aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/Kconfig13
-rw-r--r--net/bluetooth/bnep/bnep.h8
-rw-r--r--net/bluetooth/hci_conn.c34
-rw-r--r--net/bluetooth/hci_core.c204
-rw-r--r--net/bluetooth/hci_event.c39
-rw-r--r--net/bluetooth/hci_sock.c90
-rw-r--r--net/bluetooth/hci_sysfs.c38
-rw-r--r--net/bluetooth/l2cap.c669
-rw-r--r--net/bluetooth/rfcomm/sock.c2
-rw-r--r--net/bluetooth/rfcomm/tty.c4
10 files changed, 744 insertions, 357 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index ee3b3049d385..ed371684c133 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -43,19 +43,6 @@ config BT_L2CAP
43 Say Y here to compile L2CAP support into the kernel or say M to 43 Say Y here to compile L2CAP support into the kernel or say M to
44 compile it as module (l2cap). 44 compile it as module (l2cap).
45 45
46config BT_L2CAP_EXT_FEATURES
47 bool "L2CAP Extended Features support (EXPERIMENTAL)"
48 depends on BT_L2CAP && EXPERIMENTAL
49 help
50 This option enables the L2CAP Extended Features support. These
51 new features include the Enhanced Retransmission and Streaming
52 Modes, the Frame Check Sequence (FCS), and Segmentation and
53 Reassembly (SAR) for L2CAP packets. They are a required for the
54 new Alternate MAC/PHY and the Bluetooth Medical Profile.
55
56 You should say N unless you know what you are doing. Note that
57 this is in an experimental state yet.
58
59config BT_SCO 46config BT_SCO
60 tristate "SCO links support" 47 tristate "SCO links support"
61 depends on BT 48 depends on BT
diff --git a/net/bluetooth/bnep/bnep.h b/net/bluetooth/bnep/bnep.h
index 0d9e506f5d5a..70672544db86 100644
--- a/net/bluetooth/bnep/bnep.h
+++ b/net/bluetooth/bnep/bnep.h
@@ -86,26 +86,26 @@ struct bnep_setup_conn_req {
86 __u8 ctrl; 86 __u8 ctrl;
87 __u8 uuid_size; 87 __u8 uuid_size;
88 __u8 service[0]; 88 __u8 service[0];
89} __attribute__((packed)); 89} __packed;
90 90
91struct bnep_set_filter_req { 91struct bnep_set_filter_req {
92 __u8 type; 92 __u8 type;
93 __u8 ctrl; 93 __u8 ctrl;
94 __be16 len; 94 __be16 len;
95 __u8 list[0]; 95 __u8 list[0];
96} __attribute__((packed)); 96} __packed;
97 97
98struct bnep_control_rsp { 98struct bnep_control_rsp {
99 __u8 type; 99 __u8 type;
100 __u8 ctrl; 100 __u8 ctrl;
101 __be16 resp; 101 __be16 resp;
102} __attribute__((packed)); 102} __packed;
103 103
104struct bnep_ext_hdr { 104struct bnep_ext_hdr {
105 __u8 type; 105 __u8 type;
106 __u8 len; 106 __u8 len;
107 __u8 data[0]; 107 __u8 data[0];
108} __attribute__((packed)); 108} __packed;
109 109
110/* BNEP ioctl defines */ 110/* BNEP ioctl defines */
111#define BNEPCONNADD _IOW('B', 200, int) 111#define BNEPCONNADD _IOW('B', 200, int)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 800b6b9fbbae..0b1e460fe440 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1,6 +1,6 @@
1/* 1/*
2 BlueZ - Bluetooth protocol stack for Linux 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 6
@@ -155,6 +155,27 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
155 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 155 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
156} 156}
157 157
158/* Device _must_ be locked */
159void hci_sco_setup(struct hci_conn *conn, __u8 status)
160{
161 struct hci_conn *sco = conn->link;
162
163 BT_DBG("%p", conn);
164
165 if (!sco)
166 return;
167
168 if (!status) {
169 if (lmp_esco_capable(conn->hdev))
170 hci_setup_sync(sco, conn->handle);
171 else
172 hci_add_sco(sco, conn->handle);
173 } else {
174 hci_proto_connect_cfm(sco, status);
175 hci_conn_del(sco);
176 }
177}
178
158static void hci_conn_timeout(unsigned long arg) 179static void hci_conn_timeout(unsigned long arg)
159{ 180{
160 struct hci_conn *conn = (void *) arg; 181 struct hci_conn *conn = (void *) arg;
@@ -385,10 +406,13 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
385 acl->power_save = 1; 406 acl->power_save = 1;
386 hci_conn_enter_active_mode(acl); 407 hci_conn_enter_active_mode(acl);
387 408
388 if (lmp_esco_capable(hdev)) 409 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) {
389 hci_setup_sync(sco, acl->handle); 410 /* defer SCO setup until mode change completed */
390 else 411 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend);
391 hci_add_sco(sco, acl->handle); 412 return sco;
413 }
414
415 hci_sco_setup(acl, 0x00);
392 } 416 }
393 417
394 return sco; 418 return sco;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 2f768de87011..8303f1c9ef54 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -562,6 +562,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
562 hci_dev_lock_bh(hdev); 562 hci_dev_lock_bh(hdev);
563 inquiry_cache_flush(hdev); 563 inquiry_cache_flush(hdev);
564 hci_conn_hash_flush(hdev); 564 hci_conn_hash_flush(hdev);
565 hci_blacklist_clear(hdev);
565 hci_dev_unlock_bh(hdev); 566 hci_dev_unlock_bh(hdev);
566 567
567 hci_notify(hdev, HCI_DEV_DOWN); 568 hci_notify(hdev, HCI_DEV_DOWN);
@@ -913,7 +914,7 @@ int hci_register_dev(struct hci_dev *hdev)
913 skb_queue_head_init(&hdev->cmd_q); 914 skb_queue_head_init(&hdev->cmd_q);
914 skb_queue_head_init(&hdev->raw_q); 915 skb_queue_head_init(&hdev->raw_q);
915 916
916 for (i = 0; i < 3; i++) 917 for (i = 0; i < NUM_REASSEMBLY; i++)
917 hdev->reassembly[i] = NULL; 918 hdev->reassembly[i] = NULL;
918 919
919 init_waitqueue_head(&hdev->req_wait_q); 920 init_waitqueue_head(&hdev->req_wait_q);
@@ -923,6 +924,8 @@ int hci_register_dev(struct hci_dev *hdev)
923 924
924 hci_conn_hash_init(hdev); 925 hci_conn_hash_init(hdev);
925 926
927 INIT_LIST_HEAD(&hdev->blacklist.list);
928
926 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 929 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
927 930
928 atomic_set(&hdev->promisc, 0); 931 atomic_set(&hdev->promisc, 0);
@@ -970,7 +973,7 @@ int hci_unregister_dev(struct hci_dev *hdev)
970 973
971 hci_dev_do_close(hdev); 974 hci_dev_do_close(hdev);
972 975
973 for (i = 0; i < 3; i++) 976 for (i = 0; i < NUM_REASSEMBLY; i++)
974 kfree_skb(hdev->reassembly[i]); 977 kfree_skb(hdev->reassembly[i]);
975 978
976 hci_notify(hdev, HCI_DEV_UNREG); 979 hci_notify(hdev, HCI_DEV_UNREG);
@@ -1030,89 +1033,170 @@ int hci_recv_frame(struct sk_buff *skb)
1030} 1033}
1031EXPORT_SYMBOL(hci_recv_frame); 1034EXPORT_SYMBOL(hci_recv_frame);
1032 1035
1033/* Receive packet type fragment */ 1036static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1034#define __reassembly(hdev, type) ((hdev)->reassembly[(type) - 2]) 1037 int count, __u8 index, gfp_t gfp_mask)
1035
1036int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1037{ 1038{
1038 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) 1039 int len = 0;
1040 int hlen = 0;
1041 int remain = count;
1042 struct sk_buff *skb;
1043 struct bt_skb_cb *scb;
1044
1045 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1046 index >= NUM_REASSEMBLY)
1039 return -EILSEQ; 1047 return -EILSEQ;
1040 1048
1049 skb = hdev->reassembly[index];
1050
1051 if (!skb) {
1052 switch (type) {
1053 case HCI_ACLDATA_PKT:
1054 len = HCI_MAX_FRAME_SIZE;
1055 hlen = HCI_ACL_HDR_SIZE;
1056 break;
1057 case HCI_EVENT_PKT:
1058 len = HCI_MAX_EVENT_SIZE;
1059 hlen = HCI_EVENT_HDR_SIZE;
1060 break;
1061 case HCI_SCODATA_PKT:
1062 len = HCI_MAX_SCO_SIZE;
1063 hlen = HCI_SCO_HDR_SIZE;
1064 break;
1065 }
1066
1067 skb = bt_skb_alloc(len, gfp_mask);
1068 if (!skb)
1069 return -ENOMEM;
1070
1071 scb = (void *) skb->cb;
1072 scb->expect = hlen;
1073 scb->pkt_type = type;
1074
1075 skb->dev = (void *) hdev;
1076 hdev->reassembly[index] = skb;
1077 }
1078
1041 while (count) { 1079 while (count) {
1042 struct sk_buff *skb = __reassembly(hdev, type); 1080 scb = (void *) skb->cb;
1043 struct { int expect; } *scb; 1081 len = min(scb->expect, (__u16)count);
1044 int len = 0;
1045 1082
1046 if (!skb) { 1083 memcpy(skb_put(skb, len), data, len);
1047 /* Start of the frame */
1048 1084
1049 switch (type) { 1085 count -= len;
1050 case HCI_EVENT_PKT: 1086 data += len;
1051 if (count >= HCI_EVENT_HDR_SIZE) { 1087 scb->expect -= len;
1052 struct hci_event_hdr *h = data; 1088 remain = count;
1053 len = HCI_EVENT_HDR_SIZE + h->plen;
1054 } else
1055 return -EILSEQ;
1056 break;
1057 1089
1058 case HCI_ACLDATA_PKT: 1090 switch (type) {
1059 if (count >= HCI_ACL_HDR_SIZE) { 1091 case HCI_EVENT_PKT:
1060 struct hci_acl_hdr *h = data; 1092 if (skb->len == HCI_EVENT_HDR_SIZE) {
1061 len = HCI_ACL_HDR_SIZE + __le16_to_cpu(h->dlen); 1093 struct hci_event_hdr *h = hci_event_hdr(skb);
1062 } else 1094 scb->expect = h->plen;
1063 return -EILSEQ; 1095
1064 break; 1096 if (skb_tailroom(skb) < scb->expect) {
1097 kfree_skb(skb);
1098 hdev->reassembly[index] = NULL;
1099 return -ENOMEM;
1100 }
1101 }
1102 break;
1065 1103
1066 case HCI_SCODATA_PKT: 1104 case HCI_ACLDATA_PKT:
1067 if (count >= HCI_SCO_HDR_SIZE) { 1105 if (skb->len == HCI_ACL_HDR_SIZE) {
1068 struct hci_sco_hdr *h = data; 1106 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1069 len = HCI_SCO_HDR_SIZE + h->dlen; 1107 scb->expect = __le16_to_cpu(h->dlen);
1070 } else 1108
1071 return -EILSEQ; 1109 if (skb_tailroom(skb) < scb->expect) {
1072 break; 1110 kfree_skb(skb);
1111 hdev->reassembly[index] = NULL;
1112 return -ENOMEM;
1113 }
1073 } 1114 }
1115 break;
1074 1116
1075 skb = bt_skb_alloc(len, GFP_ATOMIC); 1117 case HCI_SCODATA_PKT:
1076 if (!skb) { 1118 if (skb->len == HCI_SCO_HDR_SIZE) {
1077 BT_ERR("%s no memory for packet", hdev->name); 1119 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1078 return -ENOMEM; 1120 scb->expect = h->dlen;
1121
1122 if (skb_tailroom(skb) < scb->expect) {
1123 kfree_skb(skb);
1124 hdev->reassembly[index] = NULL;
1125 return -ENOMEM;
1126 }
1079 } 1127 }
1128 break;
1129 }
1130
1131 if (scb->expect == 0) {
1132 /* Complete frame */
1080 1133
1081 skb->dev = (void *) hdev;
1082 bt_cb(skb)->pkt_type = type; 1134 bt_cb(skb)->pkt_type = type;
1135 hci_recv_frame(skb);
1083 1136
1084 __reassembly(hdev, type) = skb; 1137 hdev->reassembly[index] = NULL;
1138 return remain;
1139 }
1140 }
1085 1141
1086 scb = (void *) skb->cb; 1142 return remain;
1087 scb->expect = len; 1143}
1088 } else {
1089 /* Continuation */
1090 1144
1091 scb = (void *) skb->cb; 1145int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1092 len = scb->expect; 1146{
1093 } 1147 int rem = 0;
1094 1148
1095 len = min(len, count); 1149 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1150 return -EILSEQ;
