aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/l2cap.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/l2cap.c')
-rw-r--r--net/bluetooth/l2cap.c1115
1 files changed, 852 insertions, 263 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 9753b690a8b3..1b682a5aa061 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -55,18 +55,27 @@
55 55
56#define VERSION "2.14" 56#define VERSION "2.14"
57 57
58#ifdef CONFIG_BT_L2CAP_EXT_FEATURES
59static int enable_ertm = 1;
60#else
58static int enable_ertm = 0; 61static int enable_ertm = 0;
62#endif
59static int max_transmit = L2CAP_DEFAULT_MAX_TX; 63static int max_transmit = L2CAP_DEFAULT_MAX_TX;
64static int tx_window = L2CAP_DEFAULT_TX_WINDOW;
60 65
61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 66static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
62static u8 l2cap_fixed_chan[8] = { 0x02, }; 67static u8 l2cap_fixed_chan[8] = { 0x02, };
63 68
64static const struct proto_ops l2cap_sock_ops; 69static const struct proto_ops l2cap_sock_ops;
65 70
71static struct workqueue_struct *_busy_wq;
72
66static struct bt_sock_list l2cap_sk_list = { 73static struct bt_sock_list l2cap_sk_list = {
67 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 74 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
68}; 75};
69 76
77static void l2cap_busy_work(struct work_struct *work);
78
70static void __l2cap_sock_close(struct sock *sk, int reason); 79static void __l2cap_sock_close(struct sock *sk, int reason);
71static void l2cap_sock_close(struct sock *sk); 80static void l2cap_sock_close(struct sock *sk);
72static void l2cap_sock_kill(struct sock *sk); 81static void l2cap_sock_kill(struct sock *sk);
@@ -219,7 +228,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct so
219 228
220 l2cap_pi(sk)->conn = conn; 229 l2cap_pi(sk)->conn = conn;
221 230
222 if (sk->sk_type == SOCK_SEQPACKET) { 231 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
223 /* Alloc CID for connection-oriented socket */ 232 /* Alloc CID for connection-oriented socket */
224 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 233 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
225 } else if (sk->sk_type == SOCK_DGRAM) { 234 } else if (sk->sk_type == SOCK_DGRAM) {
@@ -325,19 +334,19 @@ static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
325 return id; 334 return id;
326} 335}
327 336
328static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 337static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
329{ 338{
330 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 339 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
331 340
332 BT_DBG("code 0x%2.2x", code); 341 BT_DBG("code 0x%2.2x", code);
333 342
334 if (!skb) 343 if (!skb)
335 return -ENOMEM; 344 return;
336 345
337 return hci_send_acl(conn->hcon, skb, 0); 346 hci_send_acl(conn->hcon, skb, 0);
338} 347}
339 348
340static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) 349static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
341{ 350{
342 struct sk_buff *skb; 351 struct sk_buff *skb;
343 struct l2cap_hdr *lh; 352 struct l2cap_hdr *lh;
@@ -352,9 +361,19 @@ static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
352 count = min_t(unsigned int, conn->mtu, hlen); 361 count = min_t(unsigned int, conn->mtu, hlen);
353 control |= L2CAP_CTRL_FRAME_TYPE; 362 control |= L2CAP_CTRL_FRAME_TYPE;
354 363
364 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
365 control |= L2CAP_CTRL_FINAL;
366 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
367 }
368
369 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
370 control |= L2CAP_CTRL_POLL;
371 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
372 }
373
355 skb = bt_skb_alloc(count, GFP_ATOMIC); 374 skb = bt_skb_alloc(count, GFP_ATOMIC);
356 if (!skb) 375 if (!skb)
357 return -ENOMEM; 376 return;
358 377
359 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 378 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
360 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); 379 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
@@ -366,19 +385,20 @@ static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
366 put_unaligned_le16(fcs, skb_put(skb, 2)); 385 put_unaligned_le16(fcs, skb_put(skb, 2));
367 } 386 }
368 387
369 return hci_send_acl(pi->conn->hcon, skb, 0); 388 hci_send_acl(pi->conn->hcon, skb, 0);
370} 389}
371 390
372static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control) 391static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
373{ 392{
374 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) 393 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
375 control |= L2CAP_SUPER_RCV_NOT_READY; 394 control |= L2CAP_SUPER_RCV_NOT_READY;
376 else 395 pi->conn_state |= L2CAP_CONN_RNR_SENT;
396 } else
377 control |= L2CAP_SUPER_RCV_READY; 397 control |= L2CAP_SUPER_RCV_READY;
378 398
379 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 399 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
380 400
381 return l2cap_send_sframe(pi, control); 401 l2cap_send_sframe(pi, control);
382} 402}
383 403
384static void l2cap_do_start(struct sock *sk) 404static void l2cap_do_start(struct sock *sk)
@@ -437,7 +457,8 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 457 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
438 bh_lock_sock(sk); 458 bh_lock_sock(sk);
439 459
440 if (sk->sk_type != SOCK_SEQPACKET) { 460 if (sk->sk_type != SOCK_SEQPACKET &&
461 sk->sk_type != SOCK_STREAM) {
441 bh_unlock_sock(sk); 462 bh_unlock_sock(sk);
442 continue; 463 continue;
443 } 464 }
@@ -497,7 +518,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
497 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 518 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
498 bh_lock_sock(sk); 519 bh_lock_sock(sk);
499 520
500 if (sk->sk_type != SOCK_SEQPACKET) { 521 if (sk->sk_type != SOCK_SEQPACKET &&
522 sk->sk_type != SOCK_STREAM) {
501 l2cap_sock_clear_timer(sk); 523 l2cap_sock_clear_timer(sk);
502 sk->sk_state = BT_CONNECTED; 524 sk->sk_state = BT_CONNECTED;
503 sk->sk_state_change(sk); 525 sk->sk_state_change(sk);
@@ -706,7 +728,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
706 728
707 case BT_CONNECTED: 729 case BT_CONNECTED:
708 case BT_CONFIG: 730 case BT_CONFIG:
709 if (sk->sk_type == SOCK_SEQPACKET) { 731 if (sk->sk_type == SOCK_SEQPACKET ||
732 sk->sk_type == SOCK_STREAM) {
710 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 733 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
711 734
712 sk->sk_state = BT_DISCONN; 735 sk->sk_state = BT_DISCONN;
@@ -717,7 +740,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
717 break; 740 break;
718 741
719 case BT_CONNECT2: 742 case BT_CONNECT2:
720 if (sk->sk_type == SOCK_SEQPACKET) { 743 if (sk->sk_type == SOCK_SEQPACKET ||
744 sk->sk_type == SOCK_STREAM) {
721 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 745 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
722 struct l2cap_conn_rsp rsp; 746 struct l2cap_conn_rsp rsp;
723 __u16 result; 747 __u16 result;
@@ -772,14 +796,21 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
772 pi->omtu = l2cap_pi(parent)->omtu; 796 pi->omtu = l2cap_pi(parent)->omtu;
773 pi->mode = l2cap_pi(parent)->mode; 797 pi->mode = l2cap_pi(parent)->mode;
774 pi->fcs = l2cap_pi(parent)->fcs; 798 pi->fcs = l2cap_pi(parent)->fcs;
799 pi->max_tx = l2cap_pi(parent)->max_tx;
800 pi->tx_win = l2cap_pi(parent)->tx_win;
775 pi->sec_level = l2cap_pi(parent)->sec_level; 801 pi->sec_level = l2cap_pi(parent)->sec_level;
776 pi->role_switch = l2cap_pi(parent)->role_switch; 802 pi->role_switch = l2cap_pi(parent)->role_switch;
777 pi->force_reliable = l2cap_pi(parent)->force_reliable; 803 pi->force_reliable = l2cap_pi(parent)->force_reliable;
778 } else { 804 } else {
779 pi->imtu = L2CAP_DEFAULT_MTU; 805 pi->imtu = L2CAP_DEFAULT_MTU;
780 pi->omtu = 0; 806 pi->omtu = 0;
781 pi->mode = L2CAP_MODE_BASIC; 807 if (enable_ertm && sk->sk_type == SOCK_STREAM)
808 pi->mode = L2CAP_MODE_ERTM;
809 else
810 pi->mode = L2CAP_MODE_BASIC;
811 pi->max_tx = max_transmit;
782 pi->fcs = L2CAP_FCS_CRC16; 812 pi->fcs = L2CAP_FCS_CRC16;
813 pi->tx_win = tx_window;
783 pi->sec_level = BT_SECURITY_LOW; 814 pi->sec_level = BT_SECURITY_LOW;
784 pi->role_switch = 0; 815 pi->role_switch = 0;
785 pi->force_reliable = 0; 816 pi->force_reliable = 0;
@@ -790,6 +821,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
790 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 821 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
791 skb_queue_head_init(TX_QUEUE(sk)); 822 skb_queue_head_init(TX_QUEUE(sk));
792 skb_queue_head_init(SREJ_QUEUE(sk)); 823 skb_queue_head_init(SREJ_QUEUE(sk));
824 skb_queue_head_init(BUSY_QUEUE(sk));
793 INIT_LIST_HEAD(SREJ_LIST(sk)); 825 INIT_LIST_HEAD(SREJ_LIST(sk));
794} 826}
795 827
@@ -833,7 +865,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
833 865
834 sock->state = SS_UNCONNECTED; 866 sock->state = SS_UNCONNECTED;
835 867
836 if (sock->type != SOCK_SEQPACKET && 868 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
837 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 869 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
838 return -ESOCKTNOSUPPORT; 870 return -ESOCKTNOSUPPORT;
839 871
@@ -981,7 +1013,8 @@ static int l2cap_do_connect(struct sock *sk)
981 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 1013 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
