aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2011-04-19 15:34:48 -0400
committerJohn W. Linville <linville@tuxdriver.com>2011-04-19 15:34:48 -0400
commitbb411b4db2767cfd4a99b3328da843ce4ea1596a (patch)
tree8b03d033476d9bb4abbff4f214a1b942081828e9
parent44c866a0a57b08b7090be24ccb33679ed1d4f476 (diff)
parent26954c7f26068b6ced108806fdd39aee5cd54e6f (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
Diffstat
-rw-r--r--drivers/bluetooth/Kconfig4
-rw-r--r--drivers/bluetooth/ath3k.c3
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c124
-rw-r--r--drivers/bluetooth/btmrvl_sdio.h68
-rw-r--r--drivers/bluetooth/hci_ath.c7
-rw-r--r--drivers/bluetooth/hci_h4.c7
-rw-r--r--drivers/bluetooth/hci_ldisc.c6
-rw-r--r--include/net/bluetooth/l2cap.h130
-rw-r--r--net/bluetooth/hci_event.c4
-rw-r--r--net/bluetooth/l2cap_core.c1344
-rw-r--r--net/bluetooth/l2cap_sock.c72
11 files changed, 964 insertions, 805 deletions
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index 8e0de9a05867..11b41fd40c27 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -188,7 +188,7 @@ config BT_MRVL
188 The core driver to support Marvell Bluetooth devices. 188 The core driver to support Marvell Bluetooth devices.
189 189
190 This driver is required if you want to support 190 This driver is required if you want to support
191 Marvell Bluetooth devices, such as 8688. 191 Marvell Bluetooth devices, such as 8688/8787.
192 192
193 Say Y here to compile Marvell Bluetooth driver 193 Say Y here to compile Marvell Bluetooth driver
194 into the kernel or say M to compile it as module. 194 into the kernel or say M to compile it as module.
@@ -201,7 +201,7 @@ config BT_MRVL_SDIO
201 The driver for Marvell Bluetooth chipsets with SDIO interface. 201 The driver for Marvell Bluetooth chipsets with SDIO interface.
202 202
203 This driver is required if you want to use Marvell Bluetooth 203 This driver is required if you want to use Marvell Bluetooth
204 devices with SDIO interface. Currently only SD8688 chipset is 204 devices with SDIO interface. Currently SD8688/SD8787 chipsets are
205 supported. 205 supported.
206 206
207 Say Y here to compile support for Marvell BT-over-SDIO driver 207 Say Y here to compile support for Marvell BT-over-SDIO driver
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index 5577ed656e2f..695d4414bd4c 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -138,9 +138,6 @@ static int ath3k_load_firmware(struct usb_device *udev,
138 count -= size; 138 count -= size;
139 } 139 }
140 140
141 kfree(send_buf);
142 return 0;
143
144error: 141error:
145 kfree(send_buf); 142 kfree(send_buf);
146 return err; 143 return err;
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index dcc2a6ec23f0..7f521d4ac657 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -49,15 +49,59 @@
49static u8 user_rmmod; 49static u8 user_rmmod;
50static u8 sdio_ireg; 50static u8 sdio_ireg;
51 51
52static const struct btmrvl_sdio_card_reg btmrvl_reg_8688 = {
53 .cfg = 0x03,
54 .host_int_mask = 0x04,
55 .host_intstatus = 0x05,
56 .card_status = 0x20,
57 .sq_read_base_addr_a0 = 0x10,
58 .sq_read_base_addr_a1 = 0x11,
59 .card_fw_status0 = 0x40,
60 .card_fw_status1 = 0x41,
61 .card_rx_len = 0x42,
62 .card_rx_unit = 0x43,
63 .io_port_0 = 0x00,
64 .io_port_1 = 0x01,
65 .io_port_2 = 0x02,
66};
67static const struct btmrvl_sdio_card_reg btmrvl_reg_8787 = {
68 .cfg = 0x00,
69 .host_int_mask = 0x02,
70 .host_intstatus = 0x03,
71 .card_status = 0x30,
72 .sq_read_base_addr_a0 = 0x40,
73 .sq_read_base_addr_a1 = 0x41,
74 .card_revision = 0x5c,
75 .card_fw_status0 = 0x60,
76 .card_fw_status1 = 0x61,
77 .card_rx_len = 0x62,
78 .card_rx_unit = 0x63,
79 .io_port_0 = 0x78,
80 .io_port_1 = 0x79,
81 .io_port_2 = 0x7a,
82};
83
52static const struct btmrvl_sdio_device btmrvl_sdio_sd6888 = { 84static const struct btmrvl_sdio_device btmrvl_sdio_sd6888 = {
53 .helper = "sd8688_helper.bin", 85 .helper = "sd8688_helper.bin",
54 .firmware = "sd8688.bin", 86 .firmware = "sd8688.bin",
87 .reg = &btmrvl_reg_8688,
88 .sd_blksz_fw_dl = 64,
89};
90
91static const struct btmrvl_sdio_device btmrvl_sdio_sd8787 = {
92 .helper = NULL,
93 .firmware = "mrvl/sd8787_uapsta.bin",
94 .reg = &btmrvl_reg_8787,
95 .sd_blksz_fw_dl = 256,
55}; 96};
56 97
57static const struct sdio_device_id btmrvl_sdio_ids[] = { 98static const struct sdio_device_id btmrvl_sdio_ids[] = {
58 /* Marvell SD8688 Bluetooth device */ 99 /* Marvell SD8688 Bluetooth device */
59 { SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, 0x9105), 100 { SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, 0x9105),
60 .driver_data = (unsigned long) &btmrvl_sdio_sd6888 }, 101 .driver_data = (unsigned long) &btmrvl_sdio_sd6888 },
102 /* Marvell SD8787 Bluetooth device */
103 { SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, 0x911A),
104 .driver_data = (unsigned long) &btmrvl_sdio_sd8787 },
61 105
62 { } /* Terminating entry */ 106 { } /* Terminating entry */
63}; 107};
@@ -69,7 +113,7 @@ static int btmrvl_sdio_get_rx_unit(struct btmrvl_sdio_card *card)
69 u8 reg; 113 u8 reg;
70 int ret; 114 int ret;
71 115
72 reg = sdio_readb(card->func, CARD_RX_UNIT_REG, &ret); 116 reg = sdio_readb(card->func, card->reg->card_rx_unit, &ret);
73 if (!ret) 117 if (!ret)
74 card->rx_unit = reg; 118 card->rx_unit = reg;
75 119
@@ -83,11 +127,11 @@ static int btmrvl_sdio_read_fw_status(struct btmrvl_sdio_card *card, u16 *dat)
83 127
84 *dat = 0; 128 *dat = 0;
85 129
86 fws0 = sdio_readb(card->func, CARD_FW_STATUS0_REG, &ret); 130 fws0 = sdio_readb(card->func, card->reg->card_fw_status0, &ret);
87 if (ret) 131 if (ret)
88 return -EIO; 132 return -EIO;
89 133
90 fws1 = sdio_readb(card->func, CARD_FW_STATUS1_REG, &ret); 134 fws1 = sdio_readb(card->func, card->reg->card_fw_status1, &ret);
91 if (ret) 135 if (ret)
92 return -EIO; 136 return -EIO;
93 137
@@ -101,7 +145,7 @@ static int btmrvl_sdio_read_rx_len(struct btmrvl_sdio_card *card, u16 *dat)
101 u8 reg; 145 u8 reg;
102 int ret; 146 int ret;
103 147
104 reg = sdio_readb(card->func, CARD_RX_LEN_REG, &ret); 148 reg = sdio_readb(card->func, card->reg->card_rx_len, &ret);
105 if (!ret) 149 if (!ret)
106 *dat = (u16) reg << card->rx_unit; 150 *dat = (u16) reg << card->rx_unit;
107 151
@@ -113,7 +157,7 @@ static int btmrvl_sdio_enable_host_int_mask(struct btmrvl_sdio_card *card,
113{ 157{
114 int ret; 158 int ret;
115 159
116 sdio_writeb(card->func, mask, HOST_INT_MASK_REG, &ret); 160 sdio_writeb(card->func, mask, card->reg->host_int_mask, &ret);
117 if (ret) { 161 if (ret) {
118 BT_ERR("Unable to enable the host interrupt!"); 162 BT_ERR("Unable to enable the host interrupt!");
119 ret = -EIO; 163 ret = -EIO;
@@ -128,13 +172,13 @@ static int btmrvl_sdio_disable_host_int_mask(struct btmrvl_sdio_card *card,
128 u8 host_int_mask; 172 u8 host_int_mask;
129 int ret; 173 int ret;
130 174
131 host_int_mask = sdio_readb(card->func, HOST_INT_MASK_REG, &ret); 175 host_int_mask = sdio_readb(card->func, card->reg->host_int_mask, &ret);
132 if (ret) 176 if (ret)
133 return -EIO; 177 return -EIO;
134 178
135 host_int_mask &= ~mask; 179 host_int_mask &= ~mask;
136 180
137 sdio_writeb(card->func, host_int_mask, HOST_INT_MASK_REG, &ret); 181 sdio_writeb(card->func, host_int_mask, card->reg->host_int_mask, &ret);
138 if (ret < 0) { 182 if (ret < 0) {
139 BT_ERR("Unable to disable the host interrupt!"); 183 BT_ERR("Unable to disable the host interrupt!");
140 return -EIO; 184 return -EIO;
@@ -150,7 +194,7 @@ static int btmrvl_sdio_poll_card_status(struct btmrvl_sdio_card *card, u8 bits)
150 int ret; 194 int ret;
151 195
152 for (tries = 0; tries < MAX_POLL_TRIES * 1000; tries++) { 196 for (tries = 0; tries < MAX_POLL_TRIES * 1000; tries++) {
153 status = sdio_readb(card->func, CARD_STATUS_REG, &ret); 197 status = sdio_readb(card->func, card->reg->card_status, &ret);
154 if (ret) 198 if (ret)
155 goto failed; 199 goto failed;
156 if ((status & bits) == bits) 200 if ((status & bits) == bits)
@@ -299,7 +343,7 @@ static int btmrvl_sdio_download_fw_w_helper(struct btmrvl_sdio_card *card)
299 u8 base0, base1; 343 u8 base0, base1;
300 void *tmpfwbuf = NULL; 344 void *tmpfwbuf = NULL;
301 u8 *fwbuf; 345 u8 *fwbuf;
302 u16 len; 346 u16 len, blksz_dl = card->sd_blksz_fw_dl;
303 int txlen = 0, tx_blocks = 0, count = 0; 347 int txlen = 0, tx_blocks = 0, count = 0;
304 348
305 ret = request_firmware(&fw_firmware, card->firmware, 349 ret = request_firmware(&fw_firmware, card->firmware,
@@ -345,7 +389,7 @@ static int btmrvl_sdio_download_fw_w_helper(struct btmrvl_sdio_card *card)
345 389
346 for (tries = 0; tries < MAX_POLL_TRIES; tries++) { 390 for (tries = 0; tries < MAX_POLL_TRIES; tries++) {
347 base0 = sdio_readb(card->func, 391 base0 = sdio_readb(card->func,
348 SQ_READ_BASE_ADDRESS_A0_REG, &ret); 392 card->reg->sq_read_base_addr_a0, &ret);
349 if (ret) { 393 if (ret) {
350 BT_ERR("BASE0 register read failed:" 394 BT_ERR("BASE0 register read failed:"
351 " base0 = 0x%04X(%d)." 395 " base0 = 0x%04X(%d)."
@@ -355,7 +399,7 @@ static int btmrvl_sdio_download_fw_w_helper(struct btmrvl_sdio_card *card)
355 goto done; 399 goto done;
356 } 400 }
357 base1 = sdio_readb(card->func, 401 base1 = sdio_readb(card->func,
358 SQ_READ_BASE_ADDRESS_A1_REG, &ret); 402 card->reg->sq_read_base_addr_a1, &ret);
359 if (ret) { 403 if (ret) {
360 BT_ERR("BASE1 register read failed:" 404 BT_ERR("BASE1 register read failed:"
361 " base1 = 0x%04X(%d)." 405 " base1 = 0x%04X(%d)."
@@ -403,20 +447,19 @@ static int btmrvl_sdio_download_fw_w_helper(struct btmrvl_sdio_card *card)
403 if (firmwarelen - offset < txlen) 447 if (firmwarelen - offset < txlen)
404 txlen = firmwarelen - offset; 448 txlen = firmwarelen - offset;
405 449
406 tx_blocks = 450 tx_blocks = (txlen + blksz_dl - 1) / blksz_dl;
407 (txlen + SDIO_BLOCK_SIZE - 1) / SDIO_BLOCK_SIZE;
408 451
409 memcpy(fwbuf, &firmware[offset], txlen); 452 memcpy(fwbuf, &firmware[offset], txlen);
410 } 453 }
411 454
412 ret = sdio_writesb(card->func, card->ioport, fwbuf, 455 ret = sdio_writesb(card->func, card->ioport, fwbuf,
413 tx_blocks * SDIO_BLOCK_SIZE); 456 tx_blocks * blksz_dl);
414 457
415 if (ret < 0) { 458 if (ret < 0) {
416 BT_ERR("FW download, writesb(%d) failed @%d", 459 BT_ERR("FW download, writesb(%d) failed @%d",
417 count, offset); 460 count, offset);
418 sdio_writeb(card->func, HOST_CMD53_FIN, CONFIG_REG, 461 sdio_writeb(card->func, HOST_CMD53_FIN,
419 &ret); 462 card->reg->cfg, &ret);
420 if (ret) 463 if (ret)
421 BT_ERR("writeb failed (CFG)"); 464 BT_ERR("writeb failed (CFG)");
422 } 465 }
@@ -597,7 +640,7 @@ static void btmrvl_sdio_interrupt(struct sdio_func *func)
597 640
598 priv = card->priv; 641 priv = card->priv;
599 642
600 ireg = sdio_readb(card->func, HOST_INTSTATUS_REG, &ret); 643 ireg = sdio_readb(card->func, card->reg->host_intstatus, &ret);
601 if (ret) { 644 if (ret) {
602 BT_ERR("sdio_readb: read int status register failed"); 645 BT_ERR("sdio_readb: read int status register failed");
603 return; 646 return;
@@ -613,7 +656,7 @@ static void btmrvl_sdio_interrupt(struct sdio_func *func)
613 656
614 sdio_writeb(card->func, ~(ireg) & (DN_LD_HOST_INT_STATUS | 657 sdio_writeb(card->func, ~(ireg) & (DN_LD_HOST_INT_STATUS |
615 UP_LD_HOST_INT_STATUS), 658 UP_LD_HOST_INT_STATUS),
616 HOST_INTSTATUS_REG, &ret); 659 card->reg->host_intstatus, &ret);
617 if (ret) { 660 if (ret) {
618 BT_ERR("sdio_writeb: clear int status register failed"); 661 BT_ERR("sdio_writeb: clear int status register failed");
619 return; 662 return;
@@ -664,7 +707,7 @@ static int btmrvl_sdio_register_dev(struct btmrvl_sdio_card *card)
664 goto release_irq; 707 goto release_irq;
665 } 708 }
666 709
667 reg = sdio_readb(func, IO_PORT_0_REG, &ret); 710 reg = sdio_readb(func, card->reg->io_port_0, &ret);
668 if (ret < 0) { 711 if (ret < 0) {
669 ret = -EIO; 712 ret = -EIO;
670 goto release_irq; 713 goto release_irq;
@@ -672,7 +715,7 @@ static int btmrvl_sdio_register_dev(struct btmrvl_sdio_card *card)
672 715
673 card->ioport = reg; 716 card->ioport = reg;
674 717
675 reg = sdio_readb(func, IO_PORT_1_REG, &ret); 718 reg = sdio_readb(func, card->reg->io_port_1, &ret);
676 if (ret < 0) { 719 if (ret < 0) {
677 ret = -EIO; 720 ret = -EIO;
678 goto release_irq; 721 goto release_irq;
@@ -680,7 +723,7 @@ static int btmrvl_sdio_register_dev(struct btmrvl_sdio_card *card)
680 723
681 card->ioport |= (reg << 8); 724 card->ioport |= (reg << 8);
682 725
683 reg = sdio_readb(func, IO_PORT_2_REG, &ret); 726 reg = sdio_readb(func, card->reg->io_port_2, &ret);
684 if (ret < 0) { 727 if (ret < 0) {
685 ret = -EIO; 728 ret = -EIO;
686 goto release_irq; 729 goto release_irq;
@@ -815,6 +858,8 @@ exit:
815static int btmrvl_sdio_download_fw(struct btmrvl_sdio_card *card) 858static int btmrvl_sdio_download_fw(struct btmrvl_sdio_card *card)
816{ 859{
817 int ret = 0; 860 int ret = 0;
861 u8 fws0;
862 int pollnum = MAX_POLL_TRIES;
818 863
819 if (!card || !card->func) { 864 if (!card || !card->func) {
820 BT_ERR("card or function is NULL!"); 865 BT_ERR("card or function is NULL!");
@@ -827,20 +872,36 @@ static int btmrvl_sdio_download_fw(struct btmrvl_sdio_card *card)
827 goto done; 872 goto done;
828 } 873 }
829 874
830 ret = btmrvl_sdio_download_helper(card); 875 /* Check if other function driver is downloading the firmware */
876 fws0 = sdio_readb(card->func, card->reg->card_fw_status0, &ret);
831 if (ret) { 877 if (ret) {
832 BT_ERR("Failed to download helper!"); 878 BT_ERR("Failed to read FW downloading status!");
833 ret = -EIO; 879 ret = -EIO;
834 goto done; 880 goto done;
835 } 881 }
882 if (fws0) {
883 BT_DBG("BT not the winner (%#x). Skip FW downloading", fws0);
884
885 /* Give other function more time to download the firmware */
886 pollnum *= 10;
887 } else {
888 if (card->helper) {
889 ret = btmrvl_sdio_download_helper(card);
890 if (ret) {
891 BT_ERR("Failed to download helper!");
892 ret = -EIO;
893 goto done;
894 }
895 }
836 896
837 if (btmrvl_sdio_download_fw_w_helper(card)) { 897 if (btmrvl_sdio_download_fw_w_helper(card)) {
838 BT_ERR("Failed to download firmware!"); 898 BT_ERR("Failed to download firmware!");
839 ret = -EIO; 899 ret = -EIO;
840 goto done; 900 goto done;
901 }
841 } 902 }
842 903
843 if (btmrvl_sdio_verify_fw_download(card, MAX_POLL_TRIES)) { 904 if (btmrvl_sdio_verify_fw_download(card, pollnum)) {
844 BT_ERR("FW failed to be active in time!"); 905 BT_ERR("FW failed to be active in time!");
845 ret = -ETIMEDOUT; 906 ret = -ETIMEDOUT;
846 goto done; 907 goto done;
@@ -864,7 +925,7 @@ static int btmrvl_sdio_wakeup_fw(struct btmrvl_private *priv)
864 925
865 sdio_claim_host(card->func); 926 sdio_claim_host(card->func);
866 927
867 sdio_writeb(card->func, HOST_POWER_UP, CONFIG_REG, &ret); 928 sdio_writeb(card->func, HOST_POWER_UP, card->reg->cfg, &ret);
868 929
869 sdio_release_host(card->func); 930 sdio_release_host(card->func);
870 931
@@ -893,8 +954,10 @@ static int btmrvl_sdio_probe(struct sdio_func *func,
893 954
894 if (id->driver_data) { 955 if (id->driver_data) {
895 struct btmrvl_sdio_device *data = (void *) id->driver_data; 956 struct btmrvl_sdio_device *data = (void *) id->driver_data;
896 card->helper = data->helper; 957 card->helper = data->helper;
897 card->firmware = data->firmware; 958 card->firmware = data->firmware;
959 card->reg = data->reg;
960 card->sd_blksz_fw_dl = data->sd_blksz_fw_dl;
898 } 961 }
899 962
900 if (btmrvl_sdio_register_dev(card) < 0) { 963 if (btmrvl_sdio_register_dev(card) < 0) {
@@ -1011,3 +1074,4 @@ MODULE_VERSION(VERSION);
1011MODULE_LICENSE("GPL v2"); 1074MODULE_LICENSE("GPL v2");
1012MODULE_FIRMWARE("sd8688_helper.bin"); 1075MODULE_FIRMWARE("sd8688_helper.bin");
1013MODULE_FIRMWARE("sd8688.bin"); 1076MODULE_FIRMWARE("sd8688.bin");
1077MODULE_FIRMWARE("mrvl/sd8787_uapsta.bin");
diff --git a/drivers/bluetooth/btmrvl_sdio.h b/drivers/bluetooth/btmrvl_sdio.h
index 27329f107e5a..43d35a609ca9 100644
