projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for deferring L2CAP connection setup
[deliverable/linux.git] / net / bluetooth / l2cap.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
1da177e4 41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
1da177e4
LT		 43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
09ab6f4c 53#define VERSION "2.11"
f0709e03
MH		 54
55static u32 l2cap_feat_mask = 0x0000;
1da177e4 56
90ddc4f0 57static const struct proto_ops l2cap_sock_ops;
1da177e4
LT		 58
59static struct bt_sock_list l2cap_sk_list = {
d5fb2962 60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 61};
62
1da177e4
LT		 63static void __l2cap_sock_close(struct sock *sk, int reason);
64static void l2cap_sock_close(struct sock *sk);
65static void l2cap_sock_kill(struct sock *sk);
66
67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
69
70/* ---- L2CAP timers ---- */
71static void l2cap_sock_timeout(unsigned long arg)
72{
73 struct sock *sk = (struct sock *) arg;
b1235d79 74 int reason;
1da177e4
LT		 75
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77
78 bh_lock_sock(sk);
b1235d79
MH		 79
80 if (sk->sk_state == BT_CONNECT &&
81 (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH |
82 L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)))
83 reason = ECONNREFUSED;
84 else
85 reason = ETIMEDOUT;
86
87 __l2cap_sock_close(sk, reason);
88
1da177e4
LT		 89 bh_unlock_sock(sk);
90
91 l2cap_sock_kill(sk);
92 sock_put(sk);
93}
94
95static void l2cap_sock_set_timer(struct sock *sk, long timeout)
96{
97 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
98 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
99}
100
101static void l2cap_sock_clear_timer(struct sock *sk)
102{
103 BT_DBG("sock %p state %d", sk, sk->sk_state);
104 sk_stop_timer(sk, &sk->sk_timer);
105}
106
0139418c
MH		 107/* ---- L2CAP channels ---- */
108static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
109{
110 struct sock *s;
111 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
112 if (l2cap_pi(s)->dcid == cid)
113 break;
114 }
115 return s;
116}
117
118static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
119{
120 struct sock *s;
121 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
122 if (l2cap_pi(s)->scid == cid)
123 break;
124 }
125 return s;
126}
127
128/* Find channel with given SCID.
129 * Returns locked socket */
130static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
131{
132 struct sock *s;
133 read_lock(&l->lock);
134 s = __l2cap_get_chan_by_scid(l, cid);
135 if (s) bh_lock_sock(s);
136 read_unlock(&l->lock);
137 return s;
138}
139
140static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
141{
142 struct sock *s;
143 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
144 if (l2cap_pi(s)->ident == ident)
145 break;
146 }
147 return s;
148}
149
150static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
151{
152 struct sock *s;
153 read_lock(&l->lock);
154 s = __l2cap_get_chan_by_ident(l, ident);
155 if (s) bh_lock_sock(s);
156 read_unlock(&l->lock);
157 return s;
158}
159
160static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
161{
162 u16 cid = 0x0040;
163
164 for (; cid < 0xffff; cid++) {
165 if(!__l2cap_get_chan_by_scid(l, cid))
166 return cid;
167 }
168
169 return 0;
170}
171
172static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
173{
174 sock_hold(sk);
175
176 if (l->head)
177 l2cap_pi(l->head)->prev_c = sk;
178
179 l2cap_pi(sk)->next_c = l->head;
180 l2cap_pi(sk)->prev_c = NULL;
181 l->head = sk;
182}
183
184static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
185{
186 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
187
fd1278d7 188 write_lock_bh(&l->lock);
0139418c
MH		 189 if (sk == l->head)
190 l->head = next;
191
192 if (next)
193 l2cap_pi(next)->prev_c = prev;
194 if (prev)
195 l2cap_pi(prev)->next_c = next;
fd1278d7 196 write_unlock_bh(&l->lock);
0139418c
MH		 197
198 __sock_put(sk);
199}
200
201static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
202{
203 struct l2cap_chan_list *l = &conn->chan_list;
204
205 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
206
207 l2cap_pi(sk)->conn = conn;
208
209 if (sk->sk_type == SOCK_SEQPACKET) {
210 /* Alloc CID for connection-oriented socket */
211 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
212 } else if (sk->sk_type == SOCK_DGRAM) {
213 /* Connectionless socket */
214 l2cap_pi(sk)->scid = 0x0002;
215 l2cap_pi(sk)->dcid = 0x0002;
216 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
217 } else {
218 /* Raw socket can send/recv signalling messages only */
219 l2cap_pi(sk)->scid = 0x0001;
220 l2cap_pi(sk)->dcid = 0x0001;
221 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
222 }
223
224 __l2cap_chan_link(l, sk);
225
226 if (parent)
227 bt_accept_enqueue(parent, sk);
228}
229
8e87d142 230/* Delete channel.
0139418c
MH		 231 * Must be called on the locked socket. */
232static void l2cap_chan_del(struct sock *sk, int err)
233{
234 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
235 struct sock *parent = bt_sk(sk)->parent;
236
237 l2cap_sock_clear_timer(sk);
238
239 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
240
8e87d142 241 if (conn) {
0139418c
MH		 242 /* Unlink from channel list */
243 l2cap_chan_unlink(&conn->chan_list, sk);
244 l2cap_pi(sk)->conn = NULL;
245 hci_conn_put(conn->hcon);
246 }
247
b1235d79 248 sk->sk_state = BT_CLOSED;
0139418c
MH		 249 sock_set_flag(sk, SOCK_ZAPPED);
250
251 if (err)
252 sk->sk_err = err;
253
254 if (parent) {
255 bt_accept_unlink(sk);
256 parent->sk_data_ready(parent, 0);
257 } else
258 sk->sk_state_change(sk);
259}
260
79d554a6
MH		 261/* Service level security */
262static inline int l2cap_check_link_mode(struct sock *sk)
263{
264 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
265
266 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
267 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))
268 return hci_conn_encrypt(conn->hcon);
269
270 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)
271 return hci_conn_auth(conn->hcon);
272
273 return 1;
274}
275
4e8402a3
MH		 276static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
277{
278 u8 id;
279
280 /* Get next available identificator.
281 * 1 - 128 are used by kernel.
282 * 129 - 199 are reserved.
283 * 200 - 254 are used by utilities like l2ping, etc.
284 */
285
286 spin_lock_bh(&conn->lock);
287
288 if (++conn->tx_ident > 128)
289 conn->tx_ident = 1;
290
291 id = conn->tx_ident;
292
293 spin_unlock_bh(&conn->lock);
294
295 return id;
296}
297
298static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
299{
300 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
301
302 BT_DBG("code 0x%2.2x", code);
303
304 if (!skb)
305 return -ENOMEM;
306
307 return hci_send_acl(conn->hcon, skb, 0);
308}
309
79d554a6
MH		 310static void l2cap_do_start(struct sock *sk)
311{
312 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
313
314 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
b1235d79
MH		 315 if (l2cap_check_link_mode(sk)) {
316 struct l2cap_conn_req req;
317 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
318 req.psm = l2cap_pi(sk)->psm;
79d554a6 319
b1235d79 320 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 321
b1235d79 322 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 323 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 324 }
79d554a6
MH		 325 } else {
326 struct l2cap_info_req req;
327 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
328
329 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
330 conn->info_ident = l2cap_get_ident(conn);
331
332 mod_timer(&conn->info_timer, jiffies +
333 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
334
335 l2cap_send_cmd(conn, conn->info_ident,
336 L2CAP_INFO_REQ, sizeof(req), &req);
337 }
338}
339
1da177e4 340/* ---- L2CAP connections ---- */
4e8402a3
MH		 341static void l2cap_conn_start(struct l2cap_conn *conn)
342{
343 struct l2cap_chan_list *l = &conn->chan_list;
344 struct sock *sk;
345
346 BT_DBG("conn %p", conn);
347
348 read_lock(&l->lock);
349
350 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
351 bh_lock_sock(sk);
352
353 if (sk->sk_type != SOCK_SEQPACKET) {
79d554a6
MH		 354 bh_unlock_sock(sk);
355 continue;
356 }
357
358 if (sk->sk_state == BT_CONNECT) {
b1235d79
MH		 359 if (l2cap_check_link_mode(sk)) {
360 struct l2cap_conn_req req;
361 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
362 req.psm = l2cap_pi(sk)->psm;
79d554a6 363
b1235d79 364 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 365
