee80211_key_removed(struct ieee80211_key_conf *key_conf)
@@ -388,8 +397,10 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key)
388 ieee80211_aes_key_free(key->u.ccmp.tfm); 397 ieee80211_aes_key_free(key->u.ccmp.tfm);
389 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) 398 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
390 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 399 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
391 if (key->local) 400 if (key->local) {
392 ieee80211_debugfs_key_remove(key); 401 ieee80211_debugfs_key_remove(key);
402 key->local->crypto_tx_tailroom_needed_cnt--;
403 }
393 404
394 kfree(key); 405 kfree(key);
395} 406}
@@ -451,6 +462,8 @@ int ieee80211_key_link(struct ieee80211_key *key,
451 462
452 ieee80211_debugfs_key_add(key); 463 ieee80211_debugfs_key_add(key);
453 464
465 key->local->crypto_tx_tailroom_needed_cnt++;
466
454 ret = ieee80211_key_enable_hw_accel(key); 467 ret = ieee80211_key_enable_hw_accel(key);
455 468
456 mutex_unlock(&sdata->local->key_mtx); 469 mutex_unlock(&sdata->local->key_mtx);
@@ -492,8 +505,12 @@ void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
492 505
493 mutex_lock(&sdata->local->key_mtx); 506 mutex_lock(&sdata->local->key_mtx);
494 507
495 list_for_each_entry(key, &sdata->key_list, list) 508 sdata->local->crypto_tx_tailroom_needed_cnt = 0;
509
510 list_for_each_entry(key, &sdata->key_list, list) {
511 sdata->local->crypto_tx_tailroom_needed_cnt++;
496 ieee80211_key_enable_hw_accel(key); 512 ieee80211_key_enable_hw_accel(key);
513 }
497 514
498 mutex_unlock(&sdata->local->key_mtx); 515 mutex_unlock(&sdata->local->key_mtx);
499} 516}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 0ab2a8df312..61877662e8f 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -33,12 +33,6 @@
33#include "cfg.h" 33#include "cfg.h"
34#include "debugfs.h" 34#include "debugfs.h"
35 35
36
37static bool ieee80211_disable_40mhz_24ghz;
38module_param(ieee80211_disable_40mhz_24ghz, bool, 0644);
39MODULE_PARM_DESC(ieee80211_disable_40mhz_24ghz,
40 "Disable 40MHz support in the 2.4GHz band");
41
42static struct lock_class_key ieee80211_rx_skb_queue_class; 36static struct lock_class_key ieee80211_rx_skb_queue_class;
43 37
44void ieee80211_configure_filter(struct ieee80211_local *local) 38void ieee80211_configure_filter(struct ieee80211_local *local)
@@ -728,18 +722,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
728 } 722 }
729 channels += sband->n_channels; 723 channels += sband->n_channels;
730 724
731 /*
732 * Since ieee80211_disable_40mhz_24ghz is global, we can
733 * modify the sband's ht data even if the driver uses a
734 * global structure for that.
