projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Submit bulk URBs along with interrupt URBs
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
1da177e4 41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
1da177e4
LT		 43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
5f9018af 53#define VERSION "2.12"
f0709e03
MH		 54
55static u32 l2cap_feat_mask = 0x0000;
1da177e4 56
90ddc4f0 57static const struct proto_ops l2cap_sock_ops;
1da177e4
LT		 58
59static struct bt_sock_list l2cap_sk_list = {
d5fb2962 60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 61};
62
1da177e4
LT		 63static void __l2cap_sock_close(struct sock *sk, int reason);
64static void l2cap_sock_close(struct sock *sk);
65static void l2cap_sock_kill(struct sock *sk);
66
67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
69
70/* ---- L2CAP timers ---- */
71static void l2cap_sock_timeout(unsigned long arg)
72{
73 struct sock *sk = (struct sock *) arg;
b1235d79 74 int reason;
1da177e4
LT		 75
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77
78 bh_lock_sock(sk);
b1235d79 79
f62e4323
MH		 80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
81 reason = ECONNREFUSED;
82 else if (sk->sk_state == BT_CONNECT &&
2af6b9d5 83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
b1235d79
MH		 84 reason = ECONNREFUSED;
85 else
86 reason = ETIMEDOUT;
87
88 __l2cap_sock_close(sk, reason);
89
1da177e4
LT		 90 bh_unlock_sock(sk);
91
92 l2cap_sock_kill(sk);
93 sock_put(sk);
94}
95
96static void l2cap_sock_set_timer(struct sock *sk, long timeout)
97{
98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
100}
101
102static void l2cap_sock_clear_timer(struct sock *sk)
103{
104 BT_DBG("sock %p state %d", sk, sk->sk_state);
105 sk_stop_timer(sk, &sk->sk_timer);
106}
107
0139418c
MH		 108/* ---- L2CAP channels ---- */
109static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
110{
111 struct sock *s;
112 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
113 if (l2cap_pi(s)->dcid == cid)
114 break;
115 }
116 return s;
117}
118
119static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
120{
121 struct sock *s;
122 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
123 if (l2cap_pi(s)->scid == cid)
124 break;
125 }
126 return s;
127}
128
129/* Find channel with given SCID.
130 * Returns locked socket */
131static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
132{
133 struct sock *s;
134 read_lock(&l->lock);
135 s = __l2cap_get_chan_by_scid(l, cid);
136 if (s) bh_lock_sock(s);
137 read_unlock(&l->lock);
138 return s;
139}
140
141static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
142{
143 struct sock *s;
144 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
145 if (l2cap_pi(s)->ident == ident)
146 break;
147 }
148 return s;
149}
150
151static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152{
153 struct sock *s;
154 read_lock(&l->lock);
155 s = __l2cap_get_chan_by_ident(l, ident);
156 if (s) bh_lock_sock(s);
157 read_unlock(&l->lock);
158 return s;
159}
160
161static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
162{
163 u16 cid = 0x0040;
164
165 for (; cid < 0xffff; cid++) {
166 if(!__l2cap_get_chan_by_scid(l, cid))
167 return cid;
168 }
169
170 return 0;
171}
172
173static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
174{
175 sock_hold(sk);
176
177 if (l->head)
178 l2cap_pi(l->head)->prev_c = sk;
179
180 l2cap_pi(sk)->next_c = l->head;
181 l2cap_pi(sk)->prev_c = NULL;
182 l->head = sk;
183}
184
185static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
186{
187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
188
fd1278d7 189 write_lock_bh(&l->lock);
0139418c
MH		 190 if (sk == l->head)
191 l->head = next;
192
193 if (next)
194 l2cap_pi(next)->prev_c = prev;
195 if (prev)
196 l2cap_pi(prev)->next_c = next;
fd1278d7 197 write_unlock_bh(&l->lock);
0139418c
MH		 198
199 __sock_put(sk);
200}
201
202static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
203{
204 struct l2cap_chan_list *l = &conn->chan_list;
205
206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
207
208 l2cap_pi(sk)->conn = conn;
209
210 if (sk->sk_type == SOCK_SEQPACKET) {
211 /* Alloc CID for connection-oriented socket */
212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
213 } else if (sk->sk_type == SOCK_DGRAM) {
214 /* Connectionless socket */
215 l2cap_pi(sk)->scid = 0x0002;
216 l2cap_pi(sk)->dcid = 0x0002;
217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
218 } else {
219 /* Raw socket can send/recv signalling messages only */
220 l2cap_pi(sk)->scid = 0x0001;
221 l2cap_pi(sk)->dcid = 0x0001;
222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
223 }
224
225 __l2cap_chan_link(l, sk);
226
227 if (parent)
228 bt_accept_enqueue(parent, sk);
229}
230
8e87d142 231/* Delete channel.
0139418c
MH		 232 * Must be called on the locked socket. */
233static void l2cap_chan_del(struct sock *sk, int err)
234{
235 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
236 struct sock *parent = bt_sk(sk)->parent;
237
238 l2cap_sock_clear_timer(sk);
239
240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
241
8e87d142 242 if (conn) {
0139418c
MH		 243 /* Unlink from channel list */
244 l2cap_chan_unlink(&conn->chan_list, sk);
245 l2cap_pi(sk)->conn = NULL;
246 hci_conn_put(conn->hcon);
247 }
248
b1235d79 249 sk->sk_state = BT_CLOSED;
0139418c
MH		 250 sock_set_flag(sk, SOCK_ZAPPED);
251
252 if (err)
253 sk->sk_err = err;
254
255 if (parent) {
256 bt_accept_unlink(sk);
257 parent->sk_data_ready(parent, 0);
258 } else
259 sk->sk_state_change(sk);
260}
261
79d554a6 262/* Service level security */
2af6b9d5 263static inline int l2cap_check_security(struct sock *sk)
79d554a6
MH		 264{
265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
266
2af6b9d5 267 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
79d554a6
MH		 268}
269
4e8402a3
MH		 270static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
271{
272 u8 id;
273
274 /* Get next available identificator.
275 * 1 - 128 are used by kernel.
276 * 129 - 199 are reserved.
277 * 200 - 254 are used by utilities like l2ping, etc.