b1235d79 366 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4e8402a3 367 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 368 }
79d554a6
MH		 369 } else if (sk->sk_state == BT_CONNECT2) {
370 struct l2cap_conn_rsp rsp;
371 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
372 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
373
374 if (l2cap_check_link_mode(sk)) {
f66dc81f
MH		 375 if (bt_sk(sk)->defer_setup) {
376 struct sock *parent = bt_sk(sk)->parent;
377 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
378 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
379 parent->sk_data_ready(parent, 0);
380
381 } else {
382 sk->sk_state = BT_CONFIG;
383 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
384 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
385 }
79d554a6
MH		 386 } else {
387 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
388 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
389 }
390
391 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
392 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4e8402a3
MH		 393 }
394
395 bh_unlock_sock(sk);
396 }
397
398 read_unlock(&l->lock);
399}
400
401static void l2cap_conn_ready(struct l2cap_conn *conn)
402{
79d554a6
MH		 403 struct l2cap_chan_list *l = &conn->chan_list;
404 struct sock *sk;
4e8402a3 405
79d554a6 406 BT_DBG("conn %p", conn);
4e8402a3 407
79d554a6 408 read_lock(&l->lock);
4e8402a3 409
79d554a6
MH		 410 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
411 bh_lock_sock(sk);
4e8402a3 412
79d554a6
MH		 413 if (sk->sk_type != SOCK_SEQPACKET) {
414 l2cap_sock_clear_timer(sk);
415 sk->sk_state = BT_CONNECTED;
416 sk->sk_state_change(sk);
417 } else if (sk->sk_state == BT_CONNECT)
418 l2cap_do_start(sk);
4e8402a3 419
79d554a6 420 bh_unlock_sock(sk);
4e8402a3 421 }
79d554a6
MH		 422
423 read_unlock(&l->lock);
4e8402a3
MH		 424}
425
426/* Notify sockets that we cannot guaranty reliability anymore */
427static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
428{
429 struct l2cap_chan_list *l = &conn->chan_list;
430 struct sock *sk;
431
432 BT_DBG("conn %p", conn);
433
434 read_lock(&l->lock);
435
436 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
437 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
438 sk->sk_err = err;
439 }
440
441 read_unlock(&l->lock);
442}
443
444static void l2cap_info_timeout(unsigned long arg)
445{
446 struct l2cap_conn *conn = (void *) arg;
447
448 conn->info_ident = 0;
449
450 l2cap_conn_start(conn);
451}
452
1da177e4
LT		 453static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
454{
0139418c 455 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 456
0139418c 457 if (conn || status)
1da177e4
LT		 458 return conn;
459
0139418c
MH		 460 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
461 if (!conn)
1da177e4 462 return NULL;
1da177e4
LT		 463
464 hcon->l2cap_data = conn;
465 conn->hcon = hcon;
466
0139418c
MH		 467 BT_DBG("hcon %p conn %p", hcon, conn);
468
1da177e4
LT		 469 conn->mtu = hcon->hdev->acl_mtu;
470 conn->src = &hcon->hdev->bdaddr;
471 conn->dst = &hcon->dst;
472
4e8402a3
MH		 473 conn->feat_mask = 0;
474
b1235d79
MH		 475 setup_timer(&conn->info_timer, l2cap_info_timeout,
476 (unsigned long) conn);
4e8402a3 477
1da177e4
LT		 478 spin_lock_init(&conn->lock);
479 rwlock_init(&conn->chan_list.lock);
480
1da177e4
LT		 481 return conn;
482}
483
0139418c 484static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 485{
0139418c 486 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 487 struct sock *sk;
488
0139418c
MH		 489 if (!conn)
490 return;
1da177e4
LT		 491
492 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
493
494 if (conn->rx_skb)
495 kfree_skb(conn->rx_skb);
496
497 /* Kill channels */
498 while ((sk = conn->chan_list.head)) {
499 bh_lock_sock(sk);
500 l2cap_chan_del(sk, err);
501 bh_unlock_sock(sk);
502 l2cap_sock_kill(sk);
503 }
504
8e8440f5
DY		 505 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
506 del_timer_sync(&conn->info_timer);
3ab22731 507
1da177e4
LT		 508 hcon->l2cap_data = NULL;
509 kfree(conn);
1da177e4
LT		 510}
511
512static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
513{
514 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 515 write_lock_bh(&l->lock);
1da177e4 516 __l2cap_chan_add(conn, sk, parent);
fd1278d7 517 write_unlock_bh(&l->lock);
1da177e4
LT		 518}
519
1da177e4 520/* ---- Socket interface ---- */
8e036fc3 521static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
1da177e4
LT		 522{
523 struct sock *sk;
524 struct hlist_node *node;
525 sk_for_each(sk, node, &l2cap_sk_list.head)
526 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
527 goto found;
528 sk = NULL;
529found:
530 return sk;
531}
532
533/* Find socket with psm and source bdaddr.
534 * Returns closest match.
535 */
8e036fc3 536static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 537{
538 struct sock *sk = NULL, *sk1 = NULL;
539 struct hlist_node *node;
540
541 sk_for_each(sk, node, &l2cap_sk_list.head) {
542 if (state && sk->sk_state != state)
543 continue;
544
545 if (l2cap_pi(sk)->psm == psm) {
546 /* Exact match. */
547 if (!bacmp(&bt_sk(sk)->src, src))
548 break;
549
550 /* Closest match */
551 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
552 sk1 = sk;
553 }
554 }
555 return node ? sk : sk1;
556}
557
558/* Find socket with given address (psm, src).
559 * Returns locked socket */
8e036fc3 560static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 561{
562 struct sock *s;
563 read_lock(&l2cap_sk_list.lock);
564 s = __l2cap_get_sock_by_psm(state, psm, src);
565 if (s) bh_lock_sock(s);
566 read_unlock(&l2cap_sk_list.lock);
567 return s;
568}
569
570static void l2cap_sock_destruct(struct sock *sk)
571{
572 BT_DBG("sk %p", sk);
573
574 skb_queue_purge(&sk->sk_receive_queue);
575 skb_queue_purge(&sk->sk_write_queue);
576}
577
578static void l2cap_sock_cleanup_listen(struct sock *parent)
579{
580 struct sock *sk;
581
582 BT_DBG("parent %p", parent);
583
584 /* Close not yet accepted channels */
585 while ((sk = bt_accept_dequeue(parent, NULL)))
586 l2cap_sock_close(sk);
587
b1235d79 588 parent->sk_state = BT_CLOSED;
1da177e4
LT		 589 sock_set_flag(parent, SOCK_ZAPPED);
590}
591
592/* Kill socket (only if zapped and orphan)
593 * Must be called on unlocked socket.
594 */
595static void l2cap_sock_kill(struct sock *sk)
596{
597 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
598 return;
599
600 BT_DBG("sk %p state %d", sk, sk->sk_state);
601
602 /* Kill poor orphan */
603 bt_sock_unlink(&l2cap_sk_list, sk);
604 sock_set_flag(sk, SOCK_DEAD);
605 sock_put(sk);
606}
607
608static void __l2cap_sock_close(struct sock *sk, int reason)
609{
610 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
611
612 switch (sk->sk_state) {
613 case BT_LISTEN:
614 l2cap_sock_cleanup_listen(sk);
615 break;
616
617 case BT_CONNECTED:
618 case BT_CONFIG:
1da177e4
LT		 619 if (sk->sk_type == SOCK_SEQPACKET) {
620 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
621 struct l2cap_disconn_req req;
622
623 sk->sk_state = BT_DISCONN;
624 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
625
aca3192c
YH		 626 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
627 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 628 l2cap_send_cmd(conn, l2cap_get_ident(conn),
629 L2CAP_DISCONN_REQ, sizeof(req), &req);
b1235d79 630 } else
1da177e4 631 l2cap_chan_del(sk, reason);
1da177e4
LT		 632 break;
633
f66dc81f
MH		 634 case BT_CONNECT2:
635 if (sk->sk_type == SOCK_SEQPACKET) {
636 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
637 struct l2cap_conn_rsp rsp;
638 __u16 result;
639
640 if (bt_sk(sk)->defer_setup)
641 result = L2CAP_CR_SEC_BLOCK;
642 else
643 result = L2CAP_CR_BAD_PSM;
644
645 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
646 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
647 rsp.result = cpu_to_le16(result);
648 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
649 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
650 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
651 } else
652 l2cap_chan_del(sk, reason);
653 break;
654
1da177e4
LT		 655 case BT_CONNECT:
656 case BT_DISCONN:
657 l2cap_chan_del(sk, reason);
658 break;
659
660 default:
661 sock_set_flag(sk, SOCK_ZAPPED);
662 break;
663 }
664}
665
666/* Must be called on unlocked socket. */
667static void l2cap_sock_close(struct sock *sk)
668{
669 l2cap_sock_clear_timer(sk);
670 lock_sock(sk);
671 __l2cap_sock_close(sk, ECONNRESET);
672 release_sock(sk);
673 l2cap_sock_kill(sk);
674}
675
676static void l2cap_sock_init(struct sock *sk, struct sock *parent)
