aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/l2cap_core.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/l2cap_core.c')
-rw-r--r--net/bluetooth/l2cap_core.c434
1 files changed, 191 insertions, 243 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 9bc22e4c4c6..aa78d8c4b93 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3,6 +3,7 @@
3 Copyright (C) 2000-2001 Qualcomm Incorporated 3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc. 5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
6 7
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 9
@@ -76,37 +77,38 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
76 77
77/* ---- L2CAP channels ---- */ 78/* ---- L2CAP channels ---- */
78 79
79static inline void chan_hold(struct l2cap_chan *c)
80{
81 atomic_inc(&c->refcnt);
82}
83
84static inline void chan_put(struct l2cap_chan *c)
85{
86 if (atomic_dec_and_test(&c->refcnt))
87 kfree(c);
88}
89
90static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) 80static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
91{ 81{
92 struct l2cap_chan *c; 82 struct l2cap_chan *c, *r = NULL;
93 83
94 list_for_each_entry(c, &conn->chan_l, list) { 84 rcu_read_lock();
95 if (c->dcid == cid) 85
96 return c; 86 list_for_each_entry_rcu(c, &conn->chan_l, list) {
87 if (c->dcid == cid) {
88 r = c;
89 break;
90 }
97 } 91 }
98 return NULL; 92
93 rcu_read_unlock();
94 return r;
99} 95}
100 96
101static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 97static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
102{ 98{
103 struct l2cap_chan *c; 99 struct l2cap_chan *c, *r = NULL;
104 100
105 list_for_each_entry(c, &conn->chan_l, list) { 101 rcu_read_lock();
106 if (c->scid == cid) 102
107 return c; 103 list_for_each_entry_rcu(c, &conn->chan_l, list) {
104 if (c->scid == cid) {
105 r = c;
106 break;
107 }
108 } 108 }
109 return NULL; 109
110 rcu_read_unlock();
111 return r;
110} 112}
111 113
112/* Find channel with given SCID. 114/* Find channel with given SCID.
@@ -115,34 +117,36 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
115{ 117{
116 struct l2cap_chan *c; 118 struct l2cap_chan *c;
117 119
118 read_lock(&conn->chan_lock);
119 c = __l2cap_get_chan_by_scid(conn, cid); 120 c = __l2cap_get_chan_by_scid(conn, cid);
120 if (c) 121 if (c)
121 bh_lock_sock(c->sk); 122 lock_sock(c->sk);
122 read_unlock(&conn->chan_lock);
123 return c; 123 return c;
124} 124}
125 125
126static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 126static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
127{ 127{
128 struct l2cap_chan *c; 128 struct l2cap_chan *c, *r = NULL;
129 129
130 list_for_each_entry(c, &conn->chan_l, list) { 130 rcu_read_lock();
131 if (c->ident == ident) 131
132 return c; 132 list_for_each_entry_rcu(c, &conn->chan_l, list) {
133 if (c->ident == ident) {
134 r = c;
135 break;
136 }
133 } 137 }
134 return NULL; 138
139 rcu_read_unlock();
140 return r;
135} 141}
136 142
137static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 143static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
138{ 144{
139 struct l2cap_chan *c; 145 struct l2cap_chan *c;
140 146
141 read_lock(&conn->chan_lock);
142 c = __l2cap_get_chan_by_ident(conn, ident); 147 c = __l2cap_get_chan_by_ident(conn, ident);
143 if (c) 148 if (c)
144 bh_lock_sock(c->sk); 149 lock_sock(c->sk);
145 read_unlock(&conn->chan_lock);
146 return c; 150 return c;
147} 151}
148 152
@@ -213,22 +217,6 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
213 return 0; 217 return 0;
214} 218}
215 219
216static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout)
217{
218 BT_DBG("chan %p state %d timeout %ld", chan, chan->state, timeout);
219
220 if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout)))
221 chan_hold(chan);
222}
223
224static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer)
225{
226 BT_DBG("chan %p state %d", chan, chan->state);
227
228 if (timer_pending(timer) && del_timer(timer))
229 chan_put(chan);
230}
231
232static char *state_to_string(int state) 220static char *state_to_string(int state)
233{ 221{
234 switch(state) { 222 switch(state) {
@@ -264,23 +252,16 @@ static void l2cap_state_change(struct l2cap_chan *chan, int state)
264 chan->ops->state_change(chan->data, state); 252 chan->ops->state_change(chan->data, state);
265} 253}
266 254
267static void l2cap_chan_timeout(unsigned long arg) 255static void l2cap_chan_timeout(struct work_struct *work)
268{ 256{
269 struct l2cap_chan *chan = (struct l2cap_chan *) arg; 257 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
258 chan_timer.work);
270 struct sock *sk = chan->sk; 259 struct sock *sk = chan->sk;
271 int reason; 260 int reason;
272 261
273 BT_DBG("chan %p state %d", chan, chan->state); 262 BT_DBG("chan %p state %d", chan, chan->state);
274 263
275 bh_lock_sock(sk); 264 lock_sock(sk);
276
277 if (sock_owned_by_user(sk)) {
278 /* sk is owned by user. Try again later */