278 */
279
280 spin_lock_bh(&conn->lock);
281
282 if (++conn->tx_ident > 128)
283 conn->tx_ident = 1;
284
285 id = conn->tx_ident;
286
287 spin_unlock_bh(&conn->lock);
288
289 return id;
290}
291
292static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
293{
294 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
295
296 BT_DBG("code 0x%2.2x", code);
297
298 if (!skb)
299 return -ENOMEM;
300
301 return hci_send_acl(conn->hcon, skb, 0);
302}
303
79d554a6
MH		 304static void l2cap_do_start(struct sock *sk)
305{
306 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
307
308 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 309 if (l2cap_check_security(sk)) {
b1235d79
MH		 310 struct l2cap_conn_req req;
311 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
312 req.psm = l2cap_pi(sk)->psm;
79d554a6 313
b1235d79 314 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 315
b1235d79 316 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 317 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 318 }
79d554a6
MH		 319 } else {
320 struct l2cap_info_req req;
321 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
322
323 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
324 conn->info_ident = l2cap_get_ident(conn);
325
326 mod_timer(&conn->info_timer, jiffies +
327 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
328
329 l2cap_send_cmd(conn, conn->info_ident,
330 L2CAP_INFO_REQ, sizeof(req), &req);
331 }
332}
333
1da177e4 334/* ---- L2CAP connections ---- */
4e8402a3
MH		 335static void l2cap_conn_start(struct l2cap_conn *conn)
336{
337 struct l2cap_chan_list *l = &conn->chan_list;
338 struct sock *sk;
339
340 BT_DBG("conn %p", conn);
341
342 read_lock(&l->lock);
343
344 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
345 bh_lock_sock(sk);
346
347 if (sk->sk_type != SOCK_SEQPACKET) {
79d554a6
MH		 348 bh_unlock_sock(sk);
349 continue;
350 }
351
352 if (sk->sk_state == BT_CONNECT) {
2af6b9d5 353 if (l2cap_check_security(sk)) {
b1235d79
MH		 354 struct l2cap_conn_req req;
355 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
356 req.psm = l2cap_pi(sk)->psm;
79d554a6 357
b1235d79 358 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 359
b1235d79 360 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4e8402a3 361 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 362 }
79d554a6
MH		 363 } else if (sk->sk_state == BT_CONNECT2) {
364 struct l2cap_conn_rsp rsp;
365 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
366 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
367
2af6b9d5 368 if (l2cap_check_security(sk)) {
f66dc81f
MH		 369 if (bt_sk(sk)->defer_setup) {
370 struct sock *parent = bt_sk(sk)->parent;
371 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
372 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
373 parent->sk_data_ready(parent, 0);
374
375 } else {
376 sk->sk_state = BT_CONFIG;
377 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
378 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
379 }
79d554a6
MH		 380 } else {
381 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
382 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
383 }
384
385 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
386 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4e8402a3
MH		 387 }
388
389 bh_unlock_sock(sk);
390 }
391
392 read_unlock(&l->lock);
393}
394
395static void l2cap_conn_ready(struct l2cap_conn *conn)
396{
79d554a6
MH		 397 struct l2cap_chan_list *l = &conn->chan_list;
398 struct sock *sk;
4e8402a3 399
79d554a6 400 BT_DBG("conn %p", conn);
4e8402a3 401
79d554a6 402 read_lock(&l->lock);
4e8402a3 403
79d554a6
MH		 404 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
405 bh_lock_sock(sk);
4e8402a3 406
79d554a6
MH		 407 if (sk->sk_type != SOCK_SEQPACKET) {
408 l2cap_sock_clear_timer(sk);
409 sk->sk_state = BT_CONNECTED;
410 sk->sk_state_change(sk);
411 } else if (sk->sk_state == BT_CONNECT)
412 l2cap_do_start(sk);
4e8402a3 413
79d554a6 414 bh_unlock_sock(sk);
4e8402a3 415 }
79d554a6
MH		 416
417 read_unlock(&l->lock);
4e8402a3
MH		 418}
419
420/* Notify sockets that we cannot guaranty reliability anymore */
421static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
422{
423 struct l2cap_chan_list *l = &conn->chan_list;
424 struct sock *sk;
425
426 BT_DBG("conn %p", conn);
427
428 read_lock(&l->lock);
429
430 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 431 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 432 sk->sk_err = err;
433 }
434
435 read_unlock(&l->lock);
436}
437
438static void l2cap_info_timeout(unsigned long arg)
439{
440 struct l2cap_conn *conn = (void *) arg;
441
442 conn->info_ident = 0;
443
444 l2cap_conn_start(conn);
445}
446
1da177e4
LT		 447static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
448{
0139418c 449 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 450
0139418c 451 if (conn || status)
1da177e4
LT		 452 return conn;
453
0139418c
MH		 454 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
455 if (!conn)
1da177e4 456 return NULL;
1da177e4
LT		 457
458 hcon->l2cap_data = conn;
459 conn->hcon = hcon;
460
0139418c
MH		 461 BT_DBG("hcon %p conn %p", hcon, conn);
462
1da177e4
LT		 463 conn->mtu = hcon->hdev->acl_mtu;
464 conn->src = &hcon->hdev->bdaddr;
465 conn->dst = &hcon->dst;
466
4e8402a3
MH		 467 conn->feat_mask = 0;
468
b1235d79
MH		 469 setup_timer(&conn->info_timer, l2cap_info_timeout,
470 (unsigned long) conn);
4e8402a3 471
1da177e4
LT		 472 spin_lock_init(&conn->lock);
473 rwlock_init(&conn->chan_list.lock);
474
1da177e4
LT		 475 return conn;
476}
477
0139418c 478static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 479{
0139418c 480 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 481 struct sock *sk;
482
0139418c
MH		 483 if (!conn)
484 return;
1da177e4
LT		 485
486 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
487
488 if (conn->rx_skb)
489 kfree_skb(conn->rx_skb);
490
491 /* Kill channels */
492 while ((sk = conn->chan_list.head)) {
493 bh_lock_sock(sk);
494 l2cap_chan_del(sk, err);
495 bh_unlock_sock(sk);
496 l2cap_sock_kill(sk);
497 }
498
8e8440f5
DY		 499 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
500 del_timer_sync(&conn->info_timer);
3ab22731 501
1da177e4
LT		 502 hcon->l2cap_data = NULL;
503 kfree(conn);
1da177e4
LT		 504}
505
506static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
507{
508 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 509 write_lock_bh(&l->lock);
1da177e4 510 __l2cap_chan_add(conn, sk, parent);
fd1278d7 511 write_unlock_bh(&l->lock);
1da177e4
LT		 512}
513
1da177e4 514/* ---- Socket interface ---- */
8e036fc3 515static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
1da177e4
LT		 516{
517 struct sock *sk;
518 struct hlist_node *node;
519 sk_for_each(sk, node, &l2cap_sk_list.head)
520 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
521 goto found;
522 sk = NULL;
523found:
524 return sk;
525}
526
527/* Find socket with psm and source bdaddr.
528 * Returns closest match.
529 */
8e036fc3 530static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 531{
532 struct sock *sk = NULL, *sk1 = NULL;
533 struct hlist_node *node;
534
535 sk_for_each(sk, node, &l2cap_sk_list.head) {
536 if (state && sk->sk_state != state)
537 continue;
538
539 if (l2cap_pi(sk)->psm == psm) {
540 /* Exact match. */
541 if (!bacmp(&bt_sk(sk)->src, src))
542 break;
543
544 /* Closest match */
545 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
546 sk1 = sk;
547 }
548 }
549 return node ? sk : sk1;
550}
551
552/* Find socket with given address (psm, src).
553 * Returns locked socket */
8e036fc3 554static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 555{
556 struct sock *s;
557 read_lock(&l2cap_sk_list.lock);
558 s = __l2cap_get_sock_by_psm(state, psm, src);
559 if (s) bh_lock_sock(s);
560 read_unlock(&l2cap_sk_list.lock);
561 return s;
562}
563
564static void l2cap_sock_destruct(struct sock *sk)
565{
566 BT_DBG("sk %p", sk);
567
568 skb_queue_purge(&sk->sk_receive_queue);
569 skb_queue_purge(&sk->sk_write_queue);
570}
571
572static void l2cap_sock_cleanup_listen(struct sock *parent)
573{
574 struct sock *sk;
575
576 BT_DBG("parent %p", parent);
577
578 /* Close not yet accepted channels */
579 while ((sk = bt_accept_dequeue(parent, NULL)))
580 l2cap_sock_close(sk);
581
b1235d79 582 parent->sk_state = BT_CLOSED;
1da177e4
LT		 583 sock_set_flag(parent, SOCK_ZAPPED);
584}
585
586/* Kill socket (only if zapped and orphan)
587 * Must be called on unlocked socket.
