projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Create separate l2cap_send_disconn_req() function
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
1da177e4 41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
af05b30b 43#include <linux/uaccess.h>
1da177e4
LT		 44#include <net/sock.h>
45
46#include <asm/system.h>
1da177e4
LT		 47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
44dd46de
MH		 53#define VERSION "2.14"
54
55static int enable_ertm = 0;
f0709e03 56
47ec1dcd 57static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 58static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 59
90ddc4f0 60static const struct proto_ops l2cap_sock_ops;
1da177e4
LT		 61
62static struct bt_sock_list l2cap_sk_list = {
d5fb2962 63 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 64};
65
1da177e4
LT		 66static void __l2cap_sock_close(struct sock *sk, int reason);
67static void l2cap_sock_close(struct sock *sk);
68static void l2cap_sock_kill(struct sock *sk);
69
70static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
72
73/* ---- L2CAP timers ---- */
74static void l2cap_sock_timeout(unsigned long arg)
75{
76 struct sock *sk = (struct sock *) arg;
b1235d79 77 int reason;
1da177e4
LT		 78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
b1235d79 82
f62e4323
MH		 83 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
84 reason = ECONNREFUSED;
85 else if (sk->sk_state == BT_CONNECT &&
2af6b9d5 86 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
b1235d79
MH		 87 reason = ECONNREFUSED;
88 else
89 reason = ETIMEDOUT;
90
91 __l2cap_sock_close(sk, reason);
92
1da177e4
LT		 93 bh_unlock_sock(sk);
94
95 l2cap_sock_kill(sk);
96 sock_put(sk);
97}
98
99static void l2cap_sock_set_timer(struct sock *sk, long timeout)
100{
101 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
102 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
103}
104
105static void l2cap_sock_clear_timer(struct sock *sk)
106{
107 BT_DBG("sock %p state %d", sk, sk->sk_state);
108 sk_stop_timer(sk, &sk->sk_timer);
109}
110
0139418c
MH		 111/* ---- L2CAP channels ---- */
112static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113{
114 struct sock *s;
115 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
116 if (l2cap_pi(s)->dcid == cid)
117 break;
118 }
119 return s;
120}
121
122static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123{
124 struct sock *s;
125 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
126 if (l2cap_pi(s)->scid == cid)
127 break;
128 }
129 return s;
130}
131
132/* Find channel with given SCID.
133 * Returns locked socket */
134static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
135{
136 struct sock *s;
137 read_lock(&l->lock);
138 s = __l2cap_get_chan_by_scid(l, cid);
af05b30b
GP		 139 if (s)
140 bh_lock_sock(s);
0139418c
MH		 141 read_unlock(&l->lock);
142 return s;
143}
144
145static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
146{
147 struct sock *s;
148 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
149 if (l2cap_pi(s)->ident == ident)
150 break;
151 }
152 return s;
153}
154
155static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156{
157 struct sock *s;
158 read_lock(&l->lock);
159 s = __l2cap_get_chan_by_ident(l, ident);
af05b30b
GP		 160 if (s)
161 bh_lock_sock(s);
0139418c
MH		 162 read_unlock(&l->lock);
163 return s;
164}
165
166static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
167{
8db4dc46 168 u16 cid = L2CAP_CID_DYN_START;
0139418c 169
8db4dc46 170 for (; cid < L2CAP_CID_DYN_END; cid++) {
af05b30b 171 if (!__l2cap_get_chan_by_scid(l, cid))
0139418c
MH		 172 return cid;
173 }
174
175 return 0;
176}
177
178static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
179{
180 sock_hold(sk);
181
182 if (l->head)
183 l2cap_pi(l->head)->prev_c = sk;
184
185 l2cap_pi(sk)->next_c = l->head;
186 l2cap_pi(sk)->prev_c = NULL;
187 l->head = sk;
188}
189
190static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
191{
192 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
193
fd1278d7 194 write_lock_bh(&l->lock);
0139418c
MH		 195 if (sk == l->head)
196 l->head = next;
197
198 if (next)
199 l2cap_pi(next)->prev_c = prev;
200 if (prev)
201 l2cap_pi(prev)->next_c = next;
fd1278d7 202 write_unlock_bh(&l->lock);
0139418c
MH		 203
204 __sock_put(sk);
205}
206
207static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
208{
209 struct l2cap_chan_list *l = &conn->chan_list;
210
af05b30b
GP		 211 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
212 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
0139418c 213
2950f21a
MH		 214 conn->disc_reason = 0x13;
215
0139418c
MH		 216 l2cap_pi(sk)->conn = conn;
217
218 if (sk->sk_type == SOCK_SEQPACKET) {
219 /* Alloc CID for connection-oriented socket */
220 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
221 } else if (sk->sk_type == SOCK_DGRAM) {
222 /* Connectionless socket */
8db4dc46
GP		 223 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
224 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
0139418c
MH		 225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
226 } else {
227 /* Raw socket can send/recv signalling messages only */
8db4dc46
GP		 228 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
229 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
0139418c
MH		 230 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
231 }
232
233 __l2cap_chan_link(l, sk);
234
235 if (parent)
236 bt_accept_enqueue(parent, sk);
237}
238
8e87d142 239/* Delete channel.
0139418c
MH		 240 * Must be called on the locked socket. */
241static void l2cap_chan_del(struct sock *sk, int err)
242{
243 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
244 struct sock *parent = bt_sk(sk)->parent;
245
246 l2cap_sock_clear_timer(sk);
247
248 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
249
8e87d142 250 if (conn) {
0139418c
MH		 251 /* Unlink from channel list */
252 l2cap_chan_unlink(&conn->chan_list, sk);
253 l2cap_pi(sk)->conn = NULL;
254 hci_conn_put(conn->hcon);
255 }
256
b1235d79 257 sk->sk_state = BT_CLOSED;
0139418c
MH		 258 sock_set_flag(sk, SOCK_ZAPPED);
259
260 if (err)
261 sk->sk_err = err;
262
263 if (parent) {
264 bt_accept_unlink(sk);
265 parent->sk_data_ready(parent, 0);
266 } else
267 sk->sk_state_change(sk);
268}
269
79d554a6 270/* Service level security */
2af6b9d5 271static inline int l2cap_check_security(struct sock *sk)
79d554a6
MH		 272{
273 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
0684e5f9
MH		 274 __u8 auth_type;
275
00ae4af9
MH		 276 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
278 auth_type = HCI_AT_NO_BONDING_MITM;
279 else
af05b30b 280 auth_type = HCI_AT_NO_BONDING;
00ae4af9
MH		 281
282 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
283 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
284 } else {
285 switch (l2cap_pi(sk)->sec_level) {
286 case BT_SECURITY_HIGH:
287 auth_type = HCI_AT_GENERAL_BONDING_MITM;
288 break;
289 case BT_SECURITY_MEDIUM:
290 auth_type = HCI_AT_GENERAL_BONDING;
291 break;
292 default:
293 auth_type = HCI_AT_NO_BONDING;
294 break;
295 }
0684e5f9 296 }
79d554a6 297
0684e5f9
MH		 298 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
299 auth_type);
79d554a6
MH		 300}
301
4e8402a3
MH		 302static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
303{
304 u8 id;
305
306 /* Get next available identificator.
307 * 1 - 128 are used by kernel.
308 * 129 - 199 are reserved.
309 * 200 - 254 are used by utilities like l2ping, etc.
310 */
311
312 spin_lock_bh(&conn->lock);
313
314 if (++conn->tx_ident > 128)
315 conn->tx_ident = 1;
316
317 id = conn->tx_ident;
318
319 spin_unlock_bh(&conn->lock);
320
321 return id;
322}
323
324static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
325{
326 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
327
328 BT_DBG("code 0x%2.2x", code);
329
330 if (!skb)
331 return -ENOMEM;
332
333 return hci_send_acl(conn->hcon, skb, 0);
334}
335
79d554a6
MH		 336static void l2cap_do_start(struct sock *sk)
337{
338 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
339
340 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 341 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
342 return;
343
2af6b9d5 344 if (l2cap_check_security(sk)) {
b1235d79
MH		 345 struct l2cap_conn_req req;
346 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
347 req.psm = l2cap_pi(sk)->psm;
79d554a6 348
b1235d79 349 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 350
b1235d79 351 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 352 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 353 }
79d554a6
MH		 354 } else {
355 struct l2cap_info_req req;
356 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
357
358 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
359 conn->info_ident = l2cap_get_ident(conn);
360
361 mod_timer(&conn->info_timer, jiffies +
362 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
363
364 l2cap_send_cmd(conn, conn->info_ident,
365 L2CAP_INFO_REQ, sizeof(req), &req);
366 }
367}
368
22121fc9
GP		 369static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
370{
371 struct l2cap_disconn_req req;
372
373 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
374 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
375 l2cap_send_cmd(conn, l2cap_get_ident(conn),
376 L2CAP_DISCONN_REQ, sizeof(req), &req);
377}
378
1da177e4 379/* ---- L2CAP connections ---- */
4e8402a3
MH		 380static void l2cap_conn_start(struct l2cap_conn *conn)
381{
382 struct l2cap_chan_list *l = &conn->chan_list;
383 struct sock *sk;
384
385 BT_DBG("conn %p", conn);
386
387 read_lock(&l->lock);
388
389 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
390 bh_lock_sock(sk);
391
392 if (sk->sk_type != SOCK_SEQPACKET) {
79d554a6
MH		 393 bh_unlock_sock(sk);
394 continue;
395 }
396
397 if (sk->sk_state == BT_CONNECT) {
2af6b9d5 398 if (l2cap_check_security(sk)) {
b1235d79
MH		 399 struct l2cap_conn_req req;
400 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
401 req.psm = l2cap_pi(sk)->psm;
79d554a6 402
b1235d79 403 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 404
b1235d79 405 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4e8402a3 406 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 407 }
79d554a6
MH		 408 } else if (sk->sk_state == BT_CONNECT2) {
409 struct l2cap_conn_rsp rsp;
410 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
411 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
412
2af6b9d5 413 if (l2cap_check_security(sk)) {
f66dc81f
MH		 414 if (bt_sk(sk)->defer_setup) {
415 struct sock *parent = bt_sk(sk)->parent;
416 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
417 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
418 parent->sk_data_ready(parent, 0);
419
420 } else {
421 sk->sk_state = BT_CONFIG;
422 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
423 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
424 }
79d554a6
MH		 425 } else {
426 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
427 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
428 }
429
430 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
431 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4e8402a3
MH		 432 }
433
434 bh_unlock_sock(sk);
435 }
436
437 read_unlock(&l->lock);
438}
439
440static void l2cap_conn_ready(struct l2cap_conn *conn)
441{
79d554a6
MH		 442 struct l2cap_chan_list *l = &conn->chan_list;
443 struct sock *sk;
4e8402a3 444
79d554a6 445 BT_DBG("conn %p", conn);
4e8402a3 446
79d554a6 447 read_lock(&l->lock);
4e8402a3 448
79d554a6
MH		 449 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
450 bh_lock_sock(sk);
4e8402a3 451
79d554a6
MH		 452 if (sk->sk_type != SOCK_SEQPACKET) {
453 l2cap_sock_clear_timer(sk);
454 sk->sk_state = BT_CONNECTED;
455 sk->sk_state_change(sk);
456 } else if (sk->sk_state == BT_CONNECT)
457 l2cap_do_start(sk);
4e8402a3 458
79d554a6 459 bh_unlock_sock(sk);
4e8402a3 460 }
79d554a6
MH		 461
462 read_unlock(&l->lock);
4e8402a3
MH		 463}
464
465/* Notify sockets that we cannot guaranty reliability anymore */
466static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
467{
468 struct l2cap_chan_list *l = &conn->chan_list;
469 struct sock *sk;
470
471 BT_DBG("conn %p", conn);
472
473 read_lock(&l->lock);
474
475 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 476 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 477 sk->sk_err = err;
478 }
479
480 read_unlock(&l->lock);
481}
482
483static void l2cap_info_timeout(unsigned long arg)
484{
485 struct l2cap_conn *conn = (void *) arg;
486
984947dc 487 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 488 conn->info_ident = 0;
984947dc 489
4e8402a3
MH		 490 l2cap_conn_start(conn);
491}
492
1da177e4
LT		 493static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
494{
0139418c 495 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 496
0139418c 497 if (conn || status)
1da177e4
LT		 498 return conn;
499
0139418c
MH		 500 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
501 if (!conn)
1da177e4 502 return NULL;
1da177e4
LT		 503
504 hcon->l2cap_data = conn;
505 conn->hcon = hcon;
506
0139418c
MH		 507 BT_DBG("hcon %p conn %p", hcon, conn);
508
1da177e4
LT		 509 conn->mtu = hcon->hdev->acl_mtu;
510 conn->src = &hcon->hdev->bdaddr;
511 conn->dst = &hcon->dst;
512
4e8402a3
MH		 513 conn->feat_mask = 0;
514
b1235d79
MH		 515 setup_timer(&conn->info_timer, l2cap_info_timeout,
516 (unsigned long) conn);
4e8402a3 517
1da177e4
LT		 518 spin_lock_init(&conn->lock);
519 rwlock_init(&conn->chan_list.lock);
520
2950f21a
MH		 521 conn->disc_reason = 0x13;
522
1da177e4
LT		 523 return conn;
524}
525
0139418c 526static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 527{
0139418c 528 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 529 struct sock *sk;
530
0139418c
MH		 531 if (!conn)
532 return;
1da177e4
LT		 533
534 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
535
7585b97a 536 kfree_skb(conn->rx_skb);
1da177e4
LT		 537
538 /* Kill channels */
539 while ((sk = conn->chan_list.head)) {
540 bh_lock_sock(sk);
541 l2cap_chan_del(sk, err);
542 bh_unlock_sock(sk);
543 l2cap_sock_kill(sk);
544 }
545
8e8440f5
DY		 546 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
547 del_timer_sync(&conn->info_timer);
3ab22731 548
1da177e4
LT		 549 hcon->l2cap_data = NULL;
550 kfree(conn);
1da177e4
LT		 551}
552
553static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
554{
555 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 556 write_lock_bh(&l->lock);
1da177e4 557 __l2cap_chan_add(conn, sk, parent);
fd1278d7 558 write_unlock_bh(&l->lock);
1da177e4
LT		 559}
560
1da177e4 561/* ---- Socket interface ---- */
8e036fc3 562static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
1da177e4
LT		 563{
564 struct sock *sk;
565 struct hlist_node *node;
566 sk_for_each(sk, node, &l2cap_sk_list.head)
567 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
568 goto found;
569 sk = NULL;
570found:
571 return sk;
572}
573
574/* Find socket with psm and source bdaddr.
