aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2011-04-19 15:34:48 -0400
committerJohn W. Linville <linville@tuxdriver.com>2011-04-19 15:34:48 -0400
commitbb411b4db2767cfd4a99b3328da843ce4ea1596a (patch)
tree8b03d033476d9bb4abbff4f214a1b942081828e9 /net
parent44c866a0a57b08b7090be24ccb33679ed1d4f476 (diff)
parent26954c7f26068b6ced108806fdd39aee5cd54e6f (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_event.c4
-rw-r--r--net/bluetooth/l2cap_core.c1344
-rw-r--r--net/bluetooth/l2cap_sock.c72
3 files changed, 754 insertions, 666 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 7a3398d9cd65..c7eb073fe633 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2497,6 +2497,9 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2497 2497
2498 hci_dev_lock(hdev); 2498 hci_dev_lock(hdev);
2499 2499
2500 if (!test_bit(HCI_MGMT, &hdev->flags))
2501 goto unlock;
2502
2500 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 2503 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2501 if (data) { 2504 if (data) {
2502 struct hci_cp_remote_oob_data_reply cp; 2505 struct hci_cp_remote_oob_data_reply cp;
@@ -2515,6 +2518,7 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2515 &cp); 2518 &cp);
2516 } 2519 }
2517 2520
2521unlock:
2518 hci_dev_unlock(hdev); 2522 hci_dev_unlock(hdev);
2519} 2523}
2520 2524
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index c3cebed205cc..d47de2b04b2e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -70,108 +70,101 @@ static void l2cap_busy_work(struct work_struct *work);
70 70
71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 71static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
72 u8 code, u8 ident, u16 dlen, void *data); 72 u8 code, u8 ident, u16 dlen, void *data);
73static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
73 74
74static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb); 75static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
75 76
76/* ---- L2CAP channels ---- */ 77/* ---- L2CAP channels ---- */
77static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
78{ 79{
79 struct sock *s; 80 struct l2cap_chan *c;
80 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 81
82 list_for_each_entry(c, &conn->chan_l, list) {
83 struct sock *s = c->sk;
81 if (l2cap_pi(s)->dcid == cid) 84 if (l2cap_pi(s)->dcid == cid)
82 break; 85 return c;
83 } 86 }
84 return s; 87 return NULL;
88
85} 89}
86 90
87static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 91static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
88{ 92{
89 struct sock *s; 93 struct l2cap_chan *c;
90 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 94
95 list_for_each_entry(c, &conn->chan_l, list) {
96 struct sock *s = c->sk;
91 if (l2cap_pi(s)->scid == cid) 97 if (l2cap_pi(s)->scid == cid)
92 break; 98 return c;
93 } 99 }
94 return s; 100 return NULL;
95} 101}
96 102
97/* Find channel with given SCID. 103/* Find channel with given SCID.
98 * Returns locked socket */ 104 * Returns locked socket */
99static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
100{ 106{
101 struct sock *s; 107 struct l2cap_chan *c;
102 read_lock(&l->lock); 108
103 s = __l2cap_get_chan_by_scid(l, cid); 109 read_lock(&conn->chan_lock);
104 if (s) 110 c = __l2cap_get_chan_by_scid(conn, cid);
105 bh_lock_sock(s); 111 if (c)
106 read_unlock(&l->lock); 112 bh_lock_sock(c->sk);
107 return s; 113 read_unlock(&conn->chan_lock);
114 return c;
108} 115}
109 116
110static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 117static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
111{ 118{
112 struct sock *s; 119 struct l2cap_chan *c;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 120
114 if (l2cap_pi(s)->ident == ident) 121 list_for_each_entry(c, &conn->chan_l, list) {
115 break; 122 if (c->ident == ident)
123 return c;
116 } 124 }
117 return s; 125 return NULL;
118} 126}
119 127
120static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 128static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
121{ 129{
122 struct sock *s; 130 struct l2cap_chan *c;
123 read_lock(&l->lock); 131
124 s = __l2cap_get_chan_by_ident(l, ident); 132 read_lock(&conn->chan_lock);
125 if (s) 133 c = __l2cap_get_chan_by_ident(conn, ident);
126 bh_lock_sock(s); 134 if (c)
127 read_unlock(&l->lock); 135 bh_lock_sock(c->sk);
128 return s; 136 read_unlock(&conn->chan_lock);
137 return c;
129} 138}
130 139
131static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 140static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
132{ 141{
133 u16 cid = L2CAP_CID_DYN_START; 142 u16 cid = L2CAP_CID_DYN_START;
134 143
135 for (; cid < L2CAP_CID_DYN_END; cid++) { 144 for (; cid < L2CAP_CID_DYN_END; cid++) {
136 if (!__l2cap_get_chan_by_scid(l, cid)) 145 if (!__l2cap_get_chan_by_scid(conn, cid))
137 return cid; 146 return cid;
138 } 147 }
139 148
140 return 0; 149 return 0;
141} 150}
142 151
143static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 152static struct l2cap_chan *l2cap_chan_alloc(struct sock *sk)
144{ 153{
145 sock_hold(sk); 154 struct l2cap_chan *chan;
146
147 if (l->head)
148 l2cap_pi(l->head)->prev_c = sk;
149 155
150 l2cap_pi(sk)->next_c = l->head; 156 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
151 l2cap_pi(sk)->prev_c = NULL; 157 if (!chan)
152 l->head = sk; 158 return NULL;
153}
154
155static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
156{
157 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
158
159 write_lock_bh(&l->lock);
160 if (sk == l->head)
161 l->head = next;
162 159
163 if (next) 160 chan->sk = sk;
164 l2cap_pi(next)->prev_c = prev;
165 if (prev)
166 l2cap_pi(prev)->next_c = next;
167 write_unlock_bh(&l->lock);
168 161
169 __sock_put(sk); 162 return chan;
170} 163}
171 164
172static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 165static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
173{ 166{
174 struct l2cap_chan_list *l = &conn->chan_list; 167 struct sock *sk = chan->sk;
175 168
176 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 169 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
177 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 170 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
@@ -188,7 +181,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
188 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA; 181 l2cap_pi(sk)->dcid = L2CAP_CID_LE_DATA;
189 } else { 182 } else {
190 /* Alloc CID for connection-oriented socket */ 183 /* Alloc CID for connection-oriented socket */
191 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 184 l2cap_pi(sk)->scid = l2cap_alloc_cid(conn);
192 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 185 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
193 } 186 }
194 } else if (sk->sk_type == SOCK_DGRAM) { 187 } else if (sk->sk_type == SOCK_DGRAM) {
@@ -203,23 +196,30 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk)
203 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 196 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
204 } 197 }
205 198
206 __l2cap_chan_link(l, sk); 199 sock_hold(sk);
200
201 list_add(&chan->list, &conn->chan_l);
207} 202}
208 203
209/* Delete channel. 204/* Delete channel.
210 * Must be called on the locked socket. */ 205 * Must be called on the locked socket. */
211void l2cap_chan_del(struct sock *sk, int err) 206void l2cap_chan_del(struct l2cap_chan *chan, int err)
212{ 207{
208 struct sock *sk = chan->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 209 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
214 struct sock *parent = bt_sk(sk)->parent; 210 struct sock *parent = bt_sk(sk)->parent;
215 211
216 l2cap_sock_clear_timer(sk); 212 l2cap_sock_clear_timer(sk);
217 213
218 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 214 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
219 215
220 if (conn) { 216 if (conn) {
221 /* Unlink from channel list */ 217 /* Delete from channel list */
222 l2cap_chan_unlink(&conn->chan_list, sk); 218 write_lock_bh(&conn->chan_lock);
219 list_del(&chan->list);
220 write_unlock_bh(&conn->chan_lock);
221 __sock_put(sk);
222
223 l2cap_pi(sk)->conn = NULL; 223 l2cap_pi(sk)->conn = NULL;
224 hci_conn_put(conn->hcon); 224 hci_conn_put(conn->hcon);
225 } 225 }
@@ -236,23 +236,30 @@ void l2cap_chan_del(struct sock *sk, int err)
236 } else 236 } else
237 sk->sk_state_change(sk); 237 sk->sk_state_change(sk);
238 238
239 skb_queue_purge(TX_QUEUE(sk)); 239 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE &&
240 l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE))
241 goto free;
242
243 skb_queue_purge(&chan->tx_q);
240 244
241 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 245 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
242 struct srej_list *l, *tmp; 246 struct srej_list *l, *tmp;
243 247
244 del_timer(&l2cap_pi(sk)->retrans_timer); 248 del_timer(&chan->retrans_timer);
245 del_timer(&l2cap_pi(sk)->monitor_timer); 249 del_timer(&chan->monitor_timer);
246 del_timer(&l2cap_pi(sk)->ack_timer); 250 del_timer(&chan->ack_timer);
247 251
248 skb_queue_purge(SREJ_QUEUE(sk)); 252 skb_queue_purge(&chan->srej_q);
249 skb_queue_purge(BUSY_QUEUE(sk)); 253 skb_queue_purge(&chan->busy_q);
250 254
251 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 255 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
252 list_del(&l->list); 256 list_del(&l->list);
253 kfree(l); 257 kfree(l);
254 } 258 }
255 } 259 }
260
261free:
262 kfree(chan);
256} 263}
257 264
258static inline u8 l2cap_get_auth_type(struct sock *sk) 265static inline u8 l2cap_get_auth_type(struct sock *sk)
@@ -338,10 +345,11 @@ void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *d
338 hci_send_acl(conn->hcon, skb, flags); 345 hci_send_acl(conn->hcon, skb, flags);
339} 346}
340 347
341static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) 348static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
342{ 349{
343 struct sk_buff *skb; 350 struct sk_buff *skb;
344 struct l2cap_hdr *lh; 351 struct l2cap_hdr *lh;
352 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
345 struct l2cap_conn *conn = pi->conn; 353 struct l2cap_conn *conn = pi->conn;
346 struct sock *sk = (struct sock *)pi; 354 struct sock *sk = (struct sock *)pi;
347 int count, hlen = L2CAP_HDR_SIZE + 2; 355 int count, hlen = L2CAP_HDR_SIZE + 2;
@@ -353,19 +361,19 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
353 if (pi->fcs == L2CAP_FCS_CRC16) 361 if (pi->fcs == L2CAP_FCS_CRC16)
354 hlen += 2; 362 hlen += 2;
355 363
356 BT_DBG("pi %p, control 0x%2.2x", pi, control); 364 BT_DBG("chan %p, control 0x%2.2x", chan, control);
357 365
358 count = min_t(unsigned int, conn->mtu, hlen); 366 count = min_t(unsigned int, conn->mtu, hlen);
359 control |= L2CAP_CTRL_FRAME_TYPE; 367 control |= L2CAP_CTRL_FRAME_TYPE;
360 368
361 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 369 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
362 control |= L2CAP_CTRL_FINAL; 370 control |= L2CAP_CTRL_FINAL;
363 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 371 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
364 } 372 }
365 373
366 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) { 374 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
367 control |= L2CAP_CTRL_POLL; 375 control |= L2CAP_CTRL_POLL;
368 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT; 376 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
369 } 377 }
370 378
371 skb = bt_skb_alloc(count, GFP_ATOMIC); 379 skb = bt_skb_alloc(count, GFP_ATOMIC);
@@ -390,17 +398,17 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
390 hci_send_acl(pi->conn->hcon, skb, flags); 398 hci_send_acl(pi->conn->hcon, skb, flags);
391} 399}
392 400
393static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control) 401static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
394{ 402{
395 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 403 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
396 control |= L2CAP_SUPER_RCV_NOT_READY; 404 control |= L2CAP_SUPER_RCV_NOT_READY;
397 pi->conn_state |= L2CAP_CONN_RNR_SENT; 405 chan->conn_state |= L2CAP_CONN_RNR_SENT;
398 } else 406 } else
399 control |= L2CAP_SUPER_RCV_READY; 407 control |= L2CAP_SUPER_RCV_READY;
400 408
401 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 409 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
402 410
403 l2cap_send_sframe(pi, control); 411 l2cap_send_sframe(chan, control);
404} 412}
405 413
406static inline int __l2cap_no_conn_pending(struct sock *sk) 414static inline int __l2cap_no_conn_pending(struct sock *sk)
@@ -408,8 +416,9 @@ static inline int __l2cap_no_conn_pending(struct sock *sk)
408 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND); 416 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
409} 417}
410 418
411static void l2cap_do_start(struct sock *sk) 419static void l2cap_do_start(struct l2cap_chan *chan)
412{ 420{
421 struct sock *sk = chan->sk;
413 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 422 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
414 423
415 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 424 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
@@ -421,11 +430,11 @@ static void l2cap_do_start(struct sock *sk)
421 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 430 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
422 req.psm = l2cap_pi(sk)->psm; 431 req.psm = l2cap_pi(sk)->psm;
423 432
424 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 433 chan->ident = l2cap_get_ident(conn);
425 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 434 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
426 435
427 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 436 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
428 L2CAP_CONN_REQ, sizeof(req), &req); 437 sizeof(req), &req);
429 } 438 }
430 } else { 439 } else {
431 struct l2cap_info_req req; 440 struct l2cap_info_req req;
@@ -458,19 +467,20 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
458 } 467 }
459} 468}
460 469
461void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err) 470void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
462{ 471{
472 struct sock *sk;
463 struct l2cap_disconn_req req; 473 struct l2cap_disconn_req req;
464 474
465 if (!conn) 475 if (!conn)
466 return; 476 return;
467 477
468 skb_queue_purge(TX_QUEUE(sk)); 478 sk = chan->sk;
469 479
470 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 480 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
471 del_timer(&l2cap_pi(sk)->retrans_timer); 481 del_timer(&chan->retrans_timer);
472 del_timer(&l2cap_pi(sk)->monitor_timer); 482 del_timer(&chan->monitor_timer);
473 del_timer(&l2cap_pi(sk)->ack_timer); 483 del_timer(&chan->ack_timer);
474 } 484 }
475 485
476 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 486 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
@@ -485,17 +495,15 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
485/* ---- L2CAP connections ---- */ 495/* ---- L2CAP connections ---- */
486static void l2cap_conn_start(struct l2cap_conn *conn) 496static void l2cap_conn_start(struct l2cap_conn *conn)
487{ 497{
488 struct l2cap_chan_list *l = &conn->chan_list; 498 struct l2cap_chan *chan, *tmp;
489 struct sock_del_list del, *tmp1, *tmp2;
490 struct sock *sk;
491 499
492 BT_DBG("conn %p", conn); 500 BT_DBG("conn %p", conn);
493 501
494 INIT_LIST_HEAD(&del.list); 502 read_lock(&conn->chan_lock);
495 503
496 read_lock(&l->lock); 504 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
505 struct sock *sk = chan->sk;
497 506
498 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
499 bh_lock_sock(sk); 507 bh_lock_sock(sk);
500 508
501 if (sk->sk_type != SOCK_SEQPACKET && 509 if (sk->sk_type != SOCK_SEQPACKET &&
@@ -517,10 +525,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
517 conn->feat_mask) 525 conn->feat_mask)
518 && l2cap_pi(sk)->conf_state & 526 && l2cap_pi(sk)->conf_state &
519 L2CAP_CONF_STATE2_DEVICE) { 527 L2CAP_CONF_STATE2_DEVICE) {
520 tmp1 = kzalloc(sizeof(struct sock_del_list), 528 /* __l2cap_sock_close() calls list_del(chan)
521 GFP_ATOMIC); 529 * so release the lock */
522 tmp1->sk = sk; 530 read_unlock_bh(&conn->chan_lock);
523 list_add_tail(&tmp1->list, &del.list); 531 __l2cap_sock_close(sk, ECONNRESET);
532 read_lock_bh(&conn->chan_lock);
524 bh_unlock_sock(sk); 533 bh_unlock_sock(sk);
525 continue; 534 continue;
526 } 535 }
@@ -528,11 +537,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
528 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 537 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
529 req.psm = l2cap_pi(sk)->psm; 538 req.psm = l2cap_pi(sk)->psm;
530 539
531 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 540 chan->ident = l2cap_get_ident(conn);
532 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 541 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
533 542
534 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 543 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
535 L2CAP_CONN_REQ, sizeof(req), &req); 544 sizeof(req), &req);
536 545
537 } else if (sk->sk_state == BT_CONNECT2) { 546 } else if (sk->sk_state == BT_CONNECT2) {
538 struct l2cap_conn_rsp rsp; 547 struct l2cap_conn_rsp rsp;
@@ -557,8 +566,8 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
557 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); 566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
558 } 567 }
559 568
560 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 569 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
561 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 570 sizeof(rsp), &rsp);
562 571
563 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT || 572 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
564 rsp.result != L2CAP_CR_SUCCESS) { 573 rsp.result != L2CAP_CR_SUCCESS) {
@@ -568,22 +577,14 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
568 577
569 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 578 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
570 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 579 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
571 l2cap_build_conf_req(sk, buf), buf); 580 l2cap_build_conf_req(chan, buf), buf);
572 l2cap_pi(sk)->num_conf_req++; 581 chan->num_conf_req++;
573 } 582 }
574 583
575 bh_unlock_sock(sk); 584 bh_unlock_sock(sk);
576 } 585 }
577 586
578 read_unlock(&l->lock); 587 read_unlock(&conn->chan_lock);
579
580 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
581 bh_lock_sock(tmp1->sk);
582 __l2cap_sock_close(tmp1->sk, ECONNRESET);
583 bh_unlock_sock(tmp1->sk);
584 list_del(&tmp1->list);
585 kfree(tmp1);
586 }
587} 588}
588 589
589/* Find socket with cid and source bdaddr. 590/* Find socket with cid and source bdaddr.