279 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
280 bh_unlock_sock(sk);
281 chan_put(chan);
282 return;
283 }
284 265
285 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) 266 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
286 reason = ECONNREFUSED; 267 reason = ECONNREFUSED;
@@ -292,10 +273,10 @@ static void l2cap_chan_timeout(unsigned long arg)
292 273
293 l2cap_chan_close(chan, reason); 274 l2cap_chan_close(chan, reason);
294 275
295 bh_unlock_sock(sk); 276 release_sock(sk);
296 277
297 chan->ops->close(chan->data); 278 chan->ops->close(chan->data);
298 chan_put(chan); 279 l2cap_chan_put(chan);
299} 280}
300 281
301struct l2cap_chan *l2cap_chan_create(struct sock *sk) 282struct l2cap_chan *l2cap_chan_create(struct sock *sk)
@@ -312,7 +293,7 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk)
312 list_add(&chan->global_l, &chan_list); 293 list_add(&chan->global_l, &chan_list);
313 write_unlock_bh(&chan_list_lock); 294 write_unlock_bh(&chan_list_lock);
314 295
315 setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan); 296 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
316 297
317 chan->state = BT_OPEN; 298 chan->state = BT_OPEN;
318 299
@@ -329,10 +310,10 @@ void l2cap_chan_destroy(struct l2cap_chan *chan)
329 list_del(&chan->global_l); 310 list_del(&chan->global_l);
330 write_unlock_bh(&chan_list_lock); 311 write_unlock_bh(&chan_list_lock);
331 312
332 chan_put(chan); 313 l2cap_chan_put(chan);
333} 314}
334 315
335static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 316static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
336{ 317{
337 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 318 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
338 chan->psm, chan->dcid); 319 chan->psm, chan->dcid);
@@ -371,9 +352,9 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
371 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; 352 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
372 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO; 353 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
373 354
374 chan_hold(chan); 355 l2cap_chan_hold(chan);
375 356
376 list_add(&chan->list, &conn->chan_l); 357 list_add_rcu(&chan->list, &conn->chan_l);
377} 358}
378 359
379/* Delete channel. 360/* Delete channel.
@@ -390,10 +371,10 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
390 371
391 if (conn) { 372 if (conn) {
392 /* Delete from channel list */ 373 /* Delete from channel list */
393 write_lock_bh(&conn->chan_lock); 374 list_del_rcu(&chan->list);
394 list_del(&chan->list); 375 synchronize_rcu();
395 write_unlock_bh(&conn->chan_lock); 376
396 chan_put(chan); 377 l2cap_chan_put(chan);
397 378
398 chan->conn = NULL; 379 chan->conn = NULL;
399 hci_conn_put(conn->hcon); 380 hci_conn_put(conn->hcon);
@@ -707,7 +688,7 @@ static void l2cap_do_start(struct l2cap_chan *chan)
707 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 688 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
708 conn->info_ident = l2cap_get_ident(conn); 689 conn->info_ident = l2cap_get_ident(conn);
709 690
710 mod_timer(&conn->info_timer, jiffies + 691 schedule_delayed_work(&conn->info_timer,
711 msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 692 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
712 693
713 l2cap_send_cmd(conn, conn->info_ident, 694 l2cap_send_cmd(conn, conn->info_ident,
@@ -759,13 +740,13 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
759/* ---- L2CAP connections ---- */ 740/* ---- L2CAP connections ---- */
760static void l2cap_conn_start(struct l2cap_conn *conn) 741static void l2cap_conn_start(struct l2cap_conn *conn)
761{ 742{
762 struct l2cap_chan *chan, *tmp; 743 struct l2cap_chan *chan;
763 744
764 BT_DBG("conn %p", conn); 745 BT_DBG("conn %p", conn);
765 746
766 read_lock(&conn->chan_lock); 747 rcu_read_lock();
767 748
768 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { 749 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
769 struct sock *sk = chan->sk; 750 struct sock *sk = chan->sk;
770 751
771 bh_lock_sock(sk); 752 bh_lock_sock(sk);
@@ -789,9 +770,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
789 &chan->conf_state)) { 770 &chan->conf_state)) {
790 /* l2cap_chan_close() calls list_del(chan) 771 /* l2cap_chan_close() calls list_del(chan)
791 * so release the lock */ 772 * so release the lock */
792 read_unlock(&conn->chan_lock);
793 l2cap_chan_close(chan, ECONNRESET); 773 l2cap_chan_close(chan, ECONNRESET);
794 read_lock(&conn->chan_lock);
795 bh_unlock_sock(sk); 774 bh_unlock_sock(sk);
796 continue; 775 continue;
797 } 776 }
@@ -847,7 +826,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
847 bh_unlock_sock(sk); 826 bh_unlock_sock(sk);
848 } 827 }
849 828
850 read_unlock(&conn->chan_lock); 829 rcu_read_unlock();
851} 830}
852 831
853/* Find socket with cid and source bdaddr. 832/* Find socket with cid and source bdaddr.