982 1014
983 if (hcon->state == BT_CONNECTED) { 1015 if (hcon->state == BT_CONNECTED) {
984 if (sk->sk_type != SOCK_SEQPACKET) { 1016 if (sk->sk_type != SOCK_SEQPACKET &&
1017 sk->sk_type != SOCK_STREAM) {
985 l2cap_sock_clear_timer(sk); 1018 l2cap_sock_clear_timer(sk);
986 sk->sk_state = BT_CONNECTED; 1019 sk->sk_state = BT_CONNECTED;
987 } else 1020 } else
@@ -1015,7 +1048,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
1015 1048
1016 lock_sock(sk); 1049 lock_sock(sk);
1017 1050
1018 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) { 1051 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1052 && !la.l2_psm) {
1019 err = -EINVAL; 1053 err = -EINVAL;
1020 goto done; 1054 goto done;
1021 } 1055 }
@@ -1079,7 +1113,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
1079 1113
1080 lock_sock(sk); 1114 lock_sock(sk);
1081 1115
1082 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 1116 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1117 || sk->sk_state != BT_BOUND) {
1083 err = -EBADFD; 1118 err = -EBADFD;
1084 goto done; 1119 goto done;
1085 } 1120 }
@@ -1147,7 +1182,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int fl
1147 BT_DBG("sk %p timeo %ld", sk, timeo); 1182 BT_DBG("sk %p timeo %ld", sk, timeo);
1148 1183
1149 /* Wait for an incoming connection. (wake-one). */ 1184 /* Wait for an incoming connection. (wake-one). */
1150 add_wait_queue_exclusive(sk->sk_sleep, &wait); 1185 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1151 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 1186 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1152 set_current_state(TASK_INTERRUPTIBLE); 1187 set_current_state(TASK_INTERRUPTIBLE);
1153 if (!timeo) { 1188 if (!timeo) {
@@ -1170,7 +1205,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int fl
1170 } 1205 }
1171 } 1206 }
1172 set_current_state(TASK_RUNNING); 1207 set_current_state(TASK_RUNNING);
1173 remove_wait_queue(sk->sk_sleep, &wait); 1208 remove_wait_queue(sk_sleep(sk), &wait);
1174 1209
1175 if (err) 1210 if (err)
1176 goto done; 1211 goto done;
@@ -1207,10 +1242,40 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
1207 return 0; 1242 return 0;
1208} 1243}
1209 1244
1245static int __l2cap_wait_ack(struct sock *sk)
1246{
1247 DECLARE_WAITQUEUE(wait, current);
1248 int err = 0;
1249 int timeo = HZ/5;
1250
1251 add_wait_queue(sk_sleep(sk), &wait);
1252 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1253 set_current_state(TASK_INTERRUPTIBLE);
1254
1255 if (!timeo)
1256 timeo = HZ/5;
1257
1258 if (signal_pending(current)) {
1259 err = sock_intr_errno(timeo);
1260 break;
1261 }
1262
1263 release_sock(sk);
1264 timeo = schedule_timeout(timeo);
1265 lock_sock(sk);
1266
1267 err = sock_error(sk);
1268 if (err)
1269 break;
1270 }
1271 set_current_state(TASK_RUNNING);
1272 remove_wait_queue(sk_sleep(sk), &wait);
1273 return err;
1274}
1275
1210static void l2cap_monitor_timeout(unsigned long arg) 1276static void l2cap_monitor_timeout(unsigned long arg)
1211{ 1277{
1212 struct sock *sk = (void *) arg; 1278 struct sock *sk = (void *) arg;
1213 u16 control;
1214 1279
1215 bh_lock_sock(sk); 1280 bh_lock_sock(sk);
1216 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 1281 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
@@ -1222,15 +1287,13 @@ static void l2cap_monitor_timeout(unsigned long arg)
1222 l2cap_pi(sk)->retry_count++; 1287 l2cap_pi(sk)->retry_count++;
1223 __mod_monitor_timer(); 1288 __mod_monitor_timer();
1224 1289
1225 control = L2CAP_CTRL_POLL; 1290 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1226 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1227 bh_unlock_sock(sk); 1291 bh_unlock_sock(sk);
1228} 1292}
1229 1293
1230static void l2cap_retrans_timeout(unsigned long arg) 1294static void l2cap_retrans_timeout(unsigned long arg)
1231{ 1295{
1232 struct sock *sk = (void *) arg; 1296 struct sock *sk = (void *) arg;
1233 u16 control;
1234 1297
1235 bh_lock_sock(sk); 1298 bh_lock_sock(sk);
1236 l2cap_pi(sk)->retry_count = 1; 1299 l2cap_pi(sk)->retry_count = 1;
@@ -1238,8 +1301,7 @@ static void l2cap_retrans_timeout(unsigned long arg)
1238 1301
1239 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F; 1302 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1240 1303
1241 control = L2CAP_CTRL_POLL; 1304 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1242 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1243 bh_unlock_sock(sk); 1305 bh_unlock_sock(sk);
1244} 1306}
1245 1307
@@ -1247,7 +1309,8 @@ static void l2cap_drop_acked_frames(struct sock *sk)
1247{ 1309{
1248 struct sk_buff *skb; 1310 struct sk_buff *skb;
1249 1311
1250 while ((skb = skb_peek(TX_QUEUE(sk)))) { 1312 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1313 l2cap_pi(sk)->unacked_frames) {
1251 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq) 1314 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1252 break; 1315 break;
1253 1316
@@ -1259,22 +1322,15 @@ static void l2cap_drop_acked_frames(struct sock *sk)
1259 1322
1260 if (!l2cap_pi(sk)->unacked_frames) 1323 if (!l2cap_pi(sk)->unacked_frames)
1261 del_timer(&l2cap_pi(sk)->retrans_timer); 1324 del_timer(&l2cap_pi(sk)->retrans_timer);
1262
1263 return;
1264} 1325}
1265 1326
1266static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb) 1327static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1267{ 1328{
1268 struct l2cap_pinfo *pi = l2cap_pi(sk); 1329 struct l2cap_pinfo *pi = l2cap_pi(sk);
1269 int err;
1270 1330
1271 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len); 1331 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1272 1332
1273 err = hci_send_acl(pi->conn->hcon, skb, 0); 1333 hci_send_acl(pi->conn->hcon, skb, 0);
1274 if (err < 0)
1275 kfree_skb(skb);
1276
1277 return err;
1278} 1334}
1279 1335
1280static int l2cap_streaming_send(struct sock *sk) 1336static int l2cap_streaming_send(struct sock *sk)
@@ -1282,7 +1338,6 @@ static int l2cap_streaming_send(struct sock *sk)
1282 struct sk_buff *skb, *tx_skb; 1338 struct sk_buff *skb, *tx_skb;
1283 struct l2cap_pinfo *pi = l2cap_pi(sk); 1339 struct l2cap_pinfo *pi = l2cap_pi(sk);
1284 u16 control, fcs; 1340 u16 control, fcs;
1285 int err;
1286 1341
1287 while ((skb = sk->sk_send_head)) { 1342 while ((skb = sk->sk_send_head)) {
1288 tx_skb = skb_clone(skb, GFP_ATOMIC); 1343 tx_skb = skb_clone(skb, GFP_ATOMIC);
@@ -1291,16 +1346,12 @@ static int l2cap_streaming_send(struct sock *sk)
1291 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; 1346 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1292 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1347 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1293 1348
1294 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1349 if (pi->fcs == L2CAP_FCS_CRC16) {
1295 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2); 1350 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1296 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2); 1351 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1297 } 1352 }
1298 1353
1299 err = l2cap_do_send(sk, tx_skb); 1354 l2cap_do_send(sk, tx_skb);
1300 if (err < 0) {
1301 l2cap_send_disconn_req(pi->conn, sk);
1302 return err;
1303 }
1304 1355
1305 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1356 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1306 1357
@@ -1315,48 +1366,44 @@ static int l2cap_streaming_send(struct sock *sk)
1315 return 0; 1366 return 0;
1316} 1367}
1317 1368
1318static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq) 1369static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1319{ 1370{
1320 struct l2cap_pinfo *pi = l2cap_pi(sk); 1371 struct l2cap_pinfo *pi = l2cap_pi(sk);
1321 struct sk_buff *skb, *tx_skb; 1372 struct sk_buff *skb, *tx_skb;
1322 u16 control, fcs; 1373 u16 control, fcs;
1323 int err;
1324 1374
1325 skb = skb_peek(TX_QUEUE(sk)); 1375 skb = skb_peek(TX_QUEUE(sk));
1326 do { 1376 if (!skb)
1327 if (bt_cb(skb)->tx_seq != tx_seq) { 1377 return;
1328 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1329 break;
1330 skb = skb_queue_next(TX_QUEUE(sk), skb);
1331 continue;
1332 }
1333 1378
1334 if (pi->remote_max_tx && 1379 do {
1335 bt_cb(skb)->retries == pi->remote_max_tx) { 1380 if (bt_cb(skb)->tx_seq == tx_seq)
1336 l2cap_send_disconn_req(pi->conn, sk);
1337 break; 1381 break;
1338 }
1339 1382
1340 tx_skb = skb_clone(skb, GFP_ATOMIC); 1383 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1341 bt_cb(skb)->retries++; 1384 return;
1342 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1343 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1344 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1345 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1346 1385
1347 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1386 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1348 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1349 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1350 }
1351 1387
1352 err = l2cap_do_send(sk, tx_skb); 1388 if (pi->remote_max_tx &&
1353 if (err < 0) { 1389 bt_cb(skb)->retries == pi->remote_max_tx) {
1354 l2cap_send_disconn_req(pi->conn, sk); 1390 l2cap_send_disconn_req(pi->conn, sk);
1355 return err; 1391 return;
1356 } 1392 }
1357 break; 1393
1358 } while(1); 1394 tx_skb = skb_clone(skb, GFP_ATOMIC);
1359 return 0; 1395 bt_cb(skb)->retries++;
