2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core and sockets. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
58 #define VERSION "2.15"
60 static int disable_ertm = 0;
62 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
63 static u8 l2cap_fixed_chan[8] = { 0x02, };
65 static const struct proto_ops l2cap_sock_ops;
67 static struct workqueue_struct *_busy_wq;
69 static struct bt_sock_list l2cap_sk_list = {
70 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
73 static void l2cap_busy_work(struct work_struct *work);
75 static void __l2cap_sock_close(struct sock *sk, int reason);
76 static void l2cap_sock_close(struct sock *sk);
77 static void l2cap_sock_kill(struct sock *sk);
79 static int l2cap_build_conf_req(struct sock *sk, void *data);
80 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
81 u8 code, u8 ident, u16 dlen, void *data);
83 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
85 /* ---- L2CAP timers ---- */
86 static void l2cap_sock_timeout(unsigned long arg)
88 struct sock *sk = (struct sock *) arg;
91 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
96 reason = ECONNREFUSED;
97 else if (sk->sk_state == BT_CONNECT &&
98 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
99 reason = ECONNREFUSED;
103 __l2cap_sock_close(sk, reason);
111 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
113 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
114 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
117 static void l2cap_sock_clear_timer(struct sock *sk)
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 sk_stop_timer(sk, &sk->sk_timer);
123 /* ---- L2CAP channels ---- */
124 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
127 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
128 if (l2cap_pi(s)->dcid == cid)
134 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
137 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
138 if (l2cap_pi(s)->scid == cid)
144 /* Find channel with given SCID.
145 * Returns locked socket */
146 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
150 s = __l2cap_get_chan_by_scid(l, cid);
153 read_unlock(&l->lock);
157 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
160 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
161 if (l2cap_pi(s)->ident == ident)
167 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
171 s = __l2cap_get_chan_by_ident(l, ident);
174 read_unlock(&l->lock);
178 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
180 u16 cid = L2CAP_CID_DYN_START;
182 for (; cid < L2CAP_CID_DYN_END; cid++) {
183 if (!__l2cap_get_chan_by_scid(l, cid))
190 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
195 l2cap_pi(l->head)->prev_c = sk;
197 l2cap_pi(sk)->next_c = l->head;
198 l2cap_pi(sk)->prev_c = NULL;
202 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
204 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
206 write_lock_bh(&l->lock);
211 l2cap_pi(next)->prev_c = prev;
213 l2cap_pi(prev)->next_c = next;
214 write_unlock_bh(&l->lock);
219 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
221 struct l2cap_chan_list *l = &conn->chan_list;
223 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
224 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
226 conn->disc_reason = 0x13;
228 l2cap_pi(sk)->conn = conn;
230 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
231 /* Alloc CID for connection-oriented socket */
232 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
233 } else if (sk->sk_type == SOCK_DGRAM) {
234 /* Connectionless socket */
235 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
236 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
237 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
239 /* Raw socket can send/recv signalling messages only */
240 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
241 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
242 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
245 __l2cap_chan_link(l, sk);
248 bt_accept_enqueue(parent, sk);
252 * Must be called on the locked socket. */
253 static void l2cap_chan_del(struct sock *sk, int err)
255 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
256 struct sock *parent = bt_sk(sk)->parent;
258 l2cap_sock_clear_timer(sk);
260 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
263 /* Unlink from channel list */
264 l2cap_chan_unlink(&conn->chan_list, sk);
265 l2cap_pi(sk)->conn = NULL;
266 hci_conn_put(conn->hcon);
269 sk->sk_state = BT_CLOSED;
270 sock_set_flag(sk, SOCK_ZAPPED);
276 bt_accept_unlink(sk);
277 parent->sk_data_ready(parent, 0);
279 sk->sk_state_change(sk);
281 skb_queue_purge(TX_QUEUE(sk));
283 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
284 struct srej_list *l, *tmp;
286 del_timer(&l2cap_pi(sk)->retrans_timer);
287 del_timer(&l2cap_pi(sk)->monitor_timer);
288 del_timer(&l2cap_pi(sk)->ack_timer);
290 skb_queue_purge(SREJ_QUEUE(sk));
291 skb_queue_purge(BUSY_QUEUE(sk));
293 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
300 /* Service level security */
301 static inline int l2cap_check_security(struct sock *sk)
303 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
306 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
307 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
308 auth_type = HCI_AT_NO_BONDING_MITM;
310 auth_type = HCI_AT_NO_BONDING;
312 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
313 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
315 switch (l2cap_pi(sk)->sec_level) {
316 case BT_SECURITY_HIGH:
317 auth_type = HCI_AT_GENERAL_BONDING_MITM;
319 case BT_SECURITY_MEDIUM:
320 auth_type = HCI_AT_GENERAL_BONDING;
323 auth_type = HCI_AT_NO_BONDING;
328 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
332 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
336 /* Get next available identificator.
337 * 1 - 128 are used by kernel.
338 * 129 - 199 are reserved.
339 * 200 - 254 are used by utilities like l2ping, etc.
342 spin_lock_bh(&conn->lock);
344 if (++conn->tx_ident > 128)
349 spin_unlock_bh(&conn->lock);
354 static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
356 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
358 BT_DBG("code 0x%2.2x", code);
363 hci_send_acl(conn->hcon, skb, 0);
366 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
369 struct l2cap_hdr *lh;
370 struct l2cap_conn *conn = pi->conn;
371 struct sock *sk = (struct sock *)pi;
372 int count, hlen = L2CAP_HDR_SIZE + 2;
374 if (sk->sk_state != BT_CONNECTED)
377 if (pi->fcs == L2CAP_FCS_CRC16)
380 BT_DBG("pi %p, control 0x%2.2x", pi, control);
382 count = min_t(unsigned int, conn->mtu, hlen);
383 control |= L2CAP_CTRL_FRAME_TYPE;
385 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
386 control |= L2CAP_CTRL_FINAL;
387 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
390 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
391 control |= L2CAP_CTRL_POLL;
392 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
395 skb = bt_skb_alloc(count, GFP_ATOMIC);
399 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
400 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
401 lh->cid = cpu_to_le16(pi->dcid);
402 put_unaligned_le16(control, skb_put(skb, 2));
404 if (pi->fcs == L2CAP_FCS_CRC16) {
405 u16 fcs = crc16(0, (u8 *)lh, count - 2);
406 put_unaligned_le16(fcs, skb_put(skb, 2));
409 hci_send_acl(pi->conn->hcon, skb, 0);
412 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
414 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
415 control |= L2CAP_SUPER_RCV_NOT_READY;
416 pi->conn_state |= L2CAP_CONN_RNR_SENT;
418 control |= L2CAP_SUPER_RCV_READY;
420 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
422 l2cap_send_sframe(pi, control);
425 static inline int __l2cap_no_conn_pending(struct sock *sk)
427 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
430 static void l2cap_do_start(struct sock *sk)
432 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
434 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
435 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
438 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
439 struct l2cap_conn_req req;
440 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
441 req.psm = l2cap_pi(sk)->psm;
443 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
444 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
446 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
447 L2CAP_CONN_REQ, sizeof(req), &req);
450 struct l2cap_info_req req;
451 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
453 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
454 conn->info_ident = l2cap_get_ident(conn);
456 mod_timer(&conn->info_timer, jiffies +
457 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
459 l2cap_send_cmd(conn, conn->info_ident,
460 L2CAP_INFO_REQ, sizeof(req), &req);
464 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
466 u32 local_feat_mask = l2cap_feat_mask;
468 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
471 case L2CAP_MODE_ERTM:
472 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
473 case L2CAP_MODE_STREAMING:
474 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
480 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
482 struct l2cap_disconn_req req;
487 skb_queue_purge(TX_QUEUE(sk));
489 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
490 del_timer(&l2cap_pi(sk)->retrans_timer);
491 del_timer(&l2cap_pi(sk)->monitor_timer);
492 del_timer(&l2cap_pi(sk)->ack_timer);
495 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
496 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
497 l2cap_send_cmd(conn, l2cap_get_ident(conn),
498 L2CAP_DISCONN_REQ, sizeof(req), &req);
500 sk->sk_state = BT_DISCONN;
504 /* ---- L2CAP connections ---- */
505 static void l2cap_conn_start(struct l2cap_conn *conn)
507 struct l2cap_chan_list *l = &conn->chan_list;
508 struct sock_del_list del, *tmp1, *tmp2;
511 BT_DBG("conn %p", conn);
513 INIT_LIST_HEAD(&del.list);
517 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
520 if (sk->sk_type != SOCK_SEQPACKET &&
521 sk->sk_type != SOCK_STREAM) {
526 if (sk->sk_state == BT_CONNECT) {
527 struct l2cap_conn_req req;
529 if (!l2cap_check_security(sk) ||
530 !__l2cap_no_conn_pending(sk)) {
535 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
537 && l2cap_pi(sk)->conf_state &
538 L2CAP_CONF_STATE2_DEVICE) {
539 tmp1 = kzalloc(sizeof(struct sock_del_list),
542 list_add_tail(&tmp1->list, &del.list);
547 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
548 req.psm = l2cap_pi(sk)->psm;
550 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
551 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
553 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
554 L2CAP_CONN_REQ, sizeof(req), &req);
556 } else if (sk->sk_state == BT_CONNECT2) {
557 struct l2cap_conn_rsp rsp;
559 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
560 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
562 if (l2cap_check_security(sk)) {
563 if (bt_sk(sk)->defer_setup) {
564 struct sock *parent = bt_sk(sk)->parent;
565 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
567 parent->sk_data_ready(parent, 0);
570 sk->sk_state = BT_CONFIG;
571 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
572 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
575 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
576 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
579 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
580 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
582 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
583 rsp.result != L2CAP_CR_SUCCESS) {
588 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
589 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
590 l2cap_build_conf_req(sk, buf), buf);
591 l2cap_pi(sk)->num_conf_req++;
597 read_unlock(&l->lock);
599 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
600 bh_lock_sock(tmp1->sk);
601 __l2cap_sock_close(tmp1->sk, ECONNRESET);
602 bh_unlock_sock(tmp1->sk);
603 list_del(&tmp1->list);
608 static void l2cap_conn_ready(struct l2cap_conn *conn)
610 struct l2cap_chan_list *l = &conn->chan_list;
613 BT_DBG("conn %p", conn);
617 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
620 if (sk->sk_type != SOCK_SEQPACKET &&
621 sk->sk_type != SOCK_STREAM) {
622 l2cap_sock_clear_timer(sk);
623 sk->sk_state = BT_CONNECTED;
624 sk->sk_state_change(sk);
625 } else if (sk->sk_state == BT_CONNECT)
631 read_unlock(&l->lock);
634 /* Notify sockets that we cannot guaranty reliability anymore */
635 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
637 struct l2cap_chan_list *l = &conn->chan_list;
640 BT_DBG("conn %p", conn);
644 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
645 if (l2cap_pi(sk)->force_reliable)
649 read_unlock(&l->lock);
652 static void l2cap_info_timeout(unsigned long arg)
654 struct l2cap_conn *conn = (void *) arg;
656 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
657 conn->info_ident = 0;
659 l2cap_conn_start(conn);
662 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
664 struct l2cap_conn *conn = hcon->l2cap_data;
669 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
673 hcon->l2cap_data = conn;
676 BT_DBG("hcon %p conn %p", hcon, conn);
678 conn->mtu = hcon->hdev->acl_mtu;
679 conn->src = &hcon->hdev->bdaddr;
680 conn->dst = &hcon->dst;
684 spin_lock_init(&conn->lock);
685 rwlock_init(&conn->chan_list.lock);
687 setup_timer(&conn->info_timer, l2cap_info_timeout,
688 (unsigned long) conn);
690 conn->disc_reason = 0x13;
695 static void l2cap_conn_del(struct hci_conn *hcon, int err)
697 struct l2cap_conn *conn = hcon->l2cap_data;
703 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
705 kfree_skb(conn->rx_skb);
708 while ((sk = conn->chan_list.head)) {
710 l2cap_chan_del(sk, err);
715 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
716 del_timer_sync(&conn->info_timer);
718 hcon->l2cap_data = NULL;
722 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
724 struct l2cap_chan_list *l = &conn->chan_list;
725 write_lock_bh(&l->lock);
726 __l2cap_chan_add(conn, sk, parent);
727 write_unlock_bh(&l->lock);
730 /* ---- Socket interface ---- */
731 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
734 struct hlist_node *node;
735 sk_for_each(sk, node, &l2cap_sk_list.head)
736 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
743 /* Find socket with psm and source bdaddr.