@@ -898,7 +877,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
898 877
899 parent = pchan->sk; 878 parent = pchan->sk;
900 879
901 bh_lock_sock(parent); 880 lock_sock(parent);
902 881
903 /* Check for backlog size */ 882 /* Check for backlog size */
904 if (sk_acceptq_is_full(parent)) { 883 if (sk_acceptq_is_full(parent)) {
@@ -912,8 +891,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
912 891
913 sk = chan->sk; 892 sk = chan->sk;
914 893
915 write_lock_bh(&conn->chan_lock);
916
917 hci_conn_hold(conn->hcon); 894 hci_conn_hold(conn->hcon);
918 895
919 bacpy(&bt_sk(sk)->src, conn->src); 896 bacpy(&bt_sk(sk)->src, conn->src);
@@ -921,17 +898,15 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
921 898
922 bt_accept_enqueue(parent, sk); 899 bt_accept_enqueue(parent, sk);
923 900
924 __l2cap_chan_add(conn, chan); 901 l2cap_chan_add(conn, chan);
925 902
926 __set_chan_timer(chan, sk->sk_sndtimeo); 903 __set_chan_timer(chan, sk->sk_sndtimeo);
927 904
928 l2cap_state_change(chan, BT_CONNECTED); 905 l2cap_state_change(chan, BT_CONNECTED);
929 parent->sk_data_ready(parent, 0); 906 parent->sk_data_ready(parent, 0);
930 907
931 write_unlock_bh(&conn->chan_lock);
932
933clean: 908clean:
934 bh_unlock_sock(parent); 909 release_sock(parent);
935} 910}
936 911
937static void l2cap_chan_ready(struct sock *sk) 912static void l2cap_chan_ready(struct sock *sk)
@@ -963,9 +938,9 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
963 if (conn->hcon->out && conn->hcon->type == LE_LINK) 938 if (conn->hcon->out && conn->hcon->type == LE_LINK)
964 smp_conn_security(conn, conn->hcon->pending_sec_level); 939 smp_conn_security(conn, conn->hcon->pending_sec_level);
965 940
966 read_lock(&conn->chan_lock); 941 rcu_read_lock();
967 942
968 list_for_each_entry(chan, &conn->chan_l, list) { 943 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
969 struct sock *sk = chan->sk; 944 struct sock *sk = chan->sk;
970 945
971 bh_lock_sock(sk); 946 bh_lock_sock(sk);
@@ -985,7 +960,7 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
985 bh_unlock_sock(sk); 960 bh_unlock_sock(sk);
986 } 961 }
987 962
988 read_unlock(&conn->chan_lock); 963 rcu_read_unlock();
989} 964}
990 965
991/* Notify sockets that we cannot guaranty reliability anymore */ 966/* Notify sockets that we cannot guaranty reliability anymore */
@@ -995,21 +970,22 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
995 970
996 BT_DBG("conn %p", conn); 971 BT_DBG("conn %p", conn);
997 972
998 read_lock(&conn->chan_lock); 973 rcu_read_lock();
999 974
1000 list_for_each_entry(chan, &conn->chan_l, list) { 975 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
1001 struct sock *sk = chan->sk; 976 struct sock *sk = chan->sk;
1002 977
1003 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 978 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1004 sk->sk_err = err; 979 sk->sk_err = err;
1005 } 980 }
1006 981
1007 read_unlock(&conn->chan_lock); 982 rcu_read_unlock();
1008} 983}
1009 984
1010static void l2cap_info_timeout(unsigned long arg) 985static void l2cap_info_timeout(struct work_struct *work)
1011{ 986{
1012 struct l2cap_conn *conn = (void *) arg; 987 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
988 info_timer.work);
1013 989
1014 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 990 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1015 conn->info_ident = 0; 991 conn->info_ident = 0;
@@ -1033,19 +1009,19 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1033 /* Kill channels */ 1009 /* Kill channels */
1034 list_for_each_entry_safe(chan, l, &conn->chan_l, list) { 1010 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
1035 sk = chan->sk; 1011 sk = chan->sk;
1036 bh_lock_sock(sk); 1012 lock_sock(sk);
1037 l2cap_chan_del(chan, err); 1013 l2cap_chan_del(chan, err);
1038 bh_unlock_sock(sk); 1014 release_sock(sk);
1039 chan->ops->close(chan->data); 1015 chan->ops->close(chan->data);
1040 } 1016 }
1041 1017
1042 hci_chan_del(conn->hchan); 1018 hci_chan_del(conn->hchan);
1043 1019
1044 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) 1020 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
1045 del_timer_sync(&conn->info_timer); 1021 __cancel_delayed_work(&conn->info_timer);
1046 1022
1047 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) { 1023 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) {
1048 del_timer(&conn->security_timer); 1024 __cancel_delayed_work(&conn->security_timer);
1049 smp_chan_destroy(conn); 1025 smp_chan_destroy(conn);
1050 } 1026 }
1051 1027
@@ -1053,9 +1029,10 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1053 kfree(conn); 1029 kfree(conn);
1054} 1030}
1055 1031
1056static void security_timeout(unsigned long arg) 1032static void security_timeout(struct work_struct *work)
1057{ 1033{
1058 struct l2cap_conn *conn = (void *) arg; 1034 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1035 security_timer.work);
1059 1036
1060 l2cap_conn_del(conn->hcon, ETIMEDOUT); 1037 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1061} 1038}
@@ -1095,29 +1072,19 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1095 conn->feat_mask = 0; 1072 conn->feat_mask = 0;
1096 1073
1097 spin_lock_init(&conn->lock); 1074 spin_lock_init(&conn->lock);
1098 rwlock_init(&conn->chan_lock);
1099 1075
1100 INIT_LIST_HEAD(&conn->chan_l); 1076 INIT_LIST_HEAD(&conn->chan_l);
1101 1077
1102 if (hcon->type == LE_LINK) 1078 if (hcon->type == LE_LINK)
1103 setup_timer(&conn->security_timer, security_timeout, 1079 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
1104 (unsigned long) conn);
1105 else 1080 else
1106 setup_timer(&conn->info_timer, l2cap_info_timeout, 1081 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
1107 (unsigned long) conn);
1108 1082
1109 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; 1083 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
1110 1084
1111 return conn; 1085 return conn;
1112} 1086}
1113 1087
1114static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1115{
1116 write_lock_bh(&conn->chan_lock);
1117 __l2cap_chan_add(conn, chan);
1118 write_unlock_bh(&conn->chan_lock);
1119}
1120
1121/* ---- Socket interface ---- */ 1088/* ---- Socket interface ---- */
1122 1089
1123/* Find socket with psm and source bdaddr. 1090/* Find socket with psm and source bdaddr.