588 */
589static void l2cap_sock_kill(struct sock *sk)
590{
591 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
592 return;
593
594 BT_DBG("sk %p state %d", sk, sk->sk_state);
595
596 /* Kill poor orphan */
597 bt_sock_unlink(&l2cap_sk_list, sk);
598 sock_set_flag(sk, SOCK_DEAD);
599 sock_put(sk);
600}
601
602static void __l2cap_sock_close(struct sock *sk, int reason)
603{
604 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
605
606 switch (sk->sk_state) {
607 case BT_LISTEN:
608 l2cap_sock_cleanup_listen(sk);
609 break;
610
611 case BT_CONNECTED:
612 case BT_CONFIG:
1da177e4
LT		 613 if (sk->sk_type == SOCK_SEQPACKET) {
614 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
615 struct l2cap_disconn_req req;
616
617 sk->sk_state = BT_DISCONN;
618 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
619
aca3192c
YH		 620 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
621 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 622 l2cap_send_cmd(conn, l2cap_get_ident(conn),
623 L2CAP_DISCONN_REQ, sizeof(req), &req);
b1235d79 624 } else
1da177e4 625 l2cap_chan_del(sk, reason);
1da177e4
LT		 626 break;
627
f66dc81f
MH		 628 case BT_CONNECT2:
629 if (sk->sk_type == SOCK_SEQPACKET) {
630 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
631 struct l2cap_conn_rsp rsp;
632 __u16 result;
633
634 if (bt_sk(sk)->defer_setup)
635 result = L2CAP_CR_SEC_BLOCK;
636 else
637 result = L2CAP_CR_BAD_PSM;
638
639 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
640 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
641 rsp.result = cpu_to_le16(result);
642 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
643 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
644 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
645 } else
646 l2cap_chan_del(sk, reason);
647 break;
648
1da177e4
LT		 649 case BT_CONNECT:
650 case BT_DISCONN:
651 l2cap_chan_del(sk, reason);
652 break;
653
654 default:
655 sock_set_flag(sk, SOCK_ZAPPED);
656 break;
657 }
658}
659
660/* Must be called on unlocked socket. */
661static void l2cap_sock_close(struct sock *sk)
662{
663 l2cap_sock_clear_timer(sk);
664 lock_sock(sk);
665 __l2cap_sock_close(sk, ECONNRESET);
666 release_sock(sk);
667 l2cap_sock_kill(sk);
668}
669
670static void l2cap_sock_init(struct sock *sk, struct sock *parent)
671{
672 struct l2cap_pinfo *pi = l2cap_pi(sk);
673
674 BT_DBG("sk %p", sk);
675
676 if (parent) {
677 sk->sk_type = parent->sk_type;
f66dc81f
MH		 678 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
679
1da177e4
LT		 680 pi->imtu = l2cap_pi(parent)->imtu;
681 pi->omtu = l2cap_pi(parent)->omtu;
2af6b9d5
MH		 682 pi->sec_level = l2cap_pi(parent)->sec_level;
683 pi->role_switch = l2cap_pi(parent)->role_switch;
684 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1da177e4
LT		 685 } else {
686 pi->imtu = L2CAP_DEFAULT_MTU;
687 pi->omtu = 0;
2af6b9d5
MH		 688 pi->sec_level = BT_SECURITY_LOW;
689 pi->role_switch = 0;
690 pi->force_reliable = 0;
1da177e4
LT		 691 }
692
693 /* Default config options */
5dee9e7c 694 pi->conf_len = 0;
1da177e4
LT		 695 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
696}
697
698static struct proto l2cap_proto = {
699 .name = "L2CAP",
700 .owner = THIS_MODULE,
701 .obj_size = sizeof(struct l2cap_pinfo)
702};
703
1b8d7ae4 704static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 705{
706 struct sock *sk;
707
6257ff21 708 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1da177e4
LT		 709 if (!sk)
710 return NULL;
711
712 sock_init_data(sock, sk);
713 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
714
715 sk->sk_destruct = l2cap_sock_destruct;
4e8402a3 716 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1da177e4
LT		 717
718 sock_reset_flag(sk, SOCK_ZAPPED);
719
720 sk->sk_protocol = proto;
b1235d79 721 sk->sk_state = BT_OPEN;
1da177e4 722
b1235d79 723 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1da177e4
LT		 724
725 bt_sock_link(&l2cap_sk_list, sk);
726 return sk;
727}
728
1b8d7ae4 729static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 730{
731 struct sock *sk;
732
733 BT_DBG("sock %p", sock);
734
735 sock->state = SS_UNCONNECTED;
736
737 if (sock->type != SOCK_SEQPACKET &&
738 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
739 return -ESOCKTNOSUPPORT;
740
741 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
742 return -EPERM;
743
744 sock->ops = &l2cap_sock_ops;
745
1b8d7ae4 746 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1da177e4
LT		 747 if (!sk)
748 return -ENOMEM;
749
750 l2cap_sock_init(sk, NULL);
751 return 0;
752}
753
754static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
755{
756 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
757 struct sock *sk = sock->sk;
758 int err = 0;
759
760 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
761
762 if (!addr || addr->sa_family != AF_BLUETOOTH)
763 return -EINVAL;
764
765 lock_sock(sk);
766
767 if (sk->sk_state != BT_OPEN) {
768 err = -EBADFD;
769 goto done;
770 }
771
8e036fc3 772 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
847641d7
MH		 773 !capable(CAP_NET_BIND_SERVICE)) {
774 err = -EACCES;
775 goto done;
776 }
8e87d142 777
1da177e4
LT		 778 write_lock_bh(&l2cap_sk_list.lock);
779
780 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
781 err = -EADDRINUSE;
782 } else {
783 /* Save source address */
784 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
785 l2cap_pi(sk)->psm = la->l2_psm;
786 l2cap_pi(sk)->sport = la->l2_psm;
787 sk->sk_state = BT_BOUND;
2af6b9d5
MH		 788
789 if (btohs(la->l2_psm) == 0x0001)
790 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1da177e4
LT		 791 }
792
793 write_unlock_bh(&l2cap_sk_list.lock);
794
795done:
796 release_sock(sk);
797 return err;
798}
799
800static int l2cap_do_connect(struct sock *sk)
801{
802 bdaddr_t *src = &bt_sk(sk)->src;
803 bdaddr_t *dst = &bt_sk(sk)->dst;
804 struct l2cap_conn *conn;
805 struct hci_conn *hcon;
806 struct hci_dev *hdev;
09ab6f4c 807 __u8 auth_type;
1da177e4
LT		 808 int err = 0;
809
810 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
811
812 if (!(hdev = hci_get_route(dst, src)))
813 return -EHOSTUNREACH;
814
815 hci_dev_lock_bh(hdev);
816
817 err = -ENOMEM;
818
8c1b2355 819 if (sk->sk_type == SOCK_RAW) {
2af6b9d5
MH		 820 switch (l2cap_pi(sk)->sec_level) {
821 case BT_SECURITY_HIGH:
8c1b2355 822 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2af6b9d5
MH		 823 break;
824 case BT_SECURITY_MEDIUM:
8c1b2355 825 auth_type = HCI_AT_DEDICATED_BONDING;
2af6b9d5
MH		 826 break;
827 default:
09ab6f4c 828 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 829 break;
830 }
8c1b2355 831 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
2af6b9d5 832 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8c1b2355 833 auth_type = HCI_AT_NO_BONDING_MITM;
09ab6f4c 834 else
8c1b2355
MH		 835 auth_type = HCI_AT_NO_BONDING;
836 } else {
2af6b9d5
MH		 837 switch (l2cap_pi(sk)->sec_level) {
838 case BT_SECURITY_HIGH:
8c1b2355 839 auth_type = HCI_AT_GENERAL_BONDING_MITM;
2af6b9d5
MH		 840 break;
841 case BT_SECURITY_MEDIUM:
09ab6f4c 842 auth_type = HCI_AT_GENERAL_BONDING;
2af6b9d5
MH		 843 break;
844 default:
8c1b2355 845 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 846 break;
847 }
09ab6f4c
MH		 848 }
849
2af6b9d5
MH		 850 hcon = hci_connect(hdev, ACL_LINK, dst,
851 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 852 if (!hcon)
853 goto done;
854
855 conn = l2cap_conn_add(hcon, 0);
856 if (!conn) {
857 hci_conn_put(hcon);
858 goto done;
859 }