1396 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1397 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1398 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1399 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1400
1401 if (pi->fcs == L2CAP_FCS_CRC16) {
1402 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1403 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1404 }
1405
1406 l2cap_do_send(sk, tx_skb);
1360} 1407}
1361 1408
1362static int l2cap_ertm_send(struct sock *sk) 1409static int l2cap_ertm_send(struct sock *sk)
@@ -1364,13 +1411,13 @@ static int l2cap_ertm_send(struct sock *sk)
1364 struct sk_buff *skb, *tx_skb; 1411 struct sk_buff *skb, *tx_skb;
1365 struct l2cap_pinfo *pi = l2cap_pi(sk); 1412 struct l2cap_pinfo *pi = l2cap_pi(sk);
1366 u16 control, fcs; 1413 u16 control, fcs;
1367 int err; 1414 int nsent = 0;
1368 1415
1369 if (pi->conn_state & L2CAP_CONN_WAIT_F) 1416 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1370 return 0; 1417 return 0;
1371 1418
1372 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) && 1419 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1373 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) { 1420 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1374 1421
1375 if (pi->remote_max_tx && 1422 if (pi->remote_max_tx &&
1376 bt_cb(skb)->retries == pi->remote_max_tx) { 1423 bt_cb(skb)->retries == pi->remote_max_tx) {
@@ -1383,35 +1430,97 @@ static int l2cap_ertm_send(struct sock *sk)
1383 bt_cb(skb)->retries++; 1430 bt_cb(skb)->retries++;
1384 1431
1385 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1432 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1433 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1434 control |= L2CAP_CTRL_FINAL;
1435 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1436 }
1386 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1437 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1387 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1438 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1388 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1439 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1389 1440
1390 1441
1391 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) { 1442 if (pi->fcs == L2CAP_FCS_CRC16) {
1392 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2); 1443 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1393 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2); 1444 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1394 } 1445 }
1395 1446
1396 err = l2cap_do_send(sk, tx_skb); 1447 l2cap_do_send(sk, tx_skb);
1397 if (err < 0) { 1448
1398 l2cap_send_disconn_req(pi->conn, sk);
1399 return err;
1400 }
1401 __mod_retrans_timer(); 1449 __mod_retrans_timer();
1402 1450
1403 bt_cb(skb)->tx_seq = pi->next_tx_seq; 1451 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1404 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64; 1452 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1405 1453
1406 pi->unacked_frames++; 1454 pi->unacked_frames++;
1455 pi->frames_sent++;
1407 1456
1408 if (skb_queue_is_last(TX_QUEUE(sk), skb)) 1457 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1409 sk->sk_send_head = NULL; 1458 sk->sk_send_head = NULL;
1410 else 1459 else
1411 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); 1460 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1461
1462 nsent++;
1412 } 1463 }
1413 1464
1414 return 0; 1465 return nsent;
1466}
1467
1468static int l2cap_retransmit_frames(struct sock *sk)
1469{
1470 struct l2cap_pinfo *pi = l2cap_pi(sk);
1471 int ret;
1472
1473 spin_lock_bh(&pi->send_lock);
1474
1475 if (!skb_queue_empty(TX_QUEUE(sk)))
1476 sk->sk_send_head = TX_QUEUE(sk)->next;
1477
1478 pi->next_tx_seq = pi->expected_ack_seq;
1479 ret = l2cap_ertm_send(sk);
1480
1481 spin_unlock_bh(&pi->send_lock);
1482
1483 return ret;
1484}
1485
1486static void l2cap_send_ack(struct l2cap_pinfo *pi)
1487{
1488 struct sock *sk = (struct sock *)pi;
1489 u16 control = 0;
1490 int nframes;
1491
1492 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1493
1494 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1495 control |= L2CAP_SUPER_RCV_NOT_READY;
1496 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1497 l2cap_send_sframe(pi, control);
1498 return;
1499 }
1500
1501 spin_lock_bh(&pi->send_lock);
1502 nframes = l2cap_ertm_send(sk);
1503 spin_unlock_bh(&pi->send_lock);
1504
1505 if (nframes > 0)
1506 return;
1507
1508 control |= L2CAP_SUPER_RCV_READY;
1509 l2cap_send_sframe(pi, control);
1510}
1511
1512static void l2cap_send_srejtail(struct sock *sk)
1513{
1514 struct srej_list *tail;
1515 u16 control;
1516
1517 control = L2CAP_SUPER_SELECT_REJECT;
1518 control |= L2CAP_CTRL_FINAL;
1519
1520 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1521 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1522
1523 l2cap_send_sframe(l2cap_pi(sk), control);
1415} 1524}
1416 1525
1417static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1526static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
@@ -1420,9 +1529,8 @@ static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, in
1420 struct sk_buff **frag; 1529 struct sk_buff **frag;
1421 int err, sent = 0; 1530 int err, sent = 0;
1422 1531
1423 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 1532 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1424 return -EFAULT; 1533 return -EFAULT;
1425 }
1426 1534
1427 sent += count; 1535 sent += count;
1428 len -= count; 1536 len -= count;
@@ -1513,6 +1621,9 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *m
1513 1621
1514 BT_DBG("sk %p len %d", sk, (int)len); 1622 BT_DBG("sk %p len %d", sk, (int)len);
1515 1623
1624 if (!conn)
1625 return ERR_PTR(-ENOTCONN);
1626
1516 if (sdulen) 1627 if (sdulen)
1517 hlen += 2; 1628 hlen += 2;
1518 1629
@@ -1554,25 +1665,24 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
1554 u16 control; 1665 u16 control;
1555 size_t size = 0; 1666 size_t size = 0;
1556 1667
1557 __skb_queue_head_init(&sar_queue); 1668 skb_queue_head_init(&sar_queue);
1558 control = L2CAP_SDU_START; 1669 control = L2CAP_SDU_START;
1559 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len); 1670 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1560 if (IS_ERR(skb)) 1671 if (IS_ERR(skb))
1561 return PTR_ERR(skb); 1672 return PTR_ERR(skb);
1562 1673
1563 __skb_queue_tail(&sar_queue, skb); 1674 __skb_queue_tail(&sar_queue, skb);
1564 len -= pi->max_pdu_size; 1675 len -= pi->remote_mps;
1565 size +=pi->max_pdu_size; 1676 size += pi->remote_mps;
1566 control = 0;
1567 1677
1568 while (len > 0) { 1678 while (len > 0) {
1569 size_t buflen; 1679 size_t buflen;
1570 1680
1571 if (len > pi->max_pdu_size) { 1681 if (len > pi->remote_mps) {
1572 control |= L2CAP_SDU_CONTINUE; 1682 control = L2CAP_SDU_CONTINUE;
1573 buflen = pi->max_pdu_size; 1683 buflen = pi->remote_mps;
1574 } else { 1684 } else {
1575 control |= L2CAP_SDU_END; 1685 control = L2CAP_SDU_END;
1576 buflen = len; 1686 buflen = len;
1577 } 1687 }
1578 1688
@@ -1585,11 +1695,12 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
1585 __skb_queue_tail(&sar_queue, skb); 1695 __skb_queue_tail(&sar_queue, skb);
1586 len -= buflen; 1696 len -= buflen;
1587 size += buflen; 1697 size += buflen;
1588 control = 0;
1589 } 1698 }
1590 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1699 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1700 spin_lock_bh(&pi->send_lock);
1591 if (sk->sk_send_head == NULL) 1701 if (sk->sk_send_head == NULL)
1592 sk->sk_send_head = sar_queue.next; 1702 sk->sk_send_head = sar_queue.next;
1703 spin_unlock_bh(&pi->send_lock);
1593 1704
1594 return size; 1705 return size;
1595} 1706}
@@ -1611,11 +1722,6 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1611 if (msg->msg_flags & MSG_OOB) 1722 if (msg->msg_flags & MSG_OOB)
1612 return -EOPNOTSUPP; 1723 return -EOPNOTSUPP;
1613 1724
1614 /* Check outgoing MTU */
1615 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC &&
1616 len > pi->omtu)
1617 return -EINVAL;
1618
1619 lock_sock(sk); 1725 lock_sock(sk);
1620 1726
1621 if (sk->sk_state != BT_CONNECTED) { 1727 if (sk->sk_state != BT_CONNECTED) {
@@ -1626,15 +1732,23 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1626 /* Connectionless channel */ 1732 /* Connectionless channel */
1627 if (sk->sk_type == SOCK_DGRAM) { 1733 if (sk->sk_type == SOCK_DGRAM) {
1628 skb = l2cap_create_connless_pdu(sk, msg, len); 1734 skb = l2cap_create_connless_pdu(sk, msg, len);
1629 if (IS_ERR(skb)) 1735 if (IS_ERR(skb)) {
1630 err = PTR_ERR(skb); 1736 err = PTR_ERR(skb);
1631 else 1737 } else {
1632 err = l2cap_do_send(sk, skb); 1738 l2cap_do_send(sk, skb);
1739 err = len;
1740 }
1633 goto done; 1741 goto done;
1634 } 1742 }
1635 1743
1636 switch (pi->mode) { 1744 switch (pi->mode) {
1637 case L2CAP_MODE_BASIC: 1745 case L2CAP_MODE_BASIC:
1746 /* Check outgoing MTU */
1747 if (len > pi->omtu) {
1748 err = -EINVAL;
1749 goto done;
1750 }
1751
1638 /* Create a basic PDU */ 1752 /* Create a basic PDU */
1639 skb = l2cap_create_basic_pdu(sk, msg, len); 1753 skb = l2cap_create_basic_pdu(sk, msg, len);
1640 if (IS_ERR(skb)) { 1754 if (IS_ERR(skb)) {
@@ -1642,15 +1756,14 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1642 goto done; 1756 goto done;
1643 } 1757 }
1644 1758
1645 err = l2cap_do_send(sk, skb); 1759 l2cap_do_send(sk, skb);
1646 if (!err) 1760 err = len;
1647 err = len;
1648 break; 1761 break;
1649 1762