@@ -1153,11 +1120,10 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr
1153 return c1; 1120 return c1;
1154} 1121}
1155 1122
1156int l2cap_chan_connect(struct l2cap_chan *chan) 1123inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1157{ 1124{
1158 struct sock *sk = chan->sk; 1125 struct sock *sk = chan->sk;
1159 bdaddr_t *src = &bt_sk(sk)->src; 1126 bdaddr_t *src = &bt_sk(sk)->src;
1160 bdaddr_t *dst = &bt_sk(sk)->dst;
1161 struct l2cap_conn *conn; 1127 struct l2cap_conn *conn;
1162 struct hci_conn *hcon; 1128 struct hci_conn *hcon;
1163 struct hci_dev *hdev; 1129 struct hci_dev *hdev;
@@ -1171,7 +1137,62 @@ int l2cap_chan_connect(struct l2cap_chan *chan)
1171 if (!hdev) 1137 if (!hdev)
1172 return -EHOSTUNREACH; 1138 return -EHOSTUNREACH;
1173 1139
1174 hci_dev_lock_bh(hdev); 1140 hci_dev_lock(hdev);
1141
1142 lock_sock(sk);
1143
1144 /* PSM must be odd and lsb of upper byte must be 0 */
1145 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1146 chan->chan_type != L2CAP_CHAN_RAW) {
1147 err = -EINVAL;
1148 goto done;
1149 }
1150
1151 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1152 err = -EINVAL;
1153 goto done;
1154 }
1155
1156 switch (chan->mode) {
1157 case L2CAP_MODE_BASIC:
1158 break;
1159 case L2CAP_MODE_ERTM:
1160 case L2CAP_MODE_STREAMING:
1161 if (!disable_ertm)
1162 break;
1163 /* fall through */
1164 default:
1165 err = -ENOTSUPP;
1166 goto done;
1167 }
1168
1169 switch (sk->sk_state) {
1170 case BT_CONNECT:
1171 case BT_CONNECT2:
1172 case BT_CONFIG:
1173 /* Already connecting */
1174 err = 0;
1175 goto done;
1176
1177 case BT_CONNECTED:
1178 /* Already connected */
1179 err = -EISCONN;
1180 goto done;
1181
1182 case BT_OPEN:
1183 case BT_BOUND:
1184 /* Can connect */
1185 break;
1186
1187 default:
1188 err = -EBADFD;
1189 goto done;
1190 }
1191
1192 /* Set destination address and psm */
1193 bacpy(&bt_sk(sk)->dst, src);
1194 chan->psm = psm;
1195 chan->dcid = cid;
1175 1196
1176 auth_type = l2cap_get_auth_type(chan); 1197 auth_type = l2cap_get_auth_type(chan);
1177 1198
@@ -1214,7 +1235,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan)
1214 err = 0; 1235 err = 0;
1215 1236
1216done: 1237done:
1217 hci_dev_unlock_bh(hdev); 1238 hci_dev_unlock(hdev);
1218 hci_dev_put(hdev); 1239 hci_dev_put(hdev);
1219 return err; 1240 return err;
1220} 1241}
@@ -1251,17 +1272,18 @@ int __l2cap_wait_ack(struct sock *sk)
1251 return err; 1272 return err;
1252} 1273}
1253 1274
1254static void l2cap_monitor_timeout(unsigned long arg) 1275static void l2cap_monitor_timeout(struct work_struct *work)
1255{ 1276{
1256 struct l2cap_chan *chan = (void *) arg; 1277 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1278 monitor_timer.work);
1257 struct sock *sk = chan->sk; 1279 struct sock *sk = chan->sk;
1258 1280
1259 BT_DBG("chan %p", chan); 1281 BT_DBG("chan %p", chan);
1260 1282
1261 bh_lock_sock(sk); 1283 lock_sock(sk);
1262 if (chan->retry_count >= chan->remote_max_tx) { 1284 if (chan->retry_count >= chan->remote_max_tx) {
1263 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED); 1285 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1264 bh_unlock_sock(sk); 1286 release_sock(sk);
1265 return; 1287 return;
1266 } 1288 }
1267 1289
@@ -1269,24 +1291,25 @@ static void l2cap_monitor_timeout(unsigned long arg)
1269 __set_monitor_timer(chan); 1291 __set_monitor_timer(chan);
1270 1292
1271 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); 1293 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1272 bh_unlock_sock(sk); 1294 release_sock(sk);
1273} 1295}
1274 1296
1275static void l2cap_retrans_timeout(unsigned long arg) 1297static void l2cap_retrans_timeout(struct work_struct *work)
1276{ 1298{
1277 struct l2cap_chan *chan = (void *) arg; 1299 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1300 retrans_timer.work);
1278 struct sock *sk = chan->sk; 1301 struct sock *sk = chan->sk;
1279 1302
1280 BT_DBG("chan %p", chan); 1303 BT_DBG("chan %p", chan);
1281 1304
1282 bh_lock_sock(sk); 1305 lock_sock(sk);
1283 chan->retry_count = 1; 1306 chan->retry_count = 1;
1284 __set_monitor_timer(chan); 1307 __set_monitor_timer(chan);
1285 1308
1286 set_bit(CONN_WAIT_F, &chan->conn_state); 1309 set_bit(CONN_WAIT_F, &chan->conn_state);
1287 1310