744 * Returns closest match.
746 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
748 struct sock *sk = NULL, *sk1 = NULL;
749 struct hlist_node *node;
751 sk_for_each(sk, node, &l2cap_sk_list.head) {
752 if (state && sk->sk_state != state)
755 if (l2cap_pi(sk)->psm == psm) {
757 if (!bacmp(&bt_sk(sk)->src, src))
761 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
765 return node ? sk : sk1;
768 /* Find socket with given address (psm, src).
769 * Returns locked socket */
770 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
773 read_lock(&l2cap_sk_list.lock);
774 s = __l2cap_get_sock_by_psm(state, psm, src);
777 read_unlock(&l2cap_sk_list.lock);
781 static void l2cap_sock_destruct(struct sock *sk)
785 skb_queue_purge(&sk->sk_receive_queue);
786 skb_queue_purge(&sk->sk_write_queue);
789 static void l2cap_sock_cleanup_listen(struct sock *parent)
793 BT_DBG("parent %p", parent);
795 /* Close not yet accepted channels */
796 while ((sk = bt_accept_dequeue(parent, NULL)))
797 l2cap_sock_close(sk);
799 parent->sk_state = BT_CLOSED;
800 sock_set_flag(parent, SOCK_ZAPPED);
803 /* Kill socket (only if zapped and orphan)
804 * Must be called on unlocked socket.
806 static void l2cap_sock_kill(struct sock *sk)
808 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
811 BT_DBG("sk %p state %d", sk, sk->sk_state);
813 /* Kill poor orphan */
814 bt_sock_unlink(&l2cap_sk_list, sk);
815 sock_set_flag(sk, SOCK_DEAD);
819 static void __l2cap_sock_close(struct sock *sk, int reason)
821 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
823 switch (sk->sk_state) {
825 l2cap_sock_cleanup_listen(sk);
830 if (sk->sk_type == SOCK_SEQPACKET ||
831 sk->sk_type == SOCK_STREAM) {
832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
835 l2cap_send_disconn_req(conn, sk, reason);
837 l2cap_chan_del(sk, reason);
841 if (sk->sk_type == SOCK_SEQPACKET ||
842 sk->sk_type == SOCK_STREAM) {
843 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
844 struct l2cap_conn_rsp rsp;
847 if (bt_sk(sk)->defer_setup)
848 result = L2CAP_CR_SEC_BLOCK;
850 result = L2CAP_CR_BAD_PSM;
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
854 rsp.result = cpu_to_le16(result);
855 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
856 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
857 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
859 l2cap_chan_del(sk, reason);
864 l2cap_chan_del(sk, reason);
868 sock_set_flag(sk, SOCK_ZAPPED);
873 /* Must be called on unlocked socket. */
874 static void l2cap_sock_close(struct sock *sk)
876 l2cap_sock_clear_timer(sk);
878 __l2cap_sock_close(sk, ECONNRESET);
883 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
885 struct l2cap_pinfo *pi = l2cap_pi(sk);
890 sk->sk_type = parent->sk_type;
891 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
893 pi->imtu = l2cap_pi(parent)->imtu;
894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
896 pi->mode = l2cap_pi(parent)->mode;
897 pi->fcs = l2cap_pi(parent)->fcs;
898 pi->max_tx = l2cap_pi(parent)->max_tx;
899 pi->tx_win = l2cap_pi(parent)->tx_win;
900 pi->sec_level = l2cap_pi(parent)->sec_level;
901 pi->role_switch = l2cap_pi(parent)->role_switch;
902 pi->force_reliable = l2cap_pi(parent)->force_reliable;
904 pi->imtu = L2CAP_DEFAULT_MTU;
906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
907 pi->mode = L2CAP_MODE_ERTM;
908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
910 pi->mode = L2CAP_MODE_BASIC;
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
913 pi->fcs = L2CAP_FCS_CRC16;
914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
915 pi->sec_level = BT_SECURITY_LOW;
917 pi->force_reliable = 0;
920 /* Default config options */
922 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
923 skb_queue_head_init(TX_QUEUE(sk));
924 skb_queue_head_init(SREJ_QUEUE(sk));
925 skb_queue_head_init(BUSY_QUEUE(sk));
926 INIT_LIST_HEAD(SREJ_LIST(sk));
929 static struct proto l2cap_proto = {
931 .owner = THIS_MODULE,
932 .obj_size = sizeof(struct l2cap_pinfo)
935 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
939 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
943 sock_init_data(sock, sk);
944 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
946 sk->sk_destruct = l2cap_sock_destruct;
947 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
949 sock_reset_flag(sk, SOCK_ZAPPED);
951 sk->sk_protocol = proto;
952 sk->sk_state = BT_OPEN;
954 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
956 bt_sock_link(&l2cap_sk_list, sk);
960 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
965 BT_DBG("sock %p", sock);
967 sock->state = SS_UNCONNECTED;
969 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
970 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
971 return -ESOCKTNOSUPPORT;
973 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
976 sock->ops = &l2cap_sock_ops;
978 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
982 l2cap_sock_init(sk, NULL);
986 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
988 struct sock *sk = sock->sk;
989 struct sockaddr_l2 la;
994 if (!addr || addr->sa_family != AF_BLUETOOTH)
997 memset(&la, 0, sizeof(la));
998 len = min_t(unsigned int, sizeof(la), alen);
999 memcpy(&la, addr, len);
1006 if (sk->sk_state != BT_OPEN) {
1011 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
1012 !capable(CAP_NET_BIND_SERVICE)) {
1017 write_lock_bh(&l2cap_sk_list.lock);
1019 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1022 /* Save source address */
1023 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
1024 l2cap_pi(sk)->psm = la.l2_psm;
1025 l2cap_pi(sk)->sport = la.l2_psm;
1026 sk->sk_state = BT_BOUND;
1028 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
1029 __le16_to_cpu(la.l2_psm) == 0x0003)
1030 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1033 write_unlock_bh(&l2cap_sk_list.lock);
1040 static int l2cap_do_connect(struct sock *sk)
1042 bdaddr_t *src = &bt_sk(sk)->src;
1043 bdaddr_t *dst = &bt_sk(sk)->dst;
1044 struct l2cap_conn *conn;
1045 struct hci_conn *hcon;
1046 struct hci_dev *hdev;
1050 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
1053 hdev = hci_get_route(dst, src);
1055 return -EHOSTUNREACH;
1057 hci_dev_lock_bh(hdev);
1061 if (sk->sk_type == SOCK_RAW) {
1062 switch (l2cap_pi(sk)->sec_level) {
1063 case BT_SECURITY_HIGH:
1064 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1066 case BT_SECURITY_MEDIUM:
1067 auth_type = HCI_AT_DEDICATED_BONDING;
1070 auth_type = HCI_AT_NO_BONDING;
1073 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1074 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1075 auth_type = HCI_AT_NO_BONDING_MITM;
1077 auth_type = HCI_AT_NO_BONDING;
1079 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1080 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1082 switch (l2cap_pi(sk)->sec_level) {
1083 case BT_SECURITY_HIGH:
1084 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1086 case BT_SECURITY_MEDIUM:
1087 auth_type = HCI_AT_GENERAL_BONDING;
1090 auth_type = HCI_AT_NO_BONDING;
1095 hcon = hci_connect(hdev, ACL_LINK, dst,
1096 l2cap_pi(sk)->sec_level, auth_type);
1100 conn = l2cap_conn_add(hcon, 0);
1108 /* Update source addr of the socket */
1109 bacpy(src, conn->src);
1111 l2cap_chan_add(conn, sk, NULL);
1113 sk->sk_state = BT_CONNECT;
1114 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1116 if (hcon->state == BT_CONNECTED) {
1117 if (sk->sk_type != SOCK_SEQPACKET &&
1118 sk->sk_type != SOCK_STREAM) {
1119 l2cap_sock_clear_timer(sk);
1120 sk->sk_state = BT_CONNECTED;
1126 hci_dev_unlock_bh(hdev);
1131 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1133 struct sock *sk = sock->sk;
1134 struct sockaddr_l2 la;
1137 BT_DBG("sk %p", sk);
1139 if (!addr || alen < sizeof(addr->sa_family) ||
1140 addr->sa_family != AF_BLUETOOTH)
1143 memset(&la, 0, sizeof(la));
1144 len = min_t(unsigned int, sizeof(la), alen);
1145 memcpy(&la, addr, len);
1152 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1158 switch (l2cap_pi(sk)->mode) {
1159 case L2CAP_MODE_BASIC:
1161 case L2CAP_MODE_ERTM:
1162 case L2CAP_MODE_STREAMING:
1171 switch (sk->sk_state) {
1175 /* Already connecting */
1179 /* Already connected */
1193 /* Set destination address and psm */
1194 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1195 l2cap_pi(sk)->psm = la.l2_psm;
1197 err = l2cap_do_connect(sk);
1202 err = bt_sock_wait_state(sk, BT_CONNECTED,
1203 sock_sndtimeo(sk, flags & O_NONBLOCK));
1209 static int l2cap_sock_listen(struct socket *sock, int backlog)
1211 struct sock *sk = sock->sk;
1214 BT_DBG("sk %p backlog %d", sk, backlog);
1218 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1219 || sk->sk_state != BT_BOUND) {
1224 switch (l2cap_pi(sk)->mode) {
1225 case L2CAP_MODE_BASIC:
1227 case L2CAP_MODE_ERTM:
1228 case L2CAP_MODE_STREAMING:
1237 if (!l2cap_pi(sk)->psm) {
1238 bdaddr_t *src = &bt_sk(sk)->src;
1243 write_lock_bh(&l2cap_sk_list.lock);
1245 for (psm = 0x1001; psm < 0x1100; psm += 2)
1246 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1247 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1248 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1253 write_unlock_bh(&l2cap_sk_list.lock);
1259 sk->sk_max_ack_backlog = backlog;
1260 sk->sk_ack_backlog = 0;
1261 sk->sk_state = BT_LISTEN;
1268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1270 DECLARE_WAITQUEUE(wait, current);
1271 struct sock *sk = sock->sk, *nsk;
1275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1277 if (sk->sk_state != BT_LISTEN) {
1282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1284 BT_DBG("sk %p timeo %ld", sk, timeo);
1286 /* Wait for an incoming connection. (wake-one). */
1287 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1288 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1289 set_current_state(TASK_INTERRUPTIBLE);
1296 timeo = schedule_timeout(timeo);
1297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1299 if (sk->sk_state != BT_LISTEN) {
1304 if (signal_pending(current)) {
1305 err = sock_intr_errno(timeo);
1309 set_current_state(TASK_RUNNING);
1310 remove_wait_queue(sk_sleep(sk), &wait);
1315 newsock->state = SS_CONNECTED;
1317 BT_DBG("new socket %p", nsk);
1324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1327 struct sock *sk = sock->sk;
1329 BT_DBG("sock %p, sk %p", sock, sk);
1331 addr->sa_family = AF_BLUETOOTH;
1332 *len = sizeof(struct sockaddr_l2);
1335 la->l2_psm = l2cap_pi(sk)->psm;
1336 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1337 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1339 la->l2_psm = l2cap_pi(sk)->sport;
1340 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1341 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1347 static int __l2cap_wait_ack(struct sock *sk)
1349 DECLARE_WAITQUEUE(wait, current);
1353 add_wait_queue(sk_sleep(sk), &wait);
1354 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1355 set_current_state(TASK_INTERRUPTIBLE);
1360 if (signal_pending(current)) {
1361 err = sock_intr_errno(timeo);
1366 timeo = schedule_timeout(timeo);
1369 err = sock_error(sk);
1373 set_current_state(TASK_RUNNING);
1374 remove_wait_queue(sk_sleep(sk), &wait);
1378 static void l2cap_monitor_timeout(unsigned long arg)
1380 struct sock *sk = (void *) arg;
1382 BT_DBG("sk %p", sk);
1385 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1386 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1391 l2cap_pi(sk)->retry_count++;
1392 __mod_monitor_timer();
1394 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1398 static void l2cap_retrans_timeout(unsigned long arg)
1400 struct sock *sk = (void *) arg;
1402 BT_DBG("sk %p", sk);
1405 l2cap_pi(sk)->retry_count = 1;
1406 __mod_monitor_timer();
1408 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1410 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1414 static void l2cap_drop_acked_frames(struct sock *sk)
1416 struct sk_buff *skb;
1418 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1419 l2cap_pi(sk)->unacked_frames) {