677{
678 struct l2cap_pinfo *pi = l2cap_pi(sk);
679
680 BT_DBG("sk %p", sk);
681
682 if (parent) {
683 sk->sk_type = parent->sk_type;
f66dc81f
MH		 684 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
685
1da177e4
LT		 686 pi->imtu = l2cap_pi(parent)->imtu;
687 pi->omtu = l2cap_pi(parent)->omtu;
688 pi->link_mode = l2cap_pi(parent)->link_mode;
689 } else {
690 pi->imtu = L2CAP_DEFAULT_MTU;
691 pi->omtu = 0;
692 pi->link_mode = 0;
693 }
694
695 /* Default config options */
5dee9e7c 696 pi->conf_len = 0;
1da177e4
LT		 697 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
698}
699
700static struct proto l2cap_proto = {
701 .name = "L2CAP",
702 .owner = THIS_MODULE,
703 .obj_size = sizeof(struct l2cap_pinfo)
704};
705
1b8d7ae4 706static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 707{
708 struct sock *sk;
709
6257ff21 710 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1da177e4
LT		 711 if (!sk)
712 return NULL;
713
714 sock_init_data(sock, sk);
715 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
716
717 sk->sk_destruct = l2cap_sock_destruct;
4e8402a3 718 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1da177e4
LT		 719
720 sock_reset_flag(sk, SOCK_ZAPPED);
721
722 sk->sk_protocol = proto;
b1235d79 723 sk->sk_state = BT_OPEN;
1da177e4 724
b1235d79 725 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1da177e4
LT		 726
727 bt_sock_link(&l2cap_sk_list, sk);
728 return sk;
729}
730
1b8d7ae4 731static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 732{
733 struct sock *sk;
734
735 BT_DBG("sock %p", sock);
736
737 sock->state = SS_UNCONNECTED;
738
739 if (sock->type != SOCK_SEQPACKET &&
740 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
741 return -ESOCKTNOSUPPORT;
742
743 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
744 return -EPERM;
745
746 sock->ops = &l2cap_sock_ops;
747
1b8d7ae4 748 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1da177e4
LT		 749 if (!sk)
750 return -ENOMEM;
751
752 l2cap_sock_init(sk, NULL);
753 return 0;
754}
755
756static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
757{
758 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
759 struct sock *sk = sock->sk;
760 int err = 0;
761
762 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
763
764 if (!addr || addr->sa_family != AF_BLUETOOTH)
765 return -EINVAL;
766
767 lock_sock(sk);
768
769 if (sk->sk_state != BT_OPEN) {
770 err = -EBADFD;
771 goto done;
772 }
773
8e036fc3 774 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
847641d7
MH		 775 !capable(CAP_NET_BIND_SERVICE)) {
776 err = -EACCES;
777 goto done;
778 }
8e87d142 779
1da177e4
LT		 780 write_lock_bh(&l2cap_sk_list.lock);
781
782 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
783 err = -EADDRINUSE;
784 } else {
785 /* Save source address */
786 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
787 l2cap_pi(sk)->psm = la->l2_psm;
788 l2cap_pi(sk)->sport = la->l2_psm;
789 sk->sk_state = BT_BOUND;
790 }
791
792 write_unlock_bh(&l2cap_sk_list.lock);
793
794done:
795 release_sock(sk);
796 return err;
797}
798
799static int l2cap_do_connect(struct sock *sk)
800{
801 bdaddr_t *src = &bt_sk(sk)->src;
802 bdaddr_t *dst = &bt_sk(sk)->dst;
803 struct l2cap_conn *conn;
804 struct hci_conn *hcon;
805 struct hci_dev *hdev;
09ab6f4c 806 __u8 auth_type;
1da177e4
LT		 807 int err = 0;
808
809 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
810
811 if (!(hdev = hci_get_route(dst, src)))
812 return -EHOSTUNREACH;
813
814 hci_dev_lock_bh(hdev);
815
816 err = -ENOMEM;
817
09ab6f4c
MH		 818 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH ||
819 l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT ||
820 l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
821 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
822 auth_type = HCI_AT_NO_BONDING_MITM;
823 else
824 auth_type = HCI_AT_GENERAL_BONDING_MITM;
825 } else {
826 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
827 auth_type = HCI_AT_NO_BONDING;
828 else
829 auth_type = HCI_AT_GENERAL_BONDING;
830 }
831
832 hcon = hci_connect(hdev, ACL_LINK, dst, auth_type);
1da177e4
LT		 833 if (!hcon)
834 goto done;
835
836 conn = l2cap_conn_add(hcon, 0);
837 if (!conn) {
838 hci_conn_put(hcon);
839 goto done;
840 }
841
842 err = 0;
843
844 /* Update source addr of the socket */
845 bacpy(src, conn->src);
846
847 l2cap_chan_add(conn, sk, NULL);
848
849 sk->sk_state = BT_CONNECT;
850 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
851
852 if (hcon->state == BT_CONNECTED) {
79d554a6 853 if (sk->sk_type != SOCK_SEQPACKET) {
1da177e4
LT		 854 l2cap_sock_clear_timer(sk);
855 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 856 } else
857 l2cap_do_start(sk);
1da177e4
LT		 858 }
859
860done:
861 hci_dev_unlock_bh(hdev);
862 hci_dev_put(hdev);
863 return err;
864}
865
866static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
867{
868 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
869 struct sock *sk = sock->sk;
870 int err = 0;
871
872 lock_sock(sk);
873
874 BT_DBG("sk %p", sk);
875
876 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
877 err = -EINVAL;
878 goto done;
879 }
880
881 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
882 err = -EINVAL;
883 goto done;
884 }
885
886 switch(sk->sk_state) {
887 case BT_CONNECT:
888 case BT_CONNECT2:
889 case BT_CONFIG:
890 /* Already connecting */
891 goto wait;
892
893 case BT_CONNECTED:
894 /* Already connected */
895 goto done;
896
897 case BT_OPEN:
898 case BT_BOUND:
899 /* Can connect */
900 break;
901
902 default:
903 err = -EBADFD;
904 goto done;
905 }
906
907 /* Set destination address and psm */
908 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
909 l2cap_pi(sk)->psm = la->l2_psm;
910
911 if ((err = l2cap_do_connect(sk)))
912 goto done;
913
914wait:
915 err = bt_sock_wait_state(sk, BT_CONNECTED,
916 sock_sndtimeo(sk, flags & O_NONBLOCK));
917done:
918 release_sock(sk);
919 return err;
920}
921
922static int l2cap_sock_listen(struct socket *sock, int backlog)
923{
924 struct sock *sk = sock->sk;
925 int err = 0;
926
927 BT_DBG("sk %p backlog %d", sk, backlog);
928
929 lock_sock(sk);
930
931 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
932 err = -EBADFD;
933 goto done;
934 }
935
936 if (!l2cap_pi(sk)->psm) {
937 bdaddr_t *src = &bt_sk(sk)->src;
938 u16 psm;
939
940 err = -EINVAL;
941
942 write_lock_bh(&l2cap_sk_list.lock);
943
944 for (psm = 0x1001; psm < 0x1100; psm += 2)
6dc0c208 945 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1da177e4
LT		 946 l2cap_pi(sk)->psm = htobs(psm);
947 l2cap_pi(sk)->sport = htobs(psm);
948 err = 0;
949 break;
950 }
951
952 write_unlock_bh(&l2cap_sk_list.lock);
953
954 if (err < 0)
955 goto done;
956 }
957
958 sk->sk_max_ack_backlog = backlog;
959 sk->sk_ack_backlog = 0;
960 sk->sk_state = BT_LISTEN;
961
962done:
963 release_sock(sk);
964 return err;
965}
966
967static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
968{
969 DECLARE_WAITQUEUE(wait, current);
970 struct sock *sk = sock->sk, *nsk;
971 long timeo;
972 int err = 0;
973
fcc70d5f 974 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 975
976 if (sk->sk_state != BT_LISTEN) {
977 err = -EBADFD;
978 goto done;
979 }
980
981 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
982
983 BT_DBG("sk %p timeo %ld", sk, timeo);
984
985 /* Wait for an incoming connection. (wake-one). */
986 add_wait_queue_exclusive(sk->sk_sleep, &wait);
987 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
988 set_current_state(TASK_INTERRUPTIBLE);
989 if (!timeo) {
990 err = -EAGAIN;
991 break;
992 }
993
994 release_sock(sk);
995 timeo = schedule_timeout(timeo);
fcc70d5f 996 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 997
998 if (sk->sk_state != BT_LISTEN) {
999 err = -EBADFD;
1000 break;
1001 }
1002
1003 if (signal_pending(current)) {
1004 err = sock_intr_errno(timeo);
1005 break;
1006 }
1007 }
1008 set_current_state(TASK_RUNNING);
1009 remove_wait_queue(sk->sk_sleep, &wait);
1010
1011 if (err)
1012 goto done;
1013
1014 newsock->state = SS_CONNECTED;
1015
1016 BT_DBG("new socket %p", nsk);
1017
1018done:
1019 release_sock(sk);
1020 return err;
1021}
1022
1023static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1024{
1025 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1026 struct sock *sk = sock->sk;
1027
1028 BT_DBG("sock %p, sk %p", sock, sk);
1029
1030 addr->sa_family = AF_BLUETOOTH;
1031 *len = sizeof(struct sockaddr_l2);
1032
1033 if (peer)
1034 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1035 else
1036 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1037