1096 1151
1097 memcpy(skb_put(skb, len), data, len); 1152 while (count) {
1153 rem = hci_reassembly(hdev, type, data, count,
1154 type - 1, GFP_ATOMIC);
1155 if (rem < 0)
1156 return rem;
1098 1157
1099 scb->expect -= len; 1158 data += (count - rem);
1159 count = rem;
1160 };
1100 1161
1101 if (scb->expect == 0) { 1162 return rem;
1102 /* Complete frame */ 1163}
1164EXPORT_SYMBOL(hci_recv_fragment);
1103 1165
1104 __reassembly(hdev, type) = NULL; 1166#define STREAM_REASSEMBLY 0
1105 1167
1106 bt_cb(skb)->pkt_type = type; 1168int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1107 hci_recv_frame(skb); 1169{
1108 } 1170 int type;
1171 int rem = 0;
1109 1172
1110 count -= len; data += len; 1173 while (count) {
1111 } 1174 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1112 1175
1113 return 0; 1176 if (!skb) {
1177 struct { char type; } *pkt;
1178
1179 /* Start of the frame */
1180 pkt = data;
1181 type = pkt->type;
1182
1183 data++;
1184 count--;
1185 } else
1186 type = bt_cb(skb)->pkt_type;
1187
1188 rem = hci_reassembly(hdev, type, data,
1189 count, STREAM_REASSEMBLY, GFP_ATOMIC);
1190 if (rem < 0)
1191 return rem;
1192
1193 data += (count - rem);
1194 count = rem;
1195 };
1196
1197 return rem;
1114} 1198}
1115EXPORT_SYMBOL(hci_recv_fragment); 1199EXPORT_SYMBOL(hci_recv_stream_fragment);
1116 1200
1117/* ---- Interface to upper protocols ---- */ 1201/* ---- Interface to upper protocols ---- */
1118 1202
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 786b5de0bac4..bfef5bae0b3a 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1,6 +1,6 @@
1/* 1/*
2 BlueZ - Bluetooth protocol stack for Linux 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 6
@@ -584,7 +584,7 @@ static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
584 conn->out = 1; 584 conn->out = 1;
585 conn->link_mode |= HCI_LM_MASTER; 585 conn->link_mode |= HCI_LM_MASTER;
586 } else 586 } else
587 BT_ERR("No memmory for new connection"); 587 BT_ERR("No memory for new connection");
588 } 588 }
589 } 589 }
590 590
@@ -785,9 +785,13 @@ static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
785 hci_dev_lock(hdev); 785 hci_dev_lock(hdev);
786 786
787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 787 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
788 if (conn) 788 if (conn) {
789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 789 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
790 790
791 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
792 hci_sco_setup(conn, status);
793 }
794
791 hci_dev_unlock(hdev); 795 hci_dev_unlock(hdev);
792} 796}
793 797
@@ -808,9 +812,13 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
808 hci_dev_lock(hdev); 812 hci_dev_lock(hdev);
809 813
810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
811 if (conn) 815 if (conn) {
812 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 816 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
813 817
818 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
819 hci_sco_setup(conn, status);
820 }
821
814 hci_dev_unlock(hdev); 822 hci_dev_unlock(hdev);
815} 823}
816 824
@@ -915,20 +923,8 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
915 } else 923 } else
916 conn->state = BT_CLOSED; 924 conn->state = BT_CLOSED;
917 925
918 if (conn->type == ACL_LINK) { 926 if (conn->type == ACL_LINK)
919 struct hci_conn *sco = conn->link; 927 hci_sco_setup(conn, ev->status);
920 if (sco) {
921 if (!ev->status) {
922 if (lmp_esco_capable(hdev))
923 hci_setup_sync(sco, conn->handle);
924 else
925 hci_add_sco(sco, conn->handle);
926 } else {
927 hci_proto_connect_cfm(sco, ev->status);
928 hci_conn_del(sco);
929 }
930 }
931 }
932 928
933 if (ev->status) { 929 if (ev->status) {
934 hci_proto_connect_cfm(conn, ev->status); 930 hci_proto_connect_cfm(conn, ev->status);
@@ -952,7 +948,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
952 948
953 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 949 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
954 950
955 if (mask & HCI_LM_ACCEPT) { 951 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
956 /* Connection accepted */ 952 /* Connection accepted */
957 struct inquiry_entry *ie; 953 struct inquiry_entry *ie;
958 struct hci_conn *conn; 954 struct hci_conn *conn;
@@ -965,7 +961,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
965 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 961 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
966 if (!conn) { 962 if (!conn) {
967 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 963 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
968 BT_ERR("No memmory for new connection"); 964 BT_ERR("No memory for new connection");
969 hci_dev_unlock(hdev); 965 hci_dev_unlock(hdev);
970 return; 966 return;
971 } 967 }
@@ -1481,6 +1477,9 @@ static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb
1481 else 1477 else
1482 conn->power_save = 0; 1478 conn->power_save = 0;
1483 } 1479 }
1480
1481 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1482 hci_sco_setup(conn, ev->status);
1484 } 1483 }
1485 1484
1486 hci_dev_unlock(hdev); 1485 hci_dev_unlock(hdev);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 38f08f6b86f6..4f170a595934 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -165,6 +165,86 @@ static int hci_sock_release(struct socket *sock)
165 return 0; 165 return 0;
166} 166}
167 167
168struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
169{
170 struct list_head *p;
171 struct bdaddr_list *blacklist = &hdev->blacklist;
172
173 list_for_each(p, &blacklist->list) {
174 struct bdaddr_list *b;
175
176 b = list_entry(p, struct bdaddr_list, list);
177
178 if (bacmp(bdaddr, &b->bdaddr) == 0)
179 return b;
180 }
181
182 return NULL;
183}
184
185static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg)
186{
187 bdaddr_t bdaddr;
188 struct bdaddr_list *entry;
189
190 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
191 return -EFAULT;
192
193 if (bacmp(&bdaddr, BDADDR_ANY) == 0)
194 return -EBADF;
195
196 if (hci_blacklist_lookup(hdev, &bdaddr))
197 return -EEXIST;
198
199 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
200 if (!entry)
201 return -ENOMEM;
202
203 bacpy(&entry->bdaddr, &bdaddr);
204
205 list_add(&entry->list, &hdev->blacklist.list);
206
207 return 0;
208}
209
210int hci_blacklist_clear(struct hci_dev *hdev)
211{
212 struct list_head *p, *n;
213 struct bdaddr_list *blacklist = &hdev->blacklist;
214
215 list_for_each_safe(p, n, &blacklist->list) {
216 struct bdaddr_list *b;
217
218 b = list_entry(p, struct bdaddr_list, list);
219
220 list_del(p);
221 kfree(b);
222 }
223
224 return 0;
225}
226
227static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg)
228{
229 bdaddr_t bdaddr;
230 struct bdaddr_list *entry;
231
232 if (copy_from_user(&bdaddr, arg, sizeof(bdaddr)))
233 return -EFAULT;
234
235 if (bacmp(&bdaddr, BDADDR_ANY) == 0)
236 return hci_blacklist_clear(hdev);
237
238 entry = hci_blacklist_lookup(hdev, &bdaddr);
239 if (!entry)
240 return -ENOENT;
241
242 list_del(&entry->list);
243 kfree(entry);
244
245 return 0;
246}
247
168/* Ioctls that require bound socket */ 248/* Ioctls that require bound socket */
169static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg) 249static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
170{ 250{
@@ -194,6 +274,16 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign
194 case HCIGETAUTHINFO: 274 case HCIGETAUTHINFO:
195 return hci_get_auth_info(hdev, (void __user *) arg); 275 return hci_get_auth_info(hdev, (void __user *) arg);
196 276
277 case HCIBLOCKADDR:
278 if (!capable(CAP_NET_ADMIN))
279 return -EACCES;
280 return hci_blacklist_add(hdev, (void __user *) arg);
281
282 case HCIUNBLOCKADDR:
283 if (!capable(CAP_NET_ADMIN))
284 return -EACCES;
285 return hci_blacklist_del(hdev, (void __user *) arg);
286
197 default: 287 default:
198 if (hdev->ioctl) 288 if (hdev->ioctl)
199 return hdev->ioctl(hdev, cmd, arg); 289 return hdev->ioctl(hdev, cmd, arg);
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 463ffa4fe042..ce44c47eeac1 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -436,6 +436,41 @@ static const struct file_operations inquiry_cache_fops = {
436 .release = single_release, 436 .release = single_release,
437}; 437};
438 438
439static int blacklist_show(struct seq_file *f, void *p)
440{
441 struct hci_dev *hdev = f->private;
442 struct bdaddr_list *blacklist = &hdev->blacklist;
443 struct list_head *l;
444
445 hci_dev_lock_bh(hdev);
446
447 list_for_each(l, &blacklist->list) {
448 struct bdaddr_list *b;
449 bdaddr_t bdaddr;
450
451 b = list_entry(l, struct bdaddr_list, list);
452
453 baswap(&bdaddr, &b->bdaddr);
454
455 seq_printf(f, "%s\n", batostr(&bdaddr));
456 }
457
458 hci_dev_unlock_bh(hdev);
459
460 return 0;
461}
462
463static int blacklist_open(struct inode *inode, struct file *file)
464{
465 return single_open(file, blacklist_show, inode->i_private);
466}
467
468static const struct file_operations blacklist_fops = {
469 .open = blacklist_open,
470 .read = seq_read,
471 .llseek = seq_lseek,
472 .release = single_release,
473};
439int hci_register_sysfs(struct hci_dev *hdev) 474int hci_register_sysfs(struct hci_dev *hdev)
440{ 475{
441 struct device *dev = &hdev->dev; 476 struct device *dev = &hdev->dev;
@@ -465,6 +500,9 @@ int hci_register_sysfs(struct hci_dev *hdev)
465 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs, 500 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
466 hdev, &inquiry_cache_fops); 501 hdev, &inquiry_cache_fops);
467 502
503 debugfs_create_file("blacklist", 0444, hdev->debugfs,
504 hdev, &blacklist_fops);
505
468 return 0; 506 return 0;
469} 507}
470 508
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index cf3c4073a8a6..9ba1e8eee37c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1,6 +1,8 @@
1/* 1/*
2 BlueZ - Bluetooth protocol stack for Linux 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated 3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
4 6
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 8
@@ -53,15 +55,9 @@
53#include <net/bluetooth/hci_core.h> 55#include <net/bluetooth/hci_core.h>
54#include <net/bluetooth/l2cap.h> 56#include <net/bluetooth/l2cap.h>
55 57
56#define VERSION "2.14" 58#define VERSION "2.15"