735 */
736 if (ieee80211_disable_40mhz_24ghz &&
737 band == IEEE80211_BAND_2GHZ &&
738 sband->ht_cap.ht_supported) {
739 sband->ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
740 sband->ht_cap.cap &= ~IEEE80211_HT_CAP_SGI_40;
741 }
742
743 if (max_bitrates < sband->n_bitrates) 725 if (max_bitrates < sband->n_bitrates)
744 max_bitrates = sband->n_bitrates; 726 max_bitrates = sband->n_bitrates;
745 supp_ht = supp_ht || sband->ht_cap.ht_supported; 727 supp_ht = supp_ht || sband->ht_cap.ht_supported;
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 11207979e2e..c1299e24954 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -613,12 +613,9 @@ void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
613 struct sk_buff *skb) 613 struct sk_buff *skb)
614{ 614{
615 struct ieee80211_rx_status *rx_status; 615 struct ieee80211_rx_status *rx_status;
616 struct ieee80211_if_mesh *ifmsh;
617 struct ieee80211_mgmt *mgmt; 616 struct ieee80211_mgmt *mgmt;
618 u16 stype; 617 u16 stype;
619 618
620 ifmsh = &sdata->u.mesh;
621
622 rx_status = IEEE80211_SKB_RXCB(skb); 619 rx_status = IEEE80211_SKB_RXCB(skb);
623 mgmt = (struct ieee80211_mgmt *) skb->data; 620 mgmt = (struct ieee80211_mgmt *) skb->data;
624 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 621 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 5bf64d7112b..e57f2e728cf 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -633,7 +633,6 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
633 struct mesh_path *mpath; 633 struct mesh_path *mpath;
634 u8 ttl; 634 u8 ttl;
635 u8 *ta, *target_addr; 635 u8 *ta, *target_addr;
636 u8 target_flags;
637 u32 target_sn; 636 u32 target_sn;
638 u16 target_rcode; 637 u16 target_rcode;
639 638
@@ -644,7 +643,6 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
644 return; 643 return;
645 } 644 }
646 ttl--; 645 ttl--;
647 target_flags = PERR_IE_TARGET_FLAGS(perr_elem);
648 target_addr = PERR_IE_TARGET_ADDR(perr_elem); 646 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
649 target_sn = PERR_IE_TARGET_SN(perr_elem); 647 target_sn = PERR_IE_TARGET_SN(perr_elem);
650 target_rcode = PERR_IE_TARGET_RCODE(perr_elem); 648 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
@@ -675,12 +673,10 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
675{ 673{
676 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 674 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
677 struct mesh_path *mpath; 675 struct mesh_path *mpath;
678 u8 *ta;
679 u8 ttl, flags, hopcount; 676 u8 ttl, flags, hopcount;
680 u8 *orig_addr; 677 u8 *orig_addr;
681 u32 orig_sn, metric; 678 u32 orig_sn, metric;
682 679
683 ta = mgmt->sa;
684 ttl = rann->rann_ttl; 680 ttl = rann->rann_ttl;
685 if (ttl <= 1) { 681 if (ttl <= 1) {
686 ifmsh->mshstats.dropped_frames_ttl++; 682 ifmsh->mshstats.dropped_frames_ttl++;
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index e37355193ed..04246171088 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -14,12 +14,23 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
14 14
15 ieee80211_scan_cancel(local); 15 ieee80211_scan_cancel(local);
16 16
17 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
18 mutex_lock(&local->sta_mtx);
19 list_for_each_entry(sta, &local->sta_list, list) {
20 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
21 ieee80211_sta_tear_down_BA_sessions(sta, true);
22 }
23 mutex_unlock(&local->sta_mtx);
24 }
25
17 ieee80211_stop_queues_by_reason(hw, 26 ieee80211_stop_queues_by_reason(hw,
18 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 27 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
19 28
20 /* flush out all packets */ 29 /* flush out all packets */
21 synchronize_net(); 30 synchronize_net();
22 31
32 drv_flush(local, false);
33
23 local->quiescing = true; 34 local->quiescing = true;