860
861 err = 0;
862
863 /* Update source addr of the socket */
864 bacpy(src, conn->src);
865
866 l2cap_chan_add(conn, sk, NULL);
867
868 sk->sk_state = BT_CONNECT;
869 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
870
871 if (hcon->state == BT_CONNECTED) {
79d554a6 872 if (sk->sk_type != SOCK_SEQPACKET) {
1da177e4
LT		 873 l2cap_sock_clear_timer(sk);
874 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 875 } else
876 l2cap_do_start(sk);
1da177e4
LT		 877 }
878
879done:
880 hci_dev_unlock_bh(hdev);
881 hci_dev_put(hdev);
882 return err;
883}
884
885static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
886{
887 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
888 struct sock *sk = sock->sk;
889 int err = 0;
890
891 lock_sock(sk);
892
893 BT_DBG("sk %p", sk);
894
895 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
896 err = -EINVAL;
897 goto done;
898 }
899
900 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
901 err = -EINVAL;
902 goto done;
903 }
904
905 switch(sk->sk_state) {
906 case BT_CONNECT:
907 case BT_CONNECT2:
908 case BT_CONFIG:
909 /* Already connecting */
910 goto wait;
911
912 case BT_CONNECTED:
913 /* Already connected */
914 goto done;
915
916 case BT_OPEN:
917 case BT_BOUND:
918 /* Can connect */
919 break;
920
921 default:
922 err = -EBADFD;
923 goto done;
924 }
925
926 /* Set destination address and psm */
927 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
928 l2cap_pi(sk)->psm = la->l2_psm;
929
930 if ((err = l2cap_do_connect(sk)))
931 goto done;
932
933wait:
934 err = bt_sock_wait_state(sk, BT_CONNECTED,
935 sock_sndtimeo(sk, flags & O_NONBLOCK));
936done:
937 release_sock(sk);
938 return err;
939}
940
941static int l2cap_sock_listen(struct socket *sock, int backlog)
942{
943 struct sock *sk = sock->sk;
944 int err = 0;
945
946 BT_DBG("sk %p backlog %d", sk, backlog);
947
948 lock_sock(sk);
949
950 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
951 err = -EBADFD;
952 goto done;
953 }
954
955 if (!l2cap_pi(sk)->psm) {
956 bdaddr_t *src = &bt_sk(sk)->src;
957 u16 psm;
958
959 err = -EINVAL;
960
961 write_lock_bh(&l2cap_sk_list.lock);
962
963 for (psm = 0x1001; psm < 0x1100; psm += 2)
6dc0c208 964 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1da177e4
LT		 965 l2cap_pi(sk)->psm = htobs(psm);
966 l2cap_pi(sk)->sport = htobs(psm);
967 err = 0;
968 break;
969 }
970
971 write_unlock_bh(&l2cap_sk_list.lock);
972
973 if (err < 0)
974 goto done;
975 }
976
977 sk->sk_max_ack_backlog = backlog;
978 sk->sk_ack_backlog = 0;
979 sk->sk_state = BT_LISTEN;
980
981done:
982 release_sock(sk);
983 return err;
984}
985
986static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
987{
988 DECLARE_WAITQUEUE(wait, current);
989 struct sock *sk = sock->sk, *nsk;
990 long timeo;
991 int err = 0;
992
fcc70d5f 993 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 994
995 if (sk->sk_state != BT_LISTEN) {
996 err = -EBADFD;
997 goto done;
998 }
999
1000 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1001
1002 BT_DBG("sk %p timeo %ld", sk, timeo);
1003
1004 /* Wait for an incoming connection. (wake-one). */
1005 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1006 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1007 set_current_state(TASK_INTERRUPTIBLE);
1008 if (!timeo) {
1009 err = -EAGAIN;
1010 break;
1011 }
1012
1013 release_sock(sk);
1014 timeo = schedule_timeout(timeo);
fcc70d5f 1015 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1016
1017 if (sk->sk_state != BT_LISTEN) {
1018 err = -EBADFD;
1019 break;
1020 }
1021
1022 if (signal_pending(current)) {
1023 err = sock_intr_errno(timeo);
1024 break;
1025 }
1026 }
1027 set_current_state(TASK_RUNNING);
1028 remove_wait_queue(sk->sk_sleep, &wait);
1029
1030 if (err)
1031 goto done;
1032
1033 newsock->state = SS_CONNECTED;
1034
1035 BT_DBG("new socket %p", nsk);
1036
1037done:
1038 release_sock(sk);
1039 return err;
1040}
1041
1042static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1043{
1044 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1045 struct sock *sk = sock->sk;
1046
1047 BT_DBG("sock %p, sk %p", sock, sk);
1048
1049 addr->sa_family = AF_BLUETOOTH;
1050 *len = sizeof(struct sockaddr_l2);
1051
1052 if (peer)
1053 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1054 else
1055 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1056
1057 la->l2_psm = l2cap_pi(sk)->psm;
1058 return 0;
1059}
1060
1061static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1062{
1063 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1064 struct sk_buff *skb, **frag;
1065 int err, hlen, count, sent=0;
1066 struct l2cap_hdr *lh;
1067
1068 BT_DBG("sk %p len %d", sk, len);
1069
1070 /* First fragment (with L2CAP header) */
1071 if (sk->sk_type == SOCK_DGRAM)
1072 hlen = L2CAP_HDR_SIZE + 2;
1073 else
1074 hlen = L2CAP_HDR_SIZE;
1075
1076 count = min_t(unsigned int, (conn->mtu - hlen), len);
1077
1078 skb = bt_skb_send_alloc(sk, hlen + count,
1079 msg->msg_flags & MSG_DONTWAIT, &err);
1080 if (!skb)
1081 return err;
1082
1083 /* Create L2CAP header */
1084 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1085 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1086 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1da177e4
LT		 1087
1088 if (sk->sk_type == SOCK_DGRAM)
8e036fc3 1089 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1da177e4
LT		 1090
1091 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1092 err = -EFAULT;
1093 goto fail;
1094 }
1095
1096 sent += count;
1097 len -= count;
1098
1099 /* Continuation fragments (no L2CAP header) */
1100 frag = &skb_shinfo(skb)->frag_list;
1101 while (len) {
1102 count = min_t(unsigned int, conn->mtu, len);
1103
1104 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1105 if (!*frag)
1106 goto fail;
8e87d142 1107
1da177e4
LT		 1108 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1109 err = -EFAULT;
1110 goto fail;
1111 }
1112
1113 sent += count;
1114 len -= count;
1115
1116 frag = &(*frag)->next;
1117 }
1118
1119 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1120 goto fail;
1121
1122 return sent;
1123
1124fail:
1125 kfree_skb(skb);
1126 return err;
1127}
1128
1129static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1130{
1131 struct sock *sk = sock->sk;
1132 int err = 0;
1133
1134 BT_DBG("sock %p, sk %p", sock, sk);
1135
c1cbe4b7
BL		 1136 err = sock_error(sk);
1137 if (err)
1138 return err;
1da177e4
LT		 1139
1140 if (msg->msg_flags & MSG_OOB)
1141 return -EOPNOTSUPP;
1142
1143 /* Check outgoing MTU */
1144 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1145 return -EINVAL;
1146
1147 lock_sock(sk);
1148
1149 if (sk->sk_state == BT_CONNECTED)
1150 err = l2cap_do_send(sk, msg, len);
1151 else
1152 err = -ENOTCONN;
1153
1154 release_sock(sk);
1155 return err;
1156}
1157
f66dc81f
MH		 1158static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1159{
1160 struct sock *sk = sock->sk;
1161
1162 lock_sock(sk);
1163
1164 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1165 struct l2cap_conn_rsp rsp;
1166
1167 sk->sk_state = BT_CONFIG;
1168
1169 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1170 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1171 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1172 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1173 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1174 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1175
1176 release_sock(sk);
1177 return 0;
1178 }
1179
1180 release_sock(sk);
