Lines Matching refs:chan
61 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
62 static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
64 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
175 int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
187 chan->psm = psm;
188 chan->sport = psm;
196 chan->psm = cpu_to_le16(p);
197 chan->sport = cpu_to_le16(p);
209 int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
214 chan->omtu = L2CAP_DEFAULT_MTU;
215 chan->chan_type = L2CAP_CHAN_FIXED;
217 chan->scid = scid;
241 static void l2cap_state_change(struct l2cap_chan *chan, int state)
243 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
246 chan->state = state;
247 chan->ops->state_change(chan, state, 0);
250 static inline void l2cap_state_change_and_error(struct l2cap_chan *chan,
253 chan->state = state;
254 chan->ops->state_change(chan, chan->state, err);
257 static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
259 chan->ops->state_change(chan, chan->state, err);
262 static void __set_retrans_timer(struct l2cap_chan *chan)
264 if (!delayed_work_pending(&chan->monitor_timer) &&
265 chan->retrans_timeout) {
266 l2cap_set_timer(chan, &chan->retrans_timer,
267 msecs_to_jiffies(chan->retrans_timeout));
271 static void __set_monitor_timer(struct l2cap_chan *chan)
273 __clear_retrans_timer(chan);
274 if (chan->monitor_timeout) {
275 l2cap_set_timer(chan, &chan->monitor_timer,
276 msecs_to_jiffies(chan->monitor_timeout));
389 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
391 struct l2cap_conn *conn = chan->conn;
394 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
397 l2cap_chan_lock(chan);
399 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
401 else if (chan->state == BT_CONNECT &&
402 chan->sec_level != BT_SECURITY_SDP)
407 l2cap_chan_close(chan, reason);
409 l2cap_chan_unlock(chan);
411 chan->ops->close(chan);
414 l2cap_chan_put(chan);
419 struct l2cap_chan *chan;
421 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
422 if (!chan)
425 mutex_init(&chan->lock);
428 list_add(&chan->global_l, &chan_list);
431 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
433 chan->state = BT_OPEN;
435 kref_init(&chan->kref);
438 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
440 BT_DBG("chan %p", chan);
442 return chan;
448 struct l2cap_chan *chan = container_of(kref, struct l2cap_chan, kref);
450 BT_DBG("chan %p", chan);
453 list_del(&chan->global_l);
456 kfree(chan);
461 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->kref.refcount));
468 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->kref.refcount));
474 void l2cap_chan_set_defaults(struct l2cap_chan *chan)
476 chan->fcs = L2CAP_FCS_CRC16;
477 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
478 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
479 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
480 chan->remote_max_tx = chan->max_tx;
481 chan->remote_tx_win = chan->tx_win;
482 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW;
483 chan->sec_level = BT_SECURITY_LOW;
484 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
485 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
486 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
487 chan->conf_state = 0;
489 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
493 static void l2cap_le_flowctl_init(struct l2cap_chan *chan)
495 chan->sdu = NULL;
496 chan->sdu_last_frag = NULL;
497 chan->sdu_len = 0;
498 chan->tx_credits = 0;
499 chan->rx_credits = le_max_credits;
500 chan->mps = min_t(u16, chan->imtu, le_default_mps);
502 skb_queue_head_init(&chan->tx_q);
505 void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
508 __le16_to_cpu(chan->psm), chan->dcid);
512 chan->conn = conn;
514 switch (chan->chan_type) {
517 chan->scid = l2cap_alloc_cid(conn);
519 chan->omtu = L2CAP_DEFAULT_MTU;
524 chan->scid = L2CAP_CID_CONN_LESS;
525 chan->dcid = L2CAP_CID_CONN_LESS;
526 chan->omtu = L2CAP_DEFAULT_MTU;
535 chan->scid = L2CAP_CID_SIGNALING;
536 chan->dcid = L2CAP_CID_SIGNALING;
537 chan->omtu = L2CAP_DEFAULT_MTU;
540 chan->local_id = L2CAP_BESTEFFORT_ID;
541 chan->local_stype = L2CAP_SERV_BESTEFFORT;
542 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
543 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
544 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
545 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
547 l2cap_chan_hold(chan);
550 if (chan->chan_type != L2CAP_CHAN_FIXED ||
551 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
554 list_add(&chan->list, &conn->chan_l);
557 void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
560 __l2cap_chan_add(conn, chan);
564 void l2cap_chan_del(struct l2cap_chan *chan, int err)
566 struct l2cap_conn *conn = chan->conn;
568 __clear_chan_timer(chan);
570 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
572 chan->ops->teardown(chan, err);
577 list_del(&chan->list);
579 l2cap_chan_put(chan);
581 chan->conn = NULL;
587 if (chan->chan_type != L2CAP_CHAN_FIXED ||
588 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
591 if (mgr && mgr->bredr_chan == chan)
595 if (chan->hs_hchan) {
596 struct hci_chan *hs_hchan = chan->hs_hchan;
598 BT_DBG("chan %p disconnect hs_hchan %p", chan, hs_hchan);
602 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
605 switch(chan->mode) {
610 skb_queue_purge(&chan->tx_q);
614 __clear_retrans_timer(chan);
615 __clear_monitor_timer(chan);
616 __clear_ack_timer(chan);
618 skb_queue_purge(&chan->srej_q);
620 l2cap_seq_list_free(&chan->srej_list);
621 l2cap_seq_list_free(&chan->retrans_list);
626 skb_queue_purge(&chan->tx_q);
639 struct l2cap_chan *chan;
643 list_for_each_entry(chan, &conn->chan_l, list) {
644 l2cap_chan_lock(chan);
645 bacpy(&chan->dst, &hcon->dst);
646 chan->dst_type = bdaddr_type(hcon, hcon->dst_type);
647 l2cap_chan_unlock(chan);
653 static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan)
655 struct l2cap_conn *conn = chan->conn;
659 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
664 l2cap_state_change(chan, BT_DISCONN);
666 rsp.dcid = cpu_to_le16(chan->scid);
667 rsp.mtu = cpu_to_le16(chan->imtu);
668 rsp.mps = cpu_to_le16(chan->mps);
669 rsp.credits = cpu_to_le16(chan->rx_credits);
672 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
676 static void l2cap_chan_connect_reject(struct l2cap_chan *chan)
678 struct l2cap_conn *conn = chan->conn;
682 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
687 l2cap_state_change(chan, BT_DISCONN);
689 rsp.scid = cpu_to_le16(chan->dcid);
690 rsp.dcid = cpu_to_le16(chan->scid);
694 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
697 void l2cap_chan_close(struct l2cap_chan *chan, int reason)
699 struct l2cap_conn *conn = chan->conn;
701 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
703 switch (chan->state) {
705 chan->ops->teardown(chan, 0);
710 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
711 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
712 l2cap_send_disconn_req(chan, reason);
714 l2cap_chan_del(chan, reason);
718 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
720 l2cap_chan_connect_reject(chan);
722 l2cap_chan_le_connect_reject(chan);
725 l2cap_chan_del(chan, reason);
730 l2cap_chan_del(chan, reason);
734 chan->ops->teardown(chan, 0);
740 static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
742 switch (chan->chan_type) {
744 switch (chan->sec_level) {
755 if (chan->psm == cpu_to_le16(L2CAP_PSM_3DSP)) {
756 if (chan->sec_level == BT_SECURITY_LOW)
757 chan->sec_level = BT_SECURITY_SDP;
759 if (chan->sec_level == BT_SECURITY_HIGH ||
760 chan->sec_level == BT_SECURITY_FIPS)
766 if (chan->psm == cpu_to_le16(L2CAP_PSM_SDP)) {
767 if (chan->sec_level == BT_SECURITY_LOW)
768 chan->sec_level = BT_SECURITY_SDP;
770 if (chan->sec_level == BT_SECURITY_HIGH ||
771 chan->sec_level == BT_SECURITY_FIPS)
778 switch (chan->sec_level) {
792 int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator)
794 struct l2cap_conn *conn = chan->conn;
798 return smp_conn_security(conn->hcon, chan->sec_level);
800 auth_type = l2cap_get_auth_type(chan);
802 return hci_conn_security(conn->hcon, chan->sec_level, auth_type,
850 static bool __chan_is_moving(struct l2cap_chan *chan)
852 return chan->move_state != L2CAP_MOVE_STABLE &&
853 chan->move_state != L2CAP_MOVE_WAIT_PREPARE;
856 static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
858 struct hci_conn *hcon = chan->conn->hcon;
861 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
864 if (chan->hs_hcon && !__chan_is_moving(chan)) {
865 if (chan->hs_hchan)
866 hci_send_acl(chan->hs_hchan, skb, ACL_COMPLETE);
873 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
879 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 hci_send_acl(chan->conn->hchan, skb, flags);
931 static inline void __unpack_control(struct l2cap_chan *chan,
934 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
983 static inline void __pack_control(struct l2cap_chan *chan,
987 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
996 static inline unsigned int __ertm_hdr_size(struct l2cap_chan *chan)
998 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1004 static struct sk_buff *l2cap_create_sframe_pdu(struct l2cap_chan *chan,
1009 int hlen = __ertm_hdr_size(chan);
1011 if (chan->fcs == L2CAP_FCS_CRC16)
1021 lh->cid = cpu_to_le16(chan->dcid);