@@ -591,7 +592,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
591 */ 592 */
592static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src) 593static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
593{ 594{
594 struct sock *s, *sk = NULL, *sk1 = NULL; 595 struct sock *sk = NULL, *sk1 = NULL;
595 struct hlist_node *node; 596 struct hlist_node *node;
596 597
597 read_lock(&l2cap_sk_list.lock); 598 read_lock(&l2cap_sk_list.lock);
@@ -610,18 +611,16 @@ static struct sock *l2cap_get_sock_by_scid(int state, __le16 cid, bdaddr_t *src)
610 sk1 = sk; 611 sk1 = sk;
611 } 612 }
612 } 613 }
613 s = node ? sk : sk1; 614
614 if (s)
615 bh_lock_sock(s);
616 read_unlock(&l2cap_sk_list.lock); 615 read_unlock(&l2cap_sk_list.lock);
617 616
618 return s; 617 return node ? sk : sk1;
619} 618}
620 619
621static void l2cap_le_conn_ready(struct l2cap_conn *conn) 620static void l2cap_le_conn_ready(struct l2cap_conn *conn)
622{ 621{
623 struct l2cap_chan_list *list = &conn->chan_list; 622 struct sock *parent, *sk;
624 struct sock *parent, *uninitialized_var(sk); 623 struct l2cap_chan *chan;
625 624
626 BT_DBG(""); 625 BT_DBG("");
627 626
@@ -631,6 +630,8 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
631 if (!parent) 630 if (!parent)
632 return; 631 return;
633 632
633 bh_lock_sock(parent);
634
634 /* Check for backlog size */ 635 /* Check for backlog size */
635 if (sk_acceptq_is_full(parent)) { 636 if (sk_acceptq_is_full(parent)) {
636 BT_DBG("backlog full %d", parent->sk_ack_backlog); 637 BT_DBG("backlog full %d", parent->sk_ack_backlog);
@@ -641,24 +642,33 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
641 if (!sk) 642 if (!sk)
642 goto clean; 643 goto clean;
643 644
644 write_lock_bh(&list->lock); 645 chan = l2cap_chan_alloc(sk);
646 if (!chan) {
647 l2cap_sock_kill(sk);
648 goto clean;
649 }
650
651 write_lock_bh(&conn->chan_lock);
645 652
646 hci_conn_hold(conn->hcon); 653 hci_conn_hold(conn->hcon);
647 654
648 l2cap_sock_init(sk, parent); 655 l2cap_sock_init(sk, parent);
656
649 bacpy(&bt_sk(sk)->src, conn->src); 657 bacpy(&bt_sk(sk)->src, conn->src);
650 bacpy(&bt_sk(sk)->dst, conn->dst); 658 bacpy(&bt_sk(sk)->dst, conn->dst);
651 659
652 bt_accept_enqueue(parent, sk); 660 bt_accept_enqueue(parent, sk);
653 661
654 __l2cap_chan_add(conn, sk); 662 __l2cap_chan_add(conn, chan);
663
664 l2cap_pi(sk)->chan = chan;
655 665
656 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 666 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
657 667
658 sk->sk_state = BT_CONNECTED; 668 sk->sk_state = BT_CONNECTED;
659 parent->sk_data_ready(parent, 0); 669 parent->sk_data_ready(parent, 0);
660 670
661 write_unlock_bh(&list->lock); 671 write_unlock_bh(&conn->chan_lock);
662 672
663clean: 673clean:
664 bh_unlock_sock(parent); 674 bh_unlock_sock(parent);
@@ -666,17 +676,18 @@ clean:
666 676
667static void l2cap_conn_ready(struct l2cap_conn *conn) 677static void l2cap_conn_ready(struct l2cap_conn *conn)
668{ 678{
669 struct l2cap_chan_list *l = &conn->chan_list; 679 struct l2cap_chan *chan;
670 struct sock *sk;
671 680
672 BT_DBG("conn %p", conn); 681 BT_DBG("conn %p", conn);
673 682
674 if (!conn->hcon->out && conn->hcon->type == LE_LINK) 683 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
675 l2cap_le_conn_ready(conn); 684 l2cap_le_conn_ready(conn);
676 685
677 read_lock(&l->lock); 686 read_lock(&conn->chan_lock);
687
688 list_for_each_entry(chan, &conn->chan_l, list) {
689 struct sock *sk = chan->sk;
678 690
679 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
680 bh_lock_sock(sk); 691 bh_lock_sock(sk);
681 692
682 if (conn->hcon->type == LE_LINK) { 693 if (conn->hcon->type == LE_LINK) {
@@ -691,30 +702,31 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
691 sk->sk_state = BT_CONNECTED; 702 sk->sk_state = BT_CONNECTED;
692 sk->sk_state_change(sk); 703 sk->sk_state_change(sk);
693 } else if (sk->sk_state == BT_CONNECT) 704 } else if (sk->sk_state == BT_CONNECT)
694 l2cap_do_start(sk); 705 l2cap_do_start(chan);
695 706
696 bh_unlock_sock(sk); 707 bh_unlock_sock(sk);
697 } 708 }
698 709
699 read_unlock(&l->lock); 710 read_unlock(&conn->chan_lock);
700} 711}
701 712
702/* Notify sockets that we cannot guaranty reliability anymore */ 713/* Notify sockets that we cannot guaranty reliability anymore */
703static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err) 714static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
704{ 715{
705 struct l2cap_chan_list *l = &conn->chan_list; 716 struct l2cap_chan *chan;
706 struct sock *sk;
707 717
708 BT_DBG("conn %p", conn); 718 BT_DBG("conn %p", conn);
709 719
710 read_lock(&l->lock); 720 read_lock(&conn->chan_lock);
721
722 list_for_each_entry(chan, &conn->chan_l, list) {
723 struct sock *sk = chan->sk;
711 724
712 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
713 if (l2cap_pi(sk)->force_reliable) 725 if (l2cap_pi(sk)->force_reliable)
714 sk->sk_err = err; 726 sk->sk_err = err;
715 } 727 }
716 728
717 read_unlock(&l->lock); 729 read_unlock(&conn->chan_lock);
718} 730}
719 731
720static void l2cap_info_timeout(unsigned long arg) 732static void l2cap_info_timeout(unsigned long arg)
@@ -754,7 +766,9 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
754 conn->feat_mask = 0; 766 conn->feat_mask = 0;
755 767
756 spin_lock_init(&conn->lock); 768 spin_lock_init(&conn->lock);
757 rwlock_init(&conn->chan_list.lock); 769 rwlock_init(&conn->chan_lock);
770
771 INIT_LIST_HEAD(&conn->chan_l);
758 772
759 if (hcon->type != LE_LINK) 773 if (hcon->type != LE_LINK)
760 setup_timer(&conn->info_timer, l2cap_info_timeout, 774 setup_timer(&conn->info_timer, l2cap_info_timeout,
@@ -768,6 +782,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
768static void l2cap_conn_del(struct hci_conn *hcon, int err) 782static void l2cap_conn_del(struct hci_conn *hcon, int err)
769{ 783{
770 struct l2cap_conn *conn = hcon->l2cap_data; 784 struct l2cap_conn *conn = hcon->l2cap_data;
785 struct l2cap_chan *chan, *l;
771 struct sock *sk; 786 struct sock *sk;
772 787
773 if (!conn) 788 if (!conn)
@@ -778,9 +793,10 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
778 kfree_skb(conn->rx_skb); 793 kfree_skb(conn->rx_skb);
779 794
780 /* Kill channels */ 795 /* Kill channels */
781 while ((sk = conn->chan_list.head)) { 796 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
797 sk = chan->sk;
782 bh_lock_sock(sk); 798 bh_lock_sock(sk);
783 l2cap_chan_del(sk, err); 799 l2cap_chan_del(chan, err);
784 bh_unlock_sock(sk); 800 bh_unlock_sock(sk);
785 l2cap_sock_kill(sk); 801 l2cap_sock_kill(sk);
786 } 802 }
@@ -792,12 +808,11 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
792 kfree(conn); 808 kfree(conn);
793} 809}
794 810
795static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk) 811static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
796{ 812{
797 struct l2cap_chan_list *l = &conn->chan_list; 813 write_lock_bh(&conn->chan_lock);
798 write_lock_bh(&l->lock); 814 __l2cap_chan_add(conn, chan);
799 __l2cap_chan_add(conn, sk); 815 write_unlock_bh(&conn->chan_lock);
800 write_unlock_bh(&l->lock);
801} 816}
802 817
803/* ---- Socket interface ---- */ 818/* ---- Socket interface ---- */
@@ -837,6 +852,7 @@ int l2cap_do_connect(struct sock *sk)
837 bdaddr_t *src = &bt_sk(sk)->src; 852 bdaddr_t *src = &bt_sk(sk)->src;
838 bdaddr_t *dst = &bt_sk(sk)->dst; 853 bdaddr_t *dst = &bt_sk(sk)->dst;
839 struct l2cap_conn *conn; 854 struct l2cap_conn *conn;
855 struct l2cap_chan *chan;
840 struct hci_conn *hcon; 856 struct hci_conn *hcon;
841 struct hci_dev *hdev; 857 struct hci_dev *hdev;
842 __u8 auth_type; 858 __u8 auth_type;
@@ -872,10 +888,19 @@ int l2cap_do_connect(struct sock *sk)
872 goto done; 888 goto done;
873 } 889 }
874 890
891 chan = l2cap_chan_alloc(sk);
892 if (!chan) {
893 hci_conn_put(hcon);
894 err = -ENOMEM;
895 goto done;
896 }
897
875 /* Update source addr of the socket */ 898 /* Update source addr of the socket */
876 bacpy(src, conn->src); 899 bacpy(src, conn->src);
877 900
878 l2cap_chan_add(conn, sk); 901 l2cap_chan_add(conn, chan);
902
903 l2cap_pi(sk)->chan = chan;
879 904
880 sk->sk_state = BT_CONNECT; 905 sk->sk_state = BT_CONNECT;
881 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
@@ -887,7 +912,7 @@ int l2cap_do_connect(struct sock *sk)
887 if (l2cap_check_security(sk)) 912 if (l2cap_check_security(sk))
888 sk->sk_state = BT_CONNECTED; 913 sk->sk_state = BT_CONNECTED;
889 } else 914 } else
890 l2cap_do_start(sk); 915 l2cap_do_start(chan);
891 } 916 }
892 917
893 err = 0; 918 err = 0;
@@ -905,7 +930,7 @@ int __l2cap_wait_ack(struct sock *sk)
905 int timeo = HZ/5; 930 int timeo = HZ/5;
906 931
907 add_wait_queue(sk_sleep(sk), &wait); 932 add_wait_queue(sk_sleep(sk), &wait);
908 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) { 933 while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
909 set_current_state(TASK_INTERRUPTIBLE); 934 set_current_state(TASK_INTERRUPTIBLE);
910 935
911 if (!timeo) 936 if (!timeo)
@@ -931,57 +956,59 @@ int __l2cap_wait_ack(struct sock *sk)
931 956
932static void l2cap_monitor_timeout(unsigned long arg) 957static void l2cap_monitor_timeout(unsigned long arg)
933{ 958{
934 struct sock *sk = (void *) arg; 959 struct l2cap_chan *chan = (void *) arg;
960 struct sock *sk = chan->sk;
935 961
936 BT_DBG("sk %p", sk); 962 BT_DBG("chan %p", chan);
937 963
938 bh_lock_sock(sk); 964 bh_lock_sock(sk);
939 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 965 if (chan->retry_count >= chan->remote_max_tx) {
940 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED); 966 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED);
941 bh_unlock_sock(sk); 967 bh_unlock_sock(sk);
942 return; 968 return;
943 } 969 }
944 970
945 l2cap_pi(sk)->retry_count++; 971 chan->retry_count++;
946 __mod_monitor_timer(); 972 __mod_monitor_timer();
947 973
948 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 974 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
949 bh_unlock_sock(sk); 975 bh_unlock_sock(sk);
950} 976}
951 977
952static void l2cap_retrans_timeout(unsigned long arg) 978static void l2cap_retrans_timeout(unsigned long arg)
953{ 979{
954 struct sock *sk = (void *) arg; 980 struct l2cap_chan *chan = (void *) arg;
981 struct sock *sk = chan->sk;
955 982
956 BT_DBG("sk %p", sk); 983 BT_DBG("chan %p", chan);
957 984
958 bh_lock_sock(sk); 985 bh_lock_sock(sk);
959 l2cap_pi(sk)->retry_count = 1; 986 chan->retry_count = 1;
960 __mod_monitor_timer(); 987 __mod_monitor_timer();
961 988
962 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 989 chan->conn_state |= L2CAP_CONN_WAIT_F;
963 990
964 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL); 991 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
965 bh_unlock_sock(sk); 992 bh_unlock_sock(sk);
966} 993}
967 994
968static void l2cap_drop_acked_frames(struct sock *sk) 995static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
969{ 996{
970 struct sk_buff *skb; 997 struct sk_buff *skb;
971 998
972 while ((skb = skb_peek(TX_QUEUE(sk))) && 999 while ((skb = skb_peek(&chan->tx_q)) &&
973 l2cap_pi(sk)->unacked_frames) { 1000 chan->unacked_frames) {
974 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq) 1001 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
975 break; 1002 break;
976 1003
977 skb = skb_dequeue(TX_QUEUE(sk)); 1004 skb = skb_dequeue(&chan->tx_q);
978 kfree_skb(skb); 1005 kfree_skb(skb);
979 1006
980 l2cap_pi(sk)->unacked_frames--; 1007 chan->unacked_frames--;
981 } 1008 }
982 1009
983 if (!l2cap_pi(sk)->unacked_frames) 1010 if (!chan->unacked_frames)
984 del_timer(&l2cap_pi(sk)->retrans_timer); 1011 del_timer(&chan->retrans_timer);
985} 1012}
986 1013
987void l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1014void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
@@ -1000,15 +1027,16 @@ void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1000 hci_send_acl(hcon, skb, flags); 1027 hci_send_acl(hcon, skb, flags);
1001} 1028}
1002 1029
1003void l2cap_streaming_send(struct sock *sk) 1030void l2cap_streaming_send(struct l2cap_chan *chan)
1004{ 1031{
1032 struct sock *sk = chan->sk;
1005 struct sk_buff *skb; 1033 struct sk_buff *skb;
1006 struct l2cap_pinfo *pi = l2cap_pi(sk); 1034 struct l2cap_pinfo *pi = l2cap_pi(sk);
1007 u16 control, fcs; 1035 u16 control, fcs;
1008 1036
1009 while ((skb = skb_dequeue(TX_QUEUE(sk)))) { 1037 while ((skb = skb_dequeue(&chan->tx_q))) {
1010 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE); 1038 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
1011 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1039 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1012 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE); 1040 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
1013 1041
1014 if (pi->fcs == L2CAP_FCS_CRC16) { 1042 if (pi->fcs == L2CAP_FCS_CRC16) {
@@ -1018,17 +1046,18 @@ void l2cap_streaming_send(struct sock *sk)
1018 1046
1019 l2cap_do_send(sk, skb); 1047 l2cap_do_send(sk, skb);
1020 1048
1021 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1049 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1022 } 1050 }
1023} 1051}
1024 1052
1025static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) 1053static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1026{ 1054{
1055 struct sock *sk = chan->sk;
1027 struct l2cap_pinfo *pi = l2cap_pi(sk); 1056 struct l2cap_pinfo *pi = l2cap_pi(sk);
1028 struct sk_buff *skb, *tx_skb; 1057 struct sk_buff *skb, *tx_skb;
1029 u16 control, fcs; 1058 u16 control, fcs;
1030 1059
1031 skb = skb_peek(TX_QUEUE(sk)); 1060 skb = skb_peek(&chan->tx_q);
1032 if (!skb) 1061 if (!skb)
1033 return; 1062 return;
1034 1063
@@ -1036,14 +1065,14 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1036 if (bt_cb(skb)->tx_seq == tx_seq) 1065 if (bt_cb(skb)->tx_seq == tx_seq)
1037 break; 1066 break;
1038 1067
1039 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1068 if (skb_queue_is_last(&chan->tx_q, skb))
1040 return; 1069 return;
1041 1070
1042 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb))); 1071 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
1043 1072
1044 if (pi->remote_max_tx && 1073 if (chan->remote_max_tx &&
1045 bt_cb(skb)->retries == pi->remote_max_tx) { 1074 bt_cb(skb)->retries == chan->remote_max_tx) {
1046 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1075 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1047 return; 1076 return;
1048 } 1077 }
1049 1078
@@ -1051,12 +1080,12 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1051 bt_cb(skb)->retries++; 1080 bt_cb(skb)->retries++;
1052 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1053 1082
1054 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1083 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1055 control |= L2CAP_CTRL_FINAL; 1084 control |= L2CAP_CTRL_FINAL;