1650 case L2CAP_MODE_ERTM: 1763 case L2CAP_MODE_ERTM:
1651 case L2CAP_MODE_STREAMING: 1764 case L2CAP_MODE_STREAMING:
1652 /* Entire SDU fits into one PDU */ 1765 /* Entire SDU fits into one PDU */
1653 if (len <= pi->max_pdu_size) { 1766 if (len <= pi->remote_mps) {
1654 control = L2CAP_SDU_UNSEGMENTED; 1767 control = L2CAP_SDU_UNSEGMENTED;
1655 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0); 1768 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1656 if (IS_ERR(skb)) { 1769 if (IS_ERR(skb)) {
@@ -1658,8 +1771,15 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1658 goto done; 1771 goto done;
1659 } 1772 }
1660 __skb_queue_tail(TX_QUEUE(sk), skb); 1773 __skb_queue_tail(TX_QUEUE(sk), skb);
1774
1775 if (pi->mode == L2CAP_MODE_ERTM)
1776 spin_lock_bh(&pi->send_lock);
1777
1661 if (sk->sk_send_head == NULL) 1778 if (sk->sk_send_head == NULL)
1662 sk->sk_send_head = skb; 1779 sk->sk_send_head = skb;
1780
1781 if (pi->mode == L2CAP_MODE_ERTM)
1782 spin_unlock_bh(&pi->send_lock);
1663 } else { 1783 } else {
1664 /* Segment SDU into multiples PDUs */ 1784 /* Segment SDU into multiples PDUs */
1665 err = l2cap_sar_segment_sdu(sk, msg, len); 1785 err = l2cap_sar_segment_sdu(sk, msg, len);
@@ -1667,12 +1787,15 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1667 goto done; 1787 goto done;
1668 } 1788 }
1669 1789
1670 if (pi->mode == L2CAP_MODE_STREAMING) 1790 if (pi->mode == L2CAP_MODE_STREAMING) {
1671 err = l2cap_streaming_send(sk); 1791 err = l2cap_streaming_send(sk);
1672 else 1792 } else {
1793 spin_lock_bh(&pi->send_lock);
1673 err = l2cap_ertm_send(sk); 1794 err = l2cap_ertm_send(sk);
1795 spin_unlock_bh(&pi->send_lock);
1796 }
1674 1797
1675 if (!err) 1798 if (err >= 0)
1676 err = len; 1799 err = len;
1677 break; 1800 break;
1678 1801
@@ -1731,6 +1854,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1731 opts.flush_to = l2cap_pi(sk)->flush_to; 1854 opts.flush_to = l2cap_pi(sk)->flush_to;
1732 opts.mode = l2cap_pi(sk)->mode; 1855 opts.mode = l2cap_pi(sk)->mode;
1733 opts.fcs = l2cap_pi(sk)->fcs; 1856 opts.fcs = l2cap_pi(sk)->fcs;
1857 opts.max_tx = l2cap_pi(sk)->max_tx;
1858 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1734 1859
1735 len = min_t(unsigned int, sizeof(opts), optlen); 1860 len = min_t(unsigned int, sizeof(opts), optlen);
1736 if (copy_from_user((char *) &opts, optval, len)) { 1861 if (copy_from_user((char *) &opts, optval, len)) {
@@ -1738,10 +1863,25 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1738 break; 1863 break;
1739 } 1864 }
1740 1865
1866 l2cap_pi(sk)->mode = opts.mode;
1867 switch (l2cap_pi(sk)->mode) {
1868 case L2CAP_MODE_BASIC:
1869 break;
1870 case L2CAP_MODE_ERTM:
1871 case L2CAP_MODE_STREAMING:
1872 if (enable_ertm)
1873 break;
1874 /* fall through */
1875 default:
1876 err = -EINVAL;
1877 break;
1878 }
1879
1741 l2cap_pi(sk)->imtu = opts.imtu; 1880 l2cap_pi(sk)->imtu = opts.imtu;
1742 l2cap_pi(sk)->omtu = opts.omtu; 1881 l2cap_pi(sk)->omtu = opts.omtu;
1743 l2cap_pi(sk)->mode = opts.mode;
1744 l2cap_pi(sk)->fcs = opts.fcs; 1882 l2cap_pi(sk)->fcs = opts.fcs;
1883 l2cap_pi(sk)->max_tx = opts.max_tx;
1884 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
1745 break; 1885 break;
1746 1886
1747 case L2CAP_LM: 1887 case L2CAP_LM:
@@ -1789,7 +1929,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
1789 1929
1790 switch (optname) { 1930 switch (optname) {
1791 case BT_SECURITY: 1931 case BT_SECURITY:
1792 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { 1932 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
1933 && sk->sk_type != SOCK_RAW) {
1793 err = -EINVAL; 1934 err = -EINVAL;
1794 break; 1935 break;
1795 } 1936 }
@@ -1856,6 +1997,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
1856 opts.flush_to = l2cap_pi(sk)->flush_to; 1997 opts.flush_to = l2cap_pi(sk)->flush_to;
1857 opts.mode = l2cap_pi(sk)->mode; 1998 opts.mode = l2cap_pi(sk)->mode;
1858 opts.fcs = l2cap_pi(sk)->fcs; 1999 opts.fcs = l2cap_pi(sk)->fcs;
2000 opts.max_tx = l2cap_pi(sk)->max_tx;
2001 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1859 2002
1860 len = min_t(unsigned int, len, sizeof(opts)); 2003 len = min_t(unsigned int, len, sizeof(opts));
1861 if (copy_to_user(optval, (char *) &opts, len)) 2004 if (copy_to_user(optval, (char *) &opts, len))
@@ -1937,7 +2080,8 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
1937 2080
1938 switch (optname) { 2081 switch (optname) {
1939 case BT_SECURITY: 2082 case BT_SECURITY:
1940 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { 2083 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2084 && sk->sk_type != SOCK_RAW) {
1941 err = -EINVAL; 2085 err = -EINVAL;
1942 break; 2086 break;
1943 } 2087 }
@@ -1982,6 +2126,9 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
1982 2126
1983 lock_sock(sk); 2127 lock_sock(sk);
1984 if (!sk->sk_shutdown) { 2128 if (!sk->sk_shutdown) {
2129 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2130 err = __l2cap_wait_ack(sk);
2131
1985 sk->sk_shutdown = SHUTDOWN_MASK; 2132 sk->sk_shutdown = SHUTDOWN_MASK;
1986 l2cap_sock_clear_timer(sk); 2133 l2cap_sock_clear_timer(sk);
1987 __l2cap_sock_close(sk, 0); 2134 __l2cap_sock_close(sk, 0);
@@ -2184,19 +2331,35 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2184 *ptr += L2CAP_CONF_OPT_SIZE + len; 2331 *ptr += L2CAP_CONF_OPT_SIZE + len;
2185} 2332}
2186 2333
2334static void l2cap_ack_timeout(unsigned long arg)
2335{
2336 struct sock *sk = (void *) arg;
2337
2338 bh_lock_sock(sk);
2339 l2cap_send_ack(l2cap_pi(sk));
2340 bh_unlock_sock(sk);
2341}
2342
2187static inline void l2cap_ertm_init(struct sock *sk) 2343static inline void l2cap_ertm_init(struct sock *sk)
2188{ 2344{
2189 l2cap_pi(sk)->expected_ack_seq = 0; 2345 l2cap_pi(sk)->expected_ack_seq = 0;
2190 l2cap_pi(sk)->unacked_frames = 0; 2346 l2cap_pi(sk)->unacked_frames = 0;
2191 l2cap_pi(sk)->buffer_seq = 0; 2347 l2cap_pi(sk)->buffer_seq = 0;
2192 l2cap_pi(sk)->num_to_ack = 0; 2348 l2cap_pi(sk)->num_acked = 0;
2349 l2cap_pi(sk)->frames_sent = 0;
2193 2350
2194 setup_timer(&l2cap_pi(sk)->retrans_timer, 2351 setup_timer(&l2cap_pi(sk)->retrans_timer,
2195 l2cap_retrans_timeout, (unsigned long) sk); 2352 l2cap_retrans_timeout, (unsigned long) sk);
2196 setup_timer(&l2cap_pi(sk)->monitor_timer, 2353 setup_timer(&l2cap_pi(sk)->monitor_timer,
2197 l2cap_monitor_timeout, (unsigned long) sk); 2354 l2cap_monitor_timeout, (unsigned long) sk);
2355 setup_timer(&l2cap_pi(sk)->ack_timer,
2356 l2cap_ack_timeout, (unsigned long) sk);
2198 2357
2199 __skb_queue_head_init(SREJ_QUEUE(sk)); 2358 __skb_queue_head_init(SREJ_QUEUE(sk));
2359 __skb_queue_head_init(BUSY_QUEUE(sk));
2360 spin_lock_init(&l2cap_pi(sk)->send_lock);
2361
2362 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2200} 2363}
2201 2364
2202static int l2cap_mode_supported(__u8 mode, __u32 feat_mask) 2365static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
@@ -2232,7 +2395,7 @@ static int l2cap_build_conf_req(struct sock *sk, void *data)
2232{ 2395{
2233 struct l2cap_pinfo *pi = l2cap_pi(sk); 2396 struct l2cap_pinfo *pi = l2cap_pi(sk);
2234 struct l2cap_conf_req *req = data; 2397 struct l2cap_conf_req *req = data;
2235 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 2398 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2236 void *ptr = req->data; 2399 void *ptr = req->data;
2237 2400
2238 BT_DBG("sk %p", sk); 2401 BT_DBG("sk %p", sk);
@@ -2261,11 +2424,13 @@ done:
2261 2424
2262 case L2CAP_MODE_ERTM: 2425 case L2CAP_MODE_ERTM:
2263 rfc.mode = L2CAP_MODE_ERTM; 2426 rfc.mode = L2CAP_MODE_ERTM;
2264 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW; 2427 rfc.txwin_size = pi->tx_win;
2265 rfc.max_transmit = max_transmit; 2428 rfc.max_transmit = pi->max_tx;
2266 rfc.retrans_timeout = 0; 2429 rfc.retrans_timeout = 0;
2267 rfc.monitor_timeout = 0; 2430 rfc.monitor_timeout = 0;
2268 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 2431 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2432 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2433 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2269 2434
2270 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 2435 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2271 sizeof(rfc), (unsigned long) &rfc); 2436 sizeof(rfc), (unsigned long) &rfc);
@@ -2287,6 +2452,8 @@ done:
2287 rfc.retrans_timeout = 0; 2452 rfc.retrans_timeout = 0;
2288 rfc.monitor_timeout = 0; 2453 rfc.monitor_timeout = 0;
2289 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 2454 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2455 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2456 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2290 2457
2291 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 2458 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2292 sizeof(rfc), (unsigned long) &rfc); 2459 sizeof(rfc), (unsigned long) &rfc);
@@ -2415,10 +2582,15 @@ done:
2415 case L2CAP_MODE_ERTM: 2582 case L2CAP_MODE_ERTM:
2416 pi->remote_tx_win = rfc.txwin_size; 2583 pi->remote_tx_win = rfc.txwin_size;
2417 pi->remote_max_tx = rfc.max_transmit; 2584 pi->remote_max_tx = rfc.max_transmit;
2418 pi->max_pdu_size = rfc.max_pdu_size; 2585 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2586 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2419 2587
2420 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO; 2588 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2421 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO; 2589
