Merge branch 'for-upstream' of...

extern int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb,

			      u16 flags);

extern int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr);

extern int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags);

extern void sco_connect_cfm(struct hci_conn *hcon, __u8 status);

extern void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason);

extern int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb);

int hci_conn_del(struct hci_conn *conn);

void hci_conn_hash_flush(struct hci_dev *hdev);

void hci_conn_check_pending(struct hci_dev *hdev);

void hci_conn_accept(struct hci_conn *conn, int mask);

struct hci_chan *hci_chan_create(struct hci_conn *conn);

void hci_chan_del(struct hci_chan *chan);

#define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR)

#define lmp_pause_enc_capable(dev) ((dev)->features[5] & LMP_PAUSE_ENC)

#define lmp_ext_inq_capable(dev)   ((dev)->features[6] & LMP_EXT_INQ)

#define lmp_le_br_capable(dev)     ((dev)->features[6] & LMP_SIMUL_LE_BR)

#define lmp_le_br_capable(dev)     !!((dev)->features[6] & LMP_SIMUL_LE_BR)

#define lmp_ssp_capable(dev)       ((dev)->features[6] & LMP_SIMPLE_PAIR)

#define lmp_no_flush_capable(dev)  ((dev)->features[6] & LMP_NO_FLUSH)

#define lmp_lsto_capable(dev)      ((dev)->features[7] & LMP_LSTO)

/* ----- Extended LMP capabilities ----- */

#define lmp_host_ssp_capable(dev)  ((dev)->host_features[0] & LMP_HOST_SSP)

#define lmp_host_le_capable(dev)   ((dev)->host_features[0] & LMP_HOST_LE)

#define lmp_host_le_br_capable(dev) ((dev)->host_features[0] & LMP_HOST_LE_BREDR)

#define lmp_host_le_capable(dev)   !!((dev)->host_features[0] & LMP_HOST_LE)

#define lmp_host_le_br_capable(dev) !!((dev)->host_features[0] & LMP_HOST_LE_BREDR)

/* returns true if at least one AMP active */

static inline bool hci_amp_capable(void)

{

	struct hci_dev *hdev;

	bool ret = false;

	read_lock(&hci_dev_list_lock);

	list_for_each_entry(hdev, &hci_dev_list, list)

		if (hdev->amp_type == HCI_AMP &&

		    test_bit(HCI_UP, &hdev->flags))

			ret = true;

	read_unlock(&hci_dev_list_lock);

	return ret;

}

/* ----- HCI protocols ----- */

#define HCI_PROTO_DEFER             0x01

static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr,

								__u8 type)

					__u8 type, __u8 *flags)

{

	switch (type) {

	case ACL_LINK:

	case SCO_LINK:

	case ESCO_LINK:

		return sco_connect_ind(hdev, bdaddr);

		return sco_connect_ind(hdev, bdaddr, flags);

	default:

		BT_ERR("unknown link type %d", type);

	CONF_MTU_DONE,

	CONF_MODE_DONE,

	CONF_CONNECT_PEND,

	CONF_NO_FCS_RECV,

	CONF_RECV_NO_FCS,

	CONF_STATE2_DEVICE,

	CONF_EWS_RECV,

	CONF_LOC_CONF_PEND,

	/* Clear flags */

	hdev->flags = 0;

	/* Controller radio is available but is currently powered down */

	hdev->amp_status = 0;

	memset(hdev->eir, 0, sizeof(hdev->eir));

	memset(hdev->dev_class, 0, sizeof(hdev->dev_class));

	for (i = 0; i < NUM_REASSEMBLY; i++)

		kfree_skb(hdev->reassembly[i]);

	cancel_work_sync(&hdev->power_on);

	if (!test_bit(HCI_INIT, &hdev->flags) &&

	    !test_bit(HCI_SETUP, &hdev->dev_flags)) {

		hci_dev_lock(hdev);

	if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {

		cp.le = 1;

		cp.simul = !!lmp_le_br_capable(hdev);

		cp.simul = lmp_le_br_capable(hdev);

	}

	if (cp.le != !!lmp_host_le_capable(hdev))

	if (cp.le != lmp_host_le_capable(hdev))

		hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),

			     &cp);

}

	hci_conn_check_pending(hdev);

}

void hci_conn_accept(struct hci_conn *conn, int mask)

{

	struct hci_dev *hdev = conn->hdev;

	BT_DBG("conn %p", conn);

	conn->state = BT_CONFIG;

	if (!lmp_esco_capable(hdev)) {

		struct hci_cp_accept_conn_req cp;

		bacpy(&cp.bdaddr, &conn->dst);

		if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))

			cp.role = 0x00; /* Become master */

		else

			cp.role = 0x01; /* Remain slave */

		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);