57 59
58#ifdef CONFIG_BT_L2CAP_EXT_FEATURES 60static int disable_ertm = 0;
59static int enable_ertm = 1;
60#else
61static int enable_ertm = 0;
62#endif
63static int max_transmit = L2CAP_DEFAULT_MAX_TX;
64static int tx_window = L2CAP_DEFAULT_TX_WINDOW;
65 61
66static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
67static u8 l2cap_fixed_chan[8] = { 0x02, }; 63static u8 l2cap_fixed_chan[8] = { 0x02, };
@@ -80,9 +76,12 @@ static void __l2cap_sock_close(struct sock *sk, int reason);
80static void l2cap_sock_close(struct sock *sk); 76static void l2cap_sock_close(struct sock *sk);
81static void l2cap_sock_kill(struct sock *sk); 77static void l2cap_sock_kill(struct sock *sk);
82 78
79static int l2cap_build_conf_req(struct sock *sk, void *data);
83static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 80static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
84 u8 code, u8 ident, u16 dlen, void *data); 81 u8 code, u8 ident, u16 dlen, void *data);
85 82
83static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
84
86/* ---- L2CAP timers ---- */ 85/* ---- L2CAP timers ---- */
87static void l2cap_sock_timeout(unsigned long arg) 86static void l2cap_sock_timeout(unsigned long arg)
88{ 87{
@@ -278,6 +277,24 @@ static void l2cap_chan_del(struct sock *sk, int err)
278 parent->sk_data_ready(parent, 0); 277 parent->sk_data_ready(parent, 0);
279 } else 278 } else
280 sk->sk_state_change(sk); 279 sk->sk_state_change(sk);
280
281 skb_queue_purge(TX_QUEUE(sk));
282
283 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
284 struct srej_list *l, *tmp;
285
286 del_timer(&l2cap_pi(sk)->retrans_timer);
287 del_timer(&l2cap_pi(sk)->monitor_timer);
288 del_timer(&l2cap_pi(sk)->ack_timer);
289
290 skb_queue_purge(SREJ_QUEUE(sk));
291 skb_queue_purge(BUSY_QUEUE(sk));
292
293 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
294 list_del(&l->list);
295 kfree(l);
296 }
297 }
281} 298}
282 299
283/* Service level security */ 300/* Service level security */
@@ -351,8 +368,12 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
351 struct sk_buff *skb; 368 struct sk_buff *skb;
352 struct l2cap_hdr *lh; 369 struct l2cap_hdr *lh;
353 struct l2cap_conn *conn = pi->conn; 370 struct l2cap_conn *conn = pi->conn;
371 struct sock *sk = (struct sock *)pi;
354 int count, hlen = L2CAP_HDR_SIZE + 2; 372 int count, hlen = L2CAP_HDR_SIZE + 2;
355 373
374 if (sk->sk_state != BT_CONNECTED)
375 return;
376
356 if (pi->fcs == L2CAP_FCS_CRC16) 377 if (pi->fcs == L2CAP_FCS_CRC16)
357 hlen += 2; 378 hlen += 2;
358 379
@@ -440,24 +461,57 @@ static void l2cap_do_start(struct sock *sk)
440 } 461 }
441} 462}
442 463
443static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk) 464static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
465{
466 u32 local_feat_mask = l2cap_feat_mask;
467 if (!disable_ertm)
468 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
469
470 switch (mode) {
471 case L2CAP_MODE_ERTM:
472 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
473 case L2CAP_MODE_STREAMING:
474 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
475 default:
476 return 0x00;
477 }
478}
479
480static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
444{ 481{
445 struct l2cap_disconn_req req; 482 struct l2cap_disconn_req req;
446 483
484 if (!conn)
485 return;
486
487 skb_queue_purge(TX_QUEUE(sk));
488
489 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
490 del_timer(&l2cap_pi(sk)->retrans_timer);
491 del_timer(&l2cap_pi(sk)->monitor_timer);
492 del_timer(&l2cap_pi(sk)->ack_timer);
493 }
494
447 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 495 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
448 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 496 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
449 l2cap_send_cmd(conn, l2cap_get_ident(conn), 497 l2cap_send_cmd(conn, l2cap_get_ident(conn),
450 L2CAP_DISCONN_REQ, sizeof(req), &req); 498 L2CAP_DISCONN_REQ, sizeof(req), &req);
499
500 sk->sk_state = BT_DISCONN;
501 sk->sk_err = err;
451} 502}
452 503
453/* ---- L2CAP connections ---- */ 504/* ---- L2CAP connections ---- */
454static void l2cap_conn_start(struct l2cap_conn *conn) 505static void l2cap_conn_start(struct l2cap_conn *conn)
455{ 506{
456 struct l2cap_chan_list *l = &conn->chan_list; 507 struct l2cap_chan_list *l = &conn->chan_list;
508 struct sock_del_list del, *tmp1, *tmp2;
457 struct sock *sk; 509 struct sock *sk;
458 510
459 BT_DBG("conn %p", conn); 511 BT_DBG("conn %p", conn);
460 512
513 INIT_LIST_HEAD(&del.list);
514
461 read_lock(&l->lock); 515 read_lock(&l->lock);
462 516
463 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 517 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
@@ -470,20 +524,38 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
470 } 524 }
471 525
472 if (sk->sk_state == BT_CONNECT) { 526 if (sk->sk_state == BT_CONNECT) {
473 if (l2cap_check_security(sk) && 527 struct l2cap_conn_req req;
474 __l2cap_no_conn_pending(sk)) {
475 struct l2cap_conn_req req;
476 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
477 req.psm = l2cap_pi(sk)->psm;
478 528
479 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 529 if (!l2cap_check_security(sk) ||
480 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; 530 !__l2cap_no_conn_pending(sk)) {
531 bh_unlock_sock(sk);
532 continue;
533 }
481 534
482 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 535 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
483 L2CAP_CONN_REQ, sizeof(req), &req); 536 conn->feat_mask)
537 && l2cap_pi(sk)->conf_state &
538 L2CAP_CONF_STATE2_DEVICE) {
539 tmp1 = kzalloc(sizeof(struct sock_del_list),
540 GFP_ATOMIC);
541 tmp1->sk = sk;
542 list_add_tail(&tmp1->list, &del.list);
543 bh_unlock_sock(sk);
544 continue;
484 } 545 }
546
547 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
548 req.psm = l2cap_pi(sk)->psm;
549
550 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
551 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
552
553 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
554 L2CAP_CONN_REQ, sizeof(req), &req);
555
485 } else if (sk->sk_state == BT_CONNECT2) { 556 } else if (sk->sk_state == BT_CONNECT2) {
486 struct l2cap_conn_rsp rsp; 557 struct l2cap_conn_rsp rsp;
558 char buf[128];
487 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 559 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
488 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 560 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
489 561
@@ -506,12 +578,31 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
506 578
507 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 579 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
508 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 580 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
581
582 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
583 rsp.result != L2CAP_CR_SUCCESS) {
584 bh_unlock_sock(sk);
585 continue;
586 }
587
588 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
589 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
590 l2cap_build_conf_req(sk, buf), buf);
591 l2cap_pi(sk)->num_conf_req++;
509 } 592 }
510 593
511 bh_unlock_sock(sk); 594 bh_unlock_sock(sk);
512 } 595 }
513 596
514 read_unlock(&l->lock); 597 read_unlock(&l->lock);
598
599 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
600 bh_lock_sock(tmp1->sk);
601 __l2cap_sock_close(tmp1->sk, ECONNRESET);
602 bh_unlock_sock(tmp1->sk);
603 list_del(&tmp1->list);
604 kfree(tmp1);
605 }
515} 606}
516 607
517static void l2cap_conn_ready(struct l2cap_conn *conn) 608static void l2cap_conn_ready(struct l2cap_conn *conn)
@@ -740,9 +831,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
740 sk->sk_type == SOCK_STREAM) { 831 sk->sk_type == SOCK_STREAM) {
741 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
742 833
743 sk->sk_state = BT_DISCONN;
744 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
745 l2cap_send_disconn_req(conn, sk); 835 l2cap_send_disconn_req(conn, sk, reason);
746 } else 836 } else
747 l2cap_chan_del(sk, reason); 837 l2cap_chan_del(sk, reason);
748 break; 838 break;
@@ -802,6 +892,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
802 892
803 pi->imtu = l2cap_pi(parent)->imtu; 893 pi->imtu = l2cap_pi(parent)->imtu;
804 pi->omtu = l2cap_pi(parent)->omtu; 894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
805 pi->mode = l2cap_pi(parent)->mode; 896 pi->mode = l2cap_pi(parent)->mode;
806 pi->fcs = l2cap_pi(parent)->fcs; 897 pi->fcs = l2cap_pi(parent)->fcs;
807 pi->max_tx = l2cap_pi(parent)->max_tx; 898 pi->max_tx = l2cap_pi(parent)->max_tx;
@@ -812,13 +903,15 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
812 } else { 903 } else {
813 pi->imtu = L2CAP_DEFAULT_MTU; 904 pi->imtu = L2CAP_DEFAULT_MTU;
814 pi->omtu = 0; 905 pi->omtu = 0;
815 if (enable_ertm && sk->sk_type == SOCK_STREAM) 906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
816 pi->mode = L2CAP_MODE_ERTM; 907 pi->mode = L2CAP_MODE_ERTM;
817 else 908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
909 } else {
818 pi->mode = L2CAP_MODE_BASIC; 910 pi->mode = L2CAP_MODE_BASIC;
819 pi->max_tx = max_transmit; 911 }
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
820 pi->fcs = L2CAP_FCS_CRC16; 913 pi->fcs = L2CAP_FCS_CRC16;
821 pi->tx_win = tx_window; 914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
822 pi->sec_level = BT_SECURITY_LOW; 915 pi->sec_level = BT_SECURITY_LOW;
823 pi->role_switch = 0; 916 pi->role_switch = 0;
824 pi->force_reliable = 0; 917 pi->force_reliable = 0;
@@ -1067,7 +1160,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
1067 break; 1160 break;
1068 case L2CAP_MODE_ERTM: 1161 case L2CAP_MODE_ERTM:
1069 case L2CAP_MODE_STREAMING: 1162 case L2CAP_MODE_STREAMING:
1070 if (enable_ertm) 1163 if (!disable_ertm)
1071 break; 1164 break;
1072 /* fall through */ 1165 /* fall through */
1073 default: 1166 default:
@@ -1084,6 +1177,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
1084 1177
1085 case BT_CONNECTED: 1178 case BT_CONNECTED:
1086 /* Already connected */ 1179 /* Already connected */
1180 err = -EISCONN;
1087 goto done; 1181 goto done;
1088 1182
1089 case BT_OPEN: 1183 case BT_OPEN:
@@ -1132,7 +1226,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