--- a/drivers/bluetooth/btmrvl_sdio.h
+++ b/drivers/bluetooth/btmrvl_sdio.h
@@ -47,44 +47,46 @@
47/* Max retry number of CMD53 write */ 47/* Max retry number of CMD53 write */
48#define MAX_WRITE_IOMEM_RETRY 2 48#define MAX_WRITE_IOMEM_RETRY 2
49 49
50/* Host Control Registers */ 50/* register bitmasks */
51#define IO_PORT_0_REG 0x00 51#define HOST_POWER_UP BIT(1)
52#define IO_PORT_1_REG 0x01 52#define HOST_CMD53_FIN BIT(2)
53#define IO_PORT_2_REG 0x02 53
54 54#define HIM_DISABLE 0xff
55#define CONFIG_REG 0x03 55#define HIM_ENABLE (BIT(0) | BIT(1))
56#define HOST_POWER_UP BIT(1) 56
57#define HOST_CMD53_FIN BIT(2) 57#define UP_LD_HOST_INT_STATUS BIT(0)
58 58#define DN_LD_HOST_INT_STATUS BIT(1)
59#define HOST_INT_MASK_REG 0x04 59
60#define HIM_DISABLE 0xff 60#define DN_LD_CARD_RDY BIT(0)
61#define HIM_ENABLE (BIT(0) | BIT(1)) 61#define CARD_IO_READY BIT(3)
62 62
63#define HOST_INTSTATUS_REG 0x05 63#define FIRMWARE_READY 0xfedc
64#define UP_LD_HOST_INT_STATUS BIT(0) 64
65#define DN_LD_HOST_INT_STATUS BIT(1) 65
66 66struct btmrvl_sdio_card_reg {
67/* Card Control Registers */ 67 u8 cfg;
68#define SQ_READ_BASE_ADDRESS_A0_REG 0x10 68 u8 host_int_mask;
69#define SQ_READ_BASE_ADDRESS_A1_REG 0x11 69 u8 host_intstatus;
70 70 u8 card_status;
71#define CARD_STATUS_REG 0x20 71 u8 sq_read_base_addr_a0;
72#define DN_LD_CARD_RDY BIT(0) 72 u8 sq_read_base_addr_a1;
73#define CARD_IO_READY BIT(3) 73 u8 card_revision;
74 74 u8 card_fw_status0;
75#define CARD_FW_STATUS0_REG 0x40 75 u8 card_fw_status1;
76#define CARD_FW_STATUS1_REG 0x41 76 u8 card_rx_len;
77#define FIRMWARE_READY 0xfedc 77 u8 card_rx_unit;
78 78 u8 io_port_0;
79#define CARD_RX_LEN_REG 0x42 79 u8 io_port_1;
80#define CARD_RX_UNIT_REG 0x43 80 u8 io_port_2;
81 81};
82 82
83struct btmrvl_sdio_card { 83struct btmrvl_sdio_card {
84 struct sdio_func *func; 84 struct sdio_func *func;
85 u32 ioport; 85 u32 ioport;
86 const char *helper; 86 const char *helper;
87 const char *firmware; 87 const char *firmware;
88 const struct btmrvl_sdio_card_reg *reg;
89 u16 sd_blksz_fw_dl;
88 u8 rx_unit; 90 u8 rx_unit;
89 struct btmrvl_private *priv; 91 struct btmrvl_private *priv;
90}; 92};
@@ -92,6 +94,8 @@ struct btmrvl_sdio_card {
92struct btmrvl_sdio_device { 94struct btmrvl_sdio_device {
93 const char *helper; 95 const char *helper;
94 const char *firmware; 96 const char *firmware;
97 const struct btmrvl_sdio_card_reg *reg;
98 u16 sd_blksz_fw_dl;
95}; 99};
96 100
97 101
diff --git a/drivers/bluetooth/hci_ath.c b/drivers/bluetooth/hci_ath.c
index bd34406faaae..4093935ddf42 100644
--- a/drivers/bluetooth/hci_ath.c
+++ b/drivers/bluetooth/hci_ath.c
@@ -201,8 +201,13 @@ static struct sk_buff *ath_dequeue(struct hci_uart *hu)
201/* Recv data */ 201/* Recv data */
202static int ath_recv(struct hci_uart *hu, void *data, int count) 202static int ath_recv(struct hci_uart *hu, void *data, int count)
203{ 203{
204 if (hci_recv_stream_fragment(hu->hdev, data, count) < 0) 204 int ret;
205
206 ret = hci_recv_stream_fragment(hu->hdev, data, count);
207 if (ret < 0) {
205 BT_ERR("Frame Reassembly Failed"); 208 BT_ERR("Frame Reassembly Failed");
209 return ret;
210 }
206 211
207 return count; 212 return count;
208} 213}
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c
index 7b8ad93e2c36..2fcd8b387d69 100644
--- a/drivers/bluetooth/hci_h4.c
+++ b/drivers/bluetooth/hci_h4.c
@@ -151,8 +151,13 @@ static inline int h4_check_data_len(struct h4_struct *h4, int len)
151/* Recv data */ 151/* Recv data */
152static int h4_recv(struct hci_uart *hu, void *data, int count) 152static int h4_recv(struct hci_uart *hu, void *data, int count)
153{ 153{
154 if (hci_recv_stream_fragment(hu->hdev, data, count) < 0) 154 int ret;
155
156 ret = hci_recv_stream_fragment(hu->hdev, data, count);
157 if (ret < 0) {
155 BT_ERR("Frame Reassembly Failed"); 158 BT_ERR("Frame Reassembly Failed");
159 return ret;
160 }
156 161
157 return count; 162 return count;
158} 163}
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 48ad2a7ab080..320f71803a2b 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -359,6 +359,7 @@ static void hci_uart_tty_wakeup(struct tty_struct *tty)
359 */ 359 */
360static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *flags, int count) 360static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *flags, int count)
361{ 361{
362 int ret;
362 struct hci_uart *hu = (void *)tty->disc_data; 363 struct hci_uart *hu = (void *)tty->disc_data;
363 364
364 if (!hu || tty != hu->tty) 365 if (!hu || tty != hu->tty)
@@ -368,8 +369,9 @@ static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *f
368 return; 369 return;
369 370
370 spin_lock(&hu->rx_lock); 371 spin_lock(&hu->rx_lock);
371 hu->proto->recv(hu, (void *) data, count); 372 ret = hu->proto->recv(hu, (void *) data, count);
372 hu->hdev->stat.byte_rx += count; 373 if (ret > 0)
374 hu->hdev->stat.byte_rx += count;
373 spin_unlock(&hu->rx_lock); 375 spin_unlock(&hu->rx_lock);
374 376
375 tty_unthrottle(tty); 377 tty_unthrottle(tty);
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 2b9ca0d5c4a0..7a215a7f9e39 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -276,10 +276,52 @@ struct l2cap_conn_param_update_rsp {
276#define L2CAP_CONN_PARAM_ACCEPTED 0x0000 276#define L2CAP_CONN_PARAM_ACCEPTED 0x0000
277#define L2CAP_CONN_PARAM_REJECTED 0x0001 277#define L2CAP_CONN_PARAM_REJECTED 0x0001
278 278
279/* ----- L2CAP connections ----- */ 279/* ----- L2CAP channels and connections ----- */
280struct l2cap_chan_list { 280struct srej_list {
281 struct sock *head; 281 __u8 tx_seq;
282 rwlock_t lock; 282 struct list_head list;
283};
284
285struct l2cap_chan {
286 struct sock *sk;
287 __u8 ident;
288
289 __u8 conf_req[64];
290 __u8 conf_len;
291 __u8 num_conf_req;
292 __u8 num_conf_rsp;
293
294 __u16 conn_state;
295
296 __u8 next_tx_seq;
297 __u8 expected_ack_seq;
298 __u8 expected_tx_seq;
299 __u8 buffer_seq;
300 __u8 buffer_seq_srej;
301 __u8 srej_save_reqseq;
302 __u8 frames_sent;
303 __u8 unacked_frames;
304 __u8 retry_count;
305 __u8 num_acked;
306 __u16 sdu_len;
307 __u16 partial_sdu_len;
308 struct sk_buff *sdu;
309
310 __u8 remote_tx_win;
311 __u8 remote_max_tx;
312 __u16 remote_mps;
313
314 struct timer_list retrans_timer;
315 struct timer_list monitor_timer;
316 struct timer_list ack_timer;
317 struct sk_buff *tx_send_head;
318 struct sk_buff_head tx_q;
319 struct sk_buff_head srej_q;
320 struct sk_buff_head busy_q;
321 struct work_struct busy_work;
322 struct list_head srej_l;
323
324 struct list_head list;
283}; 325};
284 326
285struct l2cap_conn { 327struct l2cap_conn {
@@ -305,29 +347,16 @@ struct l2cap_conn {
305 347
306 __u8 disc_reason; 348 __u8 disc_reason;
307 349
308 struct l2cap_chan_list chan_list; 350 struct list_head chan_l;
309}; 351 rwlock_t chan_lock;
310
311struct sock_del_list {
312 struct sock *sk;
313 struct list_head list;
314}; 352};
315 353
316#define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 354#define L2CAP_INFO_CL_MTU_REQ_SENT 0x01
317#define L2CAP_INFO_FEAT_MASK_REQ_SENT 0x04 355#define L2CAP_INFO_FEAT_MASK_REQ_SENT 0x04
318#define L2CAP_INFO_FEAT_MASK_REQ_DONE 0x08 356#define L2CAP_INFO_FEAT_MASK_REQ_DONE 0x08
319 357
320/* ----- L2CAP channel and socket info ----- */ 358/* ----- L2CAP socket info ----- */
321#define l2cap_pi(sk) ((struct l2cap_pinfo *) sk) 359#define l2cap_pi(sk) ((struct l2cap_pinfo *) sk)
322#define TX_QUEUE(sk) (&l2cap_pi(sk)->tx_queue)
323#define SREJ_QUEUE(sk) (&l2cap_pi(sk)->srej_queue)
324#define BUSY_QUEUE(sk) (&l2cap_pi(sk)->busy_queue)
325#define SREJ_LIST(sk) (&l2cap_pi(sk)->srej_l.list)
326
327struct srej_list {
328 __u8 tx_seq;
329 struct list_head list;
330};
331 360
332struct l2cap_pinfo { 361struct l2cap_pinfo {
333 struct bt_sock bt; 362 struct bt_sock bt;
@@ -339,8 +368,6 @@ struct l2cap_pinfo {
339 __u16 omtu; 368 __u16 omtu;
340 __u16 flush_to; 369 __u16 flush_to;
341 __u8 mode; 370 __u8 mode;
342 __u8 num_conf_req;
343 __u8 num_conf_rsp;
344 371
345 __u8 fcs; 372 __u8 fcs;
346 __u8 sec_level; 373 __u8 sec_level;
@@ -348,49 +375,18 @@ struct l2cap_pinfo {
348 __u8 force_reliable; 375 __u8 force_reliable;
349 __u8 flushable; 376 __u8 flushable;
350 377
351 __u8 conf_req[64];
352 __u8 conf_len;
353 __u8 conf_state; 378 __u8 conf_state;
354 __u16 conn_state;
355
356 __u8 next_tx_seq;
357 __u8 expected_ack_seq;
358 __u8 expected_tx_seq;
359 __u8 buffer_seq;
360 __u8 buffer_seq_srej;
361 __u8 srej_save_reqseq;
362 __u8 frames_sent;
363 __u8 unacked_frames;
364 __u8 retry_count;
365 __u8 num_acked;
366 __u16 sdu_len;
367 __u16 partial_sdu_len;
368 struct sk_buff *sdu;
369
370 __u8 ident;
371 379
372 __u8 tx_win; 380 __u8 tx_win;
373 __u8 max_tx; 381 __u8 max_tx;
374 __u8 remote_tx_win;
375 __u8 remote_max_tx;
376 __u16 retrans_timeout; 382 __u16 retrans_timeout;
377 __u16 monitor_timeout; 383 __u16 monitor_timeout;
378 __u16 remote_mps;
379 __u16 mps; 384 __u16 mps;
380 385
381 __le16 sport; 386 __le16 sport;
382 387
383 struct timer_list retrans_timer;
384 struct timer_list monitor_timer;
385 struct timer_list ack_timer;
386 struct sk_buff_head tx_queue;
387 struct sk_buff_head srej_queue;
388 struct sk_buff_head busy_queue;
389 struct work_struct busy_work;
390 struct srej_list srej_l;
391 struct l2cap_conn *conn; 388 struct l2cap_conn *conn;
392 struct sock *next_c; 389 struct l2cap_chan *chan;
393 struct sock *prev_c;
394}; 390};
395 391
396#define L2CAP_CONF_REQ_SENT 0x01 392#define L2CAP_CONF_REQ_SENT 0x01
@@ -417,24 +413,23 @@ struct l2cap_pinfo {
417#define L2CAP_CONN_RNR_SENT 0x0200 413#define L2CAP_CONN_RNR_SENT 0x0200
418#define L2CAP_CONN_SAR_RETRY 0x0400 414#define L2CAP_CONN_SAR_RETRY 0x0400
419 415
420#define __mod_retrans_timer() mod_timer(&l2cap_pi(sk)->retrans_timer, \ 416#define __mod_retrans_timer() mod_timer(&chan->retrans_timer, \
421 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_RETRANS_TO)); 417 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_RETRANS_TO));
422#define __mod_monitor_timer() mod_timer(&l2cap_pi(sk)->monitor_timer, \ 418#define __mod_monitor_timer() mod_timer(&chan->monitor_timer, \
423 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_MONITOR_TO)); 419 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_MONITOR_TO));
424#define __mod_ack_timer() mod_timer(&l2cap_pi(sk)->ack_timer, \ 420#define __mod_ack_timer() mod_timer(&chan->ack_timer, \
425 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_ACK_TO)); 421 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_ACK_TO));
426 422
427static inline int l2cap_tx_window_full(struct sock *sk) 423static inline int l2cap_tx_window_full(struct l2cap_chan *ch)
428{ 424{
429 struct l2cap_pinfo *pi = l2cap_pi(sk);
430 int sub; 425 int sub;
431 426
432 sub = (pi->next_tx_seq - pi->expected_ack_seq) % 64; 427 sub = (ch->next_tx_seq - ch->expected_ack_seq) % 64;
433 428
434 if (sub < 0) 429 if (sub < 0)
435 sub += 64; 430 sub += 64;
436 431
437 return sub == pi->remote_tx_win; 432 return sub == ch->remote_tx_win;
438} 433}
439 434
440#define __get_txseq(ctrl) (((ctrl) & L2CAP_CTRL_TXSEQ) >> 1) 435#define __get_txseq(ctrl) (((ctrl) & L2CAP_CTRL_TXSEQ) >> 1)
@@ -450,18 +445,17 @@ extern struct bt_sock_list l2cap_sk_list;
450int l2cap_init_sockets(void); 445int l2cap_init_sockets(void);
451void l2cap_cleanup_sockets(void); 446void l2cap_cleanup_sockets(void);
452 447
453u8 l2cap_get_ident(struct l2cap_conn *conn);
454void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data); 448void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data);
455int l2cap_build_conf_req(struct sock *sk, void *data); 449void __l2cap_connect_rsp_defer(struct sock *sk);
456int __l2cap_wait_ack(struct sock *sk); 450int __l2cap_wait_ack(struct sock *sk);
457 451
458struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len); 452struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len);
459struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len); 453struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len);
460struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen); 454struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen);
461int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len); 455int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len);
462void l2cap_do_send(struct sock *sk, struct sk_buff *skb); 456void l2cap_do_send(struct sock *sk, struct sk_buff *skb);
463void l2cap_streaming_send(struct sock *sk); 457void l2cap_streaming_send(struct l2cap_chan *chan);
464int l2cap_ertm_send(struct sock *sk); 458int l2cap_ertm_send(struct l2cap_chan *chan);
465 459
466void l2cap_sock_set_timer(struct sock *sk, long timeout); 460void l2cap_sock_set_timer(struct sock *sk, long timeout);
467void l2cap_sock_clear_timer(struct sock *sk); 461void l2cap_sock_clear_timer(struct sock *sk);
@@ -470,8 +464,8 @@ void l2cap_sock_kill(struct sock *sk);
470void l2cap_sock_init(struct sock *sk, struct sock *parent); 464void l2cap_sock_init(struct sock *sk, struct sock *parent);
471struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 465struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
472 int proto, gfp_t prio); 466 int proto, gfp_t prio);
473void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err); 467void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err);
474void l2cap_chan_del(struct sock *sk, int err); 468void l2cap_chan_del(struct l2cap_chan *chan, int err);
475int l2cap_do_connect(struct sock *sk); 469int l2cap_do_connect(struct sock *sk);
476 470
477#endif /* __L2CAP_H */ 471#endif /* __L2CAP_H */
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 7a3398d9cd65..c7eb073fe633 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2497,6 +2497,9 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2497 2497
2498 hci_dev_lock(hdev); 2498 hci_dev_lock(hdev);
2499 2499
2500 if (!test_bit(HCI_MGMT, &hdev->flags))
2501 goto unlock;
2502
2500 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 2503 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2501 if (data) { 2504 if (data) {
2502 struct hci_cp_remote_oob_data_reply cp; 2505 struct hci_cp_remote_oob_data_reply cp;
@@ -2515,6 +2518,7 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2515 &cp); 2518 &cp);
2516 } 2519 }
2517 2520
2521unlock:
2518 hci_dev_unlock(hdev); 2522 hci_dev_unlock(hdev);
2519} 2523}
2520 2524
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index c3cebed205cc..d47de2b04b2e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -70,108 +70,101 @@ static void l2cap_busy_work(struct work_struct *work);
70 70
71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
72 u8 code, u8 ident, u16 dlen, void *data); 72 u8 code, u8 ident, u16 dlen, void *data);
73static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
73 74
74static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb); 75static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
75 76
76/* ---- L2CAP channels ---- */ 77/* ---- L2CAP channels ---- */
77static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
78{ 79{
79 struct sock *s; 80 struct l2cap_chan *c;
80 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 81
82 list_for_each_entry(c, &conn->chan_l, list) {
83 struct sock *s = c->sk;
81 if (l2cap_pi(s)->dcid == cid) 84 if (l2cap_pi(s)->dcid == cid)
82 break; 85 return c;
83 } 86 }
84 return s; 87 return NULL;
88
85} 89}
86 90
87static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 91static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
88{ 92{
89 struct sock *s; 93 struct l2cap_chan *c;
90 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 94
95 list_for_each_entry(c, &conn->chan_l, list) {
96 struct sock *s = c->sk;
91 if (l2cap_pi(s)->scid == cid) 97 if (l2cap_pi(s)->scid == cid)
92 break; 98 return c;
93 } 99 }
94 return s; 100 return NULL;
95} 101}
96 102
97/* Find channel with given SCID. 103/* Find channel with given SCID.