575 * Returns closest match.
576 */
8e036fc3 577static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 578{
579 struct sock *sk = NULL, *sk1 = NULL;
580 struct hlist_node *node;
581
582 sk_for_each(sk, node, &l2cap_sk_list.head) {
583 if (state && sk->sk_state != state)
584 continue;
585
586 if (l2cap_pi(sk)->psm == psm) {
587 /* Exact match. */
588 if (!bacmp(&bt_sk(sk)->src, src))
589 break;
590
591 /* Closest match */
592 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
593 sk1 = sk;
594 }
595 }
596 return node ? sk : sk1;
597}
598
599/* Find socket with given address (psm, src).
600 * Returns locked socket */
8e036fc3 601static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 602{
603 struct sock *s;
604 read_lock(&l2cap_sk_list.lock);
605 s = __l2cap_get_sock_by_psm(state, psm, src);
af05b30b
GP		 606 if (s)
607 bh_lock_sock(s);
1da177e4
LT		 608 read_unlock(&l2cap_sk_list.lock);
609 return s;
610}
611
612static void l2cap_sock_destruct(struct sock *sk)
613{
614 BT_DBG("sk %p", sk);
615
616 skb_queue_purge(&sk->sk_receive_queue);
617 skb_queue_purge(&sk->sk_write_queue);
618}
619
620static void l2cap_sock_cleanup_listen(struct sock *parent)
621{
622 struct sock *sk;
623
624 BT_DBG("parent %p", parent);
625
626 /* Close not yet accepted channels */
627 while ((sk = bt_accept_dequeue(parent, NULL)))
628 l2cap_sock_close(sk);
629
b1235d79 630 parent->sk_state = BT_CLOSED;
1da177e4
LT		 631 sock_set_flag(parent, SOCK_ZAPPED);
632}
633
634/* Kill socket (only if zapped and orphan)
635 * Must be called on unlocked socket.
636 */
637static void l2cap_sock_kill(struct sock *sk)
638{
639 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
640 return;
641
642 BT_DBG("sk %p state %d", sk, sk->sk_state);
643
644 /* Kill poor orphan */
645 bt_sock_unlink(&l2cap_sk_list, sk);
646 sock_set_flag(sk, SOCK_DEAD);
647 sock_put(sk);
648}
649
650static void __l2cap_sock_close(struct sock *sk, int reason)
651{
652 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
653
654 switch (sk->sk_state) {
655 case BT_LISTEN:
656 l2cap_sock_cleanup_listen(sk);
657 break;
658
659 case BT_CONNECTED:
660 case BT_CONFIG:
1da177e4
LT		 661 if (sk->sk_type == SOCK_SEQPACKET) {
662 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1da177e4
LT		 663
664 sk->sk_state = BT_DISCONN;
665 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
22121fc9 666 l2cap_send_disconn_req(conn, sk);
b1235d79 667 } else
1da177e4 668 l2cap_chan_del(sk, reason);
1da177e4
LT		 669 break;
670
f66dc81f
MH		 671 case BT_CONNECT2:
672 if (sk->sk_type == SOCK_SEQPACKET) {
673 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
674 struct l2cap_conn_rsp rsp;
675 __u16 result;
676
677 if (bt_sk(sk)->defer_setup)
678 result = L2CAP_CR_SEC_BLOCK;
679 else
680 result = L2CAP_CR_BAD_PSM;
681
682 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
683 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
684 rsp.result = cpu_to_le16(result);
685 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
686 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
687 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
688 } else
689 l2cap_chan_del(sk, reason);
690 break;
691
1da177e4
LT		 692 case BT_CONNECT:
693 case BT_DISCONN:
694 l2cap_chan_del(sk, reason);
695 break;
696
697 default:
698 sock_set_flag(sk, SOCK_ZAPPED);
699 break;
700 }
701}
702
703/* Must be called on unlocked socket. */
704static void l2cap_sock_close(struct sock *sk)
705{
706 l2cap_sock_clear_timer(sk);
707 lock_sock(sk);
708 __l2cap_sock_close(sk, ECONNRESET);
709 release_sock(sk);
710 l2cap_sock_kill(sk);
711}
712
713static void l2cap_sock_init(struct sock *sk, struct sock *parent)
714{
715 struct l2cap_pinfo *pi = l2cap_pi(sk);
716
717 BT_DBG("sk %p", sk);
718
719 if (parent) {
720 sk->sk_type = parent->sk_type;
f66dc81f
MH		 721 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
722
1da177e4
LT		 723 pi->imtu = l2cap_pi(parent)->imtu;
724 pi->omtu = l2cap_pi(parent)->omtu;
c6b03cf9
MH		 725 pi->mode = l2cap_pi(parent)->mode;
726 pi->fcs = l2cap_pi(parent)->fcs;
2af6b9d5
MH		 727 pi->sec_level = l2cap_pi(parent)->sec_level;
728 pi->role_switch = l2cap_pi(parent)->role_switch;
729 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1da177e4
LT		 730 } else {
731 pi->imtu = L2CAP_DEFAULT_MTU;
732 pi->omtu = 0;
c6b03cf9
MH		 733 pi->mode = L2CAP_MODE_BASIC;
734 pi->fcs = L2CAP_FCS_CRC16;
2af6b9d5
MH		 735 pi->sec_level = BT_SECURITY_LOW;
736 pi->role_switch = 0;
737 pi->force_reliable = 0;
1da177e4
LT		 738 }
739
740 /* Default config options */
5dee9e7c 741 pi->conf_len = 0;
1da177e4
LT		 742 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
743}
744
745static struct proto l2cap_proto = {
746 .name = "L2CAP",
747 .owner = THIS_MODULE,
748 .obj_size = sizeof(struct l2cap_pinfo)
749};
750
1b8d7ae4 751static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 752{
753 struct sock *sk;
754
6257ff21 755 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1da177e4
LT		 756 if (!sk)
757 return NULL;
758
759 sock_init_data(sock, sk);
760 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
761
762 sk->sk_destruct = l2cap_sock_destruct;
4e8402a3 763 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1da177e4
LT		 764
765 sock_reset_flag(sk, SOCK_ZAPPED);
766
767 sk->sk_protocol = proto;
b1235d79 768 sk->sk_state = BT_OPEN;
1da177e4 769
b1235d79 770 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1da177e4
LT		 771
772 bt_sock_link(&l2cap_sk_list, sk);
773 return sk;
774}
775
1b8d7ae4 776static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 777{
778 struct sock *sk;
779
780 BT_DBG("sock %p", sock);
781
782 sock->state = SS_UNCONNECTED;
783
784 if (sock->type != SOCK_SEQPACKET &&
785 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
786 return -ESOCKTNOSUPPORT;
787
788 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
789 return -EPERM;
790
791 sock->ops = &l2cap_sock_ops;
792
1b8d7ae4 793 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1da177e4
LT		 794 if (!sk)
795 return -ENOMEM;
796
797 l2cap_sock_init(sk, NULL);
798 return 0;
799}
800
f29972de 801static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
1da177e4 802{
1da177e4 803 struct sock *sk = sock->sk;
f29972de
MH		 804 struct sockaddr_l2 la;
805 int len, err = 0;
1da177e4 806
f29972de 807 BT_DBG("sk %p", sk);
1da177e4
LT		 808
809 if (!addr || addr->sa_family != AF_BLUETOOTH)
810 return -EINVAL;
811
f29972de
MH		 812 memset(&la, 0, sizeof(la));
813 len = min_t(unsigned int, sizeof(la), alen);
814 memcpy(&la, addr, len);
815
2a517ca6
MH		 816 if (la.l2_cid)
817 return -EINVAL;
818
1da177e4
LT		 819 lock_sock(sk);
820
821 if (sk->sk_state != BT_OPEN) {
822 err = -EBADFD;
823 goto done;
824 }
825
b4324b5d 826 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
847641d7
MH		 827 !capable(CAP_NET_BIND_SERVICE)) {
828 err = -EACCES;
829 goto done;
830 }
8e87d142 831
1da177e4
LT		 832 write_lock_bh(&l2cap_sk_list.lock);
833
f29972de 834 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1da177e4
LT		 835 err = -EADDRINUSE;
836 } else {
837 /* Save source address */
f29972de
MH		 838 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
839 l2cap_pi(sk)->psm = la.l2_psm;
840 l2cap_pi(sk)->sport = la.l2_psm;
1da177e4 841 sk->sk_state = BT_BOUND;
2af6b9d5 842
b4324b5d
MH		 843 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
844 __le16_to_cpu(la.l2_psm) == 0x0003)
2af6b9d5 845 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1da177e4
LT		 846 }
847
848 write_unlock_bh(&l2cap_sk_list.lock);
849
850done:
851 release_sock(sk);
852 return err;
853}
854
855static int l2cap_do_connect(struct sock *sk)
856{
857 bdaddr_t *src = &bt_sk(sk)->src;
858 bdaddr_t *dst = &bt_sk(sk)->dst;
859 struct l2cap_conn *conn;
860 struct hci_conn *hcon;
861 struct hci_dev *hdev;
09ab6f4c 862 __u8 auth_type;
44d0e48e 863 int err;
1da177e4 864
f29972de
MH		 865 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
866 l2cap_pi(sk)->psm);
1da177e4 867
af05b30b
GP		 868 hdev = hci_get_route(dst, src);
869 if (!hdev)
1da177e4
LT		 870 return -EHOSTUNREACH;
871
872 hci_dev_lock_bh(hdev);
873
874 err = -ENOMEM;
875
8c1b2355 876 if (sk->sk_type == SOCK_RAW) {
2af6b9d5
MH		 877 switch (l2cap_pi(sk)->sec_level) {
878 case BT_SECURITY_HIGH:
8c1b2355 879 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2af6b9d5
MH		 880 break;
881 case BT_SECURITY_MEDIUM:
8c1b2355 882 auth_type = HCI_AT_DEDICATED_BONDING;
2af6b9d5
MH		 883 break;
884 default:
09ab6f4c 885 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 886 break;
887 }
8c1b2355 888 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