1288 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); 1311 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1289 bh_unlock_sock(sk); 1312 release_sock(sk);
1290} 1313}
1291 1314
1292static void l2cap_drop_acked_frames(struct l2cap_chan *chan) 1315static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
@@ -1778,8 +1801,9 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1778 1801
1779 BT_DBG("conn %p", conn); 1802 BT_DBG("conn %p", conn);
1780 1803
1781 read_lock(&conn->chan_lock); 1804 rcu_read_lock();
1782 list_for_each_entry(chan, &conn->chan_l, list) { 1805
1806 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
1783 struct sock *sk = chan->sk; 1807 struct sock *sk = chan->sk;
1784 if (chan->chan_type != L2CAP_CHAN_RAW) 1808 if (chan->chan_type != L2CAP_CHAN_RAW)
1785 continue; 1809 continue;
@@ -1794,7 +1818,8 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1794 if (chan->ops->recv(chan->data, nskb)) 1818 if (chan->ops->recv(chan->data, nskb))
1795 kfree_skb(nskb); 1819 kfree_skb(nskb);
1796 } 1820 }
1797 read_unlock(&conn->chan_lock); 1821
1822 rcu_read_unlock();
1798} 1823}
1799 1824
1800/* ---- L2CAP signalling commands ---- */ 1825/* ---- L2CAP signalling commands ---- */
@@ -1955,37 +1980,33 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1955 (unsigned long) &efs); 1980 (unsigned long) &efs);
1956} 1981}
1957 1982
1958static void l2cap_ack_timeout(unsigned long arg) 1983static void l2cap_ack_timeout(struct work_struct *work)
1959{ 1984{
1960 struct l2cap_chan *chan = (void *) arg; 1985 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1986 ack_timer.work);
1961 1987
1962 bh_lock_sock(chan->sk); 1988 BT_DBG("chan %p", chan);
1989
1990 lock_sock(chan->sk);
1963 l2cap_send_ack(chan); 1991 l2cap_send_ack(chan);
1964 bh_unlock_sock(chan->sk); 1992 release_sock(chan->sk);
1965} 1993}
1966 1994
1967static inline void l2cap_ertm_init(struct l2cap_chan *chan) 1995static inline void l2cap_ertm_init(struct l2cap_chan *chan)
1968{ 1996{
1969 struct sock *sk = chan->sk;
1970
1971 chan->expected_ack_seq = 0; 1997 chan->expected_ack_seq = 0;
1972 chan->unacked_frames = 0; 1998 chan->unacked_frames = 0;
1973 chan->buffer_seq = 0; 1999 chan->buffer_seq = 0;
1974 chan->num_acked = 0; 2000 chan->num_acked = 0;
1975 chan->frames_sent = 0; 2001 chan->frames_sent = 0;
1976 2002
1977 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout, 2003 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
1978 (unsigned long) chan); 2004 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
1979 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout, 2005 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
1980 (unsigned long) chan);
1981 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
1982 2006
1983 skb_queue_head_init(&chan->srej_q); 2007 skb_queue_head_init(&chan->srej_q);
1984 2008
1985 INIT_LIST_HEAD(&chan->srej_l); 2009 INIT_LIST_HEAD(&chan->srej_l);
1986
1987
1988 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1989} 2010}
1990 2011
1991static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask) 2012static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
@@ -2553,7 +2574,7 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
2553 2574
2554 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && 2575 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2555 cmd->ident == conn->info_ident) { 2576 cmd->ident == conn->info_ident) {
2556 del_timer(&conn->info_timer); 2577 __cancel_delayed_work(&conn->info_timer);
2557 2578
2558 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 2579 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2559 conn->info_ident = 0; 2580 conn->info_ident = 0;
@@ -2586,7 +2607,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2586 2607
2587 parent = pchan->sk; 2608 parent = pchan->sk;
2588 2609
2589 bh_lock_sock(parent); 2610 lock_sock(parent);
2590 2611
2591 /* Check if the ACL is secure enough (if not SDP) */ 2612 /* Check if the ACL is secure enough (if not SDP) */
2592 if (psm != cpu_to_le16(0x0001) && 2613 if (psm != cpu_to_le16(0x0001) &&
@@ -2610,11 +2631,8 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2610 2631
2611 sk = chan->sk; 2632 sk = chan->sk;
2612 2633
2613 write_lock_bh(&conn->chan_lock);
2614