1056 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1085 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1057 } 1086 }
1058 1087
1059 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1088 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1060 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1089 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1061 1090
1062 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1091 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
@@ -1069,9 +1098,10 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1069 l2cap_do_send(sk, tx_skb); 1098 l2cap_do_send(sk, tx_skb);
1070} 1099}
1071 1100
1072int l2cap_ertm_send(struct sock *sk) 1101int l2cap_ertm_send(struct l2cap_chan *chan)
1073{ 1102{
1074 struct sk_buff *skb, *tx_skb; 1103 struct sk_buff *skb, *tx_skb;
1104 struct sock *sk = chan->sk;
1075 struct l2cap_pinfo *pi = l2cap_pi(sk); 1105 struct l2cap_pinfo *pi = l2cap_pi(sk);
1076 u16 control, fcs; 1106 u16 control, fcs;
1077 int nsent = 0; 1107 int nsent = 0;
@@ -1079,11 +1109,11 @@ int l2cap_ertm_send(struct sock *sk)
1079 if (sk->sk_state != BT_CONNECTED) 1109 if (sk->sk_state != BT_CONNECTED)
1080 return -ENOTCONN; 1110 return -ENOTCONN;
1081 1111
1082 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) { 1112 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1083 1113
1084 if (pi->remote_max_tx && 1114 if (chan->remote_max_tx &&
1085 bt_cb(skb)->retries == pi->remote_max_tx) { 1115 bt_cb(skb)->retries == chan->remote_max_tx) {
1086 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); 1116 l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);
1087 break; 1117 break;
1088 } 1118 }
1089 1119
@@ -1094,12 +1124,12 @@ int l2cap_ertm_send(struct sock *sk)
1094 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1124 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1095 control &= L2CAP_CTRL_SAR; 1125 control &= L2CAP_CTRL_SAR;
1096 1126
1097 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1127 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1098 control |= L2CAP_CTRL_FINAL; 1128 control |= L2CAP_CTRL_FINAL;
1099 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1129 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1100 } 1130 }
1101 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1131 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1102 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1132 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1103 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1133 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1104 1134
1105 1135
@@ -1112,18 +1142,18 @@ int l2cap_ertm_send(struct sock *sk)
1112 1142
1113 __mod_retrans_timer(); 1143 __mod_retrans_timer();
1114 1144
1115 bt_cb(skb)->tx_seq = pi->next_tx_seq; 1145 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1116 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1146 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1117 1147
1118 if (bt_cb(skb)->retries == 1) 1148 if (bt_cb(skb)->retries == 1)
1119 pi->unacked_frames++; 1149 chan->unacked_frames++;
1120 1150
1121 pi->frames_sent++; 1151 chan->frames_sent++;
1122 1152
1123 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1153 if (skb_queue_is_last(&chan->tx_q, skb))
1124 sk->sk_send_head = NULL; 1154 chan->tx_send_head = NULL;
1125 else 1155 else
1126 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); 1156 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1127 1157
1128 nsent++; 1158 nsent++;
1129 } 1159 }
@@ -1131,41 +1161,39 @@ int l2cap_ertm_send(struct sock *sk)
1131 return nsent; 1161 return nsent;
1132} 1162}
1133 1163
1134static int l2cap_retransmit_frames(struct sock *sk) 1164static int l2cap_retransmit_frames(struct l2cap_chan *chan)
1135{ 1165{
1136 struct l2cap_pinfo *pi = l2cap_pi(sk);
1137 int ret; 1166 int ret;
1138 1167
1139 if (!skb_queue_empty(TX_QUEUE(sk))) 1168 if (!skb_queue_empty(&chan->tx_q))
1140 sk->sk_send_head = TX_QUEUE(sk)->next; 1169 chan->tx_send_head = chan->tx_q.next;
1141 1170
1142 pi->next_tx_seq = pi->expected_ack_seq; 1171 chan->next_tx_seq = chan->expected_ack_seq;
1143 ret = l2cap_ertm_send(sk); 1172 ret = l2cap_ertm_send(chan);
1144 return ret; 1173 return ret;
1145} 1174}
1146 1175
1147static void l2cap_send_ack(struct l2cap_pinfo *pi) 1176static void l2cap_send_ack(struct l2cap_chan *chan)
1148{ 1177{
1149 struct sock *sk = (struct sock *)pi;
1150 u16 control = 0; 1178 u16 control = 0;
1151 1179
1152 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1180 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1153 1181
1154 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 1182 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1155 control |= L2CAP_SUPER_RCV_NOT_READY; 1183 control |= L2CAP_SUPER_RCV_NOT_READY;
1156 pi->conn_state |= L2CAP_CONN_RNR_SENT; 1184 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1157 l2cap_send_sframe(pi, control); 1185 l2cap_send_sframe(chan, control);
1158 return; 1186 return;
1159 } 1187 }
1160 1188
1161 if (l2cap_ertm_send(sk) > 0) 1189 if (l2cap_ertm_send(chan) > 0)
1162 return; 1190 return;
1163 1191
1164 control |= L2CAP_SUPER_RCV_READY; 1192 control |= L2CAP_SUPER_RCV_READY;
1165 l2cap_send_sframe(pi, control); 1193 l2cap_send_sframe(chan, control);
1166} 1194}
1167 1195
1168static void l2cap_send_srejtail(struct sock *sk) 1196static void l2cap_send_srejtail(struct l2cap_chan *chan)
1169{ 1197{
1170 struct srej_list *tail; 1198 struct srej_list *tail;
1171 u16 control; 1199 u16 control;
@@ -1173,10 +1201,10 @@ static void l2cap_send_srejtail(struct sock *sk)
1173 control = L2CAP_SUPER_SELECT_REJECT; 1201 control = L2CAP_SUPER_SELECT_REJECT;
1174 control |= L2CAP_CTRL_FINAL; 1202 control |= L2CAP_CTRL_FINAL;
1175 1203
1176 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list); 1204 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
1177 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1205 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1178 1206
1179 l2cap_send_sframe(l2cap_pi(sk), control); 1207 l2cap_send_sframe(chan, control);
1180} 1208}
1181 1209
1182static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1210static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
@@ -1313,9 +1341,9 @@ struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, siz
1313 return skb; 1341 return skb;
1314} 1342}
1315 1343
1316int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len) 1344int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1317{ 1345{
1318 struct l2cap_pinfo *pi = l2cap_pi(sk); 1346 struct sock *sk = chan->sk;
1319 struct sk_buff *skb; 1347 struct sk_buff *skb;
1320 struct sk_buff_head sar_queue; 1348 struct sk_buff_head sar_queue;
1321 u16 control; 1349 u16 control;
@@ -1323,20 +1351,20 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1323 1351
1324 skb_queue_head_init(&sar_queue); 1352 skb_queue_head_init(&sar_queue);
1325 control = L2CAP_SDU_START; 1353 control = L2CAP_SDU_START;
1326 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len); 1354 skb = l2cap_create_iframe_pdu(sk, msg, chan->remote_mps, control, len);
1327 if (IS_ERR(skb)) 1355 if (IS_ERR(skb))
1328 return PTR_ERR(skb); 1356 return PTR_ERR(skb);
1329 1357
1330 __skb_queue_tail(&sar_queue, skb); 1358 __skb_queue_tail(&sar_queue, skb);
1331 len -= pi->remote_mps; 1359 len -= chan->remote_mps;
1332 size += pi->remote_mps; 1360 size += chan->remote_mps;
1333 1361
1334 while (len > 0) { 1362 while (len > 0) {
1335 size_t buflen; 1363 size_t buflen;
1336 1364
1337 if (len > pi->remote_mps) { 1365 if (len > chan->remote_mps) {
1338 control = L2CAP_SDU_CONTINUE; 1366 control = L2CAP_SDU_CONTINUE;
1339 buflen = pi->remote_mps; 1367 buflen = chan->remote_mps;
1340 } else { 1368 } else {
1341 control = L2CAP_SDU_END; 1369 control = L2CAP_SDU_END;
1342 buflen = len; 1370 buflen = len;
@@ -1352,9 +1380,9 @@ int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1352 len -= buflen; 1380 len -= buflen;
1353 size += buflen; 1381 size += buflen;
1354 } 1382 }
1355 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1383 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1356 if (sk->sk_send_head == NULL) 1384 if (chan->tx_send_head == NULL)
1357 sk->sk_send_head = sar_queue.next; 1385 chan->tx_send_head = sar_queue.next;
1358 1386
1359 return size; 1387 return size;
1360} 1388}
@@ -1385,14 +1413,14 @@ static void l2cap_chan_ready(struct sock *sk)
1385/* Copy frame to all raw sockets on that connection */ 1413/* Copy frame to all raw sockets on that connection */
1386static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) 1414static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1387{ 1415{
1388 struct l2cap_chan_list *l = &conn->chan_list;
1389 struct sk_buff *nskb; 1416 struct sk_buff *nskb;
1390 struct sock *sk; 1417 struct l2cap_chan *chan;
1391 1418
1392 BT_DBG("conn %p", conn); 1419 BT_DBG("conn %p", conn);
1393 1420
1394 read_lock(&l->lock); 1421 read_lock(&conn->chan_lock);
1395 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 1422 list_for_each_entry(chan, &conn->chan_l, list) {
1423 struct sock *sk = chan->sk;
1396 if (sk->sk_type != SOCK_RAW) 1424 if (sk->sk_type != SOCK_RAW)
1397 continue; 1425 continue;
1398 1426
@@ -1406,7 +1434,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1406 if (sock_queue_rcv_skb(sk, nskb)) 1434 if (sock_queue_rcv_skb(sk, nskb))
1407 kfree_skb(nskb); 1435 kfree_skb(nskb);
1408 } 1436 }
1409 read_unlock(&l->lock); 1437 read_unlock(&conn->chan_lock);
1410} 1438}
1411 1439
1412/* ---- L2CAP signalling commands ---- */ 1440/* ---- L2CAP signalling commands ---- */
@@ -1538,32 +1566,35 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1538 1566
1539static void l2cap_ack_timeout(unsigned long arg) 1567static void l2cap_ack_timeout(unsigned long arg)
1540{ 1568{
1541 struct sock *sk = (void *) arg; 1569 struct l2cap_chan *chan = (void *) arg;
1542 1570
1543 bh_lock_sock(sk); 1571 bh_lock_sock(chan->sk);
1544 l2cap_send_ack(l2cap_pi(sk)); 1572 l2cap_send_ack(chan);
1545 bh_unlock_sock(sk); 1573 bh_unlock_sock(chan->sk);
1546} 1574}
1547 1575
1548static inline void l2cap_ertm_init(struct sock *sk) 1576static inline void l2cap_ertm_init(struct l2cap_chan *chan)
1549{ 1577{
1550 l2cap_pi(sk)->expected_ack_seq = 0; 1578 struct sock *sk = chan->sk;
1551 l2cap_pi(sk)->unacked_frames = 0; 1579
1552 l2cap_pi(sk)->buffer_seq = 0; 1580 chan->expected_ack_seq = 0;
1553 l2cap_pi(sk)->num_acked = 0; 1581 chan->unacked_frames = 0;
1554 l2cap_pi(sk)->frames_sent = 0; 1582 chan->buffer_seq = 0;
1583 chan->num_acked = 0;
1584 chan->frames_sent = 0;
1555 1585
1556 setup_timer(&l2cap_pi(sk)->retrans_timer, 1586 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1557 l2cap_retrans_timeout, (unsigned long) sk); 1587 (unsigned long) chan);
1558 setup_timer(&l2cap_pi(sk)->monitor_timer, 1588 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1559 l2cap_monitor_timeout, (unsigned long) sk); 1589 (unsigned long) chan);
1560 setup_timer(&l2cap_pi(sk)->ack_timer, 1590 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
1561 l2cap_ack_timeout, (unsigned long) sk);
1562 1591
1563 __skb_queue_head_init(SREJ_QUEUE(sk)); 1592 skb_queue_head_init(&chan->srej_q);
1564 __skb_queue_head_init(BUSY_QUEUE(sk)); 1593 skb_queue_head_init(&chan->busy_q);
1565 1594
1566 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work); 1595 INIT_LIST_HEAD(&chan->srej_l);
1596
1597 INIT_WORK(&chan->busy_work, l2cap_busy_work);
1567 1598
1568 sk->sk_backlog_rcv = l2cap_ertm_data_rcv; 1599 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
1569} 1600}
@@ -1581,16 +1612,16 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1581 } 1612 }
1582} 1613}
1583 1614
1584int l2cap_build_conf_req(struct sock *sk, void *data) 1615static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1585{ 1616{
1586 struct l2cap_pinfo *pi = l2cap_pi(sk); 1617 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1587 struct l2cap_conf_req *req = data; 1618 struct l2cap_conf_req *req = data;
1588 struct l2cap_conf_rfc rfc = { .mode = pi->mode }; 1619 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
1589 void *ptr = req->data; 1620 void *ptr = req->data;
1590 1621
1591 BT_DBG("sk %p", sk); 1622 BT_DBG("chan %p", chan);
1592 1623
1593 if (pi->num_conf_req || pi->num_conf_rsp) 1624 if (chan->num_conf_req || chan->num_conf_rsp)
1594 goto done; 1625 goto done;
1595 1626
1596 switch (pi->mode) { 1627 switch (pi->mode) {
@@ -1679,20 +1710,20 @@ done:
1679 return ptr - data; 1710 return ptr - data;
1680} 1711}
1681 1712
1682static int l2cap_parse_conf_req(struct sock *sk, void *data) 1713static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1683{ 1714{
1684 struct l2cap_pinfo *pi = l2cap_pi(sk); 1715 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
1685 struct l2cap_conf_rsp *rsp = data; 1716 struct l2cap_conf_rsp *rsp = data;
1686 void *ptr = rsp->data; 1717 void *ptr = rsp->data;
1687 void *req = pi->conf_req; 1718 void *req = chan->conf_req;
1688 int len = pi->conf_len; 1719 int len = chan->conf_len;
1689 int type, hint, olen; 1720 int type, hint, olen;
1690 unsigned long val; 1721 unsigned long val;
1691 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 1722 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1692 u16 mtu = L2CAP_DEFAULT_MTU; 1723 u16 mtu = L2CAP_DEFAULT_MTU;
1693 u16 result = L2CAP_CONF_SUCCESS; 1724 u16 result = L2CAP_CONF_SUCCESS;
1694 1725
1695 BT_DBG("sk %p", sk); 1726 BT_DBG("chan %p", chan);
1696 1727
1697 while (len >= L2CAP_CONF_OPT_SIZE) { 1728 while (len >= L2CAP_CONF_OPT_SIZE) {
1698 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); 1729 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
@@ -1733,7 +1764,7 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1733 } 1764 }
1734 } 1765 }
1735 1766
1736 if (pi->num_conf_rsp || pi->num_conf_req > 1) 1767 if (chan->num_conf_rsp || chan->num_conf_req > 1)
1737 goto done; 1768 goto done;
1738 1769
1739 switch (pi->mode) { 1770 switch (pi->mode) {
@@ -1756,7 +1787,7 @@ done:
1756 result = L2CAP_CONF_UNACCEPT; 1787 result = L2CAP_CONF_UNACCEPT;
1757 rfc.mode = pi->mode; 1788 rfc.mode = pi->mode;
1758 1789
1759 if (pi->num_conf_rsp == 1) 1790 if (chan->num_conf_rsp == 1)
1760 return -ECONNREFUSED; 1791 return -ECONNREFUSED;
1761 1792
1762 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1793 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
@@ -1783,13 +1814,13 @@ done:
1783 break; 1814 break;
1784 1815
1785 case L2CAP_MODE_ERTM: 1816 case L2CAP_MODE_ERTM:
1786 pi->remote_tx_win = rfc.txwin_size; 1817 chan->remote_tx_win = rfc.txwin_size;
1787 pi->remote_max_tx = rfc.max_transmit; 1818 chan->remote_max_tx = rfc.max_transmit;
1788 1819