1420 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1423 skb = skb_dequeue(TX_QUEUE(sk));
1426 l2cap_pi(sk)->unacked_frames--;
1429 if (!l2cap_pi(sk)->unacked_frames)
1430 del_timer(&l2cap_pi(sk)->retrans_timer);
1433 static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1435 struct l2cap_pinfo *pi = l2cap_pi(sk);
1437 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1439 hci_send_acl(pi->conn->hcon, skb, 0);
1442 static void l2cap_streaming_send(struct sock *sk)
1444 struct sk_buff *skb, *tx_skb;
1445 struct l2cap_pinfo *pi = l2cap_pi(sk);
1448 while ((skb = sk->sk_send_head)) {
1449 tx_skb = skb_clone(skb, GFP_ATOMIC);
1451 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1452 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1453 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1455 if (pi->fcs == L2CAP_FCS_CRC16) {
1456 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1457 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1460 l2cap_do_send(sk, tx_skb);
1462 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1464 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1465 sk->sk_send_head = NULL;
1467 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1469 skb = skb_dequeue(TX_QUEUE(sk));
1474 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1476 struct l2cap_pinfo *pi = l2cap_pi(sk);
1477 struct sk_buff *skb, *tx_skb;
1480 skb = skb_peek(TX_QUEUE(sk));
1485 if (bt_cb(skb)->tx_seq == tx_seq)
1488 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1491 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1493 if (pi->remote_max_tx &&
1494 bt_cb(skb)->retries == pi->remote_max_tx) {
1495 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1499 tx_skb = skb_clone(skb, GFP_ATOMIC);
1500 bt_cb(skb)->retries++;
1501 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1503 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1504 control |= L2CAP_CTRL_FINAL;
1505 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1508 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1509 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1511 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1513 if (pi->fcs == L2CAP_FCS_CRC16) {
1514 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1515 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1518 l2cap_do_send(sk, tx_skb);
1521 static int l2cap_ertm_send(struct sock *sk)
1523 struct sk_buff *skb, *tx_skb;
1524 struct l2cap_pinfo *pi = l2cap_pi(sk);
1528 if (sk->sk_state != BT_CONNECTED)
1531 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1533 if (pi->remote_max_tx &&
1534 bt_cb(skb)->retries == pi->remote_max_tx) {
1535 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1539 tx_skb = skb_clone(skb, GFP_ATOMIC);
1541 bt_cb(skb)->retries++;
1543 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1544 control &= L2CAP_CTRL_SAR;
1546 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1547 control |= L2CAP_CTRL_FINAL;
1548 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1550 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1551 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1552 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1555 if (pi->fcs == L2CAP_FCS_CRC16) {
1556 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1557 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1560 l2cap_do_send(sk, tx_skb);
1562 __mod_retrans_timer();
1564 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1565 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1567 pi->unacked_frames++;
1570 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1571 sk->sk_send_head = NULL;
1573 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1581 static int l2cap_retransmit_frames(struct sock *sk)
1583 struct l2cap_pinfo *pi = l2cap_pi(sk);
1586 if (!skb_queue_empty(TX_QUEUE(sk)))
1587 sk->sk_send_head = TX_QUEUE(sk)->next;
1589 pi->next_tx_seq = pi->expected_ack_seq;
1590 ret = l2cap_ertm_send(sk);
1594 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1596 struct sock *sk = (struct sock *)pi;
1599 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1601 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1602 control |= L2CAP_SUPER_RCV_NOT_READY;
1603 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1604 l2cap_send_sframe(pi, control);
1608 if (l2cap_ertm_send(sk) > 0)
1611 control |= L2CAP_SUPER_RCV_READY;
1612 l2cap_send_sframe(pi, control);
1615 static void l2cap_send_srejtail(struct sock *sk)
1617 struct srej_list *tail;
1620 control = L2CAP_SUPER_SELECT_REJECT;
1621 control |= L2CAP_CTRL_FINAL;
1623 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1624 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1626 l2cap_send_sframe(l2cap_pi(sk), control);
1629 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1631 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1632 struct sk_buff **frag;
1635 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1641 /* Continuation fragments (no L2CAP header) */
1642 frag = &skb_shinfo(skb)->frag_list;
1644 count = min_t(unsigned int, conn->mtu, len);
1646 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1649 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1655 frag = &(*frag)->next;
1661 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1663 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1664 struct sk_buff *skb;
1665 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1666 struct l2cap_hdr *lh;
1668 BT_DBG("sk %p len %d", sk, (int)len);
1670 count = min_t(unsigned int, (conn->mtu - hlen), len);
1671 skb = bt_skb_send_alloc(sk, count + hlen,
1672 msg->msg_flags & MSG_DONTWAIT, &err);
1674 return ERR_PTR(-ENOMEM);
1676 /* Create L2CAP header */
1677 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1678 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1679 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1680 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1682 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1683 if (unlikely(err < 0)) {
1685 return ERR_PTR(err);
1690 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1692 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1693 struct sk_buff *skb;
1694 int err, count, hlen = L2CAP_HDR_SIZE;
1695 struct l2cap_hdr *lh;
1697 BT_DBG("sk %p len %d", sk, (int)len);
1699 count = min_t(unsigned int, (conn->mtu - hlen), len);
1700 skb = bt_skb_send_alloc(sk, count + hlen,
1701 msg->msg_flags & MSG_DONTWAIT, &err);
1703 return ERR_PTR(-ENOMEM);
1705 /* Create L2CAP header */
1706 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1707 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1708 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1710 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1711 if (unlikely(err < 0)) {
1713 return ERR_PTR(err);
1718 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1720 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1721 struct sk_buff *skb;
1722 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1723 struct l2cap_hdr *lh;
1725 BT_DBG("sk %p len %d", sk, (int)len);
1728 return ERR_PTR(-ENOTCONN);
1733 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1736 count = min_t(unsigned int, (conn->mtu - hlen), len);
1737 skb = bt_skb_send_alloc(sk, count + hlen,
1738 msg->msg_flags & MSG_DONTWAIT, &err);
1740 return ERR_PTR(-ENOMEM);
1742 /* Create L2CAP header */
1743 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1744 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1745 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1746 put_unaligned_le16(control, skb_put(skb, 2));
1748 put_unaligned_le16(sdulen, skb_put(skb, 2));
1750 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1751 if (unlikely(err < 0)) {
1753 return ERR_PTR(err);
1756 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1757 put_unaligned_le16(0, skb_put(skb, 2));
1759 bt_cb(skb)->retries = 0;
1763 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1765 struct l2cap_pinfo *pi = l2cap_pi(sk);
1766 struct sk_buff *skb;
1767 struct sk_buff_head sar_queue;
1771 skb_queue_head_init(&sar_queue);
1772 control = L2CAP_SDU_START;
1773 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1775 return PTR_ERR(skb);
1777 __skb_queue_tail(&sar_queue, skb);
1778 len -= pi->remote_mps;
1779 size += pi->remote_mps;
1784 if (len > pi->remote_mps) {
1785 control = L2CAP_SDU_CONTINUE;
1786 buflen = pi->remote_mps;
1788 control = L2CAP_SDU_END;
1792 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1794 skb_queue_purge(&sar_queue);
1795 return PTR_ERR(skb);
1798 __skb_queue_tail(&sar_queue, skb);
1802 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1803 if (sk->sk_send_head == NULL)
1804 sk->sk_send_head = sar_queue.next;
1809 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1811 struct sock *sk = sock->sk;
1812 struct l2cap_pinfo *pi = l2cap_pi(sk);
1813 struct sk_buff *skb;
1817 BT_DBG("sock %p, sk %p", sock, sk);
1819 err = sock_error(sk);
1823 if (msg->msg_flags & MSG_OOB)
1828 if (sk->sk_state != BT_CONNECTED) {
1833 /* Connectionless channel */
1834 if (sk->sk_type == SOCK_DGRAM) {
1835 skb = l2cap_create_connless_pdu(sk, msg, len);
1839 l2cap_do_send(sk, skb);
1846 case L2CAP_MODE_BASIC:
1847 /* Check outgoing MTU */
1848 if (len > pi->omtu) {
1853 /* Create a basic PDU */
1854 skb = l2cap_create_basic_pdu(sk, msg, len);
1860 l2cap_do_send(sk, skb);
1864 case L2CAP_MODE_ERTM:
1865 case L2CAP_MODE_STREAMING:
1866 /* Entire SDU fits into one PDU */
1867 if (len <= pi->remote_mps) {
1868 control = L2CAP_SDU_UNSEGMENTED;
1869 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1874 __skb_queue_tail(TX_QUEUE(sk), skb);
1876 if (sk->sk_send_head == NULL)
1877 sk->sk_send_head = skb;
1880 /* Segment SDU into multiples PDUs */
1881 err = l2cap_sar_segment_sdu(sk, msg, len);
1886 if (pi->mode == L2CAP_MODE_STREAMING) {
1887 l2cap_streaming_send(sk);
1889 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1890 pi->conn_state && L2CAP_CONN_WAIT_F) {
1894 err = l2cap_ertm_send(sk);
1902 BT_DBG("bad state %1.1x", pi->mode);
1911 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1913 struct sock *sk = sock->sk;
1917 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1918 struct l2cap_conn_rsp rsp;
1919 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1922 sk->sk_state = BT_CONFIG;
1924 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1925 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1926 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1927 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1928 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1929 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1931 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1936 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1937 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1938 l2cap_build_conf_req(sk, buf), buf);
1939 l2cap_pi(sk)->num_conf_req++;
1947 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1950 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1952 struct sock *sk = sock->sk;
1953 struct l2cap_options opts;
1957 BT_DBG("sk %p", sk);
1963 opts.imtu = l2cap_pi(sk)->imtu;
1964 opts.omtu = l2cap_pi(sk)->omtu;
1965 opts.flush_to = l2cap_pi(sk)->flush_to;
1966 opts.mode = l2cap_pi(sk)->mode;
1967 opts.fcs = l2cap_pi(sk)->fcs;
1968 opts.max_tx = l2cap_pi(sk)->max_tx;
1969 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1971 len = min_t(unsigned int, sizeof(opts), optlen);
1972 if (copy_from_user((char *) &opts, optval, len)) {
1977 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1982 l2cap_pi(sk)->mode = opts.mode;
1983 switch (l2cap_pi(sk)->mode) {
1984 case L2CAP_MODE_BASIC:
1985 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
1987 case L2CAP_MODE_ERTM:
1988 case L2CAP_MODE_STREAMING:
1997 l2cap_pi(sk)->imtu = opts.imtu;
1998 l2cap_pi(sk)->omtu = opts.omtu;
1999 l2cap_pi(sk)->fcs = opts.fcs;
2000 l2cap_pi(sk)->max_tx = opts.max_tx;