98 * Returns locked socket */ 104 * Returns locked socket */
99static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
100{ 106{
101 struct sock *s; 107 struct l2cap_chan *c;
102 read_lock(&l->lock); 108
103 s = __l2cap_get_chan_by_scid(l, cid); 109 read_lock(&conn->chan_lock);
104 if (s) 110 c = __l2cap_get_chan_by_scid(conn, cid);
105 bh_lock_sock(s); 111 if (c)
106 read_unlock(&l->lock); 112 bh_lock_sock(c->sk);
107 return s; 113 read_unlock(&conn->chan_lock);
114 return c;
108} 115}
109 116
110static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 117static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
111{ 118{
112 struct sock *s; 119 struct l2cap_chan *c;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 120
114 if (l2cap_pi(s)->ident == ident) 121 list_for_each_entry(c, &conn->chan_l, list) {
115 break; 122 if (c->ident == ident)
123 return c;
116 } 124 }
117 return s; 125 return NULL;
118} 126}
119 127
120static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 128static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
121{ 129{
122 struct sock *s; 130 struct l2cap_chan *c;
123 read_lock(&l->lock); 131
124 s = __l2cap_get_chan_by_ident(l, ident); 132 read_lock(&conn->chan_lock);
125 if (s) 133 c = __l2cap_get_chan_by_ident(conn, ident);
126 bh_lock_sock(s); 134 if (c)
127 read_unlock(&l->lock); 135 bh_lock_sock(c->sk);
128 return s; 136 read_unlock(&conn->chan_lock);
137 return c;
129} 138}
130 139
131static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 140static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
132{ 141{
133 u16 cid = L2CAP_CID_DYN_START; 142 u16 cid = L2CAP_CID_DYN_START;
134 143
135 for (; cid < L2CAP_CID_DYN_END; cid++) { 144 for (; cid < L2CAP_CID_DYN_END; cid++) {
136 if (!__l2cap_get_chan_by_scid(l, cid)) 145 if (!__l2cap_get_chan_by_scid(conn, cid))
137 return cid; 146 return cid;
138 } 147 }
139 148
140 return 0; 149 return 0;
141} 150}
142 151
143static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 152static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
144{ 153{
145 sock_hold(sk); 154 struct l2cap_chan *chan;
146
147 if (l->head)
148 l2cap_pi(l->head)->prev_c = sk;
149 155
150 l2cap_pi(sk)->next_c = l->head; 156 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
151 l2cap_pi(sk)->prev_c = NULL; 157 if (!chan)
152 l->head = sk; 158 return NULL;
153}
154
155static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
156{
157 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
158
159 write_lock_bh(&l->lock);
160 if (sk == l->head)
161 l->head = next;
162 159
163 if (next) 160 chan->sk = sk;
164 l2cap_pi(next)->prev_c = prev;
165 if (prev)
166 l2cap_pi(prev)->next_c = next;
167 write_unlock_bh(&l->lock);
168 161
169 __sock_put(sk); 162 return chan;
170} 163}
171 164
172static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 165static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
173{ 166{
174 struct l2cap_chan_list *l = &conn->chan_list; 167 struct sock *sk = chan->sk;
175 168
176 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 169 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
177 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 170 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
@@ -188,7 +181,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
188 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA; 181 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA;
189 } else { 182 } else {
190 /* Alloc CID for connection-oriented socket */ 183 /* Alloc CID for connection-oriented socket */
191 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 184 l2cap_pi(sk)->scid = l2cap_alloc_cid(conn);
192 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 185 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
193 } 186 }
194 } else if (sk->sk_type == SOCK_DGRAM) { 187 } else if (sk->sk_type == SOCK_DGRAM) {
@@ -203,23 +196,30 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
203 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 196 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
204 } 197 }
205 198
206 __l2cap_chan_link(l, sk); 199 sock_hold(sk);
200
201 list_add(&chan->list, &conn->chan_l);
207} 202}
208 203
209/* Delete channel. 204/* Delete channel.
210 * Must be called on the locked socket. */ 205 * Must be called on the locked socket. */
211void l2cap_chan_del(struct sock *sk, int err) 206void l2cap_chan_del(struct l2cap_chan *chan, int err)
212{ 207{
208 struct sock *sk = chan->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 209 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
214 struct sock *parent = bt_sk(sk)->parent; 210 struct sock *parent = bt_sk(sk)->parent;
215 211
216 l2cap_sock_clear_timer(sk); 212 l2cap_sock_clear_timer(sk);
217 213
218 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 214 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
219 215
220 if (conn) { 216 if (conn) {
221 /* Unlink from channel list */ 217 /* Delete from channel list */
222 l2cap_chan_unlink(&conn->chan_list, sk); 218 write_lock_bh(&conn->chan_lock);
219 list_del(&chan->list);
220 write_unlock_bh(&conn->chan_lock);
221 __sock_put(sk);
222
223 l2cap_pi(sk)->conn = NULL; 223 l2cap_pi(sk)->conn = NULL;
224 hci_conn_put(conn->hcon); 224 hci_conn_put(conn->hcon);
225 } 225 }
@@ -236,23 +236,30 @@ void l2cap_chan_del(struct sock *sk, int err)
236 } else 236 } else
237 sk->sk_state_change(sk); 237 sk->sk_state_change(sk);
238 238
239 skb_queue_purge(TX_QUEUE(sk)); 239 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE &&
240 l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE))
241 goto free;
242
243 skb_queue_purge(&chan->tx_q);
240 244
241 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 245 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
242 struct srej_list *l, *tmp; 246 struct srej_list *l, *tmp;
243 247
244 del_timer(&l2cap_pi(sk)->retrans_timer); 248 del_timer(&chan->retrans_timer);
245 del_timer(&l2cap_pi(sk)->monitor_timer); 249 del_timer(&chan->monitor_timer);
246 del_timer(&l2cap_pi(sk)->ack_timer); 250 del_timer(&chan->ack_timer);
247 251
248 skb_queue_purge(SREJ_QUEUE(sk)); 252 skb_queue_purge(&chan->srej_q);
249 skb_queue_purge(BUSY_QUEUE(sk)); 253 skb_queue_purge(&chan->busy_q);
250 254
251 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 255 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
252 list_del(&l->list); 256 list_del(&l->list);
253 kfree(l); 257 kfree(l);
254 } 258 }
255 } 259 }
260
261free:
262 kfree(chan);
256} 263}
257 264
258static inline u8 l2cap_get_auth_type(struct sock *sk) 265static inline u8 l2cap_get_auth_type(struct sock *sk)
@@ -338,10 +345,11 @@ void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *d
338 hci_send_acl(conn->hcon, skb, flags); 345 hci_send_acl(conn->hcon, skb, flags);
339} 346}
340 347
341static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) 348static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
342{ 349{
343 struct sk_buff *skb; 350 struct sk_buff *skb;
344 struct l2cap_hdr *lh; 351 struct l2cap_hdr *lh;
352 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
345 struct l2cap_conn *conn = pi->conn; 353 struct l2cap_conn *conn = pi->conn;
346 struct sock *sk = (struct sock *)pi; 354 struct sock *sk = (struct sock *)pi;
347 int count, hlen = L2CAP_HDR_SIZE + 2; 355 int count, hlen = L2CAP_HDR_SIZE + 2;
@@ -353,19 +361,19 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
353 if (pi->fcs == L2CAP_FCS_CRC16) 361 if (pi->fcs == L2CAP_FCS_CRC16)
354 hlen += 2; 362 hlen += 2;
355 363
356 BT_DBG("pi %p, control 0x%2.2x", pi, control); 364 BT_DBG("chan %p, control 0x%2.2x", chan, control);
357 365
358 count = min_t(unsigned int, conn->mtu, hlen); 366 count = min_t(unsigned int, conn->mtu, hlen);
359 control |= L2CAP_CTRL_FRAME_TYPE; 367 control |= L2CAP_CTRL_FRAME_TYPE;
360 368
361 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 369 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
362 control |= L2CAP_CTRL_FINAL; 370 control |= L2CAP_CTRL_FINAL;
363 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 371 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
364 } 372 }
365 373
366 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) { 374 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
367 control |= L2CAP_CTRL_POLL; 375 control |= L2CAP_CTRL_POLL;
368 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT; 376 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
369 } 377 }
370 378
371 skb = bt_skb_alloc(count, GFP_ATOMIC); 379 skb = bt_skb_alloc(count, GFP_ATOMIC);
@@ -390,17 +398,17 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
390 hci_send_acl(pi->conn->hcon, skb, flags); 398 hci_send_acl(pi->conn->hcon, skb, flags);
391} 399}
392 400
393static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control) 401static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
394{ 402{
395 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 403 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
396 control |= L2CAP_SUPER_RCV_NOT_READY; 404 control |= L2CAP_SUPER_RCV_NOT_READY;
397 pi->conn_state |= L2CAP_CONN_RNR_SENT; 405 chan->conn_state |= L2CAP_CONN_RNR_SENT;
398 } else 406 } else
399 control |= L2CAP_SUPER_RCV_READY; 407 control |= L2CAP_SUPER_RCV_READY;
400 408
401 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 409 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
402 410
403 l2cap_send_sframe(pi, control); 411 l2cap_send_sframe(chan, control);
404} 412}
405 413
406static inline int __l2cap_no_conn_pending(struct sock *sk) 414static inline int __l2cap_no_conn_pending(struct sock *sk)
@@ -408,8 +416,9 @@ static inline int __l2cap_no_conn_pending(struct sock *sk)
408 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND); 416 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
409} 417}
410 418
411static void l2cap_do_start(struct sock *sk) 419static void l2cap_do_start(struct l2cap_chan *chan)
412{ 420{
421 struct sock *sk = chan->sk;
413 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 422 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
414 423
415 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
@@ -421,11 +430,11 @@ static void l2cap_do_start(struct sock *sk)
421 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 430 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
422 req.psm = l2cap_pi(sk)->psm; 431 req.psm = l2cap_pi(sk)->psm;
423 432
424 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 433 chan->ident = l2cap_get_ident(conn);
425 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 434 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
426 435
427 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 436 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
428 L2CAP_CONN_REQ, sizeof(req), &req); 437 sizeof(req), &req);
429 } 438 }
430 } else { 439 } else {
431 struct l2cap_info_req req; 440 struct l2cap_info_req req;
@@ -458,19 +467,20 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
458 } 467 }
459} 468}
460 469
461void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err) 470void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
462{ 471{
472 struct sock *sk;
463 struct l2cap_disconn_req req; 473 struct l2cap_disconn_req req;
464 474
465 if (!conn) 475 if (!conn)
466 return; 476 return;
467 477
468 skb_queue_purge(TX_QUEUE(sk)); 478 sk = chan->sk;
469 479
470 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 480 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
471 del_timer(&l2cap_pi(sk)->retrans_timer); 481 del_timer(&chan->retrans_timer);
472 del_timer(&l2cap_pi(sk)->monitor_timer); 482 del_timer(&chan->monitor_timer);
473 del_timer(&l2cap_pi(sk)->ack_timer); 483 del_timer(&chan->ack_timer);
474 } 484 }
475 485
476 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 486 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
@@ -485,17 +495,15 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
485/* ---- L2CAP connections ---- */ 495/* ---- L2CAP connections ---- */
486static void l2cap_conn_start(struct l2cap_conn *conn) 496static void l2cap_conn_start(struct l2cap_conn *conn)
487{ 497{
488 struct l2cap_chan_list *l = &conn->chan_list; 498 struct l2cap_chan *chan, *tmp;
489 struct sock_del_list del, *tmp1, *tmp2;
490 struct sock *sk;
491 499
492 BT_DBG("conn %p", conn); 500 BT_DBG("conn %p", conn);
493 501
494 INIT_LIST_HEAD(&del.list); 502 read_lock(&conn->chan_lock);
495 503
496 read_lock(&l->lock); 504 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
505 struct sock *sk = chan->sk;
497 506
498 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
499 bh_lock_sock(sk); 507 bh_lock_sock(sk);
500 508
501 if (sk->sk_type != SOCK_SEQPACKET && 509 if (sk->sk_type != SOCK_SEQPACKET &&
@@ -517,10 +525,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
517 conn->feat_mask) 525 conn->feat_mask)
518 && l2cap_pi(sk)->conf_state & 526 && l2cap_pi(sk)->conf_state &
519 L2CAP_CONF_STATE2_DEVICE) { 527 L2CAP_CONF_STATE2_DEVICE) {
520 tmp1 = kzalloc(sizeof(struct sock_del_list), 528 /* __l2cap_sock_close() calls list_del(chan)
521 GFP_ATOMIC); 529 * so release the lock */
522 tmp1->sk = sk; 530 read_unlock_bh(&conn->chan_lock);
523 list_add_tail(&tmp1->list, &del.list); 531 __l2cap_sock_close(sk, ECONNRESET);
532 read_lock_bh(&conn->chan_lock);
524 bh_unlock_sock(sk); 533 bh_unlock_sock(sk);
525 continue; 534 continue;
526 } 535 }
@@ -528,11 +537,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
528 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
529 req.psm = l2cap_pi(sk)->psm; 538 req.psm = l2cap_pi(sk)->psm;
530 539
531 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 540 chan->ident = l2cap_get_ident(conn);
532 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 541 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
533 542
534 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 543 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
535 L2CAP_CONN_REQ, sizeof(req), &req); 544 sizeof(req), &req);
536 545
537 } else if (sk->sk_state == BT_CONNECT2) { 546 } else if (sk->sk_state == BT_CONNECT2) {
538 struct l2cap_conn_rsp rsp; 547 struct l2cap_conn_rsp rsp;
@@ -557,8 +566,8 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
557 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); 566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
558 } 567 }
559 568
560 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 569 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
561 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 570 sizeof(rsp), &rsp);
562 571
563 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT || 572 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
564 rsp.result != L2CAP_CR_SUCCESS) { 573 rsp.result != L2CAP_CR_SUCCESS) {
@@ -568,22 +577,14 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
568 577
569 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 578 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
570 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 579 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
571 l2cap_build_conf_req(sk, buf), buf); 580 l2cap_build_conf_req(chan, buf), buf);
572 l2cap_pi(sk)->num_conf_req++; 581 chan->num_conf_req++;
573 } 582 }
574 583
575 bh_unlock_sock(sk); 584 bh_unlock_sock(sk);
576 } 585 }
577 586
578 read_unlock(&l->lock); 587 read_unlock(&conn->chan_lock);
579
580 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
581 bh_lock_sock(tmp1->sk);
582 __l2cap_sock_close(tmp1->sk, ECONNRESET);
583 bh_unlock_sock(tmp1->sk);
584 list_del(&tmp1->list);
585 kfree(tmp1);
586 }
587} 588}
588 589
589/* Find socket with cid and source bdaddr. 590/* Find socket with cid and source bdaddr.
