aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2011-04-25 15:46:37 -0400
committerDavid S. Miller <davem@davemloft.net>2011-04-25 15:46:37 -0400
commit345578d97c549995ddbcc178f16f710602cc06bb (patch)
treece05e39a01ffce847f6f7f65f19b1e8e20dbf0c2 /net
parentfe2a70eefa18a3e419dd9a23e16af14258b7cc20 (diff)
parentcfef6047c4027a8448ec8dafeaf2bb362cc882e4 (diff)
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_event.c4
-rw-r--r--net/bluetooth/l2cap_core.c1344
-rw-r--r--net/bluetooth/l2cap_sock.c72
-rw-r--r--net/mac80211/cfg.c29
-rw-r--r--net/mac80211/debugfs_sta.c26
-rw-r--r--net/mac80211/driver-ops.h13
-rw-r--r--net/mac80211/driver-trace.h20
-rw-r--r--net/mac80211/ieee80211_i.h5
-rw-r--r--net/mac80211/main.c9
-rw-r--r--net/mac80211/mesh.c14
-rw-r--r--net/mac80211/mesh.h3
-rw-r--r--net/mac80211/mesh_pathtbl.c49
-rw-r--r--net/mac80211/mesh_plink.c35
-rw-r--r--net/mac80211/mlme.c17
-rw-r--r--net/mac80211/rx.c26
-rw-r--r--net/mac80211/sta_info.c16
-rw-r--r--net/mac80211/sta_info.h5
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/rfkill/Kconfig11
-rw-r--r--net/rfkill/Makefile1
-rw-r--r--net/rfkill/rfkill-regulator.c164
-rw-r--r--net/wireless/mesh.c23
-rw-r--r--net/wireless/nl80211.c67
-rw-r--r--net/wireless/nl80211.h4
24 files changed, 1219 insertions, 740 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 7a3398d9cd65..c7eb073fe633 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2497,6 +2497,9 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2497 2497
2498 hci_dev_lock(hdev); 2498 hci_dev_lock(hdev);
2499 2499
2500 if (!test_bit(HCI_MGMT, &hdev->flags))
2501 goto unlock;
2502
2500 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 2503 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2501 if (data) { 2504 if (data) {
2502 struct hci_cp_remote_oob_data_reply cp; 2505 struct hci_cp_remote_oob_data_reply cp;
@@ -2515,6 +2518,7 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2515 &cp); 2518 &cp);
2516 } 2519 }
2517 2520
2521unlock:
2518 hci_dev_unlock(hdev); 2522 hci_dev_unlock(hdev);
2519} 2523}
2520 2524
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index c3cebed205cc..d47de2b04b2e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -70,108 +70,101 @@ static void l2cap_busy_work(struct work_struct *work);
70 70
71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
72 u8 code, u8 ident, u16 dlen, void *data); 72 u8 code, u8 ident, u16 dlen, void *data);
73static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
73 74
74static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb); 75static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
75 76
76/* ---- L2CAP channels ---- */ 77/* ---- L2CAP channels ---- */
77static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
78{ 79{
79 struct sock *s; 80 struct l2cap_chan *c;
80 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 81
82 list_for_each_entry(c, &conn->chan_l, list) {
83 struct sock *s = c->sk;
81 if (l2cap_pi(s)->dcid == cid) 84 if (l2cap_pi(s)->dcid == cid)
82 break; 85 return c;
83 } 86 }
84 return s; 87 return NULL;
88
85} 89}
86 90
87static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 91static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
88{ 92{
89 struct sock *s; 93 struct l2cap_chan *c;
90 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 94
95 list_for_each_entry(c, &conn->chan_l, list) {
96 struct sock *s = c->sk;
91 if (l2cap_pi(s)->scid == cid) 97 if (l2cap_pi(s)->scid == cid)
92 break; 98 return c;
93 } 99 }
94 return s; 100 return NULL;
95} 101}
96 102
97/* Find channel with given SCID. 103/* Find channel with given SCID.
98 * Returns locked socket */ 104 * Returns locked socket */
99static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
100{ 106{
101 struct sock *s; 107 struct l2cap_chan *c;
102 read_lock(&l->lock); 108
103 s = __l2cap_get_chan_by_scid(l, cid); 109 read_lock(&conn->chan_lock);
104 if (s) 110 c = __l2cap_get_chan_by_scid(conn, cid);
105 bh_lock_sock(s); 111 if (c)
106 read_unlock(&l->lock); 112 bh_lock_sock(c->sk);
107 return s; 113 read_unlock(&conn->chan_lock);
114 return c;
108} 115}
109 116
110static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 117static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
111{ 118{
112 struct sock *s; 119 struct l2cap_chan *c;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 120
114 if (l2cap_pi(s)->ident == ident) 121 list_for_each_entry(c, &conn->chan_l, list) {
115 break; 122 if (c->ident == ident)
123 return c;
116 } 124 }
117 return s; 125 return NULL;
118} 126}
119 127
120static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 128static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
121{ 129{
122 struct sock *s; 130 struct l2cap_chan *c;
123 read_lock(&l->lock); 131
124 s = __l2cap_get_chan_by_ident(l, ident); 132 read_lock(&conn->chan_lock);
125 if (s) 133 c = __l2cap_get_chan_by_ident(conn, ident);
126 bh_lock_sock(s); 134 if (c)
127 read_unlock(&l->lock); 135 bh_lock_sock(c->sk);
128 return s; 136 read_unlock(&conn->chan_lock);
137 return c;
129} 138}
130 139
131static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 140static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
132{ 141{
133 u16 cid = L2CAP_CID_DYN_START; 142 u16 cid = L2CAP_CID_DYN_START;
134 143
135 for (; cid < L2CAP_CID_DYN_END; cid++) { 144 for (; cid < L2CAP_CID_DYN_END; cid++) {
136 if (!__l2cap_get_chan_by_scid(l, cid)) 145 if (!__l2cap_get_chan_by_scid(conn, cid))
137 return cid; 146 return cid;
138 } 147 }
139 148
140 return 0; 149 return 0;
141} 150}
142 151
143static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 152static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
144{ 153{
145 sock_hold(sk); 154 struct l2cap_chan *chan;
146
147 if (l->head)
148 l2cap_pi(l->head)->prev_c = sk;
149 155
150 l2cap_pi(sk)->next_c = l->head; 156 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
151 l2cap_pi(sk)->prev_c = NULL; 157 if (!chan)
152 l->head = sk; 158 return NULL;
153}
154
155static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
156{
157 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
158
159 write_lock_bh(&l->lock);
160 if (sk == l->head)
161 l->head = next;
162 159
163 if (next) 160 chan->sk = sk;
164 l2cap_pi(next)->prev_c = prev;
165 if (prev)
166 l2cap_pi(prev)->next_c = next;
167 write_unlock_bh(&l->lock);
168 161
169 __sock_put(sk); 162 return chan;
170} 163}
171 164
172static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 165static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
173{ 166{
174 struct l2cap_chan_list *l = &conn->chan_list; 167 struct sock *sk = chan->sk;
175 168
176 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 169 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
177 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 170 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
@@ -188,7 +181,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
188 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA; 181 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA;
189 } else { 182 } else {
190 /* Alloc CID for connection-oriented socket */ 183 /* Alloc CID for connection-oriented socket */
191 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 184 l2cap_pi(sk)->scid = l2cap_alloc_cid(conn);
192 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 185 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
193 } 186 }
194 } else if (sk->sk_type == SOCK_DGRAM) { 187 } else if (sk->sk_type == SOCK_DGRAM) {
@@ -203,23 +196,30 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
203 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 196 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
204 } 197 }
205 198
206 __l2cap_chan_link(l, sk); 199 sock_hold(sk);
200
201 list_add(&chan->list, &conn->chan_l);
207} 202}
208 203
209/* Delete channel. 204/* Delete channel.
210 * Must be called on the locked socket. */ 205 * Must be called on the locked socket. */
211void l2cap_chan_del(struct sock *sk, int err) 206void l2cap_chan_del(struct l2cap_chan *chan, int err)
212{ 207{
208 struct sock *sk = chan->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 209 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
214 struct sock *parent = bt_sk(sk)->parent; 210 struct sock *parent = bt_sk(sk)->parent;
215 211
216 l2cap_sock_clear_timer(sk); 212 l2cap_sock_clear_timer(sk);
217 213
218 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 214 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
219 215
220 if (conn) { 216 if (conn) {
221 /* Unlink from channel list */ 217 /* Delete from channel list */
222 l2cap_chan_unlink(&conn->chan_list, sk); 218 write_lock_bh(&conn->chan_lock);
219 list_del(&chan->list);
220 write_unlock_bh(&conn->chan_lock);
221 __sock_put(sk);
222
223 l2cap_pi(sk)->conn = NULL; 223 l2cap_pi(sk)->conn = NULL;
224 hci_conn_put(conn->hcon); 224 hci_conn_put(conn->hcon);
225 } 225 }
@@ -236,23 +236,30 @@ void l2cap_chan_del(struct sock *sk, int err)
236 } else 236 } else
237 sk->sk_state_change(sk); 237 sk->sk_state_change(sk);
238 238
239 skb_queue_purge(TX_QUEUE(sk)); 239 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE &&
240 l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE))
241 goto free;
242
243 skb_queue_purge(&chan->tx_q);
240 244
241 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 245 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
242 struct srej_list *l, *tmp; 246 struct srej_list *l, *tmp;
243 247
244 del_timer(&l2cap_pi(sk)->retrans_timer); 248 del_timer(&chan->retrans_timer);
245 del_timer(&l2cap_pi(sk)->monitor_timer); 249 del_timer(&chan->monitor_timer);
246 del_timer(&l2cap_pi(sk)->ack_timer); 250 del_timer(&chan->ack_timer);
247 251
248 skb_queue_purge(SREJ_QUEUE(sk)); 252 skb_queue_purge(&chan->srej_q);
249 skb_queue_purge(BUSY_QUEUE(sk)); 253 skb_queue_purge(&chan->busy_q);
250 254
251 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 255 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
252 list_del(&l->list); 256 list_del(&l->list);
253 kfree(l); 257 kfree(l);
254 } 258 }
255 } 259 }
260
261free:
262 kfree(chan);
256} 263}
257 264
258static inline u8 l2cap_get_auth_type(struct sock *sk) 265static inline u8 l2cap_get_auth_type(struct sock *sk)
@@ -338,10 +345,11 @@ void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *d
338 hci_send_acl(conn->hcon, skb, flags); 345 hci_send_acl(conn->hcon, skb, flags);
339} 346}
340 347
341static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) 348static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
342{ 349{
343 struct sk_buff *skb; 350 struct sk_buff *skb;
344 struct l2cap_hdr *lh; 351 struct l2cap_hdr *lh;
352 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
345 struct l2cap_conn *conn = pi->conn; 353 struct l2cap_conn *conn = pi->conn;
346 struct sock *sk = (struct sock *)pi; 354 struct sock *sk = (struct sock *)pi;
347 int count, hlen = L2CAP_HDR_SIZE + 2; 355 int count, hlen = L2CAP_HDR_SIZE + 2;
@@ -353,19 +361,19 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
353 if (pi->fcs == L2CAP_FCS_CRC16) 361 if (pi->fcs == L2CAP_FCS_CRC16)
354 hlen += 2; 362 hlen += 2;
355 363
356 BT_DBG("pi %p, control 0x%2.2x", pi, control); 364 BT_DBG("chan %p, control 0x%2.2x", chan, control);
357 365
358 count = min_t(unsigned int, conn->mtu, hlen); 366 count = min_t(unsigned int, conn->mtu, hlen);
359 control |= L2CAP_CTRL_FRAME_TYPE; 367 control |= L2CAP_CTRL_FRAME_TYPE;
360 368
361 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 369 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
362 control |= L2CAP_CTRL_FINAL; 370 control |= L2CAP_CTRL_FINAL;
363 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 371 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
364 } 372 }
365 373
366 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) { 374 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
367 control |= L2CAP_CTRL_POLL; 375 control |= L2CAP_CTRL_POLL;
368 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT; 376 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
369 } 377 }
370 378
371 skb = bt_skb_alloc(count, GFP_ATOMIC); 379 skb = bt_skb_alloc(count, GFP_ATOMIC);
@@ -390,17 +398,17 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
390 hci_send_acl(pi->conn->hcon, skb, flags); 398 hci_send_acl(pi->conn->hcon, skb, flags);
391} 399}
392 400
393static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control) 401static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
394{ 402{
395 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 403 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
396 control |= L2CAP_SUPER_RCV_NOT_READY; 404 control |= L2CAP_SUPER_RCV_NOT_READY;
397 pi->conn_state |= L2CAP_CONN_RNR_SENT; 405 chan->conn_state |= L2CAP_CONN_RNR_SENT;
398 } else 406 } else
399 control |= L2CAP_SUPER_RCV_READY; 407 control |= L2CAP_SUPER_RCV_READY;
400 408
401 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 409 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
402 410
403 l2cap_send_sframe(pi, control); 411 l2cap_send_sframe(chan, control);
404} 412}
405 413
406static inline int __l2cap_no_conn_pending(struct sock *sk) 414static inline int __l2cap_no_conn_pending(struct sock *sk)
@@ -408,8 +416,9 @@ static inline int __l2cap_no_conn_pending(struct sock *sk)
408 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND); 416 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
409} 417}
410 418
411static void l2cap_do_start(struct sock *sk) 419static void l2cap_do_start(struct l2cap_chan *chan)
412{ 420{
421 struct sock *sk = chan->sk;
413 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 422 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
414 423
415 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
@@ -421,11 +430,11 @@ static void l2cap_do_start(struct sock *sk)
421 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 430 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
422 req.psm = l2cap_pi(sk)->psm; 431 req.psm = l2cap_pi(sk)->psm;
423 432
424 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 433 chan->ident = l2cap_get_ident(conn);
425 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 434 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
426 435
427 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 436 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
428 L2CAP_CONN_REQ, sizeof(req), &req); 437 sizeof(req), &req);
429 } 438 }
430 } else { 439 } else {
431 struct l2cap_info_req req; 440 struct l2cap_info_req req;
@@ -458,19 +467,20 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
458 } 467 }
459} 468}
460 469
461void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err) 470void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
462{ 471{
472 struct sock *sk;
463 struct l2cap_disconn_req req; 473 struct l2cap_disconn_req req;
464 474
465 if (!conn) 475 if (!conn)
466 return; 476 return;
467 477
468 skb_queue_purge(TX_QUEUE(sk)); 478 sk = chan->sk;
469 479
470 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 480 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
471 del_timer(&l2cap_pi(sk)->retrans_timer); 481 del_timer(&chan->retrans_timer);
472 del_timer(&l2cap_pi(sk)->monitor_timer); 482 del_timer(&chan->monitor_timer);
473 del_timer(&l2cap_pi(sk)->ack_timer); 483 del_timer(&chan->ack_timer);
474 } 484 }
475 485
476 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 486 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
@@ -485,17 +495,15 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
485/* ---- L2CAP connections ---- */ 495/* ---- L2CAP connections ---- */
486static void l2cap_conn_start(struct l2cap_conn *conn) 496static void l2cap_conn_start(struct l2cap_conn *conn)
487{ 497{
488 struct l2cap_chan_list *l = &conn->chan_list; 498 struct l2cap_chan *chan, *tmp;
489 struct sock_del_list del, *tmp1, *tmp2;
490 struct sock *sk;
491 499
492 BT_DBG("conn %p", conn); 500 BT_DBG("conn %p", conn);
493 501
494 INIT_LIST_HEAD(&del.list); 502 read_lock(&conn->chan_lock);
495 503
496 read_lock(&l->lock); 504 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
505 struct sock *sk = chan->sk;
497 506
498 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
499 bh_lock_sock(sk); 507 bh_lock_sock(sk);
500 508
501 if (sk->sk_type != SOCK_SEQPACKET && 509 if (sk->sk_type != SOCK_SEQPACKET &&
@@ -517,10 +525,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
517 conn->feat_mask) 525 conn->feat_mask)
518 && l2cap_pi(sk)->conf_state & 526 && l2cap_pi(sk)->conf_state &
519 L2CAP_CONF_STATE2_DEVICE) { 527 L2CAP_CONF_STATE2_DEVICE) {
520 tmp1 = kzalloc(sizeof(struct sock_del_list), 528 /* __l2cap_sock_close() calls list_del(chan)
521 GFP_ATOMIC); 529 * so release the lock */
522 tmp1->sk = sk; 530 read_unlock_bh(&conn->chan_lock);
523 list_add_tail(&tmp1->list, &del.list); 531 __l2cap_sock_close(sk, ECONNRESET);
532 read_lock_bh(&conn->chan_lock);
524 bh_unlock_sock(sk); 533 bh_unlock_sock(sk);
525 continue; 534 continue;
526 } 535 }
@@ -528,11 +537,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
528 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
529 req.psm = l2cap_pi(sk)->psm; 538 req.psm = l2cap_pi(sk)->psm;
530 539
531 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 540 chan->ident = l2cap_get_ident(conn);
532 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 541 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
533 542
534 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 543 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
535 L2CAP_CONN_REQ, sizeof(req), &req); 544 sizeof(req), &req);
536 545
537 } else if (sk->sk_state == BT_CONNECT2) { 546 } else if (sk->sk_state == BT_CONNECT2) {
538 struct l2cap_conn_rsp rsp; 547 struct l2cap_conn_rsp rsp;
@@ -557,8 +566,8 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
557 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); 566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
558 } 567 }
559 568
560 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 569 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
561 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 570 sizeof(rsp), &rsp);
562 571
563 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT || 572 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
564 rsp.result != L2CAP_CR_SUCCESS) { 573 rsp.result != L2CAP_CR_SUCCESS) {
@@ -568,22 +577,14 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
568 577
569 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 578 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
570 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 579 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
571 l2cap_build_conf_req(sk, buf), buf); 580 l2cap_build_conf_req(chan, buf), buf);
572 l2cap_pi(sk)->num_conf_req++; 581 chan->num_conf_req++;
573 } 582 }
574 583
575 bh_unlock_sock(sk); 584 bh_unlock_sock(sk);
576 } 585 }
577 586
578 read_unlock(&l->lock); 587 read_unlock(&conn->chan_lock);
579
580 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
581 bh_lock_sock(tmp1->sk);
582 __l2cap_sock_close(tmp1->sk, ECONNRESET);
583 bh_unlock_sock(tmp1->sk);
584 list_del(&tmp1->list);
585 kfree(tmp1);
586 }
587} 588}
588 589
589/* Find socket with cid and source bdaddr. 590/* Find socket with cid and source bdaddr.