2af6b9d5 889 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8c1b2355 890 auth_type = HCI_AT_NO_BONDING_MITM;
09ab6f4c 891 else
8c1b2355 892 auth_type = HCI_AT_NO_BONDING;
435fef20
MH		 893
894 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
895 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
8c1b2355 896 } else {
2af6b9d5
MH		 897 switch (l2cap_pi(sk)->sec_level) {
898 case BT_SECURITY_HIGH:
8c1b2355 899 auth_type = HCI_AT_GENERAL_BONDING_MITM;
2af6b9d5
MH		 900 break;
901 case BT_SECURITY_MEDIUM:
09ab6f4c 902 auth_type = HCI_AT_GENERAL_BONDING;
2af6b9d5
MH		 903 break;
904 default:
8c1b2355 905 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 906 break;
907 }
09ab6f4c
MH		 908 }
909
2af6b9d5
MH		 910 hcon = hci_connect(hdev, ACL_LINK, dst,
911 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 912 if (!hcon)
913 goto done;
914
915 conn = l2cap_conn_add(hcon, 0);
916 if (!conn) {
917 hci_conn_put(hcon);
918 goto done;
919 }
920
921 err = 0;
922
923 /* Update source addr of the socket */
924 bacpy(src, conn->src);
925
926 l2cap_chan_add(conn, sk, NULL);
927
928 sk->sk_state = BT_CONNECT;
929 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
930
931 if (hcon->state == BT_CONNECTED) {
79d554a6 932 if (sk->sk_type != SOCK_SEQPACKET) {
1da177e4
LT		 933 l2cap_sock_clear_timer(sk);
934 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 935 } else
936 l2cap_do_start(sk);
1da177e4
LT		 937 }
938
939done:
940 hci_dev_unlock_bh(hdev);
941 hci_dev_put(hdev);
942 return err;
943}
944
945static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
946{
1da177e4 947 struct sock *sk = sock->sk;
f29972de
MH		 948 struct sockaddr_l2 la;
949 int len, err = 0;
1da177e4 950
1da177e4
LT		 951 BT_DBG("sk %p", sk);
952
2a517ca6
MH		 953 if (!addr || addr->sa_family != AF_BLUETOOTH)
954 return -EINVAL;
1da177e4 955
f29972de
MH		 956 memset(&la, 0, sizeof(la));
957 len = min_t(unsigned int, sizeof(la), alen);
958 memcpy(&la, addr, len);
959
2a517ca6
MH		 960 if (la.l2_cid)
961 return -EINVAL;
962
963 lock_sock(sk);
964
f29972de 965 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
1da177e4
LT		 966 err = -EINVAL;
967 goto done;
968 }
969
c6b03cf9
MH		 970 switch (l2cap_pi(sk)->mode) {
971 case L2CAP_MODE_BASIC:
972 break;
973 case L2CAP_MODE_ERTM:
f2fcfcd6 974 case L2CAP_MODE_STREAMING:
c6b03cf9
MH		 975 if (enable_ertm)
976 break;
977 /* fall through */
978 default:
979 err = -ENOTSUPP;
980 goto done;
981 }
982
af05b30b 983 switch (sk->sk_state) {
1da177e4
LT		 984 case BT_CONNECT:
985 case BT_CONNECT2:
986 case BT_CONFIG:
987 /* Already connecting */
988 goto wait;
989
990 case BT_CONNECTED:
991 /* Already connected */
992 goto done;
993
994 case BT_OPEN:
995 case BT_BOUND:
996 /* Can connect */
997 break;
998
999 default:
1000 err = -EBADFD;
1001 goto done;
1002 }
1003
1004 /* Set destination address and psm */
f29972de
MH		 1005 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1006 l2cap_pi(sk)->psm = la.l2_psm;
1da177e4 1007
af05b30b
GP		 1008 err = l2cap_do_connect(sk);
1009 if (err)
1da177e4
LT		 1010 goto done;
1011
1012wait:
1013 err = bt_sock_wait_state(sk, BT_CONNECTED,
1014 sock_sndtimeo(sk, flags & O_NONBLOCK));
1015done:
1016 release_sock(sk);
1017 return err;
1018}
1019
1020static int l2cap_sock_listen(struct socket *sock, int backlog)
1021{
1022 struct sock *sk = sock->sk;
1023 int err = 0;
1024
1025 BT_DBG("sk %p backlog %d", sk, backlog);
1026
1027 lock_sock(sk);
1028
1029 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1030 err = -EBADFD;
1031 goto done;
1032 }
1033
c6b03cf9
MH		 1034 switch (l2cap_pi(sk)->mode) {
1035 case L2CAP_MODE_BASIC:
1036 break;
1037 case L2CAP_MODE_ERTM:
f2fcfcd6 1038 case L2CAP_MODE_STREAMING:
c6b03cf9
MH		 1039 if (enable_ertm)
1040 break;
1041 /* fall through */
1042 default:
1043 err = -ENOTSUPP;
1044 goto done;
1045 }
1046
1da177e4
LT		 1047 if (!l2cap_pi(sk)->psm) {
1048 bdaddr_t *src = &bt_sk(sk)->src;
1049 u16 psm;
1050
1051 err = -EINVAL;
1052
1053 write_lock_bh(&l2cap_sk_list.lock);
1054
1055 for (psm = 0x1001; psm < 0x1100; psm += 2)
b4324b5d
MH		 1056 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1057 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1058 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1da177e4
LT		 1059 err = 0;
1060 break;
1061 }
1062
1063 write_unlock_bh(&l2cap_sk_list.lock);
1064
1065 if (err < 0)
1066 goto done;
1067 }
1068
1069 sk->sk_max_ack_backlog = backlog;
1070 sk->sk_ack_backlog = 0;
1071 sk->sk_state = BT_LISTEN;
1072
1073done:
1074 release_sock(sk);
1075 return err;
1076}
1077
1078static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1079{
1080 DECLARE_WAITQUEUE(wait, current);
1081 struct sock *sk = sock->sk, *nsk;
1082 long timeo;
1083 int err = 0;
1084
fcc70d5f 1085 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1086
1087 if (sk->sk_state != BT_LISTEN) {
1088 err = -EBADFD;
1089 goto done;
1090 }
1091
1092 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1093
1094 BT_DBG("sk %p timeo %ld", sk, timeo);
1095
1096 /* Wait for an incoming connection. (wake-one). */
1097 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1098 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1099 set_current_state(TASK_INTERRUPTIBLE);
1100 if (!timeo) {
1101 err = -EAGAIN;
1102 break;
1103 }
1104
1105 release_sock(sk);
1106 timeo = schedule_timeout(timeo);
fcc70d5f 1107 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1108
1109 if (sk->sk_state != BT_LISTEN) {
1110 err = -EBADFD;
1111 break;
1112 }
1113
1114 if (signal_pending(current)) {
1115 err = sock_intr_errno(timeo);
1116 break;
1117 }
1118 }
1119 set_current_state(TASK_RUNNING);
1120 remove_wait_queue(sk->sk_sleep, &wait);
1121
1122 if (err)
1123 goto done;
1124
1125 newsock->state = SS_CONNECTED;
1126
1127 BT_DBG("new socket %p", nsk);
1128
1129done:
1130 release_sock(sk);
1131 return err;
1132}
1133
1134static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1135{
1136 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1137 struct sock *sk = sock->sk;
1138
1139 BT_DBG("sock %p, sk %p", sock, sk);
1140
1141 addr->sa_family = AF_BLUETOOTH;
1142 *len = sizeof(struct sockaddr_l2);
1143
f29972de
MH		 1144 if (peer) {
1145 la->l2_psm = l2cap_pi(sk)->psm;
1da177e4 1146 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
b4324b5d 1147 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
f29972de
MH		 1148 } else {
1149 la->l2_psm = l2cap_pi(sk)->sport;
1da177e4 1150 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
b4324b5d 1151 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
f29972de 1152 }
1da177e4 1153
1da177e4
LT		 1154 return 0;
1155}
1156
1157static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1158{
1159 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1160 struct sk_buff *skb, **frag;
af05b30b 1161 int err, hlen, count, sent = 0;
1da177e4
LT		 1162 struct l2cap_hdr *lh;
1163
1164 BT_DBG("sk %p len %d", sk, len);
1165
1166 /* First fragment (with L2CAP header) */
1167 if (sk->sk_type == SOCK_DGRAM)
1168 hlen = L2CAP_HDR_SIZE + 2;
1169 else
1170 hlen = L2CAP_HDR_SIZE;
1171
1172 count = min_t(unsigned int, (conn->mtu - hlen), len);
1173
1174 skb = bt_skb_send_alloc(sk, hlen + count,
1175 msg->msg_flags & MSG_DONTWAIT, &err);
1176 if (!skb)
1177 return err;
1178
1179 /* Create L2CAP header */
1180 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1181 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1182 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1da177e4
LT		 1183
1184 if (sk->sk_type == SOCK_DGRAM)
8e036fc3 1185 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1da177e4
LT		 1186
1187 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1188 err = -EFAULT;
1189 goto fail;
1190 }
1191
1192 sent += count;
1193 len -= count;
1194
1195 /* Continuation fragments (no L2CAP header) */
1196 frag = &skb_shinfo(skb)->frag_list;
1197 while (len) {
1198 count = min_t(unsigned int, conn->mtu, len);
1199
1200 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1201 if (!*frag)
1202 goto fail;
8e87d142 1203
1da177e4
LT		 1204 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1205 err = -EFAULT;
1206 goto fail;
1207 }
1208
1209 sent += count;
1210 len -= count;
1211
1212 frag = &(*frag)->next;
1213 }
af05b30b
GP		 1214 err = hci_send_acl(conn->hcon, skb, 0);
1215 if (err < 0)
1da177e4
LT		 1216 goto fail;
1217
1218 return sent;
1219
1220fail:
1221 kfree_skb(skb);
1222 return err;
1223}
1224
1225static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1226{
1227 struct sock *sk = sock->sk;
1228 int err = 0;
1229
1230 BT_DBG("sock %p, sk %p", sock, sk);
