aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2009-08-31 00:30:39 -0400
committerDavid S. Miller <davem@davemloft.net>2009-08-31 00:30:39 -0400
commitb9caaabb995c6ff103e2457b9a36930b9699de7c (patch)
tree5e2fd04c5eb07ae1373c5c64250056e902982fa8 /net
parentfc57e515a2c02599b00d252545521288dfc0158a (diff)
parent7e7430908c3ccaf71f0851050c8ccaf9ecfb3b56 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-next-2.6
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/hci_conn.c17
-rw-r--r--net/bluetooth/hci_core.c2
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/hidp/core.c66
-rw-r--r--net/bluetooth/hidp/hidp.h2
-rw-r--r--net/bluetooth/l2cap.c1357
-rw-r--r--net/bluetooth/rfcomm/core.c69
-rw-r--r--net/bluetooth/sco.c49
9 files changed, 1419 insertions, 146 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 59fdb1d2e8ed..ed371684c133 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -34,6 +34,7 @@ menuconfig BT
34config BT_L2CAP 34config BT_L2CAP
35 tristate "L2CAP protocol support" 35 tristate "L2CAP protocol support"
36 depends on BT 36 depends on BT
37 select CRC16
37 help 38 help
38 L2CAP (Logical Link Control and Adaptation Protocol) provides 39 L2CAP (Logical Link Control and Adaptation Protocol) provides
39 connection oriented and connection-less data transport. L2CAP 40 connection oriented and connection-less data transport. L2CAP
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index fa47d5d84f5c..a9750984f772 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -246,6 +246,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
246 if (hdev->notify) 246 if (hdev->notify)
247 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 247 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
248 248
249 atomic_set(&conn->devref, 0);
250
249 hci_conn_init_sysfs(conn); 251 hci_conn_init_sysfs(conn);
250 252
251 tasklet_enable(&hdev->tx_task); 253 tasklet_enable(&hdev->tx_task);
@@ -288,7 +290,7 @@ int hci_conn_del(struct hci_conn *conn)
288 290
289 skb_queue_purge(&conn->data_q); 291 skb_queue_purge(&conn->data_q);
290 292
291 hci_conn_del_sysfs(conn); 293 hci_conn_put_device(conn);
292 294
293 hci_dev_put(hdev); 295 hci_dev_put(hdev);
294 296
@@ -583,6 +585,19 @@ void hci_conn_check_pending(struct hci_dev *hdev)
583 hci_dev_unlock(hdev); 585 hci_dev_unlock(hdev);
584} 586}
585 587
588void hci_conn_hold_device(struct hci_conn *conn)
589{
590 atomic_inc(&conn->devref);
591}
592EXPORT_SYMBOL(hci_conn_hold_device);
593
594void hci_conn_put_device(struct hci_conn *conn)
595{
596 if (atomic_dec_and_test(&conn->devref))
597 hci_conn_del_sysfs(conn);
598}
599EXPORT_SYMBOL(hci_conn_put_device);
600
586int hci_get_conn_list(void __user *arg) 601int hci_get_conn_list(void __user *arg)
587{ 602{
588 struct hci_conn_list_req req, *cl; 603 struct hci_conn_list_req req, *cl;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 406ad07cdea1..e1da8f68759c 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -911,7 +911,7 @@ int hci_register_dev(struct hci_dev *hdev)
911 hdev->reassembly[i] = NULL; 911 hdev->reassembly[i] = NULL;
912 912
913 init_waitqueue_head(&hdev->req_wait_q); 913 init_waitqueue_head(&hdev->req_wait_q);
914 init_MUTEX(&hdev->req_lock); 914 mutex_init(&hdev->req_lock);
915 915
916 inquiry_cache_init(hdev); 916 inquiry_cache_init(hdev);
917 917
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 184ba0a88ec0..e99fe385fba2 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -887,6 +887,7 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
887 } else 887 } else
888 conn->state = BT_CONNECTED; 888 conn->state = BT_CONNECTED;
889 889
890 hci_conn_hold_device(conn);
890 hci_conn_add_sysfs(conn); 891 hci_conn_add_sysfs(conn);
891 892
892 if (test_bit(HCI_AUTH, &hdev->flags)) 893 if (test_bit(HCI_AUTH, &hdev->flags))
@@ -1693,6 +1694,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1693 conn->handle = __le16_to_cpu(ev->handle); 1694 conn->handle = __le16_to_cpu(ev->handle);
1694 conn->state = BT_CONNECTED; 1695 conn->state = BT_CONNECTED;
1695 1696
1697 hci_conn_hold_device(conn);
1696 hci_conn_add_sysfs(conn); 1698 hci_conn_add_sysfs(conn);
1697 break; 1699 break;
1698 1700
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index b18676870d55..09bedeb5579c 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -40,6 +40,7 @@
40 40
41#include <linux/input.h> 41#include <linux/input.h>
42#include <linux/hid.h> 42#include <linux/hid.h>
43#include <linux/hidraw.h>
43 44
44#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h> 46#include <net/bluetooth/hci_core.h>
@@ -92,10 +93,14 @@ static void __hidp_link_session(struct hidp_session *session)
92{ 93{
93 __module_get(THIS_MODULE); 94 __module_get(THIS_MODULE);
94 list_add(&session->list, &hidp_session_list); 95 list_add(&session->list, &hidp_session_list);
96
97 hci_conn_hold_device(session->conn);
95} 98}
96 99
97static void __hidp_unlink_session(struct hidp_session *session) 100static void __hidp_unlink_session(struct hidp_session *session)
98{ 101{
102 hci_conn_put_device(session->conn);
103
99 list_del(&session->list); 104 list_del(&session->list);
100 module_put(THIS_MODULE); 105 module_put(THIS_MODULE);
101} 106}
@@ -374,6 +379,7 @@ static void hidp_process_hid_control(struct hidp_session *session,
374 379
375 /* Kill session thread */ 380 /* Kill session thread */
376 atomic_inc(&session->terminate); 381 atomic_inc(&session->terminate);
382 hidp_schedule(session);
377 } 383 }
378} 384}
379 385
@@ -573,7 +579,11 @@ static int hidp_session(void *arg)
573 if (session->hid) { 579 if (session->hid) {
574 if (session->hid->claimed & HID_CLAIMED_INPUT) 580 if (session->hid->claimed & HID_CLAIMED_INPUT)
575 hidinput_disconnect(session->hid); 581 hidinput_disconnect(session->hid);
582 if (session->hid->claimed & HID_CLAIMED_HIDRAW)
583 hidraw_disconnect(session->hid);
584
576 hid_destroy_device(session->hid); 585 hid_destroy_device(session->hid);
586 session->hid = NULL;
577 } 587 }
578 588
579 /* Wakeup user-space polling for socket errors */ 589 /* Wakeup user-space polling for socket errors */
@@ -601,25 +611,27 @@ static struct device *hidp_get_device(struct hidp_session *session)
601{ 611{
602 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
603 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
614 struct device *device = NULL;
604 struct hci_dev *hdev; 615 struct hci_dev *hdev;
605 struct hci_conn *conn;
606 616
607 hdev = hci_get_route(dst, src); 617 hdev = hci_get_route(dst, src);
608 if (!hdev) 618 if (!hdev)
609 return NULL; 619 return NULL;
610 620
611 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 621 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
622 if (session->conn)
623 device = &session->conn->dev;
612 624
613 hci_dev_put(hdev); 625 hci_dev_put(hdev);
614 626
615 return conn ? &conn->dev : NULL; 627 return device;
616} 628}
617 629
618static int hidp_setup_input(struct hidp_session *session, 630static int hidp_setup_input(struct hidp_session *session,
619 struct hidp_connadd_req *req) 631 struct hidp_connadd_req *req)
620{ 632{
621 struct input_dev *input; 633 struct input_dev *input;
622 int i; 634 int err, i;
623 635
624 input = input_allocate_device(); 636 input = input_allocate_device();
625 if (!input) 637 if (!input)
@@ -666,7 +678,13 @@ static int hidp_setup_input(struct hidp_session *session,
666 678
667 input->event = hidp_input_event; 679 input->event = hidp_input_event;
668 680
669 return input_register_device(input); 681 err = input_register_device(input);
682 if (err < 0) {
683 hci_conn_put_device(session->conn);
684 return err;
685 }
686
687 return 0;
670} 688}
671 689
672static int hidp_open(struct hid_device *hid) 690static int hidp_open(struct hid_device *hid)
@@ -748,13 +766,11 @@ static int hidp_setup_hid(struct hidp_session *session,
748{ 766{
749 struct hid_device *hid; 767 struct hid_device *hid;
750 bdaddr_t src, dst; 768 bdaddr_t src, dst;
751 int ret; 769 int err;
752 770
753 hid = hid_allocate_device(); 771 hid = hid_allocate_device();
754 if (IS_ERR(hid)) { 772 if (IS_ERR(hid))
755 ret = PTR_ERR(session->hid); 773 return PTR_ERR(session->hid);
756 goto err;
757 }
758 774
759 session->hid = hid; 775 session->hid = hid;
760 session->req = req; 776 session->req = req;
@@ -776,16 +792,17 @@ static int hidp_setup_hid(struct hidp_session *session,
776 hid->dev.parent = hidp_get_device(session); 792 hid->dev.parent = hidp_get_device(session);
777 hid->ll_driver = &hidp_hid_driver; 793 hid->ll_driver = &hidp_hid_driver;
778 794
779 ret = hid_add_device(hid); 795 err = hid_add_device(hid);
780 if (ret) 796 if (err < 0)
781 goto err_hid; 797 goto failed;
782 798
783 return 0; 799 return 0;
784err_hid: 800
801failed:
785 hid_destroy_device(hid); 802 hid_destroy_device(hid);
786 session->hid = NULL; 803 session->hid = NULL;