2001 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
2005 if (get_user(opt, (u32 __user *) optval)) {
2010 if (opt & L2CAP_LM_AUTH)
2011 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
2012 if (opt & L2CAP_LM_ENCRYPT)
2013 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
2014 if (opt & L2CAP_LM_SECURE)
2015 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
2017 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
2018 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
2030 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
2032 struct sock *sk = sock->sk;
2033 struct bt_security sec;
2037 BT_DBG("sk %p", sk);
2039 if (level == SOL_L2CAP)
2040 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
2042 if (level != SOL_BLUETOOTH)
2043 return -ENOPROTOOPT;
2049 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2050 && sk->sk_type != SOCK_RAW) {
2055 sec.level = BT_SECURITY_LOW;
2057 len = min_t(unsigned int, sizeof(sec), optlen);
2058 if (copy_from_user((char *) &sec, optval, len)) {
2063 if (sec.level < BT_SECURITY_LOW ||
2064 sec.level > BT_SECURITY_HIGH) {
2069 l2cap_pi(sk)->sec_level = sec.level;
2072 case BT_DEFER_SETUP:
2073 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2078 if (get_user(opt, (u32 __user *) optval)) {
2083 bt_sk(sk)->defer_setup = opt;
2095 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
2097 struct sock *sk = sock->sk;
2098 struct l2cap_options opts;
2099 struct l2cap_conninfo cinfo;
2103 BT_DBG("sk %p", sk);
2105 if (get_user(len, optlen))
2112 opts.imtu = l2cap_pi(sk)->imtu;
2113 opts.omtu = l2cap_pi(sk)->omtu;
2114 opts.flush_to = l2cap_pi(sk)->flush_to;
2115 opts.mode = l2cap_pi(sk)->mode;
2116 opts.fcs = l2cap_pi(sk)->fcs;
2117 opts.max_tx = l2cap_pi(sk)->max_tx;
2118 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
2120 len = min_t(unsigned int, len, sizeof(opts));
2121 if (copy_to_user(optval, (char *) &opts, len))
2127 switch (l2cap_pi(sk)->sec_level) {
2128 case BT_SECURITY_LOW:
2129 opt = L2CAP_LM_AUTH;
2131 case BT_SECURITY_MEDIUM:
2132 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
2134 case BT_SECURITY_HIGH:
2135 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2143 if (l2cap_pi(sk)->role_switch)
2144 opt |= L2CAP_LM_MASTER;
2146 if (l2cap_pi(sk)->force_reliable)
2147 opt |= L2CAP_LM_RELIABLE;
2149 if (put_user(opt, (u32 __user *) optval))
2153 case L2CAP_CONNINFO:
2154 if (sk->sk_state != BT_CONNECTED &&
2155 !(sk->sk_state == BT_CONNECT2 &&
2156 bt_sk(sk)->defer_setup)) {
2161 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
2162 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
2164 len = min_t(unsigned int, len, sizeof(cinfo));
2165 if (copy_to_user(optval, (char *) &cinfo, len))
2179 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
2181 struct sock *sk = sock->sk;
2182 struct bt_security sec;
2185 BT_DBG("sk %p", sk);
2187 if (level == SOL_L2CAP)
2188 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
2190 if (level != SOL_BLUETOOTH)
2191 return -ENOPROTOOPT;
2193 if (get_user(len, optlen))
2200 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2201 && sk->sk_type != SOCK_RAW) {
2206 sec.level = l2cap_pi(sk)->sec_level;
2208 len = min_t(unsigned int, len, sizeof(sec));
2209 if (copy_to_user(optval, (char *) &sec, len))
2214 case BT_DEFER_SETUP:
2215 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2220 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2234 static int l2cap_sock_shutdown(struct socket *sock, int how)
2236 struct sock *sk = sock->sk;
2239 BT_DBG("sock %p, sk %p", sock, sk);
2245 if (!sk->sk_shutdown) {
2246 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2247 err = __l2cap_wait_ack(sk);
2249 sk->sk_shutdown = SHUTDOWN_MASK;
2250 l2cap_sock_clear_timer(sk);
2251 __l2cap_sock_close(sk, 0);
2253 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2254 err = bt_sock_wait_state(sk, BT_CLOSED,
2258 if (!err && sk->sk_err)
2265 static int l2cap_sock_release(struct socket *sock)
2267 struct sock *sk = sock->sk;
2270 BT_DBG("sock %p, sk %p", sock, sk);
2275 err = l2cap_sock_shutdown(sock, 2);
2278 l2cap_sock_kill(sk);
2282 static void l2cap_chan_ready(struct sock *sk)
2284 struct sock *parent = bt_sk(sk)->parent;
2286 BT_DBG("sk %p, parent %p", sk, parent);
2288 l2cap_pi(sk)->conf_state = 0;
2289 l2cap_sock_clear_timer(sk);
2292 /* Outgoing channel.
2293 * Wake up socket sleeping on connect.
2295 sk->sk_state = BT_CONNECTED;
2296 sk->sk_state_change(sk);
2298 /* Incoming channel.
2299 * Wake up socket sleeping on accept.
2301 parent->sk_data_ready(parent, 0);
2305 /* Copy frame to all raw sockets on that connection */
2306 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2308 struct l2cap_chan_list *l = &conn->chan_list;
2309 struct sk_buff *nskb;
2312 BT_DBG("conn %p", conn);
2314 read_lock(&l->lock);
2315 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2316 if (sk->sk_type != SOCK_RAW)
2319 /* Don't send frame to the socket it came from */
2322 nskb = skb_clone(skb, GFP_ATOMIC);
2326 if (sock_queue_rcv_skb(sk, nskb))
2329 read_unlock(&l->lock);
2332 /* ---- L2CAP signalling commands ---- */
2333 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2334 u8 code, u8 ident, u16 dlen, void *data)
2336 struct sk_buff *skb, **frag;
2337 struct l2cap_cmd_hdr *cmd;
2338 struct l2cap_hdr *lh;
2341 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2342 conn, code, ident, dlen);
2344 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2345 count = min_t(unsigned int, conn->mtu, len);
2347 skb = bt_skb_alloc(count, GFP_ATOMIC);
2351 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2352 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2353 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2355 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2358 cmd->len = cpu_to_le16(dlen);
2361 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2362 memcpy(skb_put(skb, count), data, count);
2368 /* Continuation fragments (no L2CAP header) */
2369 frag = &skb_shinfo(skb)->frag_list;
2371 count = min_t(unsigned int, conn->mtu, len);
2373 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2377 memcpy(skb_put(*frag, count), data, count);
2382 frag = &(*frag)->next;
2392 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2394 struct l2cap_conf_opt *opt = *ptr;
2397 len = L2CAP_CONF_OPT_SIZE + opt->len;
2405 *val = *((u8 *) opt->val);
2409 *val = __le16_to_cpu(*((__le16 *) opt->val));
2413 *val = __le32_to_cpu(*((__le32 *) opt->val));
2417 *val = (unsigned long) opt->val;
2421 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2425 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2427 struct l2cap_conf_opt *opt = *ptr;
2429 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2436 *((u8 *) opt->val) = val;
2440 *((__le16 *) opt->val) = cpu_to_le16(val);
2444 *((__le32 *) opt->val) = cpu_to_le32(val);
2448 memcpy(opt->val, (void *) val, len);
2452 *ptr += L2CAP_CONF_OPT_SIZE + len;
2455 static void l2cap_ack_timeout(unsigned long arg)
2457 struct sock *sk = (void *) arg;
2460 l2cap_send_ack(l2cap_pi(sk));
2464 static inline void l2cap_ertm_init(struct sock *sk)
2466 l2cap_pi(sk)->expected_ack_seq = 0;
2467 l2cap_pi(sk)->unacked_frames = 0;
2468 l2cap_pi(sk)->buffer_seq = 0;
2469 l2cap_pi(sk)->num_acked = 0;
2470 l2cap_pi(sk)->frames_sent = 0;
2472 setup_timer(&l2cap_pi(sk)->retrans_timer,
2473 l2cap_retrans_timeout, (unsigned long) sk);
2474 setup_timer(&l2cap_pi(sk)->monitor_timer,
2475 l2cap_monitor_timeout, (unsigned long) sk);
2476 setup_timer(&l2cap_pi(sk)->ack_timer,
2477 l2cap_ack_timeout, (unsigned long) sk);
2479 __skb_queue_head_init(SREJ_QUEUE(sk));
2480 __skb_queue_head_init(BUSY_QUEUE(sk));
2482 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2484 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2487 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2490 case L2CAP_MODE_STREAMING:
2491 case L2CAP_MODE_ERTM:
2492 if (l2cap_mode_supported(mode, remote_feat_mask))
2496 return L2CAP_MODE_BASIC;
2500 static int l2cap_build_conf_req(struct sock *sk, void *data)
2502 struct l2cap_pinfo *pi = l2cap_pi(sk);
2503 struct l2cap_conf_req *req = data;
2504 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2505 void *ptr = req->data;
2507 BT_DBG("sk %p", sk);
2509 if (pi->num_conf_req || pi->num_conf_rsp)
2513 case L2CAP_MODE_STREAMING:
2514 case L2CAP_MODE_ERTM:
2515 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2520 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2526 case L2CAP_MODE_BASIC:
2527 if (pi->imtu != L2CAP_DEFAULT_MTU)
2528 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2530 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2531 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
2534 rfc.mode = L2CAP_MODE_BASIC;
2536 rfc.max_transmit = 0;
2537 rfc.retrans_timeout = 0;
2538 rfc.monitor_timeout = 0;
2539 rfc.max_pdu_size = 0;
2541 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2542 (unsigned long) &rfc);
2545 case L2CAP_MODE_ERTM:
2546 rfc.mode = L2CAP_MODE_ERTM;
2547 rfc.txwin_size = pi->tx_win;
2548 rfc.max_transmit = pi->max_tx;
2549 rfc.retrans_timeout = 0;
2550 rfc.monitor_timeout = 0;
2551 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2552 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2553 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2555 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2556 (unsigned long) &rfc);
2558 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2561 if (pi->fcs == L2CAP_FCS_NONE ||
2562 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2563 pi->fcs = L2CAP_FCS_NONE;
2564 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2568 case L2CAP_MODE_STREAMING:
2569 rfc.mode = L2CAP_MODE_STREAMING;
2571 rfc.max_transmit = 0;
2572 rfc.retrans_timeout = 0;
2573 rfc.monitor_timeout = 0;
2574 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2575 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2576 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2578 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2579 (unsigned long) &rfc);
2581 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2584 if (pi->fcs == L2CAP_FCS_NONE ||
2585 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2586 pi->fcs = L2CAP_FCS_NONE;
2587 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2592 /* FIXME: Need actual value of the flush timeout */
2593 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2594 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2596 req->dcid = cpu_to_le16(pi->dcid);
2597 req->flags = cpu_to_le16(0);
2602 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2604 struct l2cap_pinfo *pi = l2cap_pi(sk);
2605 struct l2cap_conf_rsp *rsp = data;
2606 void *ptr = rsp->data;
2607 void *req = pi->conf_req;
2608 int len = pi->conf_len;
2609 int type, hint, olen;
2611 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2612 u16 mtu = L2CAP_DEFAULT_MTU;
2613 u16 result = L2CAP_CONF_SUCCESS;
2615 BT_DBG("sk %p", sk);
2617 while (len >= L2CAP_CONF_OPT_SIZE) {
2618 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2620 hint = type & L2CAP_CONF_HINT;
2621 type &= L2CAP_CONF_MASK;
2624 case L2CAP_CONF_MTU:
2628 case L2CAP_CONF_FLUSH_TO:
2632 case L2CAP_CONF_QOS:
2635 case L2CAP_CONF_RFC:
2636 if (olen == sizeof(rfc))
2637 memcpy(&rfc, (void *) val, olen);
2640 case L2CAP_CONF_FCS:
2641 if (val == L2CAP_FCS_NONE)
2642 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2650 result = L2CAP_CONF_UNKNOWN;
2651 *((u8 *) ptr++) = type;
2656 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2660 case L2CAP_MODE_STREAMING:
2661 case L2CAP_MODE_ERTM:
2662 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2663 pi->mode = l2cap_select_mode(rfc.mode,
2664 pi->conn->feat_mask);
2668 if (pi->mode != rfc.mode)
2669 return -ECONNREFUSED;
2675 if (pi->mode != rfc.mode) {
2676 result = L2CAP_CONF_UNACCEPT;
2677 rfc.mode = pi->mode;
2679 if (pi->num_conf_rsp == 1)
2680 return -ECONNREFUSED;
2682 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2683 sizeof(rfc), (unsigned long) &rfc);