1789 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1820 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1790 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1821 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1791 1822
1792 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1823 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1793 1824
1794 rfc.retrans_timeout = 1825 rfc.retrans_timeout =
1795 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO); 1826 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
@@ -1807,7 +1838,7 @@ done:
1807 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10) 1838 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
1808 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 1839 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
1809 1840
1810 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 1841 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
1811 1842
1812 pi->conf_state |= L2CAP_CONF_MODE_DONE; 1843 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1813 1844
@@ -1916,6 +1947,31 @@ static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 fla
1916 return ptr - data; 1947 return ptr - data;
1917} 1948}
1918 1949
1950void __l2cap_connect_rsp_defer(struct sock *sk)
1951{
1952 struct l2cap_conn_rsp rsp;
1953 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1954 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1955 u8 buf[128];
1956
1957 sk->sk_state = BT_CONFIG;
1958
1959 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1960 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1961 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1962 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1963 l2cap_send_cmd(conn, chan->ident,
1964 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1965
1966 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
1967 return;
1968
1969 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1970 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1971 l2cap_build_conf_req(chan, buf), buf);
1972 chan->num_conf_req++;
1973}
1974
1919static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len) 1975static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
1920{ 1976{
1921 struct l2cap_pinfo *pi = l2cap_pi(sk); 1977 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -1973,9 +2029,9 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
1973 2029
1974static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2030static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1975{ 2031{
1976 struct l2cap_chan_list *list = &conn->chan_list;
1977 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 2032 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1978 struct l2cap_conn_rsp rsp; 2033 struct l2cap_conn_rsp rsp;
2034 struct l2cap_chan *chan = NULL;
1979 struct sock *parent, *sk = NULL; 2035 struct sock *parent, *sk = NULL;
1980 int result, status = L2CAP_CS_NO_INFO; 2036 int result, status = L2CAP_CS_NO_INFO;
1981 2037
@@ -2013,11 +2069,17 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2013 if (!sk) 2069 if (!sk)
2014 goto response; 2070 goto response;
2015 2071
2016 write_lock_bh(&list->lock); 2072 chan = l2cap_chan_alloc(sk);
2073 if (!chan) {
2074 l2cap_sock_kill(sk);
2075 goto response;
2076 }
2077
2078 write_lock_bh(&conn->chan_lock);
2017 2079
2018 /* Check if we already have channel with that dcid */ 2080 /* Check if we already have channel with that dcid */
2019 if (__l2cap_get_chan_by_dcid(list, scid)) { 2081 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2020 write_unlock_bh(&list->lock); 2082 write_unlock_bh(&conn->chan_lock);
2021 sock_set_flag(sk, SOCK_ZAPPED); 2083 sock_set_flag(sk, SOCK_ZAPPED);
2022 l2cap_sock_kill(sk); 2084 l2cap_sock_kill(sk);
2023 goto response; 2085 goto response;
@@ -2033,12 +2095,15 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2033 2095
2034 bt_accept_enqueue(parent, sk); 2096 bt_accept_enqueue(parent, sk);
2035 2097
2036 __l2cap_chan_add(conn, sk); 2098 __l2cap_chan_add(conn, chan);
2099
2100 l2cap_pi(sk)->chan = chan;
2101
2037 dcid = l2cap_pi(sk)->scid; 2102 dcid = l2cap_pi(sk)->scid;
2038 2103
2039 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 2104 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2040 2105
2041 l2cap_pi(sk)->ident = cmd->ident; 2106 chan->ident = cmd->ident;
2042 2107
2043 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2108 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2044 if (l2cap_check_security(sk)) { 2109 if (l2cap_check_security(sk)) {
@@ -2063,7 +2128,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2063 status = L2CAP_CS_NO_INFO; 2128 status = L2CAP_CS_NO_INFO;
2064 } 2129 }
2065 2130
2066 write_unlock_bh(&list->lock); 2131 write_unlock_bh(&conn->chan_lock);
2067 2132
2068response: 2133response:
2069 bh_unlock_sock(parent); 2134 bh_unlock_sock(parent);
@@ -2089,13 +2154,13 @@ sendresp:
2089 L2CAP_INFO_REQ, sizeof(info), &info); 2154 L2CAP_INFO_REQ, sizeof(info), &info);
2090 } 2155 }
2091 2156
2092 if (sk && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) && 2157 if (chan && !(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
2093 result == L2CAP_CR_SUCCESS) { 2158 result == L2CAP_CR_SUCCESS) {
2094 u8 buf[128]; 2159 u8 buf[128];
2095 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2160 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2096 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2161 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2097 l2cap_build_conf_req(sk, buf), buf); 2162 l2cap_build_conf_req(chan, buf), buf);
2098 l2cap_pi(sk)->num_conf_req++; 2163 chan->num_conf_req++;
2099 } 2164 }
2100 2165
2101 return 0; 2166 return 0;
@@ -2105,6 +2170,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2105{ 2170{
2106 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 2171 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2107 u16 scid, dcid, result, status; 2172 u16 scid, dcid, result, status;
2173 struct l2cap_chan *chan;
2108 struct sock *sk; 2174 struct sock *sk;
2109 u8 req[128]; 2175 u8 req[128];
2110 2176
@@ -2116,19 +2182,21 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2116 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status); 2182 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2117 2183
2118 if (scid) { 2184 if (scid) {
2119 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2185 chan = l2cap_get_chan_by_scid(conn, scid);
2120 if (!sk) 2186 if (!chan)
2121 return -EFAULT; 2187 return -EFAULT;
2122 } else { 2188 } else {
2123 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident); 2189 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
2124 if (!sk) 2190 if (!chan)
2125 return -EFAULT; 2191 return -EFAULT;
2126 } 2192 }
2127 2193
2194 sk = chan->sk;
2195
2128 switch (result) { 2196 switch (result) {
2129 case L2CAP_CR_SUCCESS: 2197 case L2CAP_CR_SUCCESS:
2130 sk->sk_state = BT_CONFIG; 2198 sk->sk_state = BT_CONFIG;
2131 l2cap_pi(sk)->ident = 0; 2199 chan->ident = 0;
2132 l2cap_pi(sk)->dcid = dcid; 2200 l2cap_pi(sk)->dcid = dcid;
2133 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 2201 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2134 2202
@@ -2138,8 +2206,8 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2138 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2206 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2139 2207
2140 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2208 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2141 l2cap_build_conf_req(sk, req), req); 2209 l2cap_build_conf_req(chan, req), req);
2142 l2cap_pi(sk)->num_conf_req++; 2210 chan->num_conf_req++;
2143 break; 2211 break;
2144 2212
2145 case L2CAP_CR_PEND: 2213 case L2CAP_CR_PEND:
@@ -2155,7 +2223,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2155 break; 2223 break;
2156 } 2224 }
2157 2225
2158 l2cap_chan_del(sk, ECONNREFUSED); 2226 l2cap_chan_del(chan, ECONNREFUSED);
2159 break; 2227 break;
2160 } 2228 }
2161 2229
@@ -2179,6 +2247,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2179 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 2247 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2180 u16 dcid, flags; 2248 u16 dcid, flags;
2181 u8 rsp[64]; 2249 u8 rsp[64];
2250 struct l2cap_chan *chan;
2182 struct sock *sk; 2251 struct sock *sk;
2183 int len; 2252 int len;
2184 2253
@@ -2187,10 +2256,12 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2187 2256
2188 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags); 2257 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2189 2258
2190 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2259 chan = l2cap_get_chan_by_scid(conn, dcid);
2191 if (!sk) 2260 if (!chan)
2192 return -ENOENT; 2261 return -ENOENT;
2193 2262
2263 sk = chan->sk;
2264
2194 if (sk->sk_state != BT_CONFIG) { 2265 if (sk->sk_state != BT_CONFIG) {
2195 struct l2cap_cmd_rej rej; 2266 struct l2cap_cmd_rej rej;
2196 2267
@@ -2202,7 +2273,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2202 2273
2203 /* Reject if config buffer is too small. */ 2274 /* Reject if config buffer is too small. */
2204 len = cmd_len - sizeof(*req); 2275 len = cmd_len - sizeof(*req);
2205 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { 2276 if (chan->conf_len + len > sizeof(chan->conf_req)) {
2206 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 2277 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2207 l2cap_build_conf_rsp(sk, rsp, 2278 l2cap_build_conf_rsp(sk, rsp,
2208 L2CAP_CONF_REJECT, flags), rsp); 2279 L2CAP_CONF_REJECT, flags), rsp);
@@ -2210,8 +2281,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2210 } 2281 }
2211 2282
2212 /* Store config. */ 2283 /* Store config. */
2213 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); 2284 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2214 l2cap_pi(sk)->conf_len += len; 2285 chan->conf_len += len;
2215 2286
2216 if (flags & 0x0001) { 2287 if (flags & 0x0001) {
2217 /* Incomplete config. Send empty response. */ 2288 /* Incomplete config. Send empty response. */
@@ -2222,17 +2293,17 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2222 } 2293 }
2223 2294
2224 /* Complete config. */ 2295 /* Complete config. */
2225 len = l2cap_parse_conf_req(sk, rsp); 2296 len = l2cap_parse_conf_req(chan, rsp);
2226 if (len < 0) { 2297 if (len < 0) {
2227 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2298 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2228 goto unlock; 2299 goto unlock;
2229 } 2300 }
2230 2301
2231 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 2302 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2232 l2cap_pi(sk)->num_conf_rsp++; 2303 chan->num_conf_rsp++;
2233 2304
2234 /* Reset config buffer. */ 2305 /* Reset config buffer. */
2235 l2cap_pi(sk)->conf_len = 0; 2306 chan->conf_len = 0;
2236 2307
2237 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 2308 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2238 goto unlock; 2309 goto unlock;
@@ -2242,11 +2313,11 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2242 2313
2243 sk->sk_state = BT_CONNECTED; 2314 sk->sk_state = BT_CONNECTED;
2244 2315
2245 l2cap_pi(sk)->next_tx_seq = 0; 2316 chan->next_tx_seq = 0;
2246 l2cap_pi(sk)->expected_tx_seq = 0; 2317 chan->expected_tx_seq = 0;
2247 __skb_queue_head_init(TX_QUEUE(sk)); 2318 skb_queue_head_init(&chan->tx_q);
2248 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2319 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2249 l2cap_ertm_init(sk); 2320 l2cap_ertm_init(chan);
2250 2321
2251 l2cap_chan_ready(sk); 2322 l2cap_chan_ready(sk);
2252 goto unlock; 2323 goto unlock;
@@ -2256,8 +2327,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2256 u8 buf[64]; 2327 u8 buf[64];
2257 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 2328 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2258 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2329 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2259 l2cap_build_conf_req(sk, buf), buf); 2330 l2cap_build_conf_req(chan, buf), buf);
2260 l2cap_pi(sk)->num_conf_req++; 2331 chan->num_conf_req++;
2261 } 2332 }
2262 2333
2263unlock: 2334unlock:
@@ -2269,6 +2340,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2269{ 2340{
2270 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 2341 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2271 u16 scid, flags, result; 2342 u16 scid, flags, result;
2343 struct l2cap_chan *chan;
2272 struct sock *sk; 2344 struct sock *sk;
2273 int len = cmd->len - sizeof(*rsp); 2345 int len = cmd->len - sizeof(*rsp);
2274 2346
@@ -2279,21 +2351,23 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2279 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", 2351 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2280 scid, flags, result); 2352 scid, flags, result);
2281 2353
2282 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2354 chan = l2cap_get_chan_by_scid(conn, scid);
2283 if (!sk) 2355 if (!chan)
2284 return 0; 2356 return 0;
2285 2357
2358 sk = chan->sk;
2359
2286 switch (result) { 2360 switch (result) {
2287 case L2CAP_CONF_SUCCESS: 2361 case L2CAP_CONF_SUCCESS:
2288 l2cap_conf_rfc_get(sk, rsp->data, len); 2362 l2cap_conf_rfc_get(sk, rsp->data, len);
2289 break; 2363 break;
2290 2364
2291 case L2CAP_CONF_UNACCEPT: 2365 case L2CAP_CONF_UNACCEPT:
2292 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { 2366 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2293 char req[64]; 2367 char req[64];
2294 2368
2295 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 2369 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2296 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2370 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2297 goto done; 2371 goto done;
2298 } 2372 }
2299 2373
@@ -2302,13 +2376,13 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2302 len = l2cap_parse_conf_rsp(sk, rsp->data, 2376 len = l2cap_parse_conf_rsp(sk, rsp->data,
2303 len, req, &result); 2377 len, req, &result);
2304 if (len < 0) { 2378 if (len < 0) {
2305 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2379 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2306 goto done; 2380 goto done;
2307 } 2381 }
2308 2382
2309 l2cap_send_cmd(conn, l2cap_get_ident(conn), 2383 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2310 L2CAP_CONF_REQ, len, req); 2384 L2CAP_CONF_REQ, len, req);
2311 l2cap_pi(sk)->num_conf_req++; 2385 chan->num_conf_req++;
2312 if (result != L2CAP_CONF_SUCCESS) 2386 if (result != L2CAP_CONF_SUCCESS)
2313 goto done; 2387 goto done;
2314 break; 2388 break;
@@ -2317,7 +2391,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2317 default: 2391 default:
2318 sk->sk_err = ECONNRESET; 2392 sk->sk_err = ECONNRESET;
2319 l2cap_sock_set_timer(sk, HZ * 5); 2393 l2cap_sock_set_timer(sk, HZ * 5);