787err: 804
788 return ret; 805 return err;
789} 806}
790 807
791int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 808int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
@@ -835,13 +852,13 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
835 if (req->rd_size > 0) { 852 if (req->rd_size > 0) {
836 err = hidp_setup_hid(session, req); 853 err = hidp_setup_hid(session, req);
837 if (err && err != -ENODEV) 854 if (err && err != -ENODEV)
838 goto err_skb; 855 goto purge;
839 } 856 }
840 857
841 if (!session->hid) { 858 if (!session->hid) {
842 err = hidp_setup_input(session, req); 859 err = hidp_setup_input(session, req);
843 if (err < 0) 860 if (err < 0)
844 goto err_skb; 861 goto purge;
845 } 862 }
846 863
847 __hidp_link_session(session); 864 __hidp_link_session(session);
@@ -869,13 +886,20 @@ unlink:
869 886
870 __hidp_unlink_session(session); 887 __hidp_unlink_session(session);
871 888
872 if (session->input) 889 if (session->input) {
873 input_unregister_device(session->input); 890 input_unregister_device(session->input);
874 if (session->hid) 891 session->input = NULL;
892 }
893
894 if (session->hid) {
875 hid_destroy_device(session->hid); 895 hid_destroy_device(session->hid);
876err_skb: 896 session->hid = NULL;
897 }
898
899purge:
877 skb_queue_purge(&session->ctrl_transmit); 900 skb_queue_purge(&session->ctrl_transmit);
878 skb_queue_purge(&session->intr_transmit); 901 skb_queue_purge(&session->intr_transmit);
902
879failed: 903failed:
880 up_write(&hidp_session_sem); 904 up_write(&hidp_session_sem);
881 905
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index e503c89057ad..faf3d74c3586 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -126,6 +126,8 @@ int hidp_get_conninfo(struct hidp_conninfo *ci);
126struct hidp_session { 126struct hidp_session {
127 struct list_head list; 127 struct list_head list;
128 128
129 struct hci_conn *conn;
130
129 struct socket *ctrl_sock; 131 struct socket *ctrl_sock;
130 struct socket *intr_sock; 132 struct socket *intr_sock;
131 133
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index bd0a4c1bced0..b03012564647 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -41,6 +41,7 @@
41#include <linux/list.h> 41#include <linux/list.h>
42#include <linux/device.h> 42#include <linux/device.h>
43#include <linux/uaccess.h> 43#include <linux/uaccess.h>
44#include <linux/crc16.h>
44#include <net/sock.h> 45#include <net/sock.h>
45 46
46#include <asm/system.h> 47#include <asm/system.h>
@@ -50,7 +51,9 @@
50#include <net/bluetooth/hci_core.h> 51#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h> 52#include <net/bluetooth/l2cap.h>
52 53
53#define VERSION "2.13" 54#define VERSION "2.14"
55
56static int enable_ertm = 0;
54 57
55static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 58static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
56static u8 l2cap_fixed_chan[8] = { 0x02, }; 59static u8 l2cap_fixed_chan[8] = { 0x02, };
@@ -331,6 +334,48 @@ static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16
331 return hci_send_acl(conn->hcon, skb, 0); 334 return hci_send_acl(conn->hcon, skb, 0);
332} 335}
333 336
337static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
338{
339 struct sk_buff *skb;
340 struct l2cap_hdr *lh;
341 struct l2cap_conn *conn = pi->conn;
342 int count, hlen = L2CAP_HDR_SIZE + 2;
343
344 if (pi->fcs == L2CAP_FCS_CRC16)
345 hlen += 2;
346
347 BT_DBG("pi %p, control 0x%2.2x", pi, control);
348
349 count = min_t(unsigned int, conn->mtu, hlen);
350 control |= L2CAP_CTRL_FRAME_TYPE;
351
352 skb = bt_skb_alloc(count, GFP_ATOMIC);
353 if (!skb)
354 return -ENOMEM;
355
356 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
357 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
358 lh->cid = cpu_to_le16(pi->dcid);
359 put_unaligned_le16(control, skb_put(skb, 2));
360
361 if (pi->fcs == L2CAP_FCS_CRC16) {
362 u16 fcs = crc16(0, (u8 *)lh, count - 2);
363 put_unaligned_le16(fcs, skb_put(skb, 2));
364 }
365
366 return hci_send_acl(pi->conn->hcon, skb, 0);
367}
368
369static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
370{
371 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
372 control |= L2CAP_SUPER_RCV_NOT_READY;
373 else
374 control |= L2CAP_SUPER_RCV_READY;
375
376 return l2cap_send_sframe(pi, control);
377}
378
334static void l2cap_do_start(struct sock *sk) 379static void l2cap_do_start(struct sock *sk)
335{ 380{
336 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 381 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
@@ -364,6 +409,16 @@ static void l2cap_do_start(struct sock *sk)
364 } 409 }
365} 410}
366 411
412static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
413{
414 struct l2cap_disconn_req req;
415
416 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
417 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
418 l2cap_send_cmd(conn, l2cap_get_ident(conn),
419 L2CAP_DISCONN_REQ, sizeof(req), &req);
420}
421
367/* ---- L2CAP connections ---- */ 422/* ---- L2CAP connections ---- */
368static void l2cap_conn_start(struct l2cap_conn *conn) 423static void l2cap_conn_start(struct l2cap_conn *conn)
369{ 424{
@@ -648,15 +703,10 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
648 case BT_CONFIG: 703 case BT_CONFIG:
649 if (sk->sk_type == SOCK_SEQPACKET) { 704 if (sk->sk_type == SOCK_SEQPACKET) {
650 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 705 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
651 struct l2cap_disconn_req req;
652 706
653 sk->sk_state = BT_DISCONN; 707 sk->sk_state = BT_DISCONN;
654 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 708 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
655 709 l2cap_send_disconn_req(conn, sk);
656 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
657 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
658 l2cap_send_cmd(conn, l2cap_get_ident(conn),
659 L2CAP_DISCONN_REQ, sizeof(req), &req);
660 } else 710 } else
661 l2cap_chan_del(sk, reason); 711 l2cap_chan_del(sk, reason);
662 break; 712 break;
@@ -715,12 +765,16 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
715 765
716 pi->imtu = l2cap_pi(parent)->imtu; 766 pi->imtu = l2cap_pi(parent)->imtu;
717 pi->omtu = l2cap_pi(parent)->omtu; 767 pi->omtu = l2cap_pi(parent)->omtu;
768 pi->mode = l2cap_pi(parent)->mode;
769 pi->fcs = l2cap_pi(parent)->fcs;
718 pi->sec_level = l2cap_pi(parent)->sec_level; 770 pi->sec_level = l2cap_pi(parent)->sec_level;
719 pi->role_switch = l2cap_pi(parent)->role_switch; 771 pi->role_switch = l2cap_pi(parent)->role_switch;
720 pi->force_reliable = l2cap_pi(parent)->force_reliable; 772 pi->force_reliable = l2cap_pi(parent)->force_reliable;
721 } else { 773 } else {
722 pi->imtu = L2CAP_DEFAULT_MTU; 774 pi->imtu = L2CAP_DEFAULT_MTU;
723 pi->omtu = 0; 775 pi->omtu = 0;
776 pi->mode = L2CAP_MODE_BASIC;
777 pi->fcs = L2CAP_FCS_CRC16;
724 pi->sec_level = BT_SECURITY_LOW; 778 pi->sec_level = BT_SECURITY_LOW;
725 pi->role_switch = 0; 779 pi->role_switch = 0;
726 pi->force_reliable = 0; 780 pi->force_reliable = 0;
@@ -956,6 +1010,19 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
956 goto done; 1010 goto done;
957 } 1011 }
958 1012
1013 switch (l2cap_pi(sk)->mode) {
1014 case L2CAP_MODE_BASIC:
1015 break;
1016 case L2CAP_MODE_ERTM:
1017 case L2CAP_MODE_STREAMING:
1018 if (enable_ertm)
1019 break;
1020 /* fall through */
1021 default:
1022 err = -ENOTSUPP;
1023 goto done;
1024 }
1025
959 switch (sk->sk_state) { 1026 switch (sk->sk_state) {
960 case BT_CONNECT: 1027 case BT_CONNECT:
961 case BT_CONNECT2: 1028 case BT_CONNECT2:
@@ -1007,6 +1074,19 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
1007 goto done; 1074 goto done;
1008 } 1075 }
1009 1076
1077 switch (l2cap_pi(sk)->mode) {
1078 case L2CAP_MODE_BASIC:
1079 break;
1080 case L2CAP_MODE_ERTM:
1081 case L2CAP_MODE_STREAMING:
1082 if (enable_ertm)
1083 break;
1084 /* fall through */
1085 default:
1086 err = -ENOTSUPP;
1087 goto done;
1088 }
1089
1010 if (!l2cap_pi(sk)->psm) { 1090 if (!l2cap_pi(sk)->psm) {
1011 bdaddr_t *src = &bt_sk(sk)->src; 1091 bdaddr_t *src = &bt_sk(sk)->src;
1012 u16 psm; 1092 u16 psm;
@@ -1117,39 +1197,219 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
1117 return 0; 1197 return 0;
1118} 1198}
1119 1199
1120static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len) 1200static void l2cap_monitor_timeout(unsigned long arg)
1121{ 1201{
1122 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1202 struct sock *sk = (void *) arg;
1123 struct sk_buff *skb, **frag; 1203 u16 control;
1124 int err, hlen, count, sent = 0;
1125 struct l2cap_hdr *lh;
1126 1204
1127 BT_DBG("sk %p len %d", sk, len); 1205 bh_lock_sock(sk);
1206 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1207 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1208 return;