1023 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1028 if (chan->fcs == L2CAP_FCS_CRC16) {
1037 static void l2cap_send_sframe(struct l2cap_chan *chan,
1043 BT_DBG("chan %p, control %p", chan, control);
1048 if (__chan_is_moving(chan))
1051 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
1056 clear_bit(CONN_RNR_SENT, &chan->conn_state);
1058 set_bit(CONN_RNR_SENT, &chan->conn_state);
1061 chan->last_acked_seq = control->reqseq;
1062 __clear_ack_timer(chan);
1068 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1073 skb = l2cap_create_sframe_pdu(chan, control_field);
1075 l2cap_do_send(chan, skb);
1078 static void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, bool poll)
1082 BT_DBG("chan %p, poll %d", chan, poll);
1088 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1093 control.reqseq = chan->buffer_seq;
1094 l2cap_send_sframe(chan, &control);
1097 static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
1099 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
1102 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
1105 static bool __amp_capable(struct l2cap_chan *chan)
1107 struct l2cap_conn *conn = chan->conn;
1127 if (chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED)
1133 static bool l2cap_check_efs(struct l2cap_chan *chan)
1139 void l2cap_send_conn_req(struct l2cap_chan *chan)
1141 struct l2cap_conn *conn = chan->conn;
1144 req.scid = cpu_to_le16(chan->scid);
1145 req.psm = chan->psm;
1147 chan->ident = l2cap_get_ident(conn);
1149 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1151 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
1154 static void l2cap_send_create_chan_req(struct l2cap_chan *chan, u8 amp_id)
1157 req.scid = cpu_to_le16(chan->scid);
1158 req.psm = chan->psm;
1161 chan->ident = l2cap_get_ident(chan->conn);
1163 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_REQ,
1167 static void l2cap_move_setup(struct l2cap_chan *chan)
1171 BT_DBG("chan %p", chan);
1173 if (chan->mode != L2CAP_MODE_ERTM)
1176 __clear_retrans_timer(chan);
1177 __clear_monitor_timer(chan);
1178 __clear_ack_timer(chan);
1180 chan->retry_count = 0;
1181 skb_queue_walk(&chan->tx_q, skb) {
1188 chan->expected_tx_seq = chan->buffer_seq;
1190 clear_bit(CONN_REJ_ACT, &chan->conn_state);
1191 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
1192 l2cap_seq_list_clear(&chan->retrans_list);
1193 l2cap_seq_list_clear(&chan->srej_list);
1194 skb_queue_purge(&chan->srej_q);
1196 chan->tx_state = L2CAP_TX_STATE_XMIT;
1197 chan->rx_state = L2CAP_RX_STATE_MOVE;
1199 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
1202 static void l2cap_move_done(struct l2cap_chan *chan)
1204 u8 move_role = chan->move_role;
1205 BT_DBG("chan %p", chan);
1207 chan->move_state = L2CAP_MOVE_STABLE;
1208 chan->move_role = L2CAP_MOVE_ROLE_NONE;
1210 if (chan->mode != L2CAP_MODE_ERTM)
1215 l2cap_tx(chan, NULL, NULL, L2CAP_EV_EXPLICIT_POLL);
1216 chan->rx_state = L2CAP_RX_STATE_WAIT_F;
1219 chan->rx_state = L2CAP_RX_STATE_WAIT_P;
1224 static void l2cap_chan_ready(struct l2cap_chan *chan)
1227 chan->conf_state = 0;
1228 __clear_chan_timer(chan);
1230 if (chan->mode == L2CAP_MODE_LE_FLOWCTL && !chan->tx_credits)
1231 chan->ops->suspend(chan);
1233 chan->state = BT_CONNECTED;
1235 chan->ops->ready(chan);
1238 static void l2cap_le_connect(struct l2cap_chan *chan)
1240 struct l2cap_conn *conn = chan->conn;
1243 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags))
1246 req.psm = chan->psm;
1247 req.scid = cpu_to_le16(chan->scid);
1248 req.mtu = cpu_to_le16(chan->imtu);
1249 req.mps = cpu_to_le16(chan->mps);
1250 req.credits = cpu_to_le16(chan->rx_credits);
1252 chan->ident = l2cap_get_ident(conn);
1254 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ,
1258 static void l2cap_le_start(struct l2cap_chan *chan)
1260 struct l2cap_conn *conn = chan->conn;
1262 if (!smp_conn_security(conn->hcon, chan->sec_level))
1265 if (!chan->psm) {
1266 l2cap_chan_ready(chan);
1270 if (chan->state == BT_CONNECT)
1271 l2cap_le_connect(chan);
1274 static void l2cap_start_connection(struct l2cap_chan *chan)
1276 if (__amp_capable(chan)) {
1277 BT_DBG("chan %p AMP capable: discover AMPs", chan);
1278 a2mp_discover_amp(chan);
1279 } else if (chan->conn->hcon->type == LE_LINK) {
1280 l2cap_le_start(chan);
1282 l2cap_send_conn_req(chan);
1304 static void l2cap_do_start(struct l2cap_chan *chan)
1306 struct l2cap_conn *conn = chan->conn;
1309 l2cap_le_start(chan);
1321 if (l2cap_chan_check_security(chan, true) &&
1322 __l2cap_no_conn_pending(chan))
1323 l2cap_start_connection(chan);
1342 static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err)
1344 struct l2cap_conn *conn = chan->conn;
1350 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) {
1351 __clear_retrans_timer(chan);
1352 __clear_monitor_timer(chan);
1353 __clear_ack_timer(chan);
1356 if (chan->scid == L2CAP_CID_A2MP) {
1357 l2cap_state_change(chan, BT_DISCONN);
1361 req.dcid = cpu_to_le16(chan->dcid);
1362 req.scid = cpu_to_le16(chan->scid);
1366 l2cap_state_change_and_error(chan, BT_DISCONN, err);
1372 struct l2cap_chan *chan, *tmp;
1378 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
1379 l2cap_chan_lock(chan);
1381 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1382 l2cap_chan_ready(chan);
1383 l2cap_chan_unlock(chan);
1387 if (chan->state == BT_CONNECT) {
1388 if (!l2cap_chan_check_security(chan, true) ||
1389 !__l2cap_no_conn_pending(chan)) {
1390 l2cap_chan_unlock(chan);
1394 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1396 &chan->conf_state)) {
1397 l2cap_chan_close(chan, ECONNRESET);
1398 l2cap_chan_unlock(chan);
1402 l2cap_start_connection(chan);
1404 } else if (chan->state == BT_CONNECT2) {
1407 rsp.scid = cpu_to_le16(chan->dcid);
1408 rsp.dcid = cpu_to_le16(chan->scid);
1410 if (l2cap_chan_check_security(chan, false)) {
1411 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
1414 chan->ops->defer(chan);
1417 l2cap_state_change(chan, BT_CONFIG);
1426 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1429 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
1431 l2cap_chan_unlock(chan);
1435 set_bit(CONF_REQ_SENT, &chan->conf_state);
1437 l2cap_build_conf_req(chan, buf), buf);
1438 chan->num_conf_req++;
1441 l2cap_chan_unlock(chan);
1482 struct l2cap_chan *chan;
1492 list_for_each_entry(chan, &conn->chan_l, list) {
1494 l2cap_chan_lock(chan);
1496 if (chan->scid == L2CAP_CID_A2MP) {
1497 l2cap_chan_unlock(chan);
1502 l2cap_le_start(chan);
1503 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1505 l2cap_chan_ready(chan);
1506 } else if (chan->state == BT_CONNECT) {
1507 l2cap_do_start(chan);
1510 l2cap_chan_unlock(chan);
1524 struct l2cap_chan *chan;
1530 list_for_each_entry(chan, &conn->chan_l, list) {
1531 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1532 l2cap_chan_set_err(chan, err);
1635 struct l2cap_chan *chan, *l;
1664 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
1665 l2cap_chan_hold(chan);
1666 l2cap_chan_lock(chan);
1668 l2cap_chan_del(chan, err);
1670 l2cap_chan_unlock(chan);
1672 chan->ops->close(chan);
1673 l2cap_chan_put(chan);
1765 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1768 BT_DBG("chan %p", chan);
1770 l2cap_chan_lock(chan);
1772 if (!chan->conn) {
1773 l2cap_chan_unlock(chan);
1774 l2cap_chan_put(chan);
1778 l2cap_tx(chan, NULL, NULL, L2CAP_EV_MONITOR_TO);
1780 l2cap_chan_unlock(chan);
1781 l2cap_chan_put(chan);
1786 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1789 BT_DBG("chan %p", chan);
1791 l2cap_chan_lock(chan);
1793 if (!chan->conn) {
1794 l2cap_chan_unlock(chan);
1795 l2cap_chan_put(chan);
1799 l2cap_tx(chan, NULL, NULL, L2CAP_EV_RETRANS_TO);
1800 l2cap_chan_unlock(chan);
1801 l2cap_chan_put(chan);
1804 static void l2cap_streaming_send(struct l2cap_chan *chan,
1810 BT_DBG("chan %p, skbs %p", chan, skbs);
1812 if (__chan_is_moving(chan))
1815 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1817 while (!skb_queue_empty(&chan->tx_q)) {
1819 skb = skb_dequeue(&chan->tx_q);
1825 control->txseq = chan->next_tx_seq;
1827 __pack_control(chan, control, skb);
1829 if (chan->fcs == L2CAP_FCS_CRC16) {
1834 l2cap_do_send(chan, skb);
1838 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1839 chan->frames_sent++;
1843 static int l2cap_ertm_send(struct l2cap_chan *chan)
1849 BT_DBG("chan %p", chan);
1851 if (chan->state != BT_CONNECTED)
1854 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1857 if (__chan_is_moving(chan))
1860 while (chan->tx_send_head &&
1861 chan->unacked_frames < chan->remote_tx_win &&
1862 chan->tx_state == L2CAP_TX_STATE_XMIT) {
1864 skb = chan->tx_send_head;
1869 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1872 control->reqseq = chan->buffer_seq;
1873 chan->last_acked_seq = chan->buffer_seq;
1874 control->txseq = chan->next_tx_seq;
1876 __pack_control(chan, control, skb);
1878 if (chan->fcs == L2CAP_FCS_CRC16) {
1891 __set_retrans_timer(chan);
1893 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1894 chan->unacked_frames++;
1895 chan->frames_sent++;
1898 if (skb_queue_is_last(&chan->tx_q, skb))
1899 chan->tx_send_head = NULL;
1901 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1903 l2cap_do_send(chan, tx_skb);
1908 chan->unacked_frames, skb_queue_len(&chan->tx_q));
1913 static void l2cap_ertm_resend(struct l2cap_chan *chan)
1920 BT_DBG("chan %p", chan);