2320 l2cap_send_disconn_req(conn, sk, ECONNRESET); 2394 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2321 goto done; 2395 goto done;
2322 } 2396 }
2323 2397
@@ -2330,11 +2404,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2330 set_default_fcs(l2cap_pi(sk)); 2404 set_default_fcs(l2cap_pi(sk));
2331 2405
2332 sk->sk_state = BT_CONNECTED; 2406 sk->sk_state = BT_CONNECTED;
2333 l2cap_pi(sk)->next_tx_seq = 0; 2407 chan->next_tx_seq = 0;
2334 l2cap_pi(sk)->expected_tx_seq = 0; 2408 chan->expected_tx_seq = 0;
2335 __skb_queue_head_init(TX_QUEUE(sk)); 2409 skb_queue_head_init(&chan->tx_q);
2336 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) 2410 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2337 l2cap_ertm_init(sk); 2411 l2cap_ertm_init(chan);
2338 2412
2339 l2cap_chan_ready(sk); 2413 l2cap_chan_ready(sk);
2340 } 2414 }
@@ -2349,6 +2423,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2349 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 2423 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2350 struct l2cap_disconn_rsp rsp; 2424 struct l2cap_disconn_rsp rsp;
2351 u16 dcid, scid; 2425 u16 dcid, scid;
2426 struct l2cap_chan *chan;
2352 struct sock *sk; 2427 struct sock *sk;
2353 2428
2354 scid = __le16_to_cpu(req->scid); 2429 scid = __le16_to_cpu(req->scid);
@@ -2356,10 +2431,12 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2356 2431
2357 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid); 2432 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2358 2433
2359 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); 2434 chan = l2cap_get_chan_by_scid(conn, dcid);
2360 if (!sk) 2435 if (!chan)
2361 return 0; 2436 return 0;
2362 2437
2438 sk = chan->sk;
2439
2363 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2440 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2364 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2441 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2365 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2442 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
@@ -2375,7 +2452,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2375 return 0; 2452 return 0;
2376 } 2453 }
2377 2454
2378 l2cap_chan_del(sk, ECONNRESET); 2455 l2cap_chan_del(chan, ECONNRESET);
2379 bh_unlock_sock(sk); 2456 bh_unlock_sock(sk);
2380 2457
2381 l2cap_sock_kill(sk); 2458 l2cap_sock_kill(sk);
@@ -2386,6 +2463,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2386{ 2463{
2387 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 2464 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2388 u16 dcid, scid; 2465 u16 dcid, scid;
2466 struct l2cap_chan *chan;
2389 struct sock *sk; 2467 struct sock *sk;
2390 2468
2391 scid = __le16_to_cpu(rsp->scid); 2469 scid = __le16_to_cpu(rsp->scid);
@@ -2393,10 +2471,12 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2393 2471
2394 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid); 2472 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2395 2473
2396 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 2474 chan = l2cap_get_chan_by_scid(conn, scid);
2397 if (!sk) 2475 if (!chan)
2398 return 0; 2476 return 0;
2399 2477
2478 sk = chan->sk;
2479
2400 /* don't delete l2cap channel if sk is owned by user */ 2480 /* don't delete l2cap channel if sk is owned by user */
2401 if (sock_owned_by_user(sk)) { 2481 if (sock_owned_by_user(sk)) {
2402 sk->sk_state = BT_DISCONN; 2482 sk->sk_state = BT_DISCONN;
@@ -2406,7 +2486,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2406 return 0; 2486 return 0;
2407 } 2487 }
2408 2488
2409 l2cap_chan_del(sk, 0); 2489 l2cap_chan_del(chan, 0);
2410 bh_unlock_sock(sk); 2490 bh_unlock_sock(sk);
2411 2491
2412 l2cap_sock_kill(sk); 2492 l2cap_sock_kill(sk);
@@ -2709,49 +2789,47 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
2709 return 0; 2789 return 0;
2710} 2790}
2711 2791
2712static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk) 2792static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
2713{ 2793{
2714 struct l2cap_pinfo *pi = l2cap_pi(sk);
2715 u16 control = 0; 2794 u16 control = 0;
2716 2795
2717 pi->frames_sent = 0; 2796 chan->frames_sent = 0;
2718 2797
2719 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2798 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2720 2799
2721 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 2800 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2722 control |= L2CAP_SUPER_RCV_NOT_READY; 2801 control |= L2CAP_SUPER_RCV_NOT_READY;
2723 l2cap_send_sframe(pi, control); 2802 l2cap_send_sframe(chan, control);
2724 pi->conn_state |= L2CAP_CONN_RNR_SENT; 2803 chan->conn_state |= L2CAP_CONN_RNR_SENT;
2725 } 2804 }
2726 2805
2727 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY) 2806 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
2728 l2cap_retransmit_frames(sk); 2807 l2cap_retransmit_frames(chan);
2729 2808
2730 l2cap_ertm_send(sk); 2809 l2cap_ertm_send(chan);
2731 2810
2732 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) && 2811 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
2733 pi->frames_sent == 0) { 2812 chan->frames_sent == 0) {
2734 control |= L2CAP_SUPER_RCV_READY; 2813 control |= L2CAP_SUPER_RCV_READY;
2735 l2cap_send_sframe(pi, control); 2814 l2cap_send_sframe(chan, control);
2736 } 2815 }
2737} 2816}
2738 2817
2739static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 2818static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
2740{ 2819{
2741 struct sk_buff *next_skb; 2820 struct sk_buff *next_skb;
2742 struct l2cap_pinfo *pi = l2cap_pi(sk);
2743 int tx_seq_offset, next_tx_seq_offset; 2821 int tx_seq_offset, next_tx_seq_offset;
2744 2822
2745 bt_cb(skb)->tx_seq = tx_seq; 2823 bt_cb(skb)->tx_seq = tx_seq;
2746 bt_cb(skb)->sar = sar; 2824 bt_cb(skb)->sar = sar;
2747 2825
2748 next_skb = skb_peek(SREJ_QUEUE(sk)); 2826 next_skb = skb_peek(&chan->srej_q);
2749 if (!next_skb) { 2827 if (!next_skb) {
2750 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2828 __skb_queue_tail(&chan->srej_q, skb);
2751 return 0; 2829 return 0;
2752 } 2830 }
2753 2831
2754 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 2832 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
2755 if (tx_seq_offset < 0) 2833 if (tx_seq_offset < 0)
2756 tx_seq_offset += 64; 2834 tx_seq_offset += 64;
2757 2835
@@ -2760,53 +2838,53 @@ static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_s
2760 return -EINVAL; 2838 return -EINVAL;
2761 2839
2762 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq - 2840 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
2763 pi->buffer_seq) % 64; 2841 chan->buffer_seq) % 64;
2764 if (next_tx_seq_offset < 0) 2842 if (next_tx_seq_offset < 0)
2765 next_tx_seq_offset += 64; 2843 next_tx_seq_offset += 64;
2766 2844
2767 if (next_tx_seq_offset > tx_seq_offset) { 2845 if (next_tx_seq_offset > tx_seq_offset) {
2768 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 2846 __skb_queue_before(&chan->srej_q, next_skb, skb);
2769 return 0; 2847 return 0;
2770 } 2848 }
2771 2849
2772 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb)) 2850 if (skb_queue_is_last(&chan->srej_q, next_skb))
2773 break; 2851 break;
2774 2852
2775 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb))); 2853 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
2776 2854
2777 __skb_queue_tail(SREJ_QUEUE(sk), skb); 2855 __skb_queue_tail(&chan->srej_q, skb);
2778 2856
2779 return 0; 2857 return 0;
2780} 2858}
2781 2859
2782static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 2860static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2783{ 2861{
2784 struct l2cap_pinfo *pi = l2cap_pi(sk); 2862 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2785 struct sk_buff *_skb; 2863 struct sk_buff *_skb;
2786 int err; 2864 int err;
2787 2865
2788 switch (control & L2CAP_CTRL_SAR) { 2866 switch (control & L2CAP_CTRL_SAR) {
2789 case L2CAP_SDU_UNSEGMENTED: 2867 case L2CAP_SDU_UNSEGMENTED:
2790 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2868 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2791 goto drop; 2869 goto drop;
2792 2870
2793 err = sock_queue_rcv_skb(sk, skb); 2871 err = sock_queue_rcv_skb(chan->sk, skb);
2794 if (!err) 2872 if (!err)
2795 return err; 2873 return err;
2796 2874
2797 break; 2875 break;
2798 2876
2799 case L2CAP_SDU_START: 2877 case L2CAP_SDU_START:
2800 if (pi->conn_state & L2CAP_CONN_SAR_SDU) 2878 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
2801 goto drop; 2879 goto drop;
2802 2880
2803 pi->sdu_len = get_unaligned_le16(skb->data); 2881 chan->sdu_len = get_unaligned_le16(skb->data);
2804 2882
2805 if (pi->sdu_len > pi->imtu) 2883 if (chan->sdu_len > pi->imtu)
2806 goto disconnect; 2884 goto disconnect;
2807 2885
2808 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 2886 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
2809 if (!pi->sdu) 2887 if (!chan->sdu)
2810 return -ENOMEM; 2888 return -ENOMEM;
2811 2889
2812 /* pull sdu_len bytes only after alloc, because of Local Busy 2890 /* pull sdu_len bytes only after alloc, because of Local Busy
@@ -2814,63 +2892,63 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2814 * only once, i.e., when alloc does not fail */ 2892 * only once, i.e., when alloc does not fail */
2815 skb_pull(skb, 2); 2893 skb_pull(skb, 2);
2816 2894
2817 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2895 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2818 2896
2819 pi->conn_state |= L2CAP_CONN_SAR_SDU; 2897 chan->conn_state |= L2CAP_CONN_SAR_SDU;
2820 pi->partial_sdu_len = skb->len; 2898 chan->partial_sdu_len = skb->len;
2821 break; 2899 break;
2822 2900
2823 case L2CAP_SDU_CONTINUE: 2901 case L2CAP_SDU_CONTINUE:
2824 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2902 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2825 goto disconnect; 2903 goto disconnect;
2826 2904
2827 if (!pi->sdu) 2905 if (!chan->sdu)
2828 goto disconnect; 2906 goto disconnect;
2829 2907
2830 pi->partial_sdu_len += skb->len; 2908 chan->partial_sdu_len += skb->len;
2831 if (pi->partial_sdu_len > pi->sdu_len) 2909 if (chan->partial_sdu_len > chan->sdu_len)
2832 goto drop; 2910 goto drop;
2833 2911
2834 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2912 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2835 2913
2836 break; 2914 break;
2837 2915
2838 case L2CAP_SDU_END: 2916 case L2CAP_SDU_END:
2839 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 2917 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
2840 goto disconnect; 2918 goto disconnect;
2841 2919
2842 if (!pi->sdu) 2920 if (!chan->sdu)
2843 goto disconnect; 2921 goto disconnect;
2844 2922
2845 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) { 2923 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
2846 pi->partial_sdu_len += skb->len; 2924 chan->partial_sdu_len += skb->len;
2847 2925
2848 if (pi->partial_sdu_len > pi->imtu) 2926 if (chan->partial_sdu_len > pi->imtu)
2849 goto drop; 2927 goto drop;
2850 2928
2851 if (pi->partial_sdu_len != pi->sdu_len) 2929 if (chan->partial_sdu_len != chan->sdu_len)
2852 goto drop; 2930 goto drop;
2853 2931
2854 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 2932 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
2855 } 2933 }
2856 2934
2857 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 2935 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
2858 if (!_skb) { 2936 if (!_skb) {
2859 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2937 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2860 return -ENOMEM; 2938 return -ENOMEM;
2861 } 2939 }
2862 2940
2863 err = sock_queue_rcv_skb(sk, _skb); 2941 err = sock_queue_rcv_skb(chan->sk, _skb);
2864 if (err < 0) { 2942 if (err < 0) {
2865 kfree_skb(_skb); 2943 kfree_skb(_skb);
2866 pi->conn_state |= L2CAP_CONN_SAR_RETRY; 2944 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
2867 return err; 2945 return err;
2868 } 2946 }
2869 2947
2870 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY; 2948 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
2871 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 2949 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
2872 2950
2873 kfree_skb(pi->sdu); 2951 kfree_skb(chan->sdu);
2874 break; 2952 break;
2875 } 2953 }
2876 2954
@@ -2878,51 +2956,50 @@ static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 c
2878 return 0; 2956 return 0;
2879 2957
2880drop: 2958drop:
2881 kfree_skb(pi->sdu); 2959 kfree_skb(chan->sdu);
2882 pi->sdu = NULL; 2960 chan->sdu = NULL;
2883 2961
2884disconnect: 2962disconnect:
2885 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 2963 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
2886 kfree_skb(skb); 2964 kfree_skb(skb);
2887 return 0; 2965 return 0;
2888} 2966}
2889 2967
2890static int l2cap_try_push_rx_skb(struct sock *sk) 2968static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
2891{ 2969{
2892 struct l2cap_pinfo *pi = l2cap_pi(sk);
2893 struct sk_buff *skb; 2970 struct sk_buff *skb;
2894 u16 control; 2971 u16 control;
2895 int err; 2972 int err;
2896 2973
2897 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) { 2974 while ((skb = skb_dequeue(&chan->busy_q))) {
2898 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 2975 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
2899 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 2976 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2900 if (err < 0) { 2977 if (err < 0) {
2901 skb_queue_head(BUSY_QUEUE(sk), skb); 2978 skb_queue_head(&chan->busy_q, skb);
2902 return -EBUSY; 2979 return -EBUSY;
2903 } 2980 }
2904 2981
2905 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 2982 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2906 } 2983 }
2907 2984
2908 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT)) 2985 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
2909 goto done; 2986 goto done;
2910 2987
2911 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 2988 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2912 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL; 2989 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
2913 l2cap_send_sframe(pi, control); 2990 l2cap_send_sframe(chan, control);
2914 l2cap_pi(sk)->retry_count = 1; 2991 chan->retry_count = 1;
2915 2992
2916 del_timer(&pi->retrans_timer); 2993 del_timer(&chan->retrans_timer);
2917 __mod_monitor_timer(); 2994 __mod_monitor_timer();
2918 2995
2919 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 2996 chan->conn_state |= L2CAP_CONN_WAIT_F;
2920 2997
2921done: 2998done:
2922 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY; 2999 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
2923 pi->conn_state &= ~L2CAP_CONN_RNR_SENT; 3000 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
2924 3001