2615 /* Check if we already have channel with that dcid */ 2634 /* Check if we already have channel with that dcid */
2616 if (__l2cap_get_chan_by_dcid(conn, scid)) { 2635 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2617 write_unlock_bh(&conn->chan_lock);
2618 sock_set_flag(sk, SOCK_ZAPPED); 2636 sock_set_flag(sk, SOCK_ZAPPED);
2619 chan->ops->close(chan->data); 2637 chan->ops->close(chan->data);
2620 goto response; 2638 goto response;
@@ -2629,7 +2647,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2629 2647
2630 bt_accept_enqueue(parent, sk); 2648 bt_accept_enqueue(parent, sk);
2631 2649
2632 __l2cap_chan_add(conn, chan); 2650 l2cap_chan_add(conn, chan);
2633 2651
2634 dcid = chan->scid; 2652 dcid = chan->scid;
2635 2653
@@ -2660,10 +2678,8 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2660 status = L2CAP_CS_NO_INFO; 2678 status = L2CAP_CS_NO_INFO;
2661 } 2679 }
2662 2680
2663 write_unlock_bh(&conn->chan_lock);
2664
2665response: 2681response:
2666 bh_unlock_sock(parent); 2682 release_sock(parent);
2667 2683
2668sendresp: 2684sendresp:
2669 rsp.scid = cpu_to_le16(scid); 2685 rsp.scid = cpu_to_le16(scid);
@@ -2679,7 +2695,7 @@ sendresp:
2679 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 2695 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2680 conn->info_ident = l2cap_get_ident(conn); 2696 conn->info_ident = l2cap_get_ident(conn);
2681 2697
2682 mod_timer(&conn->info_timer, jiffies + 2698 schedule_delayed_work(&conn->info_timer,
2683 msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 2699 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2684 2700
2685 l2cap_send_cmd(conn, conn->info_ident, 2701 l2cap_send_cmd(conn, conn->info_ident,
@@ -2745,19 +2761,11 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2745 break; 2761 break;
2746 2762
2747 default: 2763 default:
2748 /* don't delete l2cap channel if sk is owned by user */
2749 if (sock_owned_by_user(sk)) {
2750 l2cap_state_change(chan, BT_DISCONN);
2751 __clear_chan_timer(chan);
2752 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2753 break;
2754 }
2755
2756 l2cap_chan_del(chan, ECONNREFUSED); 2764 l2cap_chan_del(chan, ECONNREFUSED);
2757 break; 2765 break;
2758 } 2766 }
2759 2767
2760 bh_unlock_sock(sk); 2768 release_sock(sk);
2761 return 0; 2769 return 0;
2762} 2770}
2763 2771
@@ -2879,7 +2887,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2879 } 2887 }
2880 2888
2881unlock: 2889unlock:
2882 bh_unlock_sock(sk); 2890 release_sock(sk);
2883 return 0; 2891 return 0;
2884} 2892}
2885 2893
@@ -2986,7 +2994,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2986 } 2994 }
2987 2995
2988done: 2996done:
2989 bh_unlock_sock(sk); 2997 release_sock(sk);
2990 return 0; 2998 return 0;
2991} 2999}
2992 3000
@@ -3015,17 +3023,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3015 3023
3016 sk->sk_shutdown = SHUTDOWN_MASK; 3024 sk->sk_shutdown = SHUTDOWN_MASK;
3017 3025
3018 /* don't delete l2cap channel if sk is owned by user */
3019 if (sock_owned_by_user(sk)) {
3020 l2cap_state_change(chan, BT_DISCONN);
3021 __clear_chan_timer(chan);
3022 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
3023 bh_unlock_sock(sk);
3024 return 0;
3025 }
3026
3027 l2cap_chan_del(chan, ECONNRESET); 3026 l2cap_chan_del(chan, ECONNRESET);
3028 bh_unlock_sock(sk); 3027 release_sock(sk);
3029 3028
3030 chan->ops->close(chan->data); 3029 chan->ops->close(chan->data);
3031 return 0; 3030 return 0;
@@ -3049,17 +3048,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3049 3048
3050 sk = chan->sk; 3049 sk = chan->sk;
3051 3050
3052 /* don't delete l2cap channel if sk is owned by user */
3053 if (sock_owned_by_user(sk)) {
3054 l2cap_state_change(chan, BT_DISCONN);
3055 __clear_chan_timer(chan);
3056 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
3057 bh_unlock_sock(sk);
3058 return 0;
3059 }
3060
3061 l2cap_chan_del(chan, 0); 3051 l2cap_chan_del(chan, 0);
3062 bh_unlock_sock(sk); 3052 release_sock(sk);
3063 3053
3064 chan->ops->close(chan->data); 3054 chan->ops->close(chan->data);
3065 return 0; 3055 return 0;
@@ -3130,7 +3120,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3130 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) 3120 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3131 return 0; 3121 return 0;