1209 }
1128 1210
1129 /* First fragment (with L2CAP header) */ 1211 l2cap_pi(sk)->retry_count++;
1130 if (sk->sk_type == SOCK_DGRAM) 1212 __mod_monitor_timer();
1131 hlen = L2CAP_HDR_SIZE + 2;
1132 else
1133 hlen = L2CAP_HDR_SIZE;
1134 1213
1135 count = min_t(unsigned int, (conn->mtu - hlen), len); 1214 control = L2CAP_CTRL_POLL;
1215 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1216 bh_unlock_sock(sk);
1217}
1136 1218
1137 skb = bt_skb_send_alloc(sk, hlen + count, 1219static void l2cap_retrans_timeout(unsigned long arg)
1138 msg->msg_flags & MSG_DONTWAIT, &err); 1220{
1139 if (!skb) 1221 struct sock *sk = (void *) arg;
1140 return err; 1222 u16 control;
1141 1223
1142 /* Create L2CAP header */ 1224 bh_lock_sock(sk);
1143 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1225 l2cap_pi(sk)->retry_count = 1;
1144 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1226 __mod_monitor_timer();
1145 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1227
1228 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1229
1230 control = L2CAP_CTRL_POLL;
1231 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1232 bh_unlock_sock(sk);
1233}
1234
1235static void l2cap_drop_acked_frames(struct sock *sk)
1236{
1237 struct sk_buff *skb;
1238
1239 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1240 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1241 break;
1242
1243 skb = skb_dequeue(TX_QUEUE(sk));
1244 kfree_skb(skb);
1245
1246 l2cap_pi(sk)->unacked_frames--;
1247 }
1248
1249 if (!l2cap_pi(sk)->unacked_frames)
1250 del_timer(&l2cap_pi(sk)->retrans_timer);
1146 1251
1147 if (sk->sk_type == SOCK_DGRAM) 1252 return;
1148 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2)); 1253}
1254
1255static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1256{
1257 struct l2cap_pinfo *pi = l2cap_pi(sk);
1258 int err;
1259
1260 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1261
1262 err = hci_send_acl(pi->conn->hcon, skb, 0);
1263 if (err < 0)
1264 kfree_skb(skb);
1265
1266 return err;
1267}
1268
1269static int l2cap_streaming_send(struct sock *sk)
1270{
1271 struct sk_buff *skb, *tx_skb;
1272 struct l2cap_pinfo *pi = l2cap_pi(sk);
1273 u16 control, fcs;
1274 int err;
1275
1276 while ((skb = sk->sk_send_head)) {
1277 tx_skb = skb_clone(skb, GFP_ATOMIC);
1278
1279 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1280 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1281 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1282
1283 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1284 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1285 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1286 }
1287
1288 err = l2cap_do_send(sk, tx_skb);
1289 if (err < 0) {
1290 l2cap_send_disconn_req(pi->conn, sk);
1291 return err;
1292 }
1293
1294 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1295
1296 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1297 sk->sk_send_head = NULL;
1298 else
1299 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1300
1301 skb = skb_dequeue(TX_QUEUE(sk));
1302 kfree_skb(skb);
1303 }
1304 return 0;
1305}
1306
1307static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1308{
1309 struct l2cap_pinfo *pi = l2cap_pi(sk);
1310 struct sk_buff *skb, *tx_skb;
1311 u16 control, fcs;
1312 int err;
1313
1314 skb = skb_peek(TX_QUEUE(sk));
1315 do {
1316 if (bt_cb(skb)->tx_seq != tx_seq) {
1317 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1318 break;
1319 skb = skb_queue_next(TX_QUEUE(sk), skb);
1320 continue;
1321 }
1322
1323 if (pi->remote_max_tx &&
1324 bt_cb(skb)->retries == pi->remote_max_tx) {
1325 l2cap_send_disconn_req(pi->conn, sk);
1326 break;
1327 }
1328
1329 tx_skb = skb_clone(skb, GFP_ATOMIC);
1330 bt_cb(skb)->retries++;
1331 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1332 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1333 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1334 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1335
1336 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1337 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1338 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1339 }
1340
1341 err = l2cap_do_send(sk, tx_skb);
1342 if (err < 0) {
1343 l2cap_send_disconn_req(pi->conn, sk);
1344 return err;
1345 }
1346 break;
1347 } while(1);
1348 return 0;
1349}
1350
1351static int l2cap_ertm_send(struct sock *sk)
1352{
1353 struct sk_buff *skb, *tx_skb;
1354 struct l2cap_pinfo *pi = l2cap_pi(sk);
1355 u16 control, fcs;
1356 int err;
1357
1358 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1359 return 0;
1360
1361 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))
1362 && !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1363 tx_skb = skb_clone(skb, GFP_ATOMIC);
1364
1365 if (pi->remote_max_tx &&
1366 bt_cb(skb)->retries == pi->remote_max_tx) {
1367 l2cap_send_disconn_req(pi->conn, sk);
1368 break;
1369 }
1370
1371 bt_cb(skb)->retries++;
1372
1373 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1374 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1375 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1376 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1377
1378
1379 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1380 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1381 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1382 }
1383
1384 err = l2cap_do_send(sk, tx_skb);
1385 if (err < 0) {
1386 l2cap_send_disconn_req(pi->conn, sk);
1387 return err;
1388 }
1389 __mod_retrans_timer();
1390
1391 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1392 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1393
1394 pi->unacked_frames++;
1395
1396 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1397 sk->sk_send_head = NULL;
1398 else
1399 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1400 }
1401
1402 return 0;
1403}
1404
1405static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1406{
1407 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1408 struct sk_buff **frag;
1409 int err, sent = 0;
1149 1410
1150 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 1411 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1151 err = -EFAULT; 1412 return -EFAULT;
1152 goto fail;
1153 } 1413 }
1154 1414
1155 sent += count; 1415 sent += count;
@@ -1162,33 +1422,173 @@ static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1162 1422
1163 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err); 1423 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1164 if (!*frag) 1424 if (!*frag)
1165 goto fail; 1425 return -EFAULT;
1166 1426 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1167 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) { 1427 return -EFAULT;
1168 err = -EFAULT;
1169 goto fail;
1170 }
1171 1428
1172 sent += count; 1429 sent += count;
1173 len -= count; 1430 len -= count;
1174 1431
1175 frag = &(*frag)->next; 1432 frag = &(*frag)->next;
1176 } 1433 }
1177 err = hci_send_acl(conn->hcon, skb, 0);
1178 if (err < 0)
1179 goto fail;
1180 1434
1181 return sent; 1435 return sent;
1436}
1182 1437
1183fail: 1438static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1184 kfree_skb(skb); 1439{
1185 return err; 1440 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1441 struct sk_buff *skb;
1442 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1443 struct l2cap_hdr *lh;
1444
1445 BT_DBG("sk %p len %d", sk, (int)len);
1446
1447 count = min_t(unsigned int, (conn->mtu - hlen), len);
1448 skb = bt_skb_send_alloc(sk, count + hlen,
1449 msg->msg_flags & MSG_DONTWAIT, &err);
1450 if (!skb)
1451 return ERR_PTR(-ENOMEM);
1452
1453 /* Create L2CAP header */
1454 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1455 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1456 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1457 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1458
1459 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1460 if (unlikely(err < 0)) {
1461 kfree_skb(skb);
1462 return ERR_PTR(err);
1463 }
1464 return skb;
1465}
1466
1467static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1468{
1469 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1470 struct sk_buff *skb;
1471 int err, count, hlen = L2CAP_HDR_SIZE;
1472 struct l2cap_hdr *lh;
1473
1474 BT_DBG("sk %p len %d", sk, (int)len);
1475
1476 count = min_t(unsigned int, (conn->mtu - hlen), len);
1477 skb = bt_skb_send_alloc(sk, count + hlen,
1478 msg->msg_flags & MSG_DONTWAIT, &err);
1479 if (!skb)
1480 return ERR_PTR(-ENOMEM);
1481
1482 /* Create L2CAP header */
1483 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1484 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1485 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1486