1132 break; 1226 break;
1133 case L2CAP_MODE_ERTM: 1227 case L2CAP_MODE_ERTM:
1134 case L2CAP_MODE_STREAMING: 1228 case L2CAP_MODE_STREAMING:
1135 if (enable_ertm) 1229 if (!disable_ertm)
1136 break; 1230 break;
1137 /* fall through */ 1231 /* fall through */
1138 default: 1232 default:
@@ -1285,9 +1379,11 @@ static void l2cap_monitor_timeout(unsigned long arg)
1285{ 1379{
1286 struct sock *sk = (void *) arg; 1380 struct sock *sk = (void *) arg;
1287 1381
1382 BT_DBG("sk %p", sk);
1383
1288 bh_lock_sock(sk); 1384 bh_lock_sock(sk);
1289 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 1385 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1290 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk); 1386 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1291 bh_unlock_sock(sk); 1387 bh_unlock_sock(sk);
1292 return; 1388 return;
1293 } 1389 }
@@ -1303,6 +1399,8 @@ static void l2cap_retrans_timeout(unsigned long arg)
1303{ 1399{
1304 struct sock *sk = (void *) arg; 1400 struct sock *sk = (void *) arg;
1305 1401
1402 BT_DBG("sk %p", sk);
1403
1306 bh_lock_sock(sk); 1404 bh_lock_sock(sk);
1307 l2cap_pi(sk)->retry_count = 1; 1405 l2cap_pi(sk)->retry_count = 1;
1308 __mod_monitor_timer(); 1406 __mod_monitor_timer();
@@ -1341,7 +1439,7 @@ static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1341 hci_send_acl(pi->conn->hcon, skb, 0); 1439 hci_send_acl(pi->conn->hcon, skb, 0);
1342} 1440}
1343 1441
1344static int l2cap_streaming_send(struct sock *sk) 1442static void l2cap_streaming_send(struct sock *sk)
1345{ 1443{
1346 struct sk_buff *skb, *tx_skb; 1444 struct sk_buff *skb, *tx_skb;
1347 struct l2cap_pinfo *pi = l2cap_pi(sk); 1445 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -1371,7 +1469,6 @@ static int l2cap_streaming_send(struct sock *sk)
1371 skb = skb_dequeue(TX_QUEUE(sk)); 1469 skb = skb_dequeue(TX_QUEUE(sk));
1372 kfree_skb(skb); 1470 kfree_skb(skb);
1373 } 1471 }
1374 return 0;
1375} 1472}
1376 1473
1377static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) 1474static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
@@ -1395,15 +1492,22 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1395 1492
1396 if (pi->remote_max_tx && 1493 if (pi->remote_max_tx &&
1397 bt_cb(skb)->retries == pi->remote_max_tx) { 1494 bt_cb(skb)->retries == pi->remote_max_tx) {
1398 l2cap_send_disconn_req(pi->conn, sk); 1495 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1399 return; 1496 return;
1400 } 1497 }
1401 1498
1402 tx_skb = skb_clone(skb, GFP_ATOMIC); 1499 tx_skb = skb_clone(skb, GFP_ATOMIC);
1403 bt_cb(skb)->retries++; 1500 bt_cb(skb)->retries++;
1404 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1501 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1502
1503 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1504 control |= L2CAP_CTRL_FINAL;
1505 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1506 }
1507
1405 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1508 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1406 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1509 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1510
1407 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1511 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1408 1512
1409 if (pi->fcs == L2CAP_FCS_CRC16) { 1513 if (pi->fcs == L2CAP_FCS_CRC16) {
@@ -1421,15 +1525,14 @@ static int l2cap_ertm_send(struct sock *sk)
1421 u16 control, fcs; 1525 u16 control, fcs;
1422 int nsent = 0; 1526 int nsent = 0;
1423 1527
1424 if (pi->conn_state & L2CAP_CONN_WAIT_F) 1528 if (sk->sk_state != BT_CONNECTED)
1425 return 0; 1529 return -ENOTCONN;
1426 1530
1427 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) && 1531 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1428 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1429 1532
1430 if (pi->remote_max_tx && 1533 if (pi->remote_max_tx &&
1431 bt_cb(skb)->retries == pi->remote_max_tx) { 1534 bt_cb(skb)->retries == pi->remote_max_tx) {
1432 l2cap_send_disconn_req(pi->conn, sk); 1535 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1433 break; 1536 break;
1434 } 1537 }
1435 1538
@@ -1438,6 +1541,8 @@ static int l2cap_ertm_send(struct sock *sk)
1438 bt_cb(skb)->retries++; 1541 bt_cb(skb)->retries++;
1439 1542
1440 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1543 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1544 control &= L2CAP_CTRL_SAR;
1545
1441 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1546 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1442 control |= L2CAP_CTRL_FINAL; 1547 control |= L2CAP_CTRL_FINAL;
1443 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; 1548 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
@@ -1478,16 +1583,11 @@ static int l2cap_retransmit_frames(struct sock *sk)
1478 struct l2cap_pinfo *pi = l2cap_pi(sk); 1583 struct l2cap_pinfo *pi = l2cap_pi(sk);
1479 int ret; 1584 int ret;
1480 1585
1481 spin_lock_bh(&pi->send_lock);
1482
1483 if (!skb_queue_empty(TX_QUEUE(sk))) 1586 if (!skb_queue_empty(TX_QUEUE(sk)))
1484 sk->sk_send_head = TX_QUEUE(sk)->next; 1587 sk->sk_send_head = TX_QUEUE(sk)->next;
1485 1588
1486 pi->next_tx_seq = pi->expected_ack_seq; 1589 pi->next_tx_seq = pi->expected_ack_seq;
1487 ret = l2cap_ertm_send(sk); 1590 ret = l2cap_ertm_send(sk);
1488
1489 spin_unlock_bh(&pi->send_lock);
1490
1491 return ret; 1591 return ret;
1492} 1592}
1493 1593
@@ -1495,7 +1595,6 @@ static void l2cap_send_ack(struct l2cap_pinfo *pi)
1495{ 1595{
1496 struct sock *sk = (struct sock *)pi; 1596 struct sock *sk = (struct sock *)pi;
1497 u16 control = 0; 1597 u16 control = 0;
1498 int nframes;
1499 1598
1500 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 1599 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1501 1600
@@ -1506,11 +1605,7 @@ static void l2cap_send_ack(struct l2cap_pinfo *pi)
1506 return; 1605 return;
1507 } 1606 }
1508 1607
1509 spin_lock_bh(&pi->send_lock); 1608 if (l2cap_ertm_send(sk) > 0)
1510 nframes = l2cap_ertm_send(sk);
1511 spin_unlock_bh(&pi->send_lock);
1512
1513 if (nframes > 0)
1514 return; 1609 return;
1515 1610
1516 control |= L2CAP_SUPER_RCV_READY; 1611 control |= L2CAP_SUPER_RCV_READY;
@@ -1705,10 +1800,8 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
1705 size += buflen; 1800 size += buflen;
1706 } 1801 }
1707 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk)); 1802 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1708 spin_lock_bh(&pi->send_lock);
1709 if (sk->sk_send_head == NULL) 1803 if (sk->sk_send_head == NULL)
1710 sk->sk_send_head = sar_queue.next; 1804 sk->sk_send_head = sar_queue.next;
1711 spin_unlock_bh(&pi->send_lock);
1712 1805
1713 return size; 1806 return size;
1714} 1807}
@@ -1753,7 +1846,7 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1753 case L2CAP_MODE_BASIC: 1846 case L2CAP_MODE_BASIC:
1754 /* Check outgoing MTU */ 1847 /* Check outgoing MTU */
1755 if (len > pi->omtu) { 1848 if (len > pi->omtu) {
1756 err = -EINVAL; 1849 err = -EMSGSIZE;
1757 goto done; 1850 goto done;
1758 } 1851 }
1759 1852
@@ -1780,14 +1873,9 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1780 } 1873 }
1781 __skb_queue_tail(TX_QUEUE(sk), skb); 1874 __skb_queue_tail(TX_QUEUE(sk), skb);
1782 1875
1783 if (pi->mode == L2CAP_MODE_ERTM)
1784 spin_lock_bh(&pi->send_lock);
1785
1786 if (sk->sk_send_head == NULL) 1876 if (sk->sk_send_head == NULL)
1787 sk->sk_send_head = skb; 1877 sk->sk_send_head = skb;
1788 1878
1789 if (pi->mode == L2CAP_MODE_ERTM)
1790 spin_unlock_bh(&pi->send_lock);
1791 } else { 1879 } else {
1792 /* Segment SDU into multiples PDUs */ 1880 /* Segment SDU into multiples PDUs */
1793 err = l2cap_sar_segment_sdu(sk, msg, len); 1881 err = l2cap_sar_segment_sdu(sk, msg, len);
@@ -1796,11 +1884,14 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1796 } 1884 }
1797 1885
1798 if (pi->mode == L2CAP_MODE_STREAMING) { 1886 if (pi->mode == L2CAP_MODE_STREAMING) {
1799 err = l2cap_streaming_send(sk); 1887 l2cap_streaming_send(sk);
1800 } else { 1888 } else {
1801 spin_lock_bh(&pi->send_lock); 1889 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1890 pi->conn_state && L2CAP_CONN_WAIT_F) {
1891 err = len;
1892 break;
1893 }
1802 err = l2cap_ertm_send(sk); 1894 err = l2cap_ertm_send(sk);
1803 spin_unlock_bh(&pi->send_lock);
1804 } 1895 }
1805 1896
1806 if (err >= 0) 1897 if (err >= 0)
@@ -1809,7 +1900,7 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1809 1900
1810 default: 1901 default:
1811 BT_DBG("bad state %1.1x", pi->mode); 1902 BT_DBG("bad state %1.1x", pi->mode);
1812 err = -EINVAL; 1903 err = -EBADFD;
1813 } 1904 }
1814 1905
1815done: 1906done:
@@ -1825,6 +1916,8 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
1825 1916
1826 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 1917 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1827 struct l2cap_conn_rsp rsp; 1918 struct l2cap_conn_rsp rsp;
1919 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1920 u8 buf[128];
1828 1921
1829 sk->sk_state = BT_CONFIG; 1922 sk->sk_state = BT_CONFIG;
1830 1923
@@ -1835,6 +1928,16 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
1835 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident, 1928 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1836 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1929 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1837 1930
1931 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1932 release_sock(sk);
1933 return 0;
1934 }
1935
1936 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1937 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1938 l2cap_build_conf_req(sk, buf), buf);
1939 l2cap_pi(sk)->num_conf_req++;
1940
1838 release_sock(sk); 1941 release_sock(sk);
1839 return 0; 1942 return 0;
1840 } 1943 }
@@ -1871,13 +1974,19 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1871 break; 1974 break;
1872 } 1975 }
1873 1976
1977 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1978 err = -EINVAL;
1979 break;
1980 }
1981
1874 l2cap_pi(sk)->mode = opts.mode; 1982 l2cap_pi(sk)->mode = opts.mode;
1875 switch (l2cap_pi(sk)->mode) { 1983 switch (l2cap_pi(sk)->mode) {
1876 case L2CAP_MODE_BASIC: 1984 case L2CAP_MODE_BASIC:
1985 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
1877 break; 1986 break;
1878 case L2CAP_MODE_ERTM: 1987 case L2CAP_MODE_ERTM:
1879 case L2CAP_MODE_STREAMING: 1988 case L2CAP_MODE_STREAMING:
1880 if (enable_ertm) 1989 if (!disable_ertm)
1881 break; 1990 break;
1882 /* fall through */ 1991 /* fall through */
1883 default: 1992 default:
@@ -2145,6 +2254,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
2145 err = bt_sock_wait_state(sk, BT_CLOSED, 2254 err = bt_sock_wait_state(sk, BT_CLOSED,
2146 sk->sk_lingertime); 2255 sk->sk_lingertime);
2147 } 2256 }
2257
2258 if (!err && sk->sk_err)
2259 err = -sk->sk_err;
2260
2148 release_sock(sk); 2261 release_sock(sk);
2149 return err; 2262 return err;
2150} 2263}
@@ -2365,25 +2478,10 @@ static inline void l2cap_ertm_init(struct sock *sk)
2365 2478
2366 __skb_queue_head_init(SREJ_QUEUE(sk)); 2479 __skb_queue_head_init(SREJ_QUEUE(sk));
2367 __skb_queue_head_init(BUSY_QUEUE(sk)); 2480 __skb_queue_head_init(BUSY_QUEUE(sk));
2368 spin_lock_init(&l2cap_pi(sk)->send_lock);
2369 2481
2370 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work); 2482 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2371}
2372 2483
2373static int l2cap_mode_supported(__u8 mode, __u32 feat_mask) 2484 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2374{
2375 u32 local_feat_mask = l2cap_feat_mask;
2376 if (enable_ertm)
2377 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2378
2379 switch (mode) {
2380 case L2CAP_MODE_ERTM:
2381 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2382 case L2CAP_MODE_STREAMING:
2383 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2384 default:
2385 return 0x00;
2386 }
2387} 2485}
2388 2486
2389static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask) 2487static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
@@ -2414,10 +2512,10 @@ static int l2cap_build_conf_req(struct sock *sk, void *data)
2414 switch (pi->mode) { 2512 switch (pi->mode) {
2415 case L2CAP_MODE_STREAMING: 2513 case L2CAP_MODE_STREAMING:
2416 case L2CAP_MODE_ERTM: 2514 case L2CAP_MODE_ERTM:
2417 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE; 2515 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2418 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask)) 2516 break;
2419 l2cap_send_disconn_req(pi->conn, sk); 2517
2420 break; 2518 /* fall through */
2421 default: 2519 default:
2422 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask); 2520 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2423 break; 2521 break;
@@ -2428,6 +2526,14 @@ done:
2428 case L2CAP_MODE_BASIC: 2526 case L2CAP_MODE_BASIC:
2429 if (pi->imtu != L2CAP_DEFAULT_MTU) 2527 if (pi->imtu != L2CAP_DEFAULT_MTU)
2430 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 2528 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2529
2530 rfc.mode = L2CAP_MODE_BASIC;
2531 rfc.txwin_size = 0;
2532 rfc.max_transmit = 0;
2533 rfc.retrans_timeout = 0;
2534 rfc.monitor_timeout = 0;
2535 rfc.max_pdu_size = 0;
2536
2431 break; 2537 break;
2432 2538
2433 case L2CAP_MODE_ERTM: 2539 case L2CAP_MODE_ERTM:
@@ -2440,9 +2546,6 @@ done:
2440 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 2546 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2441 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 2547 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2442 2548
2443 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2444 sizeof(rfc), (unsigned long) &rfc);
2445
2446 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 2549 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2447 break; 2550 break;
2448 2551
@@ -2463,9 +2566,6 @@ done:
2463 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) 2566 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2464 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); 2567 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2465 2568
2466 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2467 sizeof(rfc), (unsigned long) &rfc);
2468
2469 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) 2569 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2470 break; 2570 break;
2471 2571
@@ -2477,6 +2577,9 @@ done:
2477 break; 2577 break;
2478 } 2578 }
2479 2579
2580 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2581 (unsigned long) &rfc);
2582
2480 /* FIXME: Need actual value of the flush timeout */ 2583 /* FIXME: Need actual value of the flush timeout */
2481 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO) 2584 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2482 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to); 2585 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
@@ -2541,18 +2644,21 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
2541 } 2644 }
2542 } 2645 }
2543 2646
2544 if (pi->num_conf_rsp || pi->num_conf_req) 2647 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2545 goto done; 2648 goto done;
2546 2649
2547 switch (pi->mode) { 2650 switch (pi->mode) {
2548 case L2CAP_MODE_STREAMING: 2651 case L2CAP_MODE_STREAMING:
2549 case L2CAP_MODE_ERTM: 2652 case L2CAP_MODE_ERTM:
2550 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE; 2653 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2551 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask)) 2654 pi->mode = l2cap_select_mode(rfc.mode,
2655 pi->conn->feat_mask);
2656 break;
2657 }
2658
2659 if (pi->mode != rfc.mode)
2552 return -ECONNREFUSED; 2660 return -ECONNREFUSED;
2553 break; 2661
2554 default:
2555 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2556 break; 2662 break;
2557 } 2663 }
2558 2664
@@ -2675,7 +2781,6 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
2675 rfc.mode != pi->mode) 2781 rfc.mode != pi->mode)
2676 return -ECONNREFUSED; 2782 return -ECONNREFUSED;
2677 2783
2678 pi->mode = rfc.mode;
2679 pi->fcs = 0; 2784 pi->fcs = 0;
2680 2785
2681 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 2786 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
@@ -2684,6 +2789,11 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
2684 } 2789 }
2685 } 2790 }
2686 2791
2792 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2793 return -ECONNREFUSED;
2794
2795 pi->mode = rfc.mode;
2796
2687 if (*result == L2CAP_CONF_SUCCESS) { 2797 if (*result == L2CAP_CONF_SUCCESS) {
2688 switch (rfc.mode) { 2798 switch (rfc.mode) {
2689 case L2CAP_MODE_ERTM: 2799 case L2CAP_MODE_ERTM:
@@ -2778,7 +2888,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2778 struct l2cap_chan_list *list = &conn->chan_list; 2888 struct l2cap_chan_list *list = &conn->chan_list;
2779 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 2889 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2780 struct l2cap_conn_rsp rsp; 2890 struct l2cap_conn_rsp rsp;
2781 struct sock *sk, *parent; 2891 struct sock *parent, *uninitialized_var(sk);
2782 int result, status = L2CAP_CS_NO_INFO; 2892 int result, status = L2CAP_CS_NO_INFO;
2783 2893
2784 u16 dcid = 0, scid = __le16_to_cpu(req->scid); 2894 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
@@ -2887,6 +2997,15 @@ sendresp:
2887 L2CAP_INFO_REQ, sizeof(info), &info); 2997 L2CAP_INFO_REQ, sizeof(info), &info);
2888 } 2998 }
2889 2999
3000 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3001 result == L2CAP_CR_SUCCESS) {
3002 u8 buf[128];
3003 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3004 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3005 l2cap_build_conf_req(sk, buf), buf);
3006 l2cap_pi(sk)->num_conf_req++;
3007 }
3008
2890 return 0; 3009 return 0;
2891} 3010}
2892 3011
@@ -2907,11 +3026,11 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2907 if (scid) { 3026 if (scid) {
2908 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); 3027 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2909 if (!sk) 3028 if (!sk)
2910 return 0; 3029 return -EFAULT;
2911 } else { 3030 } else {
2912 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident); 3031 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2913 if (!sk) 3032 if (!sk)
2914 return 0; 3033 return -EFAULT;
2915 } 3034 }
2916 3035
2917 switch (result) { 3036 switch (result) {
@@ -2919,9 +3038,13 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2919 sk->sk_state = BT_CONFIG; 3038 sk->sk_state = BT_CONFIG;
2920 l2cap_pi(sk)->ident = 0; 3039 l2cap_pi(sk)->ident = 0;
2921 l2cap_pi(sk)->dcid = dcid; 3040 l2cap_pi(sk)->dcid = dcid;
2922 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2923 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; 3041 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2924 3042
3043 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3044 break;
3045
3046 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3047
2925 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3048 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2926 l2cap_build_conf_req(sk, req), req); 3049 l2cap_build_conf_req(sk, req), req);
2927 l2cap_pi(sk)->num_conf_req++; 3050 l2cap_pi(sk)->num_conf_req++;
@@ -2957,8 +3080,14 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2957 if (!sk) 3080 if (!sk)
2958 return -ENOENT; 3081 return -ENOENT;
2959 3082
2960 if (sk->sk_state == BT_DISCONN) 3083 if (sk->sk_state != BT_CONFIG) {
3084 struct l2cap_cmd_rej rej;
3085
3086 rej.reason = cpu_to_le16(0x0002);
3087 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3088 sizeof(rej), &rej);
2961 goto unlock; 3089 goto unlock;
3090 }
2962 3091
2963 /* Reject if config buffer is too small. */ 3092 /* Reject if config buffer is too small. */
2964 len = cmd_len - sizeof(*req); 3093 len = cmd_len - sizeof(*req);
@@ -2984,7 +3113,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2984 /* Complete config. */ 3113 /* Complete config. */
2985 len = l2cap_parse_conf_req(sk, rsp); 3114 len = l2cap_parse_conf_req(sk, rsp);
2986 if (len < 0) { 3115 if (len < 0) {
2987 l2cap_send_disconn_req(conn, sk); 3116 l2cap_send_disconn_req(conn, sk, ECONNRESET);
2988 goto unlock; 3117 goto unlock;
2989 } 3118 }
2990 3119
@@ -3054,7 +3183,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3054 char req[64]; 3183 char req[64];
3055 3184
3056 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 3185 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3057 l2cap_send_disconn_req(conn, sk); 3186 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3058 goto done; 3187 goto done;
3059 } 3188 }
3060 3189