1181
1182 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1183}
1184
d58daf42 1185static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 1186{
1187 struct sock *sk = sock->sk;
1188 struct l2cap_options opts;
1189 int err = 0, len;
1190 u32 opt;
1191
1192 BT_DBG("sk %p", sk);
1193
1194 lock_sock(sk);
1195
1196 switch (optname) {
1197 case L2CAP_OPTIONS:
0878b666
MH		 1198 opts.imtu = l2cap_pi(sk)->imtu;
1199 opts.omtu = l2cap_pi(sk)->omtu;
1200 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1201 opts.mode = L2CAP_MODE_BASIC;
0878b666 1202
1da177e4
LT		 1203 len = min_t(unsigned int, sizeof(opts), optlen);
1204 if (copy_from_user((char *) &opts, optval, len)) {
1205 err = -EFAULT;
1206 break;
1207 }
0878b666 1208
1da177e4
LT		 1209 l2cap_pi(sk)->imtu = opts.imtu;
1210 l2cap_pi(sk)->omtu = opts.omtu;
1211 break;
1212
1213 case L2CAP_LM:
1214 if (get_user(opt, (u32 __user *) optval)) {
1215 err = -EFAULT;
1216 break;
1217 }
1218
2af6b9d5
MH		 1219 if (opt & L2CAP_LM_AUTH)
1220 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1221 if (opt & L2CAP_LM_ENCRYPT)
1222 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1223 if (opt & L2CAP_LM_SECURE)
1224 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1225
1226 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1227 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1da177e4
LT		 1228 break;
1229
1230 default:
1231 err = -ENOPROTOOPT;
1232 break;
1233 }
1234
1235 release_sock(sk);
1236 return err;
1237}
1238
d58daf42
MH		 1239static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1240{
1241 struct sock *sk = sock->sk;
2af6b9d5
MH		 1242 struct bt_security sec;
1243 int len, err = 0;
f66dc81f 1244 u32 opt;
d58daf42
MH		 1245
1246 BT_DBG("sk %p", sk);
1247
1248 if (level == SOL_L2CAP)
1249 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1250
0588d94f
MH		 1251 if (level != SOL_BLUETOOTH)
1252 return -ENOPROTOOPT;
1253
d58daf42
MH		 1254 lock_sock(sk);
1255
1256 switch (optname) {
2af6b9d5 1257 case BT_SECURITY:
0588d94f
MH		 1258 if (sk->sk_type != SOCK_SEQPACKET) {
1259 err = -EINVAL;
1260 break;
1261 }
1262
2af6b9d5
MH		 1263 sec.level = BT_SECURITY_LOW;
1264
1265 len = min_t(unsigned int, sizeof(sec), optlen);
1266 if (copy_from_user((char *) &sec, optval, len)) {
1267 err = -EFAULT;
1268 break;
1269 }
1270
1271 if (sec.level < BT_SECURITY_LOW ||
1272 sec.level > BT_SECURITY_HIGH) {
1273 err = -EINVAL;
1274 break;
1275 }
1276
1277 l2cap_pi(sk)->sec_level = sec.level;
1278 break;
1279
f66dc81f
MH		 1280 case BT_DEFER_SETUP:
1281 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1282 err = -EINVAL;
1283 break;
1284 }
1285
1286 if (get_user(opt, (u32 __user *) optval)) {
1287 err = -EFAULT;
1288 break;
1289 }
1290
1291 bt_sk(sk)->defer_setup = opt;
1292 break;
1293
d58daf42
MH		 1294 default:
1295 err = -ENOPROTOOPT;
1296 break;
1297 }
1298
1299 release_sock(sk);
1300 return err;
1301}
1302
1303static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 1304{
1305 struct sock *sk = sock->sk;
1306 struct l2cap_options opts;
1307 struct l2cap_conninfo cinfo;
1308 int len, err = 0;
2af6b9d5 1309 u32 opt;
1da177e4
LT		 1310
1311 BT_DBG("sk %p", sk);
1312
1313 if (get_user(len, optlen))
1314 return -EFAULT;
1315
1316 lock_sock(sk);
1317
1318 switch (optname) {
1319 case L2CAP_OPTIONS:
1320 opts.imtu = l2cap_pi(sk)->imtu;
1321 opts.omtu = l2cap_pi(sk)->omtu;
1322 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1323 opts.mode = L2CAP_MODE_BASIC;
1da177e4
LT		 1324
1325 len = min_t(unsigned int, len, sizeof(opts));
1326 if (copy_to_user(optval, (char *) &opts, len))
1327 err = -EFAULT;
1328
1329 break;
1330
1331 case L2CAP_LM:
2af6b9d5
MH		 1332 switch (l2cap_pi(sk)->sec_level) {
1333 case BT_SECURITY_LOW:
1334 opt = L2CAP_LM_AUTH;
1335 break;
1336 case BT_SECURITY_MEDIUM:
1337 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1338 break;
1339 case BT_SECURITY_HIGH:
1340 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1341 L2CAP_LM_SECURE;
1342 break;
1343 default:
1344 opt = 0;
1345 break;
1346 }
1347
1348 if (l2cap_pi(sk)->role_switch)
1349 opt |= L2CAP_LM_MASTER;
1350
1351 if (l2cap_pi(sk)->force_reliable)
1352 opt |= L2CAP_LM_RELIABLE;
1353
1354 if (put_user(opt, (u32 __user *) optval))
1da177e4
LT		 1355 err = -EFAULT;
1356 break;
1357
1358 case L2CAP_CONNINFO:
f66dc81f
MH		 1359 if (sk->sk_state != BT_CONNECTED &&
1360 !(sk->sk_state == BT_CONNECT2 &&
1361 bt_sk(sk)->defer_setup)) {
1da177e4
LT		 1362 err = -ENOTCONN;
1363 break;
1364 }
1365
1366 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1367 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1368
1369 len = min_t(unsigned int, len, sizeof(cinfo));
1370 if (copy_to_user(optval, (char *) &cinfo, len))
1371 err = -EFAULT;
1372
1373 break;
1374
1375 default:
1376 err = -ENOPROTOOPT;
1377 break;
1378 }
1379
1380 release_sock(sk);
1381 return err;
1382}
1383
d58daf42
MH		 1384static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1385{
1386 struct sock *sk = sock->sk;
2af6b9d5 1387 struct bt_security sec;
d58daf42
MH		 1388 int len, err = 0;
1389
1390 BT_DBG("sk %p", sk);
1391
1392 if (level == SOL_L2CAP)
1393 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1394
0588d94f
MH		 1395 if (level != SOL_BLUETOOTH)
1396 return -ENOPROTOOPT;
1397
d58daf42
MH		 1398 if (get_user(len, optlen))
1399 return -EFAULT;
1400
1401 lock_sock(sk);
1402
1403 switch (optname) {
2af6b9d5 1404 case BT_SECURITY:
0588d94f
MH		 1405 if (sk->sk_type != SOCK_SEQPACKET) {
1406 err = -EINVAL;
1407 break;
1408 }
1409
2af6b9d5
MH		 1410 sec.level = l2cap_pi(sk)->sec_level;
1411
1412 len = min_t(unsigned int, len, sizeof(sec));
1413 if (copy_to_user(optval, (char *) &sec, len))
1414 err = -EFAULT;
1415
1416 break;
1417
f66dc81f
MH		 1418 case BT_DEFER_SETUP:
1419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1420 err = -EINVAL;
1421 break;
1422 }
1423
1424 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1425 err = -EFAULT;
1426
1427 break;
1428
d58daf42
MH		 1429 default:
1430 err = -ENOPROTOOPT;
1431 break;
1432 }
1433
1434 release_sock(sk);
1435 return err;
1436}
1437
1da177e4
LT		 1438static int l2cap_sock_shutdown(struct socket *sock, int how)
1439{
1440 struct sock *sk = sock->sk;
1441 int err = 0;
1442
1443 BT_DBG("sock %p, sk %p", sock, sk);
1444
1445 if (!sk)
1446 return 0;
1447
1448 lock_sock(sk);
1449 if (!sk->sk_shutdown) {
1450 sk->sk_shutdown = SHUTDOWN_MASK;
1451 l2cap_sock_clear_timer(sk);
1452 __l2cap_sock_close(sk, 0);
1453
1454 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
b1235d79
MH		 1455 err = bt_sock_wait_state(sk, BT_CLOSED,
1456 sk->sk_lingertime);
1da177e4
LT		 1457 }
1458 release_sock(sk);
1459 return err;
1460}
1461
1462static int l2cap_sock_release(struct socket *sock)
1463{
1464 struct sock *sk = sock->sk;
1465 int err;
1466
1467 BT_DBG("sock %p, sk %p", sock, sk);
1468
1469 if (!sk)
1470 return 0;
1471
1472 err = l2cap_sock_shutdown(sock, 2);
1473
1474 sock_orphan(sk);
1475 l2cap_sock_kill(sk);
1476 return err;
1477}
1478
1da177e4
LT		 1479static void l2cap_chan_ready(struct sock *sk)
1480{
1481 struct sock *parent = bt_sk(sk)->parent;
1482
1483 BT_DBG("sk %p, parent %p", sk, parent);
1484
1485 l2cap_pi(sk)->conf_state = 0;
1486 l2cap_sock_clear_timer(sk);
1487
1488 if (!parent) {
1489 /* Outgoing channel.
1490 * Wake up socket sleeping on connect.
1491 */
1492 sk->sk_state = BT_CONNECTED;
1493 sk->sk_state_change(sk);
1494 } else {
1495 /* Incoming channel.
1496 * Wake up socket sleeping on accept.
