aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-05-21 00:04:44 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-05-21 00:04:44 -0400
commitf8965467f366fd18f01feafb5db10512d7b4422c (patch)
tree3706a9cd779859271ca61b85c63a1bc3f82d626e /net/bluetooth
parenta26272e5200765691e67d6780e52b32498fdb659 (diff)
parent2ec8c6bb5d8f3a62a79f463525054bae1e3d4487 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1674 commits) qlcnic: adding co maintainer ixgbe: add support for active DA cables ixgbe: dcb, do not tag tc_prio_control frames ixgbe: fix ixgbe_tx_is_paused logic ixgbe: always enable vlan strip/insert when DCB is enabled ixgbe: remove some redundant code in setting FCoE FIP filter ixgbe: fix wrong offset to fc_frame_header in ixgbe_fcoe_ddp ixgbe: fix header len when unsplit packet overflows to data buffer ipv6: Never schedule DAD timer on dead address ipv6: Use POSTDAD state ipv6: Use state_lock to protect ifa state ipv6: Replace inet6_ifaddr->dead with state cxgb4: notify upper drivers if the device is already up when they load cxgb4: keep interrupts available when the ports are brought down cxgb4: fix initial addition of MAC address cnic: Return SPQ credit to bnx2x after ring setup and shutdown. cnic: Convert cnic_local_flags to atomic ops. can: Fix SJA1000 command register writes on SMP systems bridge: fix build for CONFIG_SYSFS disabled ARCNET: Limit com20020 PCI ID matches for SOHARD cards ... Fix up various conflicts with pcmcia tree drivers/net/ {pcmcia/3c589_cs.c, wireless/orinoco/orinoco_cs.c and wireless/orinoco/spectrum_cs.c} and feature removal (Documentation/feature-removal-schedule.txt). Also fix a non-content conflict due to pm_qos_requirement getting renamed in the PM tree (now pm_qos_request) in net/mac80211/scan.c
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/Kconfig13
-rw-r--r--net/bluetooth/af_bluetooth.c6
-rw-r--r--net/bluetooth/bnep/core.c8
-rw-r--r--net/bluetooth/bnep/netdev.c20
-rw-r--r--net/bluetooth/cmtp/cmtp.h2
-rw-r--r--net/bluetooth/cmtp/core.c4
-rw-r--r--net/bluetooth/hci_core.c27
-rw-r--r--net/bluetooth/hci_sysfs.c34
-rw-r--r--net/bluetooth/hidp/core.c10
-rw-r--r--net/bluetooth/hidp/hidp.h4
-rw-r--r--net/bluetooth/l2cap.c1115
-rw-r--r--net/bluetooth/rfcomm/sock.c8
-rw-r--r--net/bluetooth/rfcomm/tty.c2
-rw-r--r--net/bluetooth/sco.c31
14 files changed, 935 insertions, 349 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index ed371684c133..ee3b3049d385 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -43,6 +43,19 @@ config BT_L2CAP
43 Say Y here to compile L2CAP support into the kernel or say M to 43 Say Y here to compile L2CAP support into the kernel or say M to
44 compile it as module (l2cap). 44 compile it as module (l2cap).
45 45
46config BT_L2CAP_EXT_FEATURES
47 bool "L2CAP Extended Features support (EXPERIMENTAL)"
48 depends on BT_L2CAP && EXPERIMENTAL
49 help
50 This option enables the L2CAP Extended Features support. These
51 new features include the Enhanced Retransmission and Streaming
52 Modes, the Frame Check Sequence (FCS), and Segmentation and
53 Reassembly (SAR) for L2CAP packets. They are a required for the
54 new Alternate MAC/PHY and the Bluetooth Medical Profile.
55
56 You should say N unless you know what you are doing. Note that
57 this is in an experimental state yet.
58
46config BT_SCO 59config BT_SCO
47 tristate "SCO links support" 60 tristate "SCO links support"
48 depends on BT 61 depends on BT
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 404a8500fd03..421c45bd1b95 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -288,7 +288,7 @@ unsigned int bt_sock_poll(struct file * file, struct socket *sock, poll_table *w
288 288
289 BT_DBG("sock %p, sk %p", sock, sk); 289 BT_DBG("sock %p, sk %p", sock, sk);
290 290
291 poll_wait(file, sk->sk_sleep, wait); 291 poll_wait(file, sk_sleep(sk), wait);
292 292
293 if (sk->sk_state == BT_LISTEN) 293 if (sk->sk_state == BT_LISTEN)
294 return bt_accept_poll(sk); 294 return bt_accept_poll(sk);
@@ -378,7 +378,7 @@ int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
378 378
379 BT_DBG("sk %p", sk); 379 BT_DBG("sk %p", sk);
380 380
381 add_wait_queue(sk->sk_sleep, &wait); 381 add_wait_queue(sk_sleep(sk), &wait);
382 while (sk->sk_state != state) { 382 while (sk->sk_state != state) {
383 set_current_state(TASK_INTERRUPTIBLE); 383 set_current_state(TASK_INTERRUPTIBLE);
384 384
@@ -401,7 +401,7 @@ int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
401 break; 401 break;
402 } 402 }
403 set_current_state(TASK_RUNNING); 403 set_current_state(TASK_RUNNING);
404 remove_wait_queue(sk->sk_sleep, &wait); 404 remove_wait_queue(sk_sleep(sk), &wait);
405 return err; 405 return err;
406} 406}
407EXPORT_SYMBOL(bt_sock_wait_state); 407EXPORT_SYMBOL(bt_sock_wait_state);
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 8062dad6d10d..f10b41fb05a0 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -474,7 +474,7 @@ static int bnep_session(void *arg)
474 set_user_nice(current, -15); 474 set_user_nice(current, -15);
475 475
476 init_waitqueue_entry(&wait, current); 476 init_waitqueue_entry(&wait, current);
477 add_wait_queue(sk->sk_sleep, &wait); 477 add_wait_queue(sk_sleep(sk), &wait);
478 while (!atomic_read(&s->killed)) { 478 while (!atomic_read(&s->killed)) {
479 set_current_state(TASK_INTERRUPTIBLE); 479 set_current_state(TASK_INTERRUPTIBLE);
480 480
@@ -496,7 +496,7 @@ static int bnep_session(void *arg)
496 schedule(); 496 schedule();
497 } 497 }
498 set_current_state(TASK_RUNNING); 498 set_current_state(TASK_RUNNING);
499 remove_wait_queue(sk->sk_sleep, &wait); 499 remove_wait_queue(sk_sleep(sk), &wait);
500 500
501 /* Cleanup session */ 501 /* Cleanup session */
502 down_write(&bnep_session_sem); 502 down_write(&bnep_session_sem);
@@ -507,7 +507,7 @@ static int bnep_session(void *arg)
507 /* Wakeup user-space polling for socket errors */ 507 /* Wakeup user-space polling for socket errors */
508 s->sock->sk->sk_err = EUNATCH; 508 s->sock->sk->sk_err = EUNATCH;
509 509
510 wake_up_interruptible(s->sock->sk->sk_sleep); 510 wake_up_interruptible(sk_sleep(s->sock->sk));
511 511
512 /* Release the socket */ 512 /* Release the socket */
513 fput(s->sock->file); 513 fput(s->sock->file);
@@ -638,7 +638,7 @@ int bnep_del_connection(struct bnep_conndel_req *req)
638 638
639 /* Kill session thread */ 639 /* Kill session thread */
640 atomic_inc(&s->killed); 640 atomic_inc(&s->killed);
641 wake_up_interruptible(s->sock->sk->sk_sleep); 641 wake_up_interruptible(sk_sleep(s->sock->sk));
642 } else 642 } else
643 err = -ENOENT; 643 err = -ENOENT;
644 644
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
index 5643a2391e76..0faad5ce6dc4 100644
--- a/net/bluetooth/bnep/netdev.c
+++ b/net/bluetooth/bnep/netdev.c
@@ -88,7 +88,7 @@ static void bnep_net_set_mc_list(struct net_device *dev)
88 memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN); 88 memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
89 r->len = htons(ETH_ALEN * 2); 89 r->len = htons(ETH_ALEN * 2);
90 } else { 90 } else {
91 struct dev_mc_list *dmi = dev->mc_list; 91 struct netdev_hw_addr *ha;
92 int i, len = skb->len; 92 int i, len = skb->len;
93 93
94 if (dev->flags & IFF_BROADCAST) { 94 if (dev->flags & IFF_BROADCAST) {
@@ -98,18 +98,18 @@ static void bnep_net_set_mc_list(struct net_device *dev)
98 98
99 /* FIXME: We should group addresses here. */ 99 /* FIXME: We should group addresses here. */
100 100
101 for (i = 0; 101 i = 0;
102 i < netdev_mc_count(dev) && i < BNEP_MAX_MULTICAST_FILTERS; 102 netdev_for_each_mc_addr(ha, dev) {
103 i++) { 103 if (i == BNEP_MAX_MULTICAST_FILTERS)
104 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN); 104 break;
105 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN); 105 memcpy(__skb_put(skb, ETH_ALEN), ha->addr, ETH_ALEN);
106 dmi = dmi->next; 106 memcpy(__skb_put(skb, ETH_ALEN), ha->addr, ETH_ALEN);
107 } 107 }
108 r->len = htons(skb->len - len); 108 r->len = htons(skb->len - len);
109 } 109 }
110 110
111 skb_queue_tail(&sk->sk_write_queue, skb); 111 skb_queue_tail(&sk->sk_write_queue, skb);
112 wake_up_interruptible(sk->sk_sleep); 112 wake_up_interruptible(sk_sleep(sk));
113#endif 113#endif
114} 114}
115 115
@@ -193,11 +193,11 @@ static netdev_tx_t bnep_net_xmit(struct sk_buff *skb,
193 /* 193 /*
194 * We cannot send L2CAP packets from here as we are potentially in a bh. 194 * We cannot send L2CAP packets from here as we are potentially in a bh.
195 * So we have to queue them and wake up session thread which is sleeping 195 * So we have to queue them and wake up session thread which is sleeping
196 * on the sk->sk_sleep. 196 * on the sk_sleep(sk).