1231
c1cbe4b7
BL		 1232 err = sock_error(sk);
1233 if (err)
1234 return err;
1da177e4
LT		 1235
1236 if (msg->msg_flags & MSG_OOB)
1237 return -EOPNOTSUPP;
1238
1239 /* Check outgoing MTU */
1240 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1241 return -EINVAL;
1242
1243 lock_sock(sk);
1244
1245 if (sk->sk_state == BT_CONNECTED)
1246 err = l2cap_do_send(sk, msg, len);
1247 else
1248 err = -ENOTCONN;
1249
1250 release_sock(sk);
1251 return err;
1252}
1253
f66dc81f
MH		 1254static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1255{
1256 struct sock *sk = sock->sk;
1257
1258 lock_sock(sk);
1259
1260 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1261 struct l2cap_conn_rsp rsp;
1262
1263 sk->sk_state = BT_CONFIG;
1264
1265 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1266 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1267 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1268 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1269 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1270 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1271
1272 release_sock(sk);
1273 return 0;
1274 }
1275
1276 release_sock(sk);
1277
1278 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1279}
1280
d58daf42 1281static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 1282{
1283 struct sock *sk = sock->sk;
1284 struct l2cap_options opts;
f29972de 1285 int len, err = 0;
1da177e4
LT		 1286 u32 opt;
1287
1288 BT_DBG("sk %p", sk);
1289
1290 lock_sock(sk);
1291
1292 switch (optname) {
1293 case L2CAP_OPTIONS:
0878b666
MH		 1294 opts.imtu = l2cap_pi(sk)->imtu;
1295 opts.omtu = l2cap_pi(sk)->omtu;
1296 opts.flush_to = l2cap_pi(sk)->flush_to;
c6b03cf9 1297 opts.mode = l2cap_pi(sk)->mode;
0878b666 1298
1da177e4
LT		 1299 len = min_t(unsigned int, sizeof(opts), optlen);
1300 if (copy_from_user((char *) &opts, optval, len)) {
1301 err = -EFAULT;
1302 break;
1303 }
0878b666 1304
c6b03cf9
MH		 1305 l2cap_pi(sk)->imtu = opts.imtu;
1306 l2cap_pi(sk)->omtu = opts.omtu;
1307 l2cap_pi(sk)->mode = opts.mode;
1da177e4
LT		 1308 break;
1309
1310 case L2CAP_LM:
1311 if (get_user(opt, (u32 __user *) optval)) {
1312 err = -EFAULT;
1313 break;
1314 }
1315
2af6b9d5
MH		 1316 if (opt & L2CAP_LM_AUTH)
1317 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1318 if (opt & L2CAP_LM_ENCRYPT)
1319 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1320 if (opt & L2CAP_LM_SECURE)
1321 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1322
1323 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1324 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1da177e4
LT		 1325 break;
1326
1327 default:
1328 err = -ENOPROTOOPT;
1329 break;
1330 }
1331
1332 release_sock(sk);
1333 return err;
1334}
1335
d58daf42
MH		 1336static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1337{
1338 struct sock *sk = sock->sk;
2af6b9d5
MH		 1339 struct bt_security sec;
1340 int len, err = 0;
f66dc81f 1341 u32 opt;
d58daf42
MH		 1342
1343 BT_DBG("sk %p", sk);
1344
1345 if (level == SOL_L2CAP)
1346 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1347
0588d94f
MH		 1348 if (level != SOL_BLUETOOTH)
1349 return -ENOPROTOOPT;
1350
d58daf42
MH		 1351 lock_sock(sk);
1352
1353 switch (optname) {
2af6b9d5 1354 case BT_SECURITY:
2526d3d8 1355 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
0588d94f
MH		 1356 err = -EINVAL;
1357 break;
1358 }
1359
2af6b9d5
MH		 1360 sec.level = BT_SECURITY_LOW;
1361
1362 len = min_t(unsigned int, sizeof(sec), optlen);
1363 if (copy_from_user((char *) &sec, optval, len)) {
1364 err = -EFAULT;
1365 break;
1366 }
1367
1368 if (sec.level < BT_SECURITY_LOW ||
1369 sec.level > BT_SECURITY_HIGH) {
1370 err = -EINVAL;
1371 break;
1372 }
1373
1374 l2cap_pi(sk)->sec_level = sec.level;
1375 break;
1376
f66dc81f
MH		 1377 case BT_DEFER_SETUP:
1378 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1379 err = -EINVAL;
1380 break;
1381 }
1382
1383 if (get_user(opt, (u32 __user *) optval)) {
1384 err = -EFAULT;
1385 break;
1386 }
1387
1388 bt_sk(sk)->defer_setup = opt;
1389 break;
1390
d58daf42
MH		 1391 default:
1392 err = -ENOPROTOOPT;
1393 break;
1394 }
1395
1396 release_sock(sk);
1397 return err;
1398}
1399
1400static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 1401{
1402 struct sock *sk = sock->sk;
1403 struct l2cap_options opts;
1404 struct l2cap_conninfo cinfo;
1405 int len, err = 0;
2af6b9d5 1406 u32 opt;
1da177e4
LT		 1407
1408 BT_DBG("sk %p", sk);
1409
1410 if (get_user(len, optlen))
1411 return -EFAULT;
1412
1413 lock_sock(sk);
1414
1415 switch (optname) {
1416 case L2CAP_OPTIONS:
1417 opts.imtu = l2cap_pi(sk)->imtu;
1418 opts.omtu = l2cap_pi(sk)->omtu;
1419 opts.flush_to = l2cap_pi(sk)->flush_to;
c6b03cf9 1420 opts.mode = l2cap_pi(sk)->mode;
1da177e4
LT		 1421
1422 len = min_t(unsigned int, len, sizeof(opts));
1423 if (copy_to_user(optval, (char *) &opts, len))
1424 err = -EFAULT;
1425
1426 break;
1427
1428 case L2CAP_LM:
2af6b9d5
MH		 1429 switch (l2cap_pi(sk)->sec_level) {
1430 case BT_SECURITY_LOW:
1431 opt = L2CAP_LM_AUTH;
1432 break;
1433 case BT_SECURITY_MEDIUM:
1434 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1435 break;
1436 case BT_SECURITY_HIGH:
1437 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1438 L2CAP_LM_SECURE;
1439 break;
1440 default:
1441 opt = 0;
1442 break;
1443 }
1444
1445 if (l2cap_pi(sk)->role_switch)
1446 opt |= L2CAP_LM_MASTER;
1447
1448 if (l2cap_pi(sk)->force_reliable)
1449 opt |= L2CAP_LM_RELIABLE;
1450
1451 if (put_user(opt, (u32 __user *) optval))
1da177e4
LT		 1452 err = -EFAULT;
1453 break;
1454
1455 case L2CAP_CONNINFO:
f66dc81f
MH		 1456 if (sk->sk_state != BT_CONNECTED &&
1457 !(sk->sk_state == BT_CONNECT2 &&
1458 bt_sk(sk)->defer_setup)) {
1da177e4
LT		 1459 err = -ENOTCONN;
1460 break;
1461 }
1462
1463 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1464 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1465
1466 len = min_t(unsigned int, len, sizeof(cinfo));
1467 if (copy_to_user(optval, (char *) &cinfo, len))
1468 err = -EFAULT;
1469
1470 break;
1471
1472 default:
1473 err = -ENOPROTOOPT;
1474 break;
1475 }
1476
1477 release_sock(sk);
1478 return err;
1479}
1480
d58daf42
MH		 1481static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1482{
1483 struct sock *sk = sock->sk;
2af6b9d5 1484 struct bt_security sec;
d58daf42
MH		 1485 int len, err = 0;
1486
1487 BT_DBG("sk %p", sk);
1488
1489 if (level == SOL_L2CAP)
1490 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1491
0588d94f
MH		 1492 if (level != SOL_BLUETOOTH)
1493 return -ENOPROTOOPT;
1494
d58daf42
MH		 1495 if (get_user(len, optlen))
1496 return -EFAULT;
1497
1498 lock_sock(sk);
1499
1500 switch (optname) {
2af6b9d5 1501 case BT_SECURITY:
2526d3d8 1502 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
0588d94f
MH		 1503 err = -EINVAL;
1504 break;
1505 }
1506
2af6b9d5
MH		 1507 sec.level = l2cap_pi(sk)->sec_level;
1508
1509 len = min_t(unsigned int, len, sizeof(sec));
1510 if (copy_to_user(optval, (char *) &sec, len))
1511 err = -EFAULT;
1512
1513 break;
1514
f66dc81f
MH		 1515 case BT_DEFER_SETUP:
1516 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1517 err = -EINVAL;
1518 break;
1519 }
1520
1521 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1522 err = -EFAULT;
1523
1524 break;
1525
d58daf42
MH		 1526 default:
1527 err = -ENOPROTOOPT;
1528 break;
1529 }
1530
1531 release_sock(sk);
1532 return err;
1533}
1534
1da177e4
LT		 1535static int l2cap_sock_shutdown(struct socket *sock, int how)
1536{
1537 struct sock *sk = sock->sk;
1538 int err = 0;
1539
1540 BT_DBG("sock %p, sk %p", sock, sk);
1541
1542 if (!sk)
1543 return 0;
1544
1545 lock_sock(sk);
1546 if (!sk->sk_shutdown) {
1547 sk->sk_shutdown = SHUTDOWN_MASK;
1548 l2cap_sock_clear_timer(sk);
1549 __l2cap_sock_close(sk, 0);
1550
1551 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
b1235d79
MH		 1552 err = bt_sock_wait_state(sk, BT_CLOSED,
1553 sk->sk_lingertime);
1da177e4
LT		 1554 }
1555 release_sock(sk);
1556 return err;
1557}
1558
1559static int l2cap_sock_release(struct socket *sock)
1560{
1561 struct sock *sk = sock->sk;
1562 int err;
1563
1564 BT_DBG("sock %p, sk %p", sock, sk);
1565
1566 if (!sk)
1567 return 0;
1568
1569 err = l2cap_sock_shutdown(sock, 2);
1570
1571 sock_orphan(sk);
1572 l2cap_sock_kill(sk);
1573 return err;
1574}
1575
1da177e4
LT		 1576static void l2cap_chan_ready(struct sock *sk)
1577{
1578 struct sock *parent = bt_sk(sk)->parent;
1579
1580 BT_DBG("sk %p, parent %p", sk, parent);
1581
1582 l2cap_pi(sk)->conf_state = 0;
1583 l2cap_sock_clear_timer(sk);
1584
1585 if (!parent) {
1586 /* Outgoing channel.