@@ -591,7 +592,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
591 */ 592 */
592static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src) 593static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
593{ 594{
594 struct sock *s, *sk = NULL, *sk1 = NULL; 595 struct sock *sk = NULL, *sk1 = NULL;
595 struct hlist_node *node; 596 struct hlist_node *node;
596 597
597 read_lock(&l2cap_sk_list.lock); 598 read_lock(&l2cap_sk_list.lock);
@@ -610,18 +611,16 @@ static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
610 sk1 = sk; 611 sk1 = sk;
611 } 612 }
612 } 613 }
613 s = node ? sk : sk1; 614
614 if (s)
615 bh_lock_sock(s);
616 read_unlock(&l2cap_sk_list.lock); 615 read_unlock(&l2cap_sk_list.lock);
617 616
618 return s; 617 return node ? sk : sk1;
619} 618}
620 619
621static void l2cap_le_conn_ready(struct l2cap_conn *conn) 620static void l2cap_le_conn_ready(struct l2cap_conn *conn)
622{ 621{
623 struct l2cap_chan_list *list = &conn->chan_list; 622 struct sock *parent, *sk;
624 struct sock *parent, *uninitialized_var(sk); 623 struct l2cap_chan *chan;
625 624
626 BT_DBG(""); 625 BT_DBG("");
627 626
@@ -631,6 +630,8 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
631 if (!parent) 630 if (!parent)
632 return; 631 return;
633 632
633 bh_lock_sock(parent);
634
634 /* Check for backlog size */ 635 /* Check for backlog size */
635 if (sk_acceptq_is_full(parent)) { 636 if (sk_acceptq_is_full(parent)) {
636 BT_DBG("backlog full %d", parent->sk_ack_backlog); 637 BT_DBG("backlog full %d", parent->sk_ack_backlog);
@@ -641,24 +642,33 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
641 if (!sk) 642 if (!sk)
642 goto clean; 643 goto clean;
643 644
644 write_lock_bh(&list->lock); 645 chan = l2cap_chan_alloc(sk);
646 if (!chan) {
647 l2cap_sock_kill(sk);
648 goto clean;
649 }
650
651 write_lock_bh(&conn->chan_lock);
645 652
646 hci_conn_hold(conn->hcon); 653 hci_conn_hold(conn->hcon);
647 654
648 l2cap_sock_init(sk, parent); 655 l2cap_sock_init(sk, parent);
656
649 bacpy(&bt_sk(sk)->src, conn->src); 657 bacpy(&bt_sk(sk)->src, conn->src);
650 bacpy(&bt_sk(sk)->dst, conn->dst); 658 bacpy(&bt_sk(sk)->dst, conn->dst);
651 659
652 bt_accept_enqueue(parent, sk); 660 bt_accept_enqueue(parent, sk);
653 661
654 __l2cap_chan_add(conn, sk); 662 __l2cap_chan_add(conn, chan);
663
664 l2cap_pi(sk)->chan = chan;
655 665
656 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 666 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
657 667
658 sk->sk_state = BT_CONNECTED; 668 sk->sk_state = BT_CONNECTED;
659 parent->sk_data_ready(parent, 0); 669 parent->sk_data_ready(parent, 0);
660 670
661 write_unlock_bh(&list->lock); 671 write_unlock_bh(&conn->chan_lock);
662 672
663clean: 673clean:
664 bh_unlock_sock(parent); 674 bh_unlock_sock(parent);
@@ -666,17 +676,18 @@ clean:
666 676
667static void l2cap_conn_ready(struct l2cap_conn *conn) 677static void l2cap_conn_ready(struct l2cap_conn *conn)
668{ 678{
669 struct l2cap_chan_list *l = &conn->chan_list; 679 struct l2cap_chan *chan;
670 struct sock *sk;
671 680
672 BT_DBG("conn %p", conn); 681 BT_DBG("conn %p", conn);
673 682
674 if (!conn->hcon->out && conn->hcon->type == LE_LINK) 683 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
675 l2cap_le_conn_ready(conn); 684 l2cap_le_conn_ready(conn);
676 685
677 read_lock(&l->lock); 686 read_lock(&conn->chan_lock);
687
688 list_for_each_entry(chan, &conn->chan_l, list) {
689 struct sock *sk = chan->sk;
678 690
679 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
680 bh_lock_sock(sk); 691 bh_lock_sock(sk);
681 692
682 if (conn->hcon->type == LE_LINK) { 693 if (conn->hcon->type == LE_LINK) {
@@ -691,30 +702,31 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
691 sk->sk_state = BT_CONNECTED; 702 sk->sk_state = BT_CONNECTED;
692 sk->sk_state_change(sk); 703 sk->sk_state_change(sk);
693 } else if (sk->sk_state == BT_CONNECT) 704 } else if (sk->sk_state == BT_CONNECT)
694 l2cap_do_start(sk); 705 l2cap_do_start(chan);
695 706
696 bh_unlock_sock(sk); 707 bh_unlock_sock(sk);
697 } 708 }
698 709
699 read_unlock(&l->lock); 710 read_unlock(&conn->chan_lock);
700} 711}
701 712
702/* Notify sockets that we cannot guaranty reliability anymore */ 713/* Notify sockets that we cannot guaranty reliability anymore */
703static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err) 714static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
704{ 715{
705 struct l2cap_chan_list *l = &conn->chan_list; 716 struct l2cap_chan *chan;
706 struct sock *sk;
707 717
708 BT_DBG("conn %p", conn); 718 BT_DBG("conn %p", conn);
709 719
710 read_lock(&l->lock); 720 read_lock(&conn->chan_lock);
721
722 list_for_each_entry(chan, &conn->chan_l, list) {
723 struct sock *sk = chan->sk;
711 724
712 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
713 if (l2cap_pi(sk)->force_reliable) 725 if (l2cap_pi(sk)->force_reliable)
714 sk->sk_err = err; 726 sk->sk_err = err;
715 } 727 }
716 728
717 read_unlock(&l->lock); 729 read_unlock(&conn->chan_lock);
718} 730}
719 731
720static void l2cap_info_timeout(unsigned long arg) 732static void l2cap_info_timeout(unsigned long arg)
@@ -754,7 +766,9 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
754 conn->feat_mask = 0; 766 conn->feat_mask = 0;
755 767
756 spin_lock_init(&conn->lock); 768 spin_lock_init(&conn->lock);
757 rwlock_init(&conn->chan_list.lock); 769 rwlock_init(&conn->chan_lock);
770
771 INIT_LIST_HEAD(&conn->chan_l);
758 772
759 if (hcon->type != LE_LINK) 773 if (hcon->type != LE_LINK)
760 setup_timer(&conn->info_timer, l2cap_info_timeout, 774 setup_timer(&conn->info_timer, l2cap_info_timeout,
@@ -768,6 +782,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
768static void l2cap_conn_del(struct hci_conn *hcon, int err) 782static void l2cap_conn_del(struct hci_conn *hcon, int err)
769{ 783{
770 struct l2cap_conn *conn = hcon->l2cap_data; 784 struct l2cap_conn *conn = hcon->l2cap_data;
785 struct l2cap_chan *chan, *l;
771 struct sock *sk; 786 struct sock *sk;
772 787
773 if (!conn) 788 if (!conn)
@@ -778,9 +793,10 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
778 kfree_skb(conn->rx_skb); 793 kfree_skb(conn->rx_skb);
779 794
780 /* Kill channels */ 795 /* Kill channels */
781 while ((sk = conn->chan_list.head)) { 796 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
797 sk = chan->sk;
782 bh_lock_sock(sk); 798 bh_lock_sock(sk);
783 l2cap_chan_del(sk, err); 799 l2cap_chan_del(chan, err);
784 bh_unlock_sock(sk); 800 bh_unlock_sock(sk);
785 l2cap_sock_kill(sk); 801 l2cap_sock_kill(sk);
786 } 802 }
@@ -792,12 +808,11 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
792 kfree(conn); 808 kfree(conn);
793} 809}
794 810
795static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 811static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
796{ 812{
797 struct l2cap_chan_list *l = &conn->chan_list; 813 write_lock_bh(&conn->chan_lock);
798 write_lock_bh(&l->lock); 814 __l2cap_chan_add(conn, chan);
799 __l2cap_chan_add(conn, sk); 815 write_unlock_bh(&conn->chan_lock);
800 write_unlock_bh(&l->lock);
801} 816}
802 817
803/* ---- Socket interface ---- */ 818/* ---- Socket interface ---- */
@@ -837,6 +852,7 @@ int l2cap_do_connect(struct sock *sk)
837 bdaddr_t *src = &bt_sk(sk)->src; 852 bdaddr_t *src = &bt_sk(sk)->src;
838 bdaddr_t *dst = &bt_sk(sk)->dst; 853 bdaddr_t *dst = &bt_sk(sk)->dst;
839 struct l2cap_conn *conn; 854 struct l2cap_conn *conn;
855 struct l2cap_chan *chan;
840 struct hci_conn *hcon; 856 struct hci_conn *hcon;
841 struct hci_dev *hdev; 857 struct hci_dev *hdev;
842 __u8 auth_type; 858 __u8 auth_type;
@@ -872,10 +888,19 @@ int l2cap_do_connect(struct sock *sk)
872 goto done; 888 goto done;
873 } 889 }
874 890
891 chan = l2cap_chan_alloc(sk);
892 if (!chan) {
893 hci_conn_put(hcon);
894 err = -ENOMEM;
895 goto done;
896 }
897
875 /* Update source addr of the socket */ 898 /* Update source addr of the socket */
876 bacpy(src, conn->src); 899 bacpy(src, conn->src);
877 900
878 l2cap_chan_add(conn, sk); 901 l2cap_chan_add(conn, chan);
902
903 l2cap_pi(sk)->chan = chan;
879 904
880 sk->sk_state = BT_CONNECT; 905 sk->sk_state = BT_CONNECT;
881 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
@@ -887,7 +912,7 @@ int l2cap_do_connect(struct sock *sk)
887 if (l2cap_check_security(sk)) 912 if (l2cap_check_security(sk))
888 sk->sk_state = BT_CONNECTED; 913 sk->sk_state = BT_CONNECTED;
889 } else 914 } else
890 l2cap_do_start(sk); 915 l2cap_do_start(chan);
891 } 916 }
892 917
893 err = 0; 918 err = 0;
@@ -905,7 +930,7 @@ int __l2cap_wait_ack(struct sock *sk)
905 int timeo = HZ/5; 930 int timeo = HZ/5;
906 931
907 add_wait_queue(sk_sleep(sk), &wait); 932 add_wait_queue(sk_sleep(sk), &wait);
908 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) { 933 while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
909 set_current_state(TASK_INTERRUPTIBLE); 934 set_current_state(TASK_INTERRUPTIBLE);
910 935
911 if (!timeo) 936 if (!timeo)
@@ -931,57 +956,59 @@ int __l2cap_wait_ack(struct sock *sk)
931 956
932static void l2cap_monitor_timeout(unsigned long arg) 957static void l2cap_monitor_timeout(unsigned long arg)
933{ 958{
934 struct sock *sk = (void *) arg; 959 struct l2cap_chan *chan = (void *) arg;
960 struct sock *sk = chan->sk;
935 961
936 BT_DBG("sk %p", sk); 962 BT_DBG("chan %p", chan);
937 963
938 bh_lock_sock(sk); 964 bh_lock_sock(sk);
939 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 965 if (chan->retry_count >= chan->remote_max_tx) {
940 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED); 966 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED);
941 bh_unlock_sock(sk); 967 bh_unlock_sock(sk);
942 return; 968 return;
943 } 969 }
944 970
945 l2cap_pi(sk)->retry_count++; 971 chan->retry_count++;
946 __mod_monitor_timer(); 972 __mod_monitor_timer();
947 973
948 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 974 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
949 bh_unlock_sock(sk); 975 bh_unlock_sock(sk);
950} 976}
951 977
952static void l2cap_retrans_timeout(unsigned long arg) 978static void l2cap_retrans_timeout(unsigned long arg)
953{ 979{
954 struct sock *sk = (void *) arg; 980 struct l2cap_chan *chan = (void *) arg;
981 struct sock *sk = chan->sk;
955 982
956 BT_DBG("sk %p", sk); 983 BT_DBG("chan %p", chan);
957 984
958 bh_lock_sock(sk); 985 bh_lock_sock(sk);
959 l2cap_pi(sk)->retry_count = 1; 986 chan->retry_count = 1;
960 __mod_monitor_timer(); 987 __mod_monitor_timer();
961 988
962 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 989 chan->conn_state |= L2CAP_CONN_WAIT_F;
963 990
964 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 991 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
965 bh_unlock_sock(sk); 992 bh_unlock_sock(sk);
966} 993}
967 994
968static void l2cap_drop_acked_frames(struct sock *sk) 995static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
969{ 996{
970 struct sk_buff *skb; 997 struct sk_buff *skb;
971 998
972 while ((skb = skb_peek(TX_QUEUE(sk))) && 999 while ((skb = skb_peek(&chan->tx_q)) &&
973 l2cap_pi(sk)->unacked_frames) { 1000 chan->unacked_frames) {
974 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq) 1001 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
975 break; 1002 break;
976 1003
977 skb = skb_dequeue(TX_QUEUE(sk)); 1004 skb = skb_dequeue(&chan->tx_q);
978 kfree_skb(skb); 1005 kfree_skb(skb);
979 1006
980 l2cap_pi(sk)->unacked_frames--; 1007 chan->unacked_frames--;
981 } 1008 }
982 1009
983 if (!l2cap_pi(sk)->unacked_frames) 1010 if (!chan->unacked_frames)
984 del_timer(&l2cap_pi(sk)->retrans_timer); 1011 del_timer(&chan->retrans_timer);
985} 1012}
986 1013
987void l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1014void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
@@ -1000,15 +1027,16 @@ void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1000 hci_send_acl(hcon, skb, flags); 1027 hci_send_acl(hcon, skb, flags);
1001} 1028}
1002 1029
1003void l2cap_streaming_send(struct sock *sk) 1030void l2cap_streaming_send(struct l2cap_chan *chan)
1004{ 1031{
1032 struct sock *sk = chan->sk;
1005 struct sk_buff *skb; 1033 struct sk_buff *skb;
1006 struct l2cap_pinfo *pi = l2cap_pi(sk); 1034 struct l2cap_pinfo *pi = l2cap_pi(sk);
1007 u16 control, fcs; 1035 u16 control, fcs;
1008 1036
1009 while ((skb = skb_dequeue(TX_QUEUE(sk)))) { 1037 while ((skb = skb_dequeue(&chan->tx_q))) {
1010 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE); 1038 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1011 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1039 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1012 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE); 1040 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1013 1041
1014 if (pi->fcs == L2CAP_FCS_CRC16) { 1042 if (pi->fcs == L2CAP_FCS_CRC16) {
@@ -1018,17 +1046,18 @@ void l2cap_streaming_send(struct sock *sk)
1018 1046
1019 l2cap_do_send(sk, skb); 1047 l2cap_do_send(sk, skb);
1020 1048
1021 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1049 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1022 } 1050 }
1023} 1051}
1024 1052
1025static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) 1053static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1026{ 1054{
1055 struct sock *sk = chan->sk;
1027 struct l2cap_pinfo *pi = l2cap_pi(sk); 1056 struct l2cap_pinfo *pi = l2cap_pi(sk);
1028 struct sk_buff *skb, *tx_skb; 1057 struct sk_buff *skb, *tx_skb;
1029 u16 control, fcs; 1058 u16 control, fcs;
1030 1059
1031 skb = skb_peek(TX_QUEUE(sk)); 1060 skb = skb_peek(&chan->tx_q);
1032 if (!skb) 1061 if (!skb)
1033 return; 1062 return;
1034 1063
@@ -1036,14 +1065,14 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1036 if (bt_cb(skb)->tx_seq == tx_seq) 1065 if (bt_cb(skb)->tx_seq == tx_seq)
1037 break; 1066 break;
1038 1067
1039 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1068 if (skb_queue_is_last(&chan->tx_q, skb))
1040 return; 1069 return;
1041 1070
1042 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb))); 1071 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
1043 1072
1044 if (pi->remote_max_tx && 1073 if (chan->remote_max_tx &&
1045 bt_cb(skb)->retries == pi->remote_max_tx) { 1074 bt_cb(skb)->retries == chan->remote_max_tx) {
1046 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1075 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1047 return; 1076 return;
1048 } 1077 }
1049 1078
@@ -1051,12 +1080,12 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1051 bt_cb(skb)->retries++; 1080 bt_cb(skb)->retries++;
1052 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1053 1082
1054 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1083 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1055 control |= L2CAP_CTRL_FINAL; 1084 control |= L2CAP_CTRL_FINAL;
1056 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1085 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1057 } 1086 }
1058 1087
1059 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1088 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1060 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1089 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1061 1090
1062 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1091 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
@@ -1069,9 +1098,10 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1069 l2cap_do_send(sk, tx_skb); 1098 l2cap_do_send(sk, tx_skb);
1070} 1099}
1071 1100
1072int l2cap_ertm_send(struct sock *sk) 1101int l2cap_ertm_send(struct l2cap_chan *chan)
1073{ 1102{
1074 struct sk_buff *skb, *tx_skb; 1103 struct sk_buff *skb, *tx_skb;
1104 struct sock *sk = chan->sk;
1075 struct l2cap_pinfo *pi = l2cap_pi(sk); 1105 struct l2cap_pinfo *pi = l2cap_pi(sk);
1076 u16 control, fcs; 1106 u16 control, fcs;
1077 int nsent = 0; 1107 int nsent = 0;
@@ -1079,11 +1109,11 @@ int l2cap_ertm_send(struct sock *sk)
1079 if (sk->sk_state != BT_CONNECTED) 1109 if (sk->sk_state != BT_CONNECTED)
1080 return -ENOTCONN; 1110 return -ENOTCONN;
1081 1111
1082 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) { 1112 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1083 1113
1084 if (pi->remote_max_tx && 1114 if (chan->remote_max_tx &&
1085 bt_cb(skb)->retries == pi->remote_max_tx) { 1115 bt_cb(skb)->retries == chan->remote_max_tx) {
1086 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1116 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1087 break; 1117 break;
1088 } 1118 }
1089 1119
@@ -1094,12 +1124,12 @@ int l2cap_ertm_send(struct sock *sk)
1094 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1124 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1095 control &= L2CAP_CTRL_SAR; 1125 control &= L2CAP_CTRL_SAR;
1096 1126
1097 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1127 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1098 control |= L2CAP_CTRL_FINAL; 1128 control |= L2CAP_CTRL_FINAL;
1099 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1129 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1100 } 1130 }
1101 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1131 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1102 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1132 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1103 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1133 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1104 1134
1105 1135
@@ -1112,18 +1142,18 @@ int l2cap_ertm_send(struct sock *sk)
1112 1142
1113 __mod_retrans_timer(); 1143 __mod_retrans_timer();
1114 1144
1115 bt_cb(skb)->tx_seq = pi->next_tx_seq; 1145 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1116 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1146 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1117 1147
1118 if (bt_cb(skb)->retries == 1) 1148 if (bt_cb(skb)->retries == 1)
1119 pi->unacked_frames++; 1149 chan->unacked_frames++;
1120 1150
1121 pi->frames_sent++; 1151 chan->frames_sent++;
1122 1152
1123 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1153 if (skb_queue_is_last(&chan->tx_q, skb))
1124 sk->sk_send_head = NULL; 1154 chan->tx_send_head = NULL;
1125 else 1155 else
1126 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); 1156 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1127 1157
1128 nsent++; 1158 nsent++;
1129 } 1159 }
@@ -1131,41 +1161,39 @@ int l2cap_ertm_send(struct sock *sk)
1131 return nsent; 1161 return nsent;
1132} 1162}
1133 1163
1134static int l2cap_retransmit_frames(struct sock *sk) 1164static int l2cap_retransmit_frames(struct l2cap_chan *chan)
1135{ 1165{
1136 struct l2cap_pinfo *pi = l2cap_pi(sk);
1137 int ret; 1166 int ret;
1138 1167
1139 if (!skb_queue_empty(TX_QUEUE(sk))) 1168 if (!skb_queue_empty(&chan->tx_q))
1140 sk->sk_send_head = TX_QUEUE(sk)->next; 1169 chan->tx_send_head = chan->tx_q.next;
1141 1170
1142 pi->next_tx_seq = pi->expected_ack_seq; 1171 chan->next_tx_seq = chan->expected_ack_seq;
1143 ret = l2cap_ertm_send(sk); 1172 ret = l2cap_ertm_send(chan);
1144 return ret; 1173 return ret;
1145} 1174}
1146 1175
1147static void l2cap_send_ack(struct l2cap_pinfo *pi) 1176static void l2cap_send_ack(struct l2cap_chan *chan)
1148{ 1177{
1149 struct sock *sk = (struct sock *)pi;
1150 u16 control = 0; 1178 u16 control = 0;
1151 1179
1152 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1180 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1153 1181
1154 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 1182 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1155 control |= L2CAP_SUPER_RCV_NOT_READY; 1183 control |= L2CAP_SUPER_RCV_NOT_READY;
1156 pi->conn_state |= L2CAP_CONN_RNR_SENT; 1184 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1157 l2cap_send_sframe(pi, control); 1185 l2cap_send_sframe(chan, control);
1158 return; 1186 return;
1159 } 1187 }
1160 1188
1161 if (l2cap_ertm_send(sk) > 0) 1189 if (l2cap_ertm_send(chan) > 0)
1162 return; 1190 return;
1163 1191
1164 control |= L2CAP_SUPER_RCV_READY; 1192 control |= L2CAP_SUPER_RCV_READY;
1165 l2cap_send_sframe(pi, control); 1193 l2cap_send_sframe(chan, control);
1166} 1194}
1167 1195
1168static void l2cap_send_srejtail(struct sock *sk) 1196static void l2cap_send_srejtail(struct l2cap_chan *chan)
1169{ 1197{
1170 struct srej_list *tail; 1198 struct srej_list *tail;
1171 u16 control; 1199 u16 control;
@@ -1173,10 +1201,10 @@ static void l2cap_send_srejtail(struct sock *sk)
1173 control = L2CAP_SUPER_SELECT_REJECT; 1201 control = L2CAP_SUPER_SELECT_REJECT;
1174 control |= L2CAP_CTRL_FINAL; 1202 control |= L2CAP_CTRL_FINAL;
1175 1203
1176 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list); 1204 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
1177 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1205 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1178 1206
1179 l2cap_send_sframe(l2cap_pi(sk), control); 1207 l2cap_send_sframe(chan, control);
1180} 1208}
1181 1209
1182static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1210static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
@@ -1313,9 +1341,9 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1313 return skb; 1341 return skb;
1314} 1342}
1315 1343
1316int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len) 1344int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1317{ 1345{
1318 struct l2cap_pinfo *pi = l2cap_pi(sk); 1346 struct sock *sk = chan->sk;
1319 struct sk_buff *skb; 1347 struct sk_buff *skb;
1320 struct sk_buff_head sar_queue; 1348 struct sk_buff_head sar_queue;
1321 u16 control; 1349 u16 control;
@@ -1323,20 +1351,20 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1323 1351
1324 skb_queue_head_init(&sar_queue); 1352 skb_queue_head_init(&sar_queue);
1325 control = L2CAP_SDU_START; 1353 control = L2CAP_SDU_START;
1326 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len); 1354 skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len);
1327 if (IS_ERR(skb)) 1355 if (IS_ERR(skb))