1497 */
1498 parent->sk_data_ready(parent, 0);
1499 }
1500}
1501
1502/* Copy frame to all raw sockets on that connection */
1503static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1504{
1505 struct l2cap_chan_list *l = &conn->chan_list;
1506 struct sk_buff *nskb;
1507 struct sock * sk;
1508
1509 BT_DBG("conn %p", conn);
1510
1511 read_lock(&l->lock);
1512 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1513 if (sk->sk_type != SOCK_RAW)
1514 continue;
1515
1516 /* Don't send frame to the socket it came from */
1517 if (skb->sk == sk)
1518 continue;
1519
1520 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1521 continue;
1522
1523 if (sock_queue_rcv_skb(sk, nskb))
1524 kfree_skb(nskb);
1525 }
1526 read_unlock(&l->lock);
1527}
1528
1529/* ---- L2CAP signalling commands ---- */
1530static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1531 u8 code, u8 ident, u16 dlen, void *data)
1532{
1533 struct sk_buff *skb, **frag;
1534 struct l2cap_cmd_hdr *cmd;
1535 struct l2cap_hdr *lh;
1536 int len, count;
1537
1538 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1539
1540 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1541 count = min_t(unsigned int, conn->mtu, len);
1542
1543 skb = bt_skb_alloc(count, GFP_ATOMIC);
1544 if (!skb)
1545 return NULL;
1546
1547 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1548 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1549 lh->cid = cpu_to_le16(0x0001);
1da177e4
LT		 1550
1551 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1552 cmd->code = code;
1553 cmd->ident = ident;
aca3192c 1554 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1555
1556 if (dlen) {
1557 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1558 memcpy(skb_put(skb, count), data, count);
1559 data += count;
1560 }
1561
1562 len -= skb->len;
1563
1564 /* Continuation fragments (no L2CAP header) */
1565 frag = &skb_shinfo(skb)->frag_list;
1566 while (len) {
1567 count = min_t(unsigned int, conn->mtu, len);
1568
1569 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1570 if (!*frag)
1571 goto fail;
1572
1573 memcpy(skb_put(*frag, count), data, count);
1574
1575 len -= count;
1576 data += count;
1577
1578 frag = &(*frag)->next;
1579 }
1580
1581 return skb;
1582
1583fail:
1584 kfree_skb(skb);
1585 return NULL;
1586}
1587
1588static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1589{
1590 struct l2cap_conf_opt *opt = *ptr;
1591 int len;
1592
1593 len = L2CAP_CONF_OPT_SIZE + opt->len;
1594 *ptr += len;
1595
1596 *type = opt->type;
1597 *olen = opt->len;
1598
1599 switch (opt->len) {
1600 case 1:
1601 *val = *((u8 *) opt->val);
1602 break;
1603
1604 case 2:
861d6882 1605 *val = __le16_to_cpu(*((__le16 *) opt->val));
1da177e4
LT		 1606 break;
1607
1608 case 4:
861d6882 1609 *val = __le32_to_cpu(*((__le32 *) opt->val));
1da177e4
LT		 1610 break;
1611
1612 default:
1613 *val = (unsigned long) opt->val;
1614 break;
1615 }
1616
1617 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1618 return len;
1619}
1620
1da177e4
LT		 1621static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1622{
1623 struct l2cap_conf_opt *opt = *ptr;
1624
1625 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1626
1627 opt->type = type;
1628 opt->len = len;
1629
1630 switch (len) {
1631 case 1:
1632 *((u8 *) opt->val) = val;
1633 break;
1634
1635 case 2:
8e036fc3 1636 *((__le16 *) opt->val) = cpu_to_le16(val);
1da177e4
LT		 1637 break;
1638
1639 case 4:
8e036fc3 1640 *((__le32 *) opt->val) = cpu_to_le32(val);
1da177e4
LT		 1641 break;
1642
1643 default:
1644 memcpy(opt->val, (void *) val, len);
1645 break;
1646 }
1647
1648 *ptr += L2CAP_CONF_OPT_SIZE + len;
1649}
1650
1651static int l2cap_build_conf_req(struct sock *sk, void *data)
1652{
1653 struct l2cap_pinfo *pi = l2cap_pi(sk);
1654 struct l2cap_conf_req *req = data;
1655 void *ptr = req->data;
1656
1657 BT_DBG("sk %p", sk);
1658
1659 if (pi->imtu != L2CAP_DEFAULT_MTU)
1660 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1661
1662 /* FIXME: Need actual value of the flush timeout */
1663 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1664 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1665
aca3192c
YH		 1666 req->dcid = cpu_to_le16(pi->dcid);
1667 req->flags = cpu_to_le16(0);
1da177e4
LT		 1668
1669 return ptr - data;
1670}
1671
5dee9e7c 1672static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1673{
1674 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1675 struct l2cap_conf_rsp *rsp = data;
1676 void *ptr = rsp->data;
1677 void *req = pi->conf_req;
1678 int len = pi->conf_len;
1679 int type, hint, olen;
1680 unsigned long val;
6464f35f 1681 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1682 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1683 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1684
5dee9e7c 1685 BT_DBG("sk %p", sk);
820ae1b8 1686
5dee9e7c
MH		 1687 while (len >= L2CAP_CONF_OPT_SIZE) {
1688 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1689
5dee9e7c
MH		 1690 hint = type & 0x80;
1691 type &= 0x7f;
1692
1693 switch (type) {
1694 case L2CAP_CONF_MTU:
861d6882 1695 mtu = val;
5dee9e7c
MH		 1696 break;
1697
1698 case L2CAP_CONF_FLUSH_TO:
1699 pi->flush_to = val;
1700 break;
1701
1702 case L2CAP_CONF_QOS:
1703 break;
1704
6464f35f
MH		 1705 case L2CAP_CONF_RFC:
1706 if (olen == sizeof(rfc))
1707 memcpy(&rfc, (void *) val, olen);
1708 break;
1709
5dee9e7c
MH		 1710 default:
1711 if (hint)
1712 break;
1713
1714 result = L2CAP_CONF_UNKNOWN;
1715 *((u8 *) ptr++) = type;
1716 break;
1717 }
1718 }
1719
1720 if (result == L2CAP_CONF_SUCCESS) {
1721 /* Configure output options and let the other side know
1722 * which ones we don't like. */
1723
6464f35f
MH		 1724 if (rfc.mode == L2CAP_MODE_BASIC) {
1725 if (mtu < pi->omtu)
1726 result = L2CAP_CONF_UNACCEPT;
1727 else {
1728 pi->omtu = mtu;
1729 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1730 }
1731
1732 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1733 } else {
5dee9e7c 1734 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1735
6464f35f
MH		 1736 memset(&rfc, 0, sizeof(rfc));
1737 rfc.mode = L2CAP_MODE_BASIC;
1738
1739 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1740 sizeof(rfc), (unsigned long) &rfc);
1741 }
5dee9e7c
MH		 1742 }
1743
1744 rsp->scid = cpu_to_le16(pi->dcid);
1745 rsp->result = cpu_to_le16(result);
1746 rsp->flags = cpu_to_le16(0x0000);
1747
1748 return ptr - data;
1da177e4
LT		 1749}
1750
5dee9e7c 1751static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1752{
1753 struct l2cap_conf_rsp *rsp = data;
1754 void *ptr = rsp->data;
1da177e4 1755
5dee9e7c 1756 BT_DBG("sk %p", sk);
1da177e4 1757
aca3192c 1758 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1759 rsp->result = cpu_to_le16(result);
aca3192c 1760 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1761
1762 return ptr - data;
1763}
1764
4e8402a3
MH		 1765static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1766{
1767 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1768
1769 if (rej->reason != 0x0000)
1770 return 0;
1771
1772 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1773 cmd->ident == conn->info_ident) {
1774 conn->info_ident = 0;
1775 del_timer(&conn->info_timer);
1776 l2cap_conn_start(conn);
1777 }
1778
1779 return 0;
1780}
1781
1da177e4
LT		 1782static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1783{
1784 struct l2cap_chan_list *list = &conn->chan_list;
1785 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1786 struct l2cap_conn_rsp rsp;
1787 struct sock *sk, *parent;
e7c29cb1 1788 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1789
1790 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1791 __le16 psm = req->psm;
1da177e4
LT		 1792
1793 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1794
1795 /* Check if we have socket listening on psm */
1796 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1797 if (!parent) {
1798 result = L2CAP_CR_BAD_PSM;
1799 goto sendresp;
1800 }
1801
e7c29cb1
MH		 1802 /* Check if the ACL is secure enough (if not SDP) */
1803 if (psm != cpu_to_le16(0x0001) &&
1804 !hci_conn_check_link_mode(conn->hcon)) {
1805 result = L2CAP_CR_SEC_BLOCK;