197 */ 197 */
198 dev->trans_start = jiffies; 198 dev->trans_start = jiffies;
199 skb_queue_tail(&sk->sk_write_queue, skb); 199 skb_queue_tail(&sk->sk_write_queue, skb);
200 wake_up_interruptible(sk->sk_sleep); 200 wake_up_interruptible(sk_sleep(sk));
201 201
202 if (skb_queue_len(&sk->sk_write_queue) >= BNEP_TX_QUEUE_LEN) { 202 if (skb_queue_len(&sk->sk_write_queue) >= BNEP_TX_QUEUE_LEN) {
203 BT_DBG("tx queue is full"); 203 BT_DBG("tx queue is full");
diff --git a/net/bluetooth/cmtp/cmtp.h b/net/bluetooth/cmtp/cmtp.h
index e4663aa14d26..785e79e953c5 100644
--- a/net/bluetooth/cmtp/cmtp.h
+++ b/net/bluetooth/cmtp/cmtp.h
@@ -125,7 +125,7 @@ static inline void cmtp_schedule(struct cmtp_session *session)
125{ 125{
126 struct sock *sk = session->sock->sk; 126 struct sock *sk = session->sock->sk;
127 127
128 wake_up_interruptible(sk->sk_sleep); 128 wake_up_interruptible(sk_sleep(sk));
129} 129}
130 130
131/* CMTP init defines */ 131/* CMTP init defines */
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 0073ec8495da..d4c6af082d48 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -284,7 +284,7 @@ static int cmtp_session(void *arg)
284 set_user_nice(current, -15); 284 set_user_nice(current, -15);
285 285
286 init_waitqueue_entry(&wait, current); 286 init_waitqueue_entry(&wait, current);
287 add_wait_queue(sk->sk_sleep, &wait); 287 add_wait_queue(sk_sleep(sk), &wait);
288 while (!atomic_read(&session->terminate)) { 288 while (!atomic_read(&session->terminate)) {
289 set_current_state(TASK_INTERRUPTIBLE); 289 set_current_state(TASK_INTERRUPTIBLE);
290 290
@@ -301,7 +301,7 @@ static int cmtp_session(void *arg)
301 schedule(); 301 schedule();
302 } 302 }
303 set_current_state(TASK_RUNNING); 303 set_current_state(TASK_RUNNING);
304 remove_wait_queue(sk->sk_sleep, &wait); 304 remove_wait_queue(sk_sleep(sk), &wait);
305 305
306 down_write(&cmtp_session_sem); 306 down_write(&cmtp_session_sem);
307 307
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 4ad23192c7a5..2f768de87011 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -37,6 +37,7 @@
37#include <linux/fcntl.h> 37#include <linux/fcntl.h>
38#include <linux/init.h> 38#include <linux/init.h>
39#include <linux/skbuff.h> 39#include <linux/skbuff.h>
40#include <linux/workqueue.h>
40#include <linux/interrupt.h> 41#include <linux/interrupt.h>
41#include <linux/notifier.h> 42#include <linux/notifier.h>
42#include <linux/rfkill.h> 43#include <linux/rfkill.h>
@@ -928,6 +929,10 @@ int hci_register_dev(struct hci_dev *hdev)
928 929
929 write_unlock_bh(&hci_dev_list_lock); 930 write_unlock_bh(&hci_dev_list_lock);
930 931
932 hdev->workqueue = create_singlethread_workqueue(hdev->name);
933 if (!hdev->workqueue)
934 goto nomem;
935
931 hci_register_sysfs(hdev); 936 hci_register_sysfs(hdev);
932 937
933 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, 938 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
@@ -942,6 +947,13 @@ int hci_register_dev(struct hci_dev *hdev)
942 hci_notify(hdev, HCI_DEV_REG); 947 hci_notify(hdev, HCI_DEV_REG);
943 948
944 return id; 949 return id;
950
951nomem:
952 write_lock_bh(&hci_dev_list_lock);
953 list_del(&hdev->list);
954 write_unlock_bh(&hci_dev_list_lock);
955
956 return -ENOMEM;
945} 957}
946EXPORT_SYMBOL(hci_register_dev); 958EXPORT_SYMBOL(hci_register_dev);
947 959
@@ -970,6 +982,8 @@ int hci_unregister_dev(struct hci_dev *hdev)
970 982
971 hci_unregister_sysfs(hdev); 983 hci_unregister_sysfs(hdev);
972 984
985 destroy_workqueue(hdev->workqueue);
986
973 __hci_dev_put(hdev); 987 __hci_dev_put(hdev);
974 988
975 return 0; 989 return 0;
@@ -1260,7 +1274,7 @@ static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1260 hdr->dlen = cpu_to_le16(len); 1274 hdr->dlen = cpu_to_le16(len);
1261} 1275}
1262 1276
1263int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags) 1277void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1264{ 1278{
1265 struct hci_dev *hdev = conn->hdev; 1279 struct hci_dev *hdev = conn->hdev;
1266 struct sk_buff *list; 1280 struct sk_buff *list;
@@ -1302,24 +1316,17 @@ int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1302 } 1316 }
1303 1317
1304 tasklet_schedule(&hdev->tx_task); 1318 tasklet_schedule(&hdev->tx_task);
1305
1306 return 0;
1307} 1319}
1308EXPORT_SYMBOL(hci_send_acl); 1320EXPORT_SYMBOL(hci_send_acl);
1309 1321
1310/* Send SCO data */ 1322/* Send SCO data */
1311int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb) 1323void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1312{ 1324{
1313 struct hci_dev *hdev = conn->hdev; 1325 struct hci_dev *hdev = conn->hdev;
1314 struct hci_sco_hdr hdr; 1326 struct hci_sco_hdr hdr;
1315 1327
1316 BT_DBG("%s len %d", hdev->name, skb->len); 1328 BT_DBG("%s len %d", hdev->name, skb->len);
1317 1329
1318 if (skb->len > hdev->sco_mtu) {
1319 kfree_skb(skb);
1320 return -EINVAL;
1321 }
1322
1323 hdr.handle = cpu_to_le16(conn->handle); 1330 hdr.handle = cpu_to_le16(conn->handle);
1324 hdr.dlen = skb->len; 1331 hdr.dlen = skb->len;
1325 1332
@@ -1332,8 +1339,6 @@ int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1332 1339
1333 skb_queue_tail(&conn->data_q, skb); 1340 skb_queue_tail(&conn->data_q, skb);
1334 tasklet_schedule(&hdev->tx_task); 1341 tasklet_schedule(&hdev->tx_task);
1335
1336 return 0;
1337} 1342}
1338EXPORT_SYMBOL(hci_send_sco); 1343EXPORT_SYMBOL(hci_send_sco);
1339 1344
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 0e8e1a59856c..463ffa4fe042 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -14,8 +14,6 @@ static struct class *bt_class;
14struct dentry *bt_debugfs = NULL; 14struct dentry *bt_debugfs = NULL;
15EXPORT_SYMBOL_GPL(bt_debugfs); 15EXPORT_SYMBOL_GPL(bt_debugfs);
16 16
17static struct workqueue_struct *bt_workq;
18
19static inline char *link_typetostr(int type) 17static inline char *link_typetostr(int type)
20{ 18{
21 switch (type) { 19 switch (type) {
@@ -161,14 +159,14 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
161{ 159{
162 BT_DBG("conn %p", conn); 160 BT_DBG("conn %p", conn);
163 161
164 queue_work(bt_workq, &conn->work_add); 162 queue_work(conn->hdev->workqueue, &conn->work_add);
165} 163}
166 164
167void hci_conn_del_sysfs(struct hci_conn *conn) 165void hci_conn_del_sysfs(struct hci_conn *conn)
168{ 166{
169 BT_DBG("conn %p", conn); 167 BT_DBG("conn %p", conn);
170 168
171 queue_work(bt_workq, &conn->work_del); 169 queue_work(conn->hdev->workqueue, &conn->work_del);
172} 170}
173 171
174static inline char *host_bustostr(int bus) 172static inline char *host_bustostr(int bus)
@@ -283,11 +281,9 @@ static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *at
283static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 281static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
284{ 282{
285 struct hci_dev *hdev = dev_get_drvdata(dev); 283 struct hci_dev *hdev = dev_get_drvdata(dev);
286 char *ptr; 284 unsigned long val;
287 __u32 val;
288 285
289 val = simple_strtoul(buf, &ptr, 10); 286 if (strict_strtoul(buf, 0, &val) < 0)
290 if (ptr == buf)
291 return -EINVAL; 287 return -EINVAL;
292 288
293 if (val != 0 && (val < 500 || val > 3600000)) 289 if (val != 0 && (val < 500 || val > 3600000))
@@ -307,11 +303,9 @@ static ssize_t show_sniff_max_interval(struct device *dev, struct device_attribu
307static ssize_t store_sniff_max_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 303static ssize_t store_sniff_max_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
308{ 304{
309 struct hci_dev *hdev = dev_get_drvdata(dev); 305 struct hci_dev *hdev = dev_get_drvdata(dev);
310 char *ptr; 306 unsigned long val;
311 __u16 val;
312 307
313 val = simple_strtoul(buf, &ptr, 10); 308 if (strict_strtoul(buf, 0, &val) < 0)
314 if (ptr == buf)
315 return -EINVAL; 309 return -EINVAL;
316 310
317 if (val < 0x0002 || val > 0xFFFE || val % 2) 311 if (val < 0x0002 || val > 0xFFFE || val % 2)
@@ -334,11 +328,9 @@ static ssize_t show_sniff_min_interval(struct device *dev, struct device_attribu
334static ssize_t store_sniff_min_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 328static ssize_t store_sniff_min_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
335{ 329{
336 struct hci_dev *hdev = dev_get_drvdata(dev); 330 struct hci_dev *hdev = dev_get_drvdata(dev);
337 char *ptr; 331 unsigned long val;
338 __u16 val;
339 332
340 val = simple_strtoul(buf, &ptr, 10); 333 if (strict_strtoul(buf, 0, &val) < 0)
341 if (ptr == buf)
342 return -EINVAL; 334 return -EINVAL;
343 335
344 if (val < 0x0002 || val > 0xFFFE || val % 2) 336 if (val < 0x0002 || val > 0xFFFE || val % 2)
@@ -487,17 +479,11 @@ void hci_unregister_sysfs(struct hci_dev *hdev)
487 479
488int __init bt_sysfs_init(void) 480int __init bt_sysfs_init(void)
489{ 481{
490 bt_workq = create_singlethread_workqueue("bluetooth");
491 if (!bt_workq)
492 return -ENOMEM;
493
494 bt_debugfs = debugfs_create_dir("bluetooth", NULL); 482 bt_debugfs = debugfs_create_dir("bluetooth", NULL);
495 483
496 bt_class = class_create(THIS_MODULE, "bluetooth"); 484 bt_class = class_create(THIS_MODULE, "bluetooth");
497 if (IS_ERR(bt_class)) { 485 if (IS_ERR(bt_class))
498 destroy_workqueue(bt_workq);
499 return PTR_ERR(bt_class); 486 return PTR_ERR(bt_class);
500 }
501 487
502 return 0; 488 return 0;
503} 489}
@@ -507,6 +493,4 @@ void bt_sysfs_cleanup(void)
507 class_destroy(bt_class); 493 class_destroy(bt_class);
508 494
509 debugfs_remove_recursive(bt_debugfs); 495 debugfs_remove_recursive(bt_debugfs);
510
511 destroy_workqueue(bt_workq);
512} 496}
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 280529ad9274..bfe641b7dfaf 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -561,8 +561,8 @@ static int hidp_session(void *arg)
561 561
562 init_waitqueue_entry(&ctrl_wait, current); 562 init_waitqueue_entry(&ctrl_wait, current);
563 init_waitqueue_entry(&intr_wait, current); 563 init_waitqueue_entry(&intr_wait, current);
564 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 564 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
565 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 565 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
566 while (!atomic_read(&session->terminate)) { 566 while (!atomic_read(&session->terminate)) {
567 set_current_state(TASK_INTERRUPTIBLE); 567 set_current_state(TASK_INTERRUPTIBLE);
568 568
@@ -584,8 +584,8 @@ static int hidp_session(void *arg)
584 schedule(); 584 schedule();
585 } 585 }
586 set_current_state(TASK_RUNNING); 586 set_current_state(TASK_RUNNING);
587 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 587 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
588 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 588 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
589 589
590 down_write(&hidp_session_sem); 590 down_write(&hidp_session_sem);
591 591
@@ -609,7 +609,7 @@ static int hidp_session(void *arg)
609 609
610 fput(session->intr_sock->file); 610 fput(session->intr_sock->file);
611 611
612 wait_event_timeout(*(ctrl_sk->sk_sleep), 612 wait_event_timeout(*(sk_sleep(ctrl_sk)),
613 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 613 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
614 614
615 fput(session->ctrl_sock->file); 615 fput(session->ctrl_sock->file);
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index a4e215d50c10..8d934a19da0a 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -164,8 +164,8 @@ static inline void hidp_schedule(struct hidp_session *session)
164 struct sock *ctrl_sk = session->ctrl_sock->sk; 164 struct sock *ctrl_sk = session->ctrl_sock->sk;
165 struct sock *intr_sk = session->intr_sock->sk; 165 struct sock *intr_sk = session->intr_sock->sk;
166 166
167 wake_up_interruptible(ctrl_sk->sk_sleep); 167 wake_up_interruptible(sk_sleep(ctrl_sk));
168 wake_up_interruptible(intr_sk->sk_sleep); 168 wake_up_interruptible(sk_sleep(intr_sk));
169} 169}
170 170
171/* HIDP init defines */ 171/* HIDP init defines */
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 9753b690a8b3..1b682a5aa061 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -55,18 +55,27 @@
55 55
56#define VERSION "2.14" 56#define VERSION "2.14"
57 57
58#ifdef CONFIG_BT_L2CAP_EXT_FEATURES
59static int enable_ertm = 1;
60#else
58static int enable_ertm = 0; 61static int enable_ertm = 0;
62#endif
59static int max_transmit = L2CAP_DEFAULT_MAX_TX; 63static int max_transmit = L2CAP_DEFAULT_MAX_TX;
64static int tx_window = L2CAP_DEFAULT_TX_WINDOW;
60 65
61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 66static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
62static u8 l2cap_fixed_chan[8] = { 0x02, }; 67static u8 l2cap_fixed_chan[8] = { 0x02, };
63 68
64static const struct proto_ops l2cap_sock_ops; 69static const struct proto_ops l2cap_sock_ops;