2590 rfc.retrans_timeout =
2591 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2592 rfc.monitor_timeout =
2593 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2422 2594
2423 pi->conf_state |= L2CAP_CONF_MODE_DONE; 2595 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2424 2596
@@ -2428,8 +2600,10 @@ done:
2428 break; 2600 break;
2429 2601
2430 case L2CAP_MODE_STREAMING: 2602 case L2CAP_MODE_STREAMING:
2431 pi->remote_tx_win = rfc.txwin_size; 2603 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2432 pi->max_pdu_size = rfc.max_pdu_size; 2604 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2605
2606 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2433 2607
2434 pi->conf_state |= L2CAP_CONF_MODE_DONE; 2608 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2435 2609
@@ -2506,13 +2680,12 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
2506 switch (rfc.mode) { 2680 switch (rfc.mode) {
2507 case L2CAP_MODE_ERTM: 2681 case L2CAP_MODE_ERTM:
2508 pi->remote_tx_win = rfc.txwin_size; 2682 pi->remote_tx_win = rfc.txwin_size;
2509 pi->retrans_timeout = rfc.retrans_timeout; 2683 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2510 pi->monitor_timeout = rfc.monitor_timeout; 2684 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2511 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size); 2685 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2512 break; 2686 break;
2513 case L2CAP_MODE_STREAMING: 2687 case L2CAP_MODE_STREAMING:
2514 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size); 2688 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2515 break;
2516 } 2689 }
2517 } 2690 }
2518 2691
@@ -2536,6 +2709,42 @@ static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 fla
2536 return ptr - data; 2709 return ptr - data;
2537} 2710}
2538 2711
2712static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2713{
2714 struct l2cap_pinfo *pi = l2cap_pi(sk);
2715 int type, olen;
2716 unsigned long val;
2717 struct l2cap_conf_rfc rfc;
2718
2719 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2720
2721 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2722 return;
2723
2724 while (len >= L2CAP_CONF_OPT_SIZE) {
2725 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2726
2727 switch (type) {
2728 case L2CAP_CONF_RFC:
2729 if (olen == sizeof(rfc))
2730 memcpy(&rfc, (void *)val, olen);
2731 goto done;
2732 }
2733 }
2734
2735done:
2736 switch (rfc.mode) {
2737 case L2CAP_MODE_ERTM:
2738 pi->remote_tx_win = rfc.txwin_size;
2739 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2740 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2741 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2742 break;
2743 case L2CAP_MODE_STREAMING:
2744 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2745 }
2746}
2747
2539static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2748static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2540{ 2749{
2541 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data; 2750 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
@@ -2815,6 +3024,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2815 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 3024 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2816 u16 scid, flags, result; 3025 u16 scid, flags, result;
2817 struct sock *sk; 3026 struct sock *sk;
3027 int len = cmd->len - sizeof(*rsp);
2818 3028
2819 scid = __le16_to_cpu(rsp->scid); 3029 scid = __le16_to_cpu(rsp->scid);
2820 flags = __le16_to_cpu(rsp->flags); 3030 flags = __le16_to_cpu(rsp->flags);
@@ -2829,11 +3039,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2829 3039
2830 switch (result) { 3040 switch (result) {
2831 case L2CAP_CONF_SUCCESS: 3041 case L2CAP_CONF_SUCCESS:
3042 l2cap_conf_rfc_get(sk, rsp->data, len);
2832 break; 3043 break;
2833 3044
2834 case L2CAP_CONF_UNACCEPT: 3045 case L2CAP_CONF_UNACCEPT:
2835 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { 3046 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2836 int len = cmd->len - sizeof(*rsp);
2837 char req[64]; 3047 char req[64];
2838 3048
2839 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 3049 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
@@ -2917,8 +3127,10 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2917 3127
2918 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 3128 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2919 skb_queue_purge(SREJ_QUEUE(sk)); 3129 skb_queue_purge(SREJ_QUEUE(sk));
3130 skb_queue_purge(BUSY_QUEUE(sk));
2920 del_timer(&l2cap_pi(sk)->retrans_timer); 3131 del_timer(&l2cap_pi(sk)->retrans_timer);
2921 del_timer(&l2cap_pi(sk)->monitor_timer); 3132 del_timer(&l2cap_pi(sk)->monitor_timer);
3133 del_timer(&l2cap_pi(sk)->ack_timer);
2922 } 3134 }
2923 3135
2924 l2cap_chan_del(sk, ECONNRESET); 3136 l2cap_chan_del(sk, ECONNRESET);
@@ -2947,8 +3159,10 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2947 3159
2948 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { 3160 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2949 skb_queue_purge(SREJ_QUEUE(sk)); 3161 skb_queue_purge(SREJ_QUEUE(sk));
3162 skb_queue_purge(BUSY_QUEUE(sk));
2950 del_timer(&l2cap_pi(sk)->retrans_timer); 3163 del_timer(&l2cap_pi(sk)->retrans_timer);
2951 del_timer(&l2cap_pi(sk)->monitor_timer); 3164 del_timer(&l2cap_pi(sk)->monitor_timer);
3165 del_timer(&l2cap_pi(sk)->ack_timer);
2952 } 3166 }
2953 3167
2954 l2cap_chan_del(sk, 0); 3168 l2cap_chan_del(sk, 0);
@@ -3143,7 +3357,40 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3143 return 0; 3357 return 0;
3144} 3358}
3145 3359
3146static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 3360static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3361{
3362 struct l2cap_pinfo *pi = l2cap_pi(sk);
3363 u16 control = 0;
3364
3365 pi->frames_sent = 0;
3366 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3367
3368 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3369
3370 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3371 control |= L2CAP_SUPER_RCV_NOT_READY | L2CAP_CTRL_FINAL;
3372 l2cap_send_sframe(pi, control);
3373 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3374 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3375 }
3376
3377 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && pi->unacked_frames > 0)
3378 __mod_retrans_timer();
3379
3380 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3381
3382 spin_lock_bh(&pi->send_lock);
3383 l2cap_ertm_send(sk);
3384 spin_unlock_bh(&pi->send_lock);
3385
3386 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3387 pi->frames_sent == 0) {
3388 control |= L2CAP_SUPER_RCV_READY;
3389 l2cap_send_sframe(pi, control);
3390 }
3391}
3392
3393static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3147{ 3394{
3148 struct sk_buff *next_skb; 3395 struct sk_buff *next_skb;
3149 3396
@@ -3153,29 +3400,256 @@ static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_
3153 next_skb = skb_peek(SREJ_QUEUE(sk)); 3400 next_skb = skb_peek(SREJ_QUEUE(sk));
3154 if (!next_skb) { 3401 if (!next_skb) {
3155 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3402 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3156 return; 3403 return 0;
3157 } 3404 }
3158 3405
3159 do { 3406 do {
3407 if (bt_cb(next_skb)->tx_seq == tx_seq)
3408 return -EINVAL;
3409
3160 if (bt_cb(next_skb)->tx_seq > tx_seq) { 3410 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3161 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 3411 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3162 return; 3412 return 0;
3163 } 3413 }
3164 3414
3165 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb)) 3415 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3166 break; 3416 break;
3167 3417
3168 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb))); 3418 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3169 3419
3170 __skb_queue_tail(SREJ_QUEUE(sk), skb); 3420 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3421
3422 return 0;
3171} 3423}
3172 3424
3173static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control) 3425static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3426{
3427 struct l2cap_pinfo *pi = l2cap_pi(sk);
3428 struct sk_buff *_skb;
3429 int err;
3430
3431 switch (control & L2CAP_CTRL_SAR) {
3432 case L2CAP_SDU_UNSEGMENTED:
3433 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3434 goto drop;
3435
3436 err = sock_queue_rcv_skb(sk, skb);
3437 if (!err)
3438 return err;
3439
3440 break;
3441
3442 case L2CAP_SDU_START:
3443 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3444 goto drop;
3445
3446 pi->sdu_len = get_unaligned_le16(skb->data);
3447
3448 if (pi->sdu_len > pi->imtu)
3449 goto disconnect;
3450
3451 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3452 if (!pi->sdu)
3453 return -ENOMEM;
3454
3455 /* pull sdu_len bytes only after alloc, because of Local Busy
3456 * condition we have to be sure that this will be executed
3457 * only once, i.e., when alloc does not fail */
3458 skb_pull(skb, 2);
3459
3460 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3461
3462 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3463 pi->partial_sdu_len = skb->len;
3464 break;
3465
3466 case L2CAP_SDU_CONTINUE:
3467 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3468 goto disconnect;
3469
3470 if (!pi->sdu)
3471 goto disconnect;
3472