@@ -591,7 +592,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
591 */ 592 */
592static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src) 593static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
593{ 594{
594 struct sock *s, *sk = NULL, *sk1 = NULL; 595 struct sock *sk = NULL, *sk1 = NULL;
595 struct hlist_node *node; 596 struct hlist_node *node;
596 597
597 read_lock(&l2cap_sk_list.lock); 598 read_lock(&l2cap_sk_list.lock);
@@ -610,18 +611,16 @@ static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
610 sk1 = sk; 611 sk1 = sk;
611 } 612 }
612 } 613 }
613 s = node ? sk : sk1; 614
614 if (s)
615 bh_lock_sock(s);
616 read_unlock(&l2cap_sk_list.lock); 615 read_unlock(&l2cap_sk_list.lock);
617 616
618 return s; 617 return node ? sk : sk1;
619} 618}
620 619
621static void l2cap_le_conn_ready(struct l2cap_conn *conn) 620static void l2cap_le_conn_ready(struct l2cap_conn *conn)
622{ 621{
623 struct l2cap_chan_list *list = &conn->chan_list; 622 struct sock *parent, *sk;
624 struct sock *parent, *uninitialized_var(sk); 623 struct l2cap_chan *chan;
625 624
626 BT_DBG(""); 625 BT_DBG("");
627 626
@@ -631,6 +630,8 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
631 if (!parent) 630 if (!parent)
632 return; 631 return;
633 632
633 bh_lock_sock(parent);
634
634 /* Check for backlog size */ 635 /* Check for backlog size */
635 if (sk_acceptq_is_full(parent)) { 636 if (sk_acceptq_is_full(parent)) {
636 BT_DBG("backlog full %d", parent->sk_ack_backlog); 637 BT_DBG("backlog full %d", parent->sk_ack_backlog);
@@ -641,24 +642,33 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
641 if (!sk) 642 if (!sk)
642 goto clean; 643 goto clean;
643 644
644 write_lock_bh(&list->lock); 645 chan = l2cap_chan_alloc(sk);
646 if (!chan) {
647 l2cap_sock_kill(sk);
648 goto clean;
649 }
650
651 write_lock_bh(&conn->chan_lock);
645 652
646 hci_conn_hold(conn->hcon); 653 hci_conn_hold(conn->hcon);
647 654
648 l2cap_sock_init(sk, parent); 655 l2cap_sock_init(sk, parent);
656
649 bacpy(&bt_sk(sk)->src, conn->src); 657 bacpy(&bt_sk(sk)->src, conn->src);
650 bacpy(&bt_sk(sk)->dst, conn->dst); 658 bacpy(&bt_sk(sk)->dst, conn->dst);
651 659
652 bt_accept_enqueue(parent, sk); 660 bt_accept_enqueue(parent, sk);
653 661
654 __l2cap_chan_add(conn, sk); 662 __l2cap_chan_add(conn, chan);
663
664 l2cap_pi(sk)->chan = chan;
655 665
656 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 666 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
657 667
658 sk->sk_state = BT_CONNECTED; 668 sk->sk_state = BT_CONNECTED;
659 parent->sk_data_ready(parent, 0); 669 parent->sk_data_ready(parent, 0);
660 670
661 write_unlock_bh(&list->lock); 671 write_unlock_bh(&conn->chan_lock);
662 672
663clean: 673clean:
664 bh_unlock_sock(parent); 674 bh_unlock_sock(parent);
@@ -666,17 +676,18 @@ clean:
666 676
667static void l2cap_conn_ready(struct l2cap_conn *conn) 677static void l2cap_conn_ready(struct l2cap_conn *conn)
668{ 678{
669 struct l2cap_chan_list *l = &conn->chan_list; 679 struct l2cap_chan *chan;
670 struct sock *sk;
671 680
672 BT_DBG("conn %p", conn); 681 BT_DBG("conn %p", conn);
673 682
674 if (!conn->hcon->out && conn->hcon->type == LE_LINK) 683 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
675 l2cap_le_conn_ready(conn); 684 l2cap_le_conn_ready(conn);
676 685
677 read_lock(&l->lock); 686 read_lock(&conn->chan_lock);
687
688 list_for_each_entry(chan, &conn->chan_l, list) {
689 struct sock *sk = chan->sk;
678 690
679 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
680 bh_lock_sock(sk); 691 bh_lock_sock(sk);
681 692
682 if (conn->hcon->type == LE_LINK) { 693 if (conn->hcon->type == LE_LINK) {
@@ -691,30 +702,31 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
691 sk->sk_state = BT_CONNECTED; 702 sk->sk_state = BT_CONNECTED;
692 sk->sk_state_change(sk); 703 sk->sk_state_change(sk);
693 } else if (sk->sk_state == BT_CONNECT) 704 } else if (sk->sk_state == BT_CONNECT)
694 l2cap_do_start(sk); 705 l2cap_do_start(chan);
695 706
696 bh_unlock_sock(sk); 707 bh_unlock_sock(sk);
697 } 708 }
698 709
699 read_unlock(&l->lock); 710 read_unlock(&conn->chan_lock);
700} 711}
701 712
702/* Notify sockets that we cannot guaranty reliability anymore */ 713/* Notify sockets that we cannot guaranty reliability anymore */
703static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err) 714static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
704{ 715{
705 struct l2cap_chan_list *l = &conn->chan_list; 716 struct l2cap_chan *chan;
706 struct sock *sk;
707 717
708 BT_DBG("conn %p", conn); 718 BT_DBG("conn %p", conn);
709 719
710 read_lock(&l->lock); 720 read_lock(&conn->chan_lock);
721
722 list_for_each_entry(chan, &conn->chan_l, list) {
723 struct sock *sk = chan->sk;
711 724
712 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
713 if (l2cap_pi(sk)->force_reliable) 725 if (l2cap_pi(sk)->force_reliable)
714 sk->sk_err = err; 726 sk->sk_err = err;
715 } 727 }
716 728
717 read_unlock(&l->lock); 729 read_unlock(&conn->chan_lock);
718} 730}
719 731
720static void l2cap_info_timeout(unsigned long arg) 732static void l2cap_info_timeout(unsigned long arg)
@@ -754,7 +766,9 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
754 conn->feat_mask = 0; 766 conn->feat_mask = 0;
755 767
756 spin_lock_init(&conn->lock); 768 spin_lock_init(&conn->lock);
757 rwlock_init(&conn->chan_list.lock); 769 rwlock_init(&conn->chan_lock);
770
771 INIT_LIST_HEAD(&conn->chan_l);
758 772
759 if (hcon->type != LE_LINK) 773 if (hcon->type != LE_LINK)
760 setup_timer(&conn->info_timer, l2cap_info_timeout, 774 setup_timer(&conn->info_timer, l2cap_info_timeout,
@@ -768,6 +782,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
768static void l2cap_conn_del(struct hci_conn *hcon, int err) 782static void l2cap_conn_del(struct hci_conn *hcon, int err)
769{ 783{
770 struct l2cap_conn *conn = hcon->l2cap_data; 784 struct l2cap_conn *conn = hcon->l2cap_data;
785 struct l2cap_chan *chan, *l;
771 struct sock *sk; 786 struct sock *sk;
772 787
773 if (!conn) 788 if (!conn)
@@ -778,9 +793,10 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
778 kfree_skb(conn->rx_skb); 793 kfree_skb(conn->rx_skb);
779 794
780 /* Kill channels */ 795 /* Kill channels */
781 while ((sk = conn->chan_list.head)) { 796 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
797 sk = chan->sk;
782 bh_lock_sock(sk); 798 bh_lock_sock(sk);
783 l2cap_chan_del(sk, err); 799 l2cap_chan_del(chan, err);
784 bh_unlock_sock(sk); 800 bh_unlock_sock(sk);
785 l2cap_sock_kill(sk); 801 l2cap_sock_kill(sk);
786 } 802 }
@@ -792,12 +808,11 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
792 kfree(conn); 808 kfree(conn);
793} 809}
794 810
795static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 811static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
796{ 812{
797 struct l2cap_chan_list *l = &conn->chan_list; 813 write_lock_bh(&conn->chan_lock);
798 write_lock_bh(&l->lock); 814 __l2cap_chan_add(conn, chan);
799 __l2cap_chan_add(conn, sk); 815 write_unlock_bh(&conn->chan_lock);
800 write_unlock_bh(&l->lock);
801} 816}
802 817
803/* ---- Socket interface ---- */ 818/* ---- Socket interface ---- */
@@ -837,6 +852,7 @@ int l2cap_do_connect(struct sock *sk)
837 bdaddr_t *src = &bt_sk(sk)->src; 852 bdaddr_t *src = &bt_sk(sk)->src;
838 bdaddr_t *dst = &bt_sk(sk)->dst; 853 bdaddr_t *dst = &bt_sk(sk)->dst;
839 struct l2cap_conn *conn; 854 struct l2cap_conn *conn;
855 struct l2cap_chan *chan;
840 struct hci_conn *hcon; 856 struct hci_conn *hcon;
841 struct hci_dev *hdev; 857 struct hci_dev *hdev;
842 __u8 auth_type; 858 __u8 auth_type;
@@ -872,10 +888,19 @@ int l2cap_do_connect(struct sock *sk)
872 goto done; 888 goto done;
873 } 889 }
874 890
891 chan = l2cap_chan_alloc(sk);
892 if (!chan) {
893 hci_conn_put(hcon);
894 err = -ENOMEM;
895 goto done;
896 }
897
875 /* Update source addr of the socket */ 898 /* Update source addr of the socket */
876 bacpy(src, conn->src); 899 bacpy(src, conn->src);
877 900
878 l2cap_chan_add(conn, sk); 901 l2cap_chan_add(conn, chan);
902
903 l2cap_pi(sk)->chan = chan;
879 904
880 sk->sk_state = BT_CONNECT; 905 sk->sk_state = BT_CONNECT;
881 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
@@ -887,7 +912,7 @@ int l2cap_do_connect(struct sock *sk)
887 if (l2cap_check_security(sk)) 912 if (l2cap_check_security(sk))
888 sk->sk_state = BT_CONNECTED; 913 sk->sk_state = BT_CONNECTED;
889 } else 914 } else
890 l2cap_do_start(sk); 915 l2cap_do_start(chan);
891 } 916 }
892 917
893 err = 0; 918 err = 0;
@@ -905,7 +930,7 @@ int __l2cap_wait_ack(struct sock *sk)
905 int timeo = HZ/5; 930 int timeo = HZ/5;
906 931
907 add_wait_queue(sk_sleep(sk), &wait); 932 add_wait_queue(sk_sleep(sk), &wait);
908 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) { 933 while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
909 set_current_state(TASK_INTERRUPTIBLE); 934 set_current_state(TASK_INTERRUPTIBLE);
910 935
911 if (!timeo) 936 if (!timeo)
@@ -931,57 +956,59 @@ int __l2cap_wait_ack(struct sock *sk)
931 956
932static void l2cap_monitor_timeout(unsigned long arg) 957static void l2cap_monitor_timeout(unsigned long arg)
933{ 958{
934 struct sock *sk = (void *) arg; 959 struct l2cap_chan *chan = (void *) arg;
960 struct sock *sk = chan->sk;
935 961
936 BT_DBG("sk %p", sk); 962 BT_DBG("chan %p", chan);
937 963
938 bh_lock_sock(sk); 964 bh_lock_sock(sk);
939 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 965 if (chan->retry_count >= chan->remote_max_tx) {
940 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED); 966 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED);
941 bh_unlock_sock(sk); 967 bh_unlock_sock(sk);
942 return; 968 return;
943 } 969 }
944 970
945 l2cap_pi(sk)->retry_count++; 971 chan->retry_count++;
946 __mod_monitor_timer(); 972 __mod_monitor_timer();
947 973
948 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 974 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
949 bh_unlock_sock(sk); 975 bh_unlock_sock(sk);
950} 976}
951 977
952static void l2cap_retrans_timeout(unsigned long arg) 978static void l2cap_retrans_timeout(unsigned long arg)
953{ 979{
954 struct sock *sk = (void *) arg; 980 struct l2cap_chan *chan = (void *) arg;
981 struct sock *sk = chan->sk;
955 982
956 BT_DBG("sk %p", sk); 983 BT_DBG("chan %p", chan);
957 984
958 bh_lock_sock(sk); 985 bh_lock_sock(sk);
959 l2cap_pi(sk)->retry_count = 1; 986 chan->retry_count = 1;
960 __mod_monitor_timer(); 987 __mod_monitor_timer();
961 988
962 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 989 chan->conn_state |= L2CAP_CONN_WAIT_F;
963 990
964 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 991 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
965 bh_unlock_sock(sk); 992 bh_unlock_sock(sk);
966} 993}
967 994
968static void l2cap_drop_acked_frames(struct sock *sk) 995static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
969{ 996{
970 struct sk_buff *skb; 997 struct sk_buff *skb;
971 998
972 while ((skb = skb_peek(TX_QUEUE(sk))) && 999 while ((skb = skb_peek(&chan->tx_q)) &&
973 l2cap_pi(sk)->unacked_frames) { 1000 chan->unacked_frames) {
974 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq) 1001 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
975 break; 1002 break;
976 1003
977 skb = skb_dequeue(TX_QUEUE(sk)); 1004 skb = skb_dequeue(&chan->tx_q);
978 kfree_skb(skb); 1005 kfree_skb(skb);
979 1006
980 l2cap_pi(sk)->unacked_frames--; 1007 chan->unacked_frames--;
981 } 1008 }
982 1009
983 if (!l2cap_pi(sk)->unacked_frames) 1010 if (!chan->unacked_frames)
984 del_timer(&l2cap_pi(sk)->retrans_timer); 1011 del_timer(&chan->retrans_timer);
985} 1012}
986 1013
987void l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1014void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
@@ -1000,15 +1027,16 @@ void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1000 hci_send_acl(hcon, skb, flags); 1027 hci_send_acl(hcon, skb, flags);
1001} 1028}
1002 1029
1003void l2cap_streaming_send(struct sock *sk) 1030void l2cap_streaming_send(struct l2cap_chan *chan)
1004{ 1031{
1032 struct sock *sk = chan->sk;
1005 struct sk_buff *skb; 1033 struct sk_buff *skb;
1006 struct l2cap_pinfo *pi = l2cap_pi(sk); 1034 struct l2cap_pinfo *pi = l2cap_pi(sk);
1007 u16 control, fcs; 1035 u16 control, fcs;
1008 1036
1009 while ((skb = skb_dequeue(TX_QUEUE(sk)))) { 1037 while ((skb = skb_dequeue(&chan->tx_q))) {
1010 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE); 1038 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1011 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1039 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1012 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE); 1040 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1013 1041
1014 if (pi->fcs == L2CAP_FCS_CRC16) { 1042 if (pi->fcs == L2CAP_FCS_CRC16) {
@@ -1018,17 +1046,18 @@ void l2cap_streaming_send(struct sock *sk)
1018 1046
1019 l2cap_do_send(sk, skb); 1047 l2cap_do_send(sk, skb);
1020 1048
1021 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1049 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1022 } 1050 }
1023} 1051}
1024 1052
1025static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) 1053static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1026{ 1054{
1055 struct sock *sk = chan->sk;
1027 struct l2cap_pinfo *pi = l2cap_pi(sk); 1056 struct l2cap_pinfo *pi = l2cap_pi(sk);
1028 struct sk_buff *skb, *tx_skb; 1057 struct sk_buff *skb, *tx_skb;
1029 u16 control, fcs; 1058 u16 control, fcs;
1030 1059
1031 skb = skb_peek(TX_QUEUE(sk)); 1060 skb = skb_peek(&chan->tx_q);
1032 if (!skb) 1061 if (!skb)
1033 return; 1062 return;
1034 1063
@@ -1036,14 +1065,14 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1036 if (bt_cb(skb)->tx_seq == tx_seq) 1065 if (bt_cb(skb)->tx_seq == tx_seq)
1037 break; 1066 break;
1038 1067
1039 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1068 if (skb_queue_is_last(&chan->tx_q, skb))
1040 return; 1069 return;
1041 1070
1042 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb))); 1071 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
1043 1072
1044 if (pi->remote_max_tx && 1073 if (chan->remote_max_tx &&
1045 bt_cb(skb)->retries == pi->remote_max_tx) { 1074 bt_cb(skb)->retries == chan->remote_max_tx) {
1046 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1075 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1047 return; 1076 return;
1048 } 1077 }
1049 1078
@@ -1051,12 +1080,12 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1051 bt_cb(skb)->retries++; 1080 bt_cb(skb)->retries++;
1052 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1053 1082
1054 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1083 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1055 control |= L2CAP_CTRL_FINAL; 1084 control |= L2CAP_CTRL_FINAL;
1056 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1085 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1057 } 1086 }
1058 1087
1059 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1088 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1060 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1089 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1061 1090
1062 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1091 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
@@ -1069,9 +1098,10 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1069 l2cap_do_send(sk, tx_skb); 1098 l2cap_do_send(sk, tx_skb);
1070} 1099}
1071 1100
1072int l2cap_ertm_send(struct sock *sk) 1101int l2cap_ertm_send(struct l2cap_chan *chan)
1073{ 1102{
1074 struct sk_buff *skb, *tx_skb; 1103 struct sk_buff *skb, *tx_skb;
1104 struct sock *sk = chan->sk;
1075 struct l2cap_pinfo *pi = l2cap_pi(sk); 1105 struct l2cap_pinfo *pi = l2cap_pi(sk);
1076 u16 control, fcs; 1106 u16 control, fcs;
1077 int nsent = 0; 1107 int nsent = 0;
@@ -1079,11 +1109,11 @@ int l2cap_ertm_send(struct sock *sk)
1079 if (sk->sk_state != BT_CONNECTED) 1109 if (sk->sk_state != BT_CONNECTED)
1080 return -ENOTCONN; 1110 return -ENOTCONN;
1081 1111
1082 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) { 1112 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1083 1113
1084 if (pi->remote_max_tx && 1114 if (chan->remote_max_tx &&
1085 bt_cb(skb)->retries == pi->remote_max_tx) { 1115 bt_cb(skb)->retries == chan->remote_max_tx) {
1086 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1116 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1087 break; 1117 break;
1088 } 1118 }
1089 1119
@@ -1094,12 +1124,12 @@ int l2cap_ertm_send(struct sock *sk)
1094 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1124 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1095 control &= L2CAP_CTRL_SAR; 1125 control &= L2CAP_CTRL_SAR;
1096 1126
1097 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1127 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1098 control |= L2CAP_CTRL_FINAL; 1128 control |= L2CAP_CTRL_FINAL;
1099 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1129 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1100 } 1130 }
1101 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1131 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1102 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1132 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1103 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1133 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1104 1134
1105 1135
@@ -1112,18 +1142,18 @@ int l2cap_ertm_send(struct sock *sk)
1112 1142
1113 __mod_retrans_timer(); 1143 __mod_retrans_timer();
1114 1144
1115 bt_cb(skb)->tx_seq = pi->next_tx_seq; 1145 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1116 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1146 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1117 1147
1118 if (bt_cb(skb)->retries == 1) 1148 if (bt_cb(skb)->retries == 1)
1119 pi->unacked_frames++; 1149 chan->unacked_frames++;
1120 1150
1121 pi->frames_sent++; 1151 chan->frames_sent++;
1122 1152
1123 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1153 if (skb_queue_is_last(&chan->tx_q, skb))
1124 sk->sk_send_head = NULL; 1154 chan->tx_send_head = NULL;
1125 else 1155 else
1126 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); 1156 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1127 1157
1128 nsent++; 1158 nsent++;
1129 } 1159 }
@@ -1131,41 +1161,39 @@ int l2cap_ertm_send(struct sock *sk)
1131 return nsent; 1161 return nsent;
1132} 1162}
1133 1163
1134static int l2cap_retransmit_frames(struct sock *sk) 1164static int l2cap_retransmit_frames(struct l2cap_chan *chan)
1135{ 1165{
1136 struct l2cap_pinfo *pi = l2cap_pi(sk);
1137 int ret; 1166 int ret;
1138 1167
1139 if (!skb_queue_empty(TX_QUEUE(sk))) 1168 if (!skb_queue_empty(&chan->tx_q))
1140 sk->sk_send_head = TX_QUEUE(sk)->next; 1169 chan->tx_send_head = chan->tx_q.next;
1141 1170
1142 pi->next_tx_seq = pi->expected_ack_seq; 1171 chan->next_tx_seq = chan->expected_ack_seq;
1143 ret = l2cap_ertm_send(sk); 1172 ret = l2cap_ertm_send(chan);
1144 return ret; 1173 return ret;
1145} 1174}
1146 1175
1147static void l2cap_send_ack(struct l2cap_pinfo *pi) 1176static void l2cap_send_ack(struct l2cap_chan *chan)
1148{ 1177{
1149 struct sock *sk = (struct sock *)pi;
1150 u16 control = 0; 1178 u16 control = 0;
1151 1179
1152 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1180 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1153 1181
1154 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 1182 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1155 control |= L2CAP_SUPER_RCV_NOT_READY; 1183 control |= L2CAP_SUPER_RCV_NOT_READY;
1156 pi->conn_state |= L2CAP_CONN_RNR_SENT; 1184 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1157 l2cap_send_sframe(pi, control); 1185 l2cap_send_sframe(chan, control);
1158 return; 1186 return;
1159 } 1187 }
1160 1188
1161 if (l2cap_ertm_send(sk) > 0) 1189 if (l2cap_ertm_send(chan) > 0)
1162 return; 1190 return;
1163 1191
1164 control |= L2CAP_SUPER_RCV_READY; 1192 control |= L2CAP_SUPER_RCV_READY;
1165 l2cap_send_sframe(pi, control); 1193 l2cap_send_sframe(chan, control);
1166} 1194}
1167 1195
1168static void l2cap_send_srejtail(struct sock *sk) 1196static void l2cap_send_srejtail(struct l2cap_chan *chan)
1169{ 1197{
1170 struct srej_list *tail; 1198 struct srej_list *tail;
1171 u16 control; 1199 u16 control;
@@ -1173,10 +1201,10 @@ static void l2cap_send_srejtail(struct sock *sk)
1173 control = L2CAP_SUPER_SELECT_REJECT; 1201 control = L2CAP_SUPER_SELECT_REJECT;
1174 control |= L2CAP_CTRL_FINAL; 1202 control |= L2CAP_CTRL_FINAL;
1175 1203
1176 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list); 1204 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