1587 * Wake up socket sleeping on connect.
1588 */
1589 sk->sk_state = BT_CONNECTED;
1590 sk->sk_state_change(sk);
1591 } else {
1592 /* Incoming channel.
1593 * Wake up socket sleeping on accept.
1594 */
1595 parent->sk_data_ready(parent, 0);
1596 }
1597}
1598
1599/* Copy frame to all raw sockets on that connection */
1600static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1601{
1602 struct l2cap_chan_list *l = &conn->chan_list;
1603 struct sk_buff *nskb;
af05b30b 1604 struct sock *sk;
1da177e4
LT		 1605
1606 BT_DBG("conn %p", conn);
1607
1608 read_lock(&l->lock);
1609 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1610 if (sk->sk_type != SOCK_RAW)
1611 continue;
1612
1613 /* Don't send frame to the socket it came from */
1614 if (skb->sk == sk)
1615 continue;
af05b30b
GP		 1616 nskb = skb_clone(skb, GFP_ATOMIC);
1617 if (!nskb)
1da177e4
LT		 1618 continue;
1619
1620 if (sock_queue_rcv_skb(sk, nskb))
1621 kfree_skb(nskb);
1622 }
1623 read_unlock(&l->lock);
1624}
1625
1626/* ---- L2CAP signalling commands ---- */
1627static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1628 u8 code, u8 ident, u16 dlen, void *data)
1629{
1630 struct sk_buff *skb, **frag;
1631 struct l2cap_cmd_hdr *cmd;
1632 struct l2cap_hdr *lh;
1633 int len, count;
1634
af05b30b
GP		 1635 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1636 conn, code, ident, dlen);
1da177e4
LT		 1637
1638 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1639 count = min_t(unsigned int, conn->mtu, len);
1640
1641 skb = bt_skb_alloc(count, GFP_ATOMIC);
1642 if (!skb)
1643 return NULL;
1644
1645 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1646 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
8db4dc46 1647 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1648
1649 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1650 cmd->code = code;
1651 cmd->ident = ident;
aca3192c 1652 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1653
1654 if (dlen) {
1655 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1656 memcpy(skb_put(skb, count), data, count);
1657 data += count;
1658 }
1659
1660 len -= skb->len;
1661
1662 /* Continuation fragments (no L2CAP header) */
1663 frag = &skb_shinfo(skb)->frag_list;
1664 while (len) {
1665 count = min_t(unsigned int, conn->mtu, len);
1666
1667 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1668 if (!*frag)
1669 goto fail;
1670
1671 memcpy(skb_put(*frag, count), data, count);
1672
1673 len -= count;
1674 data += count;
1675
1676 frag = &(*frag)->next;
1677 }
1678
1679 return skb;
1680
1681fail:
1682 kfree_skb(skb);
1683 return NULL;
1684}
1685
1686static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1687{
1688 struct l2cap_conf_opt *opt = *ptr;
1689 int len;
1690
1691 len = L2CAP_CONF_OPT_SIZE + opt->len;
1692 *ptr += len;
1693
1694 *type = opt->type;
1695 *olen = opt->len;
1696
1697 switch (opt->len) {
1698 case 1:
1699 *val = *((u8 *) opt->val);
1700 break;
1701
1702 case 2:
861d6882 1703 *val = __le16_to_cpu(*((__le16 *) opt->val));
1da177e4
LT		 1704 break;
1705
1706 case 4:
861d6882 1707 *val = __le32_to_cpu(*((__le32 *) opt->val));
1da177e4
LT		 1708 break;
1709
1710 default:
1711 *val = (unsigned long) opt->val;
1712 break;
1713 }
1714
1715 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1716 return len;
1717}
1718
1da177e4
LT		 1719static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1720{
1721 struct l2cap_conf_opt *opt = *ptr;
1722
1723 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1724
1725 opt->type = type;
1726 opt->len = len;
1727
1728 switch (len) {
1729 case 1:
1730 *((u8 *) opt->val) = val;
1731 break;
1732
1733 case 2:
8e036fc3 1734 *((__le16 *) opt->val) = cpu_to_le16(val);
1da177e4
LT		 1735 break;
1736
1737 case 4:
8e036fc3 1738 *((__le32 *) opt->val) = cpu_to_le32(val);
1da177e4
LT		 1739 break;
1740
1741 default:
1742 memcpy(opt->val, (void *) val, len);
1743 break;
1744 }
1745
1746 *ptr += L2CAP_CONF_OPT_SIZE + len;
1747}
1748
f2fcfcd6
GP		 1749static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1750{
1751 u32 local_feat_mask = l2cap_feat_mask;
1752 if (enable_ertm)
1753 local_feat_mask |= L2CAP_FEAT_ERTM;
1754
1755 switch (mode) {
1756 case L2CAP_MODE_ERTM:
1757 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
1758 case L2CAP_MODE_STREAMING:
1759 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
1760 default:
1761 return 0x00;
1762 }
1763}
1764
1765static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1766{
1767 switch (mode) {
1768 case L2CAP_MODE_STREAMING:
1769 case L2CAP_MODE_ERTM:
1770 if (l2cap_mode_supported(mode, remote_feat_mask))
1771 return mode;
1772 /* fall through */
1773 default:
1774 return L2CAP_MODE_BASIC;
1775 }
1776}
1777
1da177e4
LT		 1778static int l2cap_build_conf_req(struct sock *sk, void *data)
1779{
1780 struct l2cap_pinfo *pi = l2cap_pi(sk);
1781 struct l2cap_conf_req *req = data;
f2fcfcd6 1782 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_ERTM };
1da177e4
LT		 1783 void *ptr = req->data;
1784
1785 BT_DBG("sk %p", sk);
1786
f2fcfcd6
GP		 1787 if (pi->num_conf_req || pi->num_conf_rsp)
1788 goto done;
1789
1790 switch (pi->mode) {
1791 case L2CAP_MODE_STREAMING:
1792 case L2CAP_MODE_ERTM:
1793 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
22121fc9
GP		 1794 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
1795 l2cap_send_disconn_req(pi->conn, sk);
f2fcfcd6
GP		 1796 break;
1797 default:
1798 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1799 break;
1800 }
1801
1802done:
65c7c491
MH		 1803 switch (pi->mode) {
1804 case L2CAP_MODE_BASIC:
1805 if (pi->imtu != L2CAP_DEFAULT_MTU)
1806 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1807 break;
1808
1809 case L2CAP_MODE_ERTM:
1810 rfc.mode = L2CAP_MODE_ERTM;
f2fcfcd6 1811 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
65c7c491 1812 rfc.max_transmit = L2CAP_DEFAULT_MAX_RECEIVE;
f2fcfcd6
GP		 1813 rfc.retrans_timeout = 0;
1814 rfc.monitor_timeout = 0;
1815 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_RX_APDU);
1816
1817 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1818 sizeof(rfc), (unsigned long) &rfc);
1819 break;
1820
1821 case L2CAP_MODE_STREAMING:
1822 rfc.mode = L2CAP_MODE_STREAMING;
1823 rfc.txwin_size = 0;
1824 rfc.max_transmit = 0;
1825 rfc.retrans_timeout = 0;
1826 rfc.monitor_timeout = 0;
65c7c491
MH		 1827 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_RX_APDU);
1828
1829 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1830 sizeof(rfc), (unsigned long) &rfc);
1831 break;
1832 }
1da177e4
LT		 1833
1834 /* FIXME: Need actual value of the flush timeout */
1835 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1836 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1837
aca3192c
YH		 1838 req->dcid = cpu_to_le16(pi->dcid);
1839 req->flags = cpu_to_le16(0);
1da177e4
LT		 1840
1841 return ptr - data;
1842}
1843
5dee9e7c 1844static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1845{
1846 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1847 struct l2cap_conf_rsp *rsp = data;
1848 void *ptr = rsp->data;
1849 void *req = pi->conf_req;
1850 int len = pi->conf_len;
1851 int type, hint, olen;
1852 unsigned long val;
6464f35f 1853 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1854 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1855 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1856
5dee9e7c 1857 BT_DBG("sk %p", sk);
820ae1b8 1858
5dee9e7c
MH		 1859 while (len >= L2CAP_CONF_OPT_SIZE) {
1860 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1861
589d2746 1862 hint = type & L2CAP_CONF_HINT;
47ec1dcd 1863 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 1864
1865 switch (type) {
1866 case L2CAP_CONF_MTU:
861d6882 1867 mtu = val;
5dee9e7c
MH		 1868 break;
1869
1870 case L2CAP_CONF_FLUSH_TO:
1871 pi->flush_to = val;
1872 break;
1873
1874 case L2CAP_CONF_QOS:
1875 break;
1876
6464f35f
MH		 1877 case L2CAP_CONF_RFC:
1878 if (olen == sizeof(rfc))
1879 memcpy(&rfc, (void *) val, olen);
1880 break;
1881
5dee9e7c
MH		 1882 default:
1883 if (hint)
1884 break;
1885
1886 result = L2CAP_CONF_UNKNOWN;
1887 *((u8 *) ptr++) = type;
1888 break;
1889 }
1890 }
1891
f2fcfcd6
GP		 1892 if (pi->num_conf_rsp || pi->num_conf_req)
1893 goto done;
1894
1895 switch (pi->mode) {
1896 case L2CAP_MODE_STREAMING:
1897 case L2CAP_MODE_ERTM:
1898 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1899 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
1900 return -ECONNREFUSED;
1901 break;
1902 default:
1903 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
1904 break;
1905 }
1906
1907done:
1908 if (pi->mode != rfc.mode) {
1909 result = L2CAP_CONF_UNACCEPT;
1910 rfc.mode = pi->mode;
1911
1912 if (pi->num_conf_rsp == 1)
1913 return -ECONNREFUSED;
1914
1915 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1916 sizeof(rfc), (unsigned long) &rfc);
1917 }
1918
1919
5dee9e7c
MH		 1920 if (result == L2CAP_CONF_SUCCESS) {
1921 /* Configure output options and let the other side know
1922 * which ones we don't like. */
1923
f2fcfcd6
GP		 1924 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1925 result = L2CAP_CONF_UNACCEPT;
1926 else {
1927 pi->omtu = mtu;
1928 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1929 }
1930 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
6464f35f 1931
f2fcfcd6
GP		 1932 switch (rfc.mode) {
1933 case L2CAP_MODE_BASIC:
1934 pi->fcs = L2CAP_FCS_NONE;
1935 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1936 break;
1937
1938 case L2CAP_MODE_ERTM:
1939 pi->remote_tx_win = rfc.txwin_size;
1940 pi->remote_max_tx = rfc.max_transmit;
1941 pi->max_pdu_size = rfc.max_pdu_size;
1942
1943 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
1944 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
1945
1946 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1947 break;