65 70
71static struct workqueue_struct *_busy_wq;
72
66static struct bt_sock_list l2cap_sk_list = { 73static struct bt_sock_list l2cap_sk_list = {
67 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 74 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
68}; 75};
69 76
77static void l2cap_busy_work(struct work_struct *work);
78
70static void __l2cap_sock_close(struct sock *sk, int reason); 79static void __l2cap_sock_close(struct sock *sk, int reason);
71static void l2cap_sock_close(struct sock *sk); 80static void l2cap_sock_close(struct sock *sk);
72static void l2cap_sock_kill(struct sock *sk); 81static void l2cap_sock_kill(struct sock *sk);
@@ -219,7 +228,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct so
219 228
220 l2cap_pi(sk)->conn = conn; 229 l2cap_pi(sk)->conn = conn;
221 230
222 if (sk->sk_type == SOCK_SEQPACKET) { 231 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
223 /* Alloc CID for connection-oriented socket */ 232 /* Alloc CID for connection-oriented socket */
224 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 233 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
225 } else if (sk->sk_type == SOCK_DGRAM) { 234 } else if (sk->sk_type == SOCK_DGRAM) {
@@ -325,19 +334,19 @@ static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
325 return id; 334 return id;
326} 335}
327 336
328static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 337static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
329{ 338{
330 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 339 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
331 340
332 BT_DBG("code 0x%2.2x", code); 341 BT_DBG("code 0x%2.2x", code);
333 342
334 if (!skb) 343 if (!skb)
335 return -ENOMEM; 344 return;
336 345
337 return hci_send_acl(conn->hcon, skb, 0); 346 hci_send_acl(conn->hcon, skb, 0);
338} 347}
339 348
340static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) 349static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
341{ 350{
342 struct sk_buff *skb; 351 struct sk_buff *skb;
343 struct l2cap_hdr *lh; 352 struct l2cap_hdr *lh;
@@ -352,9 +361,19 @@ static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
352 count = min_t(unsigned int, conn->mtu, hlen); 361 count = min_t(unsigned int, conn->mtu, hlen);
353 control |= L2CAP_CTRL_FRAME_TYPE; 362 control |= L2CAP_CTRL_FRAME_TYPE;
354 363
364 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
365 control |= L2CAP_CTRL_FINAL;
366 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
367 }
368
369 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
370 control |= L2CAP_CTRL_POLL;
371 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
372 }
373
355 skb = bt_skb_alloc(count, GFP_ATOMIC); 374 skb = bt_skb_alloc(count, GFP_ATOMIC);
356 if (!skb) 375 if (!skb)
357 return -ENOMEM; 376 return;
358 377
359 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 378 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
360 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); 379 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
@@ -366,19 +385,20 @@ static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
366 put_unaligned_le16(fcs, skb_put(skb, 2)); 385 put_unaligned_le16(fcs, skb_put(skb, 2));
367 } 386 }
368 387
369 return hci_send_acl(pi->conn->hcon, skb, 0); 388 hci_send_acl(pi->conn->hcon, skb, 0);
370} 389}
371 390
372static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control) 391static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
373{ 392{
374 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) 393 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
375 control |= L2CAP_SUPER_RCV_NOT_READY; 394 control |= L2CAP_SUPER_RCV_NOT_READY;
376 else 395 pi->conn_state |= L2CAP_CONN_RNR_SENT;
396 } else
377 control |= L2CAP_SUPER_RCV_READY; 397 control |= L2CAP_SUPER_RCV_READY;
378 398
379 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 399 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
380 400
381 return l2cap_send_sframe(pi, control); 401 l2cap_send_sframe(pi, control);
382} 402}
383 403
384static void l2cap_do_start(struct sock *sk) 404static void l2cap_do_start(struct sock *sk)
@@ -437,7 +457,8 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 457 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
438 bh_lock_sock(sk); 458 bh_lock_sock(sk);
439 459
440 if (sk->sk_type != SOCK_SEQPACKET) { 460 if (sk->sk_type != SOCK_SEQPACKET &&
461 sk->sk_type != SOCK_STREAM) {
441 bh_unlock_sock(sk); 462 bh_unlock_sock(sk);
442 continue; 463 continue;
443 } 464 }
@@ -497,7 +518,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
497 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 518 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
498 bh_lock_sock(sk); 519 bh_lock_sock(sk);
499 520
500 if (sk->sk_type != SOCK_SEQPACKET) { 521 if (sk->sk_type != SOCK_SEQPACKET &&
522 sk->sk_type != SOCK_STREAM) {
501 l2cap_sock_clear_timer(sk); 523 l2cap_sock_clear_timer(sk);
502 sk->sk_state = BT_CONNECTED; 524 sk->sk_state = BT_CONNECTED;
503 sk->sk_state_change(sk); 525 sk->sk_state_change(sk);
@@ -706,7 +728,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
706 728
707 case BT_CONNECTED: 729 case BT_CONNECTED:
708 case BT_CONFIG: 730 case BT_CONFIG:
709 if (sk->sk_type == SOCK_SEQPACKET) { 731 if (sk->sk_type == SOCK_SEQPACKET ||
732 sk->sk_type == SOCK_STREAM) {
710 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 733 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
711 734
712 sk->sk_state = BT_DISCONN; 735 sk->sk_state = BT_DISCONN;
@@ -717,7 +740,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
717 break; 740 break;
718 741
719 case BT_CONNECT2: 742 case BT_CONNECT2:
720 if (sk->sk_type == SOCK_SEQPACKET) { 743 if (sk->sk_type == SOCK_SEQPACKET ||
744 sk->sk_type == SOCK_STREAM) {
721 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 745 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
722 struct l2cap_conn_rsp rsp; 746 struct l2cap_conn_rsp rsp;
723 __u16 result; 747 __u16 result;
@@ -772,14 +796,21 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
772 pi->omtu = l2cap_pi(parent)->omtu; 796 pi->omtu = l2cap_pi(parent)->omtu;
773 pi->mode = l2cap_pi(parent)->mode; 797 pi->mode = l2cap_pi(parent)->mode;
774 pi->fcs = l2cap_pi(parent)->fcs; 798 pi->fcs = l2cap_pi(parent)->fcs;
799 pi->max_tx = l2cap_pi(parent)->max_tx;
800 pi->tx_win = l2cap_pi(parent)->tx_win;
775 pi->sec_level = l2cap_pi(parent)->sec_level; 801 pi->sec_level = l2cap_pi(parent)->sec_level;
776 pi->role_switch = l2cap_pi(parent)->role_switch; 802 pi->role_switch = l2cap_pi(parent)->role_switch;
777 pi->force_reliable = l2cap_pi(parent)->force_reliable; 803 pi->force_reliable = l2cap_pi(parent)->force_reliable;
778 } else { 804 } else {
779 pi->imtu = L2CAP_DEFAULT_MTU; 805 pi->imtu = L2CAP_DEFAULT_MTU;
780 pi->omtu = 0; 806 pi->omtu = 0;
781 pi->mode = L2CAP_MODE_BASIC; 807 if (enable_ertm && sk->sk_type == SOCK_STREAM)
808 pi->mode = L2CAP_MODE_ERTM;
809 else
810 pi->mode = L2CAP_MODE_BASIC;
811 pi->max_tx = max_transmit;
782 pi->fcs = L2CAP_FCS_CRC16; 812 pi->fcs = L2CAP_FCS_CRC16;
813 pi->tx_win = tx_window;
783 pi->sec_level = BT_SECURITY_LOW; 814 pi->sec_level = BT_SECURITY_LOW;
784 pi->role_switch = 0; 815 pi->role_switch = 0;
785 pi->force_reliable = 0; 816 pi->force_reliable = 0;
@@ -790,6 +821,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
790 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 821 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
791 skb_queue_head_init(TX_QUEUE(sk)); 822 skb_queue_head_init(TX_QUEUE(sk));
792 skb_queue_head_init(SREJ_QUEUE(sk)); 823 skb_queue_head_init(SREJ_QUEUE(sk));
824 skb_queue_head_init(BUSY_QUEUE(sk));
793 INIT_LIST_HEAD(SREJ_LIST(sk)); 825 INIT_LIST_HEAD(SREJ_LIST(sk));
794} 826}
795 827
@@ -833,7 +865,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
833 865
834 sock->state = SS_UNCONNECTED; 866 sock->state = SS_UNCONNECTED;
835 867
836 if (sock->type != SOCK_SEQPACKET && 868 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
837 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 869 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
838 return -ESOCKTNOSUPPORT; 870 return -ESOCKTNOSUPPORT;
839 871
@@ -981,7 +1013,8 @@ static int l2cap_do_connect(struct sock *sk)
981 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 1013 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
982 1014
983 if (hcon->state == BT_CONNECTED) { 1015 if (hcon->state == BT_CONNECTED) {
984 if (sk->sk_type != SOCK_SEQPACKET) { 1016 if (sk->sk_type != SOCK_SEQPACKET &&
1017 sk->sk_type != SOCK_STREAM) {
985 l2cap_sock_clear_timer(sk); 1018 l2cap_sock_clear_timer(sk);
986 sk->sk_state = BT_CONNECTED; 1019 sk->sk_state = BT_CONNECTED;
987 } else 1020 } else
@@ -1015,7 +1048,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
1015 1048
1016 lock_sock(sk); 1049 lock_sock(sk);
1017 1050
1018 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) { 1051 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1052 && !la.l2_psm) {
1019 err = -EINVAL; 1053 err = -EINVAL;
1020 goto done; 1054 goto done;
1021 } 1055 }
@@ -1079,7 +1113,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
1079 1113
1080 lock_sock(sk); 1114 lock_sock(sk);
1081 1115
1082 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 1116 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1117 || sk->sk_state != BT_BOUND) {
1083 err = -EBADFD; 1118 err = -EBADFD;
1084 goto done; 1119 goto done;
1085 } 1120 }
@@ -1147,7 +1182,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int fl
1147 BT_DBG("sk %p timeo %ld", sk, timeo); 1182 BT_DBG("sk %p timeo %ld", sk, timeo);
1148 1183
1149 /* Wait for an incoming connection. (wake-one). */ 1184 /* Wait for an incoming connection. (wake-one). */
1150 add_wait_queue_exclusive(sk->sk_sleep, &wait); 1185 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1151 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 1186 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1152 set_current_state(TASK_INTERRUPTIBLE); 1187 set_current_state(TASK_INTERRUPTIBLE);
1153 if (!timeo) { 1188 if (!timeo) {
@@ -1170,7 +1205,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int fl
1170 } 1205 }
1171 } 1206 }
1172 set_current_state(TASK_RUNNING); 1207 set_current_state(TASK_RUNNING);
1173 remove_wait_queue(sk->sk_sleep, &wait); 1208 remove_wait_queue(sk_sleep(sk), &wait);
1174 1209
1175 if (err) 1210 if (err)
1176 goto done; 1211 goto done;
@@ -1207,10 +1242,40 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
1207 return 0; 1242 return 0;
1208} 1243}
1209 1244
1245static int __l2cap_wait_ack(struct sock *sk)
1246{
1247 DECLARE_WAITQUEUE(wait, current);
1248 int err = 0;
1249 int timeo = HZ/5;
1250
1251 add_wait_queue(sk_sleep(sk), &wait);
1252 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1253 set_current_state(TASK_INTERRUPTIBLE);
1254
1255 if (!timeo)
1256 timeo = HZ/5;
1257
1258 if (signal_pending(current)) {
1259 err = sock_intr_errno(timeo);
1260 break;
1261 }
1262
1263 release_sock(sk);
1264 timeo = schedule_timeout(timeo);
1265 lock_sock(sk);
1266
1267 err = sock_error(sk);
1268 if (err)
1269 break;
1270 }
1271 set_current_state(TASK_RUNNING);
1272 remove_wait_queue(sk_sleep(sk), &wait);
1273 return err;
1274}
1275
1210static void l2cap_monitor_timeout(unsigned long arg) 1276static void l2cap_monitor_timeout(unsigned long arg)
1211{ 1277{
1212 struct sock *sk = (void *) arg; 1278 struct sock *sk = (void *) arg;
1213 u16 control;
1214 1279
1215 bh_lock_sock(sk); 1280 bh_lock_sock(sk);
1216 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 1281 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
@@ -1222,15 +1287,13 @@ static void l2cap_monitor_timeout(unsigned long arg)
1222 l2cap_pi(sk)->retry_count++; 1287 l2cap_pi(sk)->retry_count++;
1223 __mod_monitor_timer(); 1288 __mod_monitor_timer();
1224 1289
1225 control = L2CAP_CTRL_POLL; 1290 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1226 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1227 bh_unlock_sock(sk); 1291 bh_unlock_sock(sk);
1228} 1292}
1229 1293
1230static void l2cap_retrans_timeout(unsigned long arg) 1294static void l2cap_retrans_timeout(unsigned long arg)
1231{ 1295{
1232 struct sock *sk = (void *) arg; 1296 struct sock *sk = (void *) arg;
1233 u16 control;
1234 1297
1235 bh_lock_sock(sk); 1298 bh_lock_sock(sk);
1236 l2cap_pi(sk)->retry_count = 1; 1299 l2cap_pi(sk)->retry_count = 1;
@@ -1238,8 +1301,7 @@ static void l2cap_retrans_timeout(unsigned long arg)
1238 1301
1239 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 1302 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1240 1303