2687 if (result == L2CAP_CONF_SUCCESS) {
2688 /* Configure output options and let the other side know
2689 * which ones we don't like. */
2691 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2692 result = L2CAP_CONF_UNACCEPT;
2695 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2697 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2700 case L2CAP_MODE_BASIC:
2701 pi->fcs = L2CAP_FCS_NONE;
2702 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2705 case L2CAP_MODE_ERTM:
2706 pi->remote_tx_win = rfc.txwin_size;
2707 pi->remote_max_tx = rfc.max_transmit;
2708 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2709 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2711 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2713 rfc.retrans_timeout =
2714 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2715 rfc.monitor_timeout =
2716 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2718 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2721 sizeof(rfc), (unsigned long) &rfc);
2725 case L2CAP_MODE_STREAMING:
2726 if (rfc.max_pdu_size > pi->conn->mtu - 10)
2727 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
2729 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2731 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2733 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2734 sizeof(rfc), (unsigned long) &rfc);
2739 result = L2CAP_CONF_UNACCEPT;
2741 memset(&rfc, 0, sizeof(rfc));
2742 rfc.mode = pi->mode;
2745 if (result == L2CAP_CONF_SUCCESS)
2746 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2748 rsp->scid = cpu_to_le16(pi->dcid);
2749 rsp->result = cpu_to_le16(result);
2750 rsp->flags = cpu_to_le16(0x0000);
2755 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2757 struct l2cap_pinfo *pi = l2cap_pi(sk);
2758 struct l2cap_conf_req *req = data;
2759 void *ptr = req->data;
2762 struct l2cap_conf_rfc rfc;
2764 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2766 while (len >= L2CAP_CONF_OPT_SIZE) {
2767 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2770 case L2CAP_CONF_MTU:
2771 if (val < L2CAP_DEFAULT_MIN_MTU) {
2772 *result = L2CAP_CONF_UNACCEPT;
2773 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2776 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2779 case L2CAP_CONF_FLUSH_TO:
2781 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2785 case L2CAP_CONF_RFC:
2786 if (olen == sizeof(rfc))
2787 memcpy(&rfc, (void *)val, olen);
2789 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2790 rfc.mode != pi->mode)
2791 return -ECONNREFUSED;
2795 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2796 sizeof(rfc), (unsigned long) &rfc);
2801 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2802 return -ECONNREFUSED;
2804 pi->mode = rfc.mode;
2806 if (*result == L2CAP_CONF_SUCCESS) {
2808 case L2CAP_MODE_ERTM:
2809 pi->remote_tx_win = rfc.txwin_size;
2810 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2811 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2812 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2814 case L2CAP_MODE_STREAMING:
2815 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2819 req->dcid = cpu_to_le16(pi->dcid);
2820 req->flags = cpu_to_le16(0x0000);
2825 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2827 struct l2cap_conf_rsp *rsp = data;
2828 void *ptr = rsp->data;
2830 BT_DBG("sk %p", sk);
2832 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2833 rsp->result = cpu_to_le16(result);
2834 rsp->flags = cpu_to_le16(flags);
2839 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2841 struct l2cap_pinfo *pi = l2cap_pi(sk);
2844 struct l2cap_conf_rfc rfc;
2846 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2848 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2851 while (len >= L2CAP_CONF_OPT_SIZE) {
2852 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2855 case L2CAP_CONF_RFC:
2856 if (olen == sizeof(rfc))
2857 memcpy(&rfc, (void *)val, olen);
2864 case L2CAP_MODE_ERTM:
2865 pi->remote_tx_win = rfc.txwin_size;
2866 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2867 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2868 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2870 case L2CAP_MODE_STREAMING:
2871 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2875 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2877 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2879 if (rej->reason != 0x0000)
2882 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2883 cmd->ident == conn->info_ident) {
2884 del_timer(&conn->info_timer);
2886 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2887 conn->info_ident = 0;
2889 l2cap_conn_start(conn);
2895 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2897 struct l2cap_chan_list *list = &conn->chan_list;
2898 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2899 struct l2cap_conn_rsp rsp;
2900 struct sock *parent, *uninitialized_var(sk);
2901 int result, status = L2CAP_CS_NO_INFO;
2903 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2904 __le16 psm = req->psm;
2906 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2908 /* Check if we have socket listening on psm */
2909 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2911 result = L2CAP_CR_BAD_PSM;
2915 /* Check if the ACL is secure enough (if not SDP) */
2916 if (psm != cpu_to_le16(0x0001) &&
2917 !hci_conn_check_link_mode(conn->hcon)) {
2918 conn->disc_reason = 0x05;
2919 result = L2CAP_CR_SEC_BLOCK;
2923 result = L2CAP_CR_NO_MEM;
2925 /* Check for backlog size */
2926 if (sk_acceptq_is_full(parent)) {
2927 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2931 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2935 write_lock_bh(&list->lock);
2937 /* Check if we already have channel with that dcid */
2938 if (__l2cap_get_chan_by_dcid(list, scid)) {
2939 write_unlock_bh(&list->lock);
2940 sock_set_flag(sk, SOCK_ZAPPED);
2941 l2cap_sock_kill(sk);
2945 hci_conn_hold(conn->hcon);
2947 l2cap_sock_init(sk, parent);
2948 bacpy(&bt_sk(sk)->src, conn->src);
2949 bacpy(&bt_sk(sk)->dst, conn->dst);
2950 l2cap_pi(sk)->psm = psm;
2951 l2cap_pi(sk)->dcid = scid;
2953 __l2cap_chan_add(conn, sk, parent);
2954 dcid = l2cap_pi(sk)->scid;
2956 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2958 l2cap_pi(sk)->ident = cmd->ident;
2960 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2961 if (l2cap_check_security(sk)) {
2962 if (bt_sk(sk)->defer_setup) {
2963 sk->sk_state = BT_CONNECT2;
2964 result = L2CAP_CR_PEND;
2965 status = L2CAP_CS_AUTHOR_PEND;
2966 parent->sk_data_ready(parent, 0);
2968 sk->sk_state = BT_CONFIG;
2969 result = L2CAP_CR_SUCCESS;
2970 status = L2CAP_CS_NO_INFO;
2973 sk->sk_state = BT_CONNECT2;
2974 result = L2CAP_CR_PEND;
2975 status = L2CAP_CS_AUTHEN_PEND;
2978 sk->sk_state = BT_CONNECT2;
2979 result = L2CAP_CR_PEND;
2980 status = L2CAP_CS_NO_INFO;
2983 write_unlock_bh(&list->lock);
2986 bh_unlock_sock(parent);
2989 rsp.scid = cpu_to_le16(scid);
2990 rsp.dcid = cpu_to_le16(dcid);
2991 rsp.result = cpu_to_le16(result);
2992 rsp.status = cpu_to_le16(status);
2993 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2995 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2996 struct l2cap_info_req info;
2997 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2999 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3000 conn->info_ident = l2cap_get_ident(conn);
3002 mod_timer(&conn->info_timer, jiffies +
3003 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
3005 l2cap_send_cmd(conn, conn->info_ident,
3006 L2CAP_INFO_REQ, sizeof(info), &info);
3009 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3010 result == L2CAP_CR_SUCCESS) {
3012 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3013 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3014 l2cap_build_conf_req(sk, buf), buf);
3015 l2cap_pi(sk)->num_conf_req++;
3021 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3023 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3024 u16 scid, dcid, result, status;
3028 scid = __le16_to_cpu(rsp->scid);
3029 dcid = __le16_to_cpu(rsp->dcid);
3030 result = __le16_to_cpu(rsp->result);
3031 status = __le16_to_cpu(rsp->status);
3033 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
3036 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3040 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
3046 case L2CAP_CR_SUCCESS:
3047 sk->sk_state = BT_CONFIG;
3048 l2cap_pi(sk)->ident = 0;
3049 l2cap_pi(sk)->dcid = dcid;
3050 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
3052 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3055 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3057 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3058 l2cap_build_conf_req(sk, req), req);
3059 l2cap_pi(sk)->num_conf_req++;
3063 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3067 l2cap_chan_del(sk, ECONNREFUSED);
3075 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3077 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3083 dcid = __le16_to_cpu(req->dcid);
3084 flags = __le16_to_cpu(req->flags);
3086 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3088 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3092 if (sk->sk_state != BT_CONFIG) {
3093 struct l2cap_cmd_rej rej;
3095 rej.reason = cpu_to_le16(0x0002);
3096 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3101 /* Reject if config buffer is too small. */
3102 len = cmd_len - sizeof(*req);
3103 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
3104 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3105 l2cap_build_conf_rsp(sk, rsp,
3106 L2CAP_CONF_REJECT, flags), rsp);
3111 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
3112 l2cap_pi(sk)->conf_len += len;
3114 if (flags & 0x0001) {
3115 /* Incomplete config. Send empty response. */
3116 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3117 l2cap_build_conf_rsp(sk, rsp,
3118 L2CAP_CONF_SUCCESS, 0x0001), rsp);
3122 /* Complete config. */
3123 len = l2cap_parse_conf_req(sk, rsp);
3125 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3129 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3130 l2cap_pi(sk)->num_conf_rsp++;
3132 /* Reset config buffer. */
3133 l2cap_pi(sk)->conf_len = 0;
3135 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
3138 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
3139 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
3140 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
3141 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
3143 sk->sk_state = BT_CONNECTED;
3145 l2cap_pi(sk)->next_tx_seq = 0;
3146 l2cap_pi(sk)->expected_tx_seq = 0;
3147 __skb_queue_head_init(TX_QUEUE(sk));
3148 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3149 l2cap_ertm_init(sk);
3151 l2cap_chan_ready(sk);
3155 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
3157 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3158 l2cap_build_conf_req(sk, buf), buf);
3159 l2cap_pi(sk)->num_conf_req++;
3167 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3169 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3170 u16 scid, flags, result;
3172 int len = cmd->len - sizeof(*rsp);
3174 scid = __le16_to_cpu(rsp->scid);
3175 flags = __le16_to_cpu(rsp->flags);
3176 result = __le16_to_cpu(rsp->result);
3178 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
3179 scid, flags, result);
3181 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3186 case L2CAP_CONF_SUCCESS:
3187 l2cap_conf_rfc_get(sk, rsp->data, len);
3190 case L2CAP_CONF_UNACCEPT:
3191 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
3194 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3195 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3199 /* throw out any old stored conf requests */
3200 result = L2CAP_CONF_SUCCESS;
3201 len = l2cap_parse_conf_rsp(sk, rsp->data,
3204 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3208 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3209 L2CAP_CONF_REQ, len, req);