1177 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1205 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1178 1206
1179 l2cap_send_sframe(l2cap_pi(sk), control); 1207 l2cap_send_sframe(chan, control);
1180} 1208}
1181 1209
1182static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1210static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
@@ -1313,9 +1341,9 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1313 return skb; 1341 return skb;
1314} 1342}
1315 1343
1316int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len) 1344int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1317{ 1345{
1318 struct l2cap_pinfo *pi = l2cap_pi(sk); 1346 struct sock *sk = chan->sk;
1319 struct sk_buff *skb; 1347 struct sk_buff *skb;
1320 struct sk_buff_head sar_queue; 1348 struct sk_buff_head sar_queue;
1321 u16 control; 1349 u16 control;
@@ -1323,20 +1351,20 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1323 1351
1324 skb_queue_head_init(&sar_queue); 1352 skb_queue_head_init(&sar_queue);
1325 control = L2CAP_SDU_START; 1353 control = L2CAP_SDU_START;
1326 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len); 1354 skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len);
1327 if (IS_ERR(skb)) 1355 if (IS_ERR(skb))
1328 return PTR_ERR(skb); 1356 return PTR_ERR(skb);
1329 1357
1330 __skb_queue_tail(&sar_queue, skb); 1358 __skb_queue_tail(&sar_queue, skb);
1331 len -= pi->remote_mps; 1359 len -= chan->remote_mps;
1332 size += pi->remote_mps; 1360 size += chan->remote_mps;
1333 1361
1334 while (len > 0) { 1362 while (len > 0) {
1335 size_t buflen; 1363 size_t buflen;
1336 1364
1337 if (len > pi->remote_mps) { 1365 if (len > chan->remote_mps) {
1338 control = L2CAP_SDU_CONTINUE; 1366 control = L2CAP_SDU_CONTINUE;
1339 buflen = pi->remote_mps; 1367 buflen = chan->remote_mps;
1340 } else { 1368 } else {
1341 control = L2CAP_SDU_END; 1369 control = L2CAP_SDU_END;
1342 buflen = len; 1370 buflen = len;
@@ -1352,9 +1380,9 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1352 len -= buflen; 1380 len -= buflen;
1353 size += buflen; 1381 size += buflen;
1354 } 1382 }
1355 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1383 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1356 if (sk->sk_send_head == NULL) 1384 if (chan->tx_send_head == NULL)
1357 sk->sk_send_head = sar_queue.next; 1385 chan->tx_send_head = sar_queue.next;
1358 1386
1359 return size; 1387 return size;
1360} 1388}
@@ -1385,14 +1413,14 @@ static void l2cap_chan_ready(struct sock *sk)
1385/* Copy frame to all raw sockets on that connection */ 1413/* Copy frame to all raw sockets on that connection */
1386static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) 1414static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1387{ 1415{
1388 struct l2cap_chan_list *l = &conn->chan_list;
1389 struct sk_buff *nskb; 1416 struct sk_buff *nskb;
1390 struct sock *sk; 1417 struct l2cap_chan *chan;
1391 1418
1392 BT_DBG("conn %p", conn); 1419 BT_DBG("conn %p", conn);
1393 1420
1394 read_lock(&l->lock); 1421 read_lock(&conn->chan_lock);
1395 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 1422 list_for_each_entry(chan, &conn->chan_l, list) {
1423 struct sock *sk = chan->sk;
1396 if (sk->sk_type != SOCK_RAW) 1424 if (sk->sk_type != SOCK_RAW)
1397 continue; 1425 continue;
1398 1426
@@ -1406,7 +1434,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1406 if (sock_queue_rcv_skb(sk, nskb)) 1434 if (sock_queue_rcv_skb(sk, nskb))
1407 kfree_skb(nskb); 1435 kfree_skb(nskb);
1408 } 1436 }
1409 read_unlock(&l->lock); 1437 read_unlock(&conn->chan_lock);
1410} 1438}
1411 1439
1412/* ---- L2CAP signalling commands ---- */ 1440/* ---- L2CAP signalling commands ---- */
@@ -1538,32 +1566,35 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1538 1566
1539static void l2cap_ack_timeout(unsigned long arg) 1567static void l2cap_ack_timeout(unsigned long arg)
1540{ 1568{
1541 struct sock *sk = (void *) arg; 1569 struct l2cap_chan *chan = (void *) arg;
1542 1570
1543 bh_lock_sock(sk); 1571 bh_lock_sock(chan->sk);
1544 l2cap_send_ack(l2cap_pi(sk)); 1572 l2cap_send_ack(chan);
1545 bh_unlock_sock(sk); 1573 bh_unlock_sock(chan->sk);
1546} 1574}
1547 1575
1548static inline void l2cap_ertm_init(struct sock *sk) 1576static inline void l2cap_ertm_init(struct l2cap_chan *chan)
1549{ 1577{
1550 l2cap_pi(sk)->expected_ack_seq = 0; 1578 struct sock *sk = chan->sk;
1551 l2cap_pi(sk)->unacked_frames = 0; 1579
1552 l2cap_pi(sk)->buffer_seq = 0; 1580 chan->expected_ack_seq = 0;
1553 l2cap_pi(sk)->num_acked = 0; 1581 chan->unacked_frames = 0;
1554 l2cap_pi(sk)->frames_sent = 0; 1582 chan->buffer_seq = 0;
1583 chan->num_acked = 0;
1584 chan->frames_sent = 0;
1555 1585
1556 setup_timer(&l2cap_pi(sk)->retrans_timer, 1586 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1557 l2cap_retrans_timeout, (unsigned long) sk); 1587 (unsigned long) chan);
1558 setup_timer(&l2cap_pi(sk)->monitor_timer, 1588 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1559 l2cap_monitor_timeout, (unsigned long) sk); 1589 (unsigned long) chan);
1560 setup_timer(&l2cap_pi(sk)->ack_timer, 1590 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
1561 l2cap_ack_timeout, (unsigned long) sk);
1562 1591
1563 __skb_queue_head_init(SREJ_QUEUE(sk)); 1592 skb_queue_head_init(&chan->srej_q);
1564 __skb_queue_head_init(BUSY_QUEUE(sk)); 1593 skb_queue_head_init(&chan->busy_q);
1565 1594
1566 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work); 1595 INIT_LIST_HEAD(&chan->srej_l);
1596
1597 INIT_WORK(&chan->busy_work, l2cap_busy_work);
1567 1598
1568 sk->sk_backlog_rcv = l2cap_ertm_data_rcv; 1599 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1569} 1600}
@@ -1581,16 +1612,16 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1581 } 1612 }
1582} 1613}
1583 1614
1584int l2cap_build_conf_req(struct sock *sk, void *data) 1615static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1585{ 1616{
1586 struct l2cap_pinfo *pi = l2cap_pi(sk); 1617 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1587 struct l2cap_conf_req *req = data; 1618 struct l2cap_conf_req *req = data;
1588 struct l2cap_conf_rfc rfc = { .mode = pi->mode }; 1619 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1589 void *ptr = req->data; 1620 void *ptr = req->data;
1590 1621
1591 BT_DBG("sk %p", sk); 1622 BT_DBG("chan %p", chan);
1592 1623
1593 if (pi->num_conf_req || pi->num_conf_rsp) 1624 if (chan->num_conf_req || chan->num_conf_rsp)
1594 goto done; 1625 goto done;
1595 1626
1596 switch (pi->mode) { 1627 switch (pi->mode) {
@@ -1679,20 +1710,20 @@ done:
1679 return ptr - data; 1710 return ptr - data;
1680} 1711}
1681 1712
1682static int l2cap_parse_conf_req(struct sock *sk, void *data) 1713static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1683{ 1714{
1684 struct l2cap_pinfo *pi = l2cap_pi(sk); 1715 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1685 struct l2cap_conf_rsp *rsp = data; 1716 struct l2cap_conf_rsp *rsp = data;
1686 void *ptr = rsp->data; 1717 void *ptr = rsp->data;
1687 void *req = pi->conf_req; 1718 void *req = chan->conf_req;
1688 int len = pi->conf_len; 1719 int len = chan->conf_len;
1689 int type, hint, olen; 1720 int type, hint, olen;
1690 unsigned long val; 1721 unsigned long val;
1691 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 1722 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1692 u16 mtu = L2CAP_DEFAULT_MTU; 1723 u16 mtu = L2CAP_DEFAULT_MTU;
1693 u16 result = L2CAP_CONF_SUCCESS; 1724 u16 result = L2CAP_CONF_SUCCESS;
1694 1725
1695 BT_DBG("sk %p", sk); 1726 BT_DBG("chan %p", chan);
1696 1727
1697 while (len >= L2CAP_CONF_OPT_SIZE) { 1728 while (len >= L2CAP_CONF_OPT_SIZE) {
1698 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); 1729 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
@@ -1733,7 +1764,7 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1733 } 1764 }
1734 } 1765 }
1735 1766
1736 if (pi->num_conf_rsp || pi->num_conf_req > 1) 1767 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1737 goto done; 1768 goto done;
1738 1769
1739 switch (pi->mode) { 1770 switch (pi->mode) {
@@ -1756,7 +1787,7 @@ done:
1756 result = L2CAP_CONF_UNACCEPT; 1787 result = L2CAP_CONF_UNACCEPT;
1757 rfc.mode = pi->mode; 1788 rfc.mode = pi->mode;
1758 1789
1759 if (pi->num_conf_rsp == 1) 1790 if (chan->num_conf_rsp == 1)
1760 return -ECONNREFUSED; 1791 return -ECONNREFUSED;
1761 1792
1762 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1793 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
@@ -1783,13 +1814,13 @@ done:
1783 break; 1814 break;
1784 1815
1785 case L2CAP_MODE_ERTM: 1816 case L2CAP_MODE_ERTM:
1786 pi->remote_tx_win = rfc.txwin_size; 1817 chan->remote_tx_win = rfc.txwin_size;
1787 pi->remote_max_tx = rfc.max_transmit; 1818 chan->remote_max_tx = rfc.max_transmit;
1788 1819
1789 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1820 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1790 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1821 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1791 1822
1792 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1823 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1793 1824
1794 rfc.retrans_timeout = 1825 rfc.retrans_timeout =
1795 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO); 1826 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
@@ -1807,7 +1838,7 @@ done:
1807 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1838 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1808 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1839 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1809 1840
1810 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1841 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1811 1842
1812 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1843 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1813 1844
@@ -1916,6 +1947,31 @@ static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 fla
1916 return ptr - data; 1947 return ptr - data;
1917} 1948}
1918 1949
1950void __l2cap_connect_rsp_defer(struct sock *sk)
1951{
1952 struct l2cap_conn_rsp rsp;
1953 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1954 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1955 u8 buf[128];
1956
1957 sk->sk_state = BT_CONFIG;
1958
1959 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1960 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1961 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1962 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1963 l2cap_send_cmd(conn, chan->ident,
1964 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1965
1966 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
1967 return;
1968
1969 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1970 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1971 l2cap_build_conf_req(chan, buf), buf);
1972 chan->num_conf_req++;
1973}
1974
1919static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len) 1975static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1920{ 1976{
1921 struct l2cap_pinfo *pi = l2cap_pi(sk); 1977 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -1973,9 +2029,9 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
1973 2029
1974static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2030static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1975{ 2031{
1976 struct l2cap_chan_list *list = &conn->chan_list;
1977 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 2032 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1978 struct l2cap_conn_rsp rsp; 2033 struct l2cap_conn_rsp rsp;
2034 struct l2cap_chan *chan = NULL;
1979 struct sock *parent, *sk = NULL; 2035 struct sock *parent, *sk = NULL;
1980 int result, status = L2CAP_CS_NO_INFO; 2036 int result, status = L2CAP_CS_NO_INFO;
1981 2037
@@ -2013,11 +2069,17 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2013 if (!sk) 2069 if (!sk)
2014 goto response; 2070 goto response;
2015 2071
2016 write_lock_bh(&list->lock); 2072 chan = l2cap_chan_alloc(sk);
2073 if (!chan) {
2074 l2cap_sock_kill(sk);
2075 goto response;
2076 }
2077
2078 write_lock_bh(&conn->chan_lock);
2017 2079
2018 /* Check if we already have channel with that dcid */ 2080 /* Check if we already have channel with that dcid */
2019 if (__l2cap_get_chan_by_dcid(list, scid)) { 2081 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2020 write_unlock_bh(&list->lock); 2082 write_unlock_bh(&conn->chan_lock);
2021 sock_set_flag(sk, SOCK_ZAPPED); 2083 sock_set_flag(sk, SOCK_ZAPPED);
2022 l2cap_sock_kill(sk); 2084 l2cap_sock_kill(sk);
2023 goto response; 2085 goto response;
@@ -2033,12 +2095,15 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2033 2095
2034 bt_accept_enqueue(parent, sk); 2096 bt_accept_enqueue(parent, sk);
2035 2097
2036 __l2cap_chan_add(conn, sk); 2098 __l2cap_chan_add(conn, chan);
2099
2100 l2cap_pi(sk)->chan = chan;
2101
2037 dcid = l2cap_pi(sk)->scid; 2102 dcid = l2cap_pi(sk)->scid;
2038 2103
2039 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 2104 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2040 2105
2041 l2cap_pi(sk)->ident = cmd->ident; 2106 chan->ident = cmd->ident;
2042 2107
2043 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2108 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2044 if (l2cap_check_security(sk)) { 2109 if (l2cap_check_security(sk)) {
@@ -2063,7 +2128,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2063 status = L2CAP_CS_NO_INFO; 2128 status = L2CAP_CS_NO_INFO;
2064 } 2129 }
2065 2130
2066 write_unlock_bh(&list->lock); 2131 write_unlock_bh(&conn->chan_lock);
2067 2132
2068response: 2133response:
2069 bh_unlock_sock(parent); 2134 bh_unlock_sock(parent);
@@ -2089,13 +2154,13 @@ sendresp:
2089 L2CAP_INFO_REQ, sizeof(info), &info); 2154 L2CAP_INFO_REQ, sizeof(info), &info);
2090 } 2155 }
2091 2156
2092 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) && 2157 if (chan && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
2093 result == L2CAP_CR_SUCCESS) { 2158 result == L2CAP_CR_SUCCESS) {
2094 u8 buf[128]; 2159 u8 buf[128];
2095 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2160 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2096 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2161 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2097 l2cap_build_conf_req(sk, buf), buf); 2162 l2cap_build_conf_req(chan, buf), buf);
2098 l2cap_pi(sk)->num_conf_req++; 2163 chan->num_conf_req++;
2099 } 2164 }
2100 2165
2101 return 0; 2166 return 0;
@@ -2105,6 +2170,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2105{ 2170{
2106 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 2171 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2107 u16 scid, dcid, result, status; 2172 u16 scid, dcid, result, status;
2173 struct l2cap_chan *chan;
2108 struct sock *sk; 2174 struct sock *sk;
2109 u8 req[128]; 2175 u8 req[128];
2110 2176
@@ -2116,19 +2182,21 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2116 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status); 2182 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2117 2183
2118 if (scid) { 2184 if (scid) {
2119 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2185 chan = l2cap_get_chan_by_scid(conn, scid);
2120 if (!sk) 2186 if (!chan)
2121 return -EFAULT; 2187 return -EFAULT;
2122 } else { 2188 } else {
2123 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident); 2189 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
2124 if (!sk) 2190 if (!chan)
2125 return -EFAULT; 2191 return -EFAULT;
2126 } 2192 }
2127 2193
2194 sk = chan->sk;
2195
2128 switch (result) { 2196 switch (result) {
2129 case L2CAP_CR_SUCCESS: 2197 case L2CAP_CR_SUCCESS:
2130 sk->sk_state = BT_CONFIG; 2198 sk->sk_state = BT_CONFIG;
2131 l2cap_pi(sk)->ident = 0; 2199 chan->ident = 0;
2132 l2cap_pi(sk)->dcid = dcid; 2200 l2cap_pi(sk)->dcid = dcid;
2133 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 2201 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2134 2202
@@ -2138,8 +2206,8 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2138 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2206 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2139 2207
2140 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2208 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2141 l2cap_build_conf_req(sk, req), req); 2209 l2cap_build_conf_req(chan, req), req);
2142 l2cap_pi(sk)->num_conf_req++; 2210 chan->num_conf_req++;
2143 break; 2211 break;
2144 2212
2145 case L2CAP_CR_PEND: 2213 case L2CAP_CR_PEND:
@@ -2155,7 +2223,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2155 break; 2223 break;
2156 } 2224 }
2157 2225
2158 l2cap_chan_del(sk, ECONNREFUSED); 2226 l2cap_chan_del(chan, ECONNREFUSED);
2159 break; 2227 break;
2160 } 2228 }
2161 2229
@@ -2179,6 +2247,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2179 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 2247 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2180 u16 dcid, flags; 2248 u16 dcid, flags;
2181 u8 rsp[64]; 2249 u8 rsp[64];
2250 struct l2cap_chan *chan;
2182 struct sock *sk; 2251 struct sock *sk;
2183 int len; 2252 int len;
2184 2253
@@ -2187,10 +2256,12 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2187 2256
2188 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags); 2257 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2189 2258
2190 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2259 chan = l2cap_get_chan_by_scid(conn, dcid);
2191 if (!sk) 2260 if (!chan)
2192 return -ENOENT; 2261 return -ENOENT;
2193 2262
2263 sk = chan->sk;
2264
2194 if (sk->sk_state != BT_CONFIG) { 2265 if (sk->sk_state != BT_CONFIG) {
2195 struct l2cap_cmd_rej rej; 2266 struct l2cap_cmd_rej rej;
2196 2267
@@ -2202,7 +2273,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2202 2273
2203 /* Reject if config buffer is too small. */ 2274 /* Reject if config buffer is too small. */
2204 len = cmd_len - sizeof(*req); 2275 len = cmd_len - sizeof(*req);
2205 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { 2276 if (chan->conf_len + len > sizeof(chan->conf_req)) {
2206 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2277 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2207 l2cap_build_conf_rsp(sk, rsp, 2278 l2cap_build_conf_rsp(sk, rsp,
2208 L2CAP_CONF_REJECT, flags), rsp); 2279 L2CAP_CONF_REJECT, flags), rsp);
@@ -2210,8 +2281,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2210 } 2281 }
2211 2282
2212 /* Store config. */ 2283 /* Store config. */
2213 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); 2284 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2214 l2cap_pi(sk)->conf_len += len; 2285 chan->conf_len += len;
2215 2286
2216 if (flags & 0x0001) { 2287 if (flags & 0x0001) {
2217 /* Incomplete config. Send empty response. */ 2288 /* Incomplete config. Send empty response. */
@@ -2222,17 +2293,17 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2222 } 2293 }
2223 2294
2224 /* Complete config. */ 2295 /* Complete config. */
2225 len = l2cap_parse_conf_req(sk, rsp); 2296 len = l2cap_parse_conf_req(chan, rsp);
2226 if (len < 0) { 2297 if (len < 0) {
2227 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2298 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2228 goto unlock; 2299 goto unlock;
2229 } 2300 }
2230 2301
2231 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 2302 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2232 l2cap_pi(sk)->num_conf_rsp++; 2303 chan->num_conf_rsp++;
2233 2304
2234 /* Reset config buffer. */ 2305 /* Reset config buffer. */
2235 l2cap_pi(sk)->conf_len = 0; 2306 chan->conf_len = 0;
2236 2307
2237 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 2308 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2238 goto unlock; 2309 goto unlock;
@@ -2242,11 +2313,11 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2242 2313
2243 sk->sk_state = BT_CONNECTED; 2314 sk->sk_state = BT_CONNECTED;
2244 2315
2245 l2cap_pi(sk)->next_tx_seq = 0; 2316 chan->next_tx_seq = 0;
2246 l2cap_pi(sk)->expected_tx_seq = 0; 2317 chan->expected_tx_seq = 0;
2247 __skb_queue_head_init(TX_QUEUE(sk)); 2318 skb_queue_head_init(&chan->tx_q);
2248 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2319 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2249 l2cap_ertm_init(sk); 2320 l2cap_ertm_init(chan);
2250 2321
2251 l2cap_chan_ready(sk); 2322 l2cap_chan_ready(sk);
2252 goto unlock; 2323 goto unlock;
@@ -2256,8 +2327,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2256 u8 buf[64]; 2327 u8 buf[64];
2257 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2328 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2258 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2329 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2259 l2cap_build_conf_req(sk, buf), buf); 2330 l2cap_build_conf_req(chan, buf), buf);