@@ -3063,7 +3192,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3063 len = l2cap_parse_conf_rsp(sk, rsp->data, 3192 len = l2cap_parse_conf_rsp(sk, rsp->data,
3064 len, req, &result); 3193 len, req, &result);
3065 if (len < 0) { 3194 if (len < 0) {
3066 l2cap_send_disconn_req(conn, sk); 3195 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3067 goto done; 3196 goto done;
3068 } 3197 }
3069 3198
@@ -3076,10 +3205,9 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3076 } 3205 }
3077 3206
3078 default: 3207 default:
3079 sk->sk_state = BT_DISCONN;
3080 sk->sk_err = ECONNRESET; 3208 sk->sk_err = ECONNRESET;
3081 l2cap_sock_set_timer(sk, HZ * 5); 3209 l2cap_sock_set_timer(sk, HZ * 5);
3082 l2cap_send_disconn_req(conn, sk); 3210 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3083 goto done; 3211 goto done;
3084 } 3212 }
3085 3213
@@ -3130,16 +3258,6 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3130 3258
3131 sk->sk_shutdown = SHUTDOWN_MASK; 3259 sk->sk_shutdown = SHUTDOWN_MASK;
3132 3260
3133 skb_queue_purge(TX_QUEUE(sk));
3134
3135 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
3136 skb_queue_purge(SREJ_QUEUE(sk));
3137 skb_queue_purge(BUSY_QUEUE(sk));
3138 del_timer(&l2cap_pi(sk)->retrans_timer);
3139 del_timer(&l2cap_pi(sk)->monitor_timer);
3140 del_timer(&l2cap_pi(sk)->ack_timer);
3141 }
3142
3143 l2cap_chan_del(sk, ECONNRESET); 3261 l2cap_chan_del(sk, ECONNRESET);
3144 bh_unlock_sock(sk); 3262 bh_unlock_sock(sk);
3145 3263
@@ -3162,16 +3280,6 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3162 if (!sk) 3280 if (!sk)
3163 return 0; 3281 return 0;
3164 3282
3165 skb_queue_purge(TX_QUEUE(sk));
3166
3167 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
3168 skb_queue_purge(SREJ_QUEUE(sk));
3169 skb_queue_purge(BUSY_QUEUE(sk));
3170 del_timer(&l2cap_pi(sk)->retrans_timer);
3171 del_timer(&l2cap_pi(sk)->monitor_timer);
3172 del_timer(&l2cap_pi(sk)->ack_timer);
3173 }
3174
3175 l2cap_chan_del(sk, 0); 3283 l2cap_chan_del(sk, 0);
3176 bh_unlock_sock(sk); 3284 bh_unlock_sock(sk);
3177 3285
@@ -3194,7 +3302,7 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3194 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 3302 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3195 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 3303 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3196 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); 3304 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3197 if (enable_ertm) 3305 if (!disable_ertm)
3198 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 3306 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3199 | L2CAP_FEAT_FCS; 3307 | L2CAP_FEAT_FCS;
3200 put_unaligned_le32(feat_mask, rsp->data); 3308 put_unaligned_le32(feat_mask, rsp->data);
@@ -3359,7 +3467,7 @@ static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3359 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size); 3467 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3360 3468
3361 if (our_fcs != rcv_fcs) 3469 if (our_fcs != rcv_fcs)
3362 return -EINVAL; 3470 return -EBADMSG;
3363 } 3471 }
3364 return 0; 3472 return 0;
3365} 3473}
@@ -3370,25 +3478,19 @@ static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3370 u16 control = 0; 3478 u16 control = 0;
3371 3479
3372 pi->frames_sent = 0; 3480 pi->frames_sent = 0;
3373 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3374 3481
3375 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; 3482 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3376 3483
3377 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 3484 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3378 control |= L2CAP_SUPER_RCV_NOT_READY | L2CAP_CTRL_FINAL; 3485 control |= L2CAP_SUPER_RCV_NOT_READY;
3379 l2cap_send_sframe(pi, control); 3486 l2cap_send_sframe(pi, control);
3380 pi->conn_state |= L2CAP_CONN_RNR_SENT; 3487 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3381 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3382 } 3488 }
3383 3489
3384 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && pi->unacked_frames > 0) 3490 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3385 __mod_retrans_timer(); 3491 l2cap_retransmit_frames(sk);
3386
3387 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3388 3492
3389 spin_lock_bh(&pi->send_lock);
3390 l2cap_ertm_send(sk); 3493 l2cap_ertm_send(sk);
3391 spin_unlock_bh(&pi->send_lock);
3392 3494
3393 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) && 3495 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3394 pi->frames_sent == 0) { 3496 pi->frames_sent == 0) {
@@ -3400,6 +3502,8 @@ static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3400static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar) 3502static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3401{ 3503{
3402 struct sk_buff *next_skb; 3504 struct sk_buff *next_skb;
3505 struct l2cap_pinfo *pi = l2cap_pi(sk);
3506 int tx_seq_offset, next_tx_seq_offset;
3403 3507
3404 bt_cb(skb)->tx_seq = tx_seq; 3508 bt_cb(skb)->tx_seq = tx_seq;
3405 bt_cb(skb)->sar = sar; 3509 bt_cb(skb)->sar = sar;
@@ -3410,11 +3514,20 @@ static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_s
3410 return 0; 3514 return 0;
3411 } 3515 }
3412 3516
3517 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3518 if (tx_seq_offset < 0)
3519 tx_seq_offset += 64;
3520
3413 do { 3521 do {
3414 if (bt_cb(next_skb)->tx_seq == tx_seq) 3522 if (bt_cb(next_skb)->tx_seq == tx_seq)
3415 return -EINVAL; 3523 return -EINVAL;
3416 3524
3417 if (bt_cb(next_skb)->tx_seq > tx_seq) { 3525 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3526 pi->buffer_seq) % 64;
3527 if (next_tx_seq_offset < 0)
3528 next_tx_seq_offset += 64;
3529
3530 if (next_tx_seq_offset > tx_seq_offset) {
3418 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb); 3531 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3419 return 0; 3532 return 0;
3420 } 3533 }
@@ -3532,11 +3645,51 @@ drop:
3532 pi->sdu = NULL; 3645 pi->sdu = NULL;
3533 3646
3534disconnect: 3647disconnect:
3535 l2cap_send_disconn_req(pi->conn, sk); 3648 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3536 kfree_skb(skb); 3649 kfree_skb(skb);
3537 return 0; 3650 return 0;
3538} 3651}
3539 3652
3653static int l2cap_try_push_rx_skb(struct sock *sk)
3654{
3655 struct l2cap_pinfo *pi = l2cap_pi(sk);
3656 struct sk_buff *skb;
3657 u16 control;
3658 int err;
3659
3660 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3661 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3662 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3663 if (err < 0) {
3664 skb_queue_head(BUSY_QUEUE(sk), skb);
3665 return -EBUSY;
3666 }
3667
3668 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3669 }
3670
3671 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3672 goto done;
3673
3674 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3675 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3676 l2cap_send_sframe(pi, control);
3677 l2cap_pi(sk)->retry_count = 1;
3678
3679 del_timer(&pi->retrans_timer);
3680 __mod_monitor_timer();
3681
3682 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3683
3684done:
3685 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3686 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3687
3688 BT_DBG("sk %p, Exit local busy", sk);
3689
3690 return 0;
3691}
3692
3540static void l2cap_busy_work(struct work_struct *work) 3693static void l2cap_busy_work(struct work_struct *work)
3541{ 3694{
3542 DECLARE_WAITQUEUE(wait, current); 3695 DECLARE_WAITQUEUE(wait, current);
@@ -3545,7 +3698,6 @@ static void l2cap_busy_work(struct work_struct *work)
3545 struct sock *sk = (struct sock *)pi; 3698 struct sock *sk = (struct sock *)pi;
3546 int n_tries = 0, timeo = HZ/5, err; 3699 int n_tries = 0, timeo = HZ/5, err;
3547 struct sk_buff *skb; 3700 struct sk_buff *skb;
3548 u16 control;
3549 3701
3550 lock_sock(sk); 3702 lock_sock(sk);
3551 3703
@@ -3555,8 +3707,8 @@ static void l2cap_busy_work(struct work_struct *work)
3555 3707
3556 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { 3708 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3557 err = -EBUSY; 3709 err = -EBUSY;
3558 l2cap_send_disconn_req(pi->conn, sk); 3710 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3559 goto done; 3711 break;
3560 } 3712 }
3561 3713
3562 if (!timeo) 3714 if (!timeo)
@@ -3564,7 +3716,7 @@ static void l2cap_busy_work(struct work_struct *work)
3564 3716
3565 if (signal_pending(current)) { 3717 if (signal_pending(current)) {
3566 err = sock_intr_errno(timeo); 3718 err = sock_intr_errno(timeo);
3567 goto done; 3719 break;
3568 } 3720 }
3569 3721
3570 release_sock(sk); 3722 release_sock(sk);
@@ -3573,40 +3725,12 @@ static void l2cap_busy_work(struct work_struct *work)
3573 3725
3574 err = sock_error(sk); 3726 err = sock_error(sk);
3575 if (err) 3727 if (err)
3576 goto done; 3728 break;
3577
3578 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3579 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3580 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3581 if (err < 0) {
3582 skb_queue_head(BUSY_QUEUE(sk), skb);
3583 break;
3584 }
3585
3586 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3587 }
3588 3729
3589 if (!skb) 3730 if (l2cap_try_push_rx_skb(sk) == 0)
3590 break; 3731 break;
3591 } 3732 }
3592 3733
3593 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3594 goto done;
3595
3596 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3597 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3598 l2cap_send_sframe(pi, control);
3599 l2cap_pi(sk)->retry_count = 1;
3600
3601 del_timer(&pi->retrans_timer);
3602 __mod_monitor_timer();
3603
3604 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3605
3606done:
3607 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3608 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3609
3610 set_current_state(TASK_RUNNING); 3734 set_current_state(TASK_RUNNING);
3611 remove_wait_queue(sk_sleep(sk), &wait); 3735 remove_wait_queue(sk_sleep(sk), &wait);
3612 3736
@@ -3621,7 +3745,9 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3621 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) { 3745 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3622 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3746 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3623 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3747 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3624 return -EBUSY; 3748 return l2cap_try_push_rx_skb(sk);