3473 pi->partial_sdu_len += skb->len;
3474 if (pi->partial_sdu_len > pi->sdu_len)
3475 goto drop;
3476
3477 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3478
3479 break;
3480
3481 case L2CAP_SDU_END:
3482 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3483 goto disconnect;
3484
3485 if (!pi->sdu)
3486 goto disconnect;
3487
3488 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3489 pi->partial_sdu_len += skb->len;
3490
3491 if (pi->partial_sdu_len > pi->imtu)
3492 goto drop;
3493
3494 if (pi->partial_sdu_len != pi->sdu_len)
3495 goto drop;
3496
3497 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3498 }
3499
3500 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3501 if (!_skb) {
3502 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3503 return -ENOMEM;
3504 }
3505
3506 err = sock_queue_rcv_skb(sk, _skb);
3507 if (err < 0) {
3508 kfree_skb(_skb);
3509 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3510 return err;
3511 }
3512
3513 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3514 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3515
3516 kfree_skb(pi->sdu);
3517 break;
3518 }
3519
3520 kfree_skb(skb);
3521 return 0;
3522
3523drop:
3524 kfree_skb(pi->sdu);
3525 pi->sdu = NULL;
3526
3527disconnect:
3528 l2cap_send_disconn_req(pi->conn, sk);
3529 kfree_skb(skb);
3530 return 0;
3531}
3532
3533static void l2cap_busy_work(struct work_struct *work)
3534{
3535 DECLARE_WAITQUEUE(wait, current);
3536 struct l2cap_pinfo *pi =
3537 container_of(work, struct l2cap_pinfo, busy_work);
3538 struct sock *sk = (struct sock *)pi;
3539 int n_tries = 0, timeo = HZ/5, err;
3540 struct sk_buff *skb;
3541 u16 control;
3542
3543 lock_sock(sk);
3544
3545 add_wait_queue(sk_sleep(sk), &wait);
3546 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3547 set_current_state(TASK_INTERRUPTIBLE);
3548
3549 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3550 err = -EBUSY;
3551 l2cap_send_disconn_req(pi->conn, sk);
3552 goto done;
3553 }
3554
3555 if (!timeo)
3556 timeo = HZ/5;
3557
3558 if (signal_pending(current)) {
3559 err = sock_intr_errno(timeo);
3560 goto done;
3561 }
3562
3563 release_sock(sk);
3564 timeo = schedule_timeout(timeo);
3565 lock_sock(sk);
3566
3567 err = sock_error(sk);
3568 if (err)
3569 goto done;
3570
3571 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3572 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3573 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3574 if (err < 0) {
3575 skb_queue_head(BUSY_QUEUE(sk), skb);
3576 break;
3577 }
3578
3579 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3580 }
3581
3582 if (!skb)
3583 break;
3584 }
3585
3586 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3587 goto done;
3588
3589 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3590 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3591 l2cap_send_sframe(pi, control);
3592 l2cap_pi(sk)->retry_count = 1;
3593
3594 del_timer(&pi->retrans_timer);
3595 __mod_monitor_timer();
3596
3597 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3598
3599done:
3600 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3601 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3602
3603 set_current_state(TASK_RUNNING);
3604 remove_wait_queue(sk_sleep(sk), &wait);
3605
3606 release_sock(sk);
3607}
3608
3609static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3610{
3611 struct l2cap_pinfo *pi = l2cap_pi(sk);
3612 int sctrl, err;
3613
3614 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3615 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3616 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3617 return -EBUSY;
3618 }
3619
3620 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3621 if (err >= 0) {
3622 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3623 return err;
3624 }
3625
3626 /* Busy Condition */
3627 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3628 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3629 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3630
3631 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3632 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3633 l2cap_send_sframe(pi, sctrl);
3634
3635 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3636
3637 queue_work(_busy_wq, &pi->busy_work);
3638
3639 return err;
3640}
3641
3642static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3174{ 3643{
3175 struct l2cap_pinfo *pi = l2cap_pi(sk); 3644 struct l2cap_pinfo *pi = l2cap_pi(sk);
3176 struct sk_buff *_skb; 3645 struct sk_buff *_skb;
3177 int err = -EINVAL; 3646 int err = -EINVAL;
3178 3647
3648 /*
3649 * TODO: We have to notify the userland if some data is lost with the
3650 * Streaming Mode.
3651 */
3652
3179 switch (control & L2CAP_CTRL_SAR) { 3653 switch (control & L2CAP_CTRL_SAR) {
3180 case L2CAP_SDU_UNSEGMENTED: 3654 case L2CAP_SDU_UNSEGMENTED:
3181 if (pi->conn_state & L2CAP_CONN_SAR_SDU) { 3655 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
@@ -3198,6 +3672,11 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3198 pi->sdu_len = get_unaligned_le16(skb->data); 3672 pi->sdu_len = get_unaligned_le16(skb->data);
3199 skb_pull(skb, 2); 3673 skb_pull(skb, 2);
3200 3674
3675 if (pi->sdu_len > pi->imtu) {
3676 err = -EMSGSIZE;
3677 break;
3678 }
3679
3201 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3680 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3202 if (!pi->sdu) { 3681 if (!pi->sdu) {
3203 err = -ENOMEM; 3682 err = -ENOMEM;
@@ -3234,15 +3713,19 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3234 pi->conn_state &= ~L2CAP_CONN_SAR_SDU; 3713 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3235 pi->partial_sdu_len += skb->len; 3714 pi->partial_sdu_len += skb->len;
3236 3715
3716 if (pi->partial_sdu_len > pi->imtu)
3717 goto drop;
3718
3237 if (pi->partial_sdu_len == pi->sdu_len) { 3719 if (pi->partial_sdu_len == pi->sdu_len) {
3238 _skb = skb_clone(pi->sdu, GFP_ATOMIC); 3720 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3239 err = sock_queue_rcv_skb(sk, _skb); 3721 err = sock_queue_rcv_skb(sk, _skb);
3240 if (err < 0) 3722 if (err < 0)
3241 kfree_skb(_skb); 3723 kfree_skb(_skb);
3242 } 3724 }
3243 kfree_skb(pi->sdu);
3244 err = 0; 3725 err = 0;
3245 3726
3727drop:
3728 kfree_skb(pi->sdu);
3246 break; 3729 break;
3247 } 3730 }
3248 3731
@@ -3253,15 +3736,15 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3253static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) 3736static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3254{ 3737{
3255 struct sk_buff *skb; 3738 struct sk_buff *skb;
3256 u16 control = 0; 3739 u16 control;
3257 3740
3258 while((skb = skb_peek(SREJ_QUEUE(sk)))) { 3741 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3259 if (bt_cb(skb)->tx_seq != tx_seq) 3742 if (bt_cb(skb)->tx_seq != tx_seq)
3260 break; 3743 break;
3261 3744
3262 skb = skb_dequeue(SREJ_QUEUE(sk)); 3745 skb = skb_dequeue(SREJ_QUEUE(sk));
3263 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; 3746 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3264 l2cap_sar_reassembly_sdu(sk, skb, control); 3747 l2cap_ertm_reassembly_sdu(sk, skb, control);
3265 l2cap_pi(sk)->buffer_seq_srej = 3748 l2cap_pi(sk)->buffer_seq_srej =
3266 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3749 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3267 tx_seq++; 3750 tx_seq++;
@@ -3274,7 +3757,7 @@ static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3274 struct srej_list *l, *tmp; 3757 struct srej_list *l, *tmp;
3275 u16 control; 3758 u16 control;
3276 3759
3277 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) { 3760 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3278 if (l->tx_seq == tx_seq) { 3761 if (l->tx_seq == tx_seq) {
3279 list_del(&l->list); 3762 list_del(&l->list);
3280 kfree(l); 3763 kfree(l);
@@ -3297,10 +3780,6 @@ static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3297 while (tx_seq != pi->expected_tx_seq) { 3780 while (tx_seq != pi->expected_tx_seq) {
3298 control = L2CAP_SUPER_SELECT_REJECT; 3781 control = L2CAP_SUPER_SELECT_REJECT;
3299 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3782 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3300 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3301 control |= L2CAP_CTRL_POLL;
3302 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3303 }
3304 l2cap_send_sframe(pi, control); 3783 l2cap_send_sframe(pi, control);
3305 3784
3306 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3785 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
@@ -3315,18 +3794,40 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3315 struct l2cap_pinfo *pi = l2cap_pi(sk); 3794 struct l2cap_pinfo *pi = l2cap_pi(sk);
3316 u8 tx_seq = __get_txseq(rx_control); 3795 u8 tx_seq = __get_txseq(rx_control);
3317 u8 req_seq = __get_reqseq(rx_control); 3796 u8 req_seq = __get_reqseq(rx_control);
3318 u16 tx_control = 0;
3319 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3797 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3798 u8 tx_seq_offset, expected_tx_seq_offset;
3799 int num_to_ack = (pi->tx_win/6) + 1;
3320 int err = 0; 3800 int err = 0;
3321 3801
3322 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3802 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3323 3803
3804 if (L2CAP_CTRL_FINAL & rx_control &&
3805 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3806 del_timer(&pi->monitor_timer);