1241 control = L2CAP_CTRL_POLL; 1304 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1242 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1243 bh_unlock_sock(sk); 1305 bh_unlock_sock(sk);
1244} 1306}
1245 1307
@@ -1247,7 +1309,8 @@ static void l2cap_drop_acked_frames(struct sock *sk)
1247{ 1309{
1248 struct sk_buff *skb; 1310 struct sk_buff *skb;
1249 1311
1250 while ((skb = skb_peek(TX_QUEUE(sk)))) { 1312 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1313 l2cap_pi(sk)->unacked_frames) {
1251 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq) 1314 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1252 break; 1315 break;
1253 1316
@@ -1259,22 +1322,15 @@ static void l2cap_drop_acked_frames(struct sock *sk)
1259 1322
1260 if (!l2cap_pi(sk)->unacked_frames) 1323 if (!l2cap_pi(sk)->unacked_frames)
1261 del_timer(&l2cap_pi(sk)->retrans_timer); 1324 del_timer(&l2cap_pi(sk)->retrans_timer);
1262
1263 return;
1264} 1325}
1265 1326
1266static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1327static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1267{ 1328{
1268 struct l2cap_pinfo *pi = l2cap_pi(sk); 1329 struct l2cap_pinfo *pi = l2cap_pi(sk);
1269 int err;
1270 1330
1271 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len); 1331 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1272 1332
1273 err = hci_send_acl(pi->conn->hcon, skb, 0); 1333 hci_send_acl(pi->conn->hcon, skb, 0);
1274 if (err < 0)
1275 kfree_skb(skb);
1276
1277 return err;
1278} 1334}
1279 1335
1280static int l2cap_streaming_send(struct sock *sk) 1336static int l2cap_streaming_send(struct sock *sk)
@@ -1282,7 +1338,6 @@ static int l2cap_streaming_send(struct sock *sk)
1282 struct sk_buff *skb, *tx_skb; 1338 struct sk_buff *skb, *tx_skb;
1283 struct l2cap_pinfo *pi = l2cap_pi(sk); 1339 struct l2cap_pinfo *pi = l2cap_pi(sk);
1284 u16 control, fcs; 1340 u16 control, fcs;
1285 int err;
1286 1341
1287 while ((skb = sk->sk_send_head)) { 1342 while ((skb = sk->sk_send_head)) {
1288 tx_skb = skb_clone(skb, GFP_ATOMIC); 1343 tx_skb = skb_clone(skb, GFP_ATOMIC);
@@ -1291,16 +1346,12 @@ static int l2cap_streaming_send(struct sock *sk)
1291 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1346 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1292 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1347 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1293 1348
1294 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1349 if (pi->fcs == L2CAP_FCS_CRC16) {
1295 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2); 1350 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1296 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2); 1351 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1297 } 1352 }
1298 1353
1299 err = l2cap_do_send(sk, tx_skb); 1354 l2cap_do_send(sk, tx_skb);
1300 if (err < 0) {
1301 l2cap_send_disconn_req(pi->conn, sk);
1302 return err;
1303 }
1304 1355
1305 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1356 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1306 1357
@@ -1315,48 +1366,44 @@ static int l2cap_streaming_send(struct sock *sk)
1315 return 0; 1366 return 0;
1316} 1367}
1317 1368
1318static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq) 1369static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1319{ 1370{
1320 struct l2cap_pinfo *pi = l2cap_pi(sk); 1371 struct l2cap_pinfo *pi = l2cap_pi(sk);
1321 struct sk_buff *skb, *tx_skb; 1372 struct sk_buff *skb, *tx_skb;
1322 u16 control, fcs; 1373 u16 control, fcs;
1323 int err;
1324 1374
1325 skb = skb_peek(TX_QUEUE(sk)); 1375 skb = skb_peek(TX_QUEUE(sk));
1326 do { 1376 if (!skb)
1327 if (bt_cb(skb)->tx_seq != tx_seq) { 1377 return;
1328 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1329 break;
1330 skb = skb_queue_next(TX_QUEUE(sk), skb);
1331 continue;
1332 }
1333 1378
1334 if (pi->remote_max_tx && 1379 do {
1335 bt_cb(skb)->retries == pi->remote_max_tx) { 1380 if (bt_cb(skb)->tx_seq == tx_seq)
1336 l2cap_send_disconn_req(pi->conn, sk);
1337 break; 1381 break;
1338 }
1339 1382
1340 tx_skb = skb_clone(skb, GFP_ATOMIC); 1383 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1341 bt_cb(skb)->retries++; 1384 return;
1342 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1343 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1344 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1345 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1346 1385
1347 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1386 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1348 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1349 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1350 }
1351 1387
1352 err = l2cap_do_send(sk, tx_skb); 1388 if (pi->remote_max_tx &&
1353 if (err < 0) { 1389 bt_cb(skb)->retries == pi->remote_max_tx) {
1354 l2cap_send_disconn_req(pi->conn, sk); 1390 l2cap_send_disconn_req(pi->conn, sk);
1355 return err; 1391 return;
1356 } 1392 }
1357 break; 1393
1358 } while(1); 1394 tx_skb = skb_clone(skb, GFP_ATOMIC);
1359 return 0; 1395 bt_cb(skb)->retries++;
1396 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1397 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1398 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1399 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1400
1401 if (pi->fcs == L2CAP_FCS_CRC16) {
1402 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1403 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1404 }
1405
1406 l2cap_do_send(sk, tx_skb);
1360} 1407}
1361 1408
1362static int l2cap_ertm_send(struct sock *sk) 1409static int l2cap_ertm_send(struct sock *sk)
@@ -1364,13 +1411,13 @@ static int l2cap_ertm_send(struct sock *sk)
1364 struct sk_buff *skb, *tx_skb; 1411 struct sk_buff *skb, *tx_skb;
1365 struct l2cap_pinfo *pi = l2cap_pi(sk); 1412 struct l2cap_pinfo *pi = l2cap_pi(sk);
1366 u16 control, fcs; 1413 u16 control, fcs;
1367 int err; 1414 int nsent = 0;
1368 1415
1369 if (pi->conn_state & L2CAP_CONN_WAIT_F) 1416 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1370 return 0; 1417 return 0;
1371 1418
1372 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) && 1419 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1373 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) { 1420 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1374 1421
1375 if (pi->remote_max_tx && 1422 if (pi->remote_max_tx &&
1376 bt_cb(skb)->retries == pi->remote_max_tx) { 1423 bt_cb(skb)->retries == pi->remote_max_tx) {
@@ -1383,35 +1430,97 @@ static int l2cap_ertm_send(struct sock *sk)
1383 bt_cb(skb)->retries++; 1430 bt_cb(skb)->retries++;
1384 1431
1385 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1432 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1433 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1434 control |= L2CAP_CTRL_FINAL;
1435 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1436 }
1386 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1437 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1387 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1438 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1388 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1439 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1389 1440
1390 1441
1391 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1442 if (pi->fcs == L2CAP_FCS_CRC16) {
1392 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2); 1443 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1393 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2); 1444 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1394 } 1445 }
1395 1446
1396 err = l2cap_do_send(sk, tx_skb); 1447 l2cap_do_send(sk, tx_skb);
1397 if (err < 0) { 1448
1398 l2cap_send_disconn_req(pi->conn, sk);
1399 return err;
1400 }
1401 __mod_retrans_timer(); 1449 __mod_retrans_timer();
1402 1450
1403 bt_cb(skb)->tx_seq = pi->next_tx_seq; 1451 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1404 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1452 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1405 1453
1406 pi->unacked_frames++; 1454 pi->unacked_frames++;
1455 pi->frames_sent++;
1407 1456
1408 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1457 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1409 sk->sk_send_head = NULL; 1458 sk->sk_send_head = NULL;
1410 else 1459 else
1411 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); 1460 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1461
1462 nsent++;
1412 } 1463 }
1413 1464
1414 return 0; 1465 return nsent;
1466}
1467
1468static int l2cap_retransmit_frames(struct sock *sk)
1469{
1470 struct l2cap_pinfo *pi = l2cap_pi(sk);
1471 int ret;
1472
1473 spin_lock_bh(&pi->send_lock);
1474
1475 if (!skb_queue_empty(TX_QUEUE(sk)))
1476 sk->sk_send_head = TX_QUEUE(sk)->next;
1477
1478 pi->next_tx_seq = pi->expected_ack_seq;
1479 ret = l2cap_ertm_send(sk);
1480
1481 spin_unlock_bh(&pi->send_lock);
1482
1483 return ret;
1484}
1485
1486static void l2cap_send_ack(struct l2cap_pinfo *pi)
1487{
1488 struct sock *sk = (struct sock *)pi;
1489 u16 control = 0;
1490 int nframes;
1491
1492 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1493
1494 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1495 control |= L2CAP_SUPER_RCV_NOT_READY;
1496 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1497 l2cap_send_sframe(pi, control);
1498 return;
1499 }
1500
1501 spin_lock_bh(&pi->send_lock);
1502 nframes = l2cap_ertm_send(sk);
1503 spin_unlock_bh(&pi->send_lock);
1504
1505 if (nframes > 0)
1506 return;
1507
1508 control |= L2CAP_SUPER_RCV_READY;
1509 l2cap_send_sframe(pi, control);
1510}
1511
1512static void l2cap_send_srejtail(struct sock *sk)
1513{
1514 struct srej_list *tail;
1515 u16 control;
1516
1517 control = L2CAP_SUPER_SELECT_REJECT;
1518 control |= L2CAP_CTRL_FINAL;
1519
1520 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1521 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1522
1523 l2cap_send_sframe(l2cap_pi(sk), control);
1415} 1524}
1416 1525
1417static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1526static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
@@ -1420,9 +1529,8 @@ static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, in
1420 struct sk_buff **frag; 1529 struct sk_buff **frag;
1421 int err, sent = 0; 1530 int err, sent = 0;
1422 1531
1423 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 1532 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1424 return -EFAULT; 1533 return -EFAULT;
1425 }
1426 1534
1427 sent += count; 1535 sent += count;
1428 len -= count; 1536 len -= count;
@@ -1513,6 +1621,9 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *m
1513 1621
1514 BT_DBG("sk %p len %d", sk, (int)len); 1622 BT_DBG("sk %p len %d", sk, (int)len);
1515 1623
1624 if (!conn)
1625 return ERR_PTR(-ENOTCONN);
1626
1516 if (sdulen) 1627 if (sdulen)
1517 hlen += 2; 1628 hlen += 2;
1518 1629
@@ -1554,25 +1665,24 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
1554 u16 control; 1665 u16 control;
1555 size_t size = 0; 1666 size_t size = 0;
1556 1667
1557 __skb_queue_head_init(&sar_queue); 1668 skb_queue_head_init(&sar_queue);
1558 control = L2CAP_SDU_START; 1669 control = L2CAP_SDU_START;
1559 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len); 1670 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1560 if (IS_ERR(skb)) 1671 if (IS_ERR(skb))
1561 return PTR_ERR(skb); 1672 return PTR_ERR(skb);
1562 1673
1563 __skb_queue_tail(&sar_queue, skb); 1674 __skb_queue_tail(&sar_queue, skb);
1564 len -= pi->max_pdu_size; 1675 len -= pi->remote_mps;
1565 size +=pi->max_pdu_size; 1676 size += pi->remote_mps;
1566 control = 0;
1567 1677
1568 while (len > 0) { 1678 while (len > 0) {
1569 size_t buflen; 1679 size_t buflen;
1570 1680
1571 if (len > pi->max_pdu_size) { 1681 if (len > pi->remote_mps) {
1572 control |= L2CAP_SDU_CONTINUE; 1682 control = L2CAP_SDU_CONTINUE;
1573 buflen = pi->max_pdu_size; 1683 buflen = pi->remote_mps;
1574 } else { 1684 } else {
1575 control |= L2CAP_SDU_END; 1685 control = L2CAP_SDU_END;
1576 buflen = len; 1686 buflen = len;
1577 } 1687 }
1578 1688
@@ -1585,11 +1695,12 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
1585 __skb_queue_tail(&sar_queue, skb); 1695 __skb_queue_tail(&sar_queue, skb);
1586 len -= buflen; 1696 len -= buflen;
1587 size += buflen; 1697 size += buflen;
1588 control = 0;
1589 } 1698 }
1590 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1699 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1700 spin_lock_bh(&pi->send_lock);
1591 if (sk->sk_send_head == NULL) 1701 if (sk->sk_send_head == NULL)
1592 sk->sk_send_head = sar_queue.next; 1702 sk->sk_send_head = sar_queue.next;