1806 goto response;
1807 }
1808
1da177e4
LT		 1809 result = L2CAP_CR_NO_MEM;
1810
1811 /* Check for backlog size */
1812 if (sk_acceptq_is_full(parent)) {
8e87d142 1813 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1814 goto response;
1815 }
1816
3b1e0a65 1817 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 1818 if (!sk)
1819 goto response;
1820
fd1278d7 1821 write_lock_bh(&list->lock);
1da177e4
LT		 1822
1823 /* Check if we already have channel with that dcid */
1824 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 1825 write_unlock_bh(&list->lock);
1da177e4
LT		 1826 sock_set_flag(sk, SOCK_ZAPPED);
1827 l2cap_sock_kill(sk);
1828 goto response;
1829 }
1830
1831 hci_conn_hold(conn->hcon);
1832
1833 l2cap_sock_init(sk, parent);
1834 bacpy(&bt_sk(sk)->src, conn->src);
1835 bacpy(&bt_sk(sk)->dst, conn->dst);
1836 l2cap_pi(sk)->psm = psm;
1837 l2cap_pi(sk)->dcid = scid;
1838
1839 __l2cap_chan_add(conn, sk, parent);
1840 dcid = l2cap_pi(sk)->scid;
1841
1842 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1843
1da177e4
LT		 1844 l2cap_pi(sk)->ident = cmd->ident;
1845
79d554a6 1846 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 1847 if (l2cap_check_security(sk)) {
f66dc81f
MH		 1848 if (bt_sk(sk)->defer_setup) {
1849 sk->sk_state = BT_CONNECT2;
1850 result = L2CAP_CR_PEND;
1851 status = L2CAP_CS_AUTHOR_PEND;
1852 parent->sk_data_ready(parent, 0);
1853 } else {
1854 sk->sk_state = BT_CONFIG;
1855 result = L2CAP_CR_SUCCESS;
1856 status = L2CAP_CS_NO_INFO;
1857 }
79d554a6
MH		 1858 } else {
1859 sk->sk_state = BT_CONNECT2;
1860 result = L2CAP_CR_PEND;
1861 status = L2CAP_CS_AUTHEN_PEND;
1862 }
1863 } else {
1864 sk->sk_state = BT_CONNECT2;
1865 result = L2CAP_CR_PEND;
1866 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1867 }
1868
fd1278d7 1869 write_unlock_bh(&list->lock);
1da177e4
LT		 1870
1871response:
1872 bh_unlock_sock(parent);
1873
1874sendresp:
aca3192c
YH		 1875 rsp.scid = cpu_to_le16(scid);
1876 rsp.dcid = cpu_to_le16(dcid);
1877 rsp.result = cpu_to_le16(result);
1878 rsp.status = cpu_to_le16(status);
1da177e4 1879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 1880
1881 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1882 struct l2cap_info_req info;
1883 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1884
1885 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1886 conn->info_ident = l2cap_get_ident(conn);
1887
1888 mod_timer(&conn->info_timer, jiffies +
1889 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1890
1891 l2cap_send_cmd(conn, conn->info_ident,
1892 L2CAP_INFO_REQ, sizeof(info), &info);
1893 }
1894
1da177e4
LT		 1895 return 0;
1896}
1897
1898static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1899{
1900 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1901 u16 scid, dcid, result, status;
1902 struct sock *sk;
1903 u8 req[128];
1904
1905 scid = __le16_to_cpu(rsp->scid);
1906 dcid = __le16_to_cpu(rsp->dcid);
1907 result = __le16_to_cpu(rsp->result);
1908 status = __le16_to_cpu(rsp->status);
1909
1910 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1911
1912 if (scid) {
1913 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1914 return 0;
1915 } else {
1916 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1917 return 0;
1918 }
1919
1920 switch (result) {
1921 case L2CAP_CR_SUCCESS:
1922 sk->sk_state = BT_CONFIG;
1923 l2cap_pi(sk)->ident = 0;
1924 l2cap_pi(sk)->dcid = dcid;
1925 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1926
1927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1928 l2cap_build_conf_req(sk, req), req);
1929 break;
1930
1931 case L2CAP_CR_PEND:
1932 break;
1933
1934 default:
1935 l2cap_chan_del(sk, ECONNREFUSED);
1936 break;
1937 }
1938
1939 bh_unlock_sock(sk);
1940 return 0;
1941}
1942
88219a0f 1943static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 1944{
1945 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1946 u16 dcid, flags;
1947 u8 rsp[64];
1948 struct sock *sk;
5dee9e7c 1949 int len;
1da177e4
LT		 1950
1951 dcid = __le16_to_cpu(req->dcid);
1952 flags = __le16_to_cpu(req->flags);
1953
1954 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1955
1956 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1957 return -ENOENT;
1958
354f60a9
MH		 1959 if (sk->sk_state == BT_DISCONN)
1960 goto unlock;
1961
5dee9e7c 1962 /* Reject if config buffer is too small. */
88219a0f 1963 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 1964 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1965 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1966 l2cap_build_conf_rsp(sk, rsp,
1967 L2CAP_CONF_REJECT, flags), rsp);
1968 goto unlock;
1969 }
1970
1971 /* Store config. */
1972 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1973 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 1974
1975 if (flags & 0x0001) {
1976 /* Incomplete config. Send empty response. */
1977 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 1978 l2cap_build_conf_rsp(sk, rsp,
1979 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 1980 goto unlock;
1981 }
1982
1983 /* Complete config. */
5dee9e7c
MH		 1984 len = l2cap_parse_conf_req(sk, rsp);
1985 if (len < 0)
1da177e4
LT		 1986 goto unlock;
1987
5dee9e7c
MH		 1988 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1989
5dee9e7c
MH		 1990 /* Reset config buffer. */
1991 l2cap_pi(sk)->conf_len = 0;
1992
876d9484
MH		 1993 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1994 goto unlock;
1995
1da177e4
LT		 1996 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1997 sk->sk_state = BT_CONNECTED;
1998 l2cap_chan_ready(sk);
876d9484
MH		 1999 goto unlock;
2000 }
2001
2002 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2003 u8 buf[64];
1da177e4 2004 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 2005 l2cap_build_conf_req(sk, buf), buf);
1da177e4
LT		 2006 }
2007
2008unlock:
2009 bh_unlock_sock(sk);
2010 return 0;
2011}
2012
2013static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2014{
2015 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2016 u16 scid, flags, result;
2017 struct sock *sk;
2018
2019 scid = __le16_to_cpu(rsp->scid);
2020 flags = __le16_to_cpu(rsp->flags);
2021 result = __le16_to_cpu(rsp->result);
2022
2023 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2024
2025 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2026 return 0;
2027
2028 switch (result) {
2029 case L2CAP_CONF_SUCCESS:
2030 break;
2031
2032 case L2CAP_CONF_UNACCEPT:
2033 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2034 char req[128];
2035 /* It does not make sense to adjust L2CAP parameters
2036 * that are currently defined in the spec. We simply
2037 * resend config request that we sent earlier. It is
2038 * stupid, but it helps qualification testing which
2039 * expects at least some response from us. */
2040 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2041 l2cap_build_conf_req(sk, req), req);
2042 goto done;
2043 }
2044
8e87d142 2045 default:
1da177e4 2046 sk->sk_state = BT_DISCONN;
b1235d79 2047 sk->sk_err = ECONNRESET;
1da177e4
LT		 2048 l2cap_sock_set_timer(sk, HZ * 5);
2049 {
2050 struct l2cap_disconn_req req;
aca3192c
YH		 2051 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2052 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 2053 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2054 L2CAP_DISCONN_REQ, sizeof(req), &req);
2055 }
2056 goto done;
2057 }
2058
2059 if (flags & 0x01)
2060 goto done;
2061
1da177e4
LT		 2062 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2063
2064 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2065 sk->sk_state = BT_CONNECTED;
2066 l2cap_chan_ready(sk);
2067 }
2068
2069done:
2070 bh_unlock_sock(sk);
2071 return 0;
2072}
2073
2074static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2075{
2076 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2077 struct l2cap_disconn_rsp rsp;
2078 u16 dcid, scid;
2079 struct sock *sk;
2080
2081 scid = __le16_to_cpu(req->scid);
2082 dcid = __le16_to_cpu(req->dcid);
2083
2084 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2085
2086 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2087 return 0;