1328 return PTR_ERR(skb); 1356 return PTR_ERR(skb);
1329 1357
1330 __skb_queue_tail(&sar_queue, skb); 1358 __skb_queue_tail(&sar_queue, skb);
1331 len -= pi->remote_mps; 1359 len -= chan->remote_mps;
1332 size += pi->remote_mps; 1360 size += chan->remote_mps;
1333 1361
1334 while (len > 0) { 1362 while (len > 0) {
1335 size_t buflen; 1363 size_t buflen;
1336 1364
1337 if (len > pi->remote_mps) { 1365 if (len > chan->remote_mps) {
1338 control = L2CAP_SDU_CONTINUE; 1366 control = L2CAP_SDU_CONTINUE;
1339 buflen = pi->remote_mps; 1367 buflen = chan->remote_mps;
1340 } else { 1368 } else {
1341 control = L2CAP_SDU_END; 1369 control = L2CAP_SDU_END;
1342 buflen = len; 1370 buflen = len;
@@ -1352,9 +1380,9 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1352 len -= buflen; 1380 len -= buflen;
1353 size += buflen; 1381 size += buflen;
1354 } 1382 }
1355 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1383 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1356 if (sk->sk_send_head == NULL) 1384 if (chan->tx_send_head == NULL)
1357 sk->sk_send_head = sar_queue.next; 1385 chan->tx_send_head = sar_queue.next;
1358 1386
1359 return size; 1387 return size;
1360} 1388}
@@ -1385,14 +1413,14 @@ static void l2cap_chan_ready(struct sock *sk)
1385/* Copy frame to all raw sockets on that connection */ 1413/* Copy frame to all raw sockets on that connection */
1386static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) 1414static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1387{ 1415{
1388 struct l2cap_chan_list *l = &conn->chan_list;
1389 struct sk_buff *nskb; 1416 struct sk_buff *nskb;
1390 struct sock *sk; 1417 struct l2cap_chan *chan;
1391 1418
1392 BT_DBG("conn %p", conn); 1419 BT_DBG("conn %p", conn);
1393 1420
1394 read_lock(&l->lock); 1421 read_lock(&conn->chan_lock);
1395 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 1422 list_for_each_entry(chan, &conn->chan_l, list) {
1423 struct sock *sk = chan->sk;
1396 if (sk->sk_type != SOCK_RAW) 1424 if (sk->sk_type != SOCK_RAW)
1397 continue; 1425 continue;
1398 1426
@@ -1406,7 +1434,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1406 if (sock_queue_rcv_skb(sk, nskb)) 1434 if (sock_queue_rcv_skb(sk, nskb))
1407 kfree_skb(nskb); 1435 kfree_skb(nskb);
1408 } 1436 }
1409 read_unlock(&l->lock); 1437 read_unlock(&conn->chan_lock);
1410} 1438}
1411 1439
1412/* ---- L2CAP signalling commands ---- */ 1440/* ---- L2CAP signalling commands ---- */
@@ -1538,32 +1566,35 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1538 1566
1539static void l2cap_ack_timeout(unsigned long arg) 1567static void l2cap_ack_timeout(unsigned long arg)
1540{ 1568{
1541 struct sock *sk = (void *) arg; 1569 struct l2cap_chan *chan = (void *) arg;
1542 1570
1543 bh_lock_sock(sk); 1571 bh_lock_sock(chan->sk);
1544 l2cap_send_ack(l2cap_pi(sk)); 1572 l2cap_send_ack(chan);
1545 bh_unlock_sock(sk); 1573 bh_unlock_sock(chan->sk);
1546} 1574}
1547 1575
1548static inline void l2cap_ertm_init(struct sock *sk) 1576static inline void l2cap_ertm_init(struct l2cap_chan *chan)
1549{ 1577{
1550 l2cap_pi(sk)->expected_ack_seq = 0; 1578 struct sock *sk = chan->sk;
1551 l2cap_pi(sk)->unacked_frames = 0; 1579
1552 l2cap_pi(sk)->buffer_seq = 0; 1580 chan->expected_ack_seq = 0;
1553 l2cap_pi(sk)->num_acked = 0; 1581 chan->unacked_frames = 0;
1554 l2cap_pi(sk)->frames_sent = 0; 1582 chan->buffer_seq = 0;
1583 chan->num_acked = 0;
1584 chan->frames_sent = 0;
1555 1585
1556 setup_timer(&l2cap_pi(sk)->retrans_timer, 1586 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1557 l2cap_retrans_timeout, (unsigned long) sk); 1587 (unsigned long) chan);
1558 setup_timer(&l2cap_pi(sk)->monitor_timer, 1588 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1559 l2cap_monitor_timeout, (unsigned long) sk); 1589 (unsigned long) chan);
1560 setup_timer(&l2cap_pi(sk)->ack_timer, 1590 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
1561 l2cap_ack_timeout, (unsigned long) sk);
1562 1591
1563 __skb_queue_head_init(SREJ_QUEUE(sk)); 1592 skb_queue_head_init(&chan->srej_q);
1564 __skb_queue_head_init(BUSY_QUEUE(sk)); 1593 skb_queue_head_init(&chan->busy_q);
1565 1594
1566 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work); 1595 INIT_LIST_HEAD(&chan->srej_l);
1596
1597 INIT_WORK(&chan->busy_work, l2cap_busy_work);
1567 1598
1568 sk->sk_backlog_rcv = l2cap_ertm_data_rcv; 1599 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1569} 1600}
@@ -1581,16 +1612,16 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1581 } 1612 }
1582} 1613}
1583 1614
1584int l2cap_build_conf_req(struct sock *sk, void *data) 1615static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1585{ 1616{
1586 struct l2cap_pinfo *pi = l2cap_pi(sk); 1617 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1587 struct l2cap_conf_req *req = data; 1618 struct l2cap_conf_req *req = data;
1588 struct l2cap_conf_rfc rfc = { .mode = pi->mode }; 1619 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1589 void *ptr = req->data; 1620 void *ptr = req->data;
1590 1621
1591 BT_DBG("sk %p", sk); 1622 BT_DBG("chan %p", chan);
1592 1623
1593 if (pi->num_conf_req || pi->num_conf_rsp) 1624 if (chan->num_conf_req || chan->num_conf_rsp)
1594 goto done; 1625 goto done;
1595 1626
1596 switch (pi->mode) { 1627 switch (pi->mode) {
@@ -1679,20 +1710,20 @@ done:
1679 return ptr - data; 1710 return ptr - data;
1680} 1711}
1681 1712
1682static int l2cap_parse_conf_req(struct sock *sk, void *data) 1713static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1683{ 1714{
1684 struct l2cap_pinfo *pi = l2cap_pi(sk); 1715 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1685 struct l2cap_conf_rsp *rsp = data; 1716 struct l2cap_conf_rsp *rsp = data;
1686 void *ptr = rsp->data; 1717 void *ptr = rsp->data;
1687 void *req = pi->conf_req; 1718 void *req = chan->conf_req;
1688 int len = pi->conf_len; 1719 int len = chan->conf_len;
1689 int type, hint, olen; 1720 int type, hint, olen;
1690 unsigned long val; 1721 unsigned long val;
1691 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 1722 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1692 u16 mtu = L2CAP_DEFAULT_MTU; 1723 u16 mtu = L2CAP_DEFAULT_MTU;
1693 u16 result = L2CAP_CONF_SUCCESS; 1724 u16 result = L2CAP_CONF_SUCCESS;
1694 1725
1695 BT_DBG("sk %p", sk); 1726 BT_DBG("chan %p", chan);
1696 1727
1697 while (len >= L2CAP_CONF_OPT_SIZE) { 1728 while (len >= L2CAP_CONF_OPT_SIZE) {
1698 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); 1729 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
@@ -1733,7 +1764,7 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1733 } 1764 }
1734 } 1765 }
1735 1766
1736 if (pi->num_conf_rsp || pi->num_conf_req > 1) 1767 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1737 goto done; 1768 goto done;
1738 1769
1739 switch (pi->mode) { 1770 switch (pi->mode) {
@@ -1756,7 +1787,7 @@ done:
1756 result = L2CAP_CONF_UNACCEPT; 1787 result = L2CAP_CONF_UNACCEPT;
1757 rfc.mode = pi->mode; 1788 rfc.mode = pi->mode;
1758 1789
1759 if (pi->num_conf_rsp == 1) 1790 if (chan->num_conf_rsp == 1)
1760 return -ECONNREFUSED; 1791 return -ECONNREFUSED;
1761 1792
1762 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1793 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
@@ -1783,13 +1814,13 @@ done:
1783 break; 1814 break;
1784 1815
1785 case L2CAP_MODE_ERTM: 1816 case L2CAP_MODE_ERTM:
1786 pi->remote_tx_win = rfc.txwin_size; 1817 chan->remote_tx_win = rfc.txwin_size;
1787 pi->remote_max_tx = rfc.max_transmit; 1818 chan->remote_max_tx = rfc.max_transmit;
1788 1819
1789 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1820 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1790 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1821 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1791 1822
1792 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1823 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1793 1824
1794 rfc.retrans_timeout = 1825 rfc.retrans_timeout =
1795 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO); 1826 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
@@ -1807,7 +1838,7 @@ done:
1807 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1838 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1808 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1839 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1809 1840
1810 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1841 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1811 1842
1812 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1843 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1813 1844
@@ -1916,6 +1947,31 @@ static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 fla
1916 return ptr - data; 1947 return ptr - data;
1917} 1948}
1918 1949
1950void __l2cap_connect_rsp_defer(struct sock *sk)
1951{
1952 struct l2cap_conn_rsp rsp;
1953 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1954 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1955 u8 buf[128];
1956
1957 sk->sk_state = BT_CONFIG;
1958
1959 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1960 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1961 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1962 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1963 l2cap_send_cmd(conn, chan->ident,
1964 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1965
1966 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
1967 return;
1968
1969 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1970 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1971 l2cap_build_conf_req(chan, buf), buf);
1972 chan->num_conf_req++;
1973}
1974
1919static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len) 1975static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1920{ 1976{
1921 struct l2cap_pinfo *pi = l2cap_pi(sk); 1977 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -1973,9 +2029,9 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
1973 2029
1974static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2030static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1975{ 2031{
1976 struct l2cap_chan_list *list = &conn->chan_list;
1977 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 2032 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1978 struct l2cap_conn_rsp rsp; 2033 struct l2cap_conn_rsp rsp;
2034 struct l2cap_chan *chan = NULL;
1979 struct sock *parent, *sk = NULL; 2035 struct sock *parent, *sk = NULL;
1980 int result, status = L2CAP_CS_NO_INFO; 2036 int result, status = L2CAP_CS_NO_INFO;
1981 2037
@@ -2013,11 +2069,17 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2013 if (!sk) 2069 if (!sk)
2014 goto response; 2070 goto response;
2015 2071
2016 write_lock_bh(&list->lock); 2072 chan = l2cap_chan_alloc(sk);
2073 if (!chan) {
2074 l2cap_sock_kill(sk);
2075 goto response;
2076 }
2077
2078 write_lock_bh(&conn->chan_lock);
2017 2079
2018 /* Check if we already have channel with that dcid */ 2080 /* Check if we already have channel with that dcid */
2019 if (__l2cap_get_chan_by_dcid(list, scid)) { 2081 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2020 write_unlock_bh(&list->lock); 2082 write_unlock_bh(&conn->chan_lock);
2021 sock_set_flag(sk, SOCK_ZAPPED); 2083 sock_set_flag(sk, SOCK_ZAPPED);
2022 l2cap_sock_kill(sk); 2084 l2cap_sock_kill(sk);
2023 goto response; 2085 goto response;
@@ -2033,12 +2095,15 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2033 2095
2034 bt_accept_enqueue(parent, sk); 2096 bt_accept_enqueue(parent, sk);
2035 2097
2036 __l2cap_chan_add(conn, sk); 2098 __l2cap_chan_add(conn, chan);
2099
2100 l2cap_pi(sk)->chan = chan;
2101
2037 dcid = l2cap_pi(sk)->scid; 2102 dcid = l2cap_pi(sk)->scid;
2038 2103
2039 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 2104 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2040 2105
2041 l2cap_pi(sk)->ident = cmd->ident; 2106 chan->ident = cmd->ident;
2042 2107
2043 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2108 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2044 if (l2cap_check_security(sk)) { 2109 if (l2cap_check_security(sk)) {
@@ -2063,7 +2128,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2063 status = L2CAP_CS_NO_INFO; 2128 status = L2CAP_CS_NO_INFO;
2064 } 2129 }
2065 2130
2066 write_unlock_bh(&list->lock); 2131 write_unlock_bh(&conn->chan_lock);
2067 2132
2068response: 2133response:
2069 bh_unlock_sock(parent); 2134 bh_unlock_sock(parent);
@@ -2089,13 +2154,13 @@ sendresp:
2089 L2CAP_INFO_REQ, sizeof(info), &info); 2154 L2CAP_INFO_REQ, sizeof(info), &info);
2090 } 2155 }
2091 2156
2092 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) && 2157 if (chan && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
2093 result == L2CAP_CR_SUCCESS) { 2158 result == L2CAP_CR_SUCCESS) {
2094 u8 buf[128]; 2159 u8 buf[128];
2095 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2160 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2096 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2161 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2097 l2cap_build_conf_req(sk, buf), buf); 2162 l2cap_build_conf_req(chan, buf), buf);
2098 l2cap_pi(sk)->num_conf_req++; 2163 chan->num_conf_req++;
2099 } 2164 }
2100 2165
2101 return 0; 2166 return 0;
@@ -2105,6 +2170,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2105{ 2170{
2106 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 2171 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2107 u16 scid, dcid, result, status; 2172 u16 scid, dcid, result, status;
2173 struct l2cap_chan *chan;
2108 struct sock *sk; 2174 struct sock *sk;
2109 u8 req[128]; 2175 u8 req[128];
2110 2176
@@ -2116,19 +2182,21 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2116 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status); 2182 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2117 2183
2118 if (scid) { 2184 if (scid) {
2119 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2185 chan = l2cap_get_chan_by_scid(conn, scid);
2120 if (!sk) 2186 if (!chan)
2121 return -EFAULT; 2187 return -EFAULT;
2122 } else { 2188 } else {
2123 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident); 2189 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
2124 if (!sk) 2190 if (!chan)
2125 return -EFAULT; 2191 return -EFAULT;
2126 } 2192 }
2127 2193
2194 sk = chan->sk;
2195
2128 switch (result) { 2196 switch (result) {
2129 case L2CAP_CR_SUCCESS: 2197 case L2CAP_CR_SUCCESS:
2130 sk->sk_state = BT_CONFIG; 2198 sk->sk_state = BT_CONFIG;
2131 l2cap_pi(sk)->ident = 0; 2199 chan->ident = 0;
2132 l2cap_pi(sk)->dcid = dcid; 2200 l2cap_pi(sk)->dcid = dcid;
2133 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 2201 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2134 2202
@@ -2138,8 +2206,8 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2138 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2206 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2139 2207
2140 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2208 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2141 l2cap_build_conf_req(sk, req), req); 2209 l2cap_build_conf_req(chan, req), req);
2142 l2cap_pi(sk)->num_conf_req++; 2210 chan->num_conf_req++;
2143 break; 2211 break;
2144 2212
2145 case L2CAP_CR_PEND: 2213 case L2CAP_CR_PEND:
@@ -2155,7 +2223,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2155 break; 2223 break;
2156 } 2224 }
2157 2225
2158 l2cap_chan_del(sk, ECONNREFUSED); 2226 l2cap_chan_del(chan, ECONNREFUSED);
2159 break; 2227 break;
2160 } 2228 }
2161 2229
@@ -2179,6 +2247,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2179 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 2247 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2180 u16 dcid, flags; 2248 u16 dcid, flags;
2181 u8 rsp[64]; 2249 u8 rsp[64];
2250 struct l2cap_chan *chan;
2182 struct sock *sk; 2251 struct sock *sk;
2183 int len; 2252 int len;
2184 2253
@@ -2187,10 +2256,12 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2187 2256
2188 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags); 2257 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2189 2258
2190 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2259 chan = l2cap_get_chan_by_scid(conn, dcid);
2191 if (!sk) 2260 if (!chan)
2192 return -ENOENT; 2261 return -ENOENT;
2193 2262
2263 sk = chan->sk;
2264
2194 if (sk->sk_state != BT_CONFIG) { 2265 if (sk->sk_state != BT_CONFIG) {
2195 struct l2cap_cmd_rej rej; 2266 struct l2cap_cmd_rej rej;
2196 2267
@@ -2202,7 +2273,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2202 2273
2203 /* Reject if config buffer is too small. */ 2274 /* Reject if config buffer is too small. */
2204 len = cmd_len - sizeof(*req); 2275 len = cmd_len - sizeof(*req);
2205 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { 2276 if (chan->conf_len + len > sizeof(chan->conf_req)) {
2206 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2277 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2207 l2cap_build_conf_rsp(sk, rsp, 2278 l2cap_build_conf_rsp(sk, rsp,
2208 L2CAP_CONF_REJECT, flags), rsp); 2279 L2CAP_CONF_REJECT, flags), rsp);
@@ -2210,8 +2281,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2210 } 2281 }
2211 2282
2212 /* Store config. */ 2283 /* Store config. */
2213 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); 2284 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2214 l2cap_pi(sk)->conf_len += len; 2285 chan->conf_len += len;
2215 2286
2216 if (flags & 0x0001) { 2287 if (flags & 0x0001) {
2217 /* Incomplete config. Send empty response. */ 2288 /* Incomplete config. Send empty response. */
@@ -2222,17 +2293,17 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2222 } 2293 }
2223 2294
2224 /* Complete config. */ 2295 /* Complete config. */
2225 len = l2cap_parse_conf_req(sk, rsp); 2296 len = l2cap_parse_conf_req(chan, rsp);
2226 if (len < 0) { 2297 if (len < 0) {
2227 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2298 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2228 goto unlock; 2299 goto unlock;
2229 } 2300 }
2230 2301
2231 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 2302 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2232 l2cap_pi(sk)->num_conf_rsp++; 2303 chan->num_conf_rsp++;
2233 2304
2234 /* Reset config buffer. */ 2305 /* Reset config buffer. */
2235 l2cap_pi(sk)->conf_len = 0; 2306 chan->conf_len = 0;
2236 2307
2237 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 2308 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2238 goto unlock; 2309 goto unlock;
@@ -2242,11 +2313,11 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2242 2313
2243 sk->sk_state = BT_CONNECTED; 2314 sk->sk_state = BT_CONNECTED;
2244 2315
2245 l2cap_pi(sk)->next_tx_seq = 0; 2316 chan->next_tx_seq = 0;
2246 l2cap_pi(sk)->expected_tx_seq = 0; 2317 chan->expected_tx_seq = 0;
2247 __skb_queue_head_init(TX_QUEUE(sk)); 2318 skb_queue_head_init(&chan->tx_q);
2248 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2319 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2249 l2cap_ertm_init(sk); 2320 l2cap_ertm_init(chan);
2250 2321
2251 l2cap_chan_ready(sk); 2322 l2cap_chan_ready(sk);
2252 goto unlock; 2323 goto unlock;
@@ -2256,8 +2327,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2256 u8 buf[64]; 2327 u8 buf[64];
2257 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2328 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2258 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2329 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2259 l2cap_build_conf_req(sk, buf), buf); 2330 l2cap_build_conf_req(chan, buf), buf);
2260 l2cap_pi(sk)->num_conf_req++; 2331 chan->num_conf_req++;
2261 } 2332 }
2262 2333
2263unlock: 2334unlock:
@@ -2269,6 +2340,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2269{ 2340{
2270 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 2341 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2271 u16 scid, flags, result; 2342 u16 scid, flags, result;
2343 struct l2cap_chan *chan;
2272 struct sock *sk; 2344 struct sock *sk;
2273 int len = cmd->len - sizeof(*rsp); 2345 int len = cmd->len - sizeof(*rsp);
2274 2346
@@ -2279,21 +2351,23 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2279 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", 2351 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2280 scid, flags, result); 2352 scid, flags, result);
2281 2353
2282 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2354 chan = l2cap_get_chan_by_scid(conn, scid);
2283 if (!sk) 2355 if (!chan)
2284 return 0; 2356 return 0;
2285 2357
2358 sk = chan->sk;
2359
2286 switch (result) { 2360 switch (result) {
2287 case L2CAP_CONF_SUCCESS: 2361 case L2CAP_CONF_SUCCESS:
2288 l2cap_conf_rfc_get(sk, rsp->data, len); 2362 l2cap_conf_rfc_get(sk, rsp->data, len);
2289 break; 2363 break;
2290 2364
2291 case L2CAP_CONF_UNACCEPT: 2365 case L2CAP_CONF_UNACCEPT:
2292 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { 2366 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2293 char req[64]; 2367 char req[64];
2294 2368
2295 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 2369 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2296 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2370 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2297 goto done; 2371 goto done;
2298 } 2372 }
2299 2373
@@ -2302,13 +2376,13 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2302 len = l2cap_parse_conf_rsp(sk, rsp->data, 2376 len = l2cap_parse_conf_rsp(sk, rsp->data,
2303 len, req, &result); 2377 len, req, &result);
2304 if (len < 0) { 2378 if (len < 0) {
2305 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2379 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2306 goto done; 2380 goto done;
2307 } 2381 }
2308 2382
2309 l2cap_send_cmd(conn, l2cap_get_ident(conn), 2383 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2310 L2CAP_CONF_REQ, len, req); 2384 L2CAP_CONF_REQ, len, req);