3807 if (pi->unacked_frames > 0)
3808 __mod_retrans_timer();
3809 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3810 }
3811
3324 pi->expected_ack_seq = req_seq; 3812 pi->expected_ack_seq = req_seq;
3325 l2cap_drop_acked_frames(sk); 3813 l2cap_drop_acked_frames(sk);
3326 3814
3327 if (tx_seq == pi->expected_tx_seq) 3815 if (tx_seq == pi->expected_tx_seq)
3328 goto expected; 3816 goto expected;
3329 3817
3818 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3819 if (tx_seq_offset < 0)
3820 tx_seq_offset += 64;
3821
3822 /* invalid tx_seq */
3823 if (tx_seq_offset >= pi->tx_win) {
3824 l2cap_send_disconn_req(pi->conn, sk);
3825 goto drop;
3826 }
3827
3828 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3829 goto drop;
3830
3330 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3831 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3331 struct srej_list *first; 3832 struct srej_list *first;
3332 3833
@@ -3342,10 +3843,14 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3342 if (list_empty(SREJ_LIST(sk))) { 3843 if (list_empty(SREJ_LIST(sk))) {
3343 pi->buffer_seq = pi->buffer_seq_srej; 3844 pi->buffer_seq = pi->buffer_seq_srej;
3344 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3845 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3846 l2cap_send_ack(pi);
3345 } 3847 }
3346 } else { 3848 } else {
3347 struct srej_list *l; 3849 struct srej_list *l;
3348 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3850
3851 /* duplicated tx_seq */
3852 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
3853 goto drop;
3349 3854
3350 list_for_each_entry(l, SREJ_LIST(sk), list) { 3855 list_for_each_entry(l, SREJ_LIST(sk), list) {
3351 if (l->tx_seq == tx_seq) { 3856 if (l->tx_seq == tx_seq) {
@@ -3356,12 +3861,22 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3356 l2cap_send_srejframe(sk, tx_seq); 3861 l2cap_send_srejframe(sk, tx_seq);
3357 } 3862 }
3358 } else { 3863 } else {
3864 expected_tx_seq_offset =
3865 (pi->expected_tx_seq - pi->buffer_seq) % 64;
3866 if (expected_tx_seq_offset < 0)
3867 expected_tx_seq_offset += 64;
3868
3869 /* duplicated tx_seq */
3870 if (tx_seq_offset < expected_tx_seq_offset)
3871 goto drop;
3872
3359 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 3873 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3360 3874
3361 INIT_LIST_HEAD(SREJ_LIST(sk)); 3875 INIT_LIST_HEAD(SREJ_LIST(sk));
3362 pi->buffer_seq_srej = pi->buffer_seq; 3876 pi->buffer_seq_srej = pi->buffer_seq;
3363 3877
3364 __skb_queue_head_init(SREJ_QUEUE(sk)); 3878 __skb_queue_head_init(SREJ_QUEUE(sk));
3879 __skb_queue_head_init(BUSY_QUEUE(sk));
3365 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3880 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3366 3881
3367 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 3882 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
@@ -3374,153 +3889,189 @@ expected:
3374 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 3889 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3375 3890
3376 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 3891 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3377 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar); 3892 bt_cb(skb)->tx_seq = tx_seq;
3893 bt_cb(skb)->sar = sar;
3894 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3378 return 0; 3895 return 0;
3379 } 3896 }
3380 3897
3381 if (rx_control & L2CAP_CTRL_FINAL) { 3898 if (rx_control & L2CAP_CTRL_FINAL) {
3382 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3899 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3383 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 3900 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3384 else { 3901 else
3385 sk->sk_send_head = TX_QUEUE(sk)->next; 3902 l2cap_retransmit_frames(sk);
3386 pi->next_tx_seq = pi->expected_ack_seq;
3387 l2cap_ertm_send(sk);
3388 }
3389 } 3903 }
3390 3904
3391 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3905 err = l2cap_push_rx_skb(sk, skb, rx_control);
3392
3393 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3394 if (err < 0) 3906 if (err < 0)
3395 return err; 3907 return 0;
3908
3909 __mod_ack_timer();
3910
3911 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
3912 if (pi->num_acked == num_to_ack - 1)
3913 l2cap_send_ack(pi);
3396 3914
3397 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK; 3915 return 0;
3398 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) { 3916
3399 tx_control |= L2CAP_SUPER_RCV_READY; 3917drop:
3400 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3918 kfree_skb(skb);
3401 l2cap_send_sframe(pi, tx_control);
3402 }
3403 return 0; 3919 return 0;
3404} 3920}
3405 3921
3406static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3922static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3407{ 3923{
3408 struct l2cap_pinfo *pi = l2cap_pi(sk); 3924 struct l2cap_pinfo *pi = l2cap_pi(sk);
3409 u8 tx_seq = __get_reqseq(rx_control);
3410 3925
3411 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3926 pi->expected_ack_seq = __get_reqseq(rx_control);
3927 l2cap_drop_acked_frames(sk);
3412 3928
3413 switch (rx_control & L2CAP_CTRL_SUPERVISE) { 3929 if (rx_control & L2CAP_CTRL_POLL) {
3414 case L2CAP_SUPER_RCV_READY: 3930 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3415 if (rx_control & L2CAP_CTRL_POLL) { 3931 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3416 u16 control = L2CAP_CTRL_FINAL; 3932 (pi->unacked_frames > 0))
3417 control |= L2CAP_SUPER_RCV_READY | 3933 __mod_retrans_timer();
3418 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3419 l2cap_send_sframe(l2cap_pi(sk), control);
3420 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3421 3934
3422 } else if (rx_control & L2CAP_CTRL_FINAL) {
3423 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3935 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3424 pi->expected_ack_seq = tx_seq; 3936 l2cap_send_srejtail(sk);
3425 l2cap_drop_acked_frames(sk); 3937 } else {
3426 3938 l2cap_send_i_or_rr_or_rnr(sk);
3427 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 3939 }
3428 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3429 else {
3430 sk->sk_send_head = TX_QUEUE(sk)->next;
3431 pi->next_tx_seq = pi->expected_ack_seq;
3432 l2cap_ertm_send(sk);
3433 }
3434
3435 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3436 break;
3437 3940
3438 pi->conn_state &= ~L2CAP_CONN_WAIT_F; 3941 } else if (rx_control & L2CAP_CTRL_FINAL) {
3439 del_timer(&pi->monitor_timer); 3942 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3440 3943
3441 if (pi->unacked_frames > 0) 3944 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3442 __mod_retrans_timer(); 3945 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3443 } else { 3946 else
3444 pi->expected_ack_seq = tx_seq; 3947 l2cap_retransmit_frames(sk);
3445 l2cap_drop_acked_frames(sk);
3446 3948
3447 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 3949 } else {
3448 (pi->unacked_frames > 0)) 3950 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3449 __mod_retrans_timer(); 3951 (pi->unacked_frames > 0))
3952 __mod_retrans_timer();
3450 3953
3451 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3954 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3955 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3956 l2cap_send_ack(pi);
3957 } else {
3958 spin_lock_bh(&pi->send_lock);
3452 l2cap_ertm_send(sk); 3959 l2cap_ertm_send(sk);
3960 spin_unlock_bh(&pi->send_lock);
3453 } 3961 }
3454 break; 3962 }
3963}
3455 3964
3456 case L2CAP_SUPER_REJECT: 3965static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3457 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3966{
3967 struct l2cap_pinfo *pi = l2cap_pi(sk);
3968 u8 tx_seq = __get_reqseq(rx_control);
3969
3970 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3971
3972 pi->expected_ack_seq = tx_seq;
3973 l2cap_drop_acked_frames(sk);
3458 3974
3459 pi->expected_ack_seq = __get_reqseq(rx_control); 3975 if (rx_control & L2CAP_CTRL_FINAL) {
3976 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3977 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3978 else
3979 l2cap_retransmit_frames(sk);
3980 } else {
3981 l2cap_retransmit_frames(sk);
3982
3983 if (pi->conn_state & L2CAP_CONN_WAIT_F)
3984 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3985 }
3986}
3987static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3988{
3989 struct l2cap_pinfo *pi = l2cap_pi(sk);
3990 u8 tx_seq = __get_reqseq(rx_control);
3991
3992 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3993
3994 if (rx_control & L2CAP_CTRL_POLL) {
3995 pi->expected_ack_seq = tx_seq;
3460 l2cap_drop_acked_frames(sk); 3996 l2cap_drop_acked_frames(sk);
3997 l2cap_retransmit_one_frame(sk, tx_seq);
3461 3998
3462 if (rx_control & L2CAP_CTRL_FINAL) { 3999 spin_lock_bh(&pi->send_lock);
3463 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 4000 l2cap_ertm_send(sk);
3464 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 4001 spin_unlock_bh(&pi->send_lock);
3465 else {
3466 sk->sk_send_head = TX_QUEUE(sk)->next;
3467 pi->next_tx_seq = pi->expected_ack_seq;
3468 l2cap_ertm_send(sk);
3469 }
3470 } else {
3471 sk->sk_send_head = TX_QUEUE(sk)->next;
3472 pi->next_tx_seq = pi->expected_ack_seq;
3473 l2cap_ertm_send(sk);
3474 4002
3475 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 4003 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3476 pi->srej_save_reqseq = tx_seq; 4004 pi->srej_save_reqseq = tx_seq;