1038 la->l2_psm = l2cap_pi(sk)->psm;
1039 return 0;
1040}
1041
1042static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1043{
1044 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1045 struct sk_buff *skb, **frag;
1046 int err, hlen, count, sent=0;
1047 struct l2cap_hdr *lh;
1048
1049 BT_DBG("sk %p len %d", sk, len);
1050
1051 /* First fragment (with L2CAP header) */
1052 if (sk->sk_type == SOCK_DGRAM)
1053 hlen = L2CAP_HDR_SIZE + 2;
1054 else
1055 hlen = L2CAP_HDR_SIZE;
1056
1057 count = min_t(unsigned int, (conn->mtu - hlen), len);
1058
1059 skb = bt_skb_send_alloc(sk, hlen + count,
1060 msg->msg_flags & MSG_DONTWAIT, &err);
1061 if (!skb)
1062 return err;
1063
1064 /* Create L2CAP header */
1065 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1066 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1067 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1da177e4
LT		 1068
1069 if (sk->sk_type == SOCK_DGRAM)
8e036fc3 1070 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1da177e4
LT		 1071
1072 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1073 err = -EFAULT;
1074 goto fail;
1075 }
1076
1077 sent += count;
1078 len -= count;
1079
1080 /* Continuation fragments (no L2CAP header) */
1081 frag = &skb_shinfo(skb)->frag_list;
1082 while (len) {
1083 count = min_t(unsigned int, conn->mtu, len);
1084
1085 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1086 if (!*frag)
1087 goto fail;
8e87d142 1088
1da177e4
LT		 1089 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1090 err = -EFAULT;
1091 goto fail;
1092 }
1093
1094 sent += count;
1095 len -= count;
1096
1097 frag = &(*frag)->next;
1098 }
1099
1100 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1101 goto fail;
1102
1103 return sent;
1104
1105fail:
1106 kfree_skb(skb);
1107 return err;
1108}
1109
1110static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1111{
1112 struct sock *sk = sock->sk;
1113 int err = 0;
1114
1115 BT_DBG("sock %p, sk %p", sock, sk);
1116
c1cbe4b7
BL		 1117 err = sock_error(sk);
1118 if (err)
1119 return err;
1da177e4
LT		 1120
1121 if (msg->msg_flags & MSG_OOB)
1122 return -EOPNOTSUPP;
1123
1124 /* Check outgoing MTU */
1125 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1126 return -EINVAL;
1127
1128 lock_sock(sk);
1129
1130 if (sk->sk_state == BT_CONNECTED)
1131 err = l2cap_do_send(sk, msg, len);
1132 else
1133 err = -ENOTCONN;
1134
1135 release_sock(sk);
1136 return err;
1137}
1138
f66dc81f
MH		 1139static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1140{
1141 struct sock *sk = sock->sk;
1142
1143 lock_sock(sk);
1144
1145 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1146 struct l2cap_conn_rsp rsp;
1147
1148 sk->sk_state = BT_CONFIG;
1149
1150 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1151 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1152 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1153 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1154 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1155 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1156
1157 release_sock(sk);
1158 return 0;
1159 }
1160
1161 release_sock(sk);
1162
1163 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1164}
1165
d58daf42 1166static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 1167{
1168 struct sock *sk = sock->sk;
1169 struct l2cap_options opts;
1170 int err = 0, len;
1171 u32 opt;
1172
1173 BT_DBG("sk %p", sk);
1174
1175 lock_sock(sk);
1176
1177 switch (optname) {
1178 case L2CAP_OPTIONS:
0878b666
MH		 1179 opts.imtu = l2cap_pi(sk)->imtu;
1180 opts.omtu = l2cap_pi(sk)->omtu;
1181 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1182 opts.mode = L2CAP_MODE_BASIC;
0878b666 1183
1da177e4
LT		 1184 len = min_t(unsigned int, sizeof(opts), optlen);
1185 if (copy_from_user((char *) &opts, optval, len)) {
1186 err = -EFAULT;
1187 break;
1188 }
0878b666 1189
1da177e4
LT		 1190 l2cap_pi(sk)->imtu = opts.imtu;
1191 l2cap_pi(sk)->omtu = opts.omtu;
1192 break;
1193
1194 case L2CAP_LM:
1195 if (get_user(opt, (u32 __user *) optval)) {
1196 err = -EFAULT;
1197 break;
1198 }
1199
1200 l2cap_pi(sk)->link_mode = opt;
1201 break;
1202
1203 default:
1204 err = -ENOPROTOOPT;
1205 break;
1206 }
1207
1208 release_sock(sk);
1209 return err;
1210}
1211
d58daf42
MH		 1212static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1213{
1214 struct sock *sk = sock->sk;
1215 int err = 0;
f66dc81f 1216 u32 opt;
d58daf42
MH		 1217
1218 BT_DBG("sk %p", sk);
1219
1220 if (level == SOL_L2CAP)
1221 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1222
1223 lock_sock(sk);
1224
1225 switch (optname) {
f66dc81f
MH		 1226 case BT_DEFER_SETUP:
1227 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1228 err = -EINVAL;
1229 break;
1230 }
1231
1232 if (get_user(opt, (u32 __user *) optval)) {
1233 err = -EFAULT;
1234 break;
1235 }
1236
1237 bt_sk(sk)->defer_setup = opt;
1238 break;
1239
d58daf42
MH		 1240 default:
1241 err = -ENOPROTOOPT;
1242 break;
1243 }
1244
1245 release_sock(sk);
1246 return err;
1247}
1248
1249static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 1250{
1251 struct sock *sk = sock->sk;
1252 struct l2cap_options opts;
1253 struct l2cap_conninfo cinfo;
1254 int len, err = 0;
1255
1256 BT_DBG("sk %p", sk);
1257
1258 if (get_user(len, optlen))
1259 return -EFAULT;
1260
1261 lock_sock(sk);
1262
1263 switch (optname) {
1264 case L2CAP_OPTIONS:
1265 opts.imtu = l2cap_pi(sk)->imtu;
1266 opts.omtu = l2cap_pi(sk)->omtu;
1267 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1268 opts.mode = L2CAP_MODE_BASIC;
1da177e4
LT		 1269
1270 len = min_t(unsigned int, len, sizeof(opts));
1271 if (copy_to_user(optval, (char *) &opts, len))
1272 err = -EFAULT;
1273
1274 break;
1275
1276 case L2CAP_LM:
1277 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
1278 err = -EFAULT;
1279 break;
1280
1281 case L2CAP_CONNINFO:
f66dc81f
MH		 1282 if (sk->sk_state != BT_CONNECTED &&
1283 !(sk->sk_state == BT_CONNECT2 &&
1284 bt_sk(sk)->defer_setup)) {
1da177e4
LT		 1285 err = -ENOTCONN;
1286 break;
1287 }
1288
1289 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1290 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1291
1292 len = min_t(unsigned int, len, sizeof(cinfo));
1293 if (copy_to_user(optval, (char *) &cinfo, len))
1294 err = -EFAULT;
1295
1296 break;
1297
1298 default:
1299 err = -ENOPROTOOPT;
1300 break;
1301 }
1302
1303 release_sock(sk);
1304 return err;
1305}
1306
d58daf42
MH		 1307static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1308{
1309 struct sock *sk = sock->sk;
1310 int len, err = 0;
1311
1312 BT_DBG("sk %p", sk);
1313
1314 if (level == SOL_L2CAP)
1315 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1316
1317 if (get_user(len, optlen))
1318 return -EFAULT;
1319
1320 lock_sock(sk);
1321
1322 switch (optname) {
f66dc81f
MH		 1323 case BT_DEFER_SETUP:
1324 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1325 err = -EINVAL;
1326 break;
1327 }
1328
1329 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1330 err = -EFAULT;
1331
1332 break;
1333
d58daf42
MH		 1334 default:
1335 err = -ENOPROTOOPT;
1336 break;
1337 }
1338
1339 release_sock(sk);
1340 return err;
1341}
1342
1da177e4
LT		 1343static int l2cap_sock_shutdown(struct socket *sock, int how)
1344{
1345 struct sock *sk = sock->sk;
1346 int err = 0;
1347
1348 BT_DBG("sock %p, sk %p", sock, sk);
1349
1350 if (!sk)
1351 return 0;
1352
1353 lock_sock(sk);
1354 if (!sk->sk_shutdown) {
1355 sk->sk_shutdown = SHUTDOWN_MASK;
1356 l2cap_sock_clear_timer(sk);
1357 __l2cap_sock_close(sk, 0);
1358
1359 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
b1235d79
MH		 1360 err = bt_sock_wait_state(sk, BT_CLOSED,
1361 sk->sk_lingertime);
1da177e4
LT		 1362 }
1363 release_sock(sk);
1364 return err;
1365}
1366
1367static int l2cap_sock_release(struct socket *sock)
1368{
1369 struct sock *sk = sock->sk;
1370 int err;
1371
1372 BT_DBG("sock %p, sk %p", sock, sk);
1373
1374 if (!sk)
1375 return 0;
1376
1377 err = l2cap_sock_shutdown(sock, 2);
1378
1379 sock_orphan(sk);
1380 l2cap_sock_kill(sk);
1381 return err;
1382}
1383
1da177e4
LT		 1384static void l2cap_chan_ready(struct sock *sk)
1385{
1386 struct sock *parent = bt_sk(sk)->parent;
1387
1388 BT_DBG("sk %p, parent %p", sk, parent);
1389
1390 l2cap_pi(sk)->conf_state = 0;
1391 l2cap_sock_clear_timer(sk);
1392
1393 if (!parent) {
1394 /* Outgoing channel.
1395 * Wake up socket sleeping on connect.
1396 */
1397 sk->sk_state = BT_CONNECTED;
1398 sk->sk_state_change(sk);
1399 } else {
1400 /* Incoming channel.
1401 * Wake up socket sleeping on accept.