1948
1949 case L2CAP_MODE_STREAMING:
1950 pi->remote_tx_win = rfc.txwin_size;
1951 pi->max_pdu_size = rfc.max_pdu_size;
1952
1953 pi->conf_state |= L2CAP_CONF_MODE_DONE;
1954 break;
1955
1956 default:
5dee9e7c 1957 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1958
6464f35f 1959 memset(&rfc, 0, sizeof(rfc));
f2fcfcd6
GP		 1960 rfc.mode = pi->mode;
1961 }
6464f35f 1962
f2fcfcd6 1963 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
65c7c491 1964 sizeof(rfc), (unsigned long) &rfc);
5dee9e7c 1965
f2fcfcd6
GP		 1966 if (result == L2CAP_CONF_SUCCESS)
1967 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1968 }
5dee9e7c
MH		 1969 rsp->scid = cpu_to_le16(pi->dcid);
1970 rsp->result = cpu_to_le16(result);
1971 rsp->flags = cpu_to_le16(0x0000);
1972
1973 return ptr - data;
1da177e4
LT		 1974}
1975
f2fcfcd6
GP		 1976static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
1977{
1978 struct l2cap_pinfo *pi = l2cap_pi(sk);
1979 struct l2cap_conf_req *req = data;
1980 void *ptr = req->data;
1981 int type, olen;
1982 unsigned long val;
1983 struct l2cap_conf_rfc rfc;
1984
1985 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
1986
1987 while (len >= L2CAP_CONF_OPT_SIZE) {
1988 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1989
1990 switch (type) {
1991 case L2CAP_CONF_MTU:
1992 if (val < L2CAP_DEFAULT_MIN_MTU) {
1993 *result = L2CAP_CONF_UNACCEPT;
1994 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
1995 } else
1996 pi->omtu = val;
1997 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1998 break;
1999
2000 case L2CAP_CONF_FLUSH_TO:
2001 pi->flush_to = val;
2002 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2003 2, pi->flush_to);
2004 break;
2005
2006 case L2CAP_CONF_RFC:
2007 if (olen == sizeof(rfc))
2008 memcpy(&rfc, (void *)val, olen);
2009
2010 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2011 rfc.mode != pi->mode)
2012 return -ECONNREFUSED;
2013
2014 pi->mode = rfc.mode;
2015 pi->fcs = 0;
2016
2017 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2018 sizeof(rfc), (unsigned long) &rfc);
2019 break;
2020 }
2021 }
2022
2023 if (*result == L2CAP_CONF_SUCCESS) {
2024 switch (rfc.mode) {
2025 case L2CAP_MODE_ERTM:
2026 pi->remote_tx_win = rfc.txwin_size;
2027 pi->retrans_timeout = rfc.retrans_timeout;
2028 pi->monitor_timeout = rfc.monitor_timeout;
2029 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2030 break;
2031 case L2CAP_MODE_STREAMING:
2032 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2033 break;
2034 }
2035 }
2036
2037 req->dcid = cpu_to_le16(pi->dcid);
2038 req->flags = cpu_to_le16(0x0000);
2039
2040 return ptr - data;
2041}
2042
5dee9e7c 2043static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 2044{
2045 struct l2cap_conf_rsp *rsp = data;
2046 void *ptr = rsp->data;
1da177e4 2047
5dee9e7c 2048 BT_DBG("sk %p", sk);
1da177e4 2049
aca3192c 2050 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 2051 rsp->result = cpu_to_le16(result);
aca3192c 2052 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2053
2054 return ptr - data;
2055}
2056
4e8402a3
MH		 2057static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2058{
2059 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2060
2061 if (rej->reason != 0x0000)
2062 return 0;
2063
2064 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2065 cmd->ident == conn->info_ident) {
4e8402a3 2066 del_timer(&conn->info_timer);
984947dc
MH		 2067
2068 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2069 conn->info_ident = 0;
984947dc 2070
4e8402a3
MH		 2071 l2cap_conn_start(conn);
2072 }
2073
2074 return 0;
2075}
2076
1da177e4
LT		 2077static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2078{
2079 struct l2cap_chan_list *list = &conn->chan_list;
2080 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2081 struct l2cap_conn_rsp rsp;
2082 struct sock *sk, *parent;
e7c29cb1 2083 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2084
2085 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2086 __le16 psm = req->psm;
1da177e4
LT		 2087
2088 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2089
2090 /* Check if we have socket listening on psm */
2091 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2092 if (!parent) {
2093 result = L2CAP_CR_BAD_PSM;
2094 goto sendresp;
2095 }
2096
e7c29cb1
MH		 2097 /* Check if the ACL is secure enough (if not SDP) */
2098 if (psm != cpu_to_le16(0x0001) &&
2099 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2100 conn->disc_reason = 0x05;
e7c29cb1
MH		 2101 result = L2CAP_CR_SEC_BLOCK;
2102 goto response;
2103 }
2104
1da177e4
LT		 2105 result = L2CAP_CR_NO_MEM;
2106
2107 /* Check for backlog size */
2108 if (sk_acceptq_is_full(parent)) {
8e87d142 2109 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2110 goto response;
2111 }
2112
3b1e0a65 2113 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 2114 if (!sk)
2115 goto response;
2116
fd1278d7 2117 write_lock_bh(&list->lock);
1da177e4
LT		 2118
2119 /* Check if we already have channel with that dcid */
2120 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 2121 write_unlock_bh(&list->lock);
1da177e4
LT		 2122 sock_set_flag(sk, SOCK_ZAPPED);
2123 l2cap_sock_kill(sk);
2124 goto response;
2125 }
2126
2127 hci_conn_hold(conn->hcon);
2128
2129 l2cap_sock_init(sk, parent);
2130 bacpy(&bt_sk(sk)->src, conn->src);
2131 bacpy(&bt_sk(sk)->dst, conn->dst);
2132 l2cap_pi(sk)->psm = psm;
2133 l2cap_pi(sk)->dcid = scid;
2134
2135 __l2cap_chan_add(conn, sk, parent);
2136 dcid = l2cap_pi(sk)->scid;
2137
2138 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2139
1da177e4
LT		 2140 l2cap_pi(sk)->ident = cmd->ident;
2141
984947dc 2142 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2af6b9d5 2143 if (l2cap_check_security(sk)) {
f66dc81f
MH		 2144 if (bt_sk(sk)->defer_setup) {
2145 sk->sk_state = BT_CONNECT2;
2146 result = L2CAP_CR_PEND;
2147 status = L2CAP_CS_AUTHOR_PEND;
2148 parent->sk_data_ready(parent, 0);
2149 } else {
2150 sk->sk_state = BT_CONFIG;
2151 result = L2CAP_CR_SUCCESS;
2152 status = L2CAP_CS_NO_INFO;
2153 }
79d554a6
MH		 2154 } else {
2155 sk->sk_state = BT_CONNECT2;
2156 result = L2CAP_CR_PEND;
2157 status = L2CAP_CS_AUTHEN_PEND;
2158 }
2159 } else {
2160 sk->sk_state = BT_CONNECT2;
2161 result = L2CAP_CR_PEND;
2162 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2163 }
2164
fd1278d7 2165 write_unlock_bh(&list->lock);
1da177e4
LT		 2166
2167response:
2168 bh_unlock_sock(parent);
2169
2170sendresp:
aca3192c
YH		 2171 rsp.scid = cpu_to_le16(scid);
2172 rsp.dcid = cpu_to_le16(dcid);
2173 rsp.result = cpu_to_le16(result);
2174 rsp.status = cpu_to_le16(status);
1da177e4 2175 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2176
2177 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2178 struct l2cap_info_req info;
2179 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2180
2181 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2182 conn->info_ident = l2cap_get_ident(conn);
2183
2184 mod_timer(&conn->info_timer, jiffies +
2185 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2186
2187 l2cap_send_cmd(conn, conn->info_ident,
2188 L2CAP_INFO_REQ, sizeof(info), &info);
2189 }
2190
1da177e4
LT		 2191 return 0;
2192}
2193
2194static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2195{
2196 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2197 u16 scid, dcid, result, status;
2198 struct sock *sk;
2199 u8 req[128];
2200
2201 scid = __le16_to_cpu(rsp->scid);
2202 dcid = __le16_to_cpu(rsp->dcid);
2203 result = __le16_to_cpu(rsp->result);
2204 status = __le16_to_cpu(rsp->status);
2205
2206 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2207
2208 if (scid) {
af05b30b
GP		 2209 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2210 if (!sk)
1da177e4
LT		 2211 return 0;
2212 } else {
af05b30b
GP		 2213 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2214 if (!sk)
1da177e4
LT		 2215 return 0;
2216 }
2217
2218 switch (result) {
2219 case L2CAP_CR_SUCCESS:
2220 sk->sk_state = BT_CONFIG;
2221 l2cap_pi(sk)->ident = 0;
2222 l2cap_pi(sk)->dcid = dcid;
2223 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2224
6a8d3010
MH		 2225 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2226
1da177e4
LT		 2227 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2228 l2cap_build_conf_req(sk, req), req);
f2fcfcd6 2229 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2230 break;
2231
2232 case L2CAP_CR_PEND:
6a8d3010 2233 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4
LT		 2234 break;
2235
2236 default:
2237 l2cap_chan_del(sk, ECONNREFUSED);
2238 break;
2239 }
2240
2241 bh_unlock_sock(sk);
2242 return 0;
2243}
2244
88219a0f 2245static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2246{
2247 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2248 u16 dcid, flags;
2249 u8 rsp[64];
2250 struct sock *sk;
5dee9e7c 2251 int len;
1da177e4
LT		 2252
2253 dcid = __le16_to_cpu(req->dcid);
2254 flags = __le16_to_cpu(req->flags);
2255
2256 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2257
af05b30b
GP		 2258 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2259 if (!sk)
1da177e4
LT		 2260 return -ENOENT;
2261
354f60a9
MH		 2262 if (sk->sk_state == BT_DISCONN)
2263 goto unlock;
2264
5dee9e7c 2265 /* Reject if config buffer is too small. */
88219a0f 2266 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 2267 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2268 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2269 l2cap_build_conf_rsp(sk, rsp,
2270 L2CAP_CONF_REJECT, flags), rsp);
2271 goto unlock;
2272 }
2273
2274 /* Store config. */
2275 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2276 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 2277
2278 if (flags & 0x0001) {
2279 /* Incomplete config. Send empty response. */