1922 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1925 if (__chan_is_moving(chan))
1928 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) {
1929 seq = l2cap_seq_list_pop(&chan->retrans_list);
1931 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1941 if (chan->max_tx != 0 &&
1942 bt_cb(skb)->control.retries > chan->max_tx) {
1943 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
1944 l2cap_send_disconn_req(chan, ECONNRESET);
1945 l2cap_seq_list_clear(&chan->retrans_list);
1949 control.reqseq = chan->buffer_seq;
1950 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1965 l2cap_seq_list_clear(&chan->retrans_list);
1970 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1979 if (chan->fcs == L2CAP_FCS_CRC16) {
1986 l2cap_do_send(chan, tx_skb);
1990 chan->last_acked_seq = chan->buffer_seq;
1994 static void l2cap_retransmit(struct l2cap_chan *chan,
1997 BT_DBG("chan %p, control %p", chan, control);
1999 l2cap_seq_list_append(&chan->retrans_list, control->reqseq);
2000 l2cap_ertm_resend(chan);
2003 static void l2cap_retransmit_all(struct l2cap_chan *chan,
2008 BT_DBG("chan %p, control %p", chan, control);
2011 set_bit(CONN_SEND_FBIT, &chan->conn_state);
2013 l2cap_seq_list_clear(&chan->retrans_list);
2015 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
2018 if (chan->unacked_frames) {
2019 skb_queue_walk(&chan->tx_q, skb) {
2021 skb == chan->tx_send_head)
2025 skb_queue_walk_from(&chan->tx_q, skb) {
2026 if (skb == chan->tx_send_head)
2029 l2cap_seq_list_append(&chan->retrans_list,
2033 l2cap_ertm_resend(chan);
2037 static void l2cap_send_ack(struct l2cap_chan *chan)
2040 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
2041 chan->last_acked_seq);
2044 BT_DBG("chan %p last_acked_seq %d buffer_seq %d",
2045 chan, chan->last_acked_seq, chan->buffer_seq);
2050 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
2051 chan->rx_state == L2CAP_RX_STATE_RECV) {
2052 __clear_ack_timer(chan);
2054 control.reqseq = chan->buffer_seq;
2055 l2cap_send_sframe(chan, &control);
2057 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) {
2058 l2cap_ertm_send(chan);
2060 if (chan->buffer_seq == chan->last_acked_seq)
2067 threshold = chan->ack_win;
2075 __clear_ack_timer(chan);
2077 control.reqseq = chan->buffer_seq;
2078 l2cap_send_sframe(chan, &control);
2083 __set_ack_timer(chan);
2087 static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
2091 struct l2cap_conn *conn = chan->conn;
2095 if (chan->ops->memcpy_fromiovec(chan, skb_put(skb, count),
2109 tmp = chan->ops->alloc_skb(chan, 0, count,
2116 if (chan->ops->memcpy_fromiovec(chan, skb_put(*frag, count),
2132 static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
2135 struct l2cap_conn *conn = chan->conn;
2140 BT_DBG("chan %p psm 0x%2.2x len %zu", chan,
2141 __le16_to_cpu(chan->psm), len);
2145 skb = chan->ops->alloc_skb(chan, hlen, count,
2152 lh->cid = cpu_to_le16(chan->dcid);
2154 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE));
2156 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2164 static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
2167 struct l2cap_conn *conn = chan->conn;
2172 BT_DBG("chan %p len %zu", chan, len);
2176 skb = chan->ops->alloc_skb(chan, L2CAP_HDR_SIZE, count,
2183 lh->cid = cpu_to_le16(chan->dcid);
2186 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2194 static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
2198 struct l2cap_conn *conn = chan->conn;
2203 BT_DBG("chan %p len %zu", chan, len);
2208 hlen = __ertm_hdr_size(chan);
2213 if (chan->fcs == L2CAP_FCS_CRC16)
2218 skb = chan->ops->alloc_skb(chan, hlen, count,
2225 lh->cid = cpu_to_le16(chan->dcid);
2229 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2237 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2243 bt_cb(skb)->control.fcs = chan->fcs;
2248 static int l2cap_segment_sdu(struct l2cap_chan *chan,
2257 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2265 pdu_len = chan->conn->mtu;
2268 if (!chan->hs_hcon)
2272 if (chan->fcs)
2275 pdu_len -= __ertm_hdr_size(chan);
2278 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2290 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
2315 static struct sk_buff *l2cap_create_le_flowctl_pdu(struct l2cap_chan *chan,
2319 struct l2cap_conn *conn = chan->conn;
2324 BT_DBG("chan %p len %zu", chan, len);
2336 skb = chan->ops->alloc_skb(chan, hlen, count,
2343 lh->cid = cpu_to_le16(chan->dcid);
2349 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2358 static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
2366 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2369 pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
2375 skb = l2cap_create_le_flowctl_pdu(chan, msg, pdu_len, sdu_len);
2394 int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
2400 if (!chan->conn)
2404 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
2405 skb = l2cap_create_connless_pdu(chan, msg, len);
2412 if (chan->state != BT_CONNECTED) {
2417 l2cap_do_send(chan, skb);
2421 switch (chan->mode) {
2424 if (len > chan->omtu)
2427 if (!chan->tx_credits)
2432 err = l2cap_segment_le_sdu(chan, &seg_queue, msg, len);
2434 if (chan->state != BT_CONNECTED) {
2442 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q);
2444 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
2445 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
2446 chan->tx_credits--;
2449 if (!chan->tx_credits)
2450 chan->ops->suspend(chan);
2458 if (len > chan->omtu)
2462 skb = l2cap_create_basic_pdu(chan, msg, len);
2469 if (chan->state != BT_CONNECTED) {
2474 l2cap_do_send(chan, skb);
2481 if (len > chan->omtu) {
2492 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
2497 if (chan->state != BT_CONNECTED) {
2505 if (chan->mode == L2CAP_MODE_ERTM)
2506 l2cap_tx(chan, NULL, &seg_queue, L2CAP_EV_DATA_REQUEST);
2508 l2cap_streaming_send(chan, &seg_queue);
2519 BT_DBG("bad state %1.1x", chan->mode);
2527 static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2532 BT_DBG("chan %p, txseq %u", chan, txseq);
2538 for (seq = chan->expected_tx_seq; seq != txseq;
2539 seq = __next_seq(chan, seq)) {
2540 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) {
2542 l2cap_send_sframe(chan, &control);
2543 l2cap_seq_list_append(&chan->srej_list, seq);
2547 chan->expected_tx_seq = __next_seq(chan, txseq);
2550 static void l2cap_send_srej_tail(struct l2cap_chan *chan)
2554 BT_DBG("chan %p", chan);
2556 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR)
2562 control.reqseq = chan->srej_list.tail;
2563 l2cap_send_sframe(chan, &control);
2566 static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2572 BT_DBG("chan %p, txseq %u", chan, txseq);
2579 initial_head = chan->srej_list.head;
2582 seq = l2cap_seq_list_pop(&chan->srej_list);
2587 l2cap_send_sframe(chan, &control);
2588 l2cap_seq_list_append(&chan->srej_list, seq);
2589 } while (chan->srej_list.head != initial_head);
2592 static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2597 BT_DBG("chan %p, reqseq %u", chan, reqseq);
2599 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2603 chan->expected_ack_seq, chan->unacked_frames);
2605 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2606 ackseq = __next_seq(chan, ackseq)) {
2608 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2610 skb_unlink(acked_skb, &chan->tx_q);
2612 chan->unacked_frames--;
2616 chan->expected_ack_seq = reqseq;
2618 if (chan->unacked_frames == 0)
2619 __clear_retrans_timer(chan);
2621 BT_DBG("unacked_frames %u", chan->unacked_frames);
2624 static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2626 BT_DBG("chan %p", chan);
2628 chan->expected_tx_seq = chan->buffer_seq;
2629 l2cap_seq_list_clear(&chan->srej_list);
2630 skb_queue_purge(&chan->srej_q);
2631 chan->rx_state = L2CAP_RX_STATE_RECV;
2634 static void l2cap_tx_state_xmit(struct l2cap_chan *chan,
2638 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2643 if (chan->tx_send_head == NULL)
2644 chan->tx_send_head = skb_peek(skbs);
2646 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2647 l2cap_ertm_send(chan);
2651 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2653 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2657 l2cap_abort_rx_srej_sent(chan);
2660 l2cap_send_ack(chan);
2665 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2667 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2674 local_control.reqseq = chan->buffer_seq;
2675 l2cap_send_sframe(chan, &local_control);
2677 chan->retry_count = 1;
2678 __set_monitor_timer(chan);
2679 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2683 l2cap_process_reqseq(chan, control->reqseq);
2686 l2cap_send_rr_or_rnr(chan, 1);
2687 chan->retry_count = 1;
2688 __set_monitor_timer(chan);
2689 __clear_ack_timer(chan);
2690 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2693 l2cap_send_rr_or_rnr(chan, 1);
2694 chan->retry_count = 1;
2695 __set_monitor_timer(chan);
2696 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2706 static void l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2710 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2715 if (chan->tx_send_head == NULL)
2716 chan->tx_send_head = skb_peek(skbs);
2718 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2722 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2724 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2728 l2cap_abort_rx_srej_sent(chan);
