Bluetooth: Move conn to struct l2cap_chan

struct l2cap_chan {

	struct sock *sk;

	struct l2cap_conn	*conn;

	__le16		psm;

	__u16		dcid;

	__u16		scid;

struct l2cap_pinfo {

	struct bt_sock	bt;

	struct l2cap_conn	*conn;

	struct l2cap_chan	*chan;

};

void l2cap_cleanup_sockets(void);

void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data);

void __l2cap_connect_rsp_defer(struct sock *sk);

void __l2cap_connect_rsp_defer(struct l2cap_chan *chan);

int __l2cap_wait_ack(struct sock *sk);

struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len);

	conn->disc_reason = 0x13;

	l2cap_pi(sk)->conn = conn;

	chan->conn = conn;

	if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {

		if (conn->hcon->type == LE_LINK) {

void l2cap_chan_del(struct l2cap_chan *chan, int err)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	struct sock *parent = bt_sk(sk)->parent;

	l2cap_sock_clear_timer(sk);

		write_unlock_bh(&conn->chan_lock);

		__sock_put(sk);

		l2cap_pi(sk)->conn = NULL;

		chan->conn = NULL;

		hci_conn_put(conn->hcon);

	}

/* Service level security */

static inline int l2cap_check_security(struct l2cap_chan *chan)

{

	struct l2cap_conn *conn = l2cap_pi(chan->sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	__u8 auth_type;

	auth_type = l2cap_get_auth_type(chan);

	struct sk_buff *skb;

	struct l2cap_hdr *lh;

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	struct l2cap_conn *conn = pi->conn;

	struct l2cap_conn *conn = chan->conn;

	struct sock *sk = (struct sock *)pi;

	int count, hlen = L2CAP_HDR_SIZE + 2;

	u8 flags;

	else

		flags = ACL_START;

	hci_send_acl(pi->conn->hcon, skb, flags);

	hci_send_acl(chan->conn->hcon, skb, flags);

}

static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)

static void l2cap_do_start(struct l2cap_chan *chan)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {

		if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))

int __l2cap_wait_ack(struct sock *sk)

{

	struct l2cap_chan *chan = l2cap_pi(sk)->chan;

	DECLARE_WAITQUEUE(wait, current);

	int err = 0;

	int timeo = HZ/5;

	add_wait_queue(sk_sleep(sk), &wait);

	while ((l2cap_pi(sk)->chan->unacked_frames > 0 && l2cap_pi(sk)->conn)) {

	while ((chan->unacked_frames > 0 && chan->conn)) {

		set_current_state(TASK_INTERRUPTIBLE);

		if (!timeo)

	bh_lock_sock(sk);

	if (chan->retry_count >= chan->remote_max_tx) {

		l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, ECONNABORTED);

		l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);

		bh_unlock_sock(sk);

		return;

	}

void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)

{

	struct sock *sk = chan->sk;

	struct hci_conn *hcon = l2cap_pi(sk)->conn->hcon;

	struct hci_conn *hcon = chan->conn->hcon;

	u16 flags;

	BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);

static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)

{

	struct sock *sk = chan->sk;

	struct l2cap_pinfo *pi = l2cap_pi(sk);

	struct sk_buff *skb, *tx_skb;

	u16 control, fcs;

	if (chan->remote_max_tx &&

			bt_cb(skb)->retries == chan->remote_max_tx) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);

		l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);

		return;

	}

{

	struct sk_buff *skb, *tx_skb;

	struct sock *sk = chan->sk;

	struct l2cap_pinfo *pi = l2cap_pi(sk);

	u16 control, fcs;

	int nsent = 0;

		if (chan->remote_max_tx &&

				bt_cb(skb)->retries == chan->remote_max_tx) {

			l2cap_send_disconn_req(pi->conn, chan, ECONNABORTED);

			l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);

			break;

		}

static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)

{

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;

	struct sk_buff **frag;

	int err, sent = 0;

struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	struct sk_buff *skb;

	int err, count, hlen = L2CAP_HDR_SIZE + 2;

	struct l2cap_hdr *lh;

struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	struct sk_buff *skb;

	int err, count, hlen = L2CAP_HDR_SIZE;

	struct l2cap_hdr *lh;

struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_conn *conn = chan->conn;

	struct sk_buff *skb;

	int err, count, hlen = L2CAP_HDR_SIZE + 2;

	struct l2cap_hdr *lh;

static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)

{

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	struct l2cap_conf_req *req = data;

	struct l2cap_conf_rfc rfc = { .mode = chan->mode };

	void *ptr = req->data;

		/* fall through */

	default:

		chan->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);

		chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);

		break;

	}

	switch (chan->mode) {

	case L2CAP_MODE_BASIC:

		if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&

				!(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))

		if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&

				!(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))

			break;

		rfc.mode            = L2CAP_MODE_BASIC;

		rfc.retrans_timeout = 0;

		rfc.monitor_timeout = 0;

		rfc.max_pdu_size    = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);

		if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)

			rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);

		if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)

			rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);

		l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),

							(unsigned long) &rfc);

		if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))

		if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (chan->fcs == L2CAP_FCS_NONE ||

		rfc.retrans_timeout = 0;

		rfc.monitor_timeout = 0;

		rfc.max_pdu_size    = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);

		if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)

			rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);

		if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)

			rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);

		l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),

							(unsigned long) &rfc);

		if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))

		if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (chan->fcs == L2CAP_FCS_NONE ||

static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)