2280 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 2281 l2cap_build_conf_rsp(sk, rsp,
2282 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2283 goto unlock;
2284 }
2285
2286 /* Complete config. */
5dee9e7c 2287 len = l2cap_parse_conf_req(sk, rsp);
f2fcfcd6 2288 if (len < 0) {
22121fc9 2289 l2cap_send_disconn_req(conn, sk);
1da177e4 2290 goto unlock;
f2fcfcd6 2291 }
1da177e4 2292
5dee9e7c 2293 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
f2fcfcd6 2294 l2cap_pi(sk)->num_conf_rsp++;
5dee9e7c 2295
5dee9e7c
MH		 2296 /* Reset config buffer. */
2297 l2cap_pi(sk)->conf_len = 0;
2298
876d9484
MH		 2299 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2300 goto unlock;
2301
1da177e4
LT		 2302 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2303 sk->sk_state = BT_CONNECTED;
2304 l2cap_chan_ready(sk);
876d9484
MH		 2305 goto unlock;
2306 }
2307
2308 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2309 u8 buf[64];
1da177e4 2310 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 2311 l2cap_build_conf_req(sk, buf), buf);
f2fcfcd6 2312 l2cap_pi(sk)->num_conf_req++;
1da177e4
LT		 2313 }
2314
2315unlock:
2316 bh_unlock_sock(sk);
2317 return 0;
2318}
2319
2320static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2321{
2322 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2323 u16 scid, flags, result;
2324 struct sock *sk;
2325
2326 scid = __le16_to_cpu(rsp->scid);
2327 flags = __le16_to_cpu(rsp->flags);
2328 result = __le16_to_cpu(rsp->result);
2329
af05b30b
GP		 2330 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2331 scid, flags, result);
1da177e4 2332
af05b30b
GP		 2333 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2334 if (!sk)
1da177e4
LT		 2335 return 0;
2336
2337 switch (result) {
2338 case L2CAP_CONF_SUCCESS:
2339 break;
2340
2341 case L2CAP_CONF_UNACCEPT:
f2fcfcd6
GP		 2342 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2343 int len = cmd->len - sizeof(*rsp);
2344 char req[64];
2345
2346 /* throw out any old stored conf requests */
2347 result = L2CAP_CONF_SUCCESS;
2348 len = l2cap_parse_conf_rsp(sk, rsp->data,
2349 len, req, &result);
2350 if (len < 0) {
22121fc9 2351 l2cap_send_disconn_req(conn, sk);
f2fcfcd6
GP		 2352 goto done;
2353 }
2354
2355 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2356 L2CAP_CONF_REQ, len, req);
2357 l2cap_pi(sk)->num_conf_req++;
2358 if (result != L2CAP_CONF_SUCCESS)
2359 goto done;
2360 break;
1da177e4
LT		 2361 }
2362
8e87d142 2363 default:
1da177e4 2364 sk->sk_state = BT_DISCONN;
b1235d79 2365 sk->sk_err = ECONNRESET;
1da177e4 2366 l2cap_sock_set_timer(sk, HZ * 5);
22121fc9 2367 l2cap_send_disconn_req(conn, sk);
1da177e4
LT		 2368 goto done;
2369 }
2370
2371 if (flags & 0x01)
2372 goto done;
2373
1da177e4
LT		 2374 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2375
2376 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2377 sk->sk_state = BT_CONNECTED;
2378 l2cap_chan_ready(sk);
2379 }
2380
2381done:
2382 bh_unlock_sock(sk);
2383 return 0;
2384}
2385
2386static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2387{
2388 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2389 struct l2cap_disconn_rsp rsp;
2390 u16 dcid, scid;
2391 struct sock *sk;
2392
2393 scid = __le16_to_cpu(req->scid);
2394 dcid = __le16_to_cpu(req->dcid);
2395
2396 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2397
af05b30b
GP		 2398 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2399 if (!sk)
1da177e4
LT		 2400 return 0;
2401
aca3192c
YH		 2402 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2403 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2404 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2405
2406 sk->sk_shutdown = SHUTDOWN_MASK;
2407
2408 l2cap_chan_del(sk, ECONNRESET);
2409 bh_unlock_sock(sk);
2410
2411 l2cap_sock_kill(sk);
2412 return 0;
2413}
2414
2415static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2416{
2417 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2418 u16 dcid, scid;
2419 struct sock *sk;
2420
2421 scid = __le16_to_cpu(rsp->scid);
2422 dcid = __le16_to_cpu(rsp->dcid);
2423
2424 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2425
af05b30b
GP		 2426 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2427 if (!sk)
1da177e4
LT		 2428 return 0;
2429
2430 l2cap_chan_del(sk, 0);
2431 bh_unlock_sock(sk);
2432
2433 l2cap_sock_kill(sk);
2434 return 0;
2435}
2436
2437static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2438{
2439 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2440 u16 type;
2441
2442 type = __le16_to_cpu(req->type);
2443
2444 BT_DBG("type 0x%4.4x", type);
2445
f0709e03
MH		 2446 if (type == L2CAP_IT_FEAT_MASK) {
2447 u8 buf[8];
44dd46de 2448 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2449 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2450 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2451 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
44dd46de
MH		 2452 if (enable_ertm)
2453 feat_mask |= L2CAP_FEAT_ERTM;
2454 put_unaligned(cpu_to_le32(feat_mask), (__le32 *) rsp->data);
f0709e03
MH		 2455 l2cap_send_cmd(conn, cmd->ident,
2456 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2457 } else if (type == L2CAP_IT_FIXED_CHAN) {
2458 u8 buf[12];
2459 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2460 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2461 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2462 memcpy(buf + 4, l2cap_fixed_chan, 8);
2463 l2cap_send_cmd(conn, cmd->ident,
2464 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2465 } else {
2466 struct l2cap_info_rsp rsp;
2467 rsp.type = cpu_to_le16(type);
2468 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2469 l2cap_send_cmd(conn, cmd->ident,
2470 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2471 }
1da177e4
LT		 2472
2473 return 0;
2474}
2475
2476static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2477{
2478 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2479 u16 type, result;
2480
2481 type = __le16_to_cpu(rsp->type);
2482 result = __le16_to_cpu(rsp->result);
2483
2484 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2485
4e8402a3
MH		 2486 del_timer(&conn->info_timer);
2487
984947dc 2488 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2489 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2490
47ec1dcd 2491 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2492 struct l2cap_info_req req;
2493 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2494
2495 conn->info_ident = l2cap_get_ident(conn);
2496
2497 l2cap_send_cmd(conn, conn->info_ident,
2498 L2CAP_INFO_REQ, sizeof(req), &req);
2499 } else {
2500 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2501 conn->info_ident = 0;
2502
2503 l2cap_conn_start(conn);
2504 }
2505 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2506 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2507 conn->info_ident = 0;
984947dc
MH		 2508
2509 l2cap_conn_start(conn);
2510 }
4e8402a3 2511
1da177e4
LT		 2512 return 0;
2513}
2514
2515static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2516{
2517 u8 *data = skb->data;
2518 int len = skb->len;
2519 struct l2cap_cmd_hdr cmd;
2520 int err = 0;
2521
2522 l2cap_raw_recv(conn, skb);
2523
2524 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2525 u16 cmd_len;
1da177e4
LT		 2526 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2527 data += L2CAP_CMD_HDR_SIZE;
2528 len -= L2CAP_CMD_HDR_SIZE;
2529
88219a0f 2530 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2531
88219a0f 2532 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2533
88219a0f 2534 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2535 BT_DBG("corrupted command");
2536 break;
2537 }
2538
2539 switch (cmd.code) {
2540 case L2CAP_COMMAND_REJ:
4e8402a3 2541 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2542 break;
2543
2544 case L2CAP_CONN_REQ:
2545 err = l2cap_connect_req(conn, &cmd, data);
2546 break;
2547
2548 case L2CAP_CONN_RSP:
2549 err = l2cap_connect_rsp(conn, &cmd, data);
2550 break;
2551
2552 case L2CAP_CONF_REQ:
88219a0f 2553 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2554 break;
2555
2556 case L2CAP_CONF_RSP:
2557 err = l2cap_config_rsp(conn, &cmd, data);
2558 break;
2559
2560 case L2CAP_DISCONN_REQ:
2561 err = l2cap_disconnect_req(conn, &cmd, data);
2562 break;
2563
2564 case L2CAP_DISCONN_RSP:
2565 err = l2cap_disconnect_rsp(conn, &cmd, data);
2566 break;
2567
2568 case L2CAP_ECHO_REQ:
88219a0f 2569 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2570 break;
2571
2572 case L2CAP_ECHO_RSP:
2573 break;
2574
2575 case L2CAP_INFO_REQ:
2576 err = l2cap_information_req(conn, &cmd, data);
2577 break;
2578
2579 case L2CAP_INFO_RSP:
2580 err = l2cap_information_rsp(conn, &cmd, data);
2581 break;
2582
2583 default:
2584 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2585 err = -EINVAL;
2586 break;
2587 }
2588
2589 if (err) {
2590 struct l2cap_cmd_rej rej;
2591 BT_DBG("error %d", err);
2592
2593 /* FIXME: Map err to a valid reason */
aca3192c 2594 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2595 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2596 }
2597
88219a0f
AV		 2598 data += cmd_len;
2599 len -= cmd_len;
1da177e4
LT		 2600 }
2601
2602 kfree_skb(skb);
2603}
2604
2605static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2606{
2607 struct sock *sk;
2608
2609 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2610 if (!sk) {
2611 BT_DBG("unknown cid 0x%4.4x", cid);
2612 goto drop;
2613 }
2614
2615 BT_DBG("sk %p, len %d", sk, skb->len);
2616
2617 if (sk->sk_state != BT_CONNECTED)
2618 goto drop;
2619
2620 if (l2cap_pi(sk)->imtu < skb->len)
2621 goto drop;
2622
2623 /* If socket recv buffers overflows we drop data here
2624 * which is *bad* because L2CAP has to be reliable.