1402 */
1403 parent->sk_data_ready(parent, 0);
1404 }
b1235d79
MH		 1405
1406 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
1407 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1408 hci_conn_change_link_key(conn->hcon);
1409 }
1da177e4
LT		 1410}
1411
1412/* Copy frame to all raw sockets on that connection */
1413static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1414{
1415 struct l2cap_chan_list *l = &conn->chan_list;
1416 struct sk_buff *nskb;
1417 struct sock * sk;
1418
1419 BT_DBG("conn %p", conn);
1420
1421 read_lock(&l->lock);
1422 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1423 if (sk->sk_type != SOCK_RAW)
1424 continue;
1425
1426 /* Don't send frame to the socket it came from */
1427 if (skb->sk == sk)
1428 continue;
1429
1430 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1431 continue;
1432
1433 if (sock_queue_rcv_skb(sk, nskb))
1434 kfree_skb(nskb);
1435 }
1436 read_unlock(&l->lock);
1437}
1438
1439/* ---- L2CAP signalling commands ---- */
1440static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1441 u8 code, u8 ident, u16 dlen, void *data)
1442{
1443 struct sk_buff *skb, **frag;
1444 struct l2cap_cmd_hdr *cmd;
1445 struct l2cap_hdr *lh;
1446 int len, count;
1447
1448 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1449
1450 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1451 count = min_t(unsigned int, conn->mtu, len);
1452
1453 skb = bt_skb_alloc(count, GFP_ATOMIC);
1454 if (!skb)
1455 return NULL;
1456
1457 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1458 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1459 lh->cid = cpu_to_le16(0x0001);
1da177e4
LT		 1460
1461 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1462 cmd->code = code;
1463 cmd->ident = ident;
aca3192c 1464 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1465
1466 if (dlen) {
1467 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1468 memcpy(skb_put(skb, count), data, count);
1469 data += count;
1470 }
1471
1472 len -= skb->len;
1473
1474 /* Continuation fragments (no L2CAP header) */
1475 frag = &skb_shinfo(skb)->frag_list;
1476 while (len) {
1477 count = min_t(unsigned int, conn->mtu, len);
1478
1479 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1480 if (!*frag)
1481 goto fail;
1482
1483 memcpy(skb_put(*frag, count), data, count);
1484
1485 len -= count;
1486 data += count;
1487
1488 frag = &(*frag)->next;
1489 }
1490
1491 return skb;
1492
1493fail:
1494 kfree_skb(skb);
1495 return NULL;
1496}
1497
1498static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1499{
1500 struct l2cap_conf_opt *opt = *ptr;
1501 int len;
1502
1503 len = L2CAP_CONF_OPT_SIZE + opt->len;
1504 *ptr += len;
1505
1506 *type = opt->type;
1507 *olen = opt->len;
1508
1509 switch (opt->len) {
1510 case 1:
1511 *val = *((u8 *) opt->val);
1512 break;
1513
1514 case 2:
861d6882 1515 *val = __le16_to_cpu(*((__le16 *) opt->val));
1da177e4
LT		 1516 break;
1517
1518 case 4:
861d6882 1519 *val = __le32_to_cpu(*((__le32 *) opt->val));
1da177e4
LT		 1520 break;
1521
1522 default:
1523 *val = (unsigned long) opt->val;
1524 break;
1525 }
1526
1527 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1528 return len;
1529}
1530
1da177e4
LT		 1531static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1532{
1533 struct l2cap_conf_opt *opt = *ptr;
1534
1535 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1536
1537 opt->type = type;
1538 opt->len = len;
1539
1540 switch (len) {
1541 case 1:
1542 *((u8 *) opt->val) = val;
1543 break;
1544
1545 case 2:
8e036fc3 1546 *((__le16 *) opt->val) = cpu_to_le16(val);
1da177e4
LT		 1547 break;
1548
1549 case 4:
8e036fc3 1550 *((__le32 *) opt->val) = cpu_to_le32(val);
1da177e4
LT		 1551 break;
1552
1553 default:
1554 memcpy(opt->val, (void *) val, len);
1555 break;
1556 }
1557
1558 *ptr += L2CAP_CONF_OPT_SIZE + len;
1559}
1560
1561static int l2cap_build_conf_req(struct sock *sk, void *data)
1562{
1563 struct l2cap_pinfo *pi = l2cap_pi(sk);
1564 struct l2cap_conf_req *req = data;
1565 void *ptr = req->data;
1566
1567 BT_DBG("sk %p", sk);
1568
1569 if (pi->imtu != L2CAP_DEFAULT_MTU)
1570 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1571
1572 /* FIXME: Need actual value of the flush timeout */
1573 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1574 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1575
aca3192c
YH		 1576 req->dcid = cpu_to_le16(pi->dcid);
1577 req->flags = cpu_to_le16(0);
1da177e4
LT		 1578
1579 return ptr - data;
1580}
1581
5dee9e7c 1582static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1583{
1584 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1585 struct l2cap_conf_rsp *rsp = data;
1586 void *ptr = rsp->data;
1587 void *req = pi->conf_req;
1588 int len = pi->conf_len;
1589 int type, hint, olen;
1590 unsigned long val;
6464f35f 1591 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1592 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1593 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1594
5dee9e7c 1595 BT_DBG("sk %p", sk);
820ae1b8 1596
5dee9e7c
MH		 1597 while (len >= L2CAP_CONF_OPT_SIZE) {
1598 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1599
5dee9e7c
MH		 1600 hint = type & 0x80;
1601 type &= 0x7f;
1602
1603 switch (type) {
1604 case L2CAP_CONF_MTU:
861d6882 1605 mtu = val;
5dee9e7c
MH		 1606 break;
1607
1608 case L2CAP_CONF_FLUSH_TO:
1609 pi->flush_to = val;
1610 break;
1611
1612 case L2CAP_CONF_QOS:
1613 break;
1614
6464f35f
MH		 1615 case L2CAP_CONF_RFC:
1616 if (olen == sizeof(rfc))
1617 memcpy(&rfc, (void *) val, olen);
1618 break;
1619
5dee9e7c
MH		 1620 default:
1621 if (hint)
1622 break;
1623
1624 result = L2CAP_CONF_UNKNOWN;
1625 *((u8 *) ptr++) = type;
1626 break;
1627 }
1628 }
1629
1630 if (result == L2CAP_CONF_SUCCESS) {
1631 /* Configure output options and let the other side know
1632 * which ones we don't like. */
1633
6464f35f
MH		 1634 if (rfc.mode == L2CAP_MODE_BASIC) {
1635 if (mtu < pi->omtu)
1636 result = L2CAP_CONF_UNACCEPT;
1637 else {
1638 pi->omtu = mtu;
1639 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1640 }
1641
1642 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1643 } else {
5dee9e7c 1644 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1645
6464f35f
MH		 1646 memset(&rfc, 0, sizeof(rfc));
1647 rfc.mode = L2CAP_MODE_BASIC;
1648
1649 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1650 sizeof(rfc), (unsigned long) &rfc);
1651 }
5dee9e7c
MH		 1652 }
1653
1654 rsp->scid = cpu_to_le16(pi->dcid);
1655 rsp->result = cpu_to_le16(result);
1656 rsp->flags = cpu_to_le16(0x0000);
1657
1658 return ptr - data;
1da177e4
LT		 1659}
1660
5dee9e7c 1661static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1662{
1663 struct l2cap_conf_rsp *rsp = data;
1664 void *ptr = rsp->data;
1da177e4 1665
5dee9e7c 1666 BT_DBG("sk %p", sk);
1da177e4 1667
aca3192c 1668 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1669 rsp->result = cpu_to_le16(result);
aca3192c 1670 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1671
1672 return ptr - data;
1673}
1674
4e8402a3
MH		 1675static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1676{
1677 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1678
1679 if (rej->reason != 0x0000)
1680 return 0;
1681
1682 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1683 cmd->ident == conn->info_ident) {
1684 conn->info_ident = 0;
1685 del_timer(&conn->info_timer);
1686 l2cap_conn_start(conn);
1687 }
1688
1689 return 0;
1690}
1691
1da177e4
LT		 1692static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1693{
1694 struct l2cap_chan_list *list = &conn->chan_list;
1695 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1696 struct l2cap_conn_rsp rsp;
1697 struct sock *sk, *parent;
e7c29cb1 1698 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1699
1700 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1701 __le16 psm = req->psm;
1da177e4
LT		 1702
1703 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1704
1705 /* Check if we have socket listening on psm */
1706 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1707 if (!parent) {
1708 result = L2CAP_CR_BAD_PSM;
1709 goto sendresp;
1710 }
1711
e7c29cb1
MH		 1712 /* Check if the ACL is secure enough (if not SDP) */
1713 if (psm != cpu_to_le16(0x0001) &&
1714 !hci_conn_check_link_mode(conn->hcon)) {
1715 result = L2CAP_CR_SEC_BLOCK;
1716 goto response;
1717 }
1718
1da177e4
LT		 1719 result = L2CAP_CR_NO_MEM;
1720
1721 /* Check for backlog size */
1722 if (sk_acceptq_is_full(parent)) {
8e87d142 1723 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1724 goto response;
1725 }
1726
3b1e0a65 1727 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 1728 if (!sk)
1729 goto response;
1730
fd1278d7 1731 write_lock_bh(&list->lock);
1da177e4
LT		 1732