	} else /* lmp_esco_capable(hdev)) */ {

		struct hci_cp_accept_sync_conn_req cp;

		bacpy(&cp.bdaddr, &conn->dst);

		cp.pkt_type = cpu_to_le16(conn->pkt_type);

		cp.tx_bandwidth   = __constant_cpu_to_le32(0x00001f40);

		cp.rx_bandwidth   = __constant_cpu_to_le32(0x00001f40);

		cp.max_latency    = __constant_cpu_to_le16(0xffff);

		cp.content_format = cpu_to_le16(hdev->voice_setting);

		cp.retrans_effort = 0xff;

		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,

			     sizeof(cp), &cp);

	}

}

static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)

{

	struct hci_ev_conn_request *ev = (void *) skb->data;

	int mask = hdev->link_mode;

	__u8 flags = 0;

	BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,

	       ev->link_type);

	mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);

	mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,

				      &flags);

	if ((mask & HCI_LM_ACCEPT) &&

	    !hci_blacklist_lookup(hdev, &ev->bdaddr)) {

		}

		memcpy(conn->dev_class, ev->dev_class, 3);

		conn->state = BT_CONNECT;

		hci_dev_unlock(hdev);

		if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {

		if (ev->link_type == ACL_LINK ||

		    (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {

			struct hci_cp_accept_conn_req cp;

			conn->state = BT_CONNECT;

			bacpy(&cp.bdaddr, &ev->bdaddr);

			hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),

				     &cp);

		} else {

		} else if (!(flags & HCI_PROTO_DEFER)) {

			struct hci_cp_accept_sync_conn_req cp;

			conn->state = BT_CONNECT;

			bacpy(&cp.bdaddr, &ev->bdaddr);

			cp.pkt_type = cpu_to_le16(conn->pkt_type);

			hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,

				     sizeof(cp), &cp);

		} else {

			conn->state = BT_CONNECT2;

			hci_proto_connect_cfm(conn, 0);

			hci_conn_put(conn);

		}

	} else {

		/* Connection rejected */

static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,

			   void *data);

static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);

static void l2cap_send_disconn_req(struct l2cap_conn *conn,

				   struct l2cap_chan *chan, int err);

static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);

static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,

		     struct sk_buff_head *skbs, u8 event);

		if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&

		    conn->hcon->type == ACL_LINK) {

			__set_chan_timer(chan, sk->sk_sndtimeo);

			l2cap_send_disconn_req(conn, chan, reason);

			l2cap_send_disconn_req(chan, reason);

		} else

			l2cap_chan_del(chan, reason);

		break;

	struct l2cap_conn *conn = chan->conn;

	if (enable_hs &&

	    hci_amp_capable() &&

	    chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED &&

	    conn->fixed_chan_mask & L2CAP_FC_A2MP)

		return true;

	}

}

static void l2cap_send_disconn_req(struct l2cap_conn *conn,

				   struct l2cap_chan *chan, int err)

static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err)

{

	struct sock *sk = chan->sk;

	struct l2cap_conn *conn = chan->conn;

	struct l2cap_disconn_req req;

	if (!conn)

		if (chan->max_tx != 0 &&

		    bt_cb(skb)->control.retries > chan->max_tx) {

			BT_DBG("Retry limit exceeded (%d)", chan->max_tx);

			l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

			l2cap_seq_list_clear(&chan->retrans_list);

			break;

		}

			__set_monitor_timer(chan);

			chan->retry_count++;

		} else {

			l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);

			l2cap_send_disconn_req(chan, ECONNABORTED);

		}

		break;

	default:

		if (test_bit(FLAG_EFS_ENABLE, &chan->flags))

			l2cap_add_opt_efs(&ptr, chan);

		if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (test_bit(FLAG_EXT_CTRL, &chan->flags))

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,

					   chan->tx_win);

		if (chan->conn->feat_mask & L2CAP_FEAT_FCS)

			if (chan->fcs == L2CAP_FCS_NONE ||

		    test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {

			    test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {

				chan->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);

				l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,

						   chan->fcs);

			}

		if (test_bit(FLAG_EXT_CTRL, &chan->flags))

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,

					   chan->tx_win);

		break;

	case L2CAP_MODE_STREAMING:

		if (test_bit(FLAG_EFS_ENABLE, &chan->flags))

			l2cap_add_opt_efs(&ptr, chan);

		if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))

			break;

		if (chan->conn->feat_mask & L2CAP_FEAT_FCS)

			if (chan->fcs == L2CAP_FCS_NONE ||

		    test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {

			    test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {

				chan->fcs = L2CAP_FCS_NONE;