1703 spin_unlock_bh(&pi->send_lock);
1593 1704
1594 return size; 1705 return size;
1595} 1706}
@@ -1611,11 +1722,6 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1611 if (msg->msg_flags & MSG_OOB) 1722 if (msg->msg_flags & MSG_OOB)
1612 return -EOPNOTSUPP; 1723 return -EOPNOTSUPP;
1613 1724
1614 /* Check outgoing MTU */
1615 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC &&
1616 len > pi->omtu)
1617 return -EINVAL;
1618
1619 lock_sock(sk); 1725 lock_sock(sk);
1620 1726
1621 if (sk->sk_state != BT_CONNECTED) { 1727 if (sk->sk_state != BT_CONNECTED) {
@@ -1626,15 +1732,23 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1626 /* Connectionless channel */ 1732 /* Connectionless channel */
1627 if (sk->sk_type == SOCK_DGRAM) { 1733 if (sk->sk_type == SOCK_DGRAM) {
1628 skb = l2cap_create_connless_pdu(sk, msg, len); 1734 skb = l2cap_create_connless_pdu(sk, msg, len);
1629 if (IS_ERR(skb)) 1735 if (IS_ERR(skb)) {
1630 err = PTR_ERR(skb); 1736 err = PTR_ERR(skb);
1631 else 1737 } else {
1632 err = l2cap_do_send(sk, skb); 1738 l2cap_do_send(sk, skb);
1739 err = len;
1740 }
1633 goto done; 1741 goto done;
1634 } 1742 }
1635 1743
1636 switch (pi->mode) { 1744 switch (pi->mode) {
1637 case L2CAP_MODE_BASIC: 1745 case L2CAP_MODE_BASIC:
1746 /* Check outgoing MTU */
1747 if (len > pi->omtu) {
1748 err = -EINVAL;
1749 goto done;
1750 }
1751
1638 /* Create a basic PDU */ 1752 /* Create a basic PDU */
1639 skb = l2cap_create_basic_pdu(sk, msg, len); 1753 skb = l2cap_create_basic_pdu(sk, msg, len);
1640 if (IS_ERR(skb)) { 1754 if (IS_ERR(skb)) {
@@ -1642,15 +1756,14 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1642 goto done; 1756 goto done;
1643 } 1757 }
1644 1758
1645 err = l2cap_do_send(sk, skb); 1759 l2cap_do_send(sk, skb);
1646 if (!err) 1760 err = len;
1647 err = len;
1648 break; 1761 break;
1649 1762
1650 case L2CAP_MODE_ERTM: 1763 case L2CAP_MODE_ERTM:
1651 case L2CAP_MODE_STREAMING: 1764 case L2CAP_MODE_STREAMING:
1652 /* Entire SDU fits into one PDU */ 1765 /* Entire SDU fits into one PDU */
1653 if (len <= pi->max_pdu_size) { 1766 if (len <= pi->remote_mps) {
1654 control = L2CAP_SDU_UNSEGMENTED; 1767 control = L2CAP_SDU_UNSEGMENTED;
1655 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 1768 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1656 if (IS_ERR(skb)) { 1769 if (IS_ERR(skb)) {
@@ -1658,8 +1771,15 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1658 goto done; 1771 goto done;
1659 } 1772 }
1660 __skb_queue_tail(TX_QUEUE(sk), skb); 1773 __skb_queue_tail(TX_QUEUE(sk), skb);
1774
1775 if (pi->mode == L2CAP_MODE_ERTM)
1776 spin_lock_bh(&pi->send_lock);
1777
1661 if (sk->sk_send_head == NULL) 1778 if (sk->sk_send_head == NULL)
1662 sk->sk_send_head = skb; 1779 sk->sk_send_head = skb;
1780
1781 if (pi->mode == L2CAP_MODE_ERTM)
1782 spin_unlock_bh(&pi->send_lock);
1663 } else { 1783 } else {
1664 /* Segment SDU into multiples PDUs */ 1784 /* Segment SDU into multiples PDUs */
1665 err = l2cap_sar_segment_sdu(sk, msg, len); 1785 err = l2cap_sar_segment_sdu(sk, msg, len);
@@ -1667,12 +1787,15 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1667 goto done; 1787 goto done;
1668 } 1788 }
1669 1789
1670 if (pi->mode == L2CAP_MODE_STREAMING) 1790 if (pi->mode == L2CAP_MODE_STREAMING) {
1671 err = l2cap_streaming_send(sk); 1791 err = l2cap_streaming_send(sk);
1672 else 1792 } else {
1793 spin_lock_bh(&pi->send_lock);
1673 err = l2cap_ertm_send(sk); 1794 err = l2cap_ertm_send(sk);
1795 spin_unlock_bh(&pi->send_lock);
1796 }
1674 1797
1675 if (!err) 1798 if (err >= 0)
1676 err = len; 1799 err = len;
1677 break; 1800 break;
1678 1801
@@ -1731,6 +1854,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1731 opts.flush_to = l2cap_pi(sk)->flush_to; 1854 opts.flush_to = l2cap_pi(sk)->flush_to;
1732 opts.mode = l2cap_pi(sk)->mode; 1855 opts.mode = l2cap_pi(sk)->mode;
1733 opts.fcs = l2cap_pi(sk)->fcs; 1856 opts.fcs = l2cap_pi(sk)->fcs;
1857 opts.max_tx = l2cap_pi(sk)->max_tx;
1858 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1734 1859
1735 len = min_t(unsigned int, sizeof(opts), optlen); 1860 len = min_t(unsigned int, sizeof(opts), optlen);
1736 if (copy_from_user((char *) &opts, optval, len)) { 1861 if (copy_from_user((char *) &opts, optval, len)) {
@@ -1738,10 +1863,25 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1738 break; 1863 break;
1739 } 1864 }
1740 1865
1866 l2cap_pi(sk)->mode = opts.mode;
1867 switch (l2cap_pi(sk)->mode) {
1868 case L2CAP_MODE_BASIC:
1869 break;
1870 case L2CAP_MODE_ERTM:
1871 case L2CAP_MODE_STREAMING:
1872 if (enable_ertm)
1873 break;
1874 /* fall through */
1875 default:
1876 err = -EINVAL;
1877 break;
1878 }
1879
1741 l2cap_pi(sk)->imtu = opts.imtu; 1880 l2cap_pi(sk)->imtu = opts.imtu;
1742 l2cap_pi(sk)->omtu = opts.omtu; 1881 l2cap_pi(sk)->omtu = opts.omtu;
1743 l2cap_pi(sk)->mode = opts.mode;
1744 l2cap_pi(sk)->fcs = opts.fcs; 1882 l2cap_pi(sk)->fcs = opts.fcs;
1883 l2cap_pi(sk)->max_tx = opts.max_tx;
1884 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
1745 break; 1885 break;
1746 1886
1747 case L2CAP_LM: 1887 case L2CAP_LM:
@@ -1789,7 +1929,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
1789 1929
1790 switch (optname) { 1930 switch (optname) {
1791 case BT_SECURITY: 1931 case BT_SECURITY:
1792 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { 1932 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
1933 && sk->sk_type != SOCK_RAW) {
1793 err = -EINVAL; 1934 err = -EINVAL;
1794 break; 1935 break;
1795 } 1936 }
@@ -1856,6 +1997,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
1856 opts.flush_to = l2cap_pi(sk)->flush_to; 1997 opts.flush_to = l2cap_pi(sk)->flush_to;
1857 opts.mode = l2cap_pi(sk)->mode; 1998 opts.mode = l2cap_pi(sk)->mode;
1858 opts.fcs = l2cap_pi(sk)->fcs; 1999 opts.fcs = l2cap_pi(sk)->fcs;
2000 opts.max_tx = l2cap_pi(sk)->max_tx;
2001 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1859 2002
1860 len = min_t(unsigned int, len, sizeof(opts)); 2003 len = min_t(unsigned int, len, sizeof(opts));
1861 if (copy_to_user(optval, (char *) &opts, len)) 2004 if (copy_to_user(optval, (char *) &opts, len))
@@ -1937,7 +2080,8 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
1937 2080
1938 switch (optname) { 2081 switch (optname) {
1939 case BT_SECURITY: 2082 case BT_SECURITY:
1940 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { 2083 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2084 && sk->sk_type != SOCK_RAW) {
1941 err = -EINVAL; 2085 err = -EINVAL;
1942 break; 2086 break;
1943 } 2087 }
@@ -1982,6 +2126,9 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
1982 2126
1983 lock_sock(sk); 2127 lock_sock(sk);
1984 if (!sk->sk_shutdown) { 2128 if (!sk->sk_shutdown) {
2129 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2130 err = __l2cap_wait_ack(sk);
2131
1985 sk->sk_shutdown = SHUTDOWN_MASK; 2132 sk->sk_shutdown = SHUTDOWN_MASK;
1986 l2cap_sock_clear_timer(sk); 2133 l2cap_sock_clear_timer(sk);
1987 __l2cap_sock_close(sk, 0); 2134 __l2cap_sock_close(sk, 0);
@@ -2184,19 +2331,35 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2184 *ptr += L2CAP_CONF_OPT_SIZE + len; 2331 *ptr += L2CAP_CONF_OPT_SIZE + len;
2185} 2332}
2186 2333
2334static void l2cap_ack_timeout(unsigned long arg)
2335{
2336 struct sock *sk = (void *) arg;
2337
2338 bh_lock_sock(sk);
2339 l2cap_send_ack(l2cap_pi(sk));
2340 bh_unlock_sock(sk);
2341}
2342
2187static inline void l2cap_ertm_init(struct sock *sk) 2343static inline void l2cap_ertm_init(struct sock *sk)
2188{ 2344{
2189 l2cap_pi(sk)->expected_ack_seq = 0; 2345 l2cap_pi(sk)->expected_ack_seq = 0;
2190 l2cap_pi(sk)->unacked_frames = 0; 2346 l2cap_pi(sk)->unacked_frames = 0;
2191 l2cap_pi(sk)->buffer_seq = 0; 2347 l2cap_pi(sk)->buffer_seq = 0;
2192 l2cap_pi(sk)->num_to_ack = 0; 2348 l2cap_pi(sk)->num_acked = 0;
2349 l2cap_pi(sk)->frames_sent = 0;
2193 2350
2194 setup_timer(&l2cap_pi(sk)->retrans_timer, 2351 setup_timer(&l2cap_pi(sk)->retrans_timer,
2195 l2cap_retrans_timeout, (unsigned long) sk); 2352 l2cap_retrans_timeout, (unsigned long) sk);
2196 setup_timer(&l2cap_pi(sk)->monitor_timer, 2353 setup_timer(&l2cap_pi(sk)->monitor_timer,
2197 l2cap_monitor_timeout, (unsigned long) sk); 2354 l2cap_monitor_timeout, (unsigned long) sk);
2355 setup_timer(&l2cap_pi(sk)->ack_timer,
2356 l2cap_ack_timeout, (unsigned long) sk);
2198 2357
2199 __skb_queue_head_init(SREJ_QUEUE(sk)); 2358 __skb_queue_head_init(SREJ_QUEUE(sk));
2359 __skb_queue_head_init(BUSY_QUEUE(sk));
2360 spin_lock_init(&l2cap_pi(sk)->send_lock);
2361
2362 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2200} 2363}
2201 2364
2202static int l2cap_mode_supported(__u8 mode, __u32 feat_mask) 2365static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
@@ -2232,7 +2395,7 @@ static int l2cap_build_conf_req(struct sock *sk, void *data)
2232{ 2395{
2233 struct l2cap_pinfo *pi = l2cap_pi(sk); 2396 struct l2cap_pinfo *pi = l2cap_pi(sk);
2234 struct l2cap_conf_req *req = data; 2397 struct l2cap_conf_req *req = data;
2235 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 2398 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2236 void *ptr = req->data; 2399 void *ptr = req->data;
2237 2400
2238 BT_DBG("sk %p", sk); 2401 BT_DBG("sk %p", sk);
@@ -2261,11 +2424,13 @@ done:
2261 2424
2262 case L2CAP_MODE_ERTM: 2425 case L2CAP_MODE_ERTM:
2263 rfc.mode = L2CAP_MODE_ERTM; 2426 rfc.mode = L2CAP_MODE_ERTM;
2264 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW; 2427 rfc.txwin_size = pi->tx_win;
2265 rfc.max_transmit = max_transmit; 2428 rfc.max_transmit = pi->max_tx;
2266 rfc.retrans_timeout = 0; 2429 rfc.retrans_timeout = 0;
2267 rfc.monitor_timeout = 0; 2430 rfc.monitor_timeout = 0;
2268 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 2431 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2432 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2433 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2269 2434
2270 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 2435 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2271 sizeof(rfc), (unsigned long) &rfc); 2436 sizeof(rfc), (unsigned long) &rfc);
@@ -2287,6 +2452,8 @@ done:
2287 rfc.retrans_timeout = 0; 2452 rfc.retrans_timeout = 0;
2288 rfc.monitor_timeout = 0; 2453 rfc.monitor_timeout = 0;
2289 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 2454 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2455 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2456 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2290 2457
2291 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 2458 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2292 sizeof(rfc), (unsigned long) &rfc); 2459 sizeof(rfc), (unsigned long) &rfc);
@@ -2415,10 +2582,15 @@ done:
2415 case L2CAP_MODE_ERTM: 2582 case L2CAP_MODE_ERTM:
2416 pi->remote_tx_win = rfc.txwin_size; 2583 pi->remote_tx_win = rfc.txwin_size;
2417 pi->remote_max_tx = rfc.max_transmit; 2584 pi->remote_max_tx = rfc.max_transmit;
2418 pi->max_pdu_size = rfc.max_pdu_size; 2585 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2586 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2419 2587
2420 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO; 2588 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2421 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO; 2589
2590 rfc.retrans_timeout =
2591 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2592 rfc.monitor_timeout =
2593 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2422 2594
2423 pi->conf_state |= L2CAP_CONF_MODE_DONE; 2595 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2424 2596
@@ -2428,8 +2600,10 @@ done:
2428 break; 2600 break;
2429 2601
2430 case L2CAP_MODE_STREAMING: 2602 case L2CAP_MODE_STREAMING:
2431 pi->remote_tx_win = rfc.txwin_size; 2603 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2432 pi->max_pdu_size = rfc.max_pdu_size; 2604 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2605
2606 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2433 2607
2434 pi->conf_state |= L2CAP_CONF_MODE_DONE; 2608 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2435 2609
@@ -2506,13 +2680,12 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
2506 switch (rfc.mode) { 2680 switch (rfc.mode) {
2507 case L2CAP_MODE_ERTM: 2681 case L2CAP_MODE_ERTM:
2508 pi->remote_tx_win = rfc.txwin_size; 2682 pi->remote_tx_win = rfc.txwin_size;
2509 pi->retrans_timeout = rfc.retrans_timeout; 2683 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2510 pi->monitor_timeout = rfc.monitor_timeout; 2684 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2511 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size); 2685 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2512 break; 2686 break;