1733 /* Check if we already have channel with that dcid */
1734 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 1735 write_unlock_bh(&list->lock);
1da177e4
LT		 1736 sock_set_flag(sk, SOCK_ZAPPED);
1737 l2cap_sock_kill(sk);
1738 goto response;
1739 }
1740
1741 hci_conn_hold(conn->hcon);
1742
1743 l2cap_sock_init(sk, parent);
1744 bacpy(&bt_sk(sk)->src, conn->src);
1745 bacpy(&bt_sk(sk)->dst, conn->dst);
1746 l2cap_pi(sk)->psm = psm;
1747 l2cap_pi(sk)->dcid = scid;
1748
1749 __l2cap_chan_add(conn, sk, parent);
1750 dcid = l2cap_pi(sk)->scid;
1751
1752 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1753
1da177e4
LT		 1754 l2cap_pi(sk)->ident = cmd->ident;
1755
79d554a6
MH		 1756 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1757 if (l2cap_check_link_mode(sk)) {
f66dc81f
MH		 1758 if (bt_sk(sk)->defer_setup) {
1759 sk->sk_state = BT_CONNECT2;
1760 result = L2CAP_CR_PEND;
1761 status = L2CAP_CS_AUTHOR_PEND;
1762 parent->sk_data_ready(parent, 0);
1763 } else {
1764 sk->sk_state = BT_CONFIG;
1765 result = L2CAP_CR_SUCCESS;
1766 status = L2CAP_CS_NO_INFO;
1767 }
79d554a6
MH		 1768 } else {
1769 sk->sk_state = BT_CONNECT2;
1770 result = L2CAP_CR_PEND;
1771 status = L2CAP_CS_AUTHEN_PEND;
1772 }
1773 } else {
1774 sk->sk_state = BT_CONNECT2;
1775 result = L2CAP_CR_PEND;
1776 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1777 }
1778
fd1278d7 1779 write_unlock_bh(&list->lock);
1da177e4
LT		 1780
1781response:
1782 bh_unlock_sock(parent);
1783
1784sendresp:
aca3192c
YH		 1785 rsp.scid = cpu_to_le16(scid);
1786 rsp.dcid = cpu_to_le16(dcid);
1787 rsp.result = cpu_to_le16(result);
1788 rsp.status = cpu_to_le16(status);
1da177e4 1789 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 1790
1791 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1792 struct l2cap_info_req info;
1793 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1794
1795 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1796 conn->info_ident = l2cap_get_ident(conn);
1797
1798 mod_timer(&conn->info_timer, jiffies +
1799 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1800
1801 l2cap_send_cmd(conn, conn->info_ident,
1802 L2CAP_INFO_REQ, sizeof(info), &info);
1803 }
1804
1da177e4
LT		 1805 return 0;
1806}
1807
1808static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1809{
1810 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1811 u16 scid, dcid, result, status;
1812 struct sock *sk;
1813 u8 req[128];
1814
1815 scid = __le16_to_cpu(rsp->scid);
1816 dcid = __le16_to_cpu(rsp->dcid);
1817 result = __le16_to_cpu(rsp->result);
1818 status = __le16_to_cpu(rsp->status);
1819
1820 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1821
1822 if (scid) {
1823 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1824 return 0;
1825 } else {
1826 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1827 return 0;
1828 }
1829
1830 switch (result) {
1831 case L2CAP_CR_SUCCESS:
1832 sk->sk_state = BT_CONFIG;
1833 l2cap_pi(sk)->ident = 0;
1834 l2cap_pi(sk)->dcid = dcid;
1835 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1836
1837 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1838 l2cap_build_conf_req(sk, req), req);
1839 break;
1840
1841 case L2CAP_CR_PEND:
1842 break;
1843
1844 default:
1845 l2cap_chan_del(sk, ECONNREFUSED);
1846 break;
1847 }
1848
1849 bh_unlock_sock(sk);
1850 return 0;
1851}
1852
88219a0f 1853static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 1854{
1855 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1856 u16 dcid, flags;
1857 u8 rsp[64];
1858 struct sock *sk;
5dee9e7c 1859 int len;
1da177e4
LT		 1860
1861 dcid = __le16_to_cpu(req->dcid);
1862 flags = __le16_to_cpu(req->flags);
1863
1864 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1865
1866 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1867 return -ENOENT;
1868
354f60a9
MH		 1869 if (sk->sk_state == BT_DISCONN)
1870 goto unlock;
1871
5dee9e7c 1872 /* Reject if config buffer is too small. */
88219a0f 1873 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 1874 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1875 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1876 l2cap_build_conf_rsp(sk, rsp,
1877 L2CAP_CONF_REJECT, flags), rsp);
1878 goto unlock;
1879 }
1880
1881 /* Store config. */
1882 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1883 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 1884
1885 if (flags & 0x0001) {
1886 /* Incomplete config. Send empty response. */
1887 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 1888 l2cap_build_conf_rsp(sk, rsp,
1889 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 1890 goto unlock;
1891 }
1892
1893 /* Complete config. */
5dee9e7c
MH		 1894 len = l2cap_parse_conf_req(sk, rsp);
1895 if (len < 0)
1da177e4
LT		 1896 goto unlock;
1897
5dee9e7c
MH		 1898 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1899
5dee9e7c
MH		 1900 /* Reset config buffer. */
1901 l2cap_pi(sk)->conf_len = 0;
1902
876d9484
MH		 1903 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1904 goto unlock;
1905
1da177e4
LT		 1906 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1907 sk->sk_state = BT_CONNECTED;
1908 l2cap_chan_ready(sk);
876d9484
MH		 1909 goto unlock;
1910 }
1911
1912 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 1913 u8 buf[64];
1da177e4 1914 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 1915 l2cap_build_conf_req(sk, buf), buf);
1da177e4
LT		 1916 }
1917
1918unlock:
1919 bh_unlock_sock(sk);
1920 return 0;
1921}
1922
1923static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1924{
1925 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1926 u16 scid, flags, result;
1927 struct sock *sk;
1928
1929 scid = __le16_to_cpu(rsp->scid);
1930 flags = __le16_to_cpu(rsp->flags);
1931 result = __le16_to_cpu(rsp->result);
1932
1933 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1934
1935 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1936 return 0;
1937
1938 switch (result) {
1939 case L2CAP_CONF_SUCCESS:
1940 break;
1941
1942 case L2CAP_CONF_UNACCEPT:
1943 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1944 char req[128];
1945 /* It does not make sense to adjust L2CAP parameters
1946 * that are currently defined in the spec. We simply
1947 * resend config request that we sent earlier. It is
1948 * stupid, but it helps qualification testing which
1949 * expects at least some response from us. */
1950 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1951 l2cap_build_conf_req(sk, req), req);
1952 goto done;
1953 }
1954
8e87d142 1955 default:
1da177e4 1956 sk->sk_state = BT_DISCONN;
b1235d79 1957 sk->sk_err = ECONNRESET;
1da177e4
LT		 1958 l2cap_sock_set_timer(sk, HZ * 5);
1959 {
1960 struct l2cap_disconn_req req;
aca3192c
YH		 1961 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
1962 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 1963 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1964 L2CAP_DISCONN_REQ, sizeof(req), &req);
1965 }
1966 goto done;
1967 }
1968
1969 if (flags & 0x01)
1970 goto done;
1971
1da177e4
LT		 1972 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1973
1974 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1975 sk->sk_state = BT_CONNECTED;
1976 l2cap_chan_ready(sk);
1977 }
1978
1979done:
1980 bh_unlock_sock(sk);
1981 return 0;
1982}
1983
1984static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1985{
1986 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1987 struct l2cap_disconn_rsp rsp;
1988 u16 dcid, scid;
1989 struct sock *sk;
1990
1991 scid = __le16_to_cpu(req->scid);
1992 dcid = __le16_to_cpu(req->dcid);
1993
1994 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1995
1996 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1997 return 0;
1998
aca3192c
YH		 1999 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2000 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2001 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2002
2003 sk->sk_shutdown = SHUTDOWN_MASK;
2004
2005 l2cap_chan_del(sk, ECONNRESET);
2006 bh_unlock_sock(sk);
2007
2008 l2cap_sock_kill(sk);
2009 return 0;
2010}
2011
2012static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2013{
2014 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2015 u16 dcid, scid;
2016 struct sock *sk;
2017
2018 scid = __le16_to_cpu(rsp->scid);
2019 dcid = __le16_to_cpu(rsp->dcid);
2020
2021 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2022
2023 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2024 return 0;
2025
2026 l2cap_chan_del(sk, 0);
2027 bh_unlock_sock(sk);
2028
2029 l2cap_sock_kill(sk);
2030 return 0;
2031}
2032
2033static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2034{
2035 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2036 u16 type;
2037
2038 type = __le16_to_cpu(req->type);
2039
2040 BT_DBG("type 0x%4.4x", type);
2041