2731 l2cap_send_ack(chan);
2736 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2738 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2744 local_control.reqseq = chan->buffer_seq;
2745 l2cap_send_sframe(chan, &local_control);
2747 chan->retry_count = 1;
2748 __set_monitor_timer(chan);
2749 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2753 l2cap_process_reqseq(chan, control->reqseq);
2759 __clear_monitor_timer(chan);
2760 if (chan->unacked_frames > 0)
2761 __set_retrans_timer(chan);
2762 chan->retry_count = 0;
2763 chan->tx_state = L2CAP_TX_STATE_XMIT;
2764 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2771 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2772 l2cap_send_rr_or_rnr(chan, 1);
2773 __set_monitor_timer(chan);
2774 chan->retry_count++;
2776 l2cap_send_disconn_req(chan, ECONNABORTED);
2784 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2787 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2788 chan, control, skbs, event, chan->tx_state);
2790 switch (chan->tx_state) {
2792 l2cap_tx_state_xmit(chan, control, skbs, event);
2795 l2cap_tx_state_wait_f(chan, control, skbs, event);
2803 static void l2cap_pass_to_tx(struct l2cap_chan *chan,
2806 BT_DBG("chan %p, control %p", chan, control);
2807 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_REQSEQ_AND_FBIT);
2810 static void l2cap_pass_to_tx_fbit(struct l2cap_chan *chan,
2813 BT_DBG("chan %p, control %p", chan, control);
2814 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_FBIT);
2821 struct l2cap_chan *chan;
2827 list_for_each_entry(chan, &conn->chan_l, list) {
2828 if (chan->chan_type != L2CAP_CHAN_RAW)
2832 if (bt_cb(skb)->chan == chan)
2838 if (chan->ops->recv(chan, nskb))
2976 static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2980 switch (chan->mode) {
2982 efs.id = chan->local_id;
2983 efs.stype = chan->local_stype;
2984 efs.msdu = cpu_to_le16(chan->local_msdu);
2985 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2993 efs.msdu = cpu_to_le16(chan->local_msdu);
2994 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
3009 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
3013 BT_DBG("chan %p", chan);
3015 l2cap_chan_lock(chan);
3017 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
3018 chan->last_acked_seq);
3021 l2cap_send_rr_or_rnr(chan, 0);
3023 l2cap_chan_unlock(chan);
3024 l2cap_chan_put(chan);
3027 int l2cap_ertm_init(struct l2cap_chan *chan)
3031 chan->next_tx_seq = 0;
3032 chan->expected_tx_seq = 0;
3033 chan->expected_ack_seq = 0;
3034 chan->unacked_frames = 0;
3035 chan->buffer_seq = 0;
3036 chan->frames_sent = 0;
3037 chan->last_acked_seq = 0;
3038 chan->sdu = NULL;
3039 chan->sdu_last_frag = NULL;
3040 chan->sdu_len = 0;
3042 skb_queue_head_init(&chan->tx_q);
3044 chan->local_amp_id = AMP_ID_BREDR;
3045 chan->move_id = AMP_ID_BREDR;
3046 chan->move_state = L2CAP_MOVE_STABLE;
3047 chan->move_role = L2CAP_MOVE_ROLE_NONE;
3049 if (chan->mode != L2CAP_MODE_ERTM)
3052 chan->rx_state = L2CAP_RX_STATE_RECV;
3053 chan->tx_state = L2CAP_TX_STATE_XMIT;
3055 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
3056 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
3057 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
3059 skb_queue_head_init(&chan->srej_q);
3061 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
3065 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
3067 l2cap_seq_list_free(&chan->srej_list);
3095 static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
3098 if (chan->local_amp_id != AMP_ID_BREDR && chan->hs_hcon) {
3099 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to;
3133 static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
3135 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
3136 __l2cap_ews_supported(chan->conn)) {
3138 set_bit(FLAG_EXT_CTRL, &chan->flags);
3139 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
3141 chan->tx_win = min_t(u16, chan->tx_win,
3143 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
3145 chan->ack_win = chan->tx_win;
3148 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
3151 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
3155 BT_DBG("chan %p", chan);
3157 if (chan->num_conf_req || chan->num_conf_rsp)
3160 switch (chan->mode) {
3163 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
3166 if (__l2cap_efs_supported(chan->conn))
3167 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3171 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
3176 if (chan->imtu != L2CAP_DEFAULT_MTU)
3177 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
3179 switch (chan->mode) {
3184 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
3185 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
3201 rfc.max_transmit = chan->max_tx;
3203 __l2cap_set_ertm_timeouts(chan, &rfc);
3205 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
3210 l2cap_txwin_setup(chan);
3212 rfc.txwin_size = min_t(u16, chan->tx_win,
3218 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3219 l2cap_add_opt_efs(&ptr, chan);
3221 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3223 chan->tx_win);
3225 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3226 if (chan->fcs == L2CAP_FCS_NONE ||
3227 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
3228 chan->fcs = L2CAP_FCS_NONE;
3230 chan->fcs);
3235 l2cap_txwin_setup(chan);
3242 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
3250 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3251 l2cap_add_opt_efs(&ptr, chan);
3253 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3254 if (chan->fcs == L2CAP_FCS_NONE ||
3255 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
3256 chan->fcs = L2CAP_FCS_NONE;
3258 chan->fcs);
3263 req->dcid = cpu_to_le16(chan->dcid);
3269 static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
3273 void *req = chan->conf_req;
3274 int len = chan->conf_len;
3284 BT_DBG("chan %p", chan);
3298 chan->flush_to = val;
3311 set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
3321 if (!chan->conn->hs_enabled)
3324 set_bit(FLAG_EXT_CTRL, &chan->flags);
3325 set_bit(CONF_EWS_RECV, &chan->conf_state);
3326 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
3327 chan->remote_tx_win = val;
3340 if (chan->num_conf_rsp || chan->num_conf_req > 1)
3343 switch (chan->mode) {
3346 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
3347 chan->mode = l2cap_select_mode(rfc.mode,
3348 chan->conn->feat_mask);
3353 if (__l2cap_efs_supported(chan->conn))
3354 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3359 if (chan->mode != rfc.mode)
3366 if (chan->mode != rfc.mode) {
3368 rfc.mode = chan->mode;
3370 if (chan->num_conf_rsp == 1)
3384 chan->omtu = mtu;
3385 set_bit(CONF_MTU_DONE, &chan->conf_state);
3387 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
3390 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3392 efs.stype != chan->local_stype) {
3396 if (chan->num_conf_req >= 1)
3405 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3411 chan->fcs = L2CAP_FCS_NONE;
3412 set_bit(CONF_MODE_DONE, &chan->conf_state);
3416 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
3417 chan->remote_tx_win = rfc.txwin_size;
3421 chan->remote_max_tx = rfc.max_transmit;
3424 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3427 chan->remote_mps = size;
3429 __l2cap_set_ertm_timeouts(chan, &rfc);
3431 set_bit(CONF_MODE_DONE, &chan->conf_state);
3436 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3437 chan->remote_id = efs.id;
3438 chan->remote_stype = efs.stype;
3439 chan->remote_msdu = le16_to_cpu(efs.msdu);
3440 chan->remote_flush_to =
3442 chan->remote_acc_lat =
3444 chan->remote_sdu_itime =
3454 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3457 chan->remote_mps = size;
3459 set_bit(CONF_MODE_DONE, &chan->conf_state);
3470 rfc.mode = chan->mode;
3474 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3476 rsp->scid = cpu_to_le16(chan->dcid);
3483 static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3493 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
3502 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
3504 chan->imtu = val;
3505 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
3509 chan->flush_to = val;
3511 2, chan->flush_to);
3518 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3519 rfc.mode != chan->mode)
3522 chan->fcs = 0;
3529 chan->ack_win = min_t(u16, val, chan->ack_win);
3531 chan->tx_win);
3538 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3540 efs.stype != chan->local_stype)
3551 &chan->conf_state);
3556 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
3559 chan->mode = rfc.mode;
3564 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3565 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3566 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3567 if (!test_bit(FLAG_EXT_CTRL, &chan->flags))
3568 chan->ack_win = min_t(u16, chan->ack_win,
3571 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3572 chan->local_msdu = le16_to_cpu(efs.msdu);
3573 chan->local_sdu_itime =
3575 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3576 chan->local_flush_to =
3582 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3586 req->dcid = cpu_to_le16(chan->dcid);
3592 static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3598 BT_DBG("chan %p", chan);
3600 rsp->scid = cpu_to_le16(chan->dcid);