24 /* make quiescing visible to timers everywhere */ 35 /* make quiescing visible to timers everywhere */
25 mb(); 36 mb();
@@ -43,11 +54,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
43 /* tear down aggregation sessions and remove STAs */ 54 /* tear down aggregation sessions and remove STAs */
44 mutex_lock(&local->sta_mtx); 55 mutex_lock(&local->sta_mtx);
45 list_for_each_entry(sta, &local->sta_list, list) { 56 list_for_each_entry(sta, &local->sta_list, list) {
46 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
47 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
48 ieee80211_sta_tear_down_BA_sessions(sta, true);
49 }
50
51 if (sta->uploaded) { 57 if (sta->uploaded) {
52 sdata = sta->sdata; 58 sdata = sta->sdata;
53 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 59 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index a864890e4d0..13a6697651a 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -652,7 +652,7 @@ static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw,
652 set_release_timer: 652 set_release_timer:
653 653
654 mod_timer(&tid_agg_rx->reorder_timer, 654 mod_timer(&tid_agg_rx->reorder_timer,
655 tid_agg_rx->reorder_time[j] + 655 tid_agg_rx->reorder_time[j] + 1 +
656 HT_RX_REORDER_BUF_TIMEOUT); 656 HT_RX_REORDER_BUF_TIMEOUT);
657 } else { 657 } else {
658 del_timer(&tid_agg_rx->reorder_timer); 658 del_timer(&tid_agg_rx->reorder_timer);
@@ -2368,47 +2368,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2368 return RX_QUEUED; 2368 return RX_QUEUED;
2369} 2369}
2370 2370
2371static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
2372 struct ieee80211_rx_data *rx)
2373{
2374 int keyidx;
2375 unsigned int hdrlen;
2376
2377 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2378 if (rx->skb->len >= hdrlen + 4)
2379 keyidx = rx->skb->data[hdrlen + 3] >> 6;
2380 else
2381 keyidx = -1;
2382
2383 if (!rx->sta) {
2384 /*
2385 * Some hardware seem to generate incorrect Michael MIC
2386 * reports; ignore them to avoid triggering countermeasures.
2387 */
2388 return;
2389 }
2390
2391 if (!ieee80211_has_protected(hdr->frame_control))
2392 return;
2393
2394 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
2395 /*
2396 * APs with pairwise keys should never receive Michael MIC
2397 * errors for non-zero keyidx because these are reserved for
2398 * group keys and only the AP is sending real multicast
2399 * frames in the BSS.
2400 */
2401 return;
2402 }
2403
2404 if (!ieee80211_is_data(hdr->frame_control) &&
2405 !ieee80211_is_auth(hdr->frame_control))
2406 return;
2407
2408 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL,
2409 GFP_ATOMIC);
2410}
2411
2412/* TODO: use IEEE80211_RX_FRAGMENTED */ 2371/* TODO: use IEEE80211_RX_FRAGMENTED */
2413static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, 2372static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2414 struct ieee80211_rate *rate) 2373 struct ieee80211_rate *rate)
@@ -2752,12 +2711,6 @@ static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
2752 if (!prepares) 2711 if (!prepares)
2753 return false; 2712 return false;
2754 2713
2755 if (status->flag & RX_FLAG_MMIC_ERROR) {
2756 if (status->rx_flags & IEEE80211_RX_RA_MATCH)
2757 ieee80211_rx_michael_mic_report(hdr, rx);
2758 return false;
2759 }
2760
2761 if (!consume) { 2714 if (!consume) {
2762 skb = skb_copy(skb, GFP_ATOMIC); 2715 skb = skb_copy(skb, GFP_ATOMIC);
2763 if (!skb) { 2716 if (!skb) {
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index a03d8a31287..d9e6e81ff6b 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -587,7 +587,6 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
587{ 587{
588 unsigned long flags; 588 unsigned long flags;
589 struct sk_buff *skb; 589 struct sk_buff *skb;
590 struct ieee80211_sub_if_data *sdata;