1487 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1488 if (unlikely(err < 0)) {
1489 kfree_skb(skb);
1490 return ERR_PTR(err);
1491 }
1492 return skb;
1493}
1494
1495static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1496{
1497 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1498 struct sk_buff *skb;
1499 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1500 struct l2cap_hdr *lh;
1501
1502 BT_DBG("sk %p len %d", sk, (int)len);
1503
1504 if (sdulen)
1505 hlen += 2;
1506
1507 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1508 hlen += 2;
1509
1510 count = min_t(unsigned int, (conn->mtu - hlen), len);
1511 skb = bt_skb_send_alloc(sk, count + hlen,
1512 msg->msg_flags & MSG_DONTWAIT, &err);
1513 if (!skb)
1514 return ERR_PTR(-ENOMEM);
1515
1516 /* Create L2CAP header */
1517 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1518 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1519 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1520 put_unaligned_le16(control, skb_put(skb, 2));
1521 if (sdulen)
1522 put_unaligned_le16(sdulen, skb_put(skb, 2));
1523
1524 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1525 if (unlikely(err < 0)) {
1526 kfree_skb(skb);
1527 return ERR_PTR(err);
1528 }
1529
1530 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1531 put_unaligned_le16(0, skb_put(skb, 2));
1532
1533 bt_cb(skb)->retries = 0;
1534 return skb;
1535}
1536
1537static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1538{
1539 struct l2cap_pinfo *pi = l2cap_pi(sk);
1540 struct sk_buff *skb;
1541 struct sk_buff_head sar_queue;
1542 u16 control;
1543 size_t size = 0;
1544
1545 __skb_queue_head_init(&sar_queue);
1546 control = L2CAP_SDU_START;
1547 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1548 if (IS_ERR(skb))
1549 return PTR_ERR(skb);
1550
1551 __skb_queue_tail(&sar_queue, skb);
1552 len -= pi->max_pdu_size;
1553 size +=pi->max_pdu_size;
1554 control = 0;
1555
1556 while (len > 0) {
1557 size_t buflen;
1558
1559 if (len > pi->max_pdu_size) {
1560 control |= L2CAP_SDU_CONTINUE;
1561 buflen = pi->max_pdu_size;
1562 } else {
1563 control |= L2CAP_SDU_END;
1564 buflen = len;
1565 }
1566
1567 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1568 if (IS_ERR(skb)) {
1569 skb_queue_purge(&sar_queue);
1570 return PTR_ERR(skb);
1571 }
1572
1573 __skb_queue_tail(&sar_queue, skb);
1574 len -= buflen;
1575 size += buflen;
1576 control = 0;
1577 }
1578 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1579 if (sk->sk_send_head == NULL)
1580 sk->sk_send_head = sar_queue.next;
1581
1582 return size;
1186} 1583}
1187 1584
1188static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 1585static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1189{ 1586{
1190 struct sock *sk = sock->sk; 1587 struct sock *sk = sock->sk;
1191 int err = 0; 1588 struct l2cap_pinfo *pi = l2cap_pi(sk);
1589 struct sk_buff *skb;
1590 u16 control;
1591 int err;
1192 1592
1193 BT_DBG("sock %p, sk %p", sock, sk); 1593 BT_DBG("sock %p, sk %p", sock, sk);
1194 1594
@@ -1200,16 +1600,73 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1200 return -EOPNOTSUPP; 1600 return -EOPNOTSUPP;
1201 1601
1202 /* Check outgoing MTU */ 1602 /* Check outgoing MTU */
1203 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu) 1603 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC
1604 && len > pi->omtu)
1204 return -EINVAL; 1605 return -EINVAL;
1205 1606
1206 lock_sock(sk); 1607 lock_sock(sk);
1207 1608
1208 if (sk->sk_state == BT_CONNECTED) 1609 if (sk->sk_state != BT_CONNECTED) {
1209 err = l2cap_do_send(sk, msg, len);
1210 else
1211 err = -ENOTCONN; 1610 err = -ENOTCONN;
1611 goto done;
1612 }
1613
1614 /* Connectionless channel */
1615 if (sk->sk_type == SOCK_DGRAM) {
1616 skb = l2cap_create_connless_pdu(sk, msg, len);
1617 err = l2cap_do_send(sk, skb);
1618 goto done;
1619 }
1620
1621 switch (pi->mode) {
1622 case L2CAP_MODE_BASIC:
1623 /* Create a basic PDU */
1624 skb = l2cap_create_basic_pdu(sk, msg, len);
1625 if (IS_ERR(skb)) {
1626 err = PTR_ERR(skb);
1627 goto done;
1628 }
1629
1630 err = l2cap_do_send(sk, skb);
1631 if (!err)
1632 err = len;
1633 break;
1634
1635 case L2CAP_MODE_ERTM:
1636 case L2CAP_MODE_STREAMING:
1637 /* Entire SDU fits into one PDU */
1638 if (len <= pi->max_pdu_size) {
1639 control = L2CAP_SDU_UNSEGMENTED;
1640 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1641 if (IS_ERR(skb)) {
1642 err = PTR_ERR(skb);
1643 goto done;
1644 }
1645 __skb_queue_tail(TX_QUEUE(sk), skb);
1646 if (sk->sk_send_head == NULL)
1647 sk->sk_send_head = skb;
1648 } else {
1649 /* Segment SDU into multiples PDUs */
1650 err = l2cap_sar_segment_sdu(sk, msg, len);
1651 if (err < 0)
1652 goto done;
1653 }
1654
1655 if (pi->mode == L2CAP_MODE_STREAMING)
1656 err = l2cap_streaming_send(sk);
1657 else
1658 err = l2cap_ertm_send(sk);
1659
1660 if (!err)
1661 err = len;
1662 break;
1663
1664 default:
1665 BT_DBG("bad state %1.1x", pi->mode);
1666 err = -EINVAL;
1667 }
1212 1668
1669done:
1213 release_sock(sk); 1670 release_sock(sk);
1214 return err; 1671 return err;
1215} 1672}
@@ -1257,7 +1714,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1257 opts.imtu = l2cap_pi(sk)->imtu; 1714 opts.imtu = l2cap_pi(sk)->imtu;
1258 opts.omtu = l2cap_pi(sk)->omtu; 1715 opts.omtu = l2cap_pi(sk)->omtu;
1259 opts.flush_to = l2cap_pi(sk)->flush_to; 1716 opts.flush_to = l2cap_pi(sk)->flush_to;
1260 opts.mode = L2CAP_MODE_BASIC; 1717 opts.mode = l2cap_pi(sk)->mode;
1718 opts.fcs = l2cap_pi(sk)->fcs;
1261 1719
1262 len = min_t(unsigned int, sizeof(opts), optlen); 1720 len = min_t(unsigned int, sizeof(opts), optlen);
1263 if (copy_from_user((char *) &opts, optval, len)) { 1721 if (copy_from_user((char *) &opts, optval, len)) {
@@ -1265,8 +1723,10 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1265 break; 1723 break;
1266 } 1724 }
1267 1725
1268 l2cap_pi(sk)->imtu = opts.imtu; 1726 l2cap_pi(sk)->imtu = opts.imtu;
1269 l2cap_pi(sk)->omtu = opts.omtu; 1727 l2cap_pi(sk)->omtu = opts.omtu;
1728 l2cap_pi(sk)->mode = opts.mode;
1729 l2cap_pi(sk)->fcs = opts.fcs;
1270 break; 1730 break;
1271 1731
1272 case L2CAP_LM: 1732 case L2CAP_LM:
@@ -1379,7 +1839,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
1379 opts.imtu = l2cap_pi(sk)->imtu; 1839 opts.imtu = l2cap_pi(sk)->imtu;
1380 opts.omtu = l2cap_pi(sk)->omtu; 1840 opts.omtu = l2cap_pi(sk)->omtu;
1381 opts.flush_to = l2cap_pi(sk)->flush_to; 1841 opts.flush_to = l2cap_pi(sk)->flush_to;
1382 opts.mode = L2CAP_MODE_BASIC; 1842 opts.mode = l2cap_pi(sk)->mode;
1843 opts.fcs = l2cap_pi(sk)->fcs;
1383 1844
1384 len = min_t(unsigned int, len, sizeof(opts)); 1845 len = min_t(unsigned int, len, sizeof(opts));
1385 if (copy_to_user(optval, (char *) &opts, len)) 1846 if (copy_to_user(optval, (char *) &opts, len))
@@ -1708,16 +2169,108 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1708 *ptr += L2CAP_CONF_OPT_SIZE + len; 2169 *ptr += L2CAP_CONF_OPT_SIZE + len;
1709} 2170}
1710 2171
2172static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2173{
2174 u32 local_feat_mask = l2cap_feat_mask;
2175 if (enable_ertm)
2176 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2177
2178 switch (mode) {
2179 case L2CAP_MODE_ERTM:
2180 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2181 case L2CAP_MODE_STREAMING:
2182 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2183 default:
2184 return 0x00;
2185 }
2186}
2187
2188static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2189{
2190 switch (mode) {
2191 case L2CAP_MODE_STREAMING:
2192 case L2CAP_MODE_ERTM:
2193 if (l2cap_mode_supported(mode, remote_feat_mask))
2194 return mode;
2195 /* fall through */
2196 default:
2197 return L2CAP_MODE_BASIC;
2198 }
2199}
2200
1711static int l2cap_build_conf_req(struct sock *sk, void *data) 2201static int l2cap_build_conf_req(struct sock *sk, void *data)
1712{ 2202{
1713 struct l2cap_pinfo *pi = l2cap_pi(sk); 2203 struct l2cap_pinfo *pi = l2cap_pi(sk);
1714 struct l2cap_conf_req *req = data; 2204 struct l2cap_conf_req *req = data;
2205 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_ERTM };
1715 void *ptr = req->data; 2206 void *ptr = req->data;
1716 2207
1717 BT_DBG("sk %p", sk); 2208 BT_DBG("sk %p", sk);
1718 2209
1719 if (pi->imtu != L2CAP_DEFAULT_MTU) 2210 if (pi->num_conf_req || pi->num_conf_rsp)
1720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 2211 goto done;
2212
2213 switch (pi->mode) {
2214 case L2CAP_MODE_STREAMING:
2215 case L2CAP_MODE_ERTM:
2216 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2217 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2218 l2cap_send_disconn_req(pi->conn, sk);
2219 break;
2220 default:
2221 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2222 break;
2223 }
2224
2225done:
2226 switch (pi->mode) {
2227 case L2CAP_MODE_BASIC:
2228 if (pi->imtu != L2CAP_DEFAULT_MTU)
2229 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2230 break;
2231
2232 case L2CAP_MODE_ERTM:
2233 rfc.mode = L2CAP_MODE_ERTM;
2234 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2235 rfc.max_transmit = L2CAP_DEFAULT_MAX_TX;
2236 rfc.retrans_timeout = 0;
2237 rfc.monitor_timeout = 0;
2238 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2239
2240 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2241 sizeof(rfc), (unsigned long) &rfc);
2242
2243 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2244 break;
2245
2246 if (pi->fcs == L2CAP_FCS_NONE ||
2247 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2248 pi->fcs = L2CAP_FCS_NONE;
2249 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2250 }
2251 break;
2252
2253 case L2CAP_MODE_STREAMING:
2254 rfc.mode = L2CAP_MODE_STREAMING;
2255 rfc.txwin_size = 0;
2256 rfc.max_transmit = 0;
2257 rfc.retrans_timeout = 0;
2258 rfc.monitor_timeout = 0;
2259 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2260
2261 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2262 sizeof(rfc), (unsigned long) &rfc);
2263
2264 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2265 break;
2266
2267 if (pi->fcs == L2CAP_FCS_NONE ||
2268 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2269 pi->fcs = L2CAP_FCS_NONE;
2270 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2271 }
2272 break;
2273 }
1721 2274
1722 /* FIXME: Need actual value of the flush timeout */ 2275 /* FIXME: Need actual value of the flush timeout */
1723 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO) 2276 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
@@ -1767,6 +2320,12 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1767 memcpy(&rfc, (void *) val, olen); 2320 memcpy(&rfc, (void *) val, olen);
1768 break; 2321 break;
1769 2322
2323 case L2CAP_CONF_FCS:
2324 if (val == L2CAP_FCS_NONE)
2325 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2326
2327 break;
2328
1770 default: 2329 default:
1771 if (hint) 2330 if (hint)
1772 break; 2331 break;
@@ -1777,30 +2336,83 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1777 } 2336 }
1778 } 2337 }
1779 2338
2339 if (pi->num_conf_rsp || pi->num_conf_req)
2340 goto done;
2341
2342 switch (pi->mode) {
2343 case L2CAP_MODE_STREAMING:
2344 case L2CAP_MODE_ERTM:
2345 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2346 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2347 return -ECONNREFUSED;
2348 break;
2349 default:
2350 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2351 break;
2352 }
2353
2354done:
2355 if (pi->mode != rfc.mode) {
2356 result = L2CAP_CONF_UNACCEPT;
2357 rfc.mode = pi->mode;
2358
2359 if (pi->num_conf_rsp == 1)
2360 return -ECONNREFUSED;
2361
2362 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2363 sizeof(rfc), (unsigned long) &rfc);
2364 }
2365
2366
1780 if (result == L2CAP_CONF_SUCCESS) { 2367 if (result == L2CAP_CONF_SUCCESS) {
1781 /* Configure output options and let the other side know 2368 /* Configure output options and let the other side know
1782 * which ones we don't like. */ 2369 * which ones we don't like. */
1783 2370
1784 if (rfc.mode == L2CAP_MODE_BASIC) { 2371 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1785 if (mtu < pi->omtu) 2372 result = L2CAP_CONF_UNACCEPT;
1786 result = L2CAP_CONF_UNACCEPT; 2373 else {
1787 else { 2374 pi->omtu = mtu;
1788 pi->omtu = mtu; 2375 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1789 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; 2376 }
1790 } 2377 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1791 2378
1792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); 2379 switch (rfc.mode) {
1793 } else { 2380 case L2CAP_MODE_BASIC:
2381 pi->fcs = L2CAP_FCS_NONE;
2382 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2383 break;
2384
2385 case L2CAP_MODE_ERTM:
2386 pi->remote_tx_win = rfc.txwin_size;
2387 pi->remote_max_tx = rfc.max_transmit;
2388 pi->max_pdu_size = rfc.max_pdu_size;
2389
2390 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2391 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2392
2393 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2394 break;
2395
2396 case L2CAP_MODE_STREAMING:
2397 pi->remote_tx_win = rfc.txwin_size;
2398 pi->max_pdu_size = rfc.max_pdu_size;
2399
2400 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2401 break;
2402
2403 default:
1794 result = L2CAP_CONF_UNACCEPT; 2404 result = L2CAP_CONF_UNACCEPT;
1795 2405
1796 memset(&rfc, 0, sizeof(rfc)); 2406 memset(&rfc, 0, sizeof(rfc));
1797 rfc.mode = L2CAP_MODE_BASIC; 2407 rfc.mode = pi->mode;
1798
1799 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1800 sizeof(rfc), (unsigned long) &rfc);
1801 } 2408 }
1802 }
1803 2409
2410 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2411 sizeof(rfc), (unsigned long) &rfc);
2412
2413 if (result == L2CAP_CONF_SUCCESS)
2414 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2415 }
1804 rsp->scid = cpu_to_le16(pi->dcid); 2416 rsp->scid = cpu_to_le16(pi->dcid);
1805 rsp->result = cpu_to_le16(result); 2417 rsp->result = cpu_to_le16(result);
1806 rsp->flags = cpu_to_le16(0x0000); 2418 rsp->flags = cpu_to_le16(0x0000);
@@ -1808,6 +2420,73 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1808 return ptr - data; 2420 return ptr - data;
1809} 2421}
1810 2422
2423static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2424{
2425 struct l2cap_pinfo *pi = l2cap_pi(sk);
2426 struct l2cap_conf_req *req = data;
2427 void *ptr = req->data;
2428 int type, olen;
2429 unsigned long val;
2430 struct l2cap_conf_rfc rfc;
2431
2432 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2433
2434 while (len >= L2CAP_CONF_OPT_SIZE) {
2435 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2436
2437 switch (type) {
2438 case L2CAP_CONF_MTU:
2439 if (val < L2CAP_DEFAULT_MIN_MTU) {
2440 *result = L2CAP_CONF_UNACCEPT;
2441 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2442 } else
2443 pi->omtu = val;
2444 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2445 break;
2446
2447 case L2CAP_CONF_FLUSH_TO:
2448 pi->flush_to = val;
2449 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2450 2, pi->flush_to);
2451 break;
2452
2453 case L2CAP_CONF_RFC:
2454 if (olen == sizeof(rfc))
2455 memcpy(&rfc, (void *)val, olen);
2456
2457 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2458 rfc.mode != pi->mode)
2459 return -ECONNREFUSED;
2460
2461 pi->mode = rfc.mode;
2462 pi->fcs = 0;
2463
2464 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2465 sizeof(rfc), (unsigned long) &rfc);
2466 break;
2467 }
2468 }
2469
2470 if (*result == L2CAP_CONF_SUCCESS) {
2471 switch (rfc.mode) {
2472 case L2CAP_MODE_ERTM:
2473 pi->remote_tx_win = rfc.txwin_size;
2474 pi->retrans_timeout = rfc.retrans_timeout;
2475 pi->monitor_timeout = rfc.monitor_timeout;
2476 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2477 break;
2478 case L2CAP_MODE_STREAMING:
2479 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2480 break;
2481 }
2482 }
2483
2484 req->dcid = cpu_to_le16(pi->dcid);
2485 req->flags = cpu_to_le16(0x0000);
2486
2487 return ptr - data;
2488}
2489
1811static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) 2490static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1812{ 2491{
1813 struct l2cap_conf_rsp *rsp = data; 2492 struct l2cap_conf_rsp *rsp = data;
@@ -1994,6 +2673,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
1994 2673
1995 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2674 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1996 l2cap_build_conf_req(sk, req), req); 2675 l2cap_build_conf_req(sk, req), req);
2676 l2cap_pi(sk)->num_conf_req++;
1997 break; 2677 break;
1998 2678
1999 case L2CAP_CR_PEND: 2679 case L2CAP_CR_PEND:
@@ -2052,10 +2732,13 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2052 2732
2053 /* Complete config. */ 2733 /* Complete config. */
2054 len = l2cap_parse_conf_req(sk, rsp); 2734 len = l2cap_parse_conf_req(sk, rsp);
2055 if (len < 0) 2735 if (len < 0) {
2736 l2cap_send_disconn_req(conn, sk);
2056 goto unlock; 2737 goto unlock;
2738 }
2057 2739
2058 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 2740 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2741 l2cap_pi(sk)->num_conf_rsp++;
2059 2742
2060 /* Reset config buffer. */ 2743 /* Reset config buffer. */
2061 l2cap_pi(sk)->conf_len = 0; 2744 l2cap_pi(sk)->conf_len = 0;
@@ -2064,7 +2747,22 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2064 goto unlock; 2747 goto unlock;
2065 2748
2066 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 2749 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2750 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV)
2751 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2752 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2753