3607 void __l2cap_le_connect_rsp_defer(struct l2cap_chan *chan)
3610 struct l2cap_conn *conn = chan->conn;
3612 BT_DBG("chan %p", chan);
3614 rsp.dcid = cpu_to_le16(chan->scid);
3615 rsp.mtu = cpu_to_le16(chan->imtu);
3616 rsp.mps = cpu_to_le16(chan->mps);
3617 rsp.credits = cpu_to_le16(chan->rx_credits);
3620 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
3624 void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3627 struct l2cap_conn *conn = chan->conn;
3631 rsp.scid = cpu_to_le16(chan->dcid);
3632 rsp.dcid = cpu_to_le16(chan->scid);
3636 if (chan->hs_hcon)
3641 BT_DBG("chan %p rsp_code %u", chan, rsp_code);
3643 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp);
3645 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3649 l2cap_build_conf_req(chan, buf), buf);
3650 chan->num_conf_req++;
3653 static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3660 u16 txwin_ext = chan->ack_win;
3662 .mode = chan->mode,
3665 .max_pdu_size = cpu_to_le16(chan->imtu),
3666 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW),
3669 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
3671 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
3690 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3691 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3692 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3693 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3694 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext);
3696 chan->ack_win = min_t(u16, chan->ack_win,
3700 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3735 struct l2cap_chan *chan = NULL, *pchan;
3768 chan = pchan->ops->new_connection(pchan);
3769 if (!chan)
3779 bacpy(&chan->src, &conn->hcon->src);
3780 bacpy(&chan->dst, &conn->hcon->dst);
3781 chan->src_type = bdaddr_type(conn->hcon, conn->hcon->src_type);
3782 chan->dst_type = bdaddr_type(conn->hcon, conn->hcon->dst_type);
3783 chan->psm = psm;
3784 chan->dcid = scid;
3785 chan->local_amp_id = amp_id;
3787 __l2cap_chan_add(conn, chan);
3789 dcid = chan->scid;
3791 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
3793 chan->ident = cmd->ident;
3796 if (l2cap_chan_check_security(chan, false)) {
3797 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
3798 l2cap_state_change(chan, BT_CONNECT2);
3801 chan->ops->defer(chan);
3808 l2cap_state_change(chan, BT_CONFIG);
3811 l2cap_state_change(chan, BT_CONNECT2);
3817 l2cap_state_change(chan, BT_CONNECT2);
3822 l2cap_state_change(chan, BT_CONNECT2);
3852 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
3855 set_bit(CONF_REQ_SENT, &chan->conf_state);
3857 l2cap_build_conf_req(chan, buf), buf);
3858 chan->num_conf_req++;
3861 return chan;
3891 struct l2cap_chan *chan;
3909 chan = __l2cap_get_chan_by_scid(conn, scid);
3910 if (!chan) {
3915 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3916 if (!chan) {
3924 l2cap_chan_lock(chan);
3928 l2cap_state_change(chan, BT_CONFIG);
3929 chan->ident = 0;
3930 chan->dcid = dcid;
3931 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
3933 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3937 l2cap_build_conf_req(chan, req), req);
3938 chan->num_conf_req++;
3942 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
3946 l2cap_chan_del(chan, ECONNREFUSED);
3950 l2cap_chan_unlock(chan);
3958 static inline void set_default_fcs(struct l2cap_chan *chan)
3963 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
3964 chan->fcs = L2CAP_FCS_NONE;
3965 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state))
3966 chan->fcs = L2CAP_FCS_CRC16;
3969 static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
3972 struct l2cap_conn *conn = chan->conn;
3974 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
3977 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3978 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3981 l2cap_build_conf_rsp(chan, data,
4004 struct l2cap_chan *chan;
4015 chan = l2cap_get_chan_by_scid(conn, dcid);
4016 if (!chan) {
4021 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
4022 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid,
4023 chan->dcid);
4029 if (chan->conf_len + len > sizeof(chan->conf_req)) {
4031 l2cap_build_conf_rsp(chan, rsp,
4037 memcpy(chan->conf_req + chan->conf_len, req->data, len);
4038 chan->conf_len += len;
4043 l2cap_build_conf_rsp(chan, rsp,
4049 len = l2cap_parse_conf_req(chan, rsp);
4051 l2cap_send_disconn_req(chan, ECONNRESET);
4055 chan->ident = cmd->ident;
4057 chan->num_conf_rsp++;
4060 chan->conf_len = 0;
4062 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
4065 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
4066 set_default_fcs(chan);
4068 if (chan->mode == L2CAP_MODE_ERTM ||
4069 chan->mode == L2CAP_MODE_STREAMING)
4070 err = l2cap_ertm_init(chan);
4073 l2cap_send_disconn_req(chan, -err);
4075 l2cap_chan_ready(chan);
4080 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
4083 l2cap_build_conf_req(chan, buf), buf);
4084 chan->num_conf_req++;
4089 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
4090 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
4095 if (!chan->hs_hcon)
4096 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
4098 chan->ident = cmd->ident;
4102 l2cap_chan_unlock(chan);
4112 struct l2cap_chan *chan;
4126 chan = l2cap_get_chan_by_scid(conn, scid);
4127 if (!chan)
4132 l2cap_conf_rfc_get(chan, rsp->data, len);
4133 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
4137 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
4139 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
4142 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
4145 l2cap_send_disconn_req(chan, ECONNRESET);
4149 if (!chan->hs_hcon) {
4150 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident,
4153 if (l2cap_check_efs(chan)) {
4154 amp_create_logical_link(chan);
4155 chan->ident = cmd->ident;
4162 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
4166 l2cap_send_disconn_req(chan, ECONNRESET);
4172 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
4175 l2cap_send_disconn_req(chan, ECONNRESET);
4181 chan->num_conf_req++;
4188 l2cap_chan_set_err(chan, ECONNRESET);
4190 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
4191 l2cap_send_disconn_req(chan, ECONNRESET);
4198 set_bit(CONF_INPUT_DONE, &chan->conf_state);
4200 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
4201 set_default_fcs(chan);
4203 if (chan->mode == L2CAP_MODE_ERTM ||
4204 chan->mode == L2CAP_MODE_STREAMING)
4205 err = l2cap_ertm_init(chan);
4208 l2cap_send_disconn_req(chan, -err);
4210 l2cap_chan_ready(chan);
4214 l2cap_chan_unlock(chan);
4225 struct l2cap_chan *chan;
4237 chan = __l2cap_get_chan_by_scid(conn, dcid);
4238 if (!chan) {
4244 l2cap_chan_lock(chan);
4246 rsp.dcid = cpu_to_le16(chan->scid);
4247 rsp.scid = cpu_to_le16(chan->dcid);
4250 chan->ops->set_shutdown(chan);
4252 l2cap_chan_hold(chan);
4253 l2cap_chan_del(chan, ECONNRESET);
4255 l2cap_chan_unlock(chan);
4257 chan->ops->close(chan);
4258 l2cap_chan_put(chan);
4271 struct l2cap_chan *chan;
4283 chan = __l2cap_get_chan_by_scid(conn, scid);
4284 if (!chan) {
4289 l2cap_chan_lock(chan);
4291 l2cap_chan_hold(chan);
4292 l2cap_chan_del(chan, 0);
4294 l2cap_chan_unlock(chan);
4296 chan->ops->close(chan);
4297 l2cap_chan_put(chan);
4428 struct l2cap_chan *chan;
4460 chan = l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4462 if (chan) {
4470 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid,
4471 chan->dcid);
4475 BT_DBG("mgr %p bredr_chan %p hs_hcon %p", mgr, chan, hs_hcon);
4477 mgr->bredr_chan = chan;
4478 chan->hs_hcon = hs_hcon;
4479 chan->fcs = L2CAP_FCS_NONE;
4499 static void l2cap_send_move_chan_req(struct l2cap_chan *chan, u8 dest_amp_id)
4504 BT_DBG("chan %p, dest_amp_id %d", chan, dest_amp_id);
4506 ident = l2cap_get_ident(chan->conn);
4507 chan->ident = ident;
4509 req.icid = cpu_to_le16(chan->scid);
4512 l2cap_send_cmd(chan->conn, ident, L2CAP_MOVE_CHAN_REQ, sizeof(req),
4515 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4518 static void l2cap_send_move_chan_rsp(struct l2cap_chan *chan, u16 result)
4522 BT_DBG("chan %p, result 0x%4.4x", chan, result);
4524 rsp.icid = cpu_to_le16(chan->dcid);
4527 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_RSP,
4531 static void l2cap_send_move_chan_cfm(struct l2cap_chan *chan, u16 result)
4535 BT_DBG("chan %p, result 0x%4.4x", chan, result);
4537 chan->ident = l2cap_get_ident(chan->conn);
4539 cfm.icid = cpu_to_le16(chan->scid);
4542 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_CFM,
4545 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4572 static void __release_logical_link(struct l2cap_chan *chan)
4574 chan->hs_hchan = NULL;
4575 chan->hs_hcon = NULL;
4580 static void l2cap_logical_fail(struct l2cap_chan *chan)
4583 if (chan->state != BT_CONNECTED) {
4585 l2cap_send_disconn_req(chan, ECONNRESET);
4589 switch (chan->move_role) {
4591 l2cap_move_done(chan);
4592 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_SUPP);
4595 if (chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_COMP ||
4596 chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_CFM) {
4600 l2cap_move_done(chan);
4606 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4611 static void l2cap_logical_finish_create(struct l2cap_chan *chan,
4616 chan->hs_hchan = hchan;
4617 chan->hs_hcon->l2cap_data = chan->conn;
4619 l2cap_send_efs_conf_rsp(chan, &rsp, chan->ident, 0);