2513 case L2CAP_MODE_STREAMING: 2687 case L2CAP_MODE_STREAMING:
2514 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size); 2688 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2515 break;
2516 } 2689 }
2517 } 2690 }
2518 2691
@@ -2536,6 +2709,42 @@ static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 fla
2536 return ptr - data; 2709 return ptr - data;
2537} 2710}
2538 2711
2712static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2713{
2714 struct l2cap_pinfo *pi = l2cap_pi(sk);
2715 int type, olen;
2716 unsigned long val;
2717 struct l2cap_conf_rfc rfc;
2718
2719 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2720
2721 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2722 return;
2723
2724 while (len >= L2CAP_CONF_OPT_SIZE) {
2725 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2726
2727 switch (type) {
2728 case L2CAP_CONF_RFC:
2729 if (olen == sizeof(rfc))
2730 memcpy(&rfc, (void *)val, olen);
2731 goto done;
2732 }
2733 }
2734
2735done:
2736 switch (rfc.mode) {
2737 case L2CAP_MODE_ERTM:
2738 pi->remote_tx_win = rfc.txwin_size;
2739 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2740 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2741 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2742 break;
2743 case L2CAP_MODE_STREAMING:
2744 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2745 }
2746}
2747
2539static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2748static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2540{ 2749{
2541 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data; 2750 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
@@ -2815,6 +3024,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2815 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 3024 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2816 u16 scid, flags, result; 3025 u16 scid, flags, result;
2817 struct sock *sk; 3026 struct sock *sk;
3027 int len = cmd->len - sizeof(*rsp);
2818 3028
2819 scid = __le16_to_cpu(rsp->scid); 3029 scid = __le16_to_cpu(rsp->scid);
2820 flags = __le16_to_cpu(rsp->flags); 3030 flags = __le16_to_cpu(rsp->flags);
@@ -2829,11 +3039,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2829 3039
2830 switch (result) { 3040 switch (result) {
2831 case L2CAP_CONF_SUCCESS: 3041 case L2CAP_CONF_SUCCESS:
3042 l2cap_conf_rfc_get(sk, rsp->data, len);
2832 break; 3043 break;
2833 3044
2834 case L2CAP_CONF_UNACCEPT: 3045 case L2CAP_CONF_UNACCEPT:
2835 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { 3046 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2836 int len = cmd->len - sizeof(*rsp);
2837 char req[64]; 3047 char req[64];
2838 3048
2839 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 3049 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
@@ -2917,8 +3127,10 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2917 3127
2918 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 3128 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2919 skb_queue_purge(SREJ_QUEUE(sk)); 3129 skb_queue_purge(SREJ_QUEUE(sk));
3130 skb_queue_purge(BUSY_QUEUE(sk));
2920 del_timer(&l2cap_pi(sk)->retrans_timer); 3131 del_timer(&l2cap_pi(sk)->retrans_timer);
2921 del_timer(&l2cap_pi(sk)->monitor_timer); 3132 del_timer(&l2cap_pi(sk)->monitor_timer);
3133 del_timer(&l2cap_pi(sk)->ack_timer);
2922 } 3134 }
2923 3135
2924 l2cap_chan_del(sk, ECONNRESET); 3136 l2cap_chan_del(sk, ECONNRESET);
@@ -2947,8 +3159,10 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2947 3159
2948 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 3160 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2949 skb_queue_purge(SREJ_QUEUE(sk)); 3161 skb_queue_purge(SREJ_QUEUE(sk));
3162 skb_queue_purge(BUSY_QUEUE(sk));
2950 del_timer(&l2cap_pi(sk)->retrans_timer); 3163 del_timer(&l2cap_pi(sk)->retrans_timer);
2951 del_timer(&l2cap_pi(sk)->monitor_timer); 3164 del_timer(&l2cap_pi(sk)->monitor_timer);
3165 del_timer(&l2cap_pi(sk)->ack_timer);
2952 } 3166 }
2953 3167
2954 l2cap_chan_del(sk, 0); 3168 l2cap_chan_del(sk, 0);
@@ -3143,7 +3357,40 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3143 return 0; 3357 return 0;
3144} 3358}
3145 3359
3146static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 3360static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3361{
3362 struct l2cap_pinfo *pi = l2cap_pi(sk);
3363 u16 control = 0;
3364
3365 pi->frames_sent = 0;
3366 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3367
3368 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3369
3370 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3371 control |= L2CAP_SUPER_RCV_NOT_READY | L2CAP_CTRL_FINAL;
3372 l2cap_send_sframe(pi, control);
3373 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3374 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3375 }
3376
3377 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && pi->unacked_frames > 0)
3378 __mod_retrans_timer();
3379
3380 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3381
3382 spin_lock_bh(&pi->send_lock);
3383 l2cap_ertm_send(sk);
3384 spin_unlock_bh(&pi->send_lock);
3385
3386 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3387 pi->frames_sent == 0) {
3388 control |= L2CAP_SUPER_RCV_READY;
3389 l2cap_send_sframe(pi, control);
3390 }
3391}
3392
3393static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3147{ 3394{
3148 struct sk_buff *next_skb; 3395 struct sk_buff *next_skb;
3149 3396
@@ -3153,29 +3400,256 @@ static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_
3153 next_skb = skb_peek(SREJ_QUEUE(sk)); 3400 next_skb = skb_peek(SREJ_QUEUE(sk));
3154 if (!next_skb) { 3401 if (!next_skb) {
3155 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3402 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3156 return; 3403 return 0;
3157 } 3404 }
3158 3405
3159 do { 3406 do {
3407 if (bt_cb(next_skb)->tx_seq == tx_seq)
3408 return -EINVAL;
3409
3160 if (bt_cb(next_skb)->tx_seq > tx_seq) { 3410 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3161 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 3411 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3162 return; 3412 return 0;
3163 } 3413 }
3164 3414
3165 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb)) 3415 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3166 break; 3416 break;
3167 3417
3168 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb))); 3418 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3169 3419
3170 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3420 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3421
3422 return 0;
3171} 3423}
3172 3424
3173static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 3425static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3426{
3427 struct l2cap_pinfo *pi = l2cap_pi(sk);
3428 struct sk_buff *_skb;
3429 int err;
3430
3431 switch (control & L2CAP_CTRL_SAR) {
3432 case L2CAP_SDU_UNSEGMENTED:
3433 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3434 goto drop;
3435
3436 err = sock_queue_rcv_skb(sk, skb);
3437 if (!err)
3438 return err;
3439
3440 break;
3441
3442 case L2CAP_SDU_START:
3443 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3444 goto drop;
3445
3446 pi->sdu_len = get_unaligned_le16(skb->data);
3447
3448 if (pi->sdu_len > pi->imtu)
3449 goto disconnect;
3450
3451 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3452 if (!pi->sdu)
3453 return -ENOMEM;
3454
3455 /* pull sdu_len bytes only after alloc, because of Local Busy
3456 * condition we have to be sure that this will be executed
3457 * only once, i.e., when alloc does not fail */
3458 skb_pull(skb, 2);
3459
3460 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3461
3462 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3463 pi->partial_sdu_len = skb->len;
3464 break;
3465
3466 case L2CAP_SDU_CONTINUE:
3467 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3468 goto disconnect;
3469
3470 if (!pi->sdu)
3471 goto disconnect;
3472
3473 pi->partial_sdu_len += skb->len;
3474 if (pi->partial_sdu_len > pi->sdu_len)
3475 goto drop;
3476
3477 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3478
3479 break;
3480
3481 case L2CAP_SDU_END:
3482 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3483 goto disconnect;
3484
3485 if (!pi->sdu)
3486 goto disconnect;
3487
3488 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3489 pi->partial_sdu_len += skb->len;
3490
3491 if (pi->partial_sdu_len > pi->imtu)
3492 goto drop;
3493
3494 if (pi->partial_sdu_len != pi->sdu_len)
3495 goto drop;
3496
3497 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3498 }
3499
3500 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3501 if (!_skb) {
3502 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3503 return -ENOMEM;
3504 }
3505
3506 err = sock_queue_rcv_skb(sk, _skb);
3507 if (err < 0) {
3508 kfree_skb(_skb);
3509 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3510 return err;
3511 }
3512
3513 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3514 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3515
3516 kfree_skb(pi->sdu);
3517 break;
3518 }
3519
3520 kfree_skb(skb);
3521 return 0;
3522
3523drop:
3524 kfree_skb(pi->sdu);
3525 pi->sdu = NULL;
3526
3527disconnect:
3528 l2cap_send_disconn_req(pi->conn, sk);
3529 kfree_skb(skb);
3530 return 0;
3531}
3532
3533static void l2cap_busy_work(struct work_struct *work)
3534{
3535 DECLARE_WAITQUEUE(wait, current);
3536 struct l2cap_pinfo *pi =
3537 container_of(work, struct l2cap_pinfo, busy_work);
3538 struct sock *sk = (struct sock *)pi;
3539 int n_tries = 0, timeo = HZ/5, err;
3540 struct sk_buff *skb;
3541 u16 control;
3542
3543 lock_sock(sk);
3544
3545 add_wait_queue(sk_sleep(sk), &wait);
3546 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3547 set_current_state(TASK_INTERRUPTIBLE);
3548
3549 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3550 err = -EBUSY;
3551 l2cap_send_disconn_req(pi->conn, sk);
3552 goto done;
3553 }
3554
3555 if (!timeo)
3556 timeo = HZ/5;
3557
3558 if (signal_pending(current)) {
3559 err = sock_intr_errno(timeo);
3560 goto done;
3561 }
3562
3563 release_sock(sk);
3564 timeo = schedule_timeout(timeo);
3565 lock_sock(sk);
3566
3567 err = sock_error(sk);
3568 if (err)
3569 goto done;
3570
3571 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3572 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3573 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3574 if (err < 0) {
3575 skb_queue_head(BUSY_QUEUE(sk), skb);
3576 break;
3577 }
3578
3579 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3580 }
3581
3582 if (!skb)
3583 break;
3584 }
3585
3586 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3587 goto done;
3588
3589 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3590 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3591 l2cap_send_sframe(pi, control);
3592 l2cap_pi(sk)->retry_count = 1;
3593
3594 del_timer(&pi->retrans_timer);
3595 __mod_monitor_timer();
3596
3597 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3598
3599done:
3600 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3601 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3602
3603 set_current_state(TASK_RUNNING);
3604 remove_wait_queue(sk_sleep(sk), &wait);
3605
3606 release_sock(sk);
3607}
3608
3609static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3610{
3611 struct l2cap_pinfo *pi = l2cap_pi(sk);
3612 int sctrl, err;
3613
3614 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3615 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3616 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3617 return -EBUSY;
3618 }
3619
3620 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3621 if (err >= 0) {
3622 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3623 return err;
3624 }
3625
3626 /* Busy Condition */
3627 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3628 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3629 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3630
3631 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3632 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3633 l2cap_send_sframe(pi, sctrl);
3634
3635 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3636
3637 queue_work(_busy_wq, &pi->busy_work);
3638
3639 return err;
3640}
3641
3642static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3174{ 3643{
3175 struct l2cap_pinfo *pi = l2cap_pi(sk); 3644 struct l2cap_pinfo *pi = l2cap_pi(sk);
3176 struct sk_buff *_skb; 3645 struct sk_buff *_skb;
3177 int err = -EINVAL; 3646 int err = -EINVAL;
3178 3647
3648 /*
3649 * TODO: We have to notify the userland if some data is lost with the
3650 * Streaming Mode.