2067 sk->sk_state = BT_CONNECTED; 2754 sk->sk_state = BT_CONNECTED;
2755 l2cap_pi(sk)->next_tx_seq = 0;
2756 l2cap_pi(sk)->expected_ack_seq = 0;
2757 l2cap_pi(sk)->unacked_frames = 0;
2758
2759 setup_timer(&l2cap_pi(sk)->retrans_timer,
2760 l2cap_retrans_timeout, (unsigned long) sk);
2761 setup_timer(&l2cap_pi(sk)->monitor_timer,
2762 l2cap_monitor_timeout, (unsigned long) sk);
2763
2764 __skb_queue_head_init(TX_QUEUE(sk));
2765 __skb_queue_head_init(SREJ_QUEUE(sk));
2068 l2cap_chan_ready(sk); 2766 l2cap_chan_ready(sk);
2069 goto unlock; 2767 goto unlock;
2070 } 2768 }
@@ -2073,6 +2771,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2073 u8 buf[64]; 2771 u8 buf[64];
2074 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2772 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2075 l2cap_build_conf_req(sk, buf), buf); 2773 l2cap_build_conf_req(sk, buf), buf);
2774 l2cap_pi(sk)->num_conf_req++;
2076 } 2775 }
2077 2776
2078unlock: 2777unlock:
@@ -2102,29 +2801,32 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2102 break; 2801 break;
2103 2802
2104 case L2CAP_CONF_UNACCEPT: 2803 case L2CAP_CONF_UNACCEPT:
2105 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) { 2804 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2106 char req[128]; 2805 int len = cmd->len - sizeof(*rsp);
2107 /* It does not make sense to adjust L2CAP parameters 2806 char req[64];
2108 * that are currently defined in the spec. We simply 2807
2109 * resend config request that we sent earlier. It is 2808 /* throw out any old stored conf requests */
2110 * stupid, but it helps qualification testing which 2809 result = L2CAP_CONF_SUCCESS;
2111 * expects at least some response from us. */ 2810 len = l2cap_parse_conf_rsp(sk, rsp->data,
2112 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2811 len, req, &result);
2113 l2cap_build_conf_req(sk, req), req); 2812 if (len < 0) {
2114 goto done; 2813 l2cap_send_disconn_req(conn, sk);
2814 goto done;
2815 }
2816
2817 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2818 L2CAP_CONF_REQ, len, req);
2819 l2cap_pi(sk)->num_conf_req++;
2820 if (result != L2CAP_CONF_SUCCESS)
2821 goto done;
2822 break;
2115 } 2823 }
2116 2824
2117 default: 2825 default:
2118 sk->sk_state = BT_DISCONN; 2826 sk->sk_state = BT_DISCONN;
2119 sk->sk_err = ECONNRESET; 2827 sk->sk_err = ECONNRESET;
2120 l2cap_sock_set_timer(sk, HZ * 5); 2828 l2cap_sock_set_timer(sk, HZ * 5);
2121 { 2829 l2cap_send_disconn_req(conn, sk);
2122 struct l2cap_disconn_req req;
2123 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2124 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2125 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2126 L2CAP_DISCONN_REQ, sizeof(req), &req);
2127 }
2128 goto done; 2830 goto done;
2129 } 2831 }
2130 2832
@@ -2134,7 +2836,16 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2134 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2836 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2135 2837
2136 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2838 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2839 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV)
2840 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2841 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2842
2137 sk->sk_state = BT_CONNECTED; 2843 sk->sk_state = BT_CONNECTED;
2844 l2cap_pi(sk)->expected_tx_seq = 0;
2845 l2cap_pi(sk)->buffer_seq = 0;
2846 l2cap_pi(sk)->num_to_ack = 0;
2847 __skb_queue_head_init(TX_QUEUE(sk));
2848 __skb_queue_head_init(SREJ_QUEUE(sk));
2138 l2cap_chan_ready(sk); 2849 l2cap_chan_ready(sk);
2139 } 2850 }
2140 2851
@@ -2165,6 +2876,11 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2165 2876
2166 sk->sk_shutdown = SHUTDOWN_MASK; 2877 sk->sk_shutdown = SHUTDOWN_MASK;
2167 2878
2879 skb_queue_purge(TX_QUEUE(sk));
2880 skb_queue_purge(SREJ_QUEUE(sk));
2881 del_timer(&l2cap_pi(sk)->retrans_timer);
2882 del_timer(&l2cap_pi(sk)->monitor_timer);
2883
2168 l2cap_chan_del(sk, ECONNRESET); 2884 l2cap_chan_del(sk, ECONNRESET);
2169 bh_unlock_sock(sk); 2885 bh_unlock_sock(sk);
2170 2886
@@ -2187,6 +2903,11 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2187 if (!sk) 2903 if (!sk)
2188 return 0; 2904 return 0;
2189 2905
2906 skb_queue_purge(TX_QUEUE(sk));
2907 skb_queue_purge(SREJ_QUEUE(sk));
2908 del_timer(&l2cap_pi(sk)->retrans_timer);
2909 del_timer(&l2cap_pi(sk)->monitor_timer);
2910
2190 l2cap_chan_del(sk, 0); 2911 l2cap_chan_del(sk, 0);
2191 bh_unlock_sock(sk); 2912 bh_unlock_sock(sk);
2192 2913
@@ -2205,10 +2926,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
2205 2926
2206 if (type == L2CAP_IT_FEAT_MASK) { 2927 if (type == L2CAP_IT_FEAT_MASK) {
2207 u8 buf[8]; 2928 u8 buf[8];
2929 u32 feat_mask = l2cap_feat_mask;
2208 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 2930 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2209 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 2931 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2210 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); 2932 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2211 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data); 2933 if (enable_ertm)
2934 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2935 | L2CAP_FEAT_FCS;
2936 put_unaligned_le32(feat_mask, rsp->data);
2212 l2cap_send_cmd(conn, cmd->ident, 2937 l2cap_send_cmd(conn, cmd->ident,
2213 L2CAP_INFO_RSP, sizeof(buf), buf); 2938 L2CAP_INFO_RSP, sizeof(buf), buf);
2214 } else if (type == L2CAP_IT_FIXED_CHAN) { 2939 } else if (type == L2CAP_IT_FIXED_CHAN) {
@@ -2359,9 +3084,374 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *sk
2359 kfree_skb(skb); 3084 kfree_skb(skb);
2360} 3085}
2361 3086
3087static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3088{
3089 u16 our_fcs, rcv_fcs;
3090 int hdr_size = L2CAP_HDR_SIZE + 2;
3091
3092 if (pi->fcs == L2CAP_FCS_CRC16) {
3093 skb_trim(skb, skb->len - 2);
3094 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3095 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3096
3097 if (our_fcs != rcv_fcs)
3098 return -EINVAL;
3099 }
3100 return 0;
3101}
3102
3103static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3104{
3105 struct sk_buff *next_skb;
3106
3107 bt_cb(skb)->tx_seq = tx_seq;
3108 bt_cb(skb)->sar = sar;
3109
3110 next_skb = skb_peek(SREJ_QUEUE(sk));
3111 if (!next_skb) {
3112 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3113 return;
3114 }
3115
3116 do {
3117 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3118 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3119 return;
3120 }
3121
3122 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3123 break;
3124
3125 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3126
3127 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3128}
3129
3130static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3131{
3132 struct l2cap_pinfo *pi = l2cap_pi(sk);
3133 struct sk_buff *_skb;
3134 int err = -EINVAL;
3135
3136 switch (control & L2CAP_CTRL_SAR) {
3137 case L2CAP_SDU_UNSEGMENTED:
3138 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3139 kfree_skb(pi->sdu);
3140 break;
3141 }
3142
3143 err = sock_queue_rcv_skb(sk, skb);
3144 if (!err)
3145 return 0;
3146
3147 break;
3148
3149 case L2CAP_SDU_START:
3150 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3151 kfree_skb(pi->sdu);
3152 break;
3153 }
3154
3155 pi->sdu_len = get_unaligned_le16(skb->data);
3156 skb_pull(skb, 2);
3157
3158 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3159 if (!pi->sdu) {
3160 err = -ENOMEM;
3161 break;
3162 }
3163
3164 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3165
3166 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3167 pi->partial_sdu_len = skb->len;
3168 err = 0;
3169 break;
3170
3171 case L2CAP_SDU_CONTINUE:
3172 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3173 break;
3174
3175 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3176
3177 pi->partial_sdu_len += skb->len;
3178 if (pi->partial_sdu_len > pi->sdu_len)
3179 kfree_skb(pi->sdu);
3180 else
3181 err = 0;
3182
3183 break;
3184
3185 case L2CAP_SDU_END:
3186 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3187 break;
3188
3189 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3190
3191 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3192 pi->partial_sdu_len += skb->len;
3193
3194 if (pi->partial_sdu_len == pi->sdu_len) {
3195 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3196 err = sock_queue_rcv_skb(sk, _skb);
3197 if (err < 0)
3198 kfree_skb(_skb);
3199 }
3200 kfree_skb(pi->sdu);
3201 err = 0;
3202
3203 break;
3204 }
3205
3206 kfree_skb(skb);
3207 return err;
3208}
3209
3210static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3211{
3212 struct sk_buff *skb;