4621 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
4624 set_default_fcs(chan);
4626 err = l2cap_ertm_init(chan);
4628 l2cap_send_disconn_req(chan, -err);
4630 l2cap_chan_ready(chan);
4634 static void l2cap_logical_finish_move(struct l2cap_chan *chan,
4637 chan->hs_hcon = hchan->conn;
4638 chan->hs_hcon->l2cap_data = chan->conn;
4640 BT_DBG("move_state %d", chan->move_state);
4642 switch (chan->move_state) {
4647 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4650 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4651 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4652 } else if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
4653 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
4654 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4655 } else if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4656 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4657 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4662 __release_logical_link(chan);
4664 chan->move_state = L2CAP_MOVE_STABLE;
4668 /* Call with chan locked */
4669 void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan,
4672 BT_DBG("chan %p, hchan %p, status %d", chan, hchan, status);
4675 l2cap_logical_fail(chan);
4676 __release_logical_link(chan);
4680 if (chan->state != BT_CONNECTED) {
4682 if (chan->local_amp_id != AMP_ID_BREDR)
4683 l2cap_logical_finish_create(chan, hchan);
4685 l2cap_logical_finish_move(chan, hchan);
4689 void l2cap_move_start(struct l2cap_chan *chan)
4691 BT_DBG("chan %p", chan);
4693 if (chan->local_amp_id == AMP_ID_BREDR) {
4694 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED)
4696 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4697 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4700 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4701 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4702 chan->move_id = 0;
4703 l2cap_move_setup(chan);
4704 l2cap_send_move_chan_req(chan, 0);
4708 static void l2cap_do_create(struct l2cap_chan *chan, int result,
4711 BT_DBG("chan %p state %s %u -> %u", chan, state_to_string(chan->state),
4714 chan->fcs = L2CAP_FCS_NONE;
4717 if (chan->state == BT_CONNECT) {
4719 chan->local_amp_id = local_amp_id;
4720 l2cap_send_create_chan_req(chan, remote_amp_id);
4723 l2cap_send_conn_req(chan);
4730 if (__l2cap_no_conn_pending(chan)) {
4733 rsp.scid = cpu_to_le16(chan->dcid);
4734 rsp.dcid = cpu_to_le16(chan->scid);
4746 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_RSP,
4750 l2cap_state_change(chan, BT_CONFIG);
4751 set_bit(CONF_REQ_SENT, &chan->conf_state);
4752 l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn),
4754 l2cap_build_conf_req(chan, buf), buf);
4755 chan->num_conf_req++;
4760 static void l2cap_do_move_initiate(struct l2cap_chan *chan, u8 local_amp_id,
4763 l2cap_move_setup(chan);
4764 chan->move_id = local_amp_id;
4765 chan->move_state = L2CAP_MOVE_WAIT_RSP;
4767 l2cap_send_move_chan_req(chan, remote_amp_id);
4770 static void l2cap_do_move_respond(struct l2cap_chan *chan, int result)
4779 chan->hs_hcon = hchan->conn;
4780 chan->hs_hcon->l2cap_data = chan->conn;
4781 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4782 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4784 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
4787 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4791 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_ALLOWED);
4795 static void l2cap_do_move_cancel(struct l2cap_chan *chan, int result)
4797 if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4804 l2cap_send_move_chan_rsp(chan, rsp_result);
4807 chan->move_role = L2CAP_MOVE_ROLE_NONE;
4808 chan->move_state = L2CAP_MOVE_STABLE;
4811 l2cap_ertm_send(chan);
4814 /* Invoke with locked chan */
4815 void __l2cap_physical_cfm(struct l2cap_chan *chan, int result)
4817 u8 local_amp_id = chan->local_amp_id;
4818 u8 remote_amp_id = chan->remote_amp_id;
4820 BT_DBG("chan %p, result %d, local_amp_id %d, remote_amp_id %d",
4821 chan, result, local_amp_id, remote_amp_id);
4823 if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) {
4824 l2cap_chan_unlock(chan);
4828 if (chan->state != BT_CONNECTED) {
4829 l2cap_do_create(chan, result, local_amp_id, remote_amp_id);
4831 l2cap_do_move_cancel(chan, result);
4833 switch (chan->move_role) {
4835 l2cap_do_move_initiate(chan, local_amp_id,
4839 l2cap_do_move_respond(chan, result);
4842 l2cap_do_move_cancel(chan, result);
4854 struct l2cap_chan *chan;
4868 chan = l2cap_get_chan_by_dcid(conn, icid);
4869 if (!chan) {
4877 chan->ident = cmd->ident;
4879 if (chan->scid < L2CAP_CID_DYN_START ||
4880 chan->chan_policy == BT_CHANNEL_POLICY_BREDR_ONLY ||
4881 (chan->mode != L2CAP_MODE_ERTM &&
4882 chan->mode != L2CAP_MODE_STREAMING)) {
4887 if (chan->local_amp_id == req->dest_amp_id) {
4910 if ((__chan_is_moving(chan) ||
4911 chan->move_role != L2CAP_MOVE_ROLE_NONE) &&
4917 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
4918 l2cap_move_setup(chan);
4919 chan->move_id = req->dest_amp_id;
4920 icid = chan->dcid;
4924 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4925 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4928 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4932 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4934 /*amp_accept_physical(chan, req->dest_amp_id);*/
4939 l2cap_send_move_chan_rsp(chan, result);
4941 l2cap_chan_unlock(chan);
4948 struct l2cap_chan *chan;
4951 chan = l2cap_get_chan_by_scid(conn, icid);
4952 if (!chan) {
4957 __clear_chan_timer(chan);
4959 __set_chan_timer(chan, L2CAP_MOVE_ERTX_TIMEOUT);
4961 switch (chan->move_state) {
4966 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4972 &chan->conn_state)) {
4973 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4978 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
4979 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4988 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4993 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_COMP;
4999 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5011 chan->hs_hcon = hchan->conn;
5012 chan->hs_hcon->l2cap_data = chan->conn;
5016 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
5021 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
5024 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
5028 chan->move_id = chan->local_amp_id;
5029 l2cap_move_done(chan);
5030 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5033 l2cap_chan_unlock(chan);
5039 struct l2cap_chan *chan;
5041 chan = l2cap_get_chan_by_ident(conn, ident);
5042 if (!chan) {
5048 __clear_chan_timer(chan);
5050 if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
5052 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
5055 chan->move_id = chan->local_amp_id;
5056 l2cap_move_done(chan);
5060 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
5062 l2cap_chan_unlock(chan);
5093 struct l2cap_chan *chan;
5104 chan = l2cap_get_chan_by_dcid(conn, icid);
5105 if (!chan) {
5111 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) {
5113 chan->local_amp_id = chan->move_id;
5114 if (chan->local_amp_id == AMP_ID_BREDR)
5115 __release_logical_link(chan);
5117 chan->move_id = chan->local_amp_id;
5120 l2cap_move_done(chan);
5125 l2cap_chan_unlock(chan);
5135 struct l2cap_chan *chan;
5145 chan = l2cap_get_chan_by_scid(conn, icid);
5146 if (!chan)
5149 __clear_chan_timer(chan);
5151 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) {
5152 chan->local_amp_id = chan->move_id;
5154 if (chan->local_amp_id == AMP_ID_BREDR && chan->hs_hchan)
5155 __release_logical_link(chan);
5157 l2cap_move_done(chan);
5160 l2cap_chan_unlock(chan);
5221 struct l2cap_chan *chan;
5241 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5242 if (!chan) {
5249 l2cap_chan_lock(chan);
5253 chan->ident = 0;
5254 chan->dcid = dcid;
5255 chan->omtu = mtu;
5256 chan->remote_mps = mps;
5257 chan->tx_credits = credits;
5258 l2cap_chan_ready(chan);
5262 l2cap_chan_del(chan, ECONNREFUSED);
5266 l2cap_chan_unlock(chan);
5360 struct l2cap_chan *chan, *pchan;
5386 chan = NULL;
5395 chan = NULL;
5402 chan = NULL;
5406 chan = pchan->ops->new_connection(pchan);
5407 if (!chan) {
5412 l2cap_le_flowctl_init(chan);
5414 bacpy(&chan->src, &conn->hcon->src);
5415 bacpy(&chan->dst, &conn->hcon->dst);
5416 chan->src_type = bdaddr_type(conn->hcon, conn->hcon->src_type);
5417 chan->dst_type = bdaddr_type(conn->hcon, conn->hcon->dst_type);
5418 chan->psm = psm;
5419 chan->dcid = scid;
5420 chan->omtu = mtu;
5421 chan->remote_mps = mps;
5422 chan->tx_credits = __le16_to_cpu(req->credits);
5424 __l2cap_chan_add(conn, chan);
5425 dcid = chan->scid;
5426 credits = chan->rx_credits;
5428 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
5430 chan->ident = cmd->ident;
5432 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
5433 l2cap_state_change(chan, BT_CONNECT2);
5440 chan->ops->defer(chan);
5442 l2cap_chan_ready(chan);
5455 if (chan) {
5456 rsp.mtu = cpu_to_le16(chan->imtu);
5457 rsp.mps = cpu_to_le16(chan->mps);
5477 struct l2cap_chan *chan;
5489 chan = l2cap_get_chan_by_dcid(conn, cid);
5490 if (!chan)
5493 max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits;
5496 l2cap_send_disconn_req(chan, ECONNRESET);
5504 chan->tx_credits += credits;
5506 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
5507 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