3210 l2cap_pi(sk)->num_conf_req++;
3211 if (result != L2CAP_CONF_SUCCESS)
3217 sk->sk_err = ECONNRESET;
3218 l2cap_sock_set_timer(sk, HZ * 5);
3219 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3226 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
3228 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
3229 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
3230 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
3231 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
3233 sk->sk_state = BT_CONNECTED;
3234 l2cap_pi(sk)->next_tx_seq = 0;
3235 l2cap_pi(sk)->expected_tx_seq = 0;
3236 __skb_queue_head_init(TX_QUEUE(sk));
3237 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3238 l2cap_ertm_init(sk);
3240 l2cap_chan_ready(sk);
3248 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3250 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3251 struct l2cap_disconn_rsp rsp;
3255 scid = __le16_to_cpu(req->scid);
3256 dcid = __le16_to_cpu(req->dcid);
3258 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3260 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3264 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3265 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3266 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3268 sk->sk_shutdown = SHUTDOWN_MASK;
3270 l2cap_chan_del(sk, ECONNRESET);
3273 l2cap_sock_kill(sk);
3277 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3279 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3283 scid = __le16_to_cpu(rsp->scid);
3284 dcid = __le16_to_cpu(rsp->dcid);
3286 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3288 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3292 l2cap_chan_del(sk, 0);
3295 l2cap_sock_kill(sk);
3299 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3301 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3304 type = __le16_to_cpu(req->type);
3306 BT_DBG("type 0x%4.4x", type);
3308 if (type == L2CAP_IT_FEAT_MASK) {
3310 u32 feat_mask = l2cap_feat_mask;
3311 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3312 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3313 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3315 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3317 put_unaligned_le32(feat_mask, rsp->data);
3318 l2cap_send_cmd(conn, cmd->ident,
3319 L2CAP_INFO_RSP, sizeof(buf), buf);
3320 } else if (type == L2CAP_IT_FIXED_CHAN) {
3322 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3323 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3324 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3325 memcpy(buf + 4, l2cap_fixed_chan, 8);
3326 l2cap_send_cmd(conn, cmd->ident,
3327 L2CAP_INFO_RSP, sizeof(buf), buf);
3329 struct l2cap_info_rsp rsp;
3330 rsp.type = cpu_to_le16(type);
3331 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3332 l2cap_send_cmd(conn, cmd->ident,
3333 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3339 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3341 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3344 type = __le16_to_cpu(rsp->type);
3345 result = __le16_to_cpu(rsp->result);
3347 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3349 del_timer(&conn->info_timer);
3351 if (result != L2CAP_IR_SUCCESS) {
3352 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3353 conn->info_ident = 0;
3355 l2cap_conn_start(conn);
3360 if (type == L2CAP_IT_FEAT_MASK) {
3361 conn->feat_mask = get_unaligned_le32(rsp->data);
3363 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3364 struct l2cap_info_req req;
3365 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3367 conn->info_ident = l2cap_get_ident(conn);
3369 l2cap_send_cmd(conn, conn->info_ident,
3370 L2CAP_INFO_REQ, sizeof(req), &req);
3372 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3373 conn->info_ident = 0;
3375 l2cap_conn_start(conn);
3377 } else if (type == L2CAP_IT_FIXED_CHAN) {
3378 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3379 conn->info_ident = 0;
3381 l2cap_conn_start(conn);
3387 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3389 u8 *data = skb->data;
3391 struct l2cap_cmd_hdr cmd;
3394 l2cap_raw_recv(conn, skb);
3396 while (len >= L2CAP_CMD_HDR_SIZE) {
3398 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3399 data += L2CAP_CMD_HDR_SIZE;
3400 len -= L2CAP_CMD_HDR_SIZE;
3402 cmd_len = le16_to_cpu(cmd.len);
3404 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3406 if (cmd_len > len || !cmd.ident) {
3407 BT_DBG("corrupted command");
3412 case L2CAP_COMMAND_REJ:
3413 l2cap_command_rej(conn, &cmd, data);
3416 case L2CAP_CONN_REQ:
3417 err = l2cap_connect_req(conn, &cmd, data);
3420 case L2CAP_CONN_RSP:
3421 err = l2cap_connect_rsp(conn, &cmd, data);
3424 case L2CAP_CONF_REQ:
3425 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3428 case L2CAP_CONF_RSP:
3429 err = l2cap_config_rsp(conn, &cmd, data);
3432 case L2CAP_DISCONN_REQ:
3433 err = l2cap_disconnect_req(conn, &cmd, data);
3436 case L2CAP_DISCONN_RSP:
3437 err = l2cap_disconnect_rsp(conn, &cmd, data);
3440 case L2CAP_ECHO_REQ:
3441 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3444 case L2CAP_ECHO_RSP:
3447 case L2CAP_INFO_REQ:
3448 err = l2cap_information_req(conn, &cmd, data);
3451 case L2CAP_INFO_RSP:
3452 err = l2cap_information_rsp(conn, &cmd, data);
3456 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3462 struct l2cap_cmd_rej rej;
3463 BT_DBG("error %d", err);
3465 /* FIXME: Map err to a valid reason */
3466 rej.reason = cpu_to_le16(0);
3467 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3477 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3479 u16 our_fcs, rcv_fcs;
3480 int hdr_size = L2CAP_HDR_SIZE + 2;
3482 if (pi->fcs == L2CAP_FCS_CRC16) {
3483 skb_trim(skb, skb->len - 2);
3484 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3485 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3487 if (our_fcs != rcv_fcs)
3493 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3495 struct l2cap_pinfo *pi = l2cap_pi(sk);
3498 pi->frames_sent = 0;
3500 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3502 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3503 control |= L2CAP_SUPER_RCV_NOT_READY;
3504 l2cap_send_sframe(pi, control);
3505 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3508 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3509 l2cap_retransmit_frames(sk);
3511 l2cap_ertm_send(sk);
3513 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3514 pi->frames_sent == 0) {
3515 control |= L2CAP_SUPER_RCV_READY;
3516 l2cap_send_sframe(pi, control);
3520 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3522 struct sk_buff *next_skb;
3523 struct l2cap_pinfo *pi = l2cap_pi(sk);
3524 int tx_seq_offset, next_tx_seq_offset;
3526 bt_cb(skb)->tx_seq = tx_seq;
3527 bt_cb(skb)->sar = sar;
3529 next_skb = skb_peek(SREJ_QUEUE(sk));
3531 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3535 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3536 if (tx_seq_offset < 0)
3537 tx_seq_offset += 64;
3540 if (bt_cb(next_skb)->tx_seq == tx_seq)
3543 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3544 pi->buffer_seq) % 64;
3545 if (next_tx_seq_offset < 0)
3546 next_tx_seq_offset += 64;
3548 if (next_tx_seq_offset > tx_seq_offset) {
3549 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3553 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3556 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3558 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3563 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3565 struct l2cap_pinfo *pi = l2cap_pi(sk);
3566 struct sk_buff *_skb;
3569 switch (control & L2CAP_CTRL_SAR) {
3570 case L2CAP_SDU_UNSEGMENTED:
3571 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3574 err = sock_queue_rcv_skb(sk, skb);
3580 case L2CAP_SDU_START:
3581 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3584 pi->sdu_len = get_unaligned_le16(skb->data);
3586 if (pi->sdu_len > pi->imtu)
3589 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3593 /* pull sdu_len bytes only after alloc, because of Local Busy
3594 * condition we have to be sure that this will be executed
3595 * only once, i.e., when alloc does not fail */
3598 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3600 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3601 pi->partial_sdu_len = skb->len;
3604 case L2CAP_SDU_CONTINUE:
3605 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3611 pi->partial_sdu_len += skb->len;
3612 if (pi->partial_sdu_len > pi->sdu_len)
3615 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3620 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3626 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3627 pi->partial_sdu_len += skb->len;
3629 if (pi->partial_sdu_len > pi->imtu)
3632 if (pi->partial_sdu_len != pi->sdu_len)
3635 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3638 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3640 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3644 err = sock_queue_rcv_skb(sk, _skb);
3647 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3651 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3652 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3666 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3671 static int l2cap_try_push_rx_skb(struct sock *sk)
3673 struct l2cap_pinfo *pi = l2cap_pi(sk);
3674 struct sk_buff *skb;
3678 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3679 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3680 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3682 skb_queue_head(BUSY_QUEUE(sk), skb);
3686 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3689 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3692 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3693 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3694 l2cap_send_sframe(pi, control);
3695 l2cap_pi(sk)->retry_count = 1;
3697 del_timer(&pi->retrans_timer);
3698 __mod_monitor_timer();
3700 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3703 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3704 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3706 BT_DBG("sk %p, Exit local busy", sk);
3711 static void l2cap_busy_work(struct work_struct *work)
3713 DECLARE_WAITQUEUE(wait, current);
3714 struct l2cap_pinfo *pi =
3715 container_of(work, struct l2cap_pinfo, busy_work);
3716 struct sock *sk = (struct sock *)pi;
3717 int n_tries = 0, timeo = HZ/5, err;
3718 struct sk_buff *skb;
3722 add_wait_queue(sk_sleep(sk), &wait);
3723 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3724 set_current_state(TASK_INTERRUPTIBLE);
3726 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3728 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3735 if (signal_pending(current)) {
3736 err = sock_intr_errno(timeo);
3741 timeo = schedule_timeout(timeo);
3744 err = sock_error(sk);
3748 if (l2cap_try_push_rx_skb(sk) == 0)
3752 set_current_state(TASK_RUNNING);
3753 remove_wait_queue(sk_sleep(sk), &wait);
3758 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3760 struct l2cap_pinfo *pi = l2cap_pi(sk);
3763 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3764 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3765 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3766 return l2cap_try_push_rx_skb(sk);
3771 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3773 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3777 /* Busy Condition */
3778 BT_DBG("sk %p, Enter local busy", sk);
3780 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3781 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3782 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3784 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3785 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3786 l2cap_send_sframe(pi, sctrl);
3788 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3790 del_timer(&pi->ack_timer);
3792 queue_work(_busy_wq, &pi->busy_work);