3651 */
3652
3179 switch (control & L2CAP_CTRL_SAR) { 3653 switch (control & L2CAP_CTRL_SAR) {
3180 case L2CAP_SDU_UNSEGMENTED: 3654 case L2CAP_SDU_UNSEGMENTED:
3181 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3655 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
@@ -3198,6 +3672,11 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3198 pi->sdu_len = get_unaligned_le16(skb->data); 3672 pi->sdu_len = get_unaligned_le16(skb->data);
3199 skb_pull(skb, 2); 3673 skb_pull(skb, 2);
3200 3674
3675 if (pi->sdu_len > pi->imtu) {
3676 err = -EMSGSIZE;
3677 break;
3678 }
3679
3201 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3680 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3202 if (!pi->sdu) { 3681 if (!pi->sdu) {
3203 err = -ENOMEM; 3682 err = -ENOMEM;
@@ -3234,15 +3713,19 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3234 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 3713 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3235 pi->partial_sdu_len += skb->len; 3714 pi->partial_sdu_len += skb->len;
3236 3715
3716 if (pi->partial_sdu_len > pi->imtu)
3717 goto drop;
3718
3237 if (pi->partial_sdu_len == pi->sdu_len) { 3719 if (pi->partial_sdu_len == pi->sdu_len) {
3238 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 3720 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3239 err = sock_queue_rcv_skb(sk, _skb); 3721 err = sock_queue_rcv_skb(sk, _skb);
3240 if (err < 0) 3722 if (err < 0)
3241 kfree_skb(_skb); 3723 kfree_skb(_skb);
3242 } 3724 }
3243 kfree_skb(pi->sdu);
3244 err = 0; 3725 err = 0;
3245 3726
3727drop:
3728 kfree_skb(pi->sdu);
3246 break; 3729 break;
3247 } 3730 }
3248 3731
@@ -3253,15 +3736,15 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3253static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) 3736static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3254{ 3737{
3255 struct sk_buff *skb; 3738 struct sk_buff *skb;
3256 u16 control = 0; 3739 u16 control;
3257 3740
3258 while((skb = skb_peek(SREJ_QUEUE(sk)))) { 3741 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3259 if (bt_cb(skb)->tx_seq != tx_seq) 3742 if (bt_cb(skb)->tx_seq != tx_seq)
3260 break; 3743 break;
3261 3744
3262 skb = skb_dequeue(SREJ_QUEUE(sk)); 3745 skb = skb_dequeue(SREJ_QUEUE(sk));
3263 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 3746 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3264 l2cap_sar_reassembly_sdu(sk, skb, control); 3747 l2cap_ertm_reassembly_sdu(sk, skb, control);
3265 l2cap_pi(sk)->buffer_seq_srej = 3748 l2cap_pi(sk)->buffer_seq_srej =
3266 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3749 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3267 tx_seq++; 3750 tx_seq++;
@@ -3274,7 +3757,7 @@ static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3274 struct srej_list *l, *tmp; 3757 struct srej_list *l, *tmp;
3275 u16 control; 3758 u16 control;
3276 3759
3277 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) { 3760 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3278 if (l->tx_seq == tx_seq) { 3761 if (l->tx_seq == tx_seq) {
3279 list_del(&l->list); 3762 list_del(&l->list);
3280 kfree(l); 3763 kfree(l);
@@ -3297,10 +3780,6 @@ static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3297 while (tx_seq != pi->expected_tx_seq) { 3780 while (tx_seq != pi->expected_tx_seq) {
3298 control = L2CAP_SUPER_SELECT_REJECT; 3781 control = L2CAP_SUPER_SELECT_REJECT;
3299 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3782 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3300 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3301 control |= L2CAP_CTRL_POLL;
3302 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3303 }
3304 l2cap_send_sframe(pi, control); 3783 l2cap_send_sframe(pi, control);
3305 3784
3306 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3785 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
@@ -3315,18 +3794,40 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3315 struct l2cap_pinfo *pi = l2cap_pi(sk); 3794 struct l2cap_pinfo *pi = l2cap_pi(sk);
3316 u8 tx_seq = __get_txseq(rx_control); 3795 u8 tx_seq = __get_txseq(rx_control);
3317 u8 req_seq = __get_reqseq(rx_control); 3796 u8 req_seq = __get_reqseq(rx_control);
3318 u16 tx_control = 0;
3319 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3797 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3798 u8 tx_seq_offset, expected_tx_seq_offset;
3799 int num_to_ack = (pi->tx_win/6) + 1;
3320 int err = 0; 3800 int err = 0;
3321 3801
3322 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3802 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3323 3803
3804 if (L2CAP_CTRL_FINAL & rx_control &&
3805 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3806 del_timer(&pi->monitor_timer);
3807 if (pi->unacked_frames > 0)
3808 __mod_retrans_timer();
3809 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3810 }
3811
3324 pi->expected_ack_seq = req_seq; 3812 pi->expected_ack_seq = req_seq;
3325 l2cap_drop_acked_frames(sk); 3813 l2cap_drop_acked_frames(sk);
3326 3814
3327 if (tx_seq == pi->expected_tx_seq) 3815 if (tx_seq == pi->expected_tx_seq)
3328 goto expected; 3816 goto expected;
3329 3817
3818 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3819 if (tx_seq_offset < 0)
3820 tx_seq_offset += 64;
3821
3822 /* invalid tx_seq */
3823 if (tx_seq_offset >= pi->tx_win) {
3824 l2cap_send_disconn_req(pi->conn, sk);
3825 goto drop;
3826 }
3827
3828 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3829 goto drop;
3830
3330 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3831 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3331 struct srej_list *first; 3832 struct srej_list *first;
3332 3833
@@ -3342,10 +3843,14 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3342 if (list_empty(SREJ_LIST(sk))) { 3843 if (list_empty(SREJ_LIST(sk))) {
3343 pi->buffer_seq = pi->buffer_seq_srej; 3844 pi->buffer_seq = pi->buffer_seq_srej;
3344 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3845 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3846 l2cap_send_ack(pi);
3345 } 3847 }
3346 } else { 3848 } else {
3347 struct srej_list *l; 3849 struct srej_list *l;
3348 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3850
3851 /* duplicated tx_seq */
3852 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
3853 goto drop;
3349 3854
3350 list_for_each_entry(l, SREJ_LIST(sk), list) { 3855 list_for_each_entry(l, SREJ_LIST(sk), list) {
3351 if (l->tx_seq == tx_seq) { 3856 if (l->tx_seq == tx_seq) {
@@ -3356,12 +3861,22 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3356 l2cap_send_srejframe(sk, tx_seq); 3861 l2cap_send_srejframe(sk, tx_seq);
3357 } 3862 }
3358 } else { 3863 } else {
3864 expected_tx_seq_offset =
3865 (pi->expected_tx_seq - pi->buffer_seq) % 64;
3866 if (expected_tx_seq_offset < 0)
3867 expected_tx_seq_offset += 64;
3868
3869 /* duplicated tx_seq */
3870 if (tx_seq_offset < expected_tx_seq_offset)
3871 goto drop;
3872
3359 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 3873 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3360 3874
3361 INIT_LIST_HEAD(SREJ_LIST(sk)); 3875 INIT_LIST_HEAD(SREJ_LIST(sk));
3362 pi->buffer_seq_srej = pi->buffer_seq; 3876 pi->buffer_seq_srej = pi->buffer_seq;
3363 3877
3364 __skb_queue_head_init(SREJ_QUEUE(sk)); 3878 __skb_queue_head_init(SREJ_QUEUE(sk));
3879 __skb_queue_head_init(BUSY_QUEUE(sk));
3365 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3880 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3366 3881
3367 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 3882 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
@@ -3374,153 +3889,189 @@ expected:
3374 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3889 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3375 3890
3376 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3891 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3377 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3892 bt_cb(skb)->tx_seq = tx_seq;
3893 bt_cb(skb)->sar = sar;
3894 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3378 return 0; 3895 return 0;
3379 } 3896 }
3380 3897
3381 if (rx_control & L2CAP_CTRL_FINAL) { 3898 if (rx_control & L2CAP_CTRL_FINAL) {
3382 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3899 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3383 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3900 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3384 else { 3901 else
3385 sk->sk_send_head = TX_QUEUE(sk)->next; 3902 l2cap_retransmit_frames(sk);
3386 pi->next_tx_seq = pi->expected_ack_seq;
3387 l2cap_ertm_send(sk);
3388 }
3389 } 3903 }
3390 3904
3391 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3905 err = l2cap_push_rx_skb(sk, skb, rx_control);
3392
3393 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3394 if (err < 0) 3906 if (err < 0)
3395 return err; 3907 return 0;
3908
3909 __mod_ack_timer();
3910
3911 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
3912 if (pi->num_acked == num_to_ack - 1)
3913 l2cap_send_ack(pi);
3396 3914
3397 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK; 3915 return 0;
3398 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) { 3916
3399 tx_control |= L2CAP_SUPER_RCV_READY; 3917drop:
3400 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3918 kfree_skb(skb);
3401 l2cap_send_sframe(pi, tx_control);
3402 }
3403 return 0; 3919 return 0;
3404} 3920}
3405 3921
3406static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3922static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3407{ 3923{
3408 struct l2cap_pinfo *pi = l2cap_pi(sk); 3924 struct l2cap_pinfo *pi = l2cap_pi(sk);
3409 u8 tx_seq = __get_reqseq(rx_control);
3410 3925
3411 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3926 pi->expected_ack_seq = __get_reqseq(rx_control);
3927 l2cap_drop_acked_frames(sk);
3412 3928
3413 switch (rx_control & L2CAP_CTRL_SUPERVISE) { 3929 if (rx_control & L2CAP_CTRL_POLL) {
3414 case L2CAP_SUPER_RCV_READY: 3930 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3415 if (rx_control & L2CAP_CTRL_POLL) { 3931 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3416 u16 control = L2CAP_CTRL_FINAL; 3932 (pi->unacked_frames > 0))
3417 control |= L2CAP_SUPER_RCV_READY | 3933 __mod_retrans_timer();
3418 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3419 l2cap_send_sframe(l2cap_pi(sk), control);
3420 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3421 3934
3422 } else if (rx_control & L2CAP_CTRL_FINAL) {
3423 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3935 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3424 pi->expected_ack_seq = tx_seq; 3936 l2cap_send_srejtail(sk);
3425 l2cap_drop_acked_frames(sk); 3937 } else {
3426 3938 l2cap_send_i_or_rr_or_rnr(sk);
3427 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3939 }
3428 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3429 else {
3430 sk->sk_send_head = TX_QUEUE(sk)->next;
3431 pi->next_tx_seq = pi->expected_ack_seq;
3432 l2cap_ertm_send(sk);
3433 }
3434
3435 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3436 break;
3437 3940
3438 pi->conn_state &= ~L2CAP_CONN_WAIT_F; 3941 } else if (rx_control & L2CAP_CTRL_FINAL) {
3439 del_timer(&pi->monitor_timer); 3942 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3440 3943
3441 if (pi->unacked_frames > 0) 3944 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3442 __mod_retrans_timer(); 3945 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3443 } else { 3946 else
3444 pi->expected_ack_seq = tx_seq; 3947 l2cap_retransmit_frames(sk);
3445 l2cap_drop_acked_frames(sk);
3446 3948
3447 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3949 } else {
3448 (pi->unacked_frames > 0)) 3950 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3449 __mod_retrans_timer(); 3951 (pi->unacked_frames > 0))
3952 __mod_retrans_timer();
3450 3953
3451 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3954 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3955 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3956 l2cap_send_ack(pi);
3957 } else {
3958 spin_lock_bh(&pi->send_lock);
3452 l2cap_ertm_send(sk); 3959 l2cap_ertm_send(sk);
3960 spin_unlock_bh(&pi->send_lock);
3453 } 3961 }
3454 break; 3962 }
3963}
3455 3964
3456 case L2CAP_SUPER_REJECT: 3965static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3457 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3966{
3967 struct l2cap_pinfo *pi = l2cap_pi(sk);
3968 u8 tx_seq = __get_reqseq(rx_control);
3969
3970 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3971
3972 pi->expected_ack_seq = tx_seq;
3973 l2cap_drop_acked_frames(sk);
3458 3974
3459 pi->expected_ack_seq = __get_reqseq(rx_control); 3975 if (rx_control & L2CAP_CTRL_FINAL) {
3976 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3977 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3978 else
3979 l2cap_retransmit_frames(sk);
3980 } else {
3981 l2cap_retransmit_frames(sk);
3982
3983 if (pi->conn_state & L2CAP_CONN_WAIT_F)
3984 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3985 }
3986}
3987static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3988{
3989 struct l2cap_pinfo *pi = l2cap_pi(sk);
3990 u8 tx_seq = __get_reqseq(rx_control);
3991
3992 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3993
3994 if (rx_control & L2CAP_CTRL_POLL) {
3995 pi->expected_ack_seq = tx_seq;
3460 l2cap_drop_acked_frames(sk); 3996 l2cap_drop_acked_frames(sk);
3997 l2cap_retransmit_one_frame(sk, tx_seq);
3461 3998
3462 if (rx_control & L2CAP_CTRL_FINAL) { 3999 spin_lock_bh(&pi->send_lock);
3463 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 4000 l2cap_ertm_send(sk);
3464 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 4001 spin_unlock_bh(&pi->send_lock);
3465 else {
3466 sk->sk_send_head = TX_QUEUE(sk)->next;
3467 pi->next_tx_seq = pi->expected_ack_seq;
3468 l2cap_ertm_send(sk);
3469 }
3470 } else {
3471 sk->sk_send_head = TX_QUEUE(sk)->next;
3472 pi->next_tx_seq = pi->expected_ack_seq;
3473 l2cap_ertm_send(sk);
3474 4002
3475 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 4003 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3476 pi->srej_save_reqseq = tx_seq; 4004 pi->srej_save_reqseq = tx_seq;
3477 pi->conn_state |= L2CAP_CONN_REJ_ACT; 4005 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3478 } 4006 }
4007 } else if (rx_control & L2CAP_CTRL_FINAL) {
4008 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4009 pi->srej_save_reqseq == tx_seq)
4010 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4011 else
4012 l2cap_retransmit_one_frame(sk, tx_seq);
4013 } else {
4014 l2cap_retransmit_one_frame(sk, tx_seq);
4015 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4016 pi->srej_save_reqseq = tx_seq;
4017 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3479 } 4018 }
4019 }
4020}
3480 4021
4022static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4023{
4024 struct l2cap_pinfo *pi = l2cap_pi(sk);
4025 u8 tx_seq = __get_reqseq(rx_control);
4026
4027 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4028 pi->expected_ack_seq = tx_seq;
4029 l2cap_drop_acked_frames(sk);
4030
4031 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4032 del_timer(&pi->retrans_timer);
4033 if (rx_control & L2CAP_CTRL_POLL)
4034 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4035 return;
4036 }
4037
4038 if (rx_control & L2CAP_CTRL_POLL)
4039 l2cap_send_srejtail(sk);
4040 else
4041 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4042}
4043
4044static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4045{
4046 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4047
4048 if (L2CAP_CTRL_FINAL & rx_control &&
4049 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4050 del_timer(&l2cap_pi(sk)->monitor_timer);
4051 if (l2cap_pi(sk)->unacked_frames > 0)
4052 __mod_retrans_timer();
4053 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4054 }
4055
4056 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4057 case L2CAP_SUPER_RCV_READY:
4058 l2cap_data_channel_rrframe(sk, rx_control);
3481 break; 4059 break;
3482 4060
3483 case L2CAP_SUPER_SELECT_REJECT: 4061 case L2CAP_SUPER_REJECT:
3484 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 4062 l2cap_data_channel_rejframe(sk, rx_control);
4063 break;
3485 4064
3486 if (rx_control & L2CAP_CTRL_POLL) { 4065 case L2CAP_SUPER_SELECT_REJECT:
3487 pi->expected_ack_seq = tx_seq; 4066 l2cap_data_channel_srejframe(sk, rx_control);
3488 l2cap_drop_acked_frames(sk);
3489 l2cap_retransmit_frame(sk, tx_seq);
3490 l2cap_ertm_send(sk);
3491 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3492 pi->srej_save_reqseq = tx_seq;
3493 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3494 }
3495 } else if (rx_control & L2CAP_CTRL_FINAL) {
3496 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3497 pi->srej_save_reqseq == tx_seq)
3498 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3499 else
3500 l2cap_retransmit_frame(sk, tx_seq);
3501 }
3502 else {
3503 l2cap_retransmit_frame(sk, tx_seq);
3504 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3505 pi->srej_save_reqseq = tx_seq;
3506 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3507 }
3508 }
3509 break; 4067 break;
3510 4068
3511 case L2CAP_SUPER_RCV_NOT_READY: 4069 case L2CAP_SUPER_RCV_NOT_READY:
3512 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 4070 l2cap_data_channel_rnrframe(sk, rx_control);
3513 pi->expected_ack_seq = tx_seq;
3514 l2cap_drop_acked_frames(sk);
3515
3516 del_timer(&l2cap_pi(sk)->retrans_timer);
3517 if (rx_control & L2CAP_CTRL_POLL) {
3518 u16 control = L2CAP_CTRL_FINAL;
3519 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3520 }
3521 break; 4071 break;
3522 } 4072 }
3523 4073
4074 kfree_skb(skb);
3524 return 0; 4075 return 0;
3525} 4076}
3526 4077
@@ -3529,7 +4080,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3529 struct sock *sk; 4080 struct sock *sk;
3530 struct l2cap_pinfo *pi; 4081 struct l2cap_pinfo *pi;
3531 u16 control, len; 4082 u16 control, len;
3532 u8 tx_seq; 4083 u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset;
3533 4084
3534 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4085 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3535 if (!sk) { 4086 if (!sk) {
@@ -3574,16 +4125,45 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3574 * Receiver will miss it and start proper recovery 4125 * Receiver will miss it and start proper recovery
3575 * procedures and ask retransmission. 4126 * procedures and ask retransmission.