5508 chan->tx_credits--;
5511 if (chan->tx_credits)
5512 chan->ops->resume(chan);
5514 l2cap_chan_unlock(chan);
5524 struct l2cap_chan *chan;
5531 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5532 if (!chan)
5535 l2cap_chan_lock(chan);
5536 l2cap_chan_del(chan, ECONNREFUSED);
5537 l2cap_chan_unlock(chan);
5681 static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
5686 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
5691 if (chan->fcs == L2CAP_FCS_CRC16) {
5702 static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
5706 BT_DBG("chan %p", chan);
5711 control.reqseq = chan->buffer_seq;
5712 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5714 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5716 l2cap_send_sframe(chan, &control);
5719 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
5720 chan->unacked_frames > 0)
5721 __set_retrans_timer(chan);
5724 l2cap_ertm_send(chan);
5726 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
5727 test_bit(CONN_SEND_FBIT, &chan->conn_state)) {
5732 l2cap_send_sframe(chan, &control);
5755 static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
5762 if (chan->sdu)
5765 err = chan->ops->recv(chan, skb);
5769 if (chan->sdu)
5772 chan->sdu_len = get_unaligned_le16(skb->data);
5775 if (chan->sdu_len > chan->imtu) {
5780 if (skb->len >= chan->sdu_len)
5783 chan->sdu = skb;
5784 chan->sdu_last_frag = skb;
5791 if (!chan->sdu)
5794 append_skb_frag(chan->sdu, skb,
5795 &chan->sdu_last_frag);
5798 if (chan->sdu->len >= chan->sdu_len)
5805 if (!chan->sdu)
5808 append_skb_frag(chan->sdu, skb,
5809 &chan->sdu_last_frag);
5812 if (chan->sdu->len != chan->sdu_len)
5815 err = chan->ops->recv(chan, chan->sdu);
5819 chan->sdu = NULL;
5820 chan->sdu_last_frag = NULL;
5821 chan->sdu_len = 0;
5828 kfree_skb(chan->sdu);
5829 chan->sdu = NULL;
5830 chan->sdu_last_frag = NULL;
5831 chan->sdu_len = 0;
5837 static int l2cap_resegment(struct l2cap_chan *chan)
5843 void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
5847 if (chan->mode != L2CAP_MODE_ERTM)
5851 l2cap_tx(chan, NULL, NULL, event);
5854 static int l2cap_rx_queued_iframes(struct l2cap_chan *chan)
5861 BT_DBG("chan %p", chan);
5863 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5866 chan->buffer_seq, skb_queue_len(&chan->srej_q));
5868 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq);
5873 skb_unlink(skb, &chan->srej_q);
5874 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
5875 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->control);
5880 if (skb_queue_empty(&chan->srej_q)) {
5881 chan->rx_state = L2CAP_RX_STATE_RECV;
5882 l2cap_send_ack(chan);
5888 static void l2cap_handle_srej(struct l2cap_chan *chan,
5893 BT_DBG("chan %p, control %p", chan, control);
5895 if (control->reqseq == chan->next_tx_seq) {
5897 l2cap_send_disconn_req(chan, ECONNRESET);
5901 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
5909 if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) {
5910 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
5911 l2cap_send_disconn_req(chan, ECONNRESET);
5915 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5918 l2cap_pass_to_tx(chan, control);
5920 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5921 l2cap_retransmit(chan, control);
5922 l2cap_ertm_send(chan);
5924 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5925 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5926 chan->srej_save_reqseq = control->reqseq;
5929 l2cap_pass_to_tx_fbit(chan, control);
5932 if (chan->srej_save_reqseq != control->reqseq ||
5934 &chan->conn_state))
5935 l2cap_retransmit(chan, control);
5937 l2cap_retransmit(chan, control);
5938 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5939 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5940 chan->srej_save_reqseq = control->reqseq;
5946 static void l2cap_handle_rej(struct l2cap_chan *chan,
5951 BT_DBG("chan %p, control %p", chan, control);
5953 if (control->reqseq == chan->next_tx_seq) {
5955 l2cap_send_disconn_req(chan, ECONNRESET);
5959 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
5961 if (chan->max_tx && skb &&
5962 bt_cb(skb)->control.retries >= chan->max_tx) {
5963 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
5964 l2cap_send_disconn_req(chan, ECONNRESET);
5968 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5970 l2cap_pass_to_tx(chan, control);
5973 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
5974 l2cap_retransmit_all(chan, control);
5976 l2cap_retransmit_all(chan, control);
5977 l2cap_ertm_send(chan);
5978 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F)
5979 set_bit(CONN_REJ_ACT, &chan->conn_state);
5983 static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
5985 BT_DBG("chan %p, txseq %d", chan, txseq);
5987 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq,
5988 chan->expected_tx_seq);
5990 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
5991 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
5992 chan->tx_win) {
5996 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
6005 if (chan->srej_list.head == txseq) {
6010 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) {
6015 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) {
6021 if (chan->expected_tx_seq == txseq) {
6022 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
6023 chan->tx_win) {
6032 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
6033 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
6038 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) {
6056 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
6069 static int l2cap_rx_state_recv(struct l2cap_chan *chan,
6076 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6081 switch (l2cap_classify_txseq(chan, control->txseq)) {
6083 l2cap_pass_to_tx(chan, control);
6085 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
6091 chan->expected_tx_seq = __next_seq(chan,
6094 chan->buffer_seq = chan->expected_tx_seq;
6097 err = l2cap_reassemble_sdu(chan, skb, control);
6103 &chan->conn_state)) {
6105 l2cap_retransmit_all(chan, control);
6106 l2cap_ertm_send(chan);
6110 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
6111 l2cap_send_ack(chan);
6114 l2cap_pass_to_tx(chan, control);
6120 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
6130 skb_queue_tail(&chan->srej_q, skb);
6133 skb_queue_len(&chan->srej_q));
6135 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
6136 l2cap_seq_list_clear(&chan->srej_list);
6137 l2cap_send_srej(chan, control->txseq);
6139 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT;
6142 l2cap_pass_to_tx(chan, control);
6148 l2cap_send_disconn_req(chan, ECONNRESET);
6153 l2cap_pass_to_tx(chan, control);
6155 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6157 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state) &&
6158 !__chan_is_moving(chan)) {
6160 l2cap_retransmit_all(chan, control);
6163 l2cap_ertm_send(chan);
6165 l2cap_send_i_or_rr_or_rnr(chan);
6168 &chan->conn_state) &&
6169 chan->unacked_frames)
6170 __set_retrans_timer(chan);
6172 l2cap_ertm_send(chan);
6176 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6177 l2cap_pass_to_tx(chan, control);
6179 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6180 l2cap_send_rr_or_rnr(chan, 0);
6182 __clear_retrans_timer(chan);
6183 l2cap_seq_list_clear(&chan->retrans_list);
6186 l2cap_handle_rej(chan, control);
6189 l2cap_handle_srej(chan, control);
6203 static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
6211 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6216 switch (l2cap_classify_txseq(chan, txseq)) {
6219 l2cap_pass_to_tx(chan, control);
6220 skb_queue_tail(&chan->srej_q, skb);
6223 skb_queue_len(&chan->srej_q));
6225 chan->expected_tx_seq = __next_seq(chan, txseq);
6228 l2cap_seq_list_pop(&chan->srej_list);
6230 l2cap_pass_to_tx(chan, control);
6231 skb_queue_tail(&chan->srej_q, skb);
6234 skb_queue_len(&chan->srej_q));
6236 err = l2cap_rx_queued_iframes(chan);
6246 skb_queue_tail(&chan->srej_q, skb);
6249 skb_queue_len(&chan->srej_q));
6251 l2cap_pass_to_tx(chan, control);
6252 l2cap_send_srej(chan, control->txseq);
6260 skb_queue_tail(&chan->srej_q, skb);
6263 skb_queue_len(&chan->srej_q));
6265 l2cap_pass_to_tx(chan, control);
6266 l2cap_send_srej_list(chan, control->txseq);
6270 l2cap_pass_to_tx(chan, control);
6281 l2cap_send_disconn_req(chan, ECONNRESET);
6286 l2cap_pass_to_tx(chan, control);
6288 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6291 &chan->conn_state)) {
6293 l2cap_retransmit_all(chan, control);
6296 l2cap_ertm_send(chan);
6299 &chan->conn_state) &&
6300 chan->unacked_frames) {
6301 __set_retrans_timer(chan);
6304 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6305 l2cap_send_srej_tail(chan);
6308 &chan->conn_state) &&
6309 chan->unacked_frames)
6310 __set_retrans_timer(chan);
6312 l2cap_send_ack(chan);
6316 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6317 l2cap_pass_to_tx(chan, control);
6319 l2cap_send_srej_tail(chan);
6325 rr_control.reqseq = chan->buffer_seq;
6326 l2cap_send_sframe(chan, &rr_control);
6331 l2cap_handle_rej(chan, control);
6334 l2cap_handle_srej(chan, control);
6346 static int l2cap_finish_move(struct l2cap_chan *chan)
6348 BT_DBG("chan %p", chan);
6350 chan->rx_state = L2CAP_RX_STATE_RECV;
6352 if (chan->hs_hcon)
6353 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