591 590
592 if (skb_queue_empty(&sta->ps_tx_buf)) 591 if (skb_queue_empty(&sta->ps_tx_buf))
593 return false; 592 return false;
@@ -604,7 +603,6 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
604 if (!skb) 603 if (!skb)
605 break; 604 break;
606 605
607 sdata = sta->sdata;
608 local->total_ps_buffered--; 606 local->total_ps_buffered--;
609#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 607#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
610 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n", 608 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 3ed3c835fbb..1658efaa2e8 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -446,3 +446,11 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
446 dev_kfree_skb(skb); 446 dev_kfree_skb(skb);
447} 447}
448EXPORT_SYMBOL(ieee80211_tx_status); 448EXPORT_SYMBOL(ieee80211_tx_status);
449
450void ieee80211_report_low_ack(struct ieee80211_sta *pubsta, u32 num_packets)
451{
452 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
453 cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
454 num_packets, GFP_ATOMIC);
455}
456EXPORT_SYMBOL(ieee80211_report_low_ack);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 17b10be31f5..e3e3aa173af 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1036,14 +1036,11 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
1036 struct ieee80211_radiotap_iterator iterator; 1036 struct ieee80211_radiotap_iterator iterator;
1037 struct ieee80211_radiotap_header *rthdr = 1037 struct ieee80211_radiotap_header *rthdr =
1038 (struct ieee80211_radiotap_header *) skb->data; 1038 (struct ieee80211_radiotap_header *) skb->data;
1039 struct ieee80211_supported_band *sband;
1040 bool hw_frag; 1039 bool hw_frag;
1041 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1040 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1042 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len, 1041 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1043 NULL); 1042 NULL);
1044 1043
1045 sband = tx->local->hw.wiphy->bands[tx->channel->band];
1046
1047 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1044 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1048 tx->flags &= ~IEEE80211_TX_FRAGMENTED; 1045 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1049 1046
@@ -1442,11 +1439,8 @@ static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1442 struct ieee80211_tx_data tx; 1439 struct ieee80211_tx_data tx;
1443 ieee80211_tx_result res_prepare; 1440 ieee80211_tx_result res_prepare;
1444 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1441 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1445 u16 queue;
1446 bool result = true; 1442 bool result = true;
1447 1443
1448 queue = skb_get_queue_mapping(skb);
1449
1450 if (unlikely(skb->len < 10)) { 1444 if (unlikely(skb->len < 10)) {
1451 dev_kfree_skb(skb); 1445 dev_kfree_skb(skb);
1452 return true; 1446 return true;
@@ -1482,12 +1476,7 @@ static int ieee80211_skb_resize(struct ieee80211_local *local,
1482{ 1476{
1483 int tail_need = 0; 1477 int tail_need = 0;
1484 1478
1485 /* 1479 if (may_encrypt && local->crypto_tx_tailroom_needed_cnt) {
1486 * This could be optimised, devices that do full hardware
1487 * crypto (including TKIP MMIC) need no tailroom... But we
1488 * have no drivers for such devices currently.
1489 */
1490 if (may_encrypt) {
1491 tail_need = IEEE80211_ENCRYPT_TAILROOM; 1480 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1492 tail_need -= skb_tailroom(skb); 1481 tail_need -= skb_tailroom(skb);
1493 tail_need = max_t(int, tail_need, 0); 1482 tail_need = max_t(int, tail_need, 0);
@@ -2485,7 +2474,6 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2485{ 2474{
2486 struct ieee80211_local *local = hw_to_local(hw); 2475 struct ieee80211_local *local = hw_to_local(hw);