3797 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3799 struct l2cap_pinfo *pi = l2cap_pi(sk);
3800 struct sk_buff *_skb;
3804 * TODO: We have to notify the userland if some data is lost with the
3808 switch (control & L2CAP_CTRL_SAR) {
3809 case L2CAP_SDU_UNSEGMENTED:
3810 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3815 err = sock_queue_rcv_skb(sk, skb);
3821 case L2CAP_SDU_START:
3822 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3827 pi->sdu_len = get_unaligned_le16(skb->data);
3830 if (pi->sdu_len > pi->imtu) {
3835 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3841 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3843 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3844 pi->partial_sdu_len = skb->len;
3848 case L2CAP_SDU_CONTINUE:
3849 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3852 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3854 pi->partial_sdu_len += skb->len;
3855 if (pi->partial_sdu_len > pi->sdu_len)
3863 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3866 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3868 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3869 pi->partial_sdu_len += skb->len;
3871 if (pi->partial_sdu_len > pi->imtu)
3874 if (pi->partial_sdu_len == pi->sdu_len) {
3875 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3876 err = sock_queue_rcv_skb(sk, _skb);
3891 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3893 struct sk_buff *skb;
3896 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3897 if (bt_cb(skb)->tx_seq != tx_seq)
3900 skb = skb_dequeue(SREJ_QUEUE(sk));
3901 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3902 l2cap_ertm_reassembly_sdu(sk, skb, control);
3903 l2cap_pi(sk)->buffer_seq_srej =
3904 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3905 tx_seq = (tx_seq + 1) % 64;
3909 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3911 struct l2cap_pinfo *pi = l2cap_pi(sk);
3912 struct srej_list *l, *tmp;
3915 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3916 if (l->tx_seq == tx_seq) {
3921 control = L2CAP_SUPER_SELECT_REJECT;
3922 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3923 l2cap_send_sframe(pi, control);
3925 list_add_tail(&l->list, SREJ_LIST(sk));
3929 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3931 struct l2cap_pinfo *pi = l2cap_pi(sk);
3932 struct srej_list *new;
3935 while (tx_seq != pi->expected_tx_seq) {
3936 control = L2CAP_SUPER_SELECT_REJECT;
3937 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3938 l2cap_send_sframe(pi, control);
3940 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3941 new->tx_seq = pi->expected_tx_seq;
3942 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3943 list_add_tail(&new->list, SREJ_LIST(sk));
3945 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3948 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3950 struct l2cap_pinfo *pi = l2cap_pi(sk);
3951 u8 tx_seq = __get_txseq(rx_control);
3952 u8 req_seq = __get_reqseq(rx_control);
3953 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3954 int tx_seq_offset, expected_tx_seq_offset;
3955 int num_to_ack = (pi->tx_win/6) + 1;
3958 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3961 if (L2CAP_CTRL_FINAL & rx_control &&
3962 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3963 del_timer(&pi->monitor_timer);
3964 if (pi->unacked_frames > 0)
3965 __mod_retrans_timer();
3966 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3969 pi->expected_ack_seq = req_seq;
3970 l2cap_drop_acked_frames(sk);
3972 if (tx_seq == pi->expected_tx_seq)
3975 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3976 if (tx_seq_offset < 0)
3977 tx_seq_offset += 64;
3979 /* invalid tx_seq */
3980 if (tx_seq_offset >= pi->tx_win) {
3981 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3985 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3988 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3989 struct srej_list *first;
3991 first = list_first_entry(SREJ_LIST(sk),
3992 struct srej_list, list);
3993 if (tx_seq == first->tx_seq) {
3994 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3995 l2cap_check_srej_gap(sk, tx_seq);
3997 list_del(&first->list);
4000 if (list_empty(SREJ_LIST(sk))) {
4001 pi->buffer_seq = pi->buffer_seq_srej;
4002 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
4004 BT_DBG("sk %p, Exit SREJ_SENT", sk);
4007 struct srej_list *l;
4009 /* duplicated tx_seq */
4010 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
4013 list_for_each_entry(l, SREJ_LIST(sk), list) {
4014 if (l->tx_seq == tx_seq) {
4015 l2cap_resend_srejframe(sk, tx_seq);
4019 l2cap_send_srejframe(sk, tx_seq);
4022 expected_tx_seq_offset =
4023 (pi->expected_tx_seq - pi->buffer_seq) % 64;
4024 if (expected_tx_seq_offset < 0)
4025 expected_tx_seq_offset += 64;
4027 /* duplicated tx_seq */
4028 if (tx_seq_offset < expected_tx_seq_offset)
4031 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
4033 BT_DBG("sk %p, Enter SREJ", sk);
4035 INIT_LIST_HEAD(SREJ_LIST(sk));
4036 pi->buffer_seq_srej = pi->buffer_seq;
4038 __skb_queue_head_init(SREJ_QUEUE(sk));
4039 __skb_queue_head_init(BUSY_QUEUE(sk));
4040 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4042 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
4044 l2cap_send_srejframe(sk, tx_seq);
4046 del_timer(&pi->ack_timer);
4051 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4053 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4054 bt_cb(skb)->tx_seq = tx_seq;
4055 bt_cb(skb)->sar = sar;
4056 __skb_queue_tail(SREJ_QUEUE(sk), skb);
4060 err = l2cap_push_rx_skb(sk, skb, rx_control);
4064 if (rx_control & L2CAP_CTRL_FINAL) {
4065 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4066 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4068 l2cap_retransmit_frames(sk);
4073 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
4074 if (pi->num_acked == num_to_ack - 1)
4084 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
4086 struct l2cap_pinfo *pi = l2cap_pi(sk);
4088 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4091 pi->expected_ack_seq = __get_reqseq(rx_control);
4092 l2cap_drop_acked_frames(sk);
4094 if (rx_control & L2CAP_CTRL_POLL) {
4095 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4096 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4097 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4098 (pi->unacked_frames > 0))
4099 __mod_retrans_timer();
4101 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4102 l2cap_send_srejtail(sk);
4104 l2cap_send_i_or_rr_or_rnr(sk);
4107 } else if (rx_control & L2CAP_CTRL_FINAL) {
4108 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4110 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4111 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4113 l2cap_retransmit_frames(sk);
4116 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4117 (pi->unacked_frames > 0))
4118 __mod_retrans_timer();
4120 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4121 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4124 l2cap_ertm_send(sk);
4129 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
4131 struct l2cap_pinfo *pi = l2cap_pi(sk);
4132 u8 tx_seq = __get_reqseq(rx_control);
4134 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4136 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4138 pi->expected_ack_seq = tx_seq;
4139 l2cap_drop_acked_frames(sk);
4141 if (rx_control & L2CAP_CTRL_FINAL) {
4142 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4143 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4145 l2cap_retransmit_frames(sk);
4147 l2cap_retransmit_frames(sk);
4149 if (pi->conn_state & L2CAP_CONN_WAIT_F)
4150 pi->conn_state |= L2CAP_CONN_REJ_ACT;
4153 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
4155 struct l2cap_pinfo *pi = l2cap_pi(sk);
4156 u8 tx_seq = __get_reqseq(rx_control);
4158 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4160 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4162 if (rx_control & L2CAP_CTRL_POLL) {
4163 pi->expected_ack_seq = tx_seq;
4164 l2cap_drop_acked_frames(sk);
4166 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4167 l2cap_retransmit_one_frame(sk, tx_seq);
4169 l2cap_ertm_send(sk);
4171 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4172 pi->srej_save_reqseq = tx_seq;
4173 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4175 } else if (rx_control & L2CAP_CTRL_FINAL) {
4176 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4177 pi->srej_save_reqseq == tx_seq)
4178 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4180 l2cap_retransmit_one_frame(sk, tx_seq);
4182 l2cap_retransmit_one_frame(sk, tx_seq);
4183 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4184 pi->srej_save_reqseq = tx_seq;
4185 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4190 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4192 struct l2cap_pinfo *pi = l2cap_pi(sk);
4193 u8 tx_seq = __get_reqseq(rx_control);
4195 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4197 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4198 pi->expected_ack_seq = tx_seq;
4199 l2cap_drop_acked_frames(sk);
4201 if (rx_control & L2CAP_CTRL_POLL)
4202 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4204 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4205 del_timer(&pi->retrans_timer);
4206 if (rx_control & L2CAP_CTRL_POLL)
4207 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4211 if (rx_control & L2CAP_CTRL_POLL)
4212 l2cap_send_srejtail(sk);
4214 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4217 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4219 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4221 if (L2CAP_CTRL_FINAL & rx_control &&
4222 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4223 del_timer(&l2cap_pi(sk)->monitor_timer);
4224 if (l2cap_pi(sk)->unacked_frames > 0)
4225 __mod_retrans_timer();
4226 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4229 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4230 case L2CAP_SUPER_RCV_READY:
4231 l2cap_data_channel_rrframe(sk, rx_control);
4234 case L2CAP_SUPER_REJECT:
4235 l2cap_data_channel_rejframe(sk, rx_control);
4238 case L2CAP_SUPER_SELECT_REJECT:
4239 l2cap_data_channel_srejframe(sk, rx_control);
4242 case L2CAP_SUPER_RCV_NOT_READY:
4243 l2cap_data_channel_rnrframe(sk, rx_control);
4251 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4253 struct l2cap_pinfo *pi = l2cap_pi(sk);
4256 int len, next_tx_seq_offset, req_seq_offset;
4258 control = get_unaligned_le16(skb->data);
4263 * We can just drop the corrupted I-frame here.
4264 * Receiver will miss it and start proper recovery
4265 * procedures and ask retransmission.
4267 if (l2cap_check_fcs(pi, skb))
4270 if (__is_sar_start(control) && __is_iframe(control))
4273 if (pi->fcs == L2CAP_FCS_CRC16)
4276 if (len > pi->mps) {
4277 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4281 req_seq = __get_reqseq(control);
4282 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4283 if (req_seq_offset < 0)
4284 req_seq_offset += 64;
4286 next_tx_seq_offset =
4287 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4288 if (next_tx_seq_offset < 0)
4289 next_tx_seq_offset += 64;
4291 /* check for invalid req-seq */
4292 if (req_seq_offset > next_tx_seq_offset) {
4293 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4297 if (__is_iframe(control)) {
4299 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4303 l2cap_data_channel_iframe(sk, control, skb);
4307 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4311 l2cap_data_channel_sframe(sk, control, skb);
4321 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4324 struct l2cap_pinfo *pi;
4329 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4331 BT_DBG("unknown cid 0x%4.4x", cid);
4337 BT_DBG("sk %p, len %d", sk, skb->len);
4339 if (sk->sk_state != BT_CONNECTED)
4343 case L2CAP_MODE_BASIC:
4344 /* If socket recv buffers overflows we drop data here
4345 * which is *bad* because L2CAP has to be reliable.