f0709e03
MH		 2042 if (type == L2CAP_IT_FEAT_MASK) {
2043 u8 buf[8];
2044 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2045 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2046 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2047 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2048 l2cap_send_cmd(conn, cmd->ident,
2049 L2CAP_INFO_RSP, sizeof(buf), buf);
2050 } else {
2051 struct l2cap_info_rsp rsp;
2052 rsp.type = cpu_to_le16(type);
2053 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2054 l2cap_send_cmd(conn, cmd->ident,
2055 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2056 }
1da177e4
LT		 2057
2058 return 0;
2059}
2060
2061static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2062{
2063 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2064 u16 type, result;
2065
2066 type = __le16_to_cpu(rsp->type);
2067 result = __le16_to_cpu(rsp->result);
2068
2069 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2070
4e8402a3
MH		 2071 conn->info_ident = 0;
2072
2073 del_timer(&conn->info_timer);
2074
2075 if (type == L2CAP_IT_FEAT_MASK)
83985319 2076 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3
MH		 2077
2078 l2cap_conn_start(conn);
2079
1da177e4
LT		 2080 return 0;
2081}
2082
2083static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2084{
2085 u8 *data = skb->data;
2086 int len = skb->len;
2087 struct l2cap_cmd_hdr cmd;
2088 int err = 0;
2089
2090 l2cap_raw_recv(conn, skb);
2091
2092 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2093 u16 cmd_len;
1da177e4
LT		 2094 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2095 data += L2CAP_CMD_HDR_SIZE;
2096 len -= L2CAP_CMD_HDR_SIZE;
2097
88219a0f 2098 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2099
88219a0f 2100 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2101
88219a0f 2102 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2103 BT_DBG("corrupted command");
2104 break;
2105 }
2106
2107 switch (cmd.code) {
2108 case L2CAP_COMMAND_REJ:
4e8402a3 2109 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2110 break;
2111
2112 case L2CAP_CONN_REQ:
2113 err = l2cap_connect_req(conn, &cmd, data);
2114 break;
2115
2116 case L2CAP_CONN_RSP:
2117 err = l2cap_connect_rsp(conn, &cmd, data);
2118 break;
2119
2120 case L2CAP_CONF_REQ:
88219a0f 2121 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2122 break;
2123
2124 case L2CAP_CONF_RSP:
2125 err = l2cap_config_rsp(conn, &cmd, data);
2126 break;
2127
2128 case L2CAP_DISCONN_REQ:
2129 err = l2cap_disconnect_req(conn, &cmd, data);
2130 break;
2131
2132 case L2CAP_DISCONN_RSP:
2133 err = l2cap_disconnect_rsp(conn, &cmd, data);
2134 break;
2135
2136 case L2CAP_ECHO_REQ:
88219a0f 2137 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2138 break;
2139
2140 case L2CAP_ECHO_RSP:
2141 break;
2142
2143 case L2CAP_INFO_REQ:
2144 err = l2cap_information_req(conn, &cmd, data);
2145 break;
2146
2147 case L2CAP_INFO_RSP:
2148 err = l2cap_information_rsp(conn, &cmd, data);
2149 break;
2150
2151 default:
2152 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2153 err = -EINVAL;
2154 break;
2155 }
2156
2157 if (err) {
2158 struct l2cap_cmd_rej rej;
2159 BT_DBG("error %d", err);
2160
2161 /* FIXME: Map err to a valid reason */
aca3192c 2162 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2163 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2164 }
2165
88219a0f
AV		 2166 data += cmd_len;
2167 len -= cmd_len;
1da177e4
LT		 2168 }
2169
2170 kfree_skb(skb);
2171}
2172
2173static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2174{
2175 struct sock *sk;
2176
2177 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2178 if (!sk) {
2179 BT_DBG("unknown cid 0x%4.4x", cid);
2180 goto drop;
2181 }
2182
2183 BT_DBG("sk %p, len %d", sk, skb->len);
2184
2185 if (sk->sk_state != BT_CONNECTED)
2186 goto drop;
2187
2188 if (l2cap_pi(sk)->imtu < skb->len)
2189 goto drop;
2190
2191 /* If socket recv buffers overflows we drop data here
2192 * which is *bad* because L2CAP has to be reliable.
2193 * But we don't have any other choice. L2CAP doesn't
2194 * provide flow control mechanism. */
2195
2196 if (!sock_queue_rcv_skb(sk, skb))
2197 goto done;
2198
2199drop:
2200 kfree_skb(skb);
2201
2202done:
0139418c
MH		 2203 if (sk)
2204 bh_unlock_sock(sk);
2205
1da177e4
LT		 2206 return 0;
2207}
2208
8e036fc3 2209static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 2210{
2211 struct sock *sk;
2212
2213 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2214 if (!sk)
2215 goto drop;
2216
2217 BT_DBG("sk %p, len %d", sk, skb->len);
2218
2219 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2220 goto drop;
2221
2222 if (l2cap_pi(sk)->imtu < skb->len)
2223 goto drop;
2224
2225 if (!sock_queue_rcv_skb(sk, skb))
2226 goto done;
2227
2228drop:
2229 kfree_skb(skb);
2230
2231done:
2232 if (sk) bh_unlock_sock(sk);
2233 return 0;
2234}
2235
2236static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2237{
2238 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 2239 u16 cid, len;
2240 __le16 psm;
1da177e4
LT		 2241
2242 skb_pull(skb, L2CAP_HDR_SIZE);
2243 cid = __le16_to_cpu(lh->cid);
2244 len = __le16_to_cpu(lh->len);
2245
2246 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2247
2248 switch (cid) {
2249 case 0x0001:
2250 l2cap_sig_channel(conn, skb);
2251 break;
2252
2253 case 0x0002:
8e036fc3 2254 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 2255 skb_pull(skb, 2);
2256 l2cap_conless_channel(conn, psm, skb);
2257 break;
2258
2259 default:
2260 l2cap_data_channel(conn, cid, skb);
2261 break;
2262 }
2263}
2264
2265/* ---- L2CAP interface with lower layer (HCI) ---- */
2266
2267static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2268{
2269 int exact = 0, lm1 = 0, lm2 = 0;
2270 register struct sock *sk;
2271 struct hlist_node *node;
2272
2273 if (type != ACL_LINK)
2274 return 0;
2275
2276 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2277
2278 /* Find listening sockets and check their link_mode */
2279 read_lock(&l2cap_sk_list.lock);
2280 sk_for_each(sk, node, &l2cap_sk_list.head) {
2281 if (sk->sk_state != BT_LISTEN)
2282 continue;
2283
2284 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2285 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2286 exact++;
2287 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
2288 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2289 }
2290 read_unlock(&l2cap_sk_list.lock);
2291
2292 return exact ? lm1 : lm2;
2293}
2294
2295static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2296{
0139418c
MH		 2297 struct l2cap_conn *conn;
2298
1da177e4
LT		 2299 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2300
2301 if (hcon->type != ACL_LINK)
2302 return 0;
2303
2304 if (!status) {
1da177e4
LT		 2305 conn = l2cap_conn_add(hcon, status);
2306 if (conn)
2307 l2cap_conn_ready(conn);
0139418c 2308 } else
1da177e4
LT		 2309 l2cap_conn_del(hcon, bt_err(status));
2310
2311 return 0;
2312}
2313
2314static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2315{
2316 BT_DBG("hcon %p reason %d", hcon, reason);
2317
2318 if (hcon->type != ACL_LINK)
2319 return 0;
2320
2321 l2cap_conn_del(hcon, bt_err(reason));
0139418c 2322
1da177e4
LT		 2323 return 0;
2324}
2325
2326static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2327{
2328 struct l2cap_chan_list *l;
40be492f 2329 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2330 struct sock *sk;
1da177e4 2331
0139418c 2332 if (!conn)
1da177e4 2333 return 0;
0139418c 2334
1da177e4
LT		 2335 l = &conn->chan_list;
2336
2337 BT_DBG("conn %p", conn);
2338
2339 read_lock(&l->lock);
2340
2341 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
40be492f
MH		 2342 struct l2cap_pinfo *pi = l2cap_pi(sk);
2343
1da177e4
LT		 2344 bh_lock_sock(sk);
2345
40be492f 2346 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
b1235d79
MH		 2347 !(hcon->link_mode & HCI_LM_ENCRYPT) &&
2348 !status) {
1da177e4
LT		 2349 bh_unlock_sock(sk);
2350 continue;
2351 }
2352
b1235d79
MH		 2353 if (sk->sk_state == BT_CONNECT) {
2354 if (!status) {
2355 struct l2cap_conn_req req;
2356 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2357 req.psm = l2cap_pi(sk)->psm;
2358
2359 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2360
2361 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2362 L2CAP_CONN_REQ, sizeof(req), &req);
2363 } else {
2364 l2cap_sock_clear_timer(sk);
2365 l2cap_sock_set_timer(sk, HZ / 10);
2366 }
2367 } else if (sk->sk_state == BT_CONNECT2) {
2368 struct l2cap_conn_rsp rsp;
2369 __u16 result;
2370
2371 if (!status) {
2372 sk->sk_state = BT_CONFIG;
2373 result = L2CAP_CR_SUCCESS;
2374 } else {
2375 sk->sk_state = BT_DISCONN;
2376 l2cap_sock_set_timer(sk, HZ / 10);
2377 result = L2CAP_CR_SEC_BLOCK;
2378 }
1da177e4 2379
b1235d79