2487 struct sk_buff *skb = NULL; 2476 struct sk_buff *skb = NULL;
2488 struct sta_info *sta;
2489 struct ieee80211_tx_data tx; 2477 struct ieee80211_tx_data tx;
2490 struct ieee80211_sub_if_data *sdata; 2478 struct ieee80211_sub_if_data *sdata;
2491 struct ieee80211_if_ap *bss = NULL; 2479 struct ieee80211_if_ap *bss = NULL;
@@ -2527,7 +2515,6 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2527 2515
2528 info = IEEE80211_SKB_CB(skb); 2516 info = IEEE80211_SKB_CB(skb);
2529 2517
2530 sta = tx.sta;
2531 tx.flags |= IEEE80211_TX_PS_BUFFERED; 2518 tx.flags |= IEEE80211_TX_PS_BUFFERED;
2532 tx.channel = local->hw.conf.channel; 2519 tx.channel = local->hw.conf.channel;
2533 info->band = tx.channel->band; 2520 info->band = tx.channel->band;
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index e73c8cae036..a94b312dbfa 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -198,9 +198,8 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
198 struct sk_buff *skb; 198 struct sk_buff *skb;
199 struct ieee80211_mgmt *mgmt; 199 struct ieee80211_mgmt *mgmt;
200 u8 *pos, qos_info; 200 u8 *pos, qos_info;
201 const u8 *ies;
202 size_t offset = 0, noffset; 201 size_t offset = 0, noffset;
203 int i, len, count, rates_len, supp_rates_len; 202 int i, count, rates_len, supp_rates_len;
204 u16 capab; 203 u16 capab;
205 struct ieee80211_supported_band *sband; 204 struct ieee80211_supported_band *sband;
206 u32 rates = 0; 205 u32 rates = 0;
@@ -285,7 +284,7 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
285 } 284 }
286 285
287 /* SSID */ 286 /* SSID */
288 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 287 pos = skb_put(skb, 2 + wk->assoc.ssid_len);
289 *pos++ = WLAN_EID_SSID; 288 *pos++ = WLAN_EID_SSID;
290 *pos++ = wk->assoc.ssid_len; 289 *pos++ = wk->assoc.ssid_len;
291 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 290 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
@@ -295,7 +294,6 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
295 if (supp_rates_len > 8) 294 if (supp_rates_len > 8)
296 supp_rates_len = 8; 295 supp_rates_len = 8;
297 296
298 len = sband->n_bitrates;
299 pos = skb_put(skb, supp_rates_len + 2); 297 pos = skb_put(skb, supp_rates_len + 2);
300 *pos++ = WLAN_EID_SUPP_RATES; 298 *pos++ = WLAN_EID_SUPP_RATES;
301 *pos++ = supp_rates_len; 299 *pos++ = supp_rates_len;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index f1765de2f4b..9dc3b5f26e8 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -87,42 +87,76 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
87 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 87 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
88 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 88 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
89 89
90 /* No way to verify the MIC if the hardware stripped it */ 90 /*
91 if (status->flag & RX_FLAG_MMIC_STRIPPED) 91 * it makes no sense to check for MIC errors on anything other
92 * than data frames.
93 */
94 if (!ieee80211_is_data_present(hdr->frame_control))
95 return RX_CONTINUE;
96
97 /*
98 * No way to verify the MIC if the hardware stripped it or
99 * the IV with the key index. In this case we have solely rely
100 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
101 * MIC failure report.
102 */
103 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
104 if (status->flag & RX_FLAG_MMIC_ERROR)
105 goto mic_fail;
106
107 if (!(status->flag & RX_FLAG_IV_STRIPPED))
108 goto update_iv;
109
92 return RX_CONTINUE; 110 return RX_CONTINUE;
111 }
93 112
113 /*
114 * Some hardware seems to generate Michael MIC failure reports; even
115 * though, the frame was not encrypted with TKIP and therefore has no
116 * MIC. Ignore the flag them to avoid triggering countermeasures.