2311 l2cap_pi(sk)->num_conf_req++; 2385 chan->num_conf_req++;
2312 if (result != L2CAP_CONF_SUCCESS) 2386 if (result != L2CAP_CONF_SUCCESS)
2313 goto done; 2387 goto done;
2314 break; 2388 break;
@@ -2317,7 +2391,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2317 default: 2391 default:
2318 sk->sk_err = ECONNRESET; 2392 sk->sk_err = ECONNRESET;
2319 l2cap_sock_set_timer(sk, HZ * 5); 2393 l2cap_sock_set_timer(sk, HZ * 5);
2320 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2394 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2321 goto done; 2395 goto done;
2322 } 2396 }
2323 2397
@@ -2330,11 +2404,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2330 set_default_fcs(l2cap_pi(sk)); 2404 set_default_fcs(l2cap_pi(sk));
2331 2405
2332 sk->sk_state = BT_CONNECTED; 2406 sk->sk_state = BT_CONNECTED;
2333 l2cap_pi(sk)->next_tx_seq = 0; 2407 chan->next_tx_seq = 0;
2334 l2cap_pi(sk)->expected_tx_seq = 0; 2408 chan->expected_tx_seq = 0;
2335 __skb_queue_head_init(TX_QUEUE(sk)); 2409 skb_queue_head_init(&chan->tx_q);
2336 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2410 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2337 l2cap_ertm_init(sk); 2411 l2cap_ertm_init(chan);
2338 2412
2339 l2cap_chan_ready(sk); 2413 l2cap_chan_ready(sk);
2340 } 2414 }
@@ -2349,6 +2423,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2349 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 2423 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2350 struct l2cap_disconn_rsp rsp; 2424 struct l2cap_disconn_rsp rsp;
2351 u16 dcid, scid; 2425 u16 dcid, scid;
2426 struct l2cap_chan *chan;
2352 struct sock *sk; 2427 struct sock *sk;
2353 2428
2354 scid = __le16_to_cpu(req->scid); 2429 scid = __le16_to_cpu(req->scid);
@@ -2356,10 +2431,12 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2356 2431
2357 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid); 2432 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2358 2433
2359 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2434 chan = l2cap_get_chan_by_scid(conn, dcid);
2360 if (!sk) 2435 if (!chan)
2361 return 0; 2436 return 0;
2362 2437
2438 sk = chan->sk;
2439
2363 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2440 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2364 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2441 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2365 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2442 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
@@ -2375,7 +2452,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2375 return 0; 2452 return 0;
2376 } 2453 }
2377 2454
2378 l2cap_chan_del(sk, ECONNRESET); 2455 l2cap_chan_del(chan, ECONNRESET);
2379 bh_unlock_sock(sk); 2456 bh_unlock_sock(sk);
2380 2457
2381 l2cap_sock_kill(sk); 2458 l2cap_sock_kill(sk);
@@ -2386,6 +2463,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2386{ 2463{
2387 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 2464 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2388 u16 dcid, scid; 2465 u16 dcid, scid;
2466 struct l2cap_chan *chan;
2389 struct sock *sk; 2467 struct sock *sk;
2390 2468
2391 scid = __le16_to_cpu(rsp->scid); 2469 scid = __le16_to_cpu(rsp->scid);
@@ -2393,10 +2471,12 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2393 2471
2394 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid); 2472 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2395 2473
2396 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2474 chan = l2cap_get_chan_by_scid(conn, scid);
2397 if (!sk) 2475 if (!chan)
2398 return 0; 2476 return 0;
2399 2477
2478 sk = chan->sk;
2479
2400 /* don't delete l2cap channel if sk is owned by user */ 2480 /* don't delete l2cap channel if sk is owned by user */
2401 if (sock_owned_by_user(sk)) { 2481 if (sock_owned_by_user(sk)) {
2402 sk->sk_state = BT_DISCONN; 2482 sk->sk_state = BT_DISCONN;
@@ -2406,7 +2486,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2406 return 0; 2486 return 0;
2407 } 2487 }
2408 2488
2409 l2cap_chan_del(sk, 0); 2489 l2cap_chan_del(chan, 0);
2410 bh_unlock_sock(sk); 2490 bh_unlock_sock(sk);
2411 2491
2412 l2cap_sock_kill(sk); 2492 l2cap_sock_kill(sk);
@@ -2709,49 +2789,47 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2709 return 0; 2789 return 0;
2710} 2790}
2711 2791
2712static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk) 2792static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
2713{ 2793{
2714 struct l2cap_pinfo *pi = l2cap_pi(sk);
2715 u16 control = 0; 2794 u16 control = 0;
2716 2795
2717 pi->frames_sent = 0; 2796 chan->frames_sent = 0;
2718 2797
2719 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2798 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2720 2799
2721 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 2800 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2722 control |= L2CAP_SUPER_RCV_NOT_READY; 2801 control |= L2CAP_SUPER_RCV_NOT_READY;
2723 l2cap_send_sframe(pi, control); 2802 l2cap_send_sframe(chan, control);
2724 pi->conn_state |= L2CAP_CONN_RNR_SENT; 2803 chan->conn_state |= L2CAP_CONN_RNR_SENT;
2725 } 2804 }
2726 2805
2727 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY) 2806 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
2728 l2cap_retransmit_frames(sk); 2807 l2cap_retransmit_frames(chan);
2729 2808
2730 l2cap_ertm_send(sk); 2809 l2cap_ertm_send(chan);
2731 2810
2732 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) && 2811 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2733 pi->frames_sent == 0) { 2812 chan->frames_sent == 0) {
2734 control |= L2CAP_SUPER_RCV_READY; 2813 control |= L2CAP_SUPER_RCV_READY;
2735 l2cap_send_sframe(pi, control); 2814 l2cap_send_sframe(chan, control);
2736 } 2815 }
2737} 2816}
2738 2817
2739static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 2818static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
2740{ 2819{
2741 struct sk_buff *next_skb; 2820 struct sk_buff *next_skb;
2742 struct l2cap_pinfo *pi = l2cap_pi(sk);
2743 int tx_seq_offset, next_tx_seq_offset; 2821 int tx_seq_offset, next_tx_seq_offset;
2744 2822
2745 bt_cb(skb)->tx_seq = tx_seq; 2823 bt_cb(skb)->tx_seq = tx_seq;
2746 bt_cb(skb)->sar = sar; 2824 bt_cb(skb)->sar = sar;
2747 2825
2748 next_skb = skb_peek(SREJ_QUEUE(sk)); 2826 next_skb = skb_peek(&chan->srej_q);
2749 if (!next_skb) { 2827 if (!next_skb) {
2750 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2828 __skb_queue_tail(&chan->srej_q, skb);
2751 return 0; 2829 return 0;
2752 } 2830 }
2753 2831
2754 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 2832 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
2755 if (tx_seq_offset < 0) 2833 if (tx_seq_offset < 0)
2756 tx_seq_offset += 64; 2834 tx_seq_offset += 64;
2757 2835
@@ -2760,53 +2838,53 @@ static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_s
2760 return -EINVAL; 2838 return -EINVAL;
2761 2839
2762 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq - 2840 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2763 pi->buffer_seq) % 64; 2841 chan->buffer_seq) % 64;
2764 if (next_tx_seq_offset < 0) 2842 if (next_tx_seq_offset < 0)
2765 next_tx_seq_offset += 64; 2843 next_tx_seq_offset += 64;
2766 2844
2767 if (next_tx_seq_offset > tx_seq_offset) { 2845 if (next_tx_seq_offset > tx_seq_offset) {
2768 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 2846 __skb_queue_before(&chan->srej_q, next_skb, skb);
2769 return 0; 2847 return 0;
2770 } 2848 }
2771 2849
2772 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb)) 2850 if (skb_queue_is_last(&chan->srej_q, next_skb))
2773 break; 2851 break;
2774 2852
2775 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb))); 2853 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
2776 2854
2777 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2855 __skb_queue_tail(&chan->srej_q, skb);
2778 2856
2779 return 0; 2857 return 0;
2780} 2858}
2781 2859
2782static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 2860static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2783{ 2861{
2784 struct l2cap_pinfo *pi = l2cap_pi(sk); 2862 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2785 struct sk_buff *_skb; 2863 struct sk_buff *_skb;
2786 int err; 2864 int err;
2787 2865
2788 switch (control & L2CAP_CTRL_SAR) { 2866 switch (control & L2CAP_CTRL_SAR) {
2789 case L2CAP_SDU_UNSEGMENTED: 2867 case L2CAP_SDU_UNSEGMENTED:
2790 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2868 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2791 goto drop; 2869 goto drop;
2792 2870
2793 err = sock_queue_rcv_skb(sk, skb); 2871 err = sock_queue_rcv_skb(chan->sk, skb);
2794 if (!err) 2872 if (!err)
2795 return err; 2873 return err;
2796 2874
2797 break; 2875 break;
2798 2876
2799 case L2CAP_SDU_START: 2877 case L2CAP_SDU_START:
2800 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2878 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2801 goto drop; 2879 goto drop;
2802 2880
2803 pi->sdu_len = get_unaligned_le16(skb->data); 2881 chan->sdu_len = get_unaligned_le16(skb->data);
2804 2882
2805 if (pi->sdu_len > pi->imtu) 2883 if (chan->sdu_len > pi->imtu)
2806 goto disconnect; 2884 goto disconnect;
2807 2885
2808 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 2886 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
2809 if (!pi->sdu) 2887 if (!chan->sdu)
2810 return -ENOMEM; 2888 return -ENOMEM;
2811 2889
2812 /* pull sdu_len bytes only after alloc, because of Local Busy 2890 /* pull sdu_len bytes only after alloc, because of Local Busy
@@ -2814,63 +2892,63 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2814 * only once, i.e., when alloc does not fail */ 2892 * only once, i.e., when alloc does not fail */
2815 skb_pull(skb, 2); 2893 skb_pull(skb, 2);
2816 2894
2817 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2895 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2818 2896
2819 pi->conn_state |= L2CAP_CONN_SAR_SDU; 2897 chan->conn_state |= L2CAP_CONN_SAR_SDU;
2820 pi->partial_sdu_len = skb->len; 2898 chan->partial_sdu_len = skb->len;
2821 break; 2899 break;
2822 2900
2823 case L2CAP_SDU_CONTINUE: 2901 case L2CAP_SDU_CONTINUE:
2824 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2902 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2825 goto disconnect; 2903 goto disconnect;
2826 2904
2827 if (!pi->sdu) 2905 if (!chan->sdu)
2828 goto disconnect; 2906 goto disconnect;
2829 2907
2830 pi->partial_sdu_len += skb->len; 2908 chan->partial_sdu_len += skb->len;
2831 if (pi->partial_sdu_len > pi->sdu_len) 2909 if (chan->partial_sdu_len > chan->sdu_len)
2832 goto drop; 2910 goto drop;
2833 2911
2834 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2912 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2835 2913
2836 break; 2914 break;
2837 2915
2838 case L2CAP_SDU_END: 2916 case L2CAP_SDU_END:
2839 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2917 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2840 goto disconnect; 2918 goto disconnect;
2841 2919
2842 if (!pi->sdu) 2920 if (!chan->sdu)
2843 goto disconnect; 2921 goto disconnect;
2844 2922
2845 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) { 2923 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2846 pi->partial_sdu_len += skb->len; 2924 chan->partial_sdu_len += skb->len;
2847 2925
2848 if (pi->partial_sdu_len > pi->imtu) 2926 if (chan->partial_sdu_len > pi->imtu)
2849 goto drop; 2927 goto drop;
2850 2928
2851 if (pi->partial_sdu_len != pi->sdu_len) 2929 if (chan->partial_sdu_len != chan->sdu_len)
2852 goto drop; 2930 goto drop;
2853 2931
2854 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2932 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2855 } 2933 }
2856 2934
2857 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 2935 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
2858 if (!_skb) { 2936 if (!_skb) {
2859 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2937 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2860 return -ENOMEM; 2938 return -ENOMEM;
2861 } 2939 }
2862 2940
2863 err = sock_queue_rcv_skb(sk, _skb); 2941 err = sock_queue_rcv_skb(chan->sk, _skb);
2864 if (err < 0) { 2942 if (err < 0) {
2865 kfree_skb(_skb); 2943 kfree_skb(_skb);
2866 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2944 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2867 return err; 2945 return err;
2868 } 2946 }
2869 2947
2870 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY; 2948 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2871 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 2949 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
2872 2950
2873 kfree_skb(pi->sdu); 2951 kfree_skb(chan->sdu);
2874 break; 2952 break;
2875 } 2953 }
2876 2954
@@ -2878,51 +2956,50 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2878 return 0; 2956 return 0;
2879 2957
2880drop: 2958drop:
2881 kfree_skb(pi->sdu); 2959 kfree_skb(chan->sdu);
2882 pi->sdu = NULL; 2960 chan->sdu = NULL;
2883 2961
2884disconnect: 2962disconnect:
2885 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 2963 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
2886 kfree_skb(skb); 2964 kfree_skb(skb);
2887 return 0; 2965 return 0;
2888} 2966}
2889 2967
2890static int l2cap_try_push_rx_skb(struct sock *sk) 2968static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
2891{ 2969{
2892 struct l2cap_pinfo *pi = l2cap_pi(sk);
2893 struct sk_buff *skb; 2970 struct sk_buff *skb;
2894 u16 control; 2971 u16 control;
2895 int err; 2972 int err;
2896 2973
2897 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) { 2974 while ((skb = skb_dequeue(&chan->busy_q))) {
2898 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 2975 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2899 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 2976 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2900 if (err < 0) { 2977 if (err < 0) {
2901 skb_queue_head(BUSY_QUEUE(sk), skb); 2978 skb_queue_head(&chan->busy_q, skb);
2902 return -EBUSY; 2979 return -EBUSY;
2903 } 2980 }
2904 2981
2905 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 2982 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2906 } 2983 }
2907 2984
2908 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT)) 2985 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
2909 goto done; 2986 goto done;
2910 2987
2911 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2988 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2912 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL; 2989 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2913 l2cap_send_sframe(pi, control); 2990 l2cap_send_sframe(chan, control);
2914 l2cap_pi(sk)->retry_count = 1; 2991 chan->retry_count = 1;
2915 2992
2916 del_timer(&pi->retrans_timer); 2993 del_timer(&chan->retrans_timer);
2917 __mod_monitor_timer(); 2994 __mod_monitor_timer();
2918 2995
2919 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 2996 chan->conn_state |= L2CAP_CONN_WAIT_F;
2920 2997
2921done: 2998done:
2922 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY; 2999 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2923 pi->conn_state &= ~L2CAP_CONN_RNR_SENT; 3000 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
2924 3001
2925 BT_DBG("sk %p, Exit local busy", sk); 3002 BT_DBG("chan %p, Exit local busy", chan);
2926 3003
2927 return 0; 3004 return 0;
2928} 3005}
@@ -2930,21 +3007,21 @@ done:
2930static void l2cap_busy_work(struct work_struct *work) 3007static void l2cap_busy_work(struct work_struct *work)
2931{ 3008{
2932 DECLARE_WAITQUEUE(wait, current); 3009 DECLARE_WAITQUEUE(wait, current);
2933 struct l2cap_pinfo *pi = 3010 struct l2cap_chan *chan =
2934 container_of(work, struct l2cap_pinfo, busy_work); 3011 container_of(work, struct l2cap_chan, busy_work);
2935 struct sock *sk = (struct sock *)pi; 3012 struct sock *sk = chan->sk;
2936 int n_tries = 0, timeo = HZ/5, err; 3013 int n_tries = 0, timeo = HZ/5, err;
2937 struct sk_buff *skb; 3014 struct sk_buff *skb;
2938 3015
2939 lock_sock(sk); 3016 lock_sock(sk);
2940 3017
2941 add_wait_queue(sk_sleep(sk), &wait); 3018 add_wait_queue(sk_sleep(sk), &wait);
2942 while ((skb = skb_peek(BUSY_QUEUE(sk)))) { 3019 while ((skb = skb_peek(&chan->busy_q))) {
2943 set_current_state(TASK_INTERRUPTIBLE); 3020 set_current_state(TASK_INTERRUPTIBLE);
2944 3021
2945 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3022 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2946 err = -EBUSY; 3023 err = -EBUSY;
2947 l2cap_send_disconn_req(pi->conn, sk, EBUSY); 3024 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY);
2948 break; 3025 break;
2949 } 3026 }
2950 3027
@@ -2964,7 +3041,7 @@ static void l2cap_busy_work(struct work_struct *work)
2964 if (err) 3041 if (err)
2965 break; 3042 break;
2966 3043
2967 if (l2cap_try_push_rx_skb(sk) == 0) 3044 if (l2cap_try_push_rx_skb(chan) == 0)
2968 break; 3045 break;
2969 } 3046 }
2970 3047
@@ -2974,48 +3051,47 @@ static void l2cap_busy_work(struct work_struct *work)
2974 release_sock(sk); 3051 release_sock(sk);
2975} 3052}
2976 3053
2977static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control) 3054static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2978{ 3055{
2979 struct l2cap_pinfo *pi = l2cap_pi(sk);
2980 int sctrl, err; 3056 int sctrl, err;
2981 3057
2982 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 3058 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2983 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3059 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2984 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3060 __skb_queue_tail(&chan->busy_q, skb);
2985 return l2cap_try_push_rx_skb(sk); 3061 return l2cap_try_push_rx_skb(chan);
2986 3062
2987 3063
2988 } 3064 }
2989 3065
2990 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 3066 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2991 if (err >= 0) { 3067 if (err >= 0) {
2992 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3068 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2993 return err; 3069 return err;
2994 } 3070 }
2995 3071
2996 /* Busy Condition */ 3072 /* Busy Condition */
2997 BT_DBG("sk %p, Enter local busy", sk); 3073 BT_DBG("chan %p, Enter local busy", chan);
2998 3074
2999 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY; 3075 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3000 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3076 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3001 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3077 __skb_queue_tail(&chan->busy_q, skb);
3002 3078
3003 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3079 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3004 sctrl |= L2CAP_SUPER_RCV_NOT_READY; 3080 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3005 l2cap_send_sframe(pi, sctrl); 3081 l2cap_send_sframe(chan, sctrl);
3006 3082
3007 pi->conn_state |= L2CAP_CONN_RNR_SENT; 3083 chan->conn_state |= L2CAP_CONN_RNR_SENT;
3008 3084
3009 del_timer(&pi->ack_timer); 3085 del_timer(&chan->ack_timer);
3010 3086
3011 queue_work(_busy_wq, &pi->busy_work); 3087 queue_work(_busy_wq, &chan->busy_work);
3012 3088
3013 return err; 3089 return err;
3014} 3090}
3015 3091
3016static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 3092static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3017{ 3093{
3018 struct l2cap_pinfo *pi = l2cap_pi(sk); 3094 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3019 struct sk_buff *_skb; 3095 struct sk_buff *_skb;
3020 int err = -EINVAL; 3096 int err = -EINVAL;
3021 3097
@@ -3026,80 +3102,80 @@ static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb,
3026 3102
3027 switch (control & L2CAP_CTRL_SAR) { 3103 switch (control & L2CAP_CTRL_SAR) {
3028 case L2CAP_SDU_UNSEGMENTED: 3104 case L2CAP_SDU_UNSEGMENTED:
3029 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3105 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3030 kfree_skb(pi->sdu); 3106 kfree_skb(chan->sdu);
3031 break; 3107 break;
3032 } 3108 }
3033 3109
3034 err = sock_queue_rcv_skb(sk, skb); 3110 err = sock_queue_rcv_skb(chan->sk, skb);
3035 if (!err) 3111 if (!err)
3036 return 0; 3112 return 0;
3037 3113
3038 break; 3114 break;
3039 3115
3040 case L2CAP_SDU_START: 3116 case L2CAP_SDU_START:
3041 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3117 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3042 kfree_skb(pi->sdu); 3118 kfree_skb(chan->sdu);
3043 break; 3119 break;
3044 } 3120 }
3045 3121
3046 pi->sdu_len = get_unaligned_le16(skb->data); 3122 chan->sdu_len = get_unaligned_le16(skb->data);
3047 skb_pull(skb, 2); 3123 skb_pull(skb, 2);
3048 3124
3049 if (pi->sdu_len > pi->imtu) { 3125 if (chan->sdu_len > pi->imtu) {
3050 err = -EMSGSIZE; 3126 err = -EMSGSIZE;
3051 break; 3127 break;
3052 } 3128 }
3053 3129
3054 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3130 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3055 if (!pi->sdu) { 3131 if (!chan->sdu) {
3056 err = -ENOMEM; 3132 err = -ENOMEM;
3057 break; 3133 break;
3058 } 3134 }
3059 3135
3060 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3136 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3061 3137
3062 pi->conn_state |= L2CAP_CONN_SAR_SDU; 3138 chan->conn_state |= L2CAP_CONN_SAR_SDU;
3063 pi->partial_sdu_len = skb->len; 3139 chan->partial_sdu_len = skb->len;
3064 err = 0; 3140 err = 0;
3065 break; 3141 break;
3066 3142
3067 case L2CAP_SDU_CONTINUE: 3143 case L2CAP_SDU_CONTINUE:
3068 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3144 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3069 break; 3145 break;
3070 3146
3071 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3147 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3072 3148
3073 pi->partial_sdu_len += skb->len; 3149 chan->partial_sdu_len += skb->len;
3074 if (pi->partial_sdu_len > pi->sdu_len) 3150 if (chan->partial_sdu_len > chan->sdu_len)