3749
3750
3625 } 3751 }
3626 3752
3627 err = l2cap_ertm_reassembly_sdu(sk, skb, control); 3753 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
@@ -3631,6 +3757,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3631 } 3757 }
3632 3758
3633 /* Busy Condition */ 3759 /* Busy Condition */
3760 BT_DBG("sk %p, Enter local busy", sk);
3761
3634 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY; 3762 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3635 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; 3763 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3636 __skb_queue_tail(BUSY_QUEUE(sk), skb); 3764 __skb_queue_tail(BUSY_QUEUE(sk), skb);
@@ -3641,6 +3769,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3641 3769
3642 pi->conn_state |= L2CAP_CONN_RNR_SENT; 3770 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3643 3771
3772 del_timer(&pi->ack_timer);
3773
3644 queue_work(_busy_wq, &pi->busy_work); 3774 queue_work(_busy_wq, &pi->busy_work);
3645 3775
3646 return err; 3776 return err;
@@ -3754,7 +3884,7 @@ static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3754 l2cap_ertm_reassembly_sdu(sk, skb, control); 3884 l2cap_ertm_reassembly_sdu(sk, skb, control);
3755 l2cap_pi(sk)->buffer_seq_srej = 3885 l2cap_pi(sk)->buffer_seq_srej =
3756 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; 3886 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3757 tx_seq++; 3887 tx_seq = (tx_seq + 1) % 64;
3758 } 3888 }
3759} 3889}
3760 3890
@@ -3790,10 +3920,11 @@ static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3790 l2cap_send_sframe(pi, control); 3920 l2cap_send_sframe(pi, control);
3791 3921
3792 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); 3922 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3793 new->tx_seq = pi->expected_tx_seq++; 3923 new->tx_seq = pi->expected_tx_seq;
3924 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3794 list_add_tail(&new->list, SREJ_LIST(sk)); 3925 list_add_tail(&new->list, SREJ_LIST(sk));
3795 } 3926 }
3796 pi->expected_tx_seq++; 3927 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3797} 3928}
3798 3929
3799static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) 3930static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
@@ -3802,11 +3933,12 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3802 u8 tx_seq = __get_txseq(rx_control); 3933 u8 tx_seq = __get_txseq(rx_control);
3803 u8 req_seq = __get_reqseq(rx_control); 3934 u8 req_seq = __get_reqseq(rx_control);
3804 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3935 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3805 u8 tx_seq_offset, expected_tx_seq_offset; 3936 int tx_seq_offset, expected_tx_seq_offset;
3806 int num_to_ack = (pi->tx_win/6) + 1; 3937 int num_to_ack = (pi->tx_win/6) + 1;
3807 int err = 0; 3938 int err = 0;
3808 3939
3809 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3940 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3941 rx_control);
3810 3942
3811 if (L2CAP_CTRL_FINAL & rx_control && 3943 if (L2CAP_CTRL_FINAL & rx_control &&
3812 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { 3944 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
@@ -3828,7 +3960,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3828 3960
3829 /* invalid tx_seq */ 3961 /* invalid tx_seq */
3830 if (tx_seq_offset >= pi->tx_win) { 3962 if (tx_seq_offset >= pi->tx_win) {
3831 l2cap_send_disconn_req(pi->conn, sk); 3963 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3832 goto drop; 3964 goto drop;
3833 } 3965 }
3834 3966
@@ -3851,6 +3983,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3851 pi->buffer_seq = pi->buffer_seq_srej; 3983 pi->buffer_seq = pi->buffer_seq_srej;
3852 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; 3984 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3853 l2cap_send_ack(pi); 3985 l2cap_send_ack(pi);
3986 BT_DBG("sk %p, Exit SREJ_SENT", sk);
3854 } 3987 }
3855 } else { 3988 } else {
3856 struct srej_list *l; 3989 struct srej_list *l;
@@ -3879,6 +4012,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3879 4012
3880 pi->conn_state |= L2CAP_CONN_SREJ_SENT; 4013 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3881 4014
4015 BT_DBG("sk %p, Enter SREJ", sk);
4016
3882 INIT_LIST_HEAD(SREJ_LIST(sk)); 4017 INIT_LIST_HEAD(SREJ_LIST(sk));
3883 pi->buffer_seq_srej = pi->buffer_seq; 4018 pi->buffer_seq_srej = pi->buffer_seq;
3884 4019
@@ -3889,6 +4024,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3889 pi->conn_state |= L2CAP_CONN_SEND_PBIT; 4024 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3890 4025
3891 l2cap_send_srejframe(sk, tx_seq); 4026 l2cap_send_srejframe(sk, tx_seq);
4027
4028 del_timer(&pi->ack_timer);
3892 } 4029 }
3893 return 0; 4030 return 0;
3894 4031
@@ -3902,6 +4039,10 @@ expected:
3902 return 0; 4039 return 0;
3903 } 4040 }
3904 4041
4042 err = l2cap_push_rx_skb(sk, skb, rx_control);
4043 if (err < 0)
4044 return 0;
4045
3905 if (rx_control & L2CAP_CTRL_FINAL) { 4046 if (rx_control & L2CAP_CTRL_FINAL) {
3906 if (pi->conn_state & L2CAP_CONN_REJ_ACT) 4047 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3907 pi->conn_state &= ~L2CAP_CONN_REJ_ACT; 4048 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
@@ -3909,10 +4050,6 @@ expected:
3909 l2cap_retransmit_frames(sk); 4050 l2cap_retransmit_frames(sk);
3910 } 4051 }
3911 4052
3912 err = l2cap_push_rx_skb(sk, skb, rx_control);
3913 if (err < 0)
3914 return 0;
3915
3916 __mod_ack_timer(); 4053 __mod_ack_timer();
3917 4054
3918 pi->num_acked = (pi->num_acked + 1) % num_to_ack; 4055 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
@@ -3930,10 +4067,14 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3930{ 4067{
3931 struct l2cap_pinfo *pi = l2cap_pi(sk); 4068 struct l2cap_pinfo *pi = l2cap_pi(sk);
3932 4069
4070 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4071 rx_control);
4072
3933 pi->expected_ack_seq = __get_reqseq(rx_control); 4073 pi->expected_ack_seq = __get_reqseq(rx_control);
3934 l2cap_drop_acked_frames(sk); 4074 l2cap_drop_acked_frames(sk);
3935 4075
3936 if (rx_control & L2CAP_CTRL_POLL) { 4076 if (rx_control & L2CAP_CTRL_POLL) {
4077 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
3937 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 4078 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3938 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && 4079 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3939 (pi->unacked_frames > 0)) 4080 (pi->unacked_frames > 0))
@@ -3962,9 +4103,7 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
3962 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { 4103 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3963 l2cap_send_ack(pi); 4104 l2cap_send_ack(pi);
3964 } else { 4105 } else {
3965 spin_lock_bh(&pi->send_lock);
3966 l2cap_ertm_send(sk); 4106 l2cap_ertm_send(sk);
3967 spin_unlock_bh(&pi->send_lock);
3968 } 4107 }
3969 } 4108 }
3970} 4109}
@@ -3974,6 +4113,8 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
3974 struct l2cap_pinfo *pi = l2cap_pi(sk); 4113 struct l2cap_pinfo *pi = l2cap_pi(sk);
3975 u8 tx_seq = __get_reqseq(rx_control); 4114 u8 tx_seq = __get_reqseq(rx_control);
3976 4115
4116 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4117
3977 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 4118 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3978 4119
3979 pi->expected_ack_seq = tx_seq; 4120 pi->expected_ack_seq = tx_seq;
@@ -3996,16 +4137,18 @@ static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
3996 struct l2cap_pinfo *pi = l2cap_pi(sk); 4137 struct l2cap_pinfo *pi = l2cap_pi(sk);
3997 u8 tx_seq = __get_reqseq(rx_control); 4138 u8 tx_seq = __get_reqseq(rx_control);
3998 4139
4140 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4141
3999 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 4142 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4000 4143
4001 if (rx_control & L2CAP_CTRL_POLL) { 4144 if (rx_control & L2CAP_CTRL_POLL) {
4002 pi->expected_ack_seq = tx_seq; 4145 pi->expected_ack_seq = tx_seq;
4003 l2cap_drop_acked_frames(sk); 4146 l2cap_drop_acked_frames(sk);
4147
4148 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4004 l2cap_retransmit_one_frame(sk, tx_seq); 4149 l2cap_retransmit_one_frame(sk, tx_seq);
4005 4150
4006 spin_lock_bh(&pi->send_lock);
4007 l2cap_ertm_send(sk); 4151 l2cap_ertm_send(sk);
4008 spin_unlock_bh(&pi->send_lock);
4009 4152
4010 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 4153 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4011 pi->srej_save_reqseq = tx_seq; 4154 pi->srej_save_reqseq = tx_seq;
@@ -4031,10 +4174,15 @@ static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4031 struct l2cap_pinfo *pi = l2cap_pi(sk); 4174 struct l2cap_pinfo *pi = l2cap_pi(sk);
4032 u8 tx_seq = __get_reqseq(rx_control); 4175 u8 tx_seq = __get_reqseq(rx_control);
4033 4176
4177 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4178
4034 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; 4179 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4035 pi->expected_ack_seq = tx_seq; 4180 pi->expected_ack_seq = tx_seq;
4036 l2cap_drop_acked_frames(sk); 4181 l2cap_drop_acked_frames(sk);
4037 4182
4183 if (rx_control & L2CAP_CTRL_POLL)
4184 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4185
4038 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) { 4186 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4039 del_timer(&pi->retrans_timer); 4187 del_timer(&pi->retrans_timer);
4040 if (rx_control & L2CAP_CTRL_POLL) 4188 if (rx_control & L2CAP_CTRL_POLL)
@@ -4082,12 +4230,83 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
4082 return 0; 4230 return 0;
4083} 4231}
4084 4232
4233static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4234{
4235 struct l2cap_pinfo *pi = l2cap_pi(sk);
4236 u16 control;
4237 u8 req_seq;
4238 int len, next_tx_seq_offset, req_seq_offset;
4239
4240 control = get_unaligned_le16(skb->data);
4241 skb_pull(skb, 2);
4242 len = skb->len;
4243
4244 /*
4245 * We can just drop the corrupted I-frame here.