4346 * But we don't have any other choice. L2CAP doesn't
4347 * provide flow control mechanism. */
4349 if (pi->imtu < skb->len)
4352 if (!sock_queue_rcv_skb(sk, skb))
4356 case L2CAP_MODE_ERTM:
4357 if (!sock_owned_by_user(sk)) {
4358 l2cap_ertm_data_rcv(sk, skb);
4360 if (sk_add_backlog(sk, skb))
4366 case L2CAP_MODE_STREAMING:
4367 control = get_unaligned_le16(skb->data);
4371 if (l2cap_check_fcs(pi, skb))
4374 if (__is_sar_start(control))
4377 if (pi->fcs == L2CAP_FCS_CRC16)
4380 if (len > pi->mps || len < 0 || __is_sframe(control))
4383 tx_seq = __get_txseq(control);
4385 if (pi->expected_tx_seq == tx_seq)
4386 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4388 pi->expected_tx_seq = (tx_seq + 1) % 64;
4390 l2cap_streaming_reassembly_sdu(sk, skb, control);
4395 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
4409 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4413 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
4417 BT_DBG("sk %p, len %d", sk, skb->len);
4419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
4422 if (l2cap_pi(sk)->imtu < skb->len)
4425 if (!sock_queue_rcv_skb(sk, skb))
4437 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4439 struct l2cap_hdr *lh = (void *) skb->data;
4443 skb_pull(skb, L2CAP_HDR_SIZE);
4444 cid = __le16_to_cpu(lh->cid);
4445 len = __le16_to_cpu(lh->len);
4447 if (len != skb->len) {
4452 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4455 case L2CAP_CID_SIGNALING:
4456 l2cap_sig_channel(conn, skb);
4459 case L2CAP_CID_CONN_LESS:
4460 psm = get_unaligned_le16(skb->data);
4462 l2cap_conless_channel(conn, psm, skb);
4466 l2cap_data_channel(conn, cid, skb);
4471 /* ---- L2CAP interface with lower layer (HCI) ---- */
4473 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4475 int exact = 0, lm1 = 0, lm2 = 0;
4476 register struct sock *sk;
4477 struct hlist_node *node;
4479 if (type != ACL_LINK)
4482 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4484 /* Find listening sockets and check their link_mode */
4485 read_lock(&l2cap_sk_list.lock);
4486 sk_for_each(sk, node, &l2cap_sk_list.head) {
4487 if (sk->sk_state != BT_LISTEN)
4490 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
4491 lm1 |= HCI_LM_ACCEPT;
4492 if (l2cap_pi(sk)->role_switch)
4493 lm1 |= HCI_LM_MASTER;
4495 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4496 lm2 |= HCI_LM_ACCEPT;
4497 if (l2cap_pi(sk)->role_switch)
4498 lm2 |= HCI_LM_MASTER;
4501 read_unlock(&l2cap_sk_list.lock);
4503 return exact ? lm1 : lm2;
4506 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4508 struct l2cap_conn *conn;
4510 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4512 if (hcon->type != ACL_LINK)
4516 conn = l2cap_conn_add(hcon, status);
4518 l2cap_conn_ready(conn);
4520 l2cap_conn_del(hcon, bt_err(status));
4525 static int l2cap_disconn_ind(struct hci_conn *hcon)
4527 struct l2cap_conn *conn = hcon->l2cap_data;
4529 BT_DBG("hcon %p", hcon);
4531 if (hcon->type != ACL_LINK || !conn)
4534 return conn->disc_reason;
4537 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4539 BT_DBG("hcon %p reason %d", hcon, reason);
4541 if (hcon->type != ACL_LINK)
4544 l2cap_conn_del(hcon, bt_err(reason));
4549 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
4551 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
4554 if (encrypt == 0x00) {
4555 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
4556 l2cap_sock_clear_timer(sk);
4557 l2cap_sock_set_timer(sk, HZ * 5);
4558 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
4559 __l2cap_sock_close(sk, ECONNREFUSED);
4561 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
4562 l2cap_sock_clear_timer(sk);
4566 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4568 struct l2cap_chan_list *l;
4569 struct l2cap_conn *conn = hcon->l2cap_data;
4575 l = &conn->chan_list;
4577 BT_DBG("conn %p", conn);
4579 read_lock(&l->lock);
4581 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
4584 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
4589 if (!status && (sk->sk_state == BT_CONNECTED ||
4590 sk->sk_state == BT_CONFIG)) {
4591 l2cap_check_encryption(sk, encrypt);
4596 if (sk->sk_state == BT_CONNECT) {
4598 struct l2cap_conn_req req;
4599 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
4600 req.psm = l2cap_pi(sk)->psm;
4602 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
4603 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
4605 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4606 L2CAP_CONN_REQ, sizeof(req), &req);
4608 l2cap_sock_clear_timer(sk);
4609 l2cap_sock_set_timer(sk, HZ / 10);
4611 } else if (sk->sk_state == BT_CONNECT2) {
4612 struct l2cap_conn_rsp rsp;
4616 sk->sk_state = BT_CONFIG;
4617 result = L2CAP_CR_SUCCESS;
4619 sk->sk_state = BT_DISCONN;
4620 l2cap_sock_set_timer(sk, HZ / 10);
4621 result = L2CAP_CR_SEC_BLOCK;
4624 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
4625 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
4626 rsp.result = cpu_to_le16(result);
4627 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4628 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4629 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4635 read_unlock(&l->lock);
4640 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4642 struct l2cap_conn *conn = hcon->l2cap_data;
4644 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4647 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4649 if (flags & ACL_START) {
4650 struct l2cap_hdr *hdr;
4654 BT_ERR("Unexpected start frame (len %d)", skb->len);
4655 kfree_skb(conn->rx_skb);
4656 conn->rx_skb = NULL;
4658 l2cap_conn_unreliable(conn, ECOMM);
4662 BT_ERR("Frame is too short (len %d)", skb->len);
4663 l2cap_conn_unreliable(conn, ECOMM);
4667 hdr = (struct l2cap_hdr *) skb->data;
4668 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4670 if (len == skb->len) {
4671 /* Complete frame received */
4672 l2cap_recv_frame(conn, skb);
4676 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4678 if (skb->len > len) {
4679 BT_ERR("Frame is too long (len %d, expected len %d)",
4681 l2cap_conn_unreliable(conn, ECOMM);
4685 /* Allocate skb for the complete frame (with header) */
4686 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4690 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4692 conn->rx_len = len - skb->len;
4694 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4696 if (!conn->rx_len) {
4697 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4698 l2cap_conn_unreliable(conn, ECOMM);
4702 if (skb->len > conn->rx_len) {
4703 BT_ERR("Fragment is too long (len %d, expected %d)",
4704 skb->len, conn->rx_len);
4705 kfree_skb(conn->rx_skb);
4706 conn->rx_skb = NULL;
4708 l2cap_conn_unreliable(conn, ECOMM);
4712 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4714 conn->rx_len -= skb->len;
4716 if (!conn->rx_len) {
4717 /* Complete frame received */
4718 l2cap_recv_frame(conn, conn->rx_skb);
4719 conn->rx_skb = NULL;
4728 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4731 struct hlist_node *node;
4733 read_lock_bh(&l2cap_sk_list.lock);
4735 sk_for_each(sk, node, &l2cap_sk_list.head) {
4736 struct l2cap_pinfo *pi = l2cap_pi(sk);
4738 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4739 batostr(&bt_sk(sk)->src),
4740 batostr(&bt_sk(sk)->dst),
4741 sk->sk_state, __le16_to_cpu(pi->psm),
4743 pi->imtu, pi->omtu, pi->sec_level);
4746 read_unlock_bh(&l2cap_sk_list.lock);
4751 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4753 return single_open(file, l2cap_debugfs_show, inode->i_private);
4756 static const struct file_operations l2cap_debugfs_fops = {
4757 .open = l2cap_debugfs_open,
4759 .llseek = seq_lseek,
4760 .release = single_release,
4763 static struct dentry *l2cap_debugfs;
4765 static const struct proto_ops l2cap_sock_ops = {
4766 .family = PF_BLUETOOTH,
4767 .owner = THIS_MODULE,
4768 .release = l2cap_sock_release,
4769 .bind = l2cap_sock_bind,
4770 .connect = l2cap_sock_connect,
4771 .listen = l2cap_sock_listen,
4772 .accept = l2cap_sock_accept,
4773 .getname = l2cap_sock_getname,
4774 .sendmsg = l2cap_sock_sendmsg,
4775 .recvmsg = l2cap_sock_recvmsg,
4776 .poll = bt_sock_poll,
4777 .ioctl = bt_sock_ioctl,
4778 .mmap = sock_no_mmap,
4779 .socketpair = sock_no_socketpair,
4780 .shutdown = l2cap_sock_shutdown,
4781 .setsockopt = l2cap_sock_setsockopt,
4782 .getsockopt = l2cap_sock_getsockopt
4785 static const struct net_proto_family l2cap_sock_family_ops = {
4786 .family = PF_BLUETOOTH,
4787 .owner = THIS_MODULE,
4788 .create = l2cap_sock_create,
4791 static struct hci_proto l2cap_hci_proto = {
4793 .id = HCI_PROTO_L2CAP,
4794 .connect_ind = l2cap_connect_ind,
4795 .connect_cfm = l2cap_connect_cfm,
4796 .disconn_ind = l2cap_disconn_ind,
4797 .disconn_cfm = l2cap_disconn_cfm,
4798 .security_cfm = l2cap_security_cfm,
4799 .recv_acldata = l2cap_recv_acldata
4802 static int __init l2cap_init(void)
4806 err = proto_register(&l2cap_proto, 0);
4810 _busy_wq = create_singlethread_workqueue("l2cap");
4814 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4816 BT_ERR("L2CAP socket registration failed");
4820 err = hci_register_proto(&l2cap_hci_proto);
4822 BT_ERR("L2CAP protocol registration failed");
4823 bt_sock_unregister(BTPROTO_L2CAP);
4828 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4829 bt_debugfs, NULL, &l2cap_debugfs_fops);
4831 BT_ERR("Failed to create L2CAP debug file");
4834 BT_INFO("L2CAP ver %s", VERSION);
4835 BT_INFO("L2CAP socket layer initialized");
4840 proto_unregister(&l2cap_proto);
4844 static void __exit l2cap_exit(void)
4846 debugfs_remove(l2cap_debugfs);
4848 flush_workqueue(_busy_wq);
4849 destroy_workqueue(_busy_wq);
4851 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4852 BT_ERR("L2CAP socket unregistration failed");
4854 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4855 BT_ERR("L2CAP protocol unregistration failed");
4857 proto_unregister(&l2cap_proto);
4860 void l2cap_load(void)
4862 /* Dummy function to trigger automatic L2CAP module loading by
4863 * other modules that use L2CAP sockets but don't use any other
4864 * symbols from it. */
4866 EXPORT_SYMBOL(l2cap_load);
4868 module_init(l2cap_init);
4869 module_exit(l2cap_exit);
4871 module_param(disable_ertm, bool, 0644);
4872 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4874 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4875 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4876 MODULE_VERSION(VERSION);
4877 MODULE_LICENSE("GPL");
4878 MODULE_ALIAS("bt-proto-0");
git.openpandora.org / pandora-kernel.git / blob