3075 kfree_skb(pi->sdu); 3151 kfree_skb(chan->sdu);
3076 else 3152 else
3077 err = 0; 3153 err = 0;
3078 3154
3079 break; 3155 break;
3080 3156
3081 case L2CAP_SDU_END: 3157 case L2CAP_SDU_END:
3082 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3158 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3083 break; 3159 break;
3084 3160
3085 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3161 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3086 3162
3087 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 3163 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3088 pi->partial_sdu_len += skb->len; 3164 chan->partial_sdu_len += skb->len;
3089 3165
3090 if (pi->partial_sdu_len > pi->imtu) 3166 if (chan->partial_sdu_len > pi->imtu)
3091 goto drop; 3167 goto drop;
3092 3168
3093 if (pi->partial_sdu_len == pi->sdu_len) { 3169 if (chan->partial_sdu_len == chan->sdu_len) {
3094 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 3170 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
3095 err = sock_queue_rcv_skb(sk, _skb); 3171 err = sock_queue_rcv_skb(chan->sk, _skb);
3096 if (err < 0) 3172 if (err < 0)
3097 kfree_skb(_skb); 3173 kfree_skb(_skb);
3098 } 3174 }
3099 err = 0; 3175 err = 0;
3100 3176
3101drop: 3177drop:
3102 kfree_skb(pi->sdu); 3178 kfree_skb(chan->sdu);
3103 break; 3179 break;
3104 } 3180 }
3105 3181
@@ -3107,31 +3183,30 @@ drop:
3107 return err; 3183 return err;
3108} 3184}
3109 3185
3110static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) 3186static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
3111{ 3187{
3112 struct sk_buff *skb; 3188 struct sk_buff *skb;
3113 u16 control; 3189 u16 control;
3114 3190
3115 while ((skb = skb_peek(SREJ_QUEUE(sk)))) { 3191 while ((skb = skb_peek(&chan->srej_q))) {
3116 if (bt_cb(skb)->tx_seq != tx_seq) 3192 if (bt_cb(skb)->tx_seq != tx_seq)
3117 break; 3193 break;
3118 3194
3119 skb = skb_dequeue(SREJ_QUEUE(sk)); 3195 skb = skb_dequeue(&chan->srej_q);
3120 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 3196 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3121 l2cap_ertm_reassembly_sdu(sk, skb, control); 3197 l2cap_ertm_reassembly_sdu(chan, skb, control);
3122 l2cap_pi(sk)->buffer_seq_srej = 3198 chan->buffer_seq_srej =
3123 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3199 (chan->buffer_seq_srej + 1) % 64;
3124 tx_seq = (tx_seq + 1) % 64; 3200 tx_seq = (tx_seq + 1) % 64;
3125 } 3201 }
3126} 3202}
3127 3203
3128static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq) 3204static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3129{ 3205{
3130 struct l2cap_pinfo *pi = l2cap_pi(sk);
3131 struct srej_list *l, *tmp; 3206 struct srej_list *l, *tmp;
3132 u16 control; 3207 u16 control;
3133 3208
3134 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 3209 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
3135 if (l->tx_seq == tx_seq) { 3210 if (l->tx_seq == tx_seq) {
3136 list_del(&l->list); 3211 list_del(&l->list);
3137 kfree(l); 3212 kfree(l);
@@ -3139,34 +3214,33 @@ static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3139 } 3214 }
3140 control = L2CAP_SUPER_SELECT_REJECT; 3215 control = L2CAP_SUPER_SELECT_REJECT;
3141 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3216 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3142 l2cap_send_sframe(pi, control); 3217 l2cap_send_sframe(chan, control);
3143 list_del(&l->list); 3218 list_del(&l->list);
3144 list_add_tail(&l->list, SREJ_LIST(sk)); 3219 list_add_tail(&l->list, &chan->srej_l);
3145 } 3220 }
3146} 3221}
3147 3222
3148static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq) 3223static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3149{ 3224{
3150 struct l2cap_pinfo *pi = l2cap_pi(sk);
3151 struct srej_list *new; 3225 struct srej_list *new;
3152 u16 control; 3226 u16 control;
3153 3227
3154 while (tx_seq != pi->expected_tx_seq) { 3228 while (tx_seq != chan->expected_tx_seq) {
3155 control = L2CAP_SUPER_SELECT_REJECT; 3229 control = L2CAP_SUPER_SELECT_REJECT;
3156 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3230 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3157 l2cap_send_sframe(pi, control); 3231 l2cap_send_sframe(chan, control);
3158 3232
3159 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3233 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3160 new->tx_seq = pi->expected_tx_seq; 3234 new->tx_seq = chan->expected_tx_seq;
3161 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3235 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3162 list_add_tail(&new->list, SREJ_LIST(sk)); 3236 list_add_tail(&new->list, &chan->srej_l);
3163 } 3237 }
3164 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3238 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3165} 3239}
3166 3240
3167static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3241static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3168{ 3242{
3169 struct l2cap_pinfo *pi = l2cap_pi(sk); 3243 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3170 u8 tx_seq = __get_txseq(rx_control); 3244 u8 tx_seq = __get_txseq(rx_control);
3171 u8 req_seq = __get_reqseq(rx_control); 3245 u8 req_seq = __get_reqseq(rx_control);
3172 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3246 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
@@ -3174,72 +3248,72 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3174 int num_to_ack = (pi->tx_win/6) + 1; 3248 int num_to_ack = (pi->tx_win/6) + 1;
3175 int err = 0; 3249 int err = 0;
3176 3250
3177 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq, 3251 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3178 rx_control); 3252 tx_seq, rx_control);
3179 3253
3180 if (L2CAP_CTRL_FINAL & rx_control && 3254 if (L2CAP_CTRL_FINAL & rx_control &&
3181 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3255 chan->conn_state & L2CAP_CONN_WAIT_F) {
3182 del_timer(&pi->monitor_timer); 3256 del_timer(&chan->monitor_timer);
3183 if (pi->unacked_frames > 0) 3257 if (chan->unacked_frames > 0)
3184 __mod_retrans_timer(); 3258 __mod_retrans_timer();
3185 pi->conn_state &= ~L2CAP_CONN_WAIT_F; 3259 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3186 } 3260 }
3187 3261
3188 pi->expected_ack_seq = req_seq; 3262 chan->expected_ack_seq = req_seq;
3189 l2cap_drop_acked_frames(sk); 3263 l2cap_drop_acked_frames(chan);
3190 3264
3191 if (tx_seq == pi->expected_tx_seq) 3265 if (tx_seq == chan->expected_tx_seq)
3192 goto expected; 3266 goto expected;
3193 3267
3194 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 3268 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
3195 if (tx_seq_offset < 0) 3269 if (tx_seq_offset < 0)
3196 tx_seq_offset += 64; 3270 tx_seq_offset += 64;
3197 3271
3198 /* invalid tx_seq */ 3272 /* invalid tx_seq */
3199 if (tx_seq_offset >= pi->tx_win) { 3273 if (tx_seq_offset >= pi->tx_win) {
3200 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3274 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3201 goto drop; 3275 goto drop;
3202 } 3276 }
3203 3277
3204 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY) 3278 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
3205 goto drop; 3279 goto drop;
3206 3280
3207 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3281 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3208 struct srej_list *first; 3282 struct srej_list *first;
3209 3283
3210 first = list_first_entry(SREJ_LIST(sk), 3284 first = list_first_entry(&chan->srej_l,
3211 struct srej_list, list); 3285 struct srej_list, list);
3212 if (tx_seq == first->tx_seq) { 3286 if (tx_seq == first->tx_seq) {
3213 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3287 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3214 l2cap_check_srej_gap(sk, tx_seq); 3288 l2cap_check_srej_gap(chan, tx_seq);
3215 3289
3216 list_del(&first->list); 3290 list_del(&first->list);
3217 kfree(first); 3291 kfree(first);
3218 3292
3219 if (list_empty(SREJ_LIST(sk))) { 3293 if (list_empty(&chan->srej_l)) {
3220 pi->buffer_seq = pi->buffer_seq_srej; 3294 chan->buffer_seq = chan->buffer_seq_srej;
3221 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3295 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3222 l2cap_send_ack(pi); 3296 l2cap_send_ack(chan);
3223 BT_DBG("sk %p, Exit SREJ_SENT", sk); 3297 BT_DBG("chan %p, Exit SREJ_SENT", chan);
3224 } 3298 }
3225 } else { 3299 } else {
3226 struct srej_list *l; 3300 struct srej_list *l;
3227 3301
3228 /* duplicated tx_seq */ 3302 /* duplicated tx_seq */
3229 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0) 3303 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
3230 goto drop; 3304 goto drop;
3231 3305
3232 list_for_each_entry(l, SREJ_LIST(sk), list) { 3306 list_for_each_entry(l, &chan->srej_l, list) {
3233 if (l->tx_seq == tx_seq) { 3307 if (l->tx_seq == tx_seq) {
3234 l2cap_resend_srejframe(sk, tx_seq); 3308 l2cap_resend_srejframe(chan, tx_seq);
3235 return 0; 3309 return 0;
3236 } 3310 }
3237 } 3311 }
3238 l2cap_send_srejframe(sk, tx_seq); 3312 l2cap_send_srejframe(chan, tx_seq);
3239 } 3313 }
3240 } else { 3314 } else {
3241 expected_tx_seq_offset = 3315 expected_tx_seq_offset =
3242 (pi->expected_tx_seq - pi->buffer_seq) % 64; 3316 (chan->expected_tx_seq - chan->buffer_seq) % 64;
3243 if (expected_tx_seq_offset < 0) 3317 if (expected_tx_seq_offset < 0)
3244 expected_tx_seq_offset += 64; 3318 expected_tx_seq_offset += 64;
3245 3319
@@ -3247,51 +3321,51 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3247 if (tx_seq_offset < expected_tx_seq_offset) 3321 if (tx_seq_offset < expected_tx_seq_offset)
3248 goto drop; 3322 goto drop;
3249 3323
3250 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 3324 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
3251 3325
3252 BT_DBG("sk %p, Enter SREJ", sk); 3326 BT_DBG("chan %p, Enter SREJ", chan);
3253 3327
3254 INIT_LIST_HEAD(SREJ_LIST(sk)); 3328 INIT_LIST_HEAD(&chan->srej_l);
3255 pi->buffer_seq_srej = pi->buffer_seq; 3329 chan->buffer_seq_srej = chan->buffer_seq;
3256 3330
3257 __skb_queue_head_init(SREJ_QUEUE(sk)); 3331 __skb_queue_head_init(&chan->srej_q);
3258 __skb_queue_head_init(BUSY_QUEUE(sk)); 3332 __skb_queue_head_init(&chan->busy_q);
3259 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3333 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3260 3334
3261 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 3335 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
3262 3336
3263 l2cap_send_srejframe(sk, tx_seq); 3337 l2cap_send_srejframe(chan, tx_seq);
3264 3338
3265 del_timer(&pi->ack_timer); 3339 del_timer(&chan->ack_timer);
3266 } 3340 }
3267 return 0; 3341 return 0;
3268 3342
3269expected: 3343expected:
3270 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3344 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3271 3345
3272 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3346 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3273 bt_cb(skb)->tx_seq = tx_seq; 3347 bt_cb(skb)->tx_seq = tx_seq;
3274 bt_cb(skb)->sar = sar; 3348 bt_cb(skb)->sar = sar;
3275 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3349 __skb_queue_tail(&chan->srej_q, skb);
3276 return 0; 3350 return 0;
3277 } 3351 }
3278 3352
3279 err = l2cap_push_rx_skb(sk, skb, rx_control); 3353 err = l2cap_push_rx_skb(chan, skb, rx_control);
3280 if (err < 0) 3354 if (err < 0)
3281 return 0; 3355 return 0;
3282 3356
3283 if (rx_control & L2CAP_CTRL_FINAL) { 3357 if (rx_control & L2CAP_CTRL_FINAL) {
3284 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3358 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3285 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3359 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3286 else 3360 else
3287 l2cap_retransmit_frames(sk); 3361 l2cap_retransmit_frames(chan);
3288 } 3362 }
3289 3363
3290 __mod_ack_timer(); 3364 __mod_ack_timer();
3291 3365
3292 pi->num_acked = (pi->num_acked + 1) % num_to_ack; 3366 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3293 if (pi->num_acked == num_to_ack - 1) 3367 if (chan->num_acked == num_to_ack - 1)
3294 l2cap_send_ack(pi); 3368 l2cap_send_ack(chan);
3295 3369
3296 return 0; 3370 return 0;
3297 3371
@@ -3300,165 +3374,160 @@ drop:
3300 return 0; 3374 return 0;
3301} 3375}
3302 3376
3303static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) 3377static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
3304{ 3378{
3305 struct l2cap_pinfo *pi = l2cap_pi(sk); 3379 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
3306
3307 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3308 rx_control); 3380 rx_control);
3309 3381
3310 pi->expected_ack_seq = __get_reqseq(rx_control); 3382 chan->expected_ack_seq = __get_reqseq(rx_control);
3311 l2cap_drop_acked_frames(sk); 3383 l2cap_drop_acked_frames(chan);
3312 3384
3313 if (rx_control & L2CAP_CTRL_POLL) { 3385 if (rx_control & L2CAP_CTRL_POLL) {
3314 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3386 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3315 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3387 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3316 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3388 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3317 (pi->unacked_frames > 0)) 3389 (chan->unacked_frames > 0))
3318 __mod_retrans_timer(); 3390 __mod_retrans_timer();
3319 3391
3320 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3392 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3321 l2cap_send_srejtail(sk); 3393 l2cap_send_srejtail(chan);
3322 } else { 3394 } else {
3323 l2cap_send_i_or_rr_or_rnr(sk); 3395 l2cap_send_i_or_rr_or_rnr(chan);
3324 } 3396 }
3325 3397
3326 } else if (rx_control & L2CAP_CTRL_FINAL) { 3398 } else if (rx_control & L2CAP_CTRL_FINAL) {
3327 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3399 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3328 3400
3329 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3401 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3330 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3402 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3331 else 3403 else
3332 l2cap_retransmit_frames(sk); 3404 l2cap_retransmit_frames(chan);
3333 3405
3334 } else { 3406 } else {
3335 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3407 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3336 (pi->unacked_frames > 0)) 3408 (chan->unacked_frames > 0))
3337 __mod_retrans_timer(); 3409 __mod_retrans_timer();
3338 3410
3339 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3411 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3340 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) 3412 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3341 l2cap_send_ack(pi); 3413 l2cap_send_ack(chan);
3342 else 3414 else
3343 l2cap_ertm_send(sk); 3415 l2cap_ertm_send(chan);
3344 } 3416 }
3345} 3417}
3346 3418
3347static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) 3419static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
3348{ 3420{
3349 struct l2cap_pinfo *pi = l2cap_pi(sk);
3350 u8 tx_seq = __get_reqseq(rx_control); 3421 u8 tx_seq = __get_reqseq(rx_control);
3351 3422
3352 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3423 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3353 3424
3354 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3425 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3355 3426
3356 pi->expected_ack_seq = tx_seq; 3427 chan->expected_ack_seq = tx_seq;
3357 l2cap_drop_acked_frames(sk); 3428 l2cap_drop_acked_frames(chan);
3358 3429
3359 if (rx_control & L2CAP_CTRL_FINAL) { 3430 if (rx_control & L2CAP_CTRL_FINAL) {
3360 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3431 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3361 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3432 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3362 else 3433 else
3363 l2cap_retransmit_frames(sk); 3434 l2cap_retransmit_frames(chan);
3364 } else { 3435 } else {
3365 l2cap_retransmit_frames(sk); 3436 l2cap_retransmit_frames(chan);
3366 3437
3367 if (pi->conn_state & L2CAP_CONN_WAIT_F) 3438 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3368 pi->conn_state |= L2CAP_CONN_REJ_ACT; 3439 chan->conn_state |= L2CAP_CONN_REJ_ACT;
3369 } 3440 }
3370} 3441}
3371static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control) 3442static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
3372{ 3443{
3373 struct l2cap_pinfo *pi = l2cap_pi(sk);
3374 u8 tx_seq = __get_reqseq(rx_control); 3444 u8 tx_seq = __get_reqseq(rx_control);
3375 3445
3376 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3446 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3377 3447
3378 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3448 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3379 3449
3380 if (rx_control & L2CAP_CTRL_POLL) { 3450 if (rx_control & L2CAP_CTRL_POLL) {
3381 pi->expected_ack_seq = tx_seq; 3451 chan->expected_ack_seq = tx_seq;
3382 l2cap_drop_acked_frames(sk); 3452 l2cap_drop_acked_frames(chan);
3383 3453
3384 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3454 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3385 l2cap_retransmit_one_frame(sk, tx_seq); 3455 l2cap_retransmit_one_frame(chan, tx_seq);
3386 3456
3387 l2cap_ertm_send(sk); 3457 l2cap_ertm_send(chan);
3388 3458
3389 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3459 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3390 pi->srej_save_reqseq = tx_seq; 3460 chan->srej_save_reqseq = tx_seq;
3391 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3461 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3392 } 3462 }
3393 } else if (rx_control & L2CAP_CTRL_FINAL) { 3463 } else if (rx_control & L2CAP_CTRL_FINAL) {
3394 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) && 3464 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
3395 pi->srej_save_reqseq == tx_seq) 3465 chan->srej_save_reqseq == tx_seq)
3396 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT; 3466 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3397 else 3467 else
3398 l2cap_retransmit_one_frame(sk, tx_seq); 3468 l2cap_retransmit_one_frame(chan, tx_seq);
3399 } else { 3469 } else {
3400 l2cap_retransmit_one_frame(sk, tx_seq); 3470 l2cap_retransmit_one_frame(chan, tx_seq);
3401 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3471 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3402 pi->srej_save_reqseq = tx_seq; 3472 chan->srej_save_reqseq = tx_seq;
3403 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3473 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3404 } 3474 }
3405 } 3475 }
3406} 3476}
3407 3477
3408static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control) 3478static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
3409{ 3479{
3410 struct l2cap_pinfo *pi = l2cap_pi(sk);
3411 u8 tx_seq = __get_reqseq(rx_control); 3480 u8 tx_seq = __get_reqseq(rx_control);
3412 3481
3413 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3482 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3414 3483
3415 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 3484 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3416 pi->expected_ack_seq = tx_seq; 3485 chan->expected_ack_seq = tx_seq;
3417 l2cap_drop_acked_frames(sk); 3486 l2cap_drop_acked_frames(chan);
3418 3487
3419 if (rx_control & L2CAP_CTRL_POLL) 3488 if (rx_control & L2CAP_CTRL_POLL)
3420 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3489 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3421 3490
3422 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) { 3491 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
3423 del_timer(&pi->retrans_timer); 3492 del_timer(&chan->retrans_timer);
3424 if (rx_control & L2CAP_CTRL_POLL) 3493 if (rx_control & L2CAP_CTRL_POLL)
3425 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL); 3494 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
3426 return; 3495 return;
3427 } 3496 }
3428 3497
3429 if (rx_control & L2CAP_CTRL_POLL) 3498 if (rx_control & L2CAP_CTRL_POLL)
3430 l2cap_send_srejtail(sk); 3499 l2cap_send_srejtail(chan);
3431 else 3500 else
3432 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY); 3501 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
3433} 3502}
3434 3503
3435static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3504static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3436{ 3505{
3437 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3506 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
3438 3507
3439 if (L2CAP_CTRL_FINAL & rx_control && 3508 if (L2CAP_CTRL_FINAL & rx_control &&
3440 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3509 chan->conn_state & L2CAP_CONN_WAIT_F) {
3441 del_timer(&l2cap_pi(sk)->monitor_timer); 3510 del_timer(&chan->monitor_timer);
3442 if (l2cap_pi(sk)->unacked_frames > 0) 3511 if (chan->unacked_frames > 0)
3443 __mod_retrans_timer(); 3512 __mod_retrans_timer();
3444 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F; 3513 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3445 } 3514 }
3446 3515
3447 switch (rx_control & L2CAP_CTRL_SUPERVISE) { 3516 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3448 case L2CAP_SUPER_RCV_READY: 3517 case L2CAP_SUPER_RCV_READY:
3449 l2cap_data_channel_rrframe(sk, rx_control); 3518 l2cap_data_channel_rrframe(chan, rx_control);
3450 break; 3519 break;
3451 3520
3452 case L2CAP_SUPER_REJECT: 3521 case L2CAP_SUPER_REJECT:
3453 l2cap_data_channel_rejframe(sk, rx_control); 3522 l2cap_data_channel_rejframe(chan, rx_control);
3454 break; 3523 break;
3455 3524
3456 case L2CAP_SUPER_SELECT_REJECT: 3525 case L2CAP_SUPER_SELECT_REJECT:
3457 l2cap_data_channel_srejframe(sk, rx_control); 3526 l2cap_data_channel_srejframe(chan, rx_control);
3458 break; 3527 break;
3459 3528
3460 case L2CAP_SUPER_RCV_NOT_READY: 3529 case L2CAP_SUPER_RCV_NOT_READY:
3461 l2cap_data_channel_rnrframe(sk, rx_control); 3530 l2cap_data_channel_rnrframe(chan, rx_control);