4246 * Receiver will miss it and start proper recovery
4247 * procedures and ask retransmission.
4248 */
4249 if (l2cap_check_fcs(pi, skb))
4250 goto drop;
4251
4252 if (__is_sar_start(control) && __is_iframe(control))
4253 len -= 2;
4254
4255 if (pi->fcs == L2CAP_FCS_CRC16)
4256 len -= 2;
4257
4258 if (len > pi->mps) {
4259 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4260 goto drop;
4261 }
4262
4263 req_seq = __get_reqseq(control);
4264 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4265 if (req_seq_offset < 0)
4266 req_seq_offset += 64;
4267
4268 next_tx_seq_offset =
4269 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4270 if (next_tx_seq_offset < 0)
4271 next_tx_seq_offset += 64;
4272
4273 /* check for invalid req-seq */
4274 if (req_seq_offset > next_tx_seq_offset) {
4275 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4276 goto drop;
4277 }
4278
4279 if (__is_iframe(control)) {
4280 if (len < 0) {
4281 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4282 goto drop;
4283 }
4284
4285 l2cap_data_channel_iframe(sk, control, skb);
4286 } else {
4287 if (len != 0) {
4288 BT_ERR("%d", len);
4289 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4290 goto drop;
4291 }
4292
4293 l2cap_data_channel_sframe(sk, control, skb);
4294 }
4295
4296 return 0;
4297
4298drop:
4299 kfree_skb(skb);
4300 return 0;
4301}
4302
4085static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 4303static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4086{ 4304{
4087 struct sock *sk; 4305 struct sock *sk;
4088 struct l2cap_pinfo *pi; 4306 struct l2cap_pinfo *pi;
4089 u16 control, len; 4307 u16 control;
4090 u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset; 4308 u8 tx_seq;
4309 int len;
4091 4310
4092 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4311 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4093 if (!sk) { 4312 if (!sk) {
@@ -4117,59 +4336,11 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4117 break; 4336 break;
4118 4337
4119 case L2CAP_MODE_ERTM: 4338 case L2CAP_MODE_ERTM:
4120 control = get_unaligned_le16(skb->data); 4339 if (!sock_owned_by_user(sk)) {
4121 skb_pull(skb, 2); 4340 l2cap_ertm_data_rcv(sk, skb);
4122 len = skb->len;
4123
4124 if (__is_sar_start(control))
4125 len -= 2;
4126
4127 if (pi->fcs == L2CAP_FCS_CRC16)
4128 len -= 2;
4129
4130 /*
4131 * We can just drop the corrupted I-frame here.
4132 * Receiver will miss it and start proper recovery
4133 * procedures and ask retransmission.
4134 */
4135 if (len > pi->mps) {
4136 l2cap_send_disconn_req(pi->conn, sk);
4137 goto drop;
4138 }
4139
4140 if (l2cap_check_fcs(pi, skb))
4141 goto drop;
4142
4143 req_seq = __get_reqseq(control);
4144 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4145 if (req_seq_offset < 0)
4146 req_seq_offset += 64;
4147
4148 next_tx_seq_offset =
4149 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4150 if (next_tx_seq_offset < 0)
4151 next_tx_seq_offset += 64;
4152
4153 /* check for invalid req-seq */
4154 if (req_seq_offset > next_tx_seq_offset) {
4155 l2cap_send_disconn_req(pi->conn, sk);
4156 goto drop;
4157 }
4158
4159 if (__is_iframe(control)) {
4160 if (len < 4) {
4161 l2cap_send_disconn_req(pi->conn, sk);
4162 goto drop;
4163 }
4164
4165 l2cap_data_channel_iframe(sk, control, skb);
4166 } else { 4341 } else {
4167 if (len != 0) { 4342 if (sk_add_backlog(sk, skb))
4168 l2cap_send_disconn_req(pi->conn, sk);
4169 goto drop; 4343 goto drop;
4170 }
4171
4172 l2cap_data_channel_sframe(sk, control, skb);
4173 } 4344 }
4174 4345
4175 goto done; 4346 goto done;
@@ -4179,16 +4350,16 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4179 skb_pull(skb, 2); 4350 skb_pull(skb, 2);
4180 len = skb->len; 4351 len = skb->len;
4181 4352
4353 if (l2cap_check_fcs(pi, skb))
4354 goto drop;
4355
4182 if (__is_sar_start(control)) 4356 if (__is_sar_start(control))
4183 len -= 2; 4357 len -= 2;
4184 4358
4185 if (pi->fcs == L2CAP_FCS_CRC16) 4359 if (pi->fcs == L2CAP_FCS_CRC16)
4186 len -= 2; 4360 len -= 2;
4187 4361
4188 if (len > pi->mps || len < 4 || __is_sframe(control)) 4362 if (len > pi->mps || len < 0 || __is_sframe(control))
4189 goto drop;
4190
4191 if (l2cap_check_fcs(pi, skb))
4192 goto drop; 4363 goto drop;
4193 4364
4194 tx_seq = __get_txseq(control); 4365 tx_seq = __get_txseq(control);
@@ -4288,7 +4459,7 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4288 struct hlist_node *node; 4459 struct hlist_node *node;
4289 4460
4290 if (type != ACL_LINK) 4461 if (type != ACL_LINK)
4291 return 0; 4462 return -EINVAL;
4292 4463
4293 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 4464 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4294 4465
@@ -4321,7 +4492,7 @@ static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4321 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 4492 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4322 4493
4323 if (hcon->type != ACL_LINK) 4494 if (hcon->type != ACL_LINK)
4324 return 0; 4495 return -EINVAL;
4325 4496
4326 if (!status) { 4497 if (!status) {
4327 conn = l2cap_conn_add(hcon, status); 4498 conn = l2cap_conn_add(hcon, status);
@@ -4350,7 +4521,7 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4350 BT_DBG("hcon %p reason %d", hcon, reason); 4521 BT_DBG("hcon %p reason %d", hcon, reason);
4351 4522
4352 if (hcon->type != ACL_LINK) 4523 if (hcon->type != ACL_LINK)
4353 return 0; 4524 return -EINVAL;
4354 4525
4355 l2cap_conn_del(hcon, bt_err(reason)); 4526 l2cap_conn_del(hcon, bt_err(reason));
4356 4527
@@ -4679,14 +4850,8 @@ EXPORT_SYMBOL(l2cap_load);
4679module_init(l2cap_init); 4850module_init(l2cap_init);
4680module_exit(l2cap_exit); 4851module_exit(l2cap_exit);
4681 4852
4682module_param(enable_ertm, bool, 0644); 4853module_param(disable_ertm, bool, 0644);
4683MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode"); 4854MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4684
4685module_param(max_transmit, uint, 0644);
4686MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4687
4688module_param(tx_window, uint, 0644);
4689MODULE_PARM_DESC(tx_window, "Transmission window size value (default = 63)");
4690 4855
4691MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4856MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4692MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 4857MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 43fbf6b4b4bf..44a623275951 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -1152,7 +1152,7 @@ error:
1152 return err; 1152 return err;
1153} 1153}
1154 1154
1155void rfcomm_cleanup_sockets(void) 1155void __exit rfcomm_cleanup_sockets(void)
1156{ 1156{
1157 debugfs_remove(rfcomm_sock_debugfs); 1157 debugfs_remove(rfcomm_sock_debugfs);
1158 1158
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 309b6c261b25..026205c18b78 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -1153,7 +1153,7 @@ static const struct tty_operations rfcomm_ops = {
1153 .tiocmset = rfcomm_tty_tiocmset, 1153 .tiocmset = rfcomm_tty_tiocmset,
1154}; 1154};
1155 1155
1156int rfcomm_init_ttys(void) 1156int __init rfcomm_init_ttys(void)
1157{ 1157{
1158 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1158 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1159 if (!rfcomm_tty_driver) 1159 if (!rfcomm_tty_driver)
@@ -1183,7 +1183,7 @@ int rfcomm_init_ttys(void)
1183 return 0; 1183 return 0;
1184} 1184}
1185 1185
1186void rfcomm_cleanup_ttys(void) 1186void __exit rfcomm_cleanup_ttys(void)
1187{ 1187{
1188 tty_unregister_driver(rfcomm_tty_driver); 1188 tty_unregister_driver(rfcomm_tty_driver);
1189 put_tty_driver(rfcomm_tty_driver); 1189 put_tty_driver(rfcomm_tty_driver);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-29 18:37:47 -0500