6355 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6357 return l2cap_resegment(chan);
6360 static int l2cap_rx_state_wait_p(struct l2cap_chan *chan,
6366 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6372 l2cap_process_reqseq(chan, control->reqseq);
6374 if (!skb_queue_empty(&chan->tx_q))
6375 chan->tx_send_head = skb_peek(&chan->tx_q);
6377 chan->tx_send_head = NULL;
6382 chan->next_tx_seq = control->reqseq;
6383 chan->unacked_frames = 0;
6385 err = l2cap_finish_move(chan);
6389 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6390 l2cap_send_i_or_rr_or_rnr(chan);
6395 return l2cap_rx_state_recv(chan, control, NULL, event);
6398 static int l2cap_rx_state_wait_f(struct l2cap_chan *chan,
6407 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6409 chan->rx_state = L2CAP_RX_STATE_RECV;
6410 l2cap_process_reqseq(chan, control->reqseq);
6412 if (!skb_queue_empty(&chan->tx_q))
6413 chan->tx_send_head = skb_peek(&chan->tx_q);
6415 chan->tx_send_head = NULL;
6420 chan->next_tx_seq = control->reqseq;
6421 chan->unacked_frames = 0;
6423 if (chan->hs_hcon)
6424 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
6426 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6428 err = l2cap_resegment(chan);
6431 err = l2cap_rx_state_recv(chan, control, skb, event);
6436 static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq)
6441 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq);
6442 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked;
6445 static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6450 BT_DBG("chan %p, control %p, skb %p, event %d, state %d", chan,
6451 control, skb, event, chan->rx_state);
6453 if (__valid_reqseq(chan, control->reqseq)) {
6454 switch (chan->rx_state) {
6456 err = l2cap_rx_state_recv(chan, control, skb, event);
6459 err = l2cap_rx_state_srej_sent(chan, control, skb,
6463 err = l2cap_rx_state_wait_p(chan, control, skb, event);
6466 err = l2cap_rx_state_wait_f(chan, control, skb, event);
6474 control->reqseq, chan->next_tx_seq,
6475 chan->expected_ack_seq);
6476 l2cap_send_disconn_req(chan, ECONNRESET);
6482 static int l2cap_stream_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6487 BT_DBG("chan %p, control %p, skb %p, state %d", chan, control, skb,
6488 chan->rx_state);
6490 if (l2cap_classify_txseq(chan, control->txseq) ==
6492 l2cap_pass_to_tx(chan, control);
6494 BT_DBG("buffer_seq %d->%d", chan->buffer_seq,
6495 __next_seq(chan, chan->buffer_seq));
6497 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
6499 l2cap_reassemble_sdu(chan, skb, control);
6501 if (chan->sdu) {
6502 kfree_skb(chan->sdu);
6503 chan->sdu = NULL;
6505 chan->sdu_last_frag = NULL;
6506 chan->sdu_len = 0;
6514 chan->last_acked_seq = control->txseq;
6515 chan->expected_tx_seq = __next_seq(chan, control->txseq);
6520 static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6526 __unpack_control(chan, skb);
6535 if (l2cap_check_fcs(chan, skb))
6541 if (chan->fcs == L2CAP_FCS_CRC16)
6544 if (len > chan->mps) {
6545 l2cap_send_disconn_req(chan, ECONNRESET);
6559 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F)
6562 if (chan->mode != L2CAP_MODE_STREAMING) {
6564 err = l2cap_rx(chan, control, skb, event);
6566 err = l2cap_stream_rx(chan, control, skb);
6570 l2cap_send_disconn_req(chan, ECONNRESET);
6578 if (chan->mode == L2CAP_MODE_STREAMING)
6587 l2cap_send_disconn_req(chan, ECONNRESET);
6593 chan->tx_state != L2CAP_TX_STATE_WAIT_F))
6597 if (l2cap_rx(chan, control, skb, event))
6598 l2cap_send_disconn_req(chan, ECONNRESET);
6608 static void l2cap_chan_le_send_credits(struct l2cap_chan *chan)
6610 struct l2cap_conn *conn = chan->conn;
6617 if (chan->rx_credits >= (le_max_credits + 1) / 2)
6620 return_credits = le_max_credits - chan->rx_credits;
6622 BT_DBG("chan %p returning %u credits to sender", chan, return_credits);
6624 chan->rx_credits += return_credits;
6626 pkt.cid = cpu_to_le16(chan->scid);
6629 chan->ident = l2cap_get_ident(conn);
6631 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt);
6634 static int l2cap_le_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6638 if (!chan->rx_credits) {
6640 l2cap_send_disconn_req(chan, ECONNRESET);
6644 if (chan->imtu < skb->len) {
6649 chan->rx_credits--;
6650 BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits);
6652 l2cap_chan_le_send_credits(chan);
6656 if (!chan->sdu) {
6663 sdu_len, skb->len, chan->imtu);
6665 if (sdu_len > chan->imtu) {
6678 return chan->ops->recv(chan, skb);
6680 chan->sdu = skb;
6681 chan->sdu_len = sdu_len;
6682 chan->sdu_last_frag = skb;
6687 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u",
6688 chan->sdu->len, skb->len, chan->sdu_len);
6690 if (chan->sdu->len + skb->len > chan->sdu_len) {
6696 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag);
6699 if (chan->sdu->len == chan->sdu_len) {
6700 err = chan->ops->recv(chan, chan->sdu);
6702 chan->sdu = NULL;
6703 chan->sdu_last_frag = NULL;
6704 chan->sdu_len = 0;
6711 kfree_skb(chan->sdu);
6712 chan->sdu = NULL;
6713 chan->sdu_last_frag = NULL;
6714 chan->sdu_len = 0;
6727 struct l2cap_chan *chan;
6729 chan = l2cap_get_chan_by_scid(conn, cid);
6730 if (!chan) {
6732 chan = a2mp_channel_create(conn, skb);
6733 if (!chan) {
6738 l2cap_chan_lock(chan);
6747 BT_DBG("chan %p, len %d", chan, skb->len);
6749 if (chan->state != BT_CONNECTED)
6752 switch (chan->mode) {
6754 if (l2cap_le_data_rcv(chan, skb) < 0)
6765 if (chan->imtu < skb->len) {
6770 if (!chan->ops->recv(chan, skb))
6776 l2cap_data_rcv(chan, skb);
6780 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
6788 l2cap_chan_unlock(chan);
6795 struct l2cap_chan *chan;
6800 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst,
6802 if (!chan)
6805 BT_DBG("chan %p, len %d", chan, skb->len);
6807 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
6810 if (chan->imtu < skb->len)
6817 if (!chan->ops->recv(chan, skb)) {
6818 l2cap_chan_put(chan);
6823 l2cap_chan_put(chan);
6966 int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
6974 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", &chan->src, dst,
6977 hdev = hci_get_route(dst, &chan->src);
6984 chan->chan_type != L2CAP_CHAN_RAW) {
6989 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) {
6994 if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) {
6999 switch (chan->mode) {
7003 l2cap_le_flowctl_init(chan);
7015 switch (chan->state) {
7039 bacpy(&chan->dst, dst);
7040 chan->dst_type = dst_type;
7042 chan->psm = psm;
7043 chan->dcid = cid;
7060 hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level,
7063 u8 auth_type = l2cap_get_auth_type(chan);
7064 hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type);
7080 l2cap_chan_lock(chan);
7089 bacpy(&chan->src, &hcon->src);
7090 chan->src_type = bdaddr_type(hcon, hcon->src_type);
7092 __l2cap_chan_add(conn, chan);
7097 l2cap_state_change(chan, BT_CONNECT);
7098 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
7100 /* Release chan->sport so that it can be reused by other
7104 chan->sport = 0;
7108 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
7109 __clear_chan_timer(chan);
7110 if (l2cap_chan_check_security(chan, true))
7111 l2cap_state_change(chan, BT_CONNECTED);
7113 l2cap_do_start(chan);
7119 l2cap_chan_unlock(chan);
7226 struct l2cap_chan *chan, *next;
7233 chan = pchan->ops->new_connection(pchan);
7234 if (chan) {
7235 bacpy(&chan->src, &hcon->src);
7236 bacpy(&chan->dst, &hcon->dst);
7237 chan->src_type = bdaddr_type(hcon, hcon->src_type);
7238 chan->dst_type = dst_type;
7240 __l2cap_chan_add(conn, chan);
7272 static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
7274 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
7278 if (chan->sec_level == BT_SECURITY_MEDIUM) {
7279 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
7280 } else if (chan->sec_level == BT_SECURITY_HIGH ||
7281 chan->sec_level == BT_SECURITY_FIPS)
7282 l2cap_chan_close(chan, ECONNREFUSED);
7284 if (chan->sec_level == BT_SECURITY_MEDIUM)
7285 __clear_chan_timer(chan);
7292 struct l2cap_chan *chan;
7301 list_for_each_entry(chan, &conn->chan_l, list) {
7302 l2cap_chan_lock(chan);
7304 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid,
7305 state_to_string(chan->state));
7307 if (chan->scid == L2CAP_CID_A2MP) {
7308 l2cap_chan_unlock(chan);
7313 chan->sec_level = hcon->sec_level;
7315 if (!__l2cap_no_conn_pending(chan)) {
7316 l2cap_chan_unlock(chan);
7320 if (!status && (chan->state == BT_CONNECTED ||
7321 chan->state == BT_CONFIG)) {
7322 chan->ops->resume(chan);
7323 l2cap_check_encryption(chan, encrypt);
7324 l2cap_chan_unlock(chan);
7328 if (chan->state == BT_CONNECT) {
7330 l2cap_start_connection(chan);
7332 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
7333 } else if (chan->state == BT_CONNECT2) {
7338 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
7341 chan->ops->defer(chan);
7343 l2cap_state_change(chan, BT_CONFIG);
7348 l2cap_state_change(chan, BT_DISCONN);
7349 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
7354 rsp.scid = cpu_to_le16(chan->dcid);
7355 rsp.dcid = cpu_to_le16(chan->scid);
7358 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
7361 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
7364 set_bit(CONF_REQ_SENT, &chan->conf_state);
7367 l2cap_build_conf_req(chan, buf),
7369 chan->num_conf_req++;
7373 l2cap_chan_unlock(chan);