2925 BT_DBG("sk %p, Exit local busy", sk); 3002 BT_DBG("chan %p, Exit local busy", chan);
2926 3003
2927 return 0; 3004 return 0;
2928} 3005}
@@ -2930,21 +3007,21 @@ done:
2930static void l2cap_busy_work(struct work_struct *work) 3007static void l2cap_busy_work(struct work_struct *work)
2931{ 3008{
2932 DECLARE_WAITQUEUE(wait, current); 3009 DECLARE_WAITQUEUE(wait, current);
2933 struct l2cap_pinfo *pi = 3010 struct l2cap_chan *chan =
2934 container_of(work, struct l2cap_pinfo, busy_work); 3011 container_of(work, struct l2cap_chan, busy_work);
2935 struct sock *sk = (struct sock *)pi; 3012 struct sock *sk = chan->sk;
2936 int n_tries = 0, timeo = HZ/5, err; 3013 int n_tries = 0, timeo = HZ/5, err;
2937 struct sk_buff *skb; 3014 struct sk_buff *skb;
2938 3015
2939 lock_sock(sk); 3016 lock_sock(sk);
2940 3017
2941 add_wait_queue(sk_sleep(sk), &wait); 3018 add_wait_queue(sk_sleep(sk), &wait);
2942 while ((skb = skb_peek(BUSY_QUEUE(sk)))) { 3019 while ((skb = skb_peek(&chan->busy_q))) {
2943 set_current_state(TASK_INTERRUPTIBLE); 3020 set_current_state(TASK_INTERRUPTIBLE);
2944 3021
2945 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3022 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
2946 err = -EBUSY; 3023 err = -EBUSY;
2947 l2cap_send_disconn_req(pi->conn, sk, EBUSY); 3024 l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY);
2948 break; 3025 break;
2949 } 3026 }
2950 3027
@@ -2964,7 +3041,7 @@ static void l2cap_busy_work(struct work_struct *work)
2964 if (err) 3041 if (err)
2965 break; 3042 break;
2966 3043
2967 if (l2cap_try_push_rx_skb(sk) == 0) 3044 if (l2cap_try_push_rx_skb(chan) == 0)
2968 break; 3045 break;
2969 } 3046 }
2970 3047
@@ -2974,48 +3051,47 @@ static void l2cap_busy_work(struct work_struct *work)
2974 release_sock(sk); 3051 release_sock(sk);
2975} 3052}
2976 3053
2977static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control) 3054static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
2978{ 3055{
2979 struct l2cap_pinfo *pi = l2cap_pi(sk);
2980 int sctrl, err; 3056 int sctrl, err;
2981 3057
2982 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 3058 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
2983 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3059 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
2984 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3060 __skb_queue_tail(&chan->busy_q, skb);
2985 return l2cap_try_push_rx_skb(sk); 3061 return l2cap_try_push_rx_skb(chan);
2986 3062
2987 3063
2988 } 3064 }
2989 3065
2990 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 3066 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
2991 if (err >= 0) { 3067 if (err >= 0) {
2992 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3068 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
2993 return err; 3069 return err;
2994 } 3070 }
2995 3071
2996 /* Busy Condition */ 3072 /* Busy Condition */
2997 BT_DBG("sk %p, Enter local busy", sk); 3073 BT_DBG("chan %p, Enter local busy", chan);
2998 3074
2999 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY; 3075 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3000 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3076 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3001 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3077 __skb_queue_tail(&chan->busy_q, skb);
3002 3078
3003 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3079 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3004 sctrl |= L2CAP_SUPER_RCV_NOT_READY; 3080 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3005 l2cap_send_sframe(pi, sctrl); 3081 l2cap_send_sframe(chan, sctrl);
3006 3082
3007 pi->conn_state |= L2CAP_CONN_RNR_SENT; 3083 chan->conn_state |= L2CAP_CONN_RNR_SENT;
3008 3084
3009 del_timer(&pi->ack_timer); 3085 del_timer(&chan->ack_timer);
3010 3086
3011 queue_work(_busy_wq, &pi->busy_work); 3087 queue_work(_busy_wq, &chan->busy_work);
3012 3088
3013 return err; 3089 return err;
3014} 3090}
3015 3091
3016static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 3092static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3017{ 3093{
3018 struct l2cap_pinfo *pi = l2cap_pi(sk); 3094 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3019 struct sk_buff *_skb; 3095 struct sk_buff *_skb;
3020 int err = -EINVAL; 3096 int err = -EINVAL;
3021 3097
@@ -3026,80 +3102,80 @@ static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb,
3026 3102
3027 switch (control & L2CAP_CTRL_SAR) { 3103 switch (control & L2CAP_CTRL_SAR) {
3028 case L2CAP_SDU_UNSEGMENTED: 3104 case L2CAP_SDU_UNSEGMENTED:
3029 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3105 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3030 kfree_skb(pi->sdu); 3106 kfree_skb(chan->sdu);
3031 break; 3107 break;
3032 } 3108 }
3033 3109
3034 err = sock_queue_rcv_skb(sk, skb); 3110 err = sock_queue_rcv_skb(chan->sk, skb);
3035 if (!err) 3111 if (!err)
3036 return 0; 3112 return 0;
3037 3113
3038 break; 3114 break;
3039 3115
3040 case L2CAP_SDU_START: 3116 case L2CAP_SDU_START:
3041 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3117 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
3042 kfree_skb(pi->sdu); 3118 kfree_skb(chan->sdu);
3043 break; 3119 break;
3044 } 3120 }
3045 3121
3046 pi->sdu_len = get_unaligned_le16(skb->data); 3122 chan->sdu_len = get_unaligned_le16(skb->data);
3047 skb_pull(skb, 2); 3123 skb_pull(skb, 2);
3048 3124
3049 if (pi->sdu_len > pi->imtu) { 3125 if (chan->sdu_len > pi->imtu) {
3050 err = -EMSGSIZE; 3126 err = -EMSGSIZE;
3051 break; 3127 break;
3052 } 3128 }
3053 3129
3054 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3130 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3055 if (!pi->sdu) { 3131 if (!chan->sdu) {
3056 err = -ENOMEM; 3132 err = -ENOMEM;
3057 break; 3133 break;
3058 } 3134 }
3059 3135
3060 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3136 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3061 3137
3062 pi->conn_state |= L2CAP_CONN_SAR_SDU; 3138 chan->conn_state |= L2CAP_CONN_SAR_SDU;
3063 pi->partial_sdu_len = skb->len; 3139 chan->partial_sdu_len = skb->len;
3064 err = 0; 3140 err = 0;
3065 break; 3141 break;
3066 3142
3067 case L2CAP_SDU_CONTINUE: 3143 case L2CAP_SDU_CONTINUE:
3068 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3144 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3069 break; 3145 break;
3070 3146
3071 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3147 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3072 3148
3073 pi->partial_sdu_len += skb->len; 3149 chan->partial_sdu_len += skb->len;
3074 if (pi->partial_sdu_len > pi->sdu_len) 3150 if (chan->partial_sdu_len > chan->sdu_len)
3075 kfree_skb(pi->sdu); 3151 kfree_skb(chan->sdu);
3076 else 3152 else
3077 err = 0; 3153 err = 0;
3078 3154
3079 break; 3155 break;
3080 3156
3081 case L2CAP_SDU_END: 3157 case L2CAP_SDU_END:
3082 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU)) 3158 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
3083 break; 3159 break;
3084 3160
3085 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len); 3161 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
3086 3162
3087 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 3163 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
3088 pi->partial_sdu_len += skb->len; 3164 chan->partial_sdu_len += skb->len;
3089 3165
3090 if (pi->partial_sdu_len > pi->imtu) 3166 if (chan->partial_sdu_len > pi->imtu)
3091 goto drop; 3167 goto drop;
3092 3168
3093 if (pi->partial_sdu_len == pi->sdu_len) { 3169 if (chan->partial_sdu_len == chan->sdu_len) {
3094 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 3170 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
3095 err = sock_queue_rcv_skb(sk, _skb); 3171 err = sock_queue_rcv_skb(chan->sk, _skb);
3096 if (err < 0) 3172 if (err < 0)
3097 kfree_skb(_skb); 3173 kfree_skb(_skb);
3098 } 3174 }
3099 err = 0; 3175 err = 0;
3100 3176
3101drop: 3177drop:
3102 kfree_skb(pi->sdu); 3178 kfree_skb(chan->sdu);
3103 break; 3179 break;
3104 } 3180 }
3105 3181
@@ -3107,31 +3183,30 @@ drop:
3107 return err; 3183 return err;
3108} 3184}
3109 3185
3110static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) 3186static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
3111{ 3187{
3112 struct sk_buff *skb; 3188 struct sk_buff *skb;
3113 u16 control; 3189 u16 control;
3114 3190
3115 while ((skb = skb_peek(SREJ_QUEUE(sk)))) { 3191 while ((skb = skb_peek(&chan->srej_q))) {
3116 if (bt_cb(skb)->tx_seq != tx_seq) 3192 if (bt_cb(skb)->tx_seq != tx_seq)
3117 break; 3193 break;
3118 3194
3119 skb = skb_dequeue(SREJ_QUEUE(sk)); 3195 skb = skb_dequeue(&chan->srej_q);
3120 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 3196 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3121 l2cap_ertm_reassembly_sdu(sk, skb, control); 3197 l2cap_ertm_reassembly_sdu(chan, skb, control);
3122 l2cap_pi(sk)->buffer_seq_srej = 3198 chan->buffer_seq_srej =
3123 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3199 (chan->buffer_seq_srej + 1) % 64;
3124 tx_seq = (tx_seq + 1) % 64; 3200 tx_seq = (tx_seq + 1) % 64;
3125 } 3201 }
3126} 3202}
3127 3203
3128static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq) 3204static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3129{ 3205{
3130 struct l2cap_pinfo *pi = l2cap_pi(sk);
3131 struct srej_list *l, *tmp; 3206 struct srej_list *l, *tmp;
3132 u16 control; 3207 u16 control;
3133 3208
3134 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { 3209 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
3135 if (l->tx_seq == tx_seq) { 3210 if (l->tx_seq == tx_seq) {
3136 list_del(&l->list); 3211 list_del(&l->list);
3137 kfree(l); 3212 kfree(l);
@@ -3139,34 +3214,33 @@ static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3139 } 3214 }
3140 control = L2CAP_SUPER_SELECT_REJECT; 3215 control = L2CAP_SUPER_SELECT_REJECT;
3141 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3216 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3142 l2cap_send_sframe(pi, control); 3217 l2cap_send_sframe(chan, control);
3143 list_del(&l->list); 3218 list_del(&l->list);
3144 list_add_tail(&l->list, SREJ_LIST(sk)); 3219 list_add_tail(&l->list, &chan->srej_l);
3145 } 3220 }
3146} 3221}
3147 3222
3148static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq) 3223static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
3149{ 3224{
3150 struct l2cap_pinfo *pi = l2cap_pi(sk);
3151 struct srej_list *new; 3225 struct srej_list *new;
3152 u16 control; 3226 u16 control;
3153 3227
3154 while (tx_seq != pi->expected_tx_seq) { 3228 while (tx_seq != chan->expected_tx_seq) {
3155 control = L2CAP_SUPER_SELECT_REJECT; 3229 control = L2CAP_SUPER_SELECT_REJECT;
3156 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3230 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3157 l2cap_send_sframe(pi, control); 3231 l2cap_send_sframe(chan, control);
3158 3232
3159 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3233 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3160 new->tx_seq = pi->expected_tx_seq; 3234 new->tx_seq = chan->expected_tx_seq;
3161 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3235 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3162 list_add_tail(&new->list, SREJ_LIST(sk)); 3236 list_add_tail(&new->list, &chan->srej_l);
3163 } 3237 }
3164 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3238 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3165} 3239}
3166 3240
3167static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3241static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3168{ 3242{
3169 struct l2cap_pinfo *pi = l2cap_pi(sk); 3243 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
3170 u8 tx_seq = __get_txseq(rx_control); 3244 u8 tx_seq = __get_txseq(rx_control);
3171 u8 req_seq = __get_reqseq(rx_control); 3245 u8 req_seq = __get_reqseq(rx_control);
3172 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3246 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
@@ -3174,72 +3248,72 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3174 int num_to_ack = (pi->tx_win/6) + 1; 3248 int num_to_ack = (pi->tx_win/6) + 1;
3175 int err = 0; 3249 int err = 0;
3176 3250
3177 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq, 3251 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3178 rx_control); 3252 tx_seq, rx_control);
3179 3253
3180 if (L2CAP_CTRL_FINAL & rx_control && 3254 if (L2CAP_CTRL_FINAL & rx_control &&
3181 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3255 chan->conn_state & L2CAP_CONN_WAIT_F) {
3182 del_timer(&pi->monitor_timer); 3256 del_timer(&chan->monitor_timer);
3183 if (pi->unacked_frames > 0) 3257 if (chan->unacked_frames > 0)
3184 __mod_retrans_timer(); 3258 __mod_retrans_timer();
3185 pi->conn_state &= ~L2CAP_CONN_WAIT_F; 3259 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3186 } 3260 }
3187 3261
3188 pi->expected_ack_seq = req_seq; 3262 chan->expected_ack_seq = req_seq;
3189 l2cap_drop_acked_frames(sk); 3263 l2cap_drop_acked_frames(chan);
3190 3264
3191 if (tx_seq == pi->expected_tx_seq) 3265 if (tx_seq == chan->expected_tx_seq)
3192 goto expected; 3266 goto expected;
3193 3267
3194 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64; 3268 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
3195 if (tx_seq_offset < 0) 3269 if (tx_seq_offset < 0)
3196 tx_seq_offset += 64; 3270 tx_seq_offset += 64;
3197 3271
3198 /* invalid tx_seq */ 3272 /* invalid tx_seq */
3199 if (tx_seq_offset >= pi->tx_win) { 3273 if (tx_seq_offset >= pi->tx_win) {
3200 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3274 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3201 goto drop; 3275 goto drop;
3202 } 3276 }
3203 3277
3204 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY) 3278 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
3205 goto drop; 3279 goto drop;
3206 3280
3207 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3281 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3208 struct srej_list *first; 3282 struct srej_list *first;
3209 3283
3210 first = list_first_entry(SREJ_LIST(sk), 3284 first = list_first_entry(&chan->srej_l,
3211 struct srej_list, list); 3285 struct srej_list, list);
3212 if (tx_seq == first->tx_seq) { 3286 if (tx_seq == first->tx_seq) {
3213 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3287 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3214 l2cap_check_srej_gap(sk, tx_seq); 3288 l2cap_check_srej_gap(chan, tx_seq);
3215 3289
3216 list_del(&first->list); 3290 list_del(&first->list);
3217 kfree(first); 3291 kfree(first);
3218 3292
3219 if (list_empty(SREJ_LIST(sk))) { 3293 if (list_empty(&chan->srej_l)) {
3220 pi->buffer_seq = pi->buffer_seq_srej; 3294 chan->buffer_seq = chan->buffer_seq_srej;