MH		 2380 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2381 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2382 rsp.result = cpu_to_le16(result);
e7c29cb1 2383 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2384 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2385 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2386 }
1da177e4
LT		 2387
2388 bh_unlock_sock(sk);
2389 }
2390
2391 read_unlock(&l->lock);
b1235d79 2392
1da177e4
LT		 2393 return 0;
2394}
2395
9719f8af 2396static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 2397{
2398 struct l2cap_chan_list *l;
0139418c 2399 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2400 struct sock *sk;
1da177e4 2401
0139418c 2402 if (!conn)
1da177e4 2403 return 0;
0139418c 2404
1da177e4
LT		 2405 l = &conn->chan_list;
2406
2407 BT_DBG("conn %p", conn);
2408
2409 read_lock(&l->lock);
2410
2411 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
9719f8af
MH		 2412 struct l2cap_pinfo *pi = l2cap_pi(sk);
2413
1da177e4
LT		 2414 bh_lock_sock(sk);
2415
9719f8af
MH		 2416 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2417 (sk->sk_state == BT_CONNECTED ||
2418 sk->sk_state == BT_CONFIG) &&
2419 !status && encrypt == 0x00) {
2420 __l2cap_sock_close(sk, ECONNREFUSED);
2421 bh_unlock_sock(sk);
2422 continue;
2423 }
2424
b1235d79
MH		 2425 if (sk->sk_state == BT_CONNECT) {
2426 if (!status) {
2427 struct l2cap_conn_req req;
2428 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2429 req.psm = l2cap_pi(sk)->psm;
1da177e4 2430
b1235d79 2431 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1da177e4 2432
b1235d79
MH		 2433 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2434 L2CAP_CONN_REQ, sizeof(req), &req);
2435 } else {
2436 l2cap_sock_clear_timer(sk);
2437 l2cap_sock_set_timer(sk, HZ / 10);
2438 }
2439 } else if (sk->sk_state == BT_CONNECT2) {
2440 struct l2cap_conn_rsp rsp;
2441 __u16 result;
1da177e4 2442
b1235d79
MH		 2443 if (!status) {
2444 sk->sk_state = BT_CONFIG;
2445 result = L2CAP_CR_SUCCESS;
2446 } else {
2447 sk->sk_state = BT_DISCONN;
2448 l2cap_sock_set_timer(sk, HZ / 10);
2449 result = L2CAP_CR_SEC_BLOCK;
2450 }
2451
2452 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2453 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2454 rsp.result = cpu_to_le16(result);
e7c29cb1 2455 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2456 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2457 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2458 }
1da177e4
LT		 2459
2460 bh_unlock_sock(sk);
2461 }
2462
2463 read_unlock(&l->lock);
b1235d79 2464
1da177e4
LT		 2465 return 0;
2466}
2467
2468static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2469{
2470 struct l2cap_conn *conn = hcon->l2cap_data;
2471
2472 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2473 goto drop;
2474
2475 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2476
2477 if (flags & ACL_START) {
2478 struct l2cap_hdr *hdr;
2479 int len;
2480
2481 if (conn->rx_len) {
2482 BT_ERR("Unexpected start frame (len %d)", skb->len);
2483 kfree_skb(conn->rx_skb);
2484 conn->rx_skb = NULL;
2485 conn->rx_len = 0;
2486 l2cap_conn_unreliable(conn, ECOMM);
2487 }
2488
2489 if (skb->len < 2) {
2490 BT_ERR("Frame is too short (len %d)", skb->len);
2491 l2cap_conn_unreliable(conn, ECOMM);
2492 goto drop;
2493 }
2494
2495 hdr = (struct l2cap_hdr *) skb->data;
2496 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2497
2498 if (len == skb->len) {
2499 /* Complete frame received */
2500 l2cap_recv_frame(conn, skb);
2501 return 0;
2502 }
2503
2504 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2505
2506 if (skb->len > len) {
2507 BT_ERR("Frame is too long (len %d, expected len %d)",
2508 skb->len, len);
2509 l2cap_conn_unreliable(conn, ECOMM);
2510 goto drop;
2511 }
2512
2513 /* Allocate skb for the complete frame (with header) */
2514 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2515 goto drop;
2516
d626f62b
ACM		 2517 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2518 skb->len);
1da177e4
LT		 2519 conn->rx_len = len - skb->len;
2520 } else {
2521 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2522
2523 if (!conn->rx_len) {
2524 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2525 l2cap_conn_unreliable(conn, ECOMM);
2526 goto drop;
2527 }
2528
2529 if (skb->len > conn->rx_len) {
2530 BT_ERR("Fragment is too long (len %d, expected %d)",
2531 skb->len, conn->rx_len);
2532 kfree_skb(conn->rx_skb);
2533 conn->rx_skb = NULL;
2534 conn->rx_len = 0;
2535 l2cap_conn_unreliable(conn, ECOMM);
2536 goto drop;
2537 }
2538
d626f62b
ACM		 2539 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2540 skb->len);
1da177e4
LT		 2541 conn->rx_len -= skb->len;
2542
2543 if (!conn->rx_len) {
2544 /* Complete frame received */
2545 l2cap_recv_frame(conn, conn->rx_skb);
2546 conn->rx_skb = NULL;
2547 }
2548 }
2549
2550drop:
2551 kfree_skb(skb);
2552 return 0;
2553}
2554
be9d1227 2555static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2556{
2557 struct sock *sk;
2558 struct hlist_node *node;
be9d1227 2559 char *str = buf;
1da177e4
LT		 2560
2561 read_lock_bh(&l2cap_sk_list.lock);
2562
be9d1227
MH		 2563 sk_for_each(sk, node, &l2cap_sk_list.head) {
2564 struct l2cap_pinfo *pi = l2cap_pi(sk);
1da177e4 2565
be9d1227
MH		 2566 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2567 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
73863976
MH		 2568 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2569 pi->imtu, pi->omtu, pi->link_mode);
be9d1227 2570 }
1da177e4 2571
1da177e4 2572 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 2573
be9d1227 2574 return (str - buf);
1da177e4
LT		 2575}
2576
be9d1227 2577static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
1da177e4 2578
90ddc4f0 2579static const struct proto_ops l2cap_sock_ops = {
1da177e4
LT		 2580 .family = PF_BLUETOOTH,
2581 .owner = THIS_MODULE,
2582 .release = l2cap_sock_release,
2583 .bind = l2cap_sock_bind,
2584 .connect = l2cap_sock_connect,
2585 .listen = l2cap_sock_listen,
2586 .accept = l2cap_sock_accept,
2587 .getname = l2cap_sock_getname,
2588 .sendmsg = l2cap_sock_sendmsg,
f66dc81f 2589 .recvmsg = l2cap_sock_recvmsg,
1da177e4 2590 .poll = bt_sock_poll,
3241ad82 2591 .ioctl = bt_sock_ioctl,
1da177e4
LT		 2592 .mmap = sock_no_mmap,
2593 .socketpair = sock_no_socketpair,
1da177e4
LT		 2594 .shutdown = l2cap_sock_shutdown,
2595 .setsockopt = l2cap_sock_setsockopt,
2596 .getsockopt = l2cap_sock_getsockopt
2597};
2598
2599static struct net_proto_family l2cap_sock_family_ops = {
2600 .family = PF_BLUETOOTH,
2601 .owner = THIS_MODULE,
2602 .create = l2cap_sock_create,
2603};
2604
2605static struct hci_proto l2cap_hci_proto = {
2606 .name = "L2CAP",
2607 .id = HCI_PROTO_L2CAP,
2608 .connect_ind = l2cap_connect_ind,
2609 .connect_cfm = l2cap_connect_cfm,
2610 .disconn_ind = l2cap_disconn_ind,
2611 .auth_cfm = l2cap_auth_cfm,
2612 .encrypt_cfm = l2cap_encrypt_cfm,
2613 .recv_acldata = l2cap_recv_acldata
2614};
2615
2616static int __init l2cap_init(void)
2617{
2618 int err;
be9d1227 2619
1da177e4
LT		 2620 err = proto_register(&l2cap_proto, 0);
2621 if (err < 0)
2622 return err;
2623
2624 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2625 if (err < 0) {
2626 BT_ERR("L2CAP socket registration failed");
2627 goto error;
2628 }
2629
2630 err = hci_register_proto(&l2cap_hci_proto);
2631 if (err < 0) {
2632 BT_ERR("L2CAP protocol registration failed");
2633 bt_sock_unregister(BTPROTO_L2CAP);
2634 goto error;
2635 }
2636
df5c37ea
MH		 2637 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2638 BT_ERR("Failed to create L2CAP info file");
1da177e4
LT		 2639
2640 BT_INFO("L2CAP ver %s", VERSION);
2641 BT_INFO("L2CAP socket layer initialized");
2642
2643 return 0;
2644
2645error:
2646 proto_unregister(&l2cap_proto);
2647 return err;
2648}
2649
2650static void __exit l2cap_exit(void)
2651{
a91f2e39 2652 class_remove_file(bt_class, &class_attr_l2cap);
1da177e4
LT		 2653
2654 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2655 BT_ERR("L2CAP socket unregistration failed");
2656
2657 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2658 BT_ERR("L2CAP protocol unregistration failed");
2659
2660 proto_unregister(&l2cap_proto);
2661}
2662
2663void l2cap_load(void)
2664{
2665 /* Dummy function to trigger automatic L2CAP module loading by
2666 * other modules that use L2CAP sockets but don't use any other
2667 * symbols from it. */
2668 return;
2669}
2670EXPORT_SYMBOL(l2cap_load);
2671
2672module_init(l2cap_init);
2673module_exit(l2cap_exit);
2674
63fbd24e 2675MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2676MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2677MODULE_VERSION(VERSION);
2678MODULE_LICENSE("GPL");
2679MODULE_ALIAS("bt-proto-0");
Linux kernel - Deliverables
This page took 0.553295 seconds and 5 git commands to generate.