2260 l2cap_pi(sk)->num_conf_req++; 2331 chan->num_conf_req++;
2261 } 2332 }
2262 2333
2263unlock: 2334unlock:
@@ -2269,6 +2340,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2269{ 2340{
2270 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 2341 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2271 u16 scid, flags, result; 2342 u16 scid, flags, result;
2343 struct l2cap_chan *chan;
2272 struct sock *sk; 2344 struct sock *sk;
2273 int len = cmd->len - sizeof(*rsp); 2345 int len = cmd->len - sizeof(*rsp);
2274 2346
@@ -2279,21 +2351,23 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2279 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", 2351 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2280 scid, flags, result); 2352 scid, flags, result);
2281 2353
2282 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2354 chan = l2cap_get_chan_by_scid(conn, scid);
2283 if (!sk) 2355 if (!chan)
2284 return 0; 2356 return 0;
2285 2357
2358 sk = chan->sk;
2359
2286 switch (result) { 2360 switch (result) {
2287 case L2CAP_CONF_SUCCESS: 2361 case L2CAP_CONF_SUCCESS:
2288 l2cap_conf_rfc_get(sk, rsp->data, len); 2362 l2cap_conf_rfc_get(sk, rsp->data, len);
2289 break; 2363 break;
2290 2364
2291 case L2CAP_CONF_UNACCEPT: 2365 case L2CAP_CONF_UNACCEPT:
2292 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { 2366 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2293 char req[64]; 2367 char req[64];
2294 2368
2295 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 2369 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2296 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2370 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2297 goto done; 2371 goto done;
2298 } 2372 }
2299 2373
@@ -2302,13 +2376,13 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2302 len = l2cap_parse_conf_rsp(sk, rsp->data, 2376 len = l2cap_parse_conf_rsp(sk, rsp->data,
2303 len, req, &result); 2377 len, req, &result);
2304 if (len < 0) { 2378 if (len < 0) {
2305 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2379 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2306 goto done; 2380 goto done;
2307 } 2381 }
2308 2382
2309 l2cap_send_cmd(conn, l2cap_get_ident(conn), 2383 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2310 L2CAP_CONF_REQ, len, req); 2384 L2CAP_CONF_REQ, len, req);
2311 l2cap_pi(sk)->num_conf_req++; 2385 chan->num_conf_req++;
2312 if (result != L2CAP_CONF_SUCCESS) 2386 if (result != L2CAP_CONF_SUCCESS)
2313 goto done; 2387 goto done;
2314 break; 2388 break;
@@ -2317,7 +2391,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2317 default: 2391 default:
2318 sk->sk_err = ECONNRESET; 2392 sk->sk_err = ECONNRESET;
2319 l2cap_sock_set_timer(sk, HZ * 5); 2393 l2cap_sock_set_timer(sk, HZ * 5);
2320 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2394 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2321 goto done; 2395 goto done;
2322 } 2396 }
2323 2397
@@ -2330,11 +2404,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2330 set_default_fcs(l2cap_pi(sk)); 2404 set_default_fcs(l2cap_pi(sk));
2331 2405
2332 sk->sk_state = BT_CONNECTED; 2406 sk->sk_state = BT_CONNECTED;
2333 l2cap_pi(sk)->next_tx_seq = 0; 2407 chan->next_tx_seq = 0;
2334 l2cap_pi(sk)->expected_tx_seq = 0; 2408 chan->expected_tx_seq = 0;
2335 __skb_queue_head_init(TX_QUEUE(sk)); 2409 skb_queue_head_init(&chan->tx_q);
2336 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2410 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2337 l2cap_ertm_init(sk); 2411 l2cap_ertm_init(chan);
2338 2412
2339 l2cap_chan_ready(sk); 2413 l2cap_chan_ready(sk);
2340 } 2414 }
@@ -2349,6 +2423,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2349 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 2423 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2350 struct l2cap_disconn_rsp rsp; 2424 struct l2cap_disconn_rsp rsp;
2351 u16 dcid, scid; 2425 u16 dcid, scid;
2426 struct l2cap_chan *chan;
2352 struct sock *sk; 2427 struct sock *sk;
2353 2428
2354 scid = __le16_to_cpu(req->scid); 2429 scid = __le16_to_cpu(req->scid);
@@ -2356,10 +2431,12 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2356 2431
2357 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid); 2432 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2358 2433
2359 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2434 chan = l2cap_get_chan_by_scid(conn, dcid);
2360 if (!sk) 2435 if (!chan)
2361 return 0; 2436 return 0;
2362 2437
2438 sk = chan->sk;
2439
2363 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2440 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2364 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2441 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2365 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2442 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
@@ -2375,7 +2452,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2375 return 0; 2452 return 0;
2376 } 2453 }
2377 2454
2378 l2cap_chan_del(sk, ECONNRESET); 2455 l2cap_chan_del(chan, ECONNRESET);
2379 bh_unlock_sock(sk); 2456 bh_unlock_sock(sk);
2380 2457
2381 l2cap_sock_kill(sk); 2458 l2cap_sock_kill(sk);
@@ -2386,6 +2463,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2386{ 2463{
2387 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 2464 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2388 u16 dcid, scid; 2465 u16 dcid, scid;
2466 struct l2cap_chan *chan;
2389 struct sock *sk; 2467 struct sock *sk;
2390 2468
2391 scid = __le16_to_cpu(rsp->scid); 2469 scid = __le16_to_cpu(rsp->scid);
@@ -2393,10 +2471,12 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2393 2471
2394 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid); 2472 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2395 2473
2396 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2474 chan = l2cap_get_chan_by_scid(conn, scid);
2397 if (!sk) 2475 if (!chan)
2398 return 0; 2476 return 0;
2399 2477
2478 sk = chan->sk;
2479
2400 /* don't delete l2cap channel if sk is owned by user */ 2480 /* don't delete l2cap channel if sk is owned by user */
2401 if (sock_owned_by_user(sk)) { 2481 if (sock_owned_by_user(sk)) {
2402 sk->sk_state = BT_DISCONN; 2482 sk->sk_state = BT_DISCONN;
@@ -2406,7 +2486,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2406 return 0; 2486 return 0;
2407 } 2487 }
2408 2488
2409 l2cap_chan_del(sk, 0); 2489 l2cap_chan_del(chan, 0);
2410 bh_unlock_sock(sk); 2490 bh_unlock_sock(sk);
2411 2491
2412 l2cap_sock_kill(sk); 2492 l2cap_sock_kill(sk);
@@ -2709,49 +2789,47 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2709 return 0; 2789 return 0;
2710} 2790}
2711 2791
2712static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk) 2792static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
2713{ 2793{
2714 struct l2cap_pinfo *pi = l2cap_pi(sk);
2715 u16 control = 0; 2794 u16 control = 0;
2716 2795
2717 pi->frames_sent = 0; 2796 chan->frames_sent = 0;
2718 2797
2719 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2798 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2720 2799
2721 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 2800 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2722 control |= L2CAP_SUPER_RCV_NOT_READY; 2801 control |= L2CAP_SUPER_RCV_NOT_READY;
2723 l2cap_send_sframe(pi, control); 2802 l2cap_send_sframe(chan, control);
2724 pi->conn_state |= L2CAP_CONN_RNR_SENT; 2803 chan->conn_state |= L2CAP_CONN_RNR_SENT;
2725 } 2804 }
2726 2805
2727 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY) 2806 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
2728 l2cap_retransmit_frames(sk); 2807 l2cap_retransmit_frames(chan);
2729 2808
2730 l2cap_ertm_send(sk); 2809 l2cap_ertm_send(chan);
2731 2810
2732 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) && 2811 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2733 pi->frames_sent == 0) { 2812 chan->frames_sent == 0) {
2734 control |= L2CAP_SUPER_RCV_READY; 2813 control |= L2CAP_SUPER_RCV_READY;
2735 l2cap_send_sframe(pi, control); 2814 l2cap_send_sframe(chan, control);
2736 } 2815 }
2737} 2816}
2738 2817
2739static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 2818static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
2740{ 2819{
2741 struct sk_buff *next_skb; 2820 struct sk_buff *next_skb;
2742 struct l2cap_pinfo *pi = l2cap_pi(sk);
2743 int tx_seq_offset, next_tx_seq_offset; 2821 int tx_seq_offset, next_tx_seq_offset;
2744 2822
2745 bt_cb(skb)->tx_seq = tx_seq; 2823 bt_cb(skb)->tx_seq = tx_seq;
2746 bt_cb(skb)->sar = sar; 2824 bt_cb(skb)->sar = sar;
2747 2825
2748 next_skb = skb_peek(SREJ_QUEUE(sk)); 2826 next_skb = skb_peek(&chan->srej_q);
2749 if (!next_skb) { 2827 if (!next_skb) {
2750 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2828 __skb_queue_tail(&chan->srej_q, skb);
2751 return 0; 2829 return 0;
2752 } 2830 }
2753 2831
2754 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 2832 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
2755 if (tx_seq_offset < 0) 2833 if (tx_seq_offset < 0)
2756 tx_seq_offset += 64; 2834 tx_seq_offset += 64;
2757 2835
@@ -2760,53 +2838,53 @@ static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_s
2760 return -EINVAL; 2838 return -EINVAL;
2761 2839
2762 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq - 2840 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2763 pi->buffer_seq) % 64; 2841 chan->buffer_seq) % 64;
2764 if (next_tx_seq_offset < 0) 2842 if (next_tx_seq_offset < 0)
2765 next_tx_seq_offset += 64; 2843 next_tx_seq_offset += 64;
2766 2844
2767 if (next_tx_seq_offset > tx_seq_offset) { 2845 if (next_tx_seq_offset > tx_seq_offset) {
2768 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 2846 __skb_queue_before(&chan->srej_q, next_skb, skb);
2769 return 0; 2847 return 0;
2770 } 2848 }
2771 2849
2772 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb)) 2850 if (skb_queue_is_last(&chan->srej_q, next_skb))
2773 break; 2851 break;
2774 2852
2775 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb))); 2853 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
2776 2854
2777 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2855 __skb_queue_tail(&chan->srej_q, skb);
2778 2856
2779 return 0; 2857 return 0;
2780} 2858}
2781 2859
2782static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 2860static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2783{ 2861{
2784 struct l2cap_pinfo *pi = l2cap_pi(sk); 2862 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2785 struct sk_buff *_skb; 2863 struct sk_buff *_skb;
2786 int err; 2864 int err;
2787 2865
2788 switch (control & L2CAP_CTRL_SAR) { 2866 switch (control & L2CAP_CTRL_SAR) {
2789 case L2CAP_SDU_UNSEGMENTED: 2867 case L2CAP_SDU_UNSEGMENTED:
2790 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2868 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2791 goto drop; 2869 goto drop;
2792 2870
2793 err = sock_queue_rcv_skb(sk, skb); 2871 err = sock_queue_rcv_skb(chan->sk, skb);
2794 if (!err) 2872 if (!err)
2795 return err; 2873 return err;
2796 2874
2797 break; 2875 break;
2798 2876
2799 case L2CAP_SDU_START: 2877 case L2CAP_SDU_START:
2800 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2878 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2801 goto drop; 2879 goto drop;
2802 2880
2803 pi->sdu_len = get_unaligned_le16(skb->data); 2881 chan->sdu_len = get_unaligned_le16(skb->data);
2804 2882
2805 if (pi->sdu_len > pi->imtu) 2883 if (chan->sdu_len > pi->imtu)
2806 goto disconnect; 2884 goto disconnect;
2807 2885
2808 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 2886 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
2809 if (!pi->sdu) 2887 if (!chan->sdu)
2810 return -ENOMEM; 2888 return -ENOMEM;
2811 2889
2812 /* pull sdu_len bytes only after alloc, because of Local Busy 2890 /* pull sdu_len bytes only after alloc, because of Local Busy
@@ -2814,63 +2892,63 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2814 * only once, i.e., when alloc does not fail */ 2892 * only once, i.e., when alloc does not fail */
2815 skb_pull(skb, 2); 2893 skb_pull(skb, 2);
2816 2894
2817 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2895 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2818 2896
2819 pi->conn_state |= L2CAP_CONN_SAR_SDU; 2897 chan->conn_state |= L2CAP_CONN_SAR_SDU;
2820 pi->partial_sdu_len = skb->len; 2898 chan->partial_sdu_len = skb->len;
2821 break; 2899 break;
2822 2900
2823 case L2CAP_SDU_CONTINUE: 2901 case L2CAP_SDU_CONTINUE:
2824 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2902 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2825 goto disconnect; 2903 goto disconnect;
2826 2904
2827 if (!pi->sdu) 2905 if (!chan->sdu)
2828 goto disconnect; 2906 goto disconnect;
2829 2907
2830 pi->partial_sdu_len += skb->len; 2908 chan->partial_sdu_len += skb->len;
2831 if (pi->partial_sdu_len > pi->sdu_len) 2909 if (chan->partial_sdu_len > chan->sdu_len)
2832 goto drop; 2910 goto drop;
2833 2911
2834 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2912 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2835 2913
2836 break; 2914 break;
2837 2915
2838 case L2CAP_SDU_END: 2916 case L2CAP_SDU_END:
2839 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2917 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2840 goto disconnect; 2918 goto disconnect;
2841 2919
2842 if (!pi->sdu) 2920 if (!chan->sdu)
2843 goto disconnect; 2921 goto disconnect;
2844 2922
2845 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) { 2923 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2846 pi->partial_sdu_len += skb->len; 2924 chan->partial_sdu_len += skb->len;
2847 2925
2848 if (pi->partial_sdu_len > pi->imtu) 2926 if (chan->partial_sdu_len > pi->imtu)
2849 goto drop; 2927 goto drop;
2850 2928
2851 if (pi->partial_sdu_len != pi->sdu_len) 2929 if (chan->partial_sdu_len != chan->sdu_len)
2852 goto drop; 2930 goto drop;
2853 2931
2854 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2932 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2855 } 2933 }
2856 2934
2857 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 2935 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
2858 if (!_skb) { 2936 if (!_skb) {
2859 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2937 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2860 return -ENOMEM; 2938 return -ENOMEM;
2861 } 2939 }
2862 2940
2863 err = sock_queue_rcv_skb(sk, _skb); 2941 err = sock_queue_rcv_skb(chan->sk, _skb);
2864 if (err < 0) { 2942 if (err < 0) {
2865 kfree_skb(_skb); 2943 kfree_skb(_skb);
2866 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2944 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2867 return err; 2945 return err;
2868 } 2946 }
2869 2947
2870 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY; 2948 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2871 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 2949 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
2872 2950
2873 kfree_skb(pi->sdu); 2951 kfree_skb(chan->sdu);
2874 break; 2952 break;
2875 } 2953 }
2876 2954
@@ -2878,51 +2956,50 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2878 return 0; 2956 return 0;
2879 2957
2880drop: 2958drop:
2881 kfree_skb(pi->sdu); 2959 kfree_skb(chan->sdu);
2882 pi->sdu = NULL; 2960 chan->sdu = NULL;
2883 2961
2884disconnect: 2962disconnect:
2885 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 2963 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
2886 kfree_skb(skb); 2964 kfree_skb(skb);
2887 return 0; 2965 return 0;
2888} 2966}
2889 2967
2890static int l2cap_try_push_rx_skb(struct sock *sk) 2968static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
2891{ 2969{
2892 struct l2cap_pinfo *pi = l2cap_pi(sk);
2893 struct sk_buff *skb; 2970 struct sk_buff *skb;
2894 u16 control; 2971 u16 control;
2895 int err; 2972 int err;
2896 2973
2897 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) { 2974 while ((skb = skb_dequeue(&chan->busy_q))) {
2898 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 2975 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2899 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 2976 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2900 if (err < 0) { 2977 if (err < 0) {
2901 skb_queue_head(BUSY_QUEUE(sk), skb); 2978 skb_queue_head(&chan->busy_q, skb);
2902 return -EBUSY; 2979 return -EBUSY;
2903 } 2980 }
2904 2981
2905 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 2982 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2906 } 2983 }
2907 2984
2908 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT)) 2985 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
2909 goto done; 2986 goto done;
2910 2987
2911 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2988 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2912 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL; 2989 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2913 l2cap_send_sframe(pi, control); 2990 l2cap_send_sframe(chan, control);
2914 l2cap_pi(sk)->retry_count = 1; 2991 chan->retry_count = 1;
2915 2992
2916 del_timer(&pi->retrans_timer); 2993 del_timer(&chan->retrans_timer);
2917 __mod_monitor_timer(); 2994 __mod_monitor_timer();
2918 2995
2919 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 2996 chan->conn_state |= L2CAP_CONN_WAIT_F;
2920 2997
2921done: 2998done:
2922 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY; 2999 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2923 pi->conn_state &= ~L2CAP_CONN_RNR_SENT; 3000 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
2924 3001
2925 BT_DBG("sk %p, Exit local busy", sk); 3002 BT_DBG("chan %p, Exit local busy", chan);
2926 3003
2927 return 0; 3004 return 0;
2928} 3005}
@@ -2930,21 +3007,21 @@ done:
2930static void l2cap_busy_work(struct work_struct *work) 3007static void l2cap_busy_work(struct work_struct *work)
2931{ 3008{
2932 DECLARE_WAITQUEUE(wait, current); 3009 DECLARE_WAITQUEUE(wait, current);
2933 struct l2cap_pinfo *pi = 3010 struct l2cap_chan *chan =
2934 container_of(work, struct l2cap_pinfo, busy_work); 3011 container_of(work, struct l2cap_chan, busy_work);
2935 struct sock *sk = (struct sock *)pi; 3012 struct sock *sk = chan->sk;
2936 int n_tries = 0, timeo = HZ/5, err; 3013 int n_tries = 0, timeo = HZ/5, err;
2937 struct sk_buff *skb; 3014 struct sk_buff *skb;
2938 3015
2939 lock_sock(sk); 3016 lock_sock(sk);
2940 3017
2941 add_wait_queue(sk_sleep(sk), &wait); 3018 add_wait_queue(sk_sleep(sk), &wait);
2942 while ((skb = skb_peek(BUSY_QUEUE(sk)))) { 3019 while ((skb = skb_peek(&chan->busy_q))) {
2943 set_current_state(TASK_INTERRUPTIBLE); 3020 set_current_state(TASK_INTERRUPTIBLE);
2944 3021
2945 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3022 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2946 err = -EBUSY; 3023 err = -EBUSY;
2947 l2cap_send_disconn_req(pi->conn, sk, EBUSY); 3024 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY);
2948 break; 3025 break;
2949 } 3026 }
2950 3027
@@ -2964,7 +3041,7 @@ static void l2cap_busy_work(struct work_struct *work)
2964 if (err) 3041 if (err)
2965 break; 3042 break;
2966 3043
2967 if (l2cap_try_push_rx_skb(sk) == 0) 3044 if (l2cap_try_push_rx_skb(chan) == 0)
2968 break; 3045 break;
2969 } 3046 }
2970 3047
@@ -2974,48 +3051,47 @@ static void l2cap_busy_work(struct work_struct *work)
2974 release_sock(sk); 3051 release_sock(sk);
2975} 3052}
2976 3053
2977static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control) 3054static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2978{ 3055{
2979 struct l2cap_pinfo *pi = l2cap_pi(sk);
2980 int sctrl, err; 3056 int sctrl, err;
2981 3057
2982 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 3058 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2983 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3059 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2984 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3060 __skb_queue_tail(&chan->busy_q, skb);
2985 return l2cap_try_push_rx_skb(sk); 3061 return l2cap_try_push_rx_skb(chan);
2986 3062
2987 3063
2988 } 3064 }
2989 3065
2990 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 3066 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2991 if (err >= 0) { 3067 if (err >= 0) {
2992 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3068 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2993 return err; 3069 return err;
2994 } 3070 }
2995 3071
2996 /* Busy Condition */ 3072 /* Busy Condition */