3132 3122
3133 del_timer(&conn->info_timer); 3123 __cancel_delayed_work(&conn->info_timer);
3134 3124
3135 if (result != L2CAP_IR_SUCCESS) { 3125 if (result != L2CAP_IR_SUCCESS) {
3136 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 3126 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
@@ -4247,12 +4237,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4247 break; 4237 break;
4248 4238
4249 case L2CAP_MODE_ERTM: 4239 case L2CAP_MODE_ERTM:
4250 if (!sock_owned_by_user(sk)) { 4240 l2cap_ertm_data_rcv(sk, skb);
4251 l2cap_ertm_data_rcv(sk, skb);
4252 } else {
4253 if (sk_add_backlog(sk, skb))
4254 goto drop;
4255 }
4256 4241
4257 goto done; 4242 goto done;
4258 4243
@@ -4302,7 +4287,7 @@ drop:
4302 4287
4303done: 4288done:
4304 if (sk) 4289 if (sk)
4305 bh_unlock_sock(sk); 4290 release_sock(sk);
4306 4291
4307 return 0; 4292 return 0;
4308} 4293}
@@ -4318,7 +4303,7 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
4318 4303
4319 sk = chan->sk; 4304 sk = chan->sk;
4320 4305
4321 bh_lock_sock(sk); 4306 lock_sock(sk);
4322 4307
4323 BT_DBG("sk %p, len %d", sk, skb->len); 4308 BT_DBG("sk %p, len %d", sk, skb->len);
4324 4309
@@ -4336,7 +4321,7 @@ drop:
4336 4321
4337done: 4322done:
4338 if (sk) 4323 if (sk)
4339 bh_unlock_sock(sk); 4324 release_sock(sk);
4340 return 0; 4325 return 0;
4341} 4326}
4342 4327
@@ -4351,7 +4336,7 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct
4351 4336
4352 sk = chan->sk; 4337 sk = chan->sk;
4353 4338
4354 bh_lock_sock(sk); 4339 lock_sock(sk);
4355 4340
4356 BT_DBG("sk %p, len %d", sk, skb->len); 4341 BT_DBG("sk %p, len %d", sk, skb->len);
4357 4342
@@ -4369,7 +4354,7 @@ drop:
4369 4354
4370done: 4355done:
4371 if (sk) 4356 if (sk)
4372 bh_unlock_sock(sk); 4357 release_sock(sk);
4373 return 0; 4358 return 0;
4374} 4359}
4375 4360
@@ -4419,14 +4404,11 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4419 4404
4420/* ---- L2CAP interface with lower layer (HCI) ---- */ 4405/* ---- L2CAP interface with lower layer (HCI) ---- */
4421 4406
4422static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 4407int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
4423{ 4408{
4424 int exact = 0, lm1 = 0, lm2 = 0; 4409 int exact = 0, lm1 = 0, lm2 = 0;
4425 struct l2cap_chan *c; 4410 struct l2cap_chan *c;
4426 4411
4427 if (type != ACL_LINK)
4428 return -EINVAL;
4429
4430 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 4412 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4431 4413
4432 /* Find listening sockets and check their link_mode */ 4414 /* Find listening sockets and check their link_mode */
@@ -4453,15 +4435,12 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4453 return exact ? lm1 : lm2; 4435 return exact ? lm1 : lm2;
4454} 4436}
4455 4437
4456static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status) 4438int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4457{ 4439{
4458 struct l2cap_conn *conn; 4440 struct l2cap_conn *conn;
4459 4441
4460 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 4442 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4461 4443
4462 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
4463 return -EINVAL;
4464
4465 if (!status) { 4444 if (!status) {
4466 conn = l2cap_conn_add(hcon, status); 4445 conn = l2cap_conn_add(hcon, status);
4467 if (conn) 4446 if (conn)
@@ -4472,27 +4451,22 @@ static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4472 return 0; 4451 return 0;
4473} 4452}
4474 4453
4475static int l2cap_disconn_ind(struct hci_conn *hcon) 4454int l2cap_disconn_ind(struct hci_conn *hcon)
4476{ 4455{
4477 struct l2cap_conn *conn = hcon->l2cap_data; 4456 struct l2cap_conn *conn = hcon->l2cap_data;
4478 4457
4479 BT_DBG("hcon %p", hcon); 4458 BT_DBG("hcon %p", hcon);
4480 4459
4481 if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn) 4460 if (!conn)
4482 return HCI_ERROR_REMOTE_USER_TERM; 4461 return HCI_ERROR_REMOTE_USER_TERM;
4483
4484 return conn->disc_reason; 4462 return conn->disc_reason;
4485} 4463}
4486 4464
4487static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason) 4465int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4488{ 4466{
4489 BT_DBG("hcon %p reason %d", hcon, reason); 4467 BT_DBG("hcon %p reason %d", hcon, reason);