3477 pi->conn_state |= L2CAP_CONN_REJ_ACT; 4005 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3478 } 4006 }
4007 } else if (rx_control & L2CAP_CTRL_FINAL) {
4008 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4009 pi->srej_save_reqseq == tx_seq)
4010 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4011 else
4012 l2cap_retransmit_one_frame(sk, tx_seq);
4013 } else {
4014 l2cap_retransmit_one_frame(sk, tx_seq);
4015 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4016 pi->srej_save_reqseq = tx_seq;
4017 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3479 } 4018 }
4019 }
4020}
3480 4021
4022static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4023{
4024 struct l2cap_pinfo *pi = l2cap_pi(sk);
4025 u8 tx_seq = __get_reqseq(rx_control);
4026
4027 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4028 pi->expected_ack_seq = tx_seq;
4029 l2cap_drop_acked_frames(sk);
4030
4031 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4032 del_timer(&pi->retrans_timer);
4033 if (rx_control & L2CAP_CTRL_POLL)
4034 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4035 return;
4036 }
4037
4038 if (rx_control & L2CAP_CTRL_POLL)
4039 l2cap_send_srejtail(sk);
4040 else
4041 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4042}
4043
4044static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4045{
4046 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4047
4048 if (L2CAP_CTRL_FINAL & rx_control &&
4049 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4050 del_timer(&l2cap_pi(sk)->monitor_timer);
4051 if (l2cap_pi(sk)->unacked_frames > 0)
4052 __mod_retrans_timer();
4053 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4054 }
4055
4056 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4057 case L2CAP_SUPER_RCV_READY:
4058 l2cap_data_channel_rrframe(sk, rx_control);
3481 break; 4059 break;
3482 4060
3483 case L2CAP_SUPER_SELECT_REJECT: 4061 case L2CAP_SUPER_REJECT:
3484 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 4062 l2cap_data_channel_rejframe(sk, rx_control);
4063 break;
3485 4064
3486 if (rx_control & L2CAP_CTRL_POLL) { 4065 case L2CAP_SUPER_SELECT_REJECT:
3487 pi->expected_ack_seq = tx_seq; 4066 l2cap_data_channel_srejframe(sk, rx_control);
3488 l2cap_drop_acked_frames(sk);
3489 l2cap_retransmit_frame(sk, tx_seq);
3490 l2cap_ertm_send(sk);
3491 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3492 pi->srej_save_reqseq = tx_seq;
3493 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3494 }
3495 } else if (rx_control & L2CAP_CTRL_FINAL) {
3496 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3497 pi->srej_save_reqseq == tx_seq)
3498 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3499 else
3500 l2cap_retransmit_frame(sk, tx_seq);
3501 }
3502 else {
3503 l2cap_retransmit_frame(sk, tx_seq);
3504 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3505 pi->srej_save_reqseq = tx_seq;
3506 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3507 }
3508 }
3509 break; 4067 break;
3510 4068
3511 case L2CAP_SUPER_RCV_NOT_READY: 4069 case L2CAP_SUPER_RCV_NOT_READY:
3512 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 4070 l2cap_data_channel_rnrframe(sk, rx_control);
3513 pi->expected_ack_seq = tx_seq;
3514 l2cap_drop_acked_frames(sk);
3515
3516 del_timer(&l2cap_pi(sk)->retrans_timer);
3517 if (rx_control & L2CAP_CTRL_POLL) {
3518 u16 control = L2CAP_CTRL_FINAL;
3519 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3520 }
3521 break; 4071 break;
3522 } 4072 }
3523 4073
4074 kfree_skb(skb);
3524 return 0; 4075 return 0;
3525} 4076}
3526 4077
@@ -3529,7 +4080,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3529 struct sock *sk; 4080 struct sock *sk;
3530 struct l2cap_pinfo *pi; 4081 struct l2cap_pinfo *pi;
3531 u16 control, len; 4082 u16 control, len;
3532 u8 tx_seq; 4083 u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset;
3533 4084
3534 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4085 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3535 if (!sk) { 4086 if (!sk) {
@@ -3574,16 +4125,45 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3574 * Receiver will miss it and start proper recovery 4125 * Receiver will miss it and start proper recovery
3575 * procedures and ask retransmission. 4126 * procedures and ask retransmission.
3576 */ 4127 */
3577 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE) 4128 if (len > pi->mps) {
4129 l2cap_send_disconn_req(pi->conn, sk);
3578 goto drop; 4130 goto drop;
4131 }
3579 4132
3580 if (l2cap_check_fcs(pi, skb)) 4133 if (l2cap_check_fcs(pi, skb))
3581 goto drop; 4134 goto drop;
3582 4135
3583 if (__is_iframe(control)) 4136 req_seq = __get_reqseq(control);
4137 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4138 if (req_seq_offset < 0)
4139 req_seq_offset += 64;
4140
4141 next_tx_seq_offset =
4142 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4143 if (next_tx_seq_offset < 0)
4144 next_tx_seq_offset += 64;
4145
4146 /* check for invalid req-seq */
4147 if (req_seq_offset > next_tx_seq_offset) {
4148 l2cap_send_disconn_req(pi->conn, sk);
4149 goto drop;
4150 }
4151
4152 if (__is_iframe(control)) {
4153 if (len < 4) {
4154 l2cap_send_disconn_req(pi->conn, sk);
4155 goto drop;
4156 }
4157
3584 l2cap_data_channel_iframe(sk, control, skb); 4158 l2cap_data_channel_iframe(sk, control, skb);
3585 else 4159 } else {
4160 if (len != 0) {
4161 l2cap_send_disconn_req(pi->conn, sk);
4162 goto drop;
4163 }
4164
3586 l2cap_data_channel_sframe(sk, control, skb); 4165 l2cap_data_channel_sframe(sk, control, skb);
4166 }
3587 4167
3588 goto done; 4168 goto done;
3589 4169
@@ -3598,7 +4178,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3598 if (pi->fcs == L2CAP_FCS_CRC16) 4178 if (pi->fcs == L2CAP_FCS_CRC16)
3599 len -= 2; 4179 len -= 2;
3600 4180
3601 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control)) 4181 if (len > pi->mps || len < 4 || __is_sframe(control))
3602 goto drop; 4182 goto drop;
3603 4183
3604 if (l2cap_check_fcs(pi, skb)) 4184 if (l2cap_check_fcs(pi, skb))
@@ -3609,14 +4189,14 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3609 if (pi->expected_tx_seq == tx_seq) 4189 if (pi->expected_tx_seq == tx_seq)
3610 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; 4190 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3611 else 4191 else
3612 pi->expected_tx_seq = tx_seq + 1; 4192 pi->expected_tx_seq = (tx_seq + 1) % 64;
3613 4193
3614 l2cap_sar_reassembly_sdu(sk, skb, control); 4194 l2cap_streaming_reassembly_sdu(sk, skb, control);
3615 4195
3616 goto done; 4196 goto done;
3617 4197
3618 default: 4198 default:
3619 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode); 4199 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
3620 break; 4200 break;
3621 } 4201 }
3622 4202
@@ -3772,7 +4352,7 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3772 4352
3773static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) 4353static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3774{ 4354{
3775 if (sk->sk_type != SOCK_SEQPACKET) 4355 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
3776 return; 4356 return;
3777 4357
3778 if (encrypt == 0x00) { 4358 if (encrypt == 0x00) {
@@ -4030,6 +4610,10 @@ static int __init l2cap_init(void)
4030 if (err < 0) 4610 if (err < 0)
4031 return err; 4611 return err;
4032 4612
4613 _busy_wq = create_singlethread_workqueue("l2cap");
4614 if (!_busy_wq)
4615 goto error;
4616
4033 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 4617 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4034 if (err < 0) { 4618 if (err < 0) {
4035 BT_ERR("L2CAP socket registration failed"); 4619 BT_ERR("L2CAP socket registration failed");
@@ -4064,6 +4648,9 @@ static void __exit l2cap_exit(void)
4064{ 4648{
4065 debugfs_remove(l2cap_debugfs); 4649 debugfs_remove(l2cap_debugfs);
4066 4650
4651 flush_workqueue(_busy_wq);
4652 destroy_workqueue(_busy_wq);
4653
4067 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 4654 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4068 BT_ERR("L2CAP socket unregistration failed"); 4655 BT_ERR("L2CAP socket unregistration failed");
4069 4656
@@ -4078,7 +4665,6 @@ void l2cap_load(void)
4078 /* Dummy function to trigger automatic L2CAP module loading by 4665 /* Dummy function to trigger automatic L2CAP module loading by
4079 * other modules that use L2CAP sockets but don't use any other 4666 * other modules that use L2CAP sockets but don't use any other
4080 * symbols from it. */ 4667 * symbols from it. */
4081 return;
4082} 4668}
4083EXPORT_SYMBOL(l2cap_load); 4669EXPORT_SYMBOL(l2cap_load);
4084 4670
@@ -4091,6 +4677,9 @@ MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4091module_param(max_transmit, uint, 0644); 4677module_param(max_transmit, uint, 0644);
4092MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)"); 4678MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4093 4679
4680module_param(tx_window, uint, 0644);
4681MODULE_PARM_DESC(tx_window, "Transmission window size value (default = 63)");
4682
4094MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4683MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4095MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 4684MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4096MODULE_VERSION(VERSION); 4685MODULE_VERSION(VERSION);
generated by cgit v1.2.2 (git 2.25.0) at 2025-06-06 23:40:05 -0400