2997 BT_DBG("sk %p, Enter local busy", sk); 3073 BT_DBG("chan %p, Enter local busy", chan);
2998 3074
2999 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY; 3075 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3000 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3076 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3001 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3077 __skb_queue_tail(&chan->busy_q, skb);
3002 3078
3003 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3079 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3004 sctrl |= L2CAP_SUPER_RCV_NOT_READY; 3080 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3005 l2cap_send_sframe(pi, sctrl); 3081 l2cap_send_sframe(chan, sctrl);
3006 3082
3007 pi->conn_state |= L2CAP_CONN_RNR_SENT; 3083 chan->conn_state |= L2CAP_CONN_RNR_SENT;
3008 3084
3009 del_timer(&pi->ack_timer); 3085 del_timer(&chan->ack_timer);
3010 3086
3011 queue_work(_busy_wq, &pi->busy_work); 3087 queue_work(_busy_wq, &chan->busy_work);
3012 3088
3013 return err; 3089 return err;
3014} 3090}
3015 3091
3016static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 3092static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3017{ 3093{
3018 struct l2cap_pinfo *pi = l2cap_pi(sk); 3094 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3019 struct sk_buff *_skb; 3095 struct sk_buff *_skb;
3020 int err = -EINVAL; 3096 int err = -EINVAL;
3021 3097
@@ -3026,80 +3102,80 @@ static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb,
3026 3102
3027 switch (control & L2CAP_CTRL_SAR) { 3103 switch (control & L2CAP_CTRL_SAR) {
3028 case L2CAP_SDU_UNSEGMENTED: 3104 case L2CAP_SDU_UNSEGMENTED:
3029 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3105 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3030 kfree_skb(pi->sdu); 3106 kfree_skb(chan->sdu);
3031 break; 3107 break;
3032 } 3108 }
3033 3109
3034 err = sock_queue_rcv_skb(sk, skb); 3110 err = sock_queue_rcv_skb(chan->sk, skb);
3035 if (!err) 3111 if (!err)
3036 return 0; 3112 return 0;
3037 3113
3038 break; 3114 break;
3039 3115
3040 case L2CAP_SDU_START: 3116 case L2CAP_SDU_START:
3041 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3117 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3042 kfree_skb(pi->sdu); 3118 kfree_skb(chan->sdu);
3043 break; 3119 break;
3044 } 3120 }
3045 3121
3046 pi->sdu_len = get_unaligned_le16(skb->data); 3122 chan->sdu_len = get_unaligned_le16(skb->data);
3047 skb_pull(skb, 2); 3123 skb_pull(skb, 2);
3048 3124
3049 if (pi->sdu_len > pi->imtu) { 3125 if (chan->sdu_len > pi->imtu) {
3050 err = -EMSGSIZE; 3126 err = -EMSGSIZE;
3051 break; 3127 break;
3052 } 3128 }
3053 3129
3054 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3130 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3055 if (!pi->sdu) { 3131 if (!chan->sdu) {
3056 err = -ENOMEM; 3132 err = -ENOMEM;
3057 break; 3133 break;
3058 } 3134 }
3059 3135
3060 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3136 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3061 3137
3062 pi->conn_state |= L2CAP_CONN_SAR_SDU; 3138 chan->conn_state |= L2CAP_CONN_SAR_SDU;
3063 pi->partial_sdu_len = skb->len; 3139 chan->partial_sdu_len = skb->len;
3064 err = 0; 3140 err = 0;
3065 break; 3141 break;
3066 3142
3067 case L2CAP_SDU_CONTINUE: 3143 case L2CAP_SDU_CONTINUE:
3068 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3144 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3069 break; 3145 break;
3070 3146
3071 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3147 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3072 3148
3073 pi->partial_sdu_len += skb->len; 3149 chan->partial_sdu_len += skb->len;
3074 if (pi->partial_sdu_len > pi->sdu_len) 3150 if (chan->partial_sdu_len > chan->sdu_len)
3075 kfree_skb(pi->sdu); 3151 kfree_skb(chan->sdu);
3076 else 3152 else
3077 err = 0; 3153 err = 0;
3078 3154
3079 break; 3155 break;
3080 3156
3081 case L2CAP_SDU_END: 3157 case L2CAP_SDU_END:
3082 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3158 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3083 break; 3159 break;
3084 3160
3085 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3161 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3086 3162
3087 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 3163 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3088 pi->partial_sdu_len += skb->len; 3164 chan->partial_sdu_len += skb->len;
3089 3165
3090 if (pi->partial_sdu_len > pi->imtu) 3166 if (chan->partial_sdu_len > pi->imtu)
3091 goto drop; 3167 goto drop;
3092 3168
3093 if (pi->partial_sdu_len == pi->sdu_len) { 3169 if (chan->partial_sdu_len == chan->sdu_len) {
3094 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 3170 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
3095 err = sock_queue_rcv_skb(sk, _skb); 3171 err = sock_queue_rcv_skb(chan->sk, _skb);
3096 if (err < 0) 3172 if (err < 0)
3097 kfree_skb(_skb); 3173 kfree_skb(_skb);
3098 } 3174 }
3099 err = 0; 3175 err = 0;
3100 3176
3101drop: 3177drop:
3102 kfree_skb(pi->sdu); 3178 kfree_skb(chan->sdu);
3103 break; 3179 break;
3104 } 3180 }
3105 3181
@@ -3107,31 +3183,30 @@ drop:
3107 return err; 3183 return err;
3108} 3184}
3109 3185
3110static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) 3186static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
3111{ 3187{
3112 struct sk_buff *skb; 3188 struct sk_buff *skb;
3113 u16 control; 3189 u16 control;
3114 3190
3115 while ((skb = skb_peek(SREJ_QUEUE(sk)))) { 3191 while ((skb = skb_peek(&chan->srej_q))) {
3116 if (bt_cb(skb)->tx_seq != tx_seq) 3192 if (bt_cb(skb)->tx_seq != tx_seq)
3117 break; 3193 break;
3118 3194
3119 skb = skb_dequeue(SREJ_QUEUE(sk)); 3195 skb = skb_dequeue(&chan->srej_q);
3120 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 3196 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3121 l2cap_ertm_reassembly_sdu(sk, skb, control); 3197 l2cap_ertm_reassembly_sdu(chan, skb, control);
3122 l2cap_pi(sk)->buffer_seq_srej = 3198 chan->buffer_seq_srej =
3123 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3199 (chan->buffer_seq_srej + 1) % 64;
3124 tx_seq = (tx_seq + 1) % 64; 3200 tx_seq = (tx_seq + 1) % 64;
3125 } 3201 }
3126} 3202}
3127 3203
3128static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq) 3204static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3129{ 3205{
3130 struct l2cap_pinfo *pi = l2cap_pi(sk);
3131 struct srej_list *l, *tmp; 3206 struct srej_list *l, *tmp;
3132 u16 control; 3207 u16 control;
3133 3208
3134 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 3209 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
3135 if (l->tx_seq == tx_seq) { 3210 if (l->tx_seq == tx_seq) {
3136 list_del(&l->list); 3211 list_del(&l->list);
3137 kfree(l); 3212 kfree(l);
@@ -3139,34 +3214,33 @@ static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3139 } 3214 }
3140 control = L2CAP_SUPER_SELECT_REJECT; 3215 control = L2CAP_SUPER_SELECT_REJECT;
3141 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3216 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3142 l2cap_send_sframe(pi, control); 3217 l2cap_send_sframe(chan, control);
3143 list_del(&l->list); 3218 list_del(&l->list);
3144 list_add_tail(&l->list, SREJ_LIST(sk)); 3219 list_add_tail(&l->list, &chan->srej_l);
3145 } 3220 }
3146} 3221}
3147 3222
3148static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq) 3223static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3149{ 3224{
3150 struct l2cap_pinfo *pi = l2cap_pi(sk);
3151 struct srej_list *new; 3225 struct srej_list *new;
3152 u16 control; 3226 u16 control;
3153 3227
3154 while (tx_seq != pi->expected_tx_seq) { 3228 while (tx_seq != chan->expected_tx_seq) {
3155 control = L2CAP_SUPER_SELECT_REJECT; 3229 control = L2CAP_SUPER_SELECT_REJECT;
3156 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3230 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3157 l2cap_send_sframe(pi, control); 3231 l2cap_send_sframe(chan, control);
3158 3232
3159 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3233 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3160 new->tx_seq = pi->expected_tx_seq; 3234 new->tx_seq = chan->expected_tx_seq;
3161 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3235 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3162 list_add_tail(&new->list, SREJ_LIST(sk)); 3236 list_add_tail(&new->list, &chan->srej_l);
3163 } 3237 }
3164 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3238 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3165} 3239}
3166 3240
3167static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3241static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3168{ 3242{
3169 struct l2cap_pinfo *pi = l2cap_pi(sk); 3243 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3170 u8 tx_seq = __get_txseq(rx_control); 3244 u8 tx_seq = __get_txseq(rx_control);
3171 u8 req_seq = __get_reqseq(rx_control); 3245 u8 req_seq = __get_reqseq(rx_control);
3172 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3246 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
@@ -3174,72 +3248,72 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3174 int num_to_ack = (pi->tx_win/6) + 1; 3248 int num_to_ack = (pi->tx_win/6) + 1;
3175 int err = 0; 3249 int err = 0;
3176 3250
3177 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq, 3251 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3178 rx_control); 3252 tx_seq, rx_control);
3179 3253
3180 if (L2CAP_CTRL_FINAL & rx_control && 3254 if (L2CAP_CTRL_FINAL & rx_control &&
3181 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3255 chan->conn_state & L2CAP_CONN_WAIT_F) {
3182 del_timer(&pi->monitor_timer); 3256 del_timer(&chan->monitor_timer);
3183 if (pi->unacked_frames > 0) 3257 if (chan->unacked_frames > 0)
3184 __mod_retrans_timer(); 3258 __mod_retrans_timer();
3185 pi->conn_state &= ~L2CAP_CONN_WAIT_F; 3259 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3186 } 3260 }
3187 3261
3188 pi->expected_ack_seq = req_seq; 3262 chan->expected_ack_seq = req_seq;
3189 l2cap_drop_acked_frames(sk); 3263 l2cap_drop_acked_frames(chan);
3190 3264
3191 if (tx_seq == pi->expected_tx_seq) 3265 if (tx_seq == chan->expected_tx_seq)
3192 goto expected; 3266 goto expected;
3193 3267
3194 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 3268 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
3195 if (tx_seq_offset < 0) 3269 if (tx_seq_offset < 0)
3196 tx_seq_offset += 64; 3270 tx_seq_offset += 64;
3197 3271
3198 /* invalid tx_seq */ 3272 /* invalid tx_seq */
3199 if (tx_seq_offset >= pi->tx_win) { 3273 if (tx_seq_offset >= pi->tx_win) {
3200 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3274 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3201 goto drop; 3275 goto drop;
3202 } 3276 }
3203 3277
3204 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY) 3278 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
3205 goto drop; 3279 goto drop;
3206 3280
3207 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3281 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3208 struct srej_list *first; 3282 struct srej_list *first;
3209 3283
3210 first = list_first_entry(SREJ_LIST(sk), 3284 first = list_first_entry(&chan->srej_l,
3211 struct srej_list, list); 3285 struct srej_list, list);
3212 if (tx_seq == first->tx_seq) { 3286 if (tx_seq == first->tx_seq) {
3213 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3287 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3214 l2cap_check_srej_gap(sk, tx_seq); 3288 l2cap_check_srej_gap(chan, tx_seq);
3215 3289
3216 list_del(&first->list); 3290 list_del(&first->list);
3217 kfree(first); 3291 kfree(first);
3218 3292
3219 if (list_empty(SREJ_LIST(sk))) { 3293 if (list_empty(&chan->srej_l)) {
3220 pi->buffer_seq = pi->buffer_seq_srej; 3294 chan->buffer_seq = chan->buffer_seq_srej;
3221 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3295 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3222 l2cap_send_ack(pi); 3296 l2cap_send_ack(chan);
3223 BT_DBG("sk %p, Exit SREJ_SENT", sk); 3297 BT_DBG("chan %p, Exit SREJ_SENT", chan);
3224 } 3298 }
3225 } else { 3299 } else {
3226 struct srej_list *l; 3300 struct srej_list *l;
3227 3301
3228 /* duplicated tx_seq */ 3302 /* duplicated tx_seq */
3229 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0) 3303 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
3230 goto drop; 3304 goto drop;
3231 3305
3232 list_for_each_entry(l, SREJ_LIST(sk), list) { 3306 list_for_each_entry(l, &chan->srej_l, list) {
3233 if (l->tx_seq == tx_seq) { 3307 if (l->tx_seq == tx_seq) {
3234 l2cap_resend_srejframe(sk, tx_seq); 3308 l2cap_resend_srejframe(chan, tx_seq);
3235 return 0; 3309 return 0;
3236 } 3310 }
3237 } 3311 }
3238 l2cap_send_srejframe(sk, tx_seq); 3312 l2cap_send_srejframe(chan, tx_seq);
3239 } 3313 }
3240 } else { 3314 } else {
3241 expected_tx_seq_offset = 3315 expected_tx_seq_offset =
3242 (pi->expected_tx_seq - pi->buffer_seq) % 64; 3316 (chan->expected_tx_seq - chan->buffer_seq) % 64;
3243 if (expected_tx_seq_offset < 0) 3317 if (expected_tx_seq_offset < 0)
3244 expected_tx_seq_offset += 64; 3318 expected_tx_seq_offset += 64;
3245 3319
@@ -3247,51 +3321,51 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3247 if (tx_seq_offset < expected_tx_seq_offset) 3321 if (tx_seq_offset < expected_tx_seq_offset)
3248 goto drop; 3322 goto drop;
3249 3323
3250 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 3324 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
3251 3325
3252 BT_DBG("sk %p, Enter SREJ", sk); 3326 BT_DBG("chan %p, Enter SREJ", chan);
3253 3327
3254 INIT_LIST_HEAD(SREJ_LIST(sk)); 3328 INIT_LIST_HEAD(&chan->srej_l);
3255 pi->buffer_seq_srej = pi->buffer_seq; 3329 chan->buffer_seq_srej = chan->buffer_seq;
3256 3330
3257 __skb_queue_head_init(SREJ_QUEUE(sk)); 3331 __skb_queue_head_init(&chan->srej_q);
3258 __skb_queue_head_init(BUSY_QUEUE(sk)); 3332 __skb_queue_head_init(&chan->busy_q);
3259 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3333 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3260 3334
3261 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 3335 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
3262 3336
3263 l2cap_send_srejframe(sk, tx_seq); 3337 l2cap_send_srejframe(chan, tx_seq);
3264 3338
3265 del_timer(&pi->ack_timer); 3339 del_timer(&chan->ack_timer);
3266 } 3340 }
3267 return 0; 3341 return 0;
3268 3342
3269expected: 3343expected:
3270 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3344 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3271 3345
3272 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3346 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3273 bt_cb(skb)->tx_seq = tx_seq; 3347 bt_cb(skb)->tx_seq = tx_seq;
3274 bt_cb(skb)->sar = sar; 3348 bt_cb(skb)->sar = sar;
3275 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3349 __skb_queue_tail(&chan->srej_q, skb);
3276 return 0; 3350 return 0;
3277 } 3351 }
3278 3352
3279 err = l2cap_push_rx_skb(sk, skb, rx_control); 3353 err = l2cap_push_rx_skb(chan, skb, rx_control);
3280 if (err < 0) 3354 if (err < 0)
3281 return 0; 3355 return 0;
3282 3356
3283 if (rx_control & L2CAP_CTRL_FINAL) { 3357 if (rx_control & L2CAP_CTRL_FINAL) {
3284 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3358 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3285 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3359 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3286 else 3360 else
3287 l2cap_retransmit_frames(sk); 3361 l2cap_retransmit_frames(chan);
3288 } 3362 }
3289 3363
3290 __mod_ack_timer(); 3364 __mod_ack_timer();
3291 3365
3292 pi->num_acked = (pi->num_acked + 1) % num_to_ack; 3366 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3293 if (pi->num_acked == num_to_ack - 1) 3367 if (chan->num_acked == num_to_ack - 1)
3294 l2cap_send_ack(pi); 3368 l2cap_send_ack(chan);
3295 3369
3296 return 0; 3370 return 0;
3297 3371
@@ -3300,165 +3374,160 @@ drop:
3300 return 0; 3374 return 0;
3301} 3375}
3302 3376
3303static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) 3377static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
3304{ 3378{
3305 struct l2cap_pinfo *pi = l2cap_pi(sk); 3379 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
3306
3307 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3308 rx_control); 3380 rx_control);
3309 3381
3310 pi->expected_ack_seq = __get_reqseq(rx_control); 3382 chan->expected_ack_seq = __get_reqseq(rx_control);
3311 l2cap_drop_acked_frames(sk); 3383 l2cap_drop_acked_frames(chan);
3312 3384
3313 if (rx_control & L2CAP_CTRL_POLL) { 3385 if (rx_control & L2CAP_CTRL_POLL) {
3314 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3386 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3315 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3387 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3316 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3388 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3317 (pi->unacked_frames > 0)) 3389 (chan->unacked_frames > 0))
3318 __mod_retrans_timer(); 3390 __mod_retrans_timer();
3319 3391
3320 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3392 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3321 l2cap_send_srejtail(sk); 3393 l2cap_send_srejtail(chan);
3322 } else { 3394 } else {
3323 l2cap_send_i_or_rr_or_rnr(sk); 3395 l2cap_send_i_or_rr_or_rnr(chan);
3324 } 3396 }
3325 3397
3326 } else if (rx_control & L2CAP_CTRL_FINAL) { 3398 } else if (rx_control & L2CAP_CTRL_FINAL) {
3327 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3399 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3328 3400
3329 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3401 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3330 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3402 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3331 else 3403 else
3332 l2cap_retransmit_frames(sk); 3404 l2cap_retransmit_frames(chan);
3333 3405
3334 } else { 3406 } else {
3335 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3407 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3336 (pi->unacked_frames > 0)) 3408 (chan->unacked_frames > 0))
3337 __mod_retrans_timer(); 3409 __mod_retrans_timer();
3338 3410
3339 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3411 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3340 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) 3412 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3341 l2cap_send_ack(pi); 3413 l2cap_send_ack(chan);
3342 else 3414 else
3343 l2cap_ertm_send(sk); 3415 l2cap_ertm_send(chan);
3344 } 3416 }
3345} 3417}
3346 3418
3347static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) 3419static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
3348{ 3420{
3349 struct l2cap_pinfo *pi = l2cap_pi(sk);
3350 u8 tx_seq = __get_reqseq(rx_control); 3421 u8 tx_seq = __get_reqseq(rx_control);
3351 3422
3352 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3423 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3353 3424
3354 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3425 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3355 3426
3356 pi->expected_ack_seq = tx_seq; 3427 chan->expected_ack_seq = tx_seq;
3357 l2cap_drop_acked_frames(sk); 3428 l2cap_drop_acked_frames(chan);
3358 3429
3359 if (rx_control & L2CAP_CTRL_FINAL) { 3430 if (rx_control & L2CAP_CTRL_FINAL) {
3360 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3431 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3361 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3432 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3362 else 3433 else
3363 l2cap_retransmit_frames(sk); 3434 l2cap_retransmit_frames(chan);
3364 } else { 3435 } else {
3365 l2cap_retransmit_frames(sk); 3436 l2cap_retransmit_frames(chan);
3366 3437
3367 if (pi->conn_state & L2CAP_CONN_WAIT_F) 3438 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3368 pi->conn_state |= L2CAP_CONN_REJ_ACT; 3439 chan->conn_state |= L2CAP_CONN_REJ_ACT;
3369 } 3440 }
3370} 3441}
3371static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control) 3442static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
3372{ 3443{
3373 struct l2cap_pinfo *pi = l2cap_pi(sk);
3374 u8 tx_seq = __get_reqseq(rx_control); 3444 u8 tx_seq = __get_reqseq(rx_control);
3375 3445
3376 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3446 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3377 3447
3378 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3448 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3379 3449
3380 if (rx_control & L2CAP_CTRL_POLL) { 3450 if (rx_control & L2CAP_CTRL_POLL) {
3381 pi->expected_ack_seq = tx_seq; 3451 chan->expected_ack_seq = tx_seq;