3221 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3295 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3222 l2cap_send_ack(pi); 3296 l2cap_send_ack(chan);
3223 BT_DBG("sk %p, Exit SREJ_SENT", sk); 3297 BT_DBG("chan %p, Exit SREJ_SENT", chan);
3224 } 3298 }
3225 } else { 3299 } else {
3226 struct srej_list *l; 3300 struct srej_list *l;
3227 3301
3228 /* duplicated tx_seq */ 3302 /* duplicated tx_seq */
3229 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0) 3303 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
3230 goto drop; 3304 goto drop;
3231 3305
3232 list_for_each_entry(l, SREJ_LIST(sk), list) { 3306 list_for_each_entry(l, &chan->srej_l, list) {
3233 if (l->tx_seq == tx_seq) { 3307 if (l->tx_seq == tx_seq) {
3234 l2cap_resend_srejframe(sk, tx_seq); 3308 l2cap_resend_srejframe(chan, tx_seq);
3235 return 0; 3309 return 0;
3236 } 3310 }
3237 } 3311 }
3238 l2cap_send_srejframe(sk, tx_seq); 3312 l2cap_send_srejframe(chan, tx_seq);
3239 } 3313 }
3240 } else { 3314 } else {
3241 expected_tx_seq_offset = 3315 expected_tx_seq_offset =
3242 (pi->expected_tx_seq - pi->buffer_seq) % 64; 3316 (chan->expected_tx_seq - chan->buffer_seq) % 64;
3243 if (expected_tx_seq_offset < 0) 3317 if (expected_tx_seq_offset < 0)
3244 expected_tx_seq_offset += 64; 3318 expected_tx_seq_offset += 64;
3245 3319
@@ -3247,51 +3321,51 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3247 if (tx_seq_offset < expected_tx_seq_offset) 3321 if (tx_seq_offset < expected_tx_seq_offset)
3248 goto drop; 3322 goto drop;
3249 3323
3250 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 3324 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
3251 3325
3252 BT_DBG("sk %p, Enter SREJ", sk); 3326 BT_DBG("chan %p, Enter SREJ", chan);
3253 3327
3254 INIT_LIST_HEAD(SREJ_LIST(sk)); 3328 INIT_LIST_HEAD(&chan->srej_l);
3255 pi->buffer_seq_srej = pi->buffer_seq; 3329 chan->buffer_seq_srej = chan->buffer_seq;
3256 3330
3257 __skb_queue_head_init(SREJ_QUEUE(sk)); 3331 __skb_queue_head_init(&chan->srej_q);
3258 __skb_queue_head_init(BUSY_QUEUE(sk)); 3332 __skb_queue_head_init(&chan->busy_q);
3259 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3333 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3260 3334
3261 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 3335 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
3262 3336
3263 l2cap_send_srejframe(sk, tx_seq); 3337 l2cap_send_srejframe(chan, tx_seq);
3264 3338
3265 del_timer(&pi->ack_timer); 3339 del_timer(&chan->ack_timer);
3266 } 3340 }
3267 return 0; 3341 return 0;
3268 3342
3269expected: 3343expected:
3270 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3344 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3271 3345
3272 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3346 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3273 bt_cb(skb)->tx_seq = tx_seq; 3347 bt_cb(skb)->tx_seq = tx_seq;
3274 bt_cb(skb)->sar = sar; 3348 bt_cb(skb)->sar = sar;
3275 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3349 __skb_queue_tail(&chan->srej_q, skb);
3276 return 0; 3350 return 0;
3277 } 3351 }
3278 3352
3279 err = l2cap_push_rx_skb(sk, skb, rx_control); 3353 err = l2cap_push_rx_skb(chan, skb, rx_control);
3280 if (err < 0) 3354 if (err < 0)
3281 return 0; 3355 return 0;
3282 3356
3283 if (rx_control & L2CAP_CTRL_FINAL) { 3357 if (rx_control & L2CAP_CTRL_FINAL) {
3284 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3358 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3285 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3359 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3286 else 3360 else
3287 l2cap_retransmit_frames(sk); 3361 l2cap_retransmit_frames(chan);
3288 } 3362 }
3289 3363
3290 __mod_ack_timer(); 3364 __mod_ack_timer();
3291 3365
3292 pi->num_acked = (pi->num_acked + 1) % num_to_ack; 3366 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3293 if (pi->num_acked == num_to_ack - 1) 3367 if (chan->num_acked == num_to_ack - 1)
3294 l2cap_send_ack(pi); 3368 l2cap_send_ack(chan);
3295 3369
3296 return 0; 3370 return 0;
3297 3371
@@ -3300,165 +3374,160 @@ drop:
3300 return 0; 3374 return 0;
3301} 3375}
3302 3376
3303static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) 3377static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
3304{ 3378{
3305 struct l2cap_pinfo *pi = l2cap_pi(sk); 3379 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
3306
3307 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
3308 rx_control); 3380 rx_control);
3309 3381
3310 pi->expected_ack_seq = __get_reqseq(rx_control); 3382 chan->expected_ack_seq = __get_reqseq(rx_control);
3311 l2cap_drop_acked_frames(sk); 3383 l2cap_drop_acked_frames(chan);
3312 3384
3313 if (rx_control & L2CAP_CTRL_POLL) { 3385 if (rx_control & L2CAP_CTRL_POLL) {
3314 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3386 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3315 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3387 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3316 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3388 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3317 (pi->unacked_frames > 0)) 3389 (chan->unacked_frames > 0))
3318 __mod_retrans_timer(); 3390 __mod_retrans_timer();
3319 3391
3320 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3392 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3321 l2cap_send_srejtail(sk); 3393 l2cap_send_srejtail(chan);
3322 } else { 3394 } else {
3323 l2cap_send_i_or_rr_or_rnr(sk); 3395 l2cap_send_i_or_rr_or_rnr(chan);
3324 } 3396 }
3325 3397
3326 } else if (rx_control & L2CAP_CTRL_FINAL) { 3398 } else if (rx_control & L2CAP_CTRL_FINAL) {
3327 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3399 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3328 3400
3329 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3401 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3330 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3402 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3331 else 3403 else
3332 l2cap_retransmit_frames(sk); 3404 l2cap_retransmit_frames(chan);
3333 3405
3334 } else { 3406 } else {
3335 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3407 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3336 (pi->unacked_frames > 0)) 3408 (chan->unacked_frames > 0))
3337 __mod_retrans_timer(); 3409 __mod_retrans_timer();
3338 3410
3339 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3411 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3340 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) 3412 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3341 l2cap_send_ack(pi); 3413 l2cap_send_ack(chan);
3342 else 3414 else
3343 l2cap_ertm_send(sk); 3415 l2cap_ertm_send(chan);
3344 } 3416 }
3345} 3417}
3346 3418
3347static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) 3419static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
3348{ 3420{
3349 struct l2cap_pinfo *pi = l2cap_pi(sk);
3350 u8 tx_seq = __get_reqseq(rx_control); 3421 u8 tx_seq = __get_reqseq(rx_control);
3351 3422
3352 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3423 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3353 3424
3354 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3425 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3355 3426
3356 pi->expected_ack_seq = tx_seq; 3427 chan->expected_ack_seq = tx_seq;
3357 l2cap_drop_acked_frames(sk); 3428 l2cap_drop_acked_frames(chan);
3358 3429
3359 if (rx_control & L2CAP_CTRL_FINAL) { 3430 if (rx_control & L2CAP_CTRL_FINAL) {
3360 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3431 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3361 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3432 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
3362 else 3433 else
3363 l2cap_retransmit_frames(sk); 3434 l2cap_retransmit_frames(chan);
3364 } else { 3435 } else {
3365 l2cap_retransmit_frames(sk); 3436 l2cap_retransmit_frames(chan);
3366 3437
3367 if (pi->conn_state & L2CAP_CONN_WAIT_F) 3438 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3368 pi->conn_state |= L2CAP_CONN_REJ_ACT; 3439 chan->conn_state |= L2CAP_CONN_REJ_ACT;
3369 } 3440 }
3370} 3441}
3371static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control) 3442static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
3372{ 3443{
3373 struct l2cap_pinfo *pi = l2cap_pi(sk);
3374 u8 tx_seq = __get_reqseq(rx_control); 3444 u8 tx_seq = __get_reqseq(rx_control);
3375 3445
3376 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3446 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3377 3447
3378 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3448 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3379 3449
3380 if (rx_control & L2CAP_CTRL_POLL) { 3450 if (rx_control & L2CAP_CTRL_POLL) {
3381 pi->expected_ack_seq = tx_seq; 3451 chan->expected_ack_seq = tx_seq;
3382 l2cap_drop_acked_frames(sk); 3452 l2cap_drop_acked_frames(chan);
3383 3453
3384 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3454 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3385 l2cap_retransmit_one_frame(sk, tx_seq); 3455 l2cap_retransmit_one_frame(chan, tx_seq);
3386 3456
3387 l2cap_ertm_send(sk); 3457 l2cap_ertm_send(chan);
3388 3458
3389 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3459 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3390 pi->srej_save_reqseq = tx_seq; 3460 chan->srej_save_reqseq = tx_seq;
3391 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3461 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3392 } 3462 }
3393 } else if (rx_control & L2CAP_CTRL_FINAL) { 3463 } else if (rx_control & L2CAP_CTRL_FINAL) {
3394 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) && 3464 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
3395 pi->srej_save_reqseq == tx_seq) 3465 chan->srej_save_reqseq == tx_seq)
3396 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT; 3466 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3397 else 3467 else
3398 l2cap_retransmit_one_frame(sk, tx_seq); 3468 l2cap_retransmit_one_frame(chan, tx_seq);
3399 } else { 3469 } else {
3400 l2cap_retransmit_one_frame(sk, tx_seq); 3470 l2cap_retransmit_one_frame(chan, tx_seq);
3401 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3471 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
3402 pi->srej_save_reqseq = tx_seq; 3472 chan->srej_save_reqseq = tx_seq;
3403 pi->conn_state |= L2CAP_CONN_SREJ_ACT; 3473 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
3404 } 3474 }
3405 } 3475 }
3406} 3476}
3407 3477
3408static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control) 3478static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
3409{ 3479{
3410 struct l2cap_pinfo *pi = l2cap_pi(sk);
3411 u8 tx_seq = __get_reqseq(rx_control); 3480 u8 tx_seq = __get_reqseq(rx_control);
3412 3481
3413 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); 3482 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
3414 3483
3415 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 3484 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3416 pi->expected_ack_seq = tx_seq; 3485 chan->expected_ack_seq = tx_seq;
3417 l2cap_drop_acked_frames(sk); 3486 l2cap_drop_acked_frames(chan);
3418 3487
3419 if (rx_control & L2CAP_CTRL_POLL) 3488 if (rx_control & L2CAP_CTRL_POLL)
3420 pi->conn_state |= L2CAP_CONN_SEND_FBIT; 3489 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3421 3490
3422 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) { 3491 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
3423 del_timer(&pi->retrans_timer); 3492 del_timer(&chan->retrans_timer);
3424 if (rx_control & L2CAP_CTRL_POLL) 3493 if (rx_control & L2CAP_CTRL_POLL)
3425 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL); 3494 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
3426 return; 3495 return;
3427 } 3496 }
3428 3497
3429 if (rx_control & L2CAP_CTRL_POLL) 3498 if (rx_control & L2CAP_CTRL_POLL)
3430 l2cap_send_srejtail(sk); 3499 l2cap_send_srejtail(chan);
3431 else 3500 else
3432 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY); 3501 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
3433} 3502}
3434 3503
3435static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3504static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
3436{ 3505{
3437 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3506 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
3438 3507
3439 if (L2CAP_CTRL_FINAL & rx_control && 3508 if (L2CAP_CTRL_FINAL & rx_control &&
3440 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3509 chan->conn_state & L2CAP_CONN_WAIT_F) {
3441 del_timer(&l2cap_pi(sk)->monitor_timer); 3510 del_timer(&chan->monitor_timer);
3442 if (l2cap_pi(sk)->unacked_frames > 0) 3511 if (chan->unacked_frames > 0)
3443 __mod_retrans_timer(); 3512 __mod_retrans_timer();
3444 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F; 3513 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
3445 } 3514 }
3446 3515
3447 switch (rx_control & L2CAP_CTRL_SUPERVISE) { 3516 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3448 case L2CAP_SUPER_RCV_READY: 3517 case L2CAP_SUPER_RCV_READY:
3449 l2cap_data_channel_rrframe(sk, rx_control); 3518 l2cap_data_channel_rrframe(chan, rx_control);
3450 break; 3519 break;
3451 3520
3452 case L2CAP_SUPER_REJECT: 3521 case L2CAP_SUPER_REJECT:
3453 l2cap_data_channel_rejframe(sk, rx_control); 3522 l2cap_data_channel_rejframe(chan, rx_control);
3454 break; 3523 break;
3455 3524
3456 case L2CAP_SUPER_SELECT_REJECT: 3525 case L2CAP_SUPER_SELECT_REJECT:
3457 l2cap_data_channel_srejframe(sk, rx_control); 3526 l2cap_data_channel_srejframe(chan, rx_control);
3458 break; 3527 break;
3459 3528
3460 case L2CAP_SUPER_RCV_NOT_READY: 3529 case L2CAP_SUPER_RCV_NOT_READY:
3461 l2cap_data_channel_rnrframe(sk, rx_control); 3530 l2cap_data_channel_rnrframe(chan, rx_control);
3462 break; 3531 break;
3463 } 3532 }
3464 3533
@@ -3468,6 +3537,7 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3468 3537
3469static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 3538static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3470{ 3539{
3540 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3471 struct l2cap_pinfo *pi = l2cap_pi(sk); 3541 struct l2cap_pinfo *pi = l2cap_pi(sk);
3472 u16 control; 3542 u16 control;
3473 u8 req_seq; 3543 u8 req_seq;
@@ -3492,41 +3562,41 @@ static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3492 len -= 2; 3562 len -= 2;
3493 3563
3494 if (len > pi->mps) { 3564 if (len > pi->mps) {
3495 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3565 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3496 goto drop; 3566 goto drop;
3497 } 3567 }
3498 3568
3499 req_seq = __get_reqseq(control); 3569 req_seq = __get_reqseq(control);