3462 break; 3531 break;
3463 } 3532 }
3464 3533
@@ -3468,6 +3537,7 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3468 3537
3469static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 3538static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3470{ 3539{
3540 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3471 struct l2cap_pinfo *pi = l2cap_pi(sk); 3541 struct l2cap_pinfo *pi = l2cap_pi(sk);
3472 u16 control; 3542 u16 control;
3473 u8 req_seq; 3543 u8 req_seq;
@@ -3492,41 +3562,41 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3492 len -= 2; 3562 len -= 2;
3493 3563
3494 if (len > pi->mps) { 3564 if (len > pi->mps) {
3495 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3565 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3496 goto drop; 3566 goto drop;
3497 } 3567 }
3498 3568
3499 req_seq = __get_reqseq(control); 3569 req_seq = __get_reqseq(control);
3500 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64; 3570 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
3501 if (req_seq_offset < 0) 3571 if (req_seq_offset < 0)
3502 req_seq_offset += 64; 3572 req_seq_offset += 64;
3503 3573
3504 next_tx_seq_offset = 3574 next_tx_seq_offset =
3505 (pi->next_tx_seq - pi->expected_ack_seq) % 64; 3575 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
3506 if (next_tx_seq_offset < 0) 3576 if (next_tx_seq_offset < 0)
3507 next_tx_seq_offset += 64; 3577 next_tx_seq_offset += 64;
3508 3578
3509 /* check for invalid req-seq */ 3579 /* check for invalid req-seq */
3510 if (req_seq_offset > next_tx_seq_offset) { 3580 if (req_seq_offset > next_tx_seq_offset) {
3511 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3581 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3512 goto drop; 3582 goto drop;
3513 } 3583 }
3514 3584
3515 if (__is_iframe(control)) { 3585 if (__is_iframe(control)) {
3516 if (len < 0) { 3586 if (len < 0) {
3517 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3587 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3518 goto drop; 3588 goto drop;
3519 } 3589 }
3520 3590
3521 l2cap_data_channel_iframe(sk, control, skb); 3591 l2cap_data_channel_iframe(chan, control, skb);
3522 } else { 3592 } else {
3523 if (len != 0) { 3593 if (len != 0) {
3524 BT_ERR("%d", len); 3594 BT_ERR("%d", len);
3525 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3595 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3526 goto drop; 3596 goto drop;
3527 } 3597 }
3528 3598
3529 l2cap_data_channel_sframe(sk, control, skb); 3599 l2cap_data_channel_sframe(chan, control, skb);
3530 } 3600 }
3531 3601
3532 return 0; 3602 return 0;
@@ -3538,21 +3608,23 @@ drop:
3538 3608
3539static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 3609static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3540{ 3610{
3611 struct l2cap_chan *chan;
3541 struct sock *sk; 3612 struct sock *sk;
3542 struct l2cap_pinfo *pi; 3613 struct l2cap_pinfo *pi;
3543 u16 control; 3614 u16 control;
3544 u8 tx_seq; 3615 u8 tx_seq;
3545 int len; 3616 int len;
3546 3617
3547 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3618 chan = l2cap_get_chan_by_scid(conn, cid);
3548 if (!sk) { 3619 if (!chan) {
3549 BT_DBG("unknown cid 0x%4.4x", cid); 3620 BT_DBG("unknown cid 0x%4.4x", cid);
3550 goto drop; 3621 goto drop;
3551 } 3622 }
3552 3623
3624 sk = chan->sk;
3553 pi = l2cap_pi(sk); 3625 pi = l2cap_pi(sk);
3554 3626
3555 BT_DBG("sk %p, len %d", sk, skb->len); 3627 BT_DBG("chan %p, len %d", chan, skb->len);
3556 3628
3557 if (sk->sk_state != BT_CONNECTED) 3629 if (sk->sk_state != BT_CONNECTED)
3558 goto drop; 3630 goto drop;
@@ -3600,17 +3672,17 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3600 3672
3601 tx_seq = __get_txseq(control); 3673 tx_seq = __get_txseq(control);
3602 3674
3603 if (pi->expected_tx_seq == tx_seq) 3675 if (chan->expected_tx_seq == tx_seq)
3604 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3676 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3605 else 3677 else
3606 pi->expected_tx_seq = (tx_seq + 1) % 64; 3678 chan->expected_tx_seq = (tx_seq + 1) % 64;
3607 3679
3608 l2cap_streaming_reassembly_sdu(sk, skb, control); 3680 l2cap_streaming_reassembly_sdu(chan, skb, control);
3609 3681
3610 goto done; 3682 goto done;
3611 3683
3612 default: 3684 default:
3613 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode); 3685 BT_DBG("chan %p: bad mode 0x%2.2x", chan, pi->mode);
3614 break; 3686 break;
3615 } 3687 }
3616 3688
@@ -3654,6 +3726,36 @@ done:
3654 return 0; 3726 return 0;
3655} 3727}
3656 3728
3729static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3730{
3731 struct sock *sk;
3732
3733 sk = l2cap_get_sock_by_scid(0, cid, conn->src);
3734 if (!sk)
3735 goto drop;
3736
3737 bh_lock_sock(sk);
3738
3739 BT_DBG("sk %p, len %d", sk, skb->len);
3740
3741 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3742 goto drop;
3743
3744 if (l2cap_pi(sk)->imtu < skb->len)
3745 goto drop;
3746
3747 if (!sock_queue_rcv_skb(sk, skb))
3748 goto done;
3749
3750drop:
3751 kfree_skb(skb);
3752
3753done:
3754 if (sk)
3755 bh_unlock_sock(sk);
3756 return 0;
3757}
3758
3657static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) 3759static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3658{ 3760{
3659 struct l2cap_hdr *lh = (void *) skb->data; 3761 struct l2cap_hdr *lh = (void *) skb->data;
@@ -3683,6 +3785,10 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3683 l2cap_conless_channel(conn, psm, skb); 3785 l2cap_conless_channel(conn, psm, skb);
3684 break; 3786 break;
3685 3787
3788 case L2CAP_CID_LE_DATA:
3789 l2cap_att_channel(conn, cid, skb);
3790 break;
3791
3686 default: 3792 default:
3687 l2cap_data_channel(conn, cid, skb); 3793 l2cap_data_channel(conn, cid, skb);
3688 break; 3794 break;
@@ -3786,20 +3892,19 @@ static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3786 3892
3787static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) 3893static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3788{ 3894{
3789 struct l2cap_chan_list *l;
3790 struct l2cap_conn *conn = hcon->l2cap_data; 3895 struct l2cap_conn *conn = hcon->l2cap_data;
3791 struct sock *sk; 3896 struct l2cap_chan *chan;
3792 3897
3793 if (!conn) 3898 if (!conn)
3794 return 0; 3899 return 0;
3795 3900
3796 l = &conn->chan_list;
3797
3798 BT_DBG("conn %p", conn); 3901 BT_DBG("conn %p", conn);
3799 3902
3800 read_lock(&l->lock); 3903 read_lock(&conn->chan_lock);
3904
3905 list_for_each_entry(chan, &conn->chan_l, list) {
3906 struct sock *sk = chan->sk;
3801 3907
3802 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3803 bh_lock_sock(sk); 3908 bh_lock_sock(sk);
3804 3909
3805 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { 3910 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
@@ -3820,10 +3925,10 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3820 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 3925 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3821 req.psm = l2cap_pi(sk)->psm; 3926 req.psm = l2cap_pi(sk)->psm;
3822 3927
3823 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 3928 chan->ident = l2cap_get_ident(conn);
3824 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 3929 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3825 3930
3826 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3931 l2cap_send_cmd(conn, chan->ident,
3827 L2CAP_CONN_REQ, sizeof(req), &req); 3932 L2CAP_CONN_REQ, sizeof(req), &req);
3828 } else { 3933 } else {
3829 l2cap_sock_clear_timer(sk); 3934 l2cap_sock_clear_timer(sk);
@@ -3846,14 +3951,14 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3846 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 3951 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3847 rsp.result = cpu_to_le16(result); 3952 rsp.result = cpu_to_le16(result);
3848 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3953 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3849 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3954 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
3850 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3955 sizeof(rsp), &rsp);
3851 } 3956 }
3852 3957
3853 bh_unlock_sock(sk); 3958 bh_unlock_sock(sk);
3854 } 3959 }
3855 3960
3856 read_unlock(&l->lock); 3961 read_unlock(&conn->chan_lock);
3857 3962
3858 return 0; 3963 return 0;
3859} 3964}
@@ -3872,7 +3977,7 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3872 3977
3873 if (!(flags & ACL_CONT)) { 3978 if (!(flags & ACL_CONT)) {
3874 struct l2cap_hdr *hdr; 3979 struct l2cap_hdr *hdr;
3875 struct sock *sk; 3980 struct l2cap_chan *chan;
3876 u16 cid; 3981 u16 cid;
3877 int len; 3982 int len;
3878 3983
@@ -3910,18 +4015,21 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3910 goto drop; 4015 goto drop;
3911 } 4016 }
3912 4017
3913 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4018 chan = l2cap_get_chan_by_scid(conn, cid);
3914 4019
3915 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) { 4020 if (chan && chan->sk) {
3916 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)", 4021 struct sock *sk = chan->sk;
3917 len, l2cap_pi(sk)->imtu);
3918 bh_unlock_sock(sk);
3919 l2cap_conn_unreliable(conn, ECOMM);
3920 goto drop;
3921 }
3922 4022
3923 if (sk) 4023 if (l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
4024 BT_ERR("Frame exceeding recv MTU (len %d, "
4025 "MTU %d)", len,
4026 l2cap_pi(sk)->imtu);
4027 bh_unlock_sock(sk);
4028 l2cap_conn_unreliable(conn, ECOMM);
4029 goto drop;
4030 }
3924 bh_unlock_sock(sk); 4031 bh_unlock_sock(sk);
4032 }
3925 4033
3926 /* Allocate skb for the complete frame (with header) */ 4034 /* Allocate skb for the complete frame (with header) */
3927 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 4035 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 299fe56a9668..47394a178bd5 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -269,7 +269,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
269 goto done; 269 goto done;
270 } 270 }
271 271
272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->dcid) { 272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->scid) {
273 bdaddr_t *src = &bt_sk(sk)->src; 273 bdaddr_t *src = &bt_sk(sk)->src;
274 u16 psm; 274 u16 psm;
275 275
@@ -757,35 +757,37 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
757 case L2CAP_MODE_ERTM: 757 case L2CAP_MODE_ERTM:
758 case L2CAP_MODE_STREAMING: 758 case L2CAP_MODE_STREAMING:
759 /* Entire SDU fits into one PDU */ 759 /* Entire SDU fits into one PDU */
760 if (len <= pi->remote_mps) { 760 if (len <= pi->chan->remote_mps) {
761 control = L2CAP_SDU_UNSEGMENTED; 761 control = L2CAP_SDU_UNSEGMENTED;
762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
763 if (IS_ERR(skb)) { 763 if (IS_ERR(skb)) {
764 err = PTR_ERR(skb); 764 err = PTR_ERR(skb);
765 goto done; 765 goto done;
766 } 766 }
767 __skb_queue_tail(TX_QUEUE(sk), skb); 767 __skb_queue_tail(&pi->chan->tx_q, skb);
768 768
769 if (sk->sk_send_head == NULL) 769 if (pi->chan->tx_send_head == NULL)
770 sk->sk_send_head = skb; 770 pi->chan->tx_send_head = skb;
771 771
772 } else { 772 } else {
773 /* Segment SDU into multiples PDUs */ 773 /* Segment SDU into multiples PDUs */
774 err = l2cap_sar_segment_sdu(sk, msg, len); 774 err = l2cap_sar_segment_sdu(pi->chan, msg, len);
775 if (err < 0) 775 if (err < 0)
776 goto done; 776 goto done;
777 } 777 }
778 778
779 if (pi->mode == L2CAP_MODE_STREAMING) { 779 if (pi->mode == L2CAP_MODE_STREAMING) {
780 l2cap_streaming_send(sk); 780 l2cap_streaming_send(pi->chan);
781 } else { 781 err = len;
782 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 782 break;
783 (pi->conn_state & L2CAP_CONN_WAIT_F)) { 783 }
784 err = len; 784
785 break; 785 if ((pi->chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
786 } 786 (pi->chan->conn_state & L2CAP_CONN_WAIT_F)) {
787 err = l2cap_ertm_send(sk); 787 err = len;
788 break;
788 } 789 }
790 err = l2cap_ertm_send(pi->chan);
789 791
790 if (err >= 0) 792 if (err >= 0)
791 err = len; 793 err = len;
@@ -808,29 +810,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
808 lock_sock(sk); 810 lock_sock(sk);
809 811
810 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 812 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
811 struct l2cap_conn_rsp rsp; 813 __l2cap_connect_rsp_defer(sk);
812 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
813 u8 buf[128];
814
815 sk->sk_state = BT_CONFIG;
816
817 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
818 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
819 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
820 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
821 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
822 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
823
824 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
825 release_sock(sk);
826 return 0;
827 }
828
829 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
831 l2cap_build_conf_req(sk, buf), buf);
832 l2cap_pi(sk)->num_conf_req++;
833
834 release_sock(sk); 814 release_sock(sk);
835 return 0; 815 return 0;
836 } 816 }
@@ -886,6 +866,7 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
886void __l2cap_sock_close(struct sock *sk, int reason) 866void __l2cap_sock_close(struct sock *sk, int reason)
887{ 867{
888 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 868 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
869 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
889 870
890 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 871 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
891 872
@@ -900,9 +881,9 @@ void __l2cap_sock_close(struct sock *sk, int reason)
900 sk->sk_type == SOCK_STREAM) && 881 sk->sk_type == SOCK_STREAM) &&
901 conn->hcon->type == ACL_LINK) { 882 conn->hcon->type == ACL_LINK) {
902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 883 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
903 l2cap_send_disconn_req(conn, sk, reason); 884 l2cap_send_disconn_req(conn, chan, reason);
904 } else 885 } else
905 l2cap_chan_del(sk, reason); 886 l2cap_chan_del(chan, reason);
906 break; 887 break;
907 888
908 case BT_CONNECT2: 889 case BT_CONNECT2:
@@ -921,16 +902,16 @@ void __l2cap_sock_close(struct sock *sk, int reason)
921 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 902 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
922 rsp.result = cpu_to_le16(result); 903 rsp.result = cpu_to_le16(result);
923 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 904 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
924 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 905 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
925 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 906 sizeof(rsp), &rsp);
926 } 907 }
927 908
928 l2cap_chan_del(sk, reason); 909 l2cap_chan_del(chan, reason);
929 break; 910 break;
930 911
931 case BT_CONNECT: 912 case BT_CONNECT:
932 case BT_DISCONN: 913 case BT_DISCONN:
933 l2cap_chan_del(sk, reason); 914 l2cap_chan_del(chan, reason);
934 break; 915 break;
935 916
936 default: 917 default:
@@ -1035,12 +1016,7 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
1035 } 1016 }
1036 1017
1037 /* Default config options */ 1018 /* Default config options */
1038 pi->conf_len = 0;
1039 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1019 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1040 skb_queue_head_init(TX_QUEUE(sk));
1041 skb_queue_head_init(SREJ_QUEUE(sk));
1042 skb_queue_head_init(BUSY_QUEUE(sk));
1043 INIT_LIST_HEAD(SREJ_LIST(sk));
1044} 1020}
1045 1021
1046static struct proto l2cap_proto = { 1022static struct proto l2cap_proto = {
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index bf5d28da46e6..a6d191f2a0fe 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -330,6 +330,7 @@ static void rate_idx_to_bitrate(struct rate_info *rate, struct sta_info *sta, in
330static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo) 330static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
331{ 331{
332 struct ieee80211_sub_if_data *sdata = sta->sdata; 332 struct ieee80211_sub_if_data *sdata = sta->sdata;
333 struct timespec uptime;
333 334
334 sinfo->generation = sdata->local->sta_generation; 335 sinfo->generation = sdata->local->sta_generation;
335 336
@@ -343,7 +344,11 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
343 STATION_INFO_TX_BITRATE | 344 STATION_INFO_TX_BITRATE |
344 STATION_INFO_RX_BITRATE | 345 STATION_INFO_RX_BITRATE |
345 STATION_INFO_RX_DROP_MISC | 346 STATION_INFO_RX_DROP_MISC |
346 STATION_INFO_BSS_PARAM; 347 STATION_INFO_BSS_PARAM |
348 STATION_INFO_CONNECTED_TIME;
349
350 do_posix_clock_monotonic_gettime(&uptime);
351 sinfo->connected_time = uptime.tv_sec - sta->last_connected;
347 352
348 sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx); 353 sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx);
349 sinfo->rx_bytes = sta->rx_bytes; 354 sinfo->rx_bytes = sta->rx_bytes;
@@ -686,6 +691,12 @@ static void sta_apply_parameters(struct ieee80211_local *local,
686 if (set & BIT(NL80211_STA_FLAG_MFP)) 691 if (set & BIT(NL80211_STA_FLAG_MFP))
687 sta->flags |= WLAN_STA_MFP; 692 sta->flags |= WLAN_STA_MFP;
688 } 693 }
694
695 if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED)) {
696 sta->flags &= ~WLAN_STA_AUTH;
697 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
698 sta->flags |= WLAN_STA_AUTH;
699 }
689 spin_unlock_irqrestore(&sta->flaglock, flags); 700 spin_unlock_irqrestore(&sta->flaglock, flags);
690 701
691 /* 702 /*
@@ -1034,26 +1045,26 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
1034 u8 *new_ie; 1045 u8 *new_ie;
1035 const u8 *old_ie; 1046 const u8 *old_ie;
1036 1047
1037 /* first allocate the new vendor information element */ 1048 /* allocate information elements */
1038 new_ie = NULL; 1049 new_ie = NULL;
1039 old_ie = ifmsh->vendor_ie; 1050 old_ie = ifmsh->ie;
1040 1051
1041 ifmsh->vendor_ie_len = setup->vendor_ie_len; 1052 if (setup->ie_len) {
1042 if (setup->vendor_ie_len) { 1053 new_ie = kmemdup(setup->ie, setup->ie_len,
1043 new_ie = kmemdup(setup->vendor_ie, setup->vendor_ie_len,
1044 GFP_KERNEL); 1054 GFP_KERNEL);
1045 if (!new_ie) 1055 if (!new_ie)
1046 return -ENOMEM; 1056 return -ENOMEM;
1047 } 1057 }
1058 ifmsh->ie_len = setup->ie_len;
1059 ifmsh->ie = new_ie;
1060 kfree(old_ie);
1048 1061
1049 /* now copy the rest of the setup parameters */ 1062 /* now copy the rest of the setup parameters */
1050 ifmsh->mesh_id_len = setup->mesh_id_len; 1063 ifmsh->mesh_id_len = setup->mesh_id_len;
1051 memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len); 1064 memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
1052 ifmsh->mesh_pp_id = setup->path_sel_proto; 1065 ifmsh->mesh_pp_id = setup->path_sel_proto;
1053 ifmsh->mesh_pm_id = setup->path_metric; 1066 ifmsh->mesh_pm_id = setup->path_metric;
1054 ifmsh->vendor_ie = new_ie; 1067 ifmsh->is_secure = setup->is_secure;
1055
1056 kfree(old_ie);
1057 1068
1058 return 0; 1069 return 0;
1059} 1070}
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index c04a1396cf8d..a01d2137fddc 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -92,6 +92,31 @@ static ssize_t sta_inactive_ms_read(struct file *file, char __user *userbuf,
92} 92}
93STA_OPS(inactive_ms); 93STA_OPS(inactive_ms);
94 94
95
96static ssize_t sta_connected_time_read(struct file *file, char __user *userbuf,
97 size_t count, loff_t *ppos)
98{
99 struct sta_info *sta = file->private_data;
100 struct timespec uptime;
101 struct tm result;
102 long connected_time_secs;
103 char buf[100];
104 int res;
105 do_posix_clock_monotonic_gettime(&uptime);
106 connected_time_secs = uptime.tv_sec - sta->last_connected;
107 time_to_tm(connected_time_secs, 0, &result);
108 result.tm_year -= 70;
109 result.tm_mday -= 1;
110 res = scnprintf(buf, sizeof(buf),
111 "years - %ld\nmonths - %d\ndays - %d\nclock - %d:%d:%d\n\n",
112 result.tm_year, result.tm_mon, result.tm_mday,
113 result.tm_hour, result.tm_min, result.tm_sec);
114 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
115}
116STA_OPS(connected_time);
117
118
119
95static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf, 120static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf,
96 size_t count, loff_t *ppos) 121 size_t count, loff_t *ppos)
97{ 122{
@@ -324,6 +349,7 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
324 DEBUGFS_ADD(flags); 349 DEBUGFS_ADD(flags);
325 DEBUGFS_ADD(num_ps_buf_frames); 350 DEBUGFS_ADD(num_ps_buf_frames);
326 DEBUGFS_ADD(inactive_ms); 351 DEBUGFS_ADD(inactive_ms);
352 DEBUGFS_ADD(connected_time);
327 DEBUGFS_ADD(last_seq_ctrl); 353 DEBUGFS_ADD(last_seq_ctrl);
328 DEBUGFS_ADD(agg_status); 354 DEBUGFS_ADD(agg_status);
329 DEBUGFS_ADD(dev); 355 DEBUGFS_ADD(dev);
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 9c0d62bb0ea3..00a0685f2403 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -552,4 +552,17 @@ static inline void drv_get_ringparam(struct ieee80211_local *local,
552 trace_drv_return_void(local); 552 trace_drv_return_void(local);
553} 553}
554 554
555static inline bool drv_tx_frames_pending(struct ieee80211_local *local)
556{
557 bool ret = false;
558
559 might_sleep();
560
561 trace_drv_tx_frames_pending(local);
562 if (local->ops->tx_frames_pending)
563 ret = local->ops->tx_frames_pending(&local->hw);
564 trace_drv_return_bool(local, ret);
565
566 return ret;
567}
555#endif /* __MAC80211_DRIVER_OPS */ 568#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 45aab80738e2..c8c934d48b7a 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -74,6 +74,21 @@ TRACE_EVENT(drv_return_int,
74 TP_printk(LOCAL_PR_FMT " - %d", LOCAL_PR_ARG, __entry->ret) 74 TP_printk(LOCAL_PR_FMT " - %d", LOCAL_PR_ARG, __entry->ret)
75); 75);
76 76
77TRACE_EVENT(drv_return_bool,
78 TP_PROTO(struct ieee80211_local *local, bool ret),
79 TP_ARGS(local, ret),
80 TP_STRUCT__entry(
81 LOCAL_ENTRY
82 __field(bool, ret)
83 ),
84 TP_fast_assign(
85 LOCAL_ASSIGN;
86 __entry->ret = ret;