3382 l2cap_drop_acked_frames(sk); 3452 l2cap_drop_acked_frames(chan);
3383 3453
3384 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3454 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3385 l2cap_retransmit_one_frame(sk, tx_seq); 3455 l2cap_retransmit_one_frame(chan, tx_seq);
3386 3456
3387 l2cap_ertm_send(sk); 3457 l2cap_ertm_send(chan);
3388 3458
3389 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3459 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3390 pi->srej_save_reqseq = tx_seq; 3460 chan->srej_save_reqseq = tx_seq;
3391 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3461 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3392 } 3462 }
3393 } else if (rx_control & L2CAP_CTRL_FINAL) { 3463 } else if (rx_control & L2CAP_CTRL_FINAL) {
3394 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) && 3464 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
3395 pi->srej_save_reqseq == tx_seq) 3465 chan->srej_save_reqseq == tx_seq)
3396 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT; 3466 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3397 else 3467 else
3398 l2cap_retransmit_one_frame(sk, tx_seq); 3468 l2cap_retransmit_one_frame(chan, tx_seq);
3399 } else { 3469 } else {
3400 l2cap_retransmit_one_frame(sk, tx_seq); 3470 l2cap_retransmit_one_frame(chan, tx_seq);
3401 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3471 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3402 pi->srej_save_reqseq = tx_seq; 3472 chan->srej_save_reqseq = tx_seq;
3403 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3473 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3404 } 3474 }
3405 } 3475 }
3406} 3476}
3407 3477
3408static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control) 3478static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
3409{ 3479{
3410 struct l2cap_pinfo *pi = l2cap_pi(sk);
3411 u8 tx_seq = __get_reqseq(rx_control); 3480 u8 tx_seq = __get_reqseq(rx_control);
3412 3481
3413 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3482 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3414 3483
3415 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 3484 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3416 pi->expected_ack_seq = tx_seq; 3485 chan->expected_ack_seq = tx_seq;
3417 l2cap_drop_acked_frames(sk); 3486 l2cap_drop_acked_frames(chan);
3418 3487
3419 if (rx_control & L2CAP_CTRL_POLL) 3488 if (rx_control & L2CAP_CTRL_POLL)
3420 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3489 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3421 3490
3422 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) { 3491 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
3423 del_timer(&pi->retrans_timer); 3492 del_timer(&chan->retrans_timer);
3424 if (rx_control & L2CAP_CTRL_POLL) 3493 if (rx_control & L2CAP_CTRL_POLL)
3425 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL); 3494 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
3426 return; 3495 return;
3427 } 3496 }
3428 3497
3429 if (rx_control & L2CAP_CTRL_POLL) 3498 if (rx_control & L2CAP_CTRL_POLL)
3430 l2cap_send_srejtail(sk); 3499 l2cap_send_srejtail(chan);
3431 else 3500 else
3432 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY); 3501 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
3433} 3502}
3434 3503
3435static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3504static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3436{ 3505{
3437 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3506 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
3438 3507
3439 if (L2CAP_CTRL_FINAL & rx_control && 3508 if (L2CAP_CTRL_FINAL & rx_control &&
3440 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3509 chan->conn_state & L2CAP_CONN_WAIT_F) {
3441 del_timer(&l2cap_pi(sk)->monitor_timer); 3510 del_timer(&chan->monitor_timer);
3442 if (l2cap_pi(sk)->unacked_frames > 0) 3511 if (chan->unacked_frames > 0)
3443 __mod_retrans_timer(); 3512 __mod_retrans_timer();
3444 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F; 3513 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3445 } 3514 }
3446 3515
3447 switch (rx_control & L2CAP_CTRL_SUPERVISE) { 3516 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3448 case L2CAP_SUPER_RCV_READY: 3517 case L2CAP_SUPER_RCV_READY:
3449 l2cap_data_channel_rrframe(sk, rx_control); 3518 l2cap_data_channel_rrframe(chan, rx_control);
3450 break; 3519 break;
3451 3520
3452 case L2CAP_SUPER_REJECT: 3521 case L2CAP_SUPER_REJECT:
3453 l2cap_data_channel_rejframe(sk, rx_control); 3522 l2cap_data_channel_rejframe(chan, rx_control);
3454 break; 3523 break;
3455 3524
3456 case L2CAP_SUPER_SELECT_REJECT: 3525 case L2CAP_SUPER_SELECT_REJECT:
3457 l2cap_data_channel_srejframe(sk, rx_control); 3526 l2cap_data_channel_srejframe(chan, rx_control);
3458 break; 3527 break;
3459 3528
3460 case L2CAP_SUPER_RCV_NOT_READY: 3529 case L2CAP_SUPER_RCV_NOT_READY:
3461 l2cap_data_channel_rnrframe(sk, rx_control); 3530 l2cap_data_channel_rnrframe(chan, rx_control);
3462 break; 3531 break;
3463 } 3532 }
3464 3533
@@ -3468,6 +3537,7 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3468 3537
3469static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 3538static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3470{ 3539{
3540 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3471 struct l2cap_pinfo *pi = l2cap_pi(sk); 3541 struct l2cap_pinfo *pi = l2cap_pi(sk);
3472 u16 control; 3542 u16 control;
3473 u8 req_seq; 3543 u8 req_seq;
@@ -3492,41 +3562,41 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3492 len -= 2; 3562 len -= 2;
3493 3563
3494 if (len > pi->mps) { 3564 if (len > pi->mps) {
3495 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3565 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3496 goto drop; 3566 goto drop;
3497 } 3567 }
3498 3568
3499 req_seq = __get_reqseq(control); 3569 req_seq = __get_reqseq(control);
3500 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64; 3570 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
3501 if (req_seq_offset < 0) 3571 if (req_seq_offset < 0)
3502 req_seq_offset += 64; 3572 req_seq_offset += 64;
3503 3573
3504 next_tx_seq_offset = 3574 next_tx_seq_offset =
3505 (pi->next_tx_seq - pi->expected_ack_seq) % 64; 3575 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
3506 if (next_tx_seq_offset < 0) 3576 if (next_tx_seq_offset < 0)
3507 next_tx_seq_offset += 64; 3577 next_tx_seq_offset += 64;
3508 3578
3509 /* check for invalid req-seq */ 3579 /* check for invalid req-seq */
3510 if (req_seq_offset > next_tx_seq_offset) { 3580 if (req_seq_offset > next_tx_seq_offset) {
3511 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3581 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3512 goto drop; 3582 goto drop;
3513 } 3583 }
3514 3584
3515 if (__is_iframe(control)) { 3585 if (__is_iframe(control)) {
3516 if (len < 0) { 3586 if (len < 0) {
3517 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3587 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3518 goto drop; 3588 goto drop;
3519 } 3589 }
3520 3590
3521 l2cap_data_channel_iframe(sk, control, skb); 3591 l2cap_data_channel_iframe(chan, control, skb);
3522 } else { 3592 } else {
3523 if (len != 0) { 3593 if (len != 0) {
3524 BT_ERR("%d", len); 3594 BT_ERR("%d", len);
3525 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3595 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3526 goto drop; 3596 goto drop;
3527 } 3597 }
3528 3598
3529 l2cap_data_channel_sframe(sk, control, skb); 3599 l2cap_data_channel_sframe(chan, control, skb);
3530 } 3600 }
3531 3601
3532 return 0; 3602 return 0;
@@ -3538,21 +3608,23 @@ drop:
3538 3608
3539static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 3609static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3540{ 3610{
3611 struct l2cap_chan *chan;
3541 struct sock *sk; 3612 struct sock *sk;
3542 struct l2cap_pinfo *pi; 3613 struct l2cap_pinfo *pi;
3543 u16 control; 3614 u16 control;
3544 u8 tx_seq; 3615 u8 tx_seq;
3545 int len; 3616 int len;
3546 3617
3547 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3618 chan = l2cap_get_chan_by_scid(conn, cid);
3548 if (!sk) { 3619 if (!chan) {
3549 BT_DBG("unknown cid 0x%4.4x", cid); 3620 BT_DBG("unknown cid 0x%4.4x", cid);
3550 goto drop; 3621 goto drop;
3551 } 3622 }
3552 3623
3624 sk = chan->sk;
3553 pi = l2cap_pi(sk); 3625 pi = l2cap_pi(sk);
3554 3626
3555 BT_DBG("sk %p, len %d", sk, skb->len); 3627 BT_DBG("chan %p, len %d", chan, skb->len);
3556 3628
3557 if (sk->sk_state != BT_CONNECTED) 3629 if (sk->sk_state != BT_CONNECTED)
3558 goto drop; 3630 goto drop;
@@ -3600,17 +3672,17 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3600 3672
3601 tx_seq = __get_txseq(control); 3673 tx_seq = __get_txseq(control);
3602 3674
3603 if (pi->expected_tx_seq == tx_seq) 3675 if (chan->expected_tx_seq == tx_seq)
3604 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3676 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3605 else 3677 else
3606 pi->expected_tx_seq = (tx_seq + 1) % 64; 3678 chan->expected_tx_seq = (tx_seq + 1) % 64;
3607 3679
3608 l2cap_streaming_reassembly_sdu(sk, skb, control); 3680 l2cap_streaming_reassembly_sdu(chan, skb, control);
3609 3681
3610 goto done; 3682 goto done;
3611 3683
3612 default: 3684 default:
3613 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode); 3685 BT_DBG("chan %p: bad mode 0x%2.2x", chan, pi->mode);
3614 break; 3686 break;
3615 } 3687 }
3616 3688
@@ -3654,6 +3726,36 @@ done:
3654 return 0; 3726 return 0;
3655} 3727}
3656 3728
3729static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3730{
3731 struct sock *sk;
3732
3733 sk = l2cap_get_sock_by_scid(0, cid, conn->src);
3734 if (!sk)
3735 goto drop;
3736
3737 bh_lock_sock(sk);
3738
3739 BT_DBG("sk %p, len %d", sk, skb->len);
3740
3741 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3742 goto drop;
3743
3744 if (l2cap_pi(sk)->imtu < skb->len)
3745 goto drop;
3746
3747 if (!sock_queue_rcv_skb(sk, skb))
3748 goto done;
3749
3750drop:
3751 kfree_skb(skb);
3752
3753done:
3754 if (sk)
3755 bh_unlock_sock(sk);
3756 return 0;
3757}
3758
3657static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) 3759static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3658{ 3760{
3659 struct l2cap_hdr *lh = (void *) skb->data; 3761 struct l2cap_hdr *lh = (void *) skb->data;
@@ -3683,6 +3785,10 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3683 l2cap_conless_channel(conn, psm, skb); 3785 l2cap_conless_channel(conn, psm, skb);
3684 break; 3786 break;
3685 3787
3788 case L2CAP_CID_LE_DATA:
3789 l2cap_att_channel(conn, cid, skb);
3790 break;
3791
3686 default: 3792 default:
3687 l2cap_data_channel(conn, cid, skb); 3793 l2cap_data_channel(conn, cid, skb);
3688 break; 3794 break;
@@ -3786,20 +3892,19 @@ static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3786 3892
3787static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) 3893static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3788{ 3894{
3789 struct l2cap_chan_list *l;
3790 struct l2cap_conn *conn = hcon->l2cap_data; 3895 struct l2cap_conn *conn = hcon->l2cap_data;
3791 struct sock *sk; 3896 struct l2cap_chan *chan;
3792 3897
3793 if (!conn) 3898 if (!conn)
3794 return 0; 3899 return 0;
3795 3900
3796 l = &conn->chan_list;
3797
3798 BT_DBG("conn %p", conn); 3901 BT_DBG("conn %p", conn);
3799 3902
3800 read_lock(&l->lock); 3903 read_lock(&conn->chan_lock);
3904
3905 list_for_each_entry(chan, &conn->chan_l, list) {
3906 struct sock *sk = chan->sk;
3801 3907
3802 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3803 bh_lock_sock(sk); 3908 bh_lock_sock(sk);
3804 3909
3805 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { 3910 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
@@ -3820,10 +3925,10 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3820 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 3925 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3821 req.psm = l2cap_pi(sk)->psm; 3926 req.psm = l2cap_pi(sk)->psm;
3822 3927
3823 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 3928 chan->ident = l2cap_get_ident(conn);
3824 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 3929 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3825 3930
3826 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3931 l2cap_send_cmd(conn, chan->ident,
3827 L2CAP_CONN_REQ, sizeof(req), &req); 3932 L2CAP_CONN_REQ, sizeof(req), &req);
3828 } else { 3933 } else {
3829 l2cap_sock_clear_timer(sk); 3934 l2cap_sock_clear_timer(sk);
@@ -3846,14 +3951,14 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3846 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 3951 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3847 rsp.result = cpu_to_le16(result); 3952 rsp.result = cpu_to_le16(result);
3848 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3953 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3849 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3954 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
3850 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3955 sizeof(rsp), &rsp);
3851 } 3956 }
3852 3957
3853 bh_unlock_sock(sk); 3958 bh_unlock_sock(sk);
3854 } 3959 }
3855 3960
3856 read_unlock(&l->lock); 3961 read_unlock(&conn->chan_lock);
3857 3962
3858 return 0; 3963 return 0;
3859} 3964}
@@ -3872,7 +3977,7 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3872 3977
3873 if (!(flags & ACL_CONT)) { 3978 if (!(flags & ACL_CONT)) {
3874 struct l2cap_hdr *hdr; 3979 struct l2cap_hdr *hdr;
3875 struct sock *sk; 3980 struct l2cap_chan *chan;
3876 u16 cid; 3981 u16 cid;
3877 int len; 3982 int len;
3878 3983
@@ -3910,18 +4015,21 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3910 goto drop; 4015 goto drop;
3911 } 4016 }
3912 4017
3913 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4018 chan = l2cap_get_chan_by_scid(conn, cid);
3914 4019
3915 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) { 4020 if (chan && chan->sk) {
3916 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)", 4021 struct sock *sk = chan->sk;
3917 len, l2cap_pi(sk)->imtu);
3918 bh_unlock_sock(sk);
3919 l2cap_conn_unreliable(conn, ECOMM);
3920 goto drop;
3921 }
3922 4022
3923 if (sk) 4023 if (l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
4024 BT_ERR("Frame exceeding recv MTU (len %d, "
4025 "MTU %d)", len,
4026 l2cap_pi(sk)->imtu);
4027 bh_unlock_sock(sk);
4028 l2cap_conn_unreliable(conn, ECOMM);
4029 goto drop;
4030 }
3924 bh_unlock_sock(sk); 4031 bh_unlock_sock(sk);
4032 }
3925 4033
3926 /* Allocate skb for the complete frame (with header) */ 4034 /* Allocate skb for the complete frame (with header) */
3927 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 4035 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index f77308e63e58..473e5973d8fe 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -269,7 +269,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
269 goto done; 269 goto done;
270 } 270 }
271 271
272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->dcid) { 272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->scid) {
273 bdaddr_t *src = &bt_sk(sk)->src; 273 bdaddr_t *src = &bt_sk(sk)->src;
274 u16 psm; 274 u16 psm;
275 275
@@ -757,35 +757,37 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
757 case L2CAP_MODE_ERTM: 757 case L2CAP_MODE_ERTM:
758 case L2CAP_MODE_STREAMING: 758 case L2CAP_MODE_STREAMING:
759 /* Entire SDU fits into one PDU */ 759 /* Entire SDU fits into one PDU */
760 if (len <= pi->remote_mps) { 760 if (len <= pi->chan->remote_mps) {
761 control = L2CAP_SDU_UNSEGMENTED; 761 control = L2CAP_SDU_UNSEGMENTED;
762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
763 if (IS_ERR(skb)) { 763 if (IS_ERR(skb)) {
764 err = PTR_ERR(skb); 764 err = PTR_ERR(skb);
765 goto done; 765 goto done;
766 } 766 }
767 __skb_queue_tail(TX_QUEUE(sk), skb); 767 __skb_queue_tail(&pi->chan->tx_q, skb);
768 768
769 if (sk->sk_send_head == NULL) 769 if (pi->chan->tx_send_head == NULL)
770 sk->sk_send_head = skb; 770 pi->chan->tx_send_head = skb;
771 771
772 } else { 772 } else {
773 /* Segment SDU into multiples PDUs */ 773 /* Segment SDU into multiples PDUs */
774 err = l2cap_sar_segment_sdu(sk, msg, len); 774 err = l2cap_sar_segment_sdu(pi->chan, msg, len);
775 if (err < 0) 775 if (err < 0)
776 goto done; 776 goto done;
777 } 777 }
778 778
779 if (pi->mode == L2CAP_MODE_STREAMING) { 779 if (pi->mode == L2CAP_MODE_STREAMING) {
780 l2cap_streaming_send(sk); 780 l2cap_streaming_send(pi->chan);
781 } else { 781 err = len;
782 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 782 break;
783 (pi->conn_state & L2CAP_CONN_WAIT_F)) { 783 }
784 err = len; 784
785 break; 785 if ((pi->chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
786 } 786 (pi->chan->conn_state & L2CAP_CONN_WAIT_F)) {
787 err = l2cap_ertm_send(sk); 787 err = len;
788 break;
788 } 789 }
790 err = l2cap_ertm_send(pi->chan);
789 791
790 if (err >= 0) 792 if (err >= 0)
791 err = len; 793 err = len;
@@ -808,29 +810,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
808 lock_sock(sk); 810 lock_sock(sk);
809 811
810 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 812 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
811 struct l2cap_conn_rsp rsp; 813 __l2cap_connect_rsp_defer(sk);
812 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
813 u8 buf[128];
814
815 sk->sk_state = BT_CONFIG;
816
817 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
818 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
819 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
820 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
821 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
822 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
823
824 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
825 release_sock(sk);
826 return 0;
827 }
828
829 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
831 l2cap_build_conf_req(sk, buf), buf);
832 l2cap_pi(sk)->num_conf_req++;
833
834 release_sock(sk); 814 release_sock(sk);
835 return 0; 815 return 0;
836 } 816 }
@@ -886,6 +866,7 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
886void __l2cap_sock_close(struct sock *sk, int reason) 866void __l2cap_sock_close(struct sock *sk, int reason)
887{ 867{
888 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 868 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
869 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
889 870
890 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 871 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
891 872
@@ -900,9 +881,9 @@ void __l2cap_sock_close(struct sock *sk, int reason)
900 sk->sk_type == SOCK_STREAM) && 881 sk->sk_type == SOCK_STREAM) &&
901 conn->hcon->type == ACL_LINK) { 882 conn->hcon->type == ACL_LINK) {
902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 883 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
903 l2cap_send_disconn_req(conn, sk, reason); 884 l2cap_send_disconn_req(conn, chan, reason);
904 } else 885 } else
905 l2cap_chan_del(sk, reason); 886 l2cap_chan_del(chan, reason);
906 break; 887 break;
907 888
908 case BT_CONNECT2: 889 case BT_CONNECT2:
@@ -921,16 +902,16 @@ void __l2cap_sock_close(struct sock *sk, int reason)
921 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 902 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
922 rsp.result = cpu_to_le16(result); 903 rsp.result = cpu_to_le16(result);
923 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 904 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
924 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 905 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
925 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 906 sizeof(rsp), &rsp);
926 } 907 }
927 908
928 l2cap_chan_del(sk, reason); 909 l2cap_chan_del(chan, reason);
929 break; 910 break;
930 911
931 case BT_CONNECT: 912 case BT_CONNECT:
932 case BT_DISCONN: 913 case BT_DISCONN:
933 l2cap_chan_del(sk, reason); 914 l2cap_chan_del(chan, reason);
934 break; 915 break;
935 916
936 default: 917 default:
@@ -1035,12 +1016,7 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
1035 } 1016 }
1036 1017
1037 /* Default config options */ 1018 /* Default config options */
1038 pi->conf_len = 0;
1039 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1019 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1040 skb_queue_head_init(TX_QUEUE(sk));
1041 skb_queue_head_init(SREJ_QUEUE(sk));
1042 skb_queue_head_init(BUSY_QUEUE(sk));
1043 INIT_LIST_HEAD(SREJ_LIST(sk));
1044} 1020}
1045 1021
1046static struct proto l2cap_proto = { 1022static struct proto l2cap_proto = {
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-01 00:48:30 -0400