2625 * But we don't have any other choice. L2CAP doesn't
2626 * provide flow control mechanism. */
2627
2628 if (!sock_queue_rcv_skb(sk, skb))
2629 goto done;
2630
2631drop:
2632 kfree_skb(skb);
2633
2634done:
0139418c
MH		 2635 if (sk)
2636 bh_unlock_sock(sk);
2637
1da177e4
LT		 2638 return 0;
2639}
2640
8e036fc3 2641static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 2642{
2643 struct sock *sk;
2644
2645 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2646 if (!sk)
2647 goto drop;
2648
2649 BT_DBG("sk %p, len %d", sk, skb->len);
2650
2651 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2652 goto drop;
2653
2654 if (l2cap_pi(sk)->imtu < skb->len)
2655 goto drop;
2656
2657 if (!sock_queue_rcv_skb(sk, skb))
2658 goto done;
2659
2660drop:
2661 kfree_skb(skb);
2662
2663done:
af05b30b
GP		 2664 if (sk)
2665 bh_unlock_sock(sk);
1da177e4
LT		 2666 return 0;
2667}
2668
2669static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2670{
2671 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 2672 u16 cid, len;
2673 __le16 psm;
1da177e4
LT		 2674
2675 skb_pull(skb, L2CAP_HDR_SIZE);
2676 cid = __le16_to_cpu(lh->cid);
2677 len = __le16_to_cpu(lh->len);
2678
2679 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2680
2681 switch (cid) {
8db4dc46 2682 case L2CAP_CID_SIGNALING:
1da177e4
LT		 2683 l2cap_sig_channel(conn, skb);
2684 break;
2685
8db4dc46 2686 case L2CAP_CID_CONN_LESS:
8e036fc3 2687 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 2688 skb_pull(skb, 2);
2689 l2cap_conless_channel(conn, psm, skb);
2690 break;
2691
2692 default:
2693 l2cap_data_channel(conn, cid, skb);
2694 break;
2695 }
2696}
2697
2698/* ---- L2CAP interface with lower layer (HCI) ---- */
2699
2700static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2701{
2702 int exact = 0, lm1 = 0, lm2 = 0;
2703 register struct sock *sk;
2704 struct hlist_node *node;
2705
2706 if (type != ACL_LINK)
2707 return 0;
2708
2709 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2710
2711 /* Find listening sockets and check their link_mode */
2712 read_lock(&l2cap_sk_list.lock);
2713 sk_for_each(sk, node, &l2cap_sk_list.head) {
2714 if (sk->sk_state != BT_LISTEN)
2715 continue;
2716
2717 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 2718 lm1 |= HCI_LM_ACCEPT;
2719 if (l2cap_pi(sk)->role_switch)
2720 lm1 |= HCI_LM_MASTER;
1da177e4 2721 exact++;
2af6b9d5
MH		 2722 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2723 lm2 |= HCI_LM_ACCEPT;
2724 if (l2cap_pi(sk)->role_switch)
2725 lm2 |= HCI_LM_MASTER;
2726 }
1da177e4
LT		 2727 }
2728 read_unlock(&l2cap_sk_list.lock);
2729
2730 return exact ? lm1 : lm2;
2731}
2732
2733static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2734{
0139418c
MH		 2735 struct l2cap_conn *conn;
2736
1da177e4
LT		 2737 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2738
2739 if (hcon->type != ACL_LINK)
2740 return 0;
2741
2742 if (!status) {
1da177e4
LT		 2743 conn = l2cap_conn_add(hcon, status);
2744 if (conn)
2745 l2cap_conn_ready(conn);
0139418c 2746 } else
1da177e4
LT		 2747 l2cap_conn_del(hcon, bt_err(status));
2748
2749 return 0;
2750}
2751
2950f21a
MH		 2752static int l2cap_disconn_ind(struct hci_conn *hcon)
2753{
2754 struct l2cap_conn *conn = hcon->l2cap_data;
2755
2756 BT_DBG("hcon %p", hcon);
2757
2758 if (hcon->type != ACL_LINK || !conn)
2759 return 0x13;
2760
2761 return conn->disc_reason;
2762}
2763
2764static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 2765{
2766 BT_DBG("hcon %p reason %d", hcon, reason);
2767
2768 if (hcon->type != ACL_LINK)
2769 return 0;
2770
2771 l2cap_conn_del(hcon, bt_err(reason));
0139418c 2772
1da177e4
LT		 2773 return 0;
2774}
2775
f62e4323
MH		 2776static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2777{
255c7601
MH		 2778 if (sk->sk_type != SOCK_SEQPACKET)
2779 return;
2780
f62e4323
MH		 2781 if (encrypt == 0x00) {
2782 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2783 l2cap_sock_clear_timer(sk);
2784 l2cap_sock_set_timer(sk, HZ * 5);
2785 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2786 __l2cap_sock_close(sk, ECONNREFUSED);
2787 } else {
2788 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2789 l2cap_sock_clear_timer(sk);
2790 }
2791}
2792
8c1b2355 2793static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 2794{
2795 struct l2cap_chan_list *l;
0139418c 2796 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2797 struct sock *sk;
1da177e4 2798
0139418c 2799 if (!conn)
1da177e4 2800 return 0;
0139418c 2801
1da177e4
LT		 2802 l = &conn->chan_list;
2803
2804 BT_DBG("conn %p", conn);
2805
2806 read_lock(&l->lock);
2807
2808 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2809 bh_lock_sock(sk);
2810
6a8d3010
MH		 2811 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2812 bh_unlock_sock(sk);
2813 continue;
2814 }
2815
f62e4323 2816 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 2817 sk->sk_state == BT_CONFIG)) {
f62e4323 2818 l2cap_check_encryption(sk, encrypt);
9719f8af
MH		 2819 bh_unlock_sock(sk);
2820 continue;
2821 }
2822
b1235d79
MH		 2823 if (sk->sk_state == BT_CONNECT) {
2824 if (!status) {
2825 struct l2cap_conn_req req;
2826 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2827 req.psm = l2cap_pi(sk)->psm;
1da177e4 2828
b1235d79 2829 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1da177e4 2830
b1235d79
MH		 2831 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2832 L2CAP_CONN_REQ, sizeof(req), &req);
2833 } else {
2834 l2cap_sock_clear_timer(sk);
2835 l2cap_sock_set_timer(sk, HZ / 10);
2836 }
2837 } else if (sk->sk_state == BT_CONNECT2) {
2838 struct l2cap_conn_rsp rsp;
2839 __u16 result;
1da177e4 2840
b1235d79
MH		 2841 if (!status) {
2842 sk->sk_state = BT_CONFIG;
2843 result = L2CAP_CR_SUCCESS;
2844 } else {
2845 sk->sk_state = BT_DISCONN;
2846 l2cap_sock_set_timer(sk, HZ / 10);
2847 result = L2CAP_CR_SEC_BLOCK;
2848 }
2849
2850 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2851 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2852 rsp.result = cpu_to_le16(result);
e7c29cb1 2853 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2854 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2855 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2856 }
1da177e4
LT		 2857
2858 bh_unlock_sock(sk);
2859 }
2860
2861 read_unlock(&l->lock);
b1235d79 2862
1da177e4
LT		 2863 return 0;
2864}
2865
2866static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2867{
2868 struct l2cap_conn *conn = hcon->l2cap_data;
2869
2870 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2871 goto drop;
2872
2873 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2874
2875 if (flags & ACL_START) {
2876 struct l2cap_hdr *hdr;
2877 int len;
2878
2879 if (conn->rx_len) {
2880 BT_ERR("Unexpected start frame (len %d)", skb->len);
2881 kfree_skb(conn->rx_skb);
2882 conn->rx_skb = NULL;
2883 conn->rx_len = 0;
2884 l2cap_conn_unreliable(conn, ECOMM);
2885 }
2886
2887 if (skb->len < 2) {
2888 BT_ERR("Frame is too short (len %d)", skb->len);
2889 l2cap_conn_unreliable(conn, ECOMM);
2890 goto drop;
2891 }
2892
2893 hdr = (struct l2cap_hdr *) skb->data;
2894 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2895
2896 if (len == skb->len) {
2897 /* Complete frame received */
2898 l2cap_recv_frame(conn, skb);
2899 return 0;
2900 }
2901
2902 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2903
2904 if (skb->len > len) {
2905 BT_ERR("Frame is too long (len %d, expected len %d)",
2906 skb->len, len);
2907 l2cap_conn_unreliable(conn, ECOMM);
2908 goto drop;
2909 }
2910
2911 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 2912 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2913 if (!conn->rx_skb)
1da177e4
LT		 2914 goto drop;
2915
d626f62b 2916 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 2917 skb->len);
1da177e4
LT		 2918 conn->rx_len = len - skb->len;
2919 } else {
2920 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2921
2922 if (!conn->rx_len) {
2923 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2924 l2cap_conn_unreliable(conn, ECOMM);
2925 goto drop;
2926 }
2927
2928 if (skb->len > conn->rx_len) {
2929 BT_ERR("Fragment is too long (len %d, expected %d)",
2930 skb->len, conn->rx_len);
2931 kfree_skb(conn->rx_skb);
2932 conn->rx_skb = NULL;
2933 conn->rx_len = 0;
2934 l2cap_conn_unreliable(conn, ECOMM);
2935 goto drop;
2936 }
2937
d626f62b 2938 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 2939 skb->len);
1da177e4
LT		 2940 conn->rx_len -= skb->len;
2941
2942 if (!conn->rx_len) {
2943 /* Complete frame received */
2944 l2cap_recv_frame(conn, conn->rx_skb);
2945 conn->rx_skb = NULL;
2946 }
2947 }
2948
2949drop:
2950 kfree_skb(skb);
2951 return 0;
2952}
2953
be9d1227 2954static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2955{
2956 struct sock *sk;
2957 struct hlist_node *node;
be9d1227 2958 char *str = buf;
1da177e4
LT		 2959
2960 read_lock_bh(&l2cap_sk_list.lock);
2961
be9d1227
MH		 2962 sk_for_each(sk, node, &l2cap_sk_list.head) {
2963 struct l2cap_pinfo *pi = l2cap_pi(sk);
1da177e4 2964
2af6b9d5 2965 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
be9d1227 2966 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
b4324b5d
MH		 2967 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
2968 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
be9d1227 2969 }
1da177e4 2970
1da177e4 2971 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 2972
af05b30b 2973 return str - buf;
1da177e4
LT		 2974}
2975
be9d1227 2976static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
1da177e4 2977
90ddc4f0 2978static const struct proto_ops l2cap_sock_ops = {
1da177e4
LT		 2979 .family = PF_BLUETOOTH,
2980 .owner = THIS_MODULE,
2981 .release = l2cap_sock_release,
2982 .bind = l2cap_sock_bind,
2983 .connect = l2cap_sock_connect,
2984 .listen = l2cap_sock_listen,
2985 .accept = l2cap_sock_accept,
2986 .getname = l2cap_sock_getname,
2987 .sendmsg = l2cap_sock_sendmsg,
f66dc81f 2988 .recvmsg = l2cap_sock_recvmsg,
1da177e4 2989 .poll = bt_sock_poll,
3241ad82 2990 .ioctl = bt_sock_ioctl,
1da177e4
LT		 2991 .mmap = sock_no_mmap,
2992 .socketpair = sock_no_socketpair,
1da177e4
LT		 2993 .shutdown = l2cap_sock_shutdown,
2994 .setsockopt = l2cap_sock_setsockopt,
2995 .getsockopt = l2cap_sock_getsockopt
2996};
2997
2998static struct net_proto_family l2cap_sock_family_ops = {
2999 .family = PF_BLUETOOTH,
3000 .owner = THIS_MODULE,
3001 .create = l2cap_sock_create,
3002};
3003
3004static struct hci_proto l2cap_hci_proto = {
3005 .name = "L2CAP",
3006 .id = HCI_PROTO_L2CAP,
3007 .connect_ind = l2cap_connect_ind,
3008 .connect_cfm = l2cap_connect_cfm,
3009 .disconn_ind = l2cap_disconn_ind,
2950f21a 3010 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 3011 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 3012 .recv_acldata = l2cap_recv_acldata
3013};
3014
3015static int __init l2cap_init(void)
3016{
3017 int err;
be9d1227 3018
1da177e4
LT		 3019 err = proto_register(&l2cap_proto, 0);
3020 if (err < 0)
3021 return err;
3022
3023 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
3024 if (err < 0) {
3025 BT_ERR("L2CAP socket registration failed");
3026 goto error;
3027 }
3028
3029 err = hci_register_proto(&l2cap_hci_proto);
3030 if (err < 0) {
3031 BT_ERR("L2CAP protocol registration failed");
3032 bt_sock_unregister(BTPROTO_L2CAP);
3033 goto error;
3034 }
3035
df5c37ea
MH		 3036 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
3037 BT_ERR("Failed to create L2CAP info file");
1da177e4
LT		 3038
3039 BT_INFO("L2CAP ver %s", VERSION);
3040 BT_INFO("L2CAP socket layer initialized");
3041
3042 return 0;
3043
3044error:
3045 proto_unregister(&l2cap_proto);
3046 return err;
3047}
3048
3049static void __exit l2cap_exit(void)
3050{
a91f2e39 3051 class_remove_file(bt_class, &class_attr_l2cap);
1da177e4
LT		 3052
3053 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
3054 BT_ERR("L2CAP socket unregistration failed");
3055
3056 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
3057 BT_ERR("L2CAP protocol unregistration failed");
3058
3059 proto_unregister(&l2cap_proto);
3060}
3061
3062void l2cap_load(void)
3063{
3064 /* Dummy function to trigger automatic L2CAP module loading by
3065 * other modules that use L2CAP sockets but don't use any other
3066 * symbols from it. */
3067 return;
3068}
3069EXPORT_SYMBOL(l2cap_load);
3070
3071module_init(l2cap_init);
3072module_exit(l2cap_exit);
3073
44dd46de
MH		 3074module_param(enable_ertm, bool, 0644);
3075MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
3076
63fbd24e 3077MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 3078MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
3079MODULE_VERSION(VERSION);
3080MODULE_LICENSE("GPL");
3081MODULE_ALIAS("bt-proto-0");
kernel source for telekom puls (alcatel/mediatek)