87 ),
88 TP_printk(LOCAL_PR_FMT " - %s", LOCAL_PR_ARG, (__entry->ret) ?
89 "true" : "false")
90);
91
77TRACE_EVENT(drv_return_u64, 92TRACE_EVENT(drv_return_u64,
78 TP_PROTO(struct ieee80211_local *local, u64 ret), 93 TP_PROTO(struct ieee80211_local *local, u64 ret),
79 TP_ARGS(local, ret), 94 TP_ARGS(local, ret),
@@ -964,6 +979,11 @@ TRACE_EVENT(drv_get_ringparam,
964 ) 979 )
965); 980);
966 981
982DEFINE_EVENT(local_only_evt, drv_tx_frames_pending,
983 TP_PROTO(struct ieee80211_local *local),
984 TP_ARGS(local)
985);
986
967DEFINE_EVENT(local_only_evt, drv_offchannel_tx_cancel_wait, 987DEFINE_EVENT(local_only_evt, drv_offchannel_tx_cancel_wait,
968 TP_PROTO(struct ieee80211_local *local), 988 TP_PROTO(struct ieee80211_local *local),
969 TP_ARGS(local) 989 TP_ARGS(local)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 89ce1e329b5d..a77849970914 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -488,8 +488,9 @@ struct ieee80211_if_mesh {
488 struct mesh_config mshcfg; 488 struct mesh_config mshcfg;
489 u32 mesh_seqnum; 489 u32 mesh_seqnum;
490 bool accepting_plinks; 490 bool accepting_plinks;
491 const u8 *vendor_ie; 491 const u8 *ie;
492 u8 vendor_ie_len; 492 u8 ie_len;
493 bool is_secure;
493}; 494};
494 495
495#ifdef CONFIG_MAC80211_MESH 496#ifdef CONFIG_MAC80211_MESH
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index dc50fc3153e5..0ab2a8df312d 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -545,7 +545,9 @@ ieee80211_default_mgmt_stypes[NUM_NL80211_IFTYPES] = {
545 }, 545 },
546 [NL80211_IFTYPE_MESH_POINT] = { 546 [NL80211_IFTYPE_MESH_POINT] = {
547 .tx = 0xffff, 547 .tx = 0xffff,
548 .rx = BIT(IEEE80211_STYPE_ACTION >> 4), 548 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
549 BIT(IEEE80211_STYPE_AUTH >> 4) |
550 BIT(IEEE80211_STYPE_DEAUTH >> 4),
549 }, 551 },
550}; 552};
551 553
@@ -760,6 +762,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
760 local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT); 762 local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT);
761#endif 763#endif
762 764
765 /* if the underlying driver supports mesh, mac80211 will (at least)
766 * provide routing of mesh authentication frames to userspace */
767 if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_MESH_POINT))
768 local->hw.wiphy->flags |= WIPHY_FLAG_MESH_AUTH;
769
763 /* mac80211 supports control port protocol changing */ 770 /* mac80211 supports control port protocol changing */
764 local->hw.wiphy->flags |= WIPHY_FLAG_CONTROL_PORT_PROTOCOL; 771 local->hw.wiphy->flags |= WIPHY_FLAG_CONTROL_PORT_PROTOCOL;
765 772
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 2a57cc02c618..11207979e2e2 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -279,9 +279,9 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
279 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00; 279 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
280 *pos++ = 0x00; 280 *pos++ = 0x00;
281 281
282 if (sdata->u.mesh.vendor_ie) { 282 if (sdata->u.mesh.ie) {
283 int len = sdata->u.mesh.vendor_ie_len; 283 int len = sdata->u.mesh.ie_len;
284 const u8 *data = sdata->u.mesh.vendor_ie; 284 const u8 *data = sdata->u.mesh.ie;
285 if (skb_tailroom(skb) > len) 285 if (skb_tailroom(skb) > len)
286 memcpy(skb_put(skb, len), data, len); 286 memcpy(skb_put(skb, len), data, len);
287 } 287 }
@@ -573,6 +573,10 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
573 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 573 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
574 &elems); 574 &elems);
575 575
576 /* ignore beacons from secure mesh peers if our security is off */
577 if (elems.rsn_len && !sdata->u.mesh.is_secure)
578 return;
579
576 if (elems.ds_params && elems.ds_params_len == 1) 580 if (elems.ds_params && elems.ds_params_len == 1)
577 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band); 581 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
578 else 582 else
@@ -586,9 +590,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
586 if (elems.mesh_id && elems.mesh_config && 590 if (elems.mesh_id && elems.mesh_config &&
587 mesh_matches_local(&elems, sdata)) { 591 mesh_matches_local(&elems, sdata)) {
588 supp_rates = ieee80211_sta_get_rates(local, &elems, band); 592 supp_rates = ieee80211_sta_get_rates(local, &elems, band);
589 593 mesh_neighbour_update(mgmt->sa, supp_rates, sdata, &elems);
590 mesh_neighbour_update(mgmt->sa, supp_rates, sdata,
591 mesh_peer_accepts_plinks(&elems));
592 } 594 }
593} 595}
594 596
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index b99e230fe31c..10acf1cc8082 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -226,7 +226,8 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
226int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata); 226int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata);
227/* Mesh plinks */ 227/* Mesh plinks */
228void mesh_neighbour_update(u8 *hw_addr, u32 rates, 228void mesh_neighbour_update(u8 *hw_addr, u32 rates,
229 struct ieee80211_sub_if_data *sdata, bool add); 229 struct ieee80211_sub_if_data *sdata,
230 struct ieee802_11_elems *ie);
230bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie); 231bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie);
231void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata); 232void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);
232void mesh_plink_broken(struct sta_info *sta); 233void mesh_plink_broken(struct sta_info *sta);
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 336ca9d0c5c4..35c715adaae2 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -65,42 +65,37 @@ void mesh_table_free(struct mesh_table *tbl, bool free_leafs)
65 __mesh_table_free(tbl); 65 __mesh_table_free(tbl);
66} 66}
67 67
68static struct mesh_table *mesh_table_grow(struct mesh_table *tbl) 68static int mesh_table_grow(struct mesh_table *oldtbl,
69 struct mesh_table *newtbl)
69{ 70{
70 struct mesh_table *newtbl;
71 struct hlist_head *oldhash; 71 struct hlist_head *oldhash;
72 struct hlist_node *p, *q; 72 struct hlist_node *p, *q;
73 int i; 73 int i;
74 74
75 if (atomic_read(&tbl->entries) 75 if (atomic_read(&oldtbl->entries)
76 < tbl->mean_chain_len * (tbl->hash_mask + 1)) 76 < oldtbl->mean_chain_len * (oldtbl->hash_mask + 1))
77 goto endgrow; 77 return -EAGAIN;
78 78
79 newtbl = mesh_table_alloc(tbl->size_order + 1);
80 if (!newtbl)
81 goto endgrow;
82 79
83 newtbl->free_node = tbl->free_node; 80 newtbl->free_node = oldtbl->free_node;
84 newtbl->mean_chain_len = tbl->mean_chain_len; 81 newtbl->mean_chain_len = oldtbl->mean_chain_len;
85 newtbl->copy_node = tbl->copy_node; 82 newtbl->copy_node = oldtbl->copy_node;
86 atomic_set(&newtbl->entries, atomic_read(&tbl->entries)); 83 atomic_set(&newtbl->entries, atomic_read(&oldtbl->entries));
87 84
88 oldhash = tbl->hash_buckets; 85 oldhash = oldtbl->hash_buckets;
89 for (i = 0; i <= tbl->hash_mask; i++) 86 for (i = 0; i <= oldtbl->hash_mask; i++)
90 hlist_for_each(p, &oldhash[i]) 87 hlist_for_each(p, &oldhash[i])
91 if (tbl->copy_node(p, newtbl) < 0) 88 if (oldtbl->copy_node(p, newtbl) < 0)
92 goto errcopy; 89 goto errcopy;
93 90
94 return newtbl; 91 return 0;
95 92
96errcopy: 93errcopy:
97 for (i = 0; i <= newtbl->hash_mask; i++) { 94 for (i = 0; i <= newtbl->hash_mask; i++) {
98 hlist_for_each_safe(p, q, &newtbl->hash_buckets[i]) 95 hlist_for_each_safe(p, q, &newtbl->hash_buckets[i])
99 tbl->free_node(p, 0); 96 oldtbl->free_node(p, 0);
100 } 97 }
101 __mesh_table_free(newtbl); 98 return -ENOMEM;
102endgrow:
103 return NULL;
104} 99}
105 100
106 101
@@ -334,10 +329,13 @@ void mesh_mpath_table_grow(void)
334{ 329{
335 struct mesh_table *oldtbl, *newtbl; 330 struct mesh_table *oldtbl, *newtbl;
336 331
332 newtbl = mesh_table_alloc(mesh_paths->size_order + 1);
333 if (!newtbl)
334 return;
337 write_lock(&pathtbl_resize_lock); 335 write_lock(&pathtbl_resize_lock);
338 oldtbl = mesh_paths; 336 oldtbl = mesh_paths;
339 newtbl = mesh_table_grow(mesh_paths); 337 if (mesh_table_grow(mesh_paths, newtbl) < 0) {
340 if (!newtbl) { 338 __mesh_table_free(newtbl);
341 write_unlock(&pathtbl_resize_lock); 339 write_unlock(&pathtbl_resize_lock);
342 return; 340 return;
343 } 341 }
@@ -352,10 +350,13 @@ void mesh_mpp_table_grow(void)
352{ 350{
353 struct mesh_table *oldtbl, *newtbl; 351 struct mesh_table *oldtbl, *newtbl;
354 352
353 newtbl = mesh_table_alloc(mpp_paths->size_order + 1);
354 if (!newtbl)
355 return;
355 write_lock(&pathtbl_resize_lock); 356 write_lock(&pathtbl_resize_lock);
356 oldtbl = mpp_paths; 357 oldtbl = mpp_paths;
357 newtbl = mesh_table_grow(mpp_paths); 358 if (mesh_table_grow(mpp_paths, newtbl) < 0) {
358 if (!newtbl) { 359 __mesh_table_free(newtbl);
359 write_unlock(&pathtbl_resize_lock); 360 write_unlock(&pathtbl_resize_lock);
360 return; 361 return;
361 } 362 }
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 44b53931ba5e..84e5b056af02 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -105,7 +105,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
105 if (!sta) 105 if (!sta)
106 return NULL; 106 return NULL;
107 107
108 sta->flags = WLAN_STA_AUTHORIZED; 108 sta->flags = WLAN_STA_AUTHORIZED | WLAN_STA_AUTH;
109 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 109 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
110 rate_control_rate_init(sta); 110 rate_control_rate_init(sta);
111 111
@@ -161,7 +161,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
161 __le16 reason) { 161 __le16 reason) {
162 struct ieee80211_local *local = sdata->local; 162 struct ieee80211_local *local = sdata->local;
163 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400 + 163 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400 +
164 sdata->u.mesh.vendor_ie_len); 164 sdata->u.mesh.ie_len);
165 struct ieee80211_mgmt *mgmt; 165 struct ieee80211_mgmt *mgmt;
166 bool include_plid = false; 166 bool include_plid = false;
167 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A }; 167 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A };
@@ -237,8 +237,9 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
237 return 0; 237 return 0;
238} 238}
239 239
240void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data *sdata, 240void mesh_neighbour_update(u8 *hw_addr, u32 rates,
241 bool peer_accepting_plinks) 241 struct ieee80211_sub_if_data *sdata,
242 struct ieee802_11_elems *elems)
242{ 243{
243 struct ieee80211_local *local = sdata->local; 244 struct ieee80211_local *local = sdata->local;
244 struct sta_info *sta; 245 struct sta_info *sta;
@@ -248,8 +249,14 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data
248 sta = sta_info_get(sdata, hw_addr); 249 sta = sta_info_get(sdata, hw_addr);
249 if (!sta) { 250 if (!sta) {
250 rcu_read_unlock(); 251 rcu_read_unlock();
251 252 /* Userspace handles peer allocation when security is enabled
252 sta = mesh_plink_alloc(sdata, hw_addr, rates); 253 * */
254 if (sdata->u.mesh.is_secure)
255 cfg80211_notify_new_peer_candidate(sdata->dev, hw_addr,
256 elems->ie_start, elems->total_len,
257 GFP_KERNEL);
258 else
259 sta = mesh_plink_alloc(sdata, hw_addr, rates);
253 if (!sta) 260 if (!sta)
254 return; 261 return;
255 if (sta_info_insert_rcu(sta)) { 262 if (sta_info_insert_rcu(sta)) {
@@ -260,7 +267,8 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data
260 267
261 sta->last_rx = jiffies; 268 sta->last_rx = jiffies;
262 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 269 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
263 if (peer_accepting_plinks && sta->plink_state == PLINK_LISTEN && 270 if (mesh_peer_accepts_plinks(elems) &&
271 sta->plink_state == PLINK_LISTEN &&
264 sdata->u.mesh.accepting_plinks && 272 sdata->u.mesh.accepting_plinks &&
265 sdata->u.mesh.mshcfg.auto_open_plinks) 273 sdata->u.mesh.mshcfg.auto_open_plinks)
266 mesh_plink_open(sta); 274 mesh_plink_open(sta);
@@ -372,6 +380,9 @@ int mesh_plink_open(struct sta_info *sta)
372 __le16 llid; 380 __le16 llid;
373 struct ieee80211_sub_if_data *sdata = sta->sdata; 381 struct ieee80211_sub_if_data *sdata = sta->sdata;
374 382
383 if (!test_sta_flags(sta, WLAN_STA_AUTH))
384 return -EPERM;
385
375 spin_lock_bh(&sta->lock); 386 spin_lock_bh(&sta->lock);
376 get_random_bytes(&llid, 2); 387 get_random_bytes(&llid, 2);
377 sta->llid = llid; 388 sta->llid = llid;
@@ -449,6 +460,10 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
449 mpl_dbg("Mesh plink: missing necessary peer link ie\n"); 460 mpl_dbg("Mesh plink: missing necessary peer link ie\n");
450 return; 461 return;
451 } 462 }
463 if (elems.rsn_len && !sdata->u.mesh.is_secure) {
464 mpl_dbg("Mesh plink: can't establish link with secure peer\n");
465 return;
466 }
452 467
453 ftype = mgmt->u.action.u.plink_action.action_code; 468 ftype = mgmt->u.action.u.plink_action.action_code;
454 ie_len = elems.peer_link_len; 469 ie_len = elems.peer_link_len;
@@ -480,6 +495,12 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
480 return; 495 return;
481 } 496 }
482 497
498 if (sta && !test_sta_flags(sta, WLAN_STA_AUTH)) {
499 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
500 rcu_read_unlock();
501 return;
502 }
503
483 if (sta && sta->plink_state == PLINK_BLOCKED) { 504 if (sta && sta->plink_state == PLINK_BLOCKED) {
484 rcu_read_unlock(); 505 rcu_read_unlock();
485 return; 506 return;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 865fed4cc18b..a41f234bd486 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -761,15 +761,16 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
761 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 761 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
762 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) { 762 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) {
763 netif_tx_stop_all_queues(sdata->dev); 763 netif_tx_stop_all_queues(sdata->dev);
764 /*
765 * Flush all the frames queued in the driver before
766 * going to power save
767 */
768 drv_flush(local, false);
769 ieee80211_send_nullfunc(local, sdata, 1);
770 764
771 /* Flush once again to get the tx status of nullfunc frame */ 765 if (drv_tx_frames_pending(local))
772 drv_flush(local, false); 766 mod_timer(&local->dynamic_ps_timer, jiffies +
767 msecs_to_jiffies(
768 local->hw.conf.dynamic_ps_timeout));
769 else {
770 ieee80211_send_nullfunc(local, sdata, 1);
771 /* Flush to get the tx status of nullfunc frame */
772 drv_flush(local, false);
773 }
773 } 774 }
774 775
775 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 776 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1f0b010904b8..a864890e4d03 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -143,7 +143,8 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
143 if (status->flag & RX_FLAG_HT) { 143 if (status->flag & RX_FLAG_HT) {
144 /* 144 /*
145 * MCS information is a separate field in radiotap, 145 * MCS information is a separate field in radiotap,
146 * added below. 146 * added below. The byte here is needed as padding
147 * for the channel though, so initialise it to 0.
147 */ 148 */
148 *pos = 0; 149 *pos = 0;
149 } else { 150 } else {
@@ -502,7 +503,8 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
502 503
503 if (ieee80211_is_probe_req(hdr->frame_control) || 504 if (ieee80211_is_probe_req(hdr->frame_control) ||
504 ieee80211_is_probe_resp(hdr->frame_control) || 505 ieee80211_is_probe_resp(hdr->frame_control) ||
505 ieee80211_is_beacon(hdr->frame_control)) 506 ieee80211_is_beacon(hdr->frame_control) ||
507 ieee80211_is_auth(hdr->frame_control))
506 return RX_CONTINUE; 508 return RX_CONTINUE;
507 509
508 return RX_DROP_MONITOR; 510 return RX_DROP_MONITOR;
@@ -1585,7 +1587,7 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1585} 1587}
1586 1588
1587static int 1589static int
1588__ieee80211_data_to_8023(struct ieee80211_rx_data *rx) 1590__ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control)
1589{ 1591{
1590 struct ieee80211_sub_if_data *sdata = rx->sdata; 1592 struct ieee80211_sub_if_data *sdata = rx->sdata;
1591 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1593 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
@@ -1593,6 +1595,7 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1593 struct ethhdr *ehdr; 1595 struct ethhdr *ehdr;
1594 int ret; 1596 int ret;
1595 1597
1598 *port_control = false;
1596 if (ieee80211_has_a4(hdr->frame_control) && 1599 if (ieee80211_has_a4(hdr->frame_control) &&
1597 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta) 1600 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1598 return -1; 1601 return -1;
@@ -1611,11 +1614,13 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1611 return -1; 1614 return -1;
1612 1615
1613 ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type); 1616 ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
1614 if (ret < 0 || !check_port_control) 1617 if (ret < 0)
1615 return ret; 1618 return ret;
1616 1619
1617 ehdr = (struct ethhdr *) rx->skb->data; 1620 ehdr = (struct ethhdr *) rx->skb->data;
1618 if (ehdr->h_proto != rx->sdata->control_port_protocol) 1621 if (ehdr->h_proto == rx->sdata->control_port_protocol)
1622 *port_control = true;
1623 else if (check_port_control)
1619 return -1; 1624 return -1;
1620 1625
1621 return 0; 1626 return 0;
@@ -1916,6 +1921,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1916 struct net_device *dev = sdata->dev; 1921 struct net_device *dev = sdata->dev;
1917 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1922 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1918 __le16 fc = hdr->frame_control; 1923 __le16 fc = hdr->frame_control;
1924 bool port_control;
1919 int err; 1925 int err;
1920 1926
1921 if (unlikely(!ieee80211_is_data(hdr->frame_control))) 1927 if (unlikely(!ieee80211_is_data(hdr->frame_control)))
@@ -1932,13 +1938,21 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1932 sdata->vif.type == NL80211_IFTYPE_AP) 1938 sdata->vif.type == NL80211_IFTYPE_AP)
1933 return RX_DROP_MONITOR; 1939 return RX_DROP_MONITOR;
1934 1940
1935 err = __ieee80211_data_to_8023(rx); 1941 err = __ieee80211_data_to_8023(rx, &port_control);
1936 if (unlikely(err)) 1942 if (unlikely(err))
1937 return RX_DROP_UNUSABLE; 1943 return RX_DROP_UNUSABLE;
1938 1944
1939 if (!ieee80211_frame_allowed(rx, fc)) 1945 if (!ieee80211_frame_allowed(rx, fc))
1940 return RX_DROP_MONITOR; 1946 return RX_DROP_MONITOR;
1941 1947
1948 if (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1949 unlikely(port_control) && sdata->bss) {
1950 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
1951 u.ap);
1952 dev = sdata->dev;
1953 rx->sdata = sdata;
1954 }
1955
1942 rx->skb->dev = dev; 1956 rx->skb->dev = dev;
1943 1957
1944 dev->stats.rx_packets++; 1958 dev->stats.rx_packets++;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 52d4b1a695c9..a03d8a312875 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -228,6 +228,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
228{ 228{
229 struct ieee80211_local *local = sdata->local; 229 struct ieee80211_local *local = sdata->local;
230 struct sta_info *sta; 230 struct sta_info *sta;
231 struct timespec uptime;
231 int i; 232 int i;
232 233
233 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp); 234 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
@@ -245,6 +246,8 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
245 sta->sdata = sdata; 246 sta->sdata = sdata;
246 sta->last_rx = jiffies; 247 sta->last_rx = jiffies;
247 248
249 do_posix_clock_monotonic_gettime(&uptime);
250 sta->last_connected = uptime.tv_sec;
248 ewma_init(&sta->avg_signal, 1024, 8); 251 ewma_init(&sta->avg_signal, 1024, 8);
249 252
250 if (sta_prepare_rate_control(local, sta, gfp)) { 253 if (sta_prepare_rate_control(local, sta, gfp)) {
@@ -609,7 +612,8 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
609#endif 612#endif
610 dev_kfree_skb(skb); 613 dev_kfree_skb(skb);
611 614
612 if (skb_queue_empty(&sta->ps_tx_buf)) 615 if (skb_queue_empty(&sta->ps_tx_buf) &&
616 !test_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF))
613 sta_info_clear_tim_bit(sta); 617 sta_info_clear_tim_bit(sta);
614 } 618 }
615 619
@@ -893,6 +897,7 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
893 struct ieee80211_local *local = sdata->local; 897 struct ieee80211_local *local = sdata->local;
894 int sent, buffered; 898 int sent, buffered;
895 899
900 clear_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
896 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS)) 901 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
897 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta); 902 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
898 903
@@ -985,3 +990,12 @@ void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
985 ieee80211_queue_work(hw, &sta->drv_unblock_wk); 990 ieee80211_queue_work(hw, &sta->drv_unblock_wk);
986} 991}
987EXPORT_SYMBOL(ieee80211_sta_block_awake); 992EXPORT_SYMBOL(ieee80211_sta_block_awake);
993
994void ieee80211_sta_set_tim(struct ieee80211_sta *pubsta)
995{
996 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
997
998 set_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
999 sta_info_set_tim_bit(sta);
1000}
1001EXPORT_SYMBOL(ieee80211_sta_set_tim);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 87b18ba1e0e9..aa0adcbf3a93 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -43,6 +43,8 @@
43 * be in the queues 43 * be in the queues
44 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping 44 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
45 * station in power-save mode, reply when the driver unblocks. 45 * station in power-save mode, reply when the driver unblocks.