3576 */ 4127 */
3577 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE) 4128 if (len > pi->mps) {
4129 l2cap_send_disconn_req(pi->conn, sk);
3578 goto drop; 4130 goto drop;
4131 }
3579 4132
3580 if (l2cap_check_fcs(pi, skb)) 4133 if (l2cap_check_fcs(pi, skb))
3581 goto drop; 4134 goto drop;
3582 4135
3583 if (__is_iframe(control)) 4136 req_seq = __get_reqseq(control);
4137 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4138 if (req_seq_offset < 0)
4139 req_seq_offset += 64;
4140
4141 next_tx_seq_offset =
4142 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4143 if (next_tx_seq_offset < 0)
4144 next_tx_seq_offset += 64;
4145
4146 /* check for invalid req-seq */
4147 if (req_seq_offset > next_tx_seq_offset) {
4148 l2cap_send_disconn_req(pi->conn, sk);
4149 goto drop;
4150 }
4151
4152 if (__is_iframe(control)) {
4153 if (len < 4) {
4154 l2cap_send_disconn_req(pi->conn, sk);
4155 goto drop;
4156 }
4157
3584 l2cap_data_channel_iframe(sk, control, skb); 4158 l2cap_data_channel_iframe(sk, control, skb);
3585 else 4159 } else {
4160 if (len != 0) {
4161 l2cap_send_disconn_req(pi->conn, sk);
4162 goto drop;
4163 }
4164
3586 l2cap_data_channel_sframe(sk, control, skb); 4165 l2cap_data_channel_sframe(sk, control, skb);
4166 }
3587 4167
3588 goto done; 4168 goto done;
3589 4169
@@ -3598,7 +4178,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3598 if (pi->fcs == L2CAP_FCS_CRC16) 4178 if (pi->fcs == L2CAP_FCS_CRC16)
3599 len -= 2; 4179 len -= 2;
3600 4180
3601 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control)) 4181 if (len > pi->mps || len < 4 || __is_sframe(control))
3602 goto drop; 4182 goto drop;
3603 4183
3604 if (l2cap_check_fcs(pi, skb)) 4184 if (l2cap_check_fcs(pi, skb))
@@ -3609,14 +4189,14 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3609 if (pi->expected_tx_seq == tx_seq) 4189 if (pi->expected_tx_seq == tx_seq)
3610 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 4190 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3611 else 4191 else
3612 pi->expected_tx_seq = tx_seq + 1; 4192 pi->expected_tx_seq = (tx_seq + 1) % 64;
3613 4193
3614 l2cap_sar_reassembly_sdu(sk, skb, control); 4194 l2cap_streaming_reassembly_sdu(sk, skb, control);
3615 4195
3616 goto done; 4196 goto done;
3617 4197
3618 default: 4198 default:
3619 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode); 4199 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
3620 break; 4200 break;
3621 } 4201 }
3622 4202
@@ -3772,7 +4352,7 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3772 4352
3773static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) 4353static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3774{ 4354{
3775 if (sk->sk_type != SOCK_SEQPACKET) 4355 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3776 return; 4356 return;
3777 4357
3778 if (encrypt == 0x00) { 4358 if (encrypt == 0x00) {
@@ -4030,6 +4610,10 @@ static int __init l2cap_init(void)
4030 if (err < 0) 4610 if (err < 0)
4031 return err; 4611 return err;
4032 4612
4613 _busy_wq = create_singlethread_workqueue("l2cap");
4614 if (!_busy_wq)
4615 goto error;
4616
4033 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 4617 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4034 if (err < 0) { 4618 if (err < 0) {
4035 BT_ERR("L2CAP socket registration failed"); 4619 BT_ERR("L2CAP socket registration failed");
@@ -4064,6 +4648,9 @@ static void __exit l2cap_exit(void)
4064{ 4648{
4065 debugfs_remove(l2cap_debugfs); 4649 debugfs_remove(l2cap_debugfs);
4066 4650
4651 flush_workqueue(_busy_wq);
4652 destroy_workqueue(_busy_wq);
4653
4067 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 4654 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4068 BT_ERR("L2CAP socket unregistration failed"); 4655 BT_ERR("L2CAP socket unregistration failed");
4069 4656
@@ -4078,7 +4665,6 @@ void l2cap_load(void)
4078 /* Dummy function to trigger automatic L2CAP module loading by 4665 /* Dummy function to trigger automatic L2CAP module loading by
4079 * other modules that use L2CAP sockets but don't use any other 4666 * other modules that use L2CAP sockets but don't use any other
4080 * symbols from it. */ 4667 * symbols from it. */
4081 return;
4082} 4668}
4083EXPORT_SYMBOL(l2cap_load); 4669EXPORT_SYMBOL(l2cap_load);
4084 4670
@@ -4091,6 +4677,9 @@ MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4091module_param(max_transmit, uint, 0644); 4677module_param(max_transmit, uint, 0644);
4092MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)"); 4678MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4093 4679
4680module_param(tx_window, uint, 0644);
4681MODULE_PARM_DESC(tx_window, "Transmission window size value (default = 63)");
4682
4094MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4683MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4095MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 4684MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4096MODULE_VERSION(VERSION); 4685MODULE_VERSION(VERSION);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 8ed3c37684fa..43fbf6b4b4bf 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -503,7 +503,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f
503 BT_DBG("sk %p timeo %ld", sk, timeo); 503 BT_DBG("sk %p timeo %ld", sk, timeo);
504 504
505 /* Wait for an incoming connection. (wake-one). */ 505 /* Wait for an incoming connection. (wake-one). */
506 add_wait_queue_exclusive(sk->sk_sleep, &wait); 506 add_wait_queue_exclusive(sk_sleep(sk), &wait);
507 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 507 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
508 set_current_state(TASK_INTERRUPTIBLE); 508 set_current_state(TASK_INTERRUPTIBLE);
509 if (!timeo) { 509 if (!timeo) {
@@ -526,7 +526,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f
526 } 526 }
527 } 527 }
528 set_current_state(TASK_RUNNING); 528 set_current_state(TASK_RUNNING);
529 remove_wait_queue(sk->sk_sleep, &wait); 529 remove_wait_queue(sk_sleep(sk), &wait);
530 530
531 if (err) 531 if (err)
532 goto done; 532 goto done;
@@ -621,7 +621,7 @@ static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
621{ 621{
622 DECLARE_WAITQUEUE(wait, current); 622 DECLARE_WAITQUEUE(wait, current);
623 623
624 add_wait_queue(sk->sk_sleep, &wait); 624 add_wait_queue(sk_sleep(sk), &wait);
625 for (;;) { 625 for (;;) {
626 set_current_state(TASK_INTERRUPTIBLE); 626 set_current_state(TASK_INTERRUPTIBLE);
627 627
@@ -640,7 +640,7 @@ static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
640 } 640 }
641 641
642 __set_current_state(TASK_RUNNING); 642 __set_current_state(TASK_RUNNING);
643 remove_wait_queue(sk->sk_sleep, &wait); 643 remove_wait_queue(sk_sleep(sk), &wait);
644 return timeo; 644 return timeo;
645} 645}
646 646
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index cab71ea2796d..309b6c261b25 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -1014,8 +1014,6 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1015 data_bits, stop_bits, parity, 1015 data_bits, stop_bits, parity,
1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1017
1018 return;
1019} 1017}
1020 1018
1021static void rfcomm_tty_throttle(struct tty_struct *tty) 1019static void rfcomm_tty_throttle(struct tty_struct *tty)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index ca6b2ad1c3fc..d0927d1fdada 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -165,11 +165,11 @@ static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct so
165 int err = 0; 165 int err = 0;
166 166
167 sco_conn_lock(conn); 167 sco_conn_lock(conn);
168 if (conn->sk) { 168 if (conn->sk)
169 err = -EBUSY; 169 err = -EBUSY;
170 } else { 170 else
171 __sco_chan_add(conn, sk, parent); 171 __sco_chan_add(conn, sk, parent);
172 } 172
173 sco_conn_unlock(conn); 173 sco_conn_unlock(conn);
174 return err; 174 return err;
175} 175}
@@ -241,22 +241,19 @@ static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
241 BT_DBG("sk %p len %d", sk, len); 241 BT_DBG("sk %p len %d", sk, len);
242 242
243 count = min_t(unsigned int, conn->mtu, len); 243 count = min_t(unsigned int, conn->mtu, len);
244 if (!(skb = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err))) 244 skb = bt_skb_send_alloc(sk, count,
245 msg->msg_flags & MSG_DONTWAIT, &err);
246 if (!skb)
245 return err; 247 return err;
246 248
247 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 249 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
248 err = -EFAULT; 250 kfree_skb(skb);
249 goto fail; 251 return -EFAULT;
250 } 252 }
251 253
252 if ((err = hci_send_sco(conn->hcon, skb)) < 0) 254 hci_send_sco(conn->hcon, skb);
253 return err;
254 255
255 return count; 256 return count;
256
257fail:
258 kfree_skb(skb);
259 return err;
260} 257}
261 258
262static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 259static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
@@ -276,7 +273,6 @@ static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
276 273
277drop: 274drop:
278 kfree_skb(skb); 275 kfree_skb(skb);
279 return;
280} 276}
281 277
282/* -------- Socket interface ---------- */ 278/* -------- Socket interface ---------- */
@@ -567,7 +563,7 @@ static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flag
567 BT_DBG("sk %p timeo %ld", sk, timeo); 563 BT_DBG("sk %p timeo %ld", sk, timeo);
568 564
569 /* Wait for an incoming connection. (wake-one). */ 565 /* Wait for an incoming connection. (wake-one). */
570 add_wait_queue_exclusive(sk->sk_sleep, &wait); 566 add_wait_queue_exclusive(sk_sleep(sk), &wait);
571 while (!(ch = bt_accept_dequeue(sk, newsock))) { 567 while (!(ch = bt_accept_dequeue(sk, newsock))) {
572 set_current_state(TASK_INTERRUPTIBLE); 568 set_current_state(TASK_INTERRUPTIBLE);
573 if (!timeo) { 569 if (!timeo) {
@@ -590,7 +586,7 @@ static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flag
590 } 586 }
591 } 587 }
592 set_current_state(TASK_RUNNING); 588 set_current_state(TASK_RUNNING);
593 remove_wait_queue(sk->sk_sleep, &wait); 589 remove_wait_queue(sk_sleep(sk), &wait);
594 590
595 if (err) 591 if (err)
596 goto done; 592 goto done;
@@ -626,7 +622,7 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
626 struct msghdr *msg, size_t len) 622 struct msghdr *msg, size_t len)
627{ 623{
628 struct sock *sk = sock->sk; 624 struct sock *sk = sock->sk;
629 int err = 0; 625 int err;
630 626
631 BT_DBG("sock %p, sk %p", sock, sk); 627 BT_DBG("sock %p, sk %p", sock, sk);
632 628
@@ -851,7 +847,8 @@ static void sco_conn_ready(struct sco_conn *conn)
851 847
852 bh_lock_sock(parent); 848 bh_lock_sock(parent);
853 849
854 sk = sco_sock_alloc(sock_net(parent), NULL, BTPROTO_SCO, GFP_ATOMIC); 850 sk = sco_sock_alloc(sock_net(parent), NULL,
851 BTPROTO_SCO, GFP_ATOMIC);
855 if (!sk) { 852 if (!sk) {
856 bh_unlock_sock(parent); 853 bh_unlock_sock(parent);
857 goto done; 854 goto done;
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 01:26:34 -0400