117 */
94 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 118 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
95 !ieee80211_has_protected(hdr->frame_control) || 119 !(status->flag & RX_FLAG_DECRYPTED))
96 !ieee80211_is_data_present(hdr->frame_control))
97 return RX_CONTINUE; 120 return RX_CONTINUE;
98 121
122 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
123 /*
124 * APs with pairwise keys should never receive Michael MIC
125 * errors for non-zero keyidx because these are reserved for
126 * group keys and only the AP is sending real multicast
127 * frames in the BSS. (
128 */
129 return RX_DROP_UNUSABLE;
130 }
131
132 if (status->flag & RX_FLAG_MMIC_ERROR)
133 goto mic_fail;
134
99 hdrlen = ieee80211_hdrlen(hdr->frame_control); 135 hdrlen = ieee80211_hdrlen(hdr->frame_control);
100 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 136 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
101 return RX_DROP_UNUSABLE; 137 return RX_DROP_UNUSABLE;
102 138
103 data = skb->data + hdrlen; 139 data = skb->data + hdrlen;
104 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 140 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
105
106 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 141 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
107 michael_mic(key, hdr, data, data_len, mic); 142 michael_mic(key, hdr, data, data_len, mic);
108 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0) { 143 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
109 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) 144 goto mic_fail;
110 return RX_DROP_UNUSABLE;
111
112 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
113 (void *) skb->data, NULL,
114 GFP_ATOMIC);
115 return RX_DROP_UNUSABLE;
116 }
117 145
118 /* remove Michael MIC from payload */ 146 /* remove Michael MIC from payload */
119 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 147 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
120 148
149update_iv:
121 /* update IV in key information to be able to detect replays */ 150 /* update IV in key information to be able to detect replays */
122 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32; 151 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
123 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16; 152 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
124 153
125 return RX_CONTINUE; 154 return RX_CONTINUE;
155
156mic_fail:
157 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
158 (void *) skb->data, NULL, GFP_ATOMIC);
159 return RX_DROP_UNUSABLE;
126} 160}
127 161
128 162
diff --git a/net/wireless/core.c b/net/wireless/core.c
index fe01de29bfe..bbf1fa11107 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -46,6 +46,11 @@ static struct dentry *ieee80211_debugfs_dir;
46/* for the cleanup, scan and event works */ 46/* for the cleanup, scan and event works */
47struct workqueue_struct *cfg80211_wq; 47struct workqueue_struct *cfg80211_wq;
48 48
49static bool cfg80211_disable_40mhz_24ghz;
50module_param(cfg80211_disable_40mhz_24ghz, bool, 0644);
51MODULE_PARM_DESC(cfg80211_disable_40mhz_24ghz,
52 "Disable 40MHz support in the 2.4GHz band");
53
49/* requires cfg80211_mutex to be held! */ 54/* requires cfg80211_mutex to be held! */
50struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx) 55struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx)
51{ 56{
@@ -451,6 +456,18 @@ int wiphy_register(struct wiphy *wiphy)
451 return -EINVAL; 456 return -EINVAL;
452 457
453 /* 458 /*
459 * Since cfg80211_disable_40mhz_24ghz is global, we can
460 * modify the sband's ht data even if the driver uses a
461 * global structure for that.
462 */
463 if (cfg80211_disable_40mhz_24ghz &&
464 band == IEEE80211_BAND_2GHZ &&
465 sband->ht_cap.ht_supported) {
466 sband->ht_cap.cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
467 sband->ht_cap.cap &= ~IEEE80211_HT_CAP_SGI_40;
468 }
469
470 /*
454 * Since we use a u32 for rate bitmaps in 471 * Since we use a u32 for rate bitmaps in
455 * ieee80211_get_response_rate, we cannot 472 * ieee80211_get_response_rate, we cannot
456 * have more than 32 legacy rates. 473 * have more than 32 legacy rates.
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 58d69959ab2..1613080a96b 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1455,7 +1455,8 @@ static void reg_process_hint(struct regulatory_request *reg_request)
1455 * We only time out user hints, given that they should be the only 1455 * We only time out user hints, given that they should be the only
1456 * source of bogus requests. 1456 * source of bogus requests.
1457 */ 1457 */
1458 if (reg_request->initiator == NL80211_REGDOM_SET_BY_USER) 1458 if (r != -EALREADY &&
1459 reg_request->initiator == NL80211_REGDOM_SET_BY_USER)
1459 schedule_delayed_work(&reg_timeout, msecs_to_jiffies(3142)); 1460 schedule_delayed_work(&reg_timeout, msecs_to_jiffies(3142));
1460} 1461}
1461 1462