46 * @WLAN_STA_PS_DRIVER_BUF: Station has frames pending in driver internal
47 * buffers. Automatically cleared on station wake-up.
46 */ 48 */
47enum ieee80211_sta_info_flags { 49enum ieee80211_sta_info_flags {
48 WLAN_STA_AUTH = 1<<0, 50 WLAN_STA_AUTH = 1<<0,
@@ -58,6 +60,7 @@ enum ieee80211_sta_info_flags {
58 WLAN_STA_BLOCK_BA = 1<<11, 60 WLAN_STA_BLOCK_BA = 1<<11,
59 WLAN_STA_PS_DRIVER = 1<<12, 61 WLAN_STA_PS_DRIVER = 1<<12,
60 WLAN_STA_PSPOLL = 1<<13, 62 WLAN_STA_PSPOLL = 1<<13,
63 WLAN_STA_PS_DRIVER_BUF = 1<<14,
61}; 64};
62 65
63#define STA_TID_NUM 16 66#define STA_TID_NUM 16
@@ -226,6 +229,7 @@ enum plink_state {
226 * @rx_bytes: Number of bytes received from this STA 229 * @rx_bytes: Number of bytes received from this STA
227 * @wep_weak_iv_count: number of weak WEP IVs received from this station 230 * @wep_weak_iv_count: number of weak WEP IVs received from this station
228 * @last_rx: time (in jiffies) when last frame was received from this STA 231 * @last_rx: time (in jiffies) when last frame was received from this STA
232 * @last_connected: time (in seconds) when a station got connected
229 * @num_duplicates: number of duplicate frames received from this STA 233 * @num_duplicates: number of duplicate frames received from this STA
230 * @rx_fragments: number of received MPDUs 234 * @rx_fragments: number of received MPDUs
231 * @rx_dropped: number of dropped MPDUs from this STA 235 * @rx_dropped: number of dropped MPDUs from this STA
@@ -295,6 +299,7 @@ struct sta_info {
295 unsigned long rx_packets, rx_bytes; 299 unsigned long rx_packets, rx_bytes;
296 unsigned long wep_weak_iv_count; 300 unsigned long wep_weak_iv_count;
297 unsigned long last_rx; 301 unsigned long last_rx;
302 long last_connected;
298 unsigned long num_duplicates; 303 unsigned long num_duplicates;
299 unsigned long rx_fragments; 304 unsigned long rx_fragments;
300 unsigned long rx_dropped; 305 unsigned long rx_dropped;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index ce4596ed1268..17b10be31f55 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2262,7 +2262,7 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2262 2262
2263 /* headroom, head length, tail length and maximum TIM length */ 2263 /* headroom, head length, tail length and maximum TIM length */
2264 skb = dev_alloc_skb(local->tx_headroom + 400 + 2264 skb = dev_alloc_skb(local->tx_headroom + 400 +
2265 sdata->u.mesh.vendor_ie_len); 2265 sdata->u.mesh.ie_len);
2266 if (!skb) 2266 if (!skb)
2267 goto out; 2267 goto out;
2268 2268
diff --git a/net/rfkill/Kconfig b/net/rfkill/Kconfig
index 7fce6dfd2180..48464ca13b24 100644
--- a/net/rfkill/Kconfig
+++ b/net/rfkill/Kconfig
@@ -22,3 +22,14 @@ config RFKILL_INPUT
22 depends on RFKILL 22 depends on RFKILL
23 depends on INPUT = y || RFKILL = INPUT 23 depends on INPUT = y || RFKILL = INPUT
24 default y if !EXPERT 24 default y if !EXPERT
25
26config RFKILL_REGULATOR
27 tristate "Generic rfkill regulator driver"
28 depends on RFKILL || !RFKILL
29 depends on REGULATOR
30 help
31 This options enable controlling radio transmitters connected to
32 voltage regulator using the regulator framework.
33
34 To compile this driver as a module, choose M here: the module will
35 be called rfkill-regulator.
diff --git a/net/rfkill/Makefile b/net/rfkill/Makefile
index 662105352691..d9a5a58ffd8c 100644
--- a/net/rfkill/Makefile
+++ b/net/rfkill/Makefile
@@ -5,3 +5,4 @@
5rfkill-y += core.o 5rfkill-y += core.o
6rfkill-$(CONFIG_RFKILL_INPUT) += input.o 6rfkill-$(CONFIG_RFKILL_INPUT) += input.o
7obj-$(CONFIG_RFKILL) += rfkill.o 7obj-$(CONFIG_RFKILL) += rfkill.o
8obj-$(CONFIG_RFKILL_REGULATOR) += rfkill-regulator.o
diff --git a/net/rfkill/rfkill-regulator.c b/net/rfkill/rfkill-regulator.c
new file mode 100644
index 000000000000..18dc512a10f3
--- /dev/null
+++ b/net/rfkill/rfkill-regulator.c
@@ -0,0 +1,164 @@
1/*
2 * rfkill-regulator.c - Regulator consumer driver for rfkill
3 *
4 * Copyright (C) 2009 Guiming Zhuo <gmzhuo@gmail.com>
5 * Copyright (C) 2011 Antonio Ospite <ospite@studenti.unina.it>
6 *
7 * Implementation inspired by leds-regulator driver.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 */
14
15#include <linux/module.h>
16#include <linux/err.h>
17#include <linux/slab.h>
18#include <linux/platform_device.h>
19#include <linux/regulator/consumer.h>
20#include <linux/rfkill.h>
21#include <linux/rfkill-regulator.h>
22
23struct rfkill_regulator_data {
24 struct rfkill *rf_kill;
25 bool reg_enabled;
26
27 struct regulator *vcc;
28};
29
30static int rfkill_regulator_set_block(void *data, bool blocked)
31{
32 struct rfkill_regulator_data *rfkill_data = data;
33
34 pr_debug("%s: blocked: %d\n", __func__, blocked);
35
36 if (blocked) {
37 if (rfkill_data->reg_enabled) {
38 regulator_disable(rfkill_data->vcc);
39 rfkill_data->reg_enabled = 0;
40 }
41 } else {
42 if (!rfkill_data->reg_enabled) {
43 regulator_enable(rfkill_data->vcc);
44 rfkill_data->reg_enabled = 1;
45 }
46 }
47
48 pr_debug("%s: regulator_is_enabled after set_block: %d\n", __func__,
49 regulator_is_enabled(rfkill_data->vcc));
50
51 return 0;
52}
53
54struct rfkill_ops rfkill_regulator_ops = {
55 .set_block = rfkill_regulator_set_block,
56};
57
58static int __devinit rfkill_regulator_probe(struct platform_device *pdev)
59{
60 struct rfkill_regulator_platform_data *pdata = pdev->dev.platform_data;
61 struct rfkill_regulator_data *rfkill_data;
62 struct regulator *vcc;
63 struct rfkill *rf_kill;
64 int ret = 0;
65
66 if (pdata == NULL) {
67 dev_err(&pdev->dev, "no platform data\n");
68 return -ENODEV;
69 }
70
71 if (pdata->name == NULL || pdata->type == 0) {
72 dev_err(&pdev->dev, "invalid name or type in platform data\n");
73 return -EINVAL;
74 }
75
76 vcc = regulator_get_exclusive(&pdev->dev, "vrfkill");
77 if (IS_ERR(vcc)) {
78 dev_err(&pdev->dev, "Cannot get vcc for %s\n", pdata->name);
79 ret = PTR_ERR(vcc);
80 goto out;
81 }
82
83 rfkill_data = kzalloc(sizeof(*rfkill_data), GFP_KERNEL);
84 if (rfkill_data == NULL) {
85 ret = -ENOMEM;
86 goto err_data_alloc;
87 }
88
89 rf_kill = rfkill_alloc(pdata->name, &pdev->dev,
90 pdata->type,
91 &rfkill_regulator_ops, rfkill_data);
92 if (rf_kill == NULL) {
93 dev_err(&pdev->dev, "Cannot alloc rfkill device\n");
94 ret = -ENOMEM;
95 goto err_rfkill_alloc;
96 }
97
98 if (regulator_is_enabled(vcc)) {
99 dev_dbg(&pdev->dev, "Regulator already enabled\n");
100 rfkill_data->reg_enabled = 1;
101 }
102 rfkill_data->vcc = vcc;
103 rfkill_data->rf_kill = rf_kill;
104
105 ret = rfkill_register(rf_kill);
106 if (ret) {
107 dev_err(&pdev->dev, "Cannot register rfkill device\n");
108 goto err_rfkill_register;
109 }
110
111 platform_set_drvdata(pdev, rfkill_data);
112 dev_info(&pdev->dev, "%s initialized\n", pdata->name);
113
114 return 0;
115
116err_rfkill_register:
117 rfkill_destroy(rf_kill);
118err_rfkill_alloc:
119 kfree(rfkill_data);
120err_data_alloc:
121 regulator_put(vcc);
122out:
123 return ret;
124}
125
126static int __devexit rfkill_regulator_remove(struct platform_device *pdev)
127{
128 struct rfkill_regulator_data *rfkill_data = platform_get_drvdata(pdev);
129 struct rfkill *rf_kill = rfkill_data->rf_kill;
130
131 rfkill_unregister(rf_kill);
132 rfkill_destroy(rf_kill);
133 regulator_put(rfkill_data->vcc);
134 kfree(rfkill_data);
135
136 return 0;
137}
138
139static struct platform_driver rfkill_regulator_driver = {
140 .probe = rfkill_regulator_probe,
141 .remove = __devexit_p(rfkill_regulator_remove),
142 .driver = {
143 .name = "rfkill-regulator",
144 .owner = THIS_MODULE,
145 },
146};
147
148static int __init rfkill_regulator_init(void)
149{
150 return platform_driver_register(&rfkill_regulator_driver);
151}
152module_init(rfkill_regulator_init);
153
154static void __exit rfkill_regulator_exit(void)
155{
156 platform_driver_unregister(&rfkill_regulator_driver);
157}
158module_exit(rfkill_regulator_exit);
159
160MODULE_AUTHOR("Guiming Zhuo <gmzhuo@gmail.com>");
161MODULE_AUTHOR("Antonio Ospite <ospite@studenti.unina.it>");
162MODULE_DESCRIPTION("Regulator consumer driver for rfkill");
163MODULE_LICENSE("GPL");
164MODULE_ALIAS("platform:rfkill-regulator");
diff --git a/net/wireless/mesh.c b/net/wireless/mesh.c
index 73e39c171ffb..5c116083eeca 100644
--- a/net/wireless/mesh.c
+++ b/net/wireless/mesh.c
@@ -1,5 +1,6 @@
1#include <linux/ieee80211.h> 1#include <linux/ieee80211.h>
2#include <net/cfg80211.h> 2#include <net/cfg80211.h>
3#include "nl80211.h"
3#include "core.h" 4#include "core.h"
4 5
5/* Default values, timeouts in ms */ 6/* Default values, timeouts in ms */
@@ -53,8 +54,9 @@ const struct mesh_config default_mesh_config = {
53const struct mesh_setup default_mesh_setup = { 54const struct mesh_setup default_mesh_setup = {
54 .path_sel_proto = IEEE80211_PATH_PROTOCOL_HWMP, 55 .path_sel_proto = IEEE80211_PATH_PROTOCOL_HWMP,
55 .path_metric = IEEE80211_PATH_METRIC_AIRTIME, 56 .path_metric = IEEE80211_PATH_METRIC_AIRTIME,
56 .vendor_ie = NULL, 57 .ie = NULL,
57 .vendor_ie_len = 0, 58 .ie_len = 0,
59 .is_secure = false,
58}; 60};
59 61
60int __cfg80211_join_mesh(struct cfg80211_registered_device *rdev, 62int __cfg80211_join_mesh(struct cfg80211_registered_device *rdev,
@@ -72,6 +74,10 @@ int __cfg80211_join_mesh(struct cfg80211_registered_device *rdev,
72 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 74 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
73 return -EOPNOTSUPP; 75 return -EOPNOTSUPP;
74 76
77 if (!(rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
78 setup->is_secure)
79 return -EOPNOTSUPP;
80
75 if (wdev->mesh_id_len) 81 if (wdev->mesh_id_len)
76 return -EALREADY; 82 return -EALREADY;
77 83
@@ -105,6 +111,19 @@ int cfg80211_join_mesh(struct cfg80211_registered_device *rdev,
105 return err; 111 return err;
106} 112}
107 113
114void cfg80211_notify_new_peer_candidate(struct net_device *dev,
115 const u8 *macaddr, const u8* ie, u8 ie_len, gfp_t gfp)
116{
117 struct wireless_dev *wdev = dev->ieee80211_ptr;
118
119 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
120 return;
121
122 nl80211_send_new_peer_candidate(wiphy_to_dev(wdev->wiphy), dev,
123 macaddr, ie, ie_len, gfp);
124}
125EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
126
108static int __cfg80211_leave_mesh(struct cfg80211_registered_device *rdev, 127static int __cfg80211_leave_mesh(struct cfg80211_registered_device *rdev,
109 struct net_device *dev) 128 struct net_device *dev)
110{ 129{
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 297d7ce4117b..0efa7fd01150 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -124,6 +124,7 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
124 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 124 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
125 125
126 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
127 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
127 128
128 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 129 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
129 .len = NL80211_HT_CAPABILITY_LEN }, 130 .len = NL80211_HT_CAPABILITY_LEN },
@@ -594,6 +595,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
594 595
595 if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) 596 if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
596 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN); 597 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
598 if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
599 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
597 600
598 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 601 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
599 sizeof(u32) * dev->wiphy.n_cipher_suites, 602 sizeof(u32) * dev->wiphy.n_cipher_suites,
@@ -1922,6 +1925,7 @@ static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1922 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1925 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1923 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1926 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1924 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1927 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1928 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
1925}; 1929};
1926 1930
1927static int parse_station_flags(struct genl_info *info, 1931static int parse_station_flags(struct genl_info *info,
@@ -2016,6 +2020,9 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2016 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2020 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2017 if (!sinfoattr) 2021 if (!sinfoattr)
2018 goto nla_put_failure; 2022 goto nla_put_failure;
2023 if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2024 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2025 sinfo->connected_time);
2019 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 2026 if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2020 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2027 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2021 sinfo->inactive_time); 2028 sinfo->inactive_time);
@@ -2281,7 +2288,9 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2281 err = -EINVAL; 2288 err = -EINVAL;
2282 if (params.supported_rates) 2289 if (params.supported_rates)
2283 err = -EINVAL; 2290 err = -EINVAL;
2284 if (params.sta_flags_mask) 2291 if (params.sta_flags_mask &
2292 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2293 BIT(NL80211_STA_FLAG_AUTHORIZED)))
2285 err = -EINVAL; 2294 err = -EINVAL;
2286 break; 2295 break;
2287 default: 2296 default:
@@ -2343,11 +2352,16 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2343 params.ht_capa = 2352 params.ht_capa =
2344 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2353 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2345 2354
2355 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2356 params.plink_action =
2357 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2358
2346 if (parse_station_flags(info, &params)) 2359 if (parse_station_flags(info, &params))
2347 return -EINVAL; 2360 return -EINVAL;
2348 2361
2349 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2362 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2350 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2363 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2364 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2351 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2365 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2352 return -EINVAL; 2366 return -EINVAL;
2353 2367
@@ -2823,7 +2837,8 @@ static const struct nla_policy
2823 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 2837 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
2824 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 2838 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
2825 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 2839 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
2826 [NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE] = { .type = NLA_BINARY, 2840 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
2841 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
2827 .len = IEEE80211_MAX_DATA_LEN }, 2842 .len = IEEE80211_MAX_DATA_LEN },
2828}; 2843};
2829 2844
@@ -2925,14 +2940,16 @@ static int nl80211_parse_mesh_setup(struct genl_info *info,
2925 IEEE80211_PATH_METRIC_VENDOR : 2940 IEEE80211_PATH_METRIC_VENDOR :
2926 IEEE80211_PATH_METRIC_AIRTIME; 2941 IEEE80211_PATH_METRIC_AIRTIME;
2927 2942
2928 if (tb[NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE]) { 2943
2944 if (tb[NL80211_MESH_SETUP_IE]) {
2929 struct nlattr *ieattr = 2945 struct nlattr *ieattr =
2930 tb[NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE]; 2946 tb[NL80211_MESH_SETUP_IE];
2931 if (!is_valid_ie_attr(ieattr)) 2947 if (!is_valid_ie_attr(ieattr))
2932 return -EINVAL; 2948 return -EINVAL;
2933 setup->vendor_ie = nla_data(ieattr); 2949 setup->ie = nla_data(ieattr);
2934 setup->vendor_ie_len = nla_len(ieattr); 2950 setup->ie_len = nla_len(ieattr);
2935 } 2951 }
2952 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
2936 2953
2937 return 0; 2954 return 0;
2938} 2955}
@@ -5804,6 +5821,44 @@ void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
5804 nlmsg_free(msg); 5821 nlmsg_free(msg);
5805} 5822}
5806 5823
5824void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
5825 struct net_device *netdev,
5826 const u8 *macaddr, const u8* ie, u8 ie_len,
5827 gfp_t gfp)
5828{
5829 struct sk_buff *msg;
5830 void *hdr;
5831
5832 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5833 if (!msg)
5834 return;
5835
5836 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
5837 if (!hdr) {
5838 nlmsg_free(msg);
5839 return;
5840 }
5841
5842 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5843 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5844 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr);
5845 if (ie_len && ie)
5846 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie);
5847
5848 if (genlmsg_end(msg, hdr) < 0) {
5849 nlmsg_free(msg);
5850 return;
5851 }
5852
5853 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5854 nl80211_mlme_mcgrp.id, gfp);
5855 return;
5856
5857 nla_put_failure:
5858 genlmsg_cancel(msg, hdr);
5859 nlmsg_free(msg);
5860}
5861
5807void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5862void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
5808 struct net_device *netdev, const u8 *addr, 5863 struct net_device *netdev, const u8 *addr,
5809 enum nl80211_key_type key_type, int key_id, 5864 enum nl80211_key_type key_type, int key_id,
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index dcac5cd6f017..f2af6955a665 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -50,6 +50,10 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
50 struct net_device *netdev, u16 reason, 50 struct net_device *netdev, u16 reason,
51 const u8 *ie, size_t ie_len, bool from_ap); 51 const u8 *ie, size_t ie_len, bool from_ap);
52 52
53void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
54 struct net_device *netdev,
55 const u8 *macaddr, const u8* ie, u8 ie_len,
56 gfp_t gfp);
53void 57void
54nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 58nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
55 struct net_device *netdev, const u8 *addr, 59 struct net_device *netdev, const u8 *addr,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-25 10:39:45 -0500