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);

				l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,

						   chan->fcs);

			}

		break;

	}

		case L2CAP_CONF_FCS:

			if (val == L2CAP_FCS_NONE)

				set_bit(CONF_NO_FCS_RECV, &chan->conf_state);

				set_bit(CONF_RECV_NO_FCS, &chan->conf_state);

			break;

		case L2CAP_CONF_EFS:

			l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),

					   (unsigned long) &efs);

			break;

		case L2CAP_CONF_FCS:

			if (*result == L2CAP_CONF_PENDING)

				if (val == L2CAP_FCS_NONE)

					set_bit(CONF_RECV_NO_FCS,

						&chan->conf_state);

			break;

		}

	}

	 */

	if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)

		chan->fcs = L2CAP_FCS_NONE;

	else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))

	else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state))

		chan->fcs = L2CAP_FCS_CRC16;

}

	/* Complete config. */

	len = l2cap_parse_conf_req(chan, rsp);

	if (len < 0) {

		l2cap_send_disconn_req(conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		goto unlock;

	}

			err = l2cap_ertm_init(chan);

		if (err < 0)

			l2cap_send_disconn_req(chan->conn, chan, -err);

			l2cap_send_disconn_req(chan, -err);

		else

			l2cap_chan_ready(chan);

			len = l2cap_parse_conf_rsp(chan, rsp->data, len,

						   buf, &result);

			if (len < 0) {

				l2cap_send_disconn_req(conn, chan, ECONNRESET);

				l2cap_send_disconn_req(chan, ECONNRESET);

				goto done;

			}

			char req[64];

			if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {

				l2cap_send_disconn_req(conn, chan, ECONNRESET);

				l2cap_send_disconn_req(chan, ECONNRESET);

				goto done;

			}

			len = l2cap_parse_conf_rsp(chan, rsp->data, len,

						   req, &result);

			if (len < 0) {

				l2cap_send_disconn_req(conn, chan, ECONNRESET);

				l2cap_send_disconn_req(chan, ECONNRESET);

				goto done;

			}

		l2cap_chan_set_err(chan, ECONNRESET);

		__set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);

		l2cap_send_disconn_req(conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		goto done;

	}

			err = l2cap_ertm_init(chan);

		if (err < 0)

			l2cap_send_disconn_req(chan->conn, chan, -err);

			l2cap_send_disconn_req(chan, -err);

		else

			l2cap_chan_ready(chan);

	}

	/* Logical link setup failed */

	if (chan->state != BT_CONNECTED) {

		/* Create channel failure, disconnect */

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		return;

	}

		err = l2cap_ertm_init(chan);

		if (err < 0)

			l2cap_send_disconn_req(chan->conn, chan, -err);

			l2cap_send_disconn_req(chan, -err);

		else

			l2cap_chan_ready(chan);

	}

	if (control->reqseq == chan->next_tx_seq) {

		BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		return;

	}

	if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) {

		BT_DBG("Retry limit exceeded (%d)", chan->max_tx);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		return;

	}

	if (control->reqseq == chan->next_tx_seq) {

		BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		return;

	}

	if (chan->max_tx && skb &&

	    bt_cb(skb)->control.retries >= chan->max_tx) {

		BT_DBG("Retry limit exceeded (%d)", chan->max_tx);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		return;

	}

			break;

		case L2CAP_TXSEQ_INVALID:

		default:

			l2cap_send_disconn_req(chan->conn, chan,

					       ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

			break;

		}

		break;

			break;

		case L2CAP_TXSEQ_INVALID:

		default:

			l2cap_send_disconn_req(chan->conn, chan,

					       ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

			break;

		}

		break;

		BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d",

		       control->reqseq, chan->next_tx_seq,

		       chan->expected_ack_seq);

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

	}

	return err;

		len -= L2CAP_FCS_SIZE;

	if (len > chan->mps) {

		l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

		l2cap_send_disconn_req(chan, ECONNRESET);

		goto drop;

	}

		}

		if (err)

			l2cap_send_disconn_req(chan->conn, chan,

					       ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

	} else {

		const u8 rx_func_to_event[4] = {

			L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ,

		if (len != 0) {

			BT_ERR("Trailing bytes: %d in sframe", len);

			l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

			goto drop;

		}

		event = rx_func_to_event[control->super];

		if (l2cap_rx(chan, control, skb, event))

			l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);

			l2cap_send_disconn_req(chan, ECONNRESET);

	}

	return 0;