3500 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64; 3570 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
3501 if (req_seq_offset < 0) 3571 if (req_seq_offset < 0)
3502 req_seq_offset += 64; 3572 req_seq_offset += 64;
3503 3573
3504 next_tx_seq_offset = 3574 next_tx_seq_offset =
3505 (pi->next_tx_seq - pi->expected_ack_seq) % 64; 3575 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
3506 if (next_tx_seq_offset < 0) 3576 if (next_tx_seq_offset < 0)
3507 next_tx_seq_offset += 64; 3577 next_tx_seq_offset += 64;
3508 3578
3509 /* check for invalid req-seq */ 3579 /* check for invalid req-seq */
3510 if (req_seq_offset > next_tx_seq_offset) { 3580 if (req_seq_offset > next_tx_seq_offset) {
3511 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3581 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3512 goto drop; 3582 goto drop;
3513 } 3583 }
3514 3584
3515 if (__is_iframe(control)) { 3585 if (__is_iframe(control)) {
3516 if (len < 0) { 3586 if (len < 0) {
3517 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3587 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3518 goto drop; 3588 goto drop;
3519 } 3589 }
3520 3590
3521 l2cap_data_channel_iframe(sk, control, skb); 3591 l2cap_data_channel_iframe(chan, control, skb);
3522 } else { 3592 } else {
3523 if (len != 0) { 3593 if (len != 0) {
3524 BT_ERR("%d", len); 3594 BT_ERR("%d", len);
3525 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); 3595 l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);
3526 goto drop; 3596 goto drop;
3527 } 3597 }
3528 3598
3529 l2cap_data_channel_sframe(sk, control, skb); 3599 l2cap_data_channel_sframe(chan, control, skb);
3530 } 3600 }
3531 3601
3532 return 0; 3602 return 0;
@@ -3538,21 +3608,23 @@ drop:
3538 3608
3539static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 3609static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3540{ 3610{
3611 struct l2cap_chan *chan;
3541 struct sock *sk; 3612 struct sock *sk;
3542 struct l2cap_pinfo *pi; 3613 struct l2cap_pinfo *pi;
3543 u16 control; 3614 u16 control;
3544 u8 tx_seq; 3615 u8 tx_seq;
3545 int len; 3616 int len;
3546 3617
3547 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3618 chan = l2cap_get_chan_by_scid(conn, cid);
3548 if (!sk) { 3619 if (!chan) {
3549 BT_DBG("unknown cid 0x%4.4x", cid); 3620 BT_DBG("unknown cid 0x%4.4x", cid);
3550 goto drop; 3621 goto drop;
3551 } 3622 }
3552 3623
3624 sk = chan->sk;
3553 pi = l2cap_pi(sk); 3625 pi = l2cap_pi(sk);
3554 3626
3555 BT_DBG("sk %p, len %d", sk, skb->len); 3627 BT_DBG("chan %p, len %d", chan, skb->len);
3556 3628
3557 if (sk->sk_state != BT_CONNECTED) 3629 if (sk->sk_state != BT_CONNECTED)
3558 goto drop; 3630 goto drop;
@@ -3600,17 +3672,17 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3600 3672
3601 tx_seq = __get_txseq(control); 3673 tx_seq = __get_txseq(control);
3602 3674
3603 if (pi->expected_tx_seq == tx_seq) 3675 if (chan->expected_tx_seq == tx_seq)
3604 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3676 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
3605 else 3677 else
3606 pi->expected_tx_seq = (tx_seq + 1) % 64; 3678 chan->expected_tx_seq = (tx_seq + 1) % 64;
3607 3679
3608 l2cap_streaming_reassembly_sdu(sk, skb, control); 3680 l2cap_streaming_reassembly_sdu(chan, skb, control);
3609 3681
3610 goto done; 3682 goto done;
3611 3683
3612 default: 3684 default:
3613 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode); 3685 BT_DBG("chan %p: bad mode 0x%2.2x", chan, pi->mode);
3614 break; 3686 break;
3615 } 3687 }
3616 3688
@@ -3654,6 +3726,36 @@ done:
3654 return 0; 3726 return 0;
3655} 3727}
3656 3728
3729static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3730{
3731 struct sock *sk;
3732
3733 sk = l2cap_get_sock_by_scid(0, cid, conn->src);
3734 if (!sk)
3735 goto drop;
3736
3737 bh_lock_sock(sk);
3738
3739 BT_DBG("sk %p, len %d", sk, skb->len);
3740
3741 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3742 goto drop;
3743
3744 if (l2cap_pi(sk)->imtu < skb->len)
3745 goto drop;
3746
3747 if (!sock_queue_rcv_skb(sk, skb))
3748 goto done;
3749
3750drop:
3751 kfree_skb(skb);
3752
3753done:
3754 if (sk)
3755 bh_unlock_sock(sk);
3756 return 0;
3757}
3758
3657static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) 3759static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3658{ 3760{
3659 struct l2cap_hdr *lh = (void *) skb->data; 3761 struct l2cap_hdr *lh = (void *) skb->data;
@@ -3683,6 +3785,10 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3683 l2cap_conless_channel(conn, psm, skb); 3785 l2cap_conless_channel(conn, psm, skb);
3684 break; 3786 break;
3685 3787
3788 case L2CAP_CID_LE_DATA:
3789 l2cap_att_channel(conn, cid, skb);
3790 break;
3791
3686 default: 3792 default:
3687 l2cap_data_channel(conn, cid, skb); 3793 l2cap_data_channel(conn, cid, skb);
3688 break; 3794 break;
@@ -3786,20 +3892,19 @@ static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3786 3892
3787static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) 3893static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3788{ 3894{
3789 struct l2cap_chan_list *l;
3790 struct l2cap_conn *conn = hcon->l2cap_data; 3895 struct l2cap_conn *conn = hcon->l2cap_data;
3791 struct sock *sk; 3896 struct l2cap_chan *chan;
3792 3897
3793 if (!conn) 3898 if (!conn)
3794 return 0; 3899 return 0;
3795 3900
3796 l = &conn->chan_list;
3797
3798 BT_DBG("conn %p", conn); 3901 BT_DBG("conn %p", conn);
3799 3902
3800 read_lock(&l->lock); 3903 read_lock(&conn->chan_lock);
3904
3905 list_for_each_entry(chan, &conn->chan_l, list) {
3906 struct sock *sk = chan->sk;
3801 3907
3802 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3803 bh_lock_sock(sk); 3908 bh_lock_sock(sk);
3804 3909
3805 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { 3910 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
@@ -3820,10 +3925,10 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3820 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 3925 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3821 req.psm = l2cap_pi(sk)->psm; 3926 req.psm = l2cap_pi(sk)->psm;
3822 3927
3823 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 3928 chan->ident = l2cap_get_ident(conn);
3824 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 3929 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3825 3930
3826 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3931 l2cap_send_cmd(conn, chan->ident,
3827 L2CAP_CONN_REQ, sizeof(req), &req); 3932 L2CAP_CONN_REQ, sizeof(req), &req);
3828 } else { 3933 } else {
3829 l2cap_sock_clear_timer(sk); 3934 l2cap_sock_clear_timer(sk);
@@ -3846,14 +3951,14 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3846 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 3951 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3847 rsp.result = cpu_to_le16(result); 3952 rsp.result = cpu_to_le16(result);
3848 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3953 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3849 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 3954 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
3850 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3955 sizeof(rsp), &rsp);
3851 } 3956 }
3852 3957
3853 bh_unlock_sock(sk); 3958 bh_unlock_sock(sk);
3854 } 3959 }
3855 3960
3856 read_unlock(&l->lock); 3961 read_unlock(&conn->chan_lock);
3857 3962
3858 return 0; 3963 return 0;
3859} 3964}
@@ -3872,7 +3977,7 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3872 3977
3873 if (!(flags & ACL_CONT)) { 3978 if (!(flags & ACL_CONT)) {
3874 struct l2cap_hdr *hdr; 3979 struct l2cap_hdr *hdr;
3875 struct sock *sk; 3980 struct l2cap_chan *chan;
3876 u16 cid; 3981 u16 cid;
3877 int len; 3982 int len;
3878 3983
@@ -3910,18 +4015,21 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl
3910 goto drop; 4015 goto drop;
3911 } 4016 }
3912 4017
3913 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4018 chan = l2cap_get_chan_by_scid(conn, cid);
3914 4019
3915 if (sk && l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) { 4020 if (chan && chan->sk) {
3916 BT_ERR("Frame exceeding recv MTU (len %d, MTU %d)", 4021 struct sock *sk = chan->sk;
3917 len, l2cap_pi(sk)->imtu);
3918 bh_unlock_sock(sk);
3919 l2cap_conn_unreliable(conn, ECOMM);
3920 goto drop;
3921 }
3922 4022
3923 if (sk) 4023 if (l2cap_pi(sk)->imtu < len - L2CAP_HDR_SIZE) {
4024 BT_ERR("Frame exceeding recv MTU (len %d, "
4025 "MTU %d)", len,
4026 l2cap_pi(sk)->imtu);
4027 bh_unlock_sock(sk);
4028 l2cap_conn_unreliable(conn, ECOMM);
4029 goto drop;
4030 }
3924 bh_unlock_sock(sk); 4031 bh_unlock_sock(sk);
4032 }
3925 4033
3926 /* Allocate skb for the complete frame (with header) */ 4034 /* Allocate skb for the complete frame (with header) */
3927 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 4035 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index f77308e63e58..473e5973d8fe 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -269,7 +269,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
269 goto done; 269 goto done;
270 } 270 }
271 271
272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->dcid) { 272 if (!l2cap_pi(sk)->psm && !l2cap_pi(sk)->scid) {
273 bdaddr_t *src = &bt_sk(sk)->src; 273 bdaddr_t *src = &bt_sk(sk)->src;
274 u16 psm; 274 u16 psm;
275 275
@@ -757,35 +757,37 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
757 case L2CAP_MODE_ERTM: 757 case L2CAP_MODE_ERTM:
758 case L2CAP_MODE_STREAMING: 758 case L2CAP_MODE_STREAMING:
759 /* Entire SDU fits into one PDU */ 759 /* Entire SDU fits into one PDU */
760 if (len <= pi->remote_mps) { 760 if (len <= pi->chan->remote_mps) {
761 control = L2CAP_SDU_UNSEGMENTED; 761 control = L2CAP_SDU_UNSEGMENTED;
762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 762 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
763 if (IS_ERR(skb)) { 763 if (IS_ERR(skb)) {
764 err = PTR_ERR(skb); 764 err = PTR_ERR(skb);
765 goto done; 765 goto done;
766 } 766 }
767 __skb_queue_tail(TX_QUEUE(sk), skb); 767 __skb_queue_tail(&pi->chan->tx_q, skb);
768 768
769 if (sk->sk_send_head == NULL) 769 if (pi->chan->tx_send_head == NULL)
770 sk->sk_send_head = skb; 770 pi->chan->tx_send_head = skb;
771 771
772 } else { 772 } else {
773 /* Segment SDU into multiples PDUs */ 773 /* Segment SDU into multiples PDUs */
774 err = l2cap_sar_segment_sdu(sk, msg, len); 774 err = l2cap_sar_segment_sdu(pi->chan, msg, len);
775 if (err < 0) 775 if (err < 0)
776 goto done; 776 goto done;
777 } 777 }
778 778
779 if (pi->mode == L2CAP_MODE_STREAMING) { 779 if (pi->mode == L2CAP_MODE_STREAMING) {
780 l2cap_streaming_send(sk); 780 l2cap_streaming_send(pi->chan);
781 } else { 781 err = len;
782 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 782 break;
783 (pi->conn_state & L2CAP_CONN_WAIT_F)) { 783 }
784 err = len; 784
785 break; 785 if ((pi->chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
786 } 786 (pi->chan->conn_state & L2CAP_CONN_WAIT_F)) {
787 err = l2cap_ertm_send(sk); 787 err = len;
788 break;
788 } 789 }
790 err = l2cap_ertm_send(pi->chan);
789 791
790 if (err >= 0) 792 if (err >= 0)
791 err = len; 793 err = len;
@@ -808,29 +810,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
808 lock_sock(sk); 810 lock_sock(sk);
809 811
810 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 812 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
811 struct l2cap_conn_rsp rsp; 813 __l2cap_connect_rsp_defer(sk);
812 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
813 u8 buf[128];
814
815 sk->sk_state = BT_CONFIG;
816
817 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
818 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
819 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
820 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
821 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
822 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
823
824 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
825 release_sock(sk);
826 return 0;
827 }
828
829 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
831 l2cap_build_conf_req(sk, buf), buf);
832 l2cap_pi(sk)->num_conf_req++;
833
834 release_sock(sk); 814 release_sock(sk);
835 return 0; 815 return 0;
836 } 816 }
@@ -886,6 +866,7 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
886void __l2cap_sock_close(struct sock *sk, int reason) 866void __l2cap_sock_close(struct sock *sk, int reason)
887{ 867{
888 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 868 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
869 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
889 870
890 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 871 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
891 872
@@ -900,9 +881,9 @@ void __l2cap_sock_close(struct sock *sk, int reason)
900 sk->sk_type == SOCK_STREAM) && 881 sk->sk_type == SOCK_STREAM) &&
901 conn->hcon->type == ACL_LINK) { 882 conn->hcon->type == ACL_LINK) {
902 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 883 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
903 l2cap_send_disconn_req(conn, sk, reason); 884 l2cap_send_disconn_req(conn, chan, reason);
904 } else 885 } else
905 l2cap_chan_del(sk, reason); 886 l2cap_chan_del(chan, reason);
906 break; 887 break;
907 888
908 case BT_CONNECT2: 889 case BT_CONNECT2:
@@ -921,16 +902,16 @@ void __l2cap_sock_close(struct sock *sk, int reason)
921 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 902 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
922 rsp.result = cpu_to_le16(result); 903 rsp.result = cpu_to_le16(result);
923 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 904 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
924 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 905 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
925 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 906 sizeof(rsp), &rsp);
926 } 907 }
927 908
928 l2cap_chan_del(sk, reason); 909 l2cap_chan_del(chan, reason);
929 break; 910 break;
930 911
931 case BT_CONNECT: 912 case BT_CONNECT:
932 case BT_DISCONN: 913 case BT_DISCONN:
933 l2cap_chan_del(sk, reason); 914 l2cap_chan_del(chan, reason);
934 break; 915 break;
935 916
936 default: 917 default:
@@ -1035,12 +1016,7 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
1035 } 1016 }
1036 1017
1037 /* Default config options */ 1018 /* Default config options */
1038 pi->conf_len = 0;
1039 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1019 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1040 skb_queue_head_init(TX_QUEUE(sk));
1041 skb_queue_head_init(SREJ_QUEUE(sk));
1042 skb_queue_head_init(BUSY_QUEUE(sk));
1043 INIT_LIST_HEAD(SREJ_LIST(sk));
1044} 1020}
1045 1021
1046static struct proto l2cap_proto = { 1022static struct proto l2cap_proto = {
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 09:19:51 -0500