3213 u16 control = 0;
3214
3215 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3216 if (bt_cb(skb)->tx_seq != tx_seq)
3217 break;
3218
3219 skb = skb_dequeue(SREJ_QUEUE(sk));
3220 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3221 l2cap_sar_reassembly_sdu(sk, skb, control);
3222 l2cap_pi(sk)->buffer_seq_srej =
3223 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3224 tx_seq++;
3225 }
3226}
3227
3228static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3229{
3230 struct l2cap_pinfo *pi = l2cap_pi(sk);
3231 struct srej_list *l, *tmp;
3232 u16 control;
3233
3234 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3235 if (l->tx_seq == tx_seq) {
3236 list_del(&l->list);
3237 kfree(l);
3238 return;
3239 }
3240 control = L2CAP_SUPER_SELECT_REJECT;
3241 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3242 l2cap_send_sframe(pi, control);
3243 list_del(&l->list);
3244 list_add_tail(&l->list, SREJ_LIST(sk));
3245 }
3246}
3247
3248static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3249{
3250 struct l2cap_pinfo *pi = l2cap_pi(sk);
3251 struct srej_list *new;
3252 u16 control;
3253
3254 while (tx_seq != pi->expected_tx_seq) {
3255 control = L2CAP_SUPER_SELECT_REJECT;
3256 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3257 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3258 control |= L2CAP_CTRL_POLL;
3259 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3260 }
3261 l2cap_send_sframe(pi, control);
3262
3263 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3264 new->tx_seq = pi->expected_tx_seq++;
3265 list_add_tail(&new->list, SREJ_LIST(sk));
3266 }
3267 pi->expected_tx_seq++;
3268}
3269
3270static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3271{
3272 struct l2cap_pinfo *pi = l2cap_pi(sk);
3273 u8 tx_seq = __get_txseq(rx_control);
3274 u16 tx_control = 0;
3275 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3276 int err = 0;
3277
3278 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3279
3280 if (tx_seq == pi->expected_tx_seq)
3281 goto expected;
3282
3283 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3284 struct srej_list *first;
3285
3286 first = list_first_entry(SREJ_LIST(sk),
3287 struct srej_list, list);
3288 if (tx_seq == first->tx_seq) {
3289 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3290 l2cap_check_srej_gap(sk, tx_seq);
3291
3292 list_del(&first->list);
3293 kfree(first);
3294
3295 if (list_empty(SREJ_LIST(sk))) {
3296 pi->buffer_seq = pi->buffer_seq_srej;
3297 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3298 }
3299 } else {
3300 struct srej_list *l;
3301 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3302
3303 list_for_each_entry(l, SREJ_LIST(sk), list) {
3304 if (l->tx_seq == tx_seq) {
3305 l2cap_resend_srejframe(sk, tx_seq);
3306 return 0;
3307 }
3308 }
3309 l2cap_send_srejframe(sk, tx_seq);
3310 }
3311 } else {
3312 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3313
3314 INIT_LIST_HEAD(SREJ_LIST(sk));
3315 pi->buffer_seq_srej = pi->buffer_seq;
3316
3317 __skb_queue_head_init(SREJ_QUEUE(sk));
3318 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3319
3320 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3321
3322 l2cap_send_srejframe(sk, tx_seq);
3323 }
3324 return 0;
3325
3326expected:
3327 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3328
3329 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3330 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3331 return 0;
3332 }
3333
3334 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3335
3336 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3337 if (err < 0)
3338 return err;
3339
3340 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3341 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) {
3342 tx_control |= L2CAP_SUPER_RCV_READY;
3343 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3344 l2cap_send_sframe(pi, tx_control);
3345 }
3346 return 0;
3347}
3348
3349static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3350{
3351 struct l2cap_pinfo *pi = l2cap_pi(sk);
3352 u8 tx_seq = __get_reqseq(rx_control);
3353
3354 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3355
3356 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3357 case L2CAP_SUPER_RCV_READY:
3358 if (rx_control & L2CAP_CTRL_POLL) {
3359 u16 control = L2CAP_CTRL_FINAL;
3360 control |= L2CAP_SUPER_RCV_READY |
3361 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3362 l2cap_send_sframe(l2cap_pi(sk), control);
3363 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3364
3365 } else if (rx_control & L2CAP_CTRL_FINAL) {
3366 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3367 pi->expected_ack_seq = tx_seq;
3368 l2cap_drop_acked_frames(sk);
3369
3370 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3371 break;
3372
3373 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3374 del_timer(&pi->monitor_timer);
3375
3376 if (pi->unacked_frames > 0)
3377 __mod_retrans_timer();
3378 } else {
3379 pi->expected_ack_seq = tx_seq;
3380 l2cap_drop_acked_frames(sk);
3381
3382 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3383 && (pi->unacked_frames > 0))
3384 __mod_retrans_timer();
3385
3386 l2cap_ertm_send(sk);
3387 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3388 }
3389 break;
3390
3391 case L2CAP_SUPER_REJECT:
3392 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3393
3394 pi->expected_ack_seq = __get_reqseq(rx_control);
3395 l2cap_drop_acked_frames(sk);
3396
3397 sk->sk_send_head = TX_QUEUE(sk)->next;
3398 pi->next_tx_seq = pi->expected_ack_seq;
3399
3400 l2cap_ertm_send(sk);
3401
3402 break;
3403
3404 case L2CAP_SUPER_SELECT_REJECT:
3405 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3406
3407 if (rx_control & L2CAP_CTRL_POLL) {
3408 l2cap_retransmit_frame(sk, tx_seq);
3409 pi->expected_ack_seq = tx_seq;
3410 l2cap_drop_acked_frames(sk);
3411 l2cap_ertm_send(sk);
3412 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3413 pi->srej_save_reqseq = tx_seq;
3414 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3415 }
3416 } else if (rx_control & L2CAP_CTRL_FINAL) {
3417 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3418 pi->srej_save_reqseq == tx_seq)
3419 pi->srej_save_reqseq &= ~L2CAP_CONN_SREJ_ACT;
3420 else
3421 l2cap_retransmit_frame(sk, tx_seq);
3422 }
3423 else {
3424 l2cap_retransmit_frame(sk, tx_seq);
3425 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3426 pi->srej_save_reqseq = tx_seq;
3427 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3428 }
3429 }
3430 break;
3431
3432 case L2CAP_SUPER_RCV_NOT_READY:
3433 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3434 pi->expected_ack_seq = tx_seq;
3435 l2cap_drop_acked_frames(sk);
3436
3437 del_timer(&l2cap_pi(sk)->retrans_timer);
3438 if (rx_control & L2CAP_CTRL_POLL) {
3439 u16 control = L2CAP_CTRL_FINAL;
3440 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3441 }
3442 break;
3443 }
3444
3445 return 0;
3446}
3447
2362static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 3448static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2363{ 3449{
2364 struct sock *sk; 3450 struct sock *sk;
3451 struct l2cap_pinfo *pi;
3452 u16 control, len;
3453 u8 tx_seq;
3454 int err;
2365 3455
2366 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3456 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2367 if (!sk) { 3457 if (!sk) {
@@ -2369,22 +3459,91 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
2369 goto drop; 3459 goto drop;
2370 } 3460 }
2371 3461
3462 pi = l2cap_pi(sk);
3463
2372 BT_DBG("sk %p, len %d", sk, skb->len); 3464 BT_DBG("sk %p, len %d", sk, skb->len);
2373 3465
2374 if (sk->sk_state != BT_CONNECTED) 3466 if (sk->sk_state != BT_CONNECTED)
2375 goto drop; 3467 goto drop;
2376 3468
2377 if (l2cap_pi(sk)->imtu < skb->len) 3469 switch (pi->mode) {
2378 goto drop; 3470 case L2CAP_MODE_BASIC:
3471 /* If socket recv buffers overflows we drop data here
3472 * which is *bad* because L2CAP has to be reliable.
3473 * But we don't have any other choice. L2CAP doesn't
3474 * provide flow control mechanism. */
2379 3475
2380 /* If socket recv buffers overflows we drop data here 3476 if (pi->imtu < skb->len)
2381 * which is *bad* because L2CAP has to be reliable. 3477 goto drop;
2382 * But we don't have any other choice. L2CAP doesn't 3478
2383 * provide flow control mechanism. */ 3479 if (!sock_queue_rcv_skb(sk, skb))
3480 goto done;
3481 break;
3482
3483 case L2CAP_MODE_ERTM:
3484 control = get_unaligned_le16(skb->data);
3485 skb_pull(skb, 2);
3486 len = skb->len;
3487
3488 if (__is_sar_start(control))
3489 len -= 2;
3490
3491 if (pi->fcs == L2CAP_FCS_CRC16)
3492 len -= 2;
3493
3494 /*
3495 * We can just drop the corrupted I-frame here.
3496 * Receiver will miss it and start proper recovery
3497 * procedures and ask retransmission.