4490 4468
4491 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
4492 return -EINVAL;
4493
4494 l2cap_conn_del(hcon, bt_to_errno(reason)); 4469 l2cap_conn_del(hcon, bt_to_errno(reason));
4495
4496 return 0; 4470 return 0;
4497} 4471}
4498 4472
@@ -4513,7 +4487,7 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
4513 } 4487 }
4514} 4488}
4515 4489
4516static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) 4490int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4517{ 4491{
4518 struct l2cap_conn *conn = hcon->l2cap_data; 4492 struct l2cap_conn *conn = hcon->l2cap_data;
4519 struct l2cap_chan *chan; 4493 struct l2cap_chan *chan;
@@ -4525,12 +4499,12 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4525 4499
4526 if (hcon->type == LE_LINK) { 4500 if (hcon->type == LE_LINK) {
4527 smp_distribute_keys(conn, 0); 4501 smp_distribute_keys(conn, 0);
4528 del_timer(&conn->security_timer); 4502 __cancel_delayed_work(&conn->security_timer);
4529 } 4503 }
4530 4504
4531 read_lock(&conn->chan_lock); 4505 rcu_read_lock();
4532 4506
4533 list_for_each_entry(chan, &conn->chan_l, list) { 4507 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
4534 struct sock *sk = chan->sk; 4508 struct sock *sk = chan->sk;
4535 4509
4536 bh_lock_sock(sk); 4510 bh_lock_sock(sk);
@@ -4608,12 +4582,12 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4608 bh_unlock_sock(sk); 4582 bh_unlock_sock(sk);
4609 } 4583 }
4610 4584
4611 read_unlock(&conn->chan_lock); 4585 rcu_read_unlock();
4612 4586
4613 return 0; 4587 return 0;
4614} 4588}
4615 4589
4616static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 4590int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4617{ 4591{
4618 struct l2cap_conn *conn = hcon->l2cap_data; 4592 struct l2cap_conn *conn = hcon->l2cap_data;
4619 4593
@@ -4674,11 +4648,11 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
4674 BT_ERR("Frame exceeding recv MTU (len %d, " 4648 BT_ERR("Frame exceeding recv MTU (len %d, "
4675 "MTU %d)", len, 4649 "MTU %d)", len,
4676 chan->imtu); 4650 chan->imtu);
4677 bh_unlock_sock(sk); 4651 release_sock(sk);
4678 l2cap_conn_unreliable(conn, ECOMM); 4652 l2cap_conn_unreliable(conn, ECOMM);
4679 goto drop; 4653 goto drop;
4680 } 4654 }
4681 bh_unlock_sock(sk); 4655 release_sock(sk);
4682 } 4656 }
4683 4657
4684 /* Allocate skb for the complete frame (with header) */ 4658 /* Allocate skb for the complete frame (with header) */
@@ -4760,17 +4734,6 @@ static const struct file_operations l2cap_debugfs_fops = {
4760 4734
4761static struct dentry *l2cap_debugfs; 4735static struct dentry *l2cap_debugfs;
4762 4736
4763static struct hci_proto l2cap_hci_proto = {
4764 .name = "L2CAP",
4765 .id = HCI_PROTO_L2CAP,
4766 .connect_ind = l2cap_connect_ind,
4767 .connect_cfm = l2cap_connect_cfm,
4768 .disconn_ind = l2cap_disconn_ind,
4769 .disconn_cfm = l2cap_disconn_cfm,
4770 .security_cfm = l2cap_security_cfm,
4771 .recv_acldata = l2cap_recv_acldata
4772};
4773
4774int __init l2cap_init(void) 4737int __init l2cap_init(void)
4775{ 4738{
4776 int err; 4739 int err;
@@ -4779,13 +4742,6 @@ int __init l2cap_init(void)
4779 if (err < 0) 4742 if (err < 0)
4780 return err; 4743 return err;
4781 4744
4782 err = hci_register_proto(&l2cap_hci_proto);
4783 if (err < 0) {
4784 BT_ERR("L2CAP protocol registration failed");
4785 bt_sock_unregister(BTPROTO_L2CAP);
4786 goto error;
4787 }
4788
4789 if (bt_debugfs) { 4745 if (bt_debugfs) {
4790 l2cap_debugfs = debugfs_create_file("l2cap", 0444, 4746 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4791 bt_debugfs, NULL, &l2cap_debugfs_fops); 4747 bt_debugfs, NULL, &l2cap_debugfs_fops);
@@ -4794,19 +4750,11 @@ int __init l2cap_init(void)
4794 } 4750 }
4795 4751
4796 return 0; 4752 return 0;
4797
4798error:
4799 l2cap_cleanup_sockets();
4800 return err;
4801} 4753}
4802 4754
4803void l2cap_exit(void) 4755void l2cap_exit(void)
4804{ 4756{
4805 debugfs_remove(l2cap_debugfs); 4757 debugfs_remove(l2cap_debugfs);
4806
4807 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4808 BT_ERR("L2CAP protocol unregistration failed");
4809
4810 l2cap_cleanup_sockets(); 4758 l2cap_cleanup_sockets();
4811} 4759}
4812 4760
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-25 10:36:18 -0400