{

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	struct l2cap_conf_rsp *rsp = data;

	void *ptr = rsp->data;

	void *req = chan->conf_req;

	case L2CAP_MODE_ERTM:

		if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {

			chan->mode = l2cap_select_mode(rfc.mode,

					pi->conn->feat_mask);

					chan->conn->feat_mask);

			break;

		}

			chan->remote_tx_win = rfc.txwin_size;

			chan->remote_max_tx = rfc.max_transmit;

			if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)

				rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);

			if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)

				rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);

			chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);

			break;

		case L2CAP_MODE_STREAMING:

			if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)

				rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);

			if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)

				rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);

			chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);

	return ptr - data;

}

void __l2cap_connect_rsp_defer(struct sock *sk)

void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)

{

	struct l2cap_conn_rsp rsp;

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_chan *chan = l2cap_pi(sk)->chan;

	struct l2cap_conn *conn = chan->conn;

	u8 buf[128];

	sk->sk_state = BT_CONFIG;

	rsp.scid   = cpu_to_le16(chan->dcid);

	rsp.dcid   = cpu_to_le16(chan->scid);

	rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);

static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)

{

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	struct sk_buff *_skb;

	int err;

	chan->sdu = NULL;

disconnect:

	l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

	l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

	kfree_skb(skb);

	return 0;

}

		if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {

			err = -EBUSY;

			l2cap_send_disconn_req(l2cap_pi(sk)->conn, chan, EBUSY);

			l2cap_send_disconn_req(chan->conn, chan, EBUSY);

			break;

		}

static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)

{

	struct l2cap_pinfo *pi = l2cap_pi(chan->sk);

	u8 tx_seq = __get_txseq(rx_control);

	u8 req_seq = __get_reqseq(rx_control);

	u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;

	/* invalid tx_seq */

	if (tx_seq_offset >= chan->tx_win) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		goto drop;

	}

static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)

{

	struct l2cap_chan *chan = l2cap_pi(sk)->chan;

	struct l2cap_pinfo *pi = l2cap_pi(sk);

	u16 control;

	u8 req_seq;

	int len, next_tx_seq_offset, req_seq_offset;

		len -= 2;

	if (len > chan->mps) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		goto drop;

	}

	/* check for invalid req-seq */

	if (req_seq_offset > next_tx_seq_offset) {

		l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		goto drop;

	}

	if (__is_iframe(control)) {

		if (len < 0) {

			l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

			l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

			goto drop;

		}

	} else {

		if (len != 0) {

			BT_ERR("%d", len);

			l2cap_send_disconn_req(pi->conn, chan, ECONNRESET);

			l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

			goto drop;

		}

			break;

		}

		cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;

		memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);

		cinfo.hci_handle = chan->conn->hcon->handle;

		memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);

		len = min_t(unsigned int, len, sizeof(cinfo));

		if (copy_to_user(optval, (char *) &cinfo, len))

		}

		if (opt == BT_FLUSHABLE_OFF) {

			struct l2cap_conn *conn = l2cap_pi(sk)->conn;

			struct l2cap_conn *conn = chan->conn;

			/* proceed futher only when we have l2cap_conn and

			   No Flush support in the LM */

			if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {

	lock_sock(sk);

	if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {

		__l2cap_connect_rsp_defer(sk);

		sk->sk_state = BT_CONFIG;

		__l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);

		release_sock(sk);

		return 0;

	}

void __l2cap_sock_close(struct sock *sk, int reason)

{

	struct l2cap_conn *conn = l2cap_pi(sk)->conn;

	struct l2cap_chan *chan = l2cap_pi(sk)->chan;

	struct l2cap_conn *conn = chan->conn;

	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);

static inline int rfcomm_check_security(struct rfcomm_dlc *d)

{

	struct sock *sk = d->session->sock->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;

	__u8 auth_type;

	switch (d->sec_level) {

		break;

	}

	return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,

								auth_type);

	return hci_conn_security(conn->hcon, d->sec_level, auth_type);

}

static void rfcomm_session_timeout(unsigned long arg)

void rfcomm_dlc_accept(struct rfcomm_dlc *d)

{

	struct sock *sk = d->session->sock->sk;

	struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;

	BT_DBG("dlc %p", d);

	rfcomm_dlc_unlock(d);

	if (d->role_switch)

		hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);

		hci_conn_switch_role(conn->hcon, 0x00);

	rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);

}

	struct sock *sk = sock->sk;

	struct sock *l2cap_sk;

	struct rfcomm_conninfo cinfo;

	struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;

	int len, err = 0;

	u32 opt;

		l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;

		cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;

		memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);

		cinfo.hci_handle = conn->hcon->handle;

		memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);

		len = min_t(unsigned int, len, sizeof(cinfo));

		if (copy_to_user(optval, (char *) &cinfo, len))