kernel - Fix races created by a comedy of circumstansces (3)
[dragonfly.git] / sys / netbt / l2cap_lower.c
blob99d14a9b66dbda4d5bfea37a3ba728a1169cd665
1 /* $DragonFly: src/sys/netbt/l2cap_lower.c,v 1.2 2008/03/18 13:41:42 hasso Exp $ */
2 /* $OpenBSD: src/sys/netbt/l2cap_lower.c,v 1.2 2008/02/24 21:34:48 uwe Exp $ */
3 /* $NetBSD: l2cap_lower.c,v 1.7 2007/11/10 23:12:23 plunky Exp $ */
5 /*-
6 * Copyright (c) 2005 Iain Hibbert.
7 * Copyright (c) 2006 Itronix Inc.
8 * All rights reserved.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/param.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/proc.h>
40 #include <sys/queue.h>
41 #include <sys/systm.h>
42 #include <sys/endian.h>
44 #include <netbt/bluetooth.h>
45 #include <netbt/hci.h>
46 #include <netbt/l2cap.h>
48 /****************************************************************************
50 * L2CAP Channel Lower Layer interface
54 * L2CAP channel is disconnected, could be:
56 * HCI layer received "Disconnect Complete" event for ACL link
57 * some Request timed out
58 * Config failed
59 * Other end reported invalid CID
60 * Normal disconnection
61 * Change link mode failed
63 void
64 l2cap_close(struct l2cap_channel *chan, int err)
66 struct l2cap_pdu *pdu;
67 struct l2cap_req *req, *n;
69 if (chan->lc_state == L2CAP_CLOSED)
70 return;
73 * Since any potential PDU could be half sent we just let it go,
74 * but disassociate ourselves from it as links deal with ownerless
75 * PDU's in any case. We could try harder to flush unsent packets
76 * but maybe its better to leave them in the queue?
78 TAILQ_FOREACH(pdu, &chan->lc_link->hl_txq, lp_next) {
79 if (pdu->lp_chan == chan)
80 pdu->lp_chan = NULL;
84 * and clear any outstanding requests..
86 req = TAILQ_FIRST(&chan->lc_link->hl_reqs);
87 while (req != NULL) {
88 n = TAILQ_NEXT(req, lr_next);
89 if (req->lr_chan == chan)
90 l2cap_request_free(req);
92 req = n;
95 chan->lc_pending = 0;
96 chan->lc_state = L2CAP_CLOSED;
97 hci_acl_close(chan->lc_link, err);
98 chan->lc_link = NULL;
100 (*chan->lc_proto->disconnected)(chan->lc_upper, err);
104 * Process incoming L2CAP frame from ACL link. We take off the B-Frame
105 * header (which is present in all packets), verify the data length
106 * and distribute the rest of the frame to the relevant channel
107 * handler.
109 void
110 l2cap_recv_frame(struct mbuf *m, struct hci_link *link)
112 struct l2cap_channel *chan;
113 l2cap_hdr_t hdr;
115 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
116 m_adj(m, sizeof(hdr));
118 hdr.length = letoh16(hdr.length);
119 hdr.dcid = letoh16(hdr.dcid);
121 DPRINTFN(5, "(%s) received packet (%d bytes)\n",
122 device_get_nameunit(link->hl_unit->hci_dev), hdr.length);
124 if (hdr.length != m->m_pkthdr.len)
125 goto failed;
127 if (hdr.dcid == L2CAP_SIGNAL_CID) {
128 l2cap_recv_signal(m, link);
129 return;
132 if (hdr.dcid == L2CAP_CLT_CID) {
133 m_freem(m); /* TODO */
134 return;
137 chan = l2cap_cid_lookup(hdr.dcid);
138 if (chan != NULL && chan->lc_link == link
139 && chan->lc_state == L2CAP_OPEN) {
140 (*chan->lc_proto->input)(chan->lc_upper, m);
141 return;
144 DPRINTF("(%s) dropping %d L2CAP data bytes for unknown CID #%d\n",
145 device_get_nameunit(link->hl_unit->hci_dev), hdr.length,
146 hdr.dcid);
148 failed:
149 m_freem(m);
153 * Start another L2CAP packet on its way. This is called from l2cap_send
154 * (when no PDU is pending) and hci_acl_start (when PDU has been placed on
155 * device queue). Thus we can have more than one PDU waiting at the device
156 * if space is available but no single channel will hog the link.
159 l2cap_start(struct l2cap_channel *chan)
161 struct mbuf *m;
162 int err = 0;
164 if (chan->lc_state != L2CAP_OPEN)
165 return 0;
167 if (IF_QEMPTY(&chan->lc_txq)) {
168 DPRINTFN(5, "no data, pending = %d\n", chan->lc_pending);
170 * If we are just waiting for the queue to flush
171 * and it has, we may disconnect..
173 if (chan->lc_flags & L2CAP_SHUTDOWN
174 && chan->lc_pending == 0) {
175 chan->lc_state = L2CAP_WAIT_DISCONNECT;
176 err = l2cap_send_disconnect_req(chan);
177 if (err)
178 l2cap_close(chan, err);
181 return err;
185 * We could check QoS/RFC mode here and optionally not send
186 * the packet if we are not ready for any reason
188 * Also to support flush timeout then we might want to start
189 * the timer going? (would need to keep some kind of record
190 * of packets sent, possibly change it so that we allocate
191 * the l2cap_pdu and fragment the packet, then hand it down
192 * and get it back when its completed). Hm.
195 IF_DEQUEUE(&chan->lc_txq, m);
197 KKASSERT(chan->lc_link != NULL);
198 KKASSERT(m != NULL);
200 DPRINTFN(5, "CID #%d sending packet (%d bytes)\n",
201 chan->lc_lcid, m->m_pkthdr.len);
203 chan->lc_pending++;
204 return hci_acl_send(m, chan->lc_link, chan);