3498 */
3499 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3500 goto drop;
3501
3502 if (l2cap_check_fcs(pi, skb))
3503 goto drop;
3504
3505 if (__is_iframe(control))
3506 err = l2cap_data_channel_iframe(sk, control, skb);
3507 else
3508 err = l2cap_data_channel_sframe(sk, control, skb);
3509
3510 if (!err)
3511 goto done;
3512 break;
3513
3514 case L2CAP_MODE_STREAMING:
3515 control = get_unaligned_le16(skb->data);
3516 skb_pull(skb, 2);
3517 len = skb->len;
3518
3519 if (__is_sar_start(control))
3520 len -= 2;
3521
3522 if (pi->fcs == L2CAP_FCS_CRC16)
3523 len -= 2;
3524
3525 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control))
3526 goto drop;
3527
3528 if (l2cap_check_fcs(pi, skb))
3529 goto drop;
3530
3531 tx_seq = __get_txseq(control);
3532
3533 if (pi->expected_tx_seq == tx_seq)
3534 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3535 else
3536 pi->expected_tx_seq = tx_seq + 1;
3537
3538 err = l2cap_sar_reassembly_sdu(sk, skb, control);
2384 3539
2385 if (!sock_queue_rcv_skb(sk, skb))
2386 goto done; 3540 goto done;
2387 3541
3542 default:
3543 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode);
3544 break;
3545 }
3546
2388drop: 3547drop:
2389 kfree_skb(skb); 3548 kfree_skb(skb);
2390 3549
@@ -2433,6 +3592,11 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2433 cid = __le16_to_cpu(lh->cid); 3592 cid = __le16_to_cpu(lh->cid);
2434 len = __le16_to_cpu(lh->len); 3593 len = __le16_to_cpu(lh->len);
2435 3594
3595 if (len != skb->len) {
3596 kfree_skb(skb);
3597 return;
3598 }
3599
2436 BT_DBG("len %d, cid 0x%4.4x", len, cid); 3600 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2437 3601
2438 switch (cid) { 3602 switch (cid) {
@@ -2441,7 +3605,7 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2441 break; 3605 break;
2442 3606
2443 case L2CAP_CID_CONN_LESS: 3607 case L2CAP_CID_CONN_LESS:
2444 psm = get_unaligned((__le16 *) skb->data); 3608 psm = get_unaligned_le16(skb->data);
2445 skb_pull(skb, 2); 3609 skb_pull(skb, 2);
2446 l2cap_conless_channel(conn, psm, skb); 3610 l2cap_conless_channel(conn, psm, skb);
2447 break; 3611 break;
@@ -2828,6 +3992,9 @@ EXPORT_SYMBOL(l2cap_load);
2828module_init(l2cap_init); 3992module_init(l2cap_init);
2829module_exit(l2cap_exit); 3993module_exit(l2cap_exit);
2830 3994
3995module_param(enable_ertm, bool, 0644);
3996MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
3997
2831MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 3998MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2832MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 3999MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2833MODULE_VERSION(VERSION); 4000MODULE_VERSION(VERSION);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 94b3388c188b..25692bc0a342 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -244,6 +244,33 @@ static inline int rfcomm_check_security(struct rfcomm_dlc *d)
244 auth_type); 244 auth_type);
245} 245}
246 246
247static void rfcomm_session_timeout(unsigned long arg)
248{
249 struct rfcomm_session *s = (void *) arg;
250
251 BT_DBG("session %p state %ld", s, s->state);
252
253 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_session_put(s);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
256}
257
258static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
259{
260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
261
262 if (!mod_timer(&s->timer, jiffies + timeout))
263 rfcomm_session_hold(s);
264}
265
266static void rfcomm_session_clear_timer(struct rfcomm_session *s)
267{
268 BT_DBG("session %p state %ld", s, s->state);
269
270 if (timer_pending(&s->timer) && del_timer(&s->timer))
271 rfcomm_session_put(s);
272}
273
247/* ---- RFCOMM DLCs ---- */ 274/* ---- RFCOMM DLCs ---- */
248static void rfcomm_dlc_timeout(unsigned long arg) 275static void rfcomm_dlc_timeout(unsigned long arg)
249{ 276{
@@ -320,6 +347,7 @@ static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
320 347
321 rfcomm_session_hold(s); 348 rfcomm_session_hold(s);
322 349
350 rfcomm_session_clear_timer(s);
323 rfcomm_dlc_hold(d); 351 rfcomm_dlc_hold(d);
324 list_add(&d->list, &s->dlcs); 352 list_add(&d->list, &s->dlcs);
325 d->session = s; 353 d->session = s;
@@ -335,6 +363,9 @@ static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
335 d->session = NULL; 363 d->session = NULL;
336 rfcomm_dlc_put(d); 364 rfcomm_dlc_put(d);
337 365
366 if (list_empty(&s->dlcs))
367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
368
338 rfcomm_session_put(s); 369 rfcomm_session_put(s);
339} 370}
340 371
@@ -567,6 +598,8 @@ static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
567 598
568 BT_DBG("session %p sock %p", s, sock); 599 BT_DBG("session %p sock %p", s, sock);
569 600
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602
570 INIT_LIST_HEAD(&s->dlcs); 603 INIT_LIST_HEAD(&s->dlcs);
571 s->state = state; 604 s->state = state;
572 s->sock = sock; 605 s->sock = sock;
@@ -598,6 +631,7 @@ static void rfcomm_session_del(struct rfcomm_session *s)
598 if (state == BT_CONNECTED) 631 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0); 632 rfcomm_send_disc(s, 0);
600 633
634 rfcomm_session_clear_timer(s);
601 sock_release(s->sock); 635 sock_release(s->sock);
602 kfree(s); 636 kfree(s);
603 637
@@ -639,6 +673,7 @@ static void rfcomm_session_close(struct rfcomm_session *s, int err)
639 __rfcomm_dlc_close(d, err); 673 __rfcomm_dlc_close(d, err);
640 } 674 }
641 675
676 rfcomm_session_clear_timer(s);
642 rfcomm_session_put(s); 677 rfcomm_session_put(s);
643} 678}
644 679
@@ -1879,6 +1914,12 @@ static inline void rfcomm_process_sessions(void)
1879 struct rfcomm_session *s; 1914 struct rfcomm_session *s;
1880 s = list_entry(p, struct rfcomm_session, list); 1915 s = list_entry(p, struct rfcomm_session, list);
1881 1916
1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1918 s->state = BT_DISCONN;
1919 rfcomm_send_disc(s, 0);
1920 continue;
1921 }
1922
1882 if (s->state == BT_LISTEN) { 1923 if (s->state == BT_LISTEN) {
1883 rfcomm_accept_connection(s); 1924 rfcomm_accept_connection(s);
1884 continue; 1925 continue;
@@ -2080,7 +2121,7 @@ static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2080/* ---- Initialization ---- */ 2121/* ---- Initialization ---- */
2081static int __init rfcomm_init(void) 2122static int __init rfcomm_init(void)
2082{ 2123{
2083 int ret; 2124 int err;
2084 2125
2085 l2cap_load(); 2126 l2cap_load();
2086 2127
@@ -2088,33 +2129,35 @@ static int __init rfcomm_init(void)
2088 2129
2089 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2130 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2090 if (IS_ERR(rfcomm_thread)) { 2131 if (IS_ERR(rfcomm_thread)) {
2091 ret = PTR_ERR(rfcomm_thread); 2132 err = PTR_ERR(rfcomm_thread);
2092 goto out_thread; 2133 goto unregister;
2093 } 2134 }
2094 2135
2095 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2096 BT_ERR("Failed to create RFCOMM info file"); 2137 BT_ERR("Failed to create RFCOMM info file");
2097 2138
2098 ret = rfcomm_init_ttys(); 2139 err = rfcomm_init_ttys();
2099 if (ret) 2140 if (err < 0)
2100 goto out_tty; 2141 goto stop;
2101 2142
2102 ret = rfcomm_init_sockets(); 2143 err = rfcomm_init_sockets();
2103 if (ret) 2144 if (err < 0)
2104 goto out_sock; 2145 goto cleanup;
2105 2146
2106 BT_INFO("RFCOMM ver %s", VERSION); 2147 BT_INFO("RFCOMM ver %s", VERSION);
2107 2148
2108 return 0; 2149 return 0;
2109 2150
2110out_sock: 2151cleanup:
2111 rfcomm_cleanup_ttys(); 2152 rfcomm_cleanup_ttys();
2112out_tty: 2153
2154stop:
2113 kthread_stop(rfcomm_thread); 2155 kthread_stop(rfcomm_thread);
2114out_thread: 2156
2157unregister:
2115 hci_unregister_cb(&rfcomm_cb); 2158 hci_unregister_cb(&rfcomm_cb);
2116 2159
2117 return ret; 2160 return err;
2118} 2161}
2119 2162
2120static void __exit rfcomm_exit(void) 2163static void __exit rfcomm_exit(void)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 51ae0c3e470a..13c27f17192c 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -359,20 +359,9 @@ static void sco_sock_kill(struct sock *sk)
359 sock_put(sk); 359 sock_put(sk);
360} 360}
361 361
362/* Close socket. 362static void __sco_sock_close(struct sock *sk)
363 * Must be called on unlocked socket.
364 */
365static void sco_sock_close(struct sock *sk)
366{ 363{
367 struct sco_conn *conn; 364 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
368
369 sco_sock_clear_timer(sk);
370
371 lock_sock(sk);
372
373 conn = sco_pi(sk)->conn;
374
375 BT_DBG("sk %p state %d conn %p socket %p", sk, sk->sk_state, conn, sk->sk_socket);
376 365
377 switch (sk->sk_state) { 366 switch (sk->sk_state) {
378 case BT_LISTEN: 367 case BT_LISTEN:
@@ -390,9 +379,15 @@ static void sco_sock_close(struct sock *sk)
390 sock_set_flag(sk, SOCK_ZAPPED); 379 sock_set_flag(sk, SOCK_ZAPPED);
391 break; 380 break;
392 } 381 }
382}
393 383
384/* Must be called on unlocked socket. */
385static void sco_sock_close(struct sock *sk)
386{
387 sco_sock_clear_timer(sk);
388 lock_sock(sk);
389 __sco_sock_close(sk);
394 release_sock(sk); 390 release_sock(sk);
395
396 sco_sock_kill(sk); 391 sco_sock_kill(sk);
397} 392}
398 393
@@ -748,6 +743,30 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
748 return err; 743 return err;
749} 744}
750 745
746static int sco_sock_shutdown(struct socket *sock, int how)
747{
748 struct sock *sk = sock->sk;
749 int err = 0;
750
751 BT_DBG("sock %p, sk %p", sock, sk);
752
753 if (!sk)
754 return 0;
755
756 lock_sock(sk);
757 if (!sk->sk_shutdown) {
758 sk->sk_shutdown = SHUTDOWN_MASK;
759 sco_sock_clear_timer(sk);
760 __sco_sock_close(sk);
761
762 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
763 err = bt_sock_wait_state(sk, BT_CLOSED,
764 sk->sk_lingertime);
765 }
766 release_sock(sk);
767 return err;
768}
769
751static int sco_sock_release(struct socket *sock) 770static int sco_sock_release(struct socket *sock)
752{ 771{
753 struct sock *sk = sock->sk; 772 struct sock *sk = sock->sk;
@@ -969,7 +988,7 @@ static const struct proto_ops sco_sock_ops = {
969 .ioctl = bt_sock_ioctl, 988 .ioctl = bt_sock_ioctl,
970 .mmap = sock_no_mmap, 989 .mmap = sock_no_mmap,
971 .socketpair = sock_no_socketpair, 990 .socketpair = sock_no_socketpair,
972 .shutdown = sock_no_shutdown, 991 .shutdown = sco_sock_shutdown,
973 .setsockopt = sco_sock_setsockopt, 992 .setsockopt = sco_sock_setsockopt,
974 .getsockopt = sco_sock_getsockopt 993 .getsockopt = sco_sock_getsockopt
975}; 994};
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-25 20:35:57 -0500