2088
aca3192c
YH		 2089 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2090 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2091 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2092
2093 sk->sk_shutdown = SHUTDOWN_MASK;
2094
2095 l2cap_chan_del(sk, ECONNRESET);
2096 bh_unlock_sock(sk);
2097
2098 l2cap_sock_kill(sk);
2099 return 0;
2100}
2101
2102static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2103{
2104 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2105 u16 dcid, scid;
2106 struct sock *sk;
2107
2108 scid = __le16_to_cpu(rsp->scid);
2109 dcid = __le16_to_cpu(rsp->dcid);
2110
2111 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2112
2113 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2114 return 0;
2115
2116 l2cap_chan_del(sk, 0);
2117 bh_unlock_sock(sk);
2118
2119 l2cap_sock_kill(sk);
2120 return 0;
2121}
2122
2123static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2124{
2125 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2126 u16 type;
2127
2128 type = __le16_to_cpu(req->type);
2129
2130 BT_DBG("type 0x%4.4x", type);
2131
f0709e03
MH		 2132 if (type == L2CAP_IT_FEAT_MASK) {
2133 u8 buf[8];
2134 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2135 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2136 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2137 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2138 l2cap_send_cmd(conn, cmd->ident,
2139 L2CAP_INFO_RSP, sizeof(buf), buf);
2140 } else {
2141 struct l2cap_info_rsp rsp;
2142 rsp.type = cpu_to_le16(type);
2143 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2144 l2cap_send_cmd(conn, cmd->ident,
2145 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2146 }
1da177e4
LT		 2147
2148 return 0;
2149}
2150
2151static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2152{
2153 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2154 u16 type, result;
2155
2156 type = __le16_to_cpu(rsp->type);
2157 result = __le16_to_cpu(rsp->result);
2158
2159 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2160
4e8402a3
MH		 2161 conn->info_ident = 0;
2162
2163 del_timer(&conn->info_timer);
2164
2165 if (type == L2CAP_IT_FEAT_MASK)
83985319 2166 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3
MH		 2167
2168 l2cap_conn_start(conn);
2169
1da177e4
LT		 2170 return 0;
2171}
2172
2173static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2174{
2175 u8 *data = skb->data;
2176 int len = skb->len;
2177 struct l2cap_cmd_hdr cmd;
2178 int err = 0;
2179
2180 l2cap_raw_recv(conn, skb);
2181
2182 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2183 u16 cmd_len;
1da177e4
LT		 2184 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2185 data += L2CAP_CMD_HDR_SIZE;
2186 len -= L2CAP_CMD_HDR_SIZE;
2187
88219a0f 2188 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2189
88219a0f 2190 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2191
88219a0f 2192 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2193 BT_DBG("corrupted command");
2194 break;
2195 }
2196
2197 switch (cmd.code) {
2198 case L2CAP_COMMAND_REJ:
4e8402a3 2199 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2200 break;
2201
2202 case L2CAP_CONN_REQ:
2203 err = l2cap_connect_req(conn, &cmd, data);
2204 break;
2205
2206 case L2CAP_CONN_RSP:
2207 err = l2cap_connect_rsp(conn, &cmd, data);
2208 break;
2209
2210 case L2CAP_CONF_REQ:
88219a0f 2211 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2212 break;
2213
2214 case L2CAP_CONF_RSP:
2215 err = l2cap_config_rsp(conn, &cmd, data);
2216 break;
2217
2218 case L2CAP_DISCONN_REQ:
2219 err = l2cap_disconnect_req(conn, &cmd, data);
2220 break;
2221
2222 case L2CAP_DISCONN_RSP:
2223 err = l2cap_disconnect_rsp(conn, &cmd, data);
2224 break;
2225
2226 case L2CAP_ECHO_REQ:
88219a0f 2227 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2228 break;
2229
2230 case L2CAP_ECHO_RSP:
2231 break;
2232
2233 case L2CAP_INFO_REQ:
2234 err = l2cap_information_req(conn, &cmd, data);
2235 break;
2236
2237 case L2CAP_INFO_RSP:
2238 err = l2cap_information_rsp(conn, &cmd, data);
2239 break;
2240
2241 default:
2242 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2243 err = -EINVAL;
2244 break;
2245 }
2246
2247 if (err) {
2248 struct l2cap_cmd_rej rej;
2249 BT_DBG("error %d", err);
2250
2251 /* FIXME: Map err to a valid reason */
aca3192c 2252 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2253 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2254 }
2255
88219a0f
AV		 2256 data += cmd_len;
2257 len -= cmd_len;
1da177e4
LT		 2258 }
2259
2260 kfree_skb(skb);
2261}
2262
2263static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2264{
2265 struct sock *sk;
2266
2267 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2268 if (!sk) {
2269 BT_DBG("unknown cid 0x%4.4x", cid);
2270 goto drop;
2271 }
2272
2273 BT_DBG("sk %p, len %d", sk, skb->len);
2274
2275 if (sk->sk_state != BT_CONNECTED)
2276 goto drop;
2277
2278 if (l2cap_pi(sk)->imtu < skb->len)
2279 goto drop;
2280
2281 /* If socket recv buffers overflows we drop data here
2282 * which is *bad* because L2CAP has to be reliable.
2283 * But we don't have any other choice. L2CAP doesn't
2284 * provide flow control mechanism. */
2285
2286 if (!sock_queue_rcv_skb(sk, skb))
2287 goto done;
2288
2289drop:
2290 kfree_skb(skb);
2291
2292done:
0139418c
MH		 2293 if (sk)
2294 bh_unlock_sock(sk);
2295
1da177e4
LT		 2296 return 0;
2297}
2298
8e036fc3 2299static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 2300{
2301 struct sock *sk;
2302
2303 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2304 if (!sk)
2305 goto drop;
2306
2307 BT_DBG("sk %p, len %d", sk, skb->len);
2308
2309 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2310 goto drop;
2311
2312 if (l2cap_pi(sk)->imtu < skb->len)
2313 goto drop;
2314
2315 if (!sock_queue_rcv_skb(sk, skb))
2316 goto done;
2317
2318drop:
2319 kfree_skb(skb);
2320
2321done:
2322 if (sk) bh_unlock_sock(sk);
2323 return 0;
2324}
2325
2326static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2327{
2328 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 2329 u16 cid, len;
2330 __le16 psm;
1da177e4
LT		 2331
2332 skb_pull(skb, L2CAP_HDR_SIZE);
2333 cid = __le16_to_cpu(lh->cid);
2334 len = __le16_to_cpu(lh->len);
2335
2336 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2337
2338 switch (cid) {
2339 case 0x0001:
2340 l2cap_sig_channel(conn, skb);
2341 break;
2342
2343 case 0x0002:
8e036fc3 2344 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 2345 skb_pull(skb, 2);
2346 l2cap_conless_channel(conn, psm, skb);
2347 break;
2348
2349 default:
2350 l2cap_data_channel(conn, cid, skb);
2351 break;
2352 }
2353}
2354
2355/* ---- L2CAP interface with lower layer (HCI) ---- */
2356
2357static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2358{
2359 int exact = 0, lm1 = 0, lm2 = 0;
2360 register struct sock *sk;
2361 struct hlist_node *node;
2362
2363 if (type != ACL_LINK)
2364 return 0;
2365
2366 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2367
2368 /* Find listening sockets and check their link_mode */
2369 read_lock(&l2cap_sk_list.lock);
2370 sk_for_each(sk, node, &l2cap_sk_list.head) {
2371 if (sk->sk_state != BT_LISTEN)
2372 continue;
2373
2374 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 2375 lm1 |= HCI_LM_ACCEPT;
2376 if (l2cap_pi(sk)->role_switch)
2377 lm1 |= HCI_LM_MASTER;
1da177e4 2378 exact++;
2af6b9d5
MH		 2379 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2380 lm2 |= HCI_LM_ACCEPT;
2381 if (l2cap_pi(sk)->role_switch)
2382 lm2 |= HCI_LM_MASTER;
2383 }
1da177e4
LT		 2384 }
2385 read_unlock(&l2cap_sk_list.lock);
2386
2387 return exact ? lm1 : lm2;
2388}
2389
2390static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2391{
0139418c
MH		 2392 struct l2cap_conn *conn;
2393
1da177e4
LT		 2394 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2395
2396 if (hcon->type != ACL_LINK)
2397 return 0;
2398
2399 if (!status) {
1da177e4
LT		 2400 conn = l2cap_conn_add(hcon, status);
2401 if (conn)
2402 l2cap_conn_ready(conn);
0139418c 2403 } else
1da177e4
LT		 2404 l2cap_conn_del(hcon, bt_err(status));
2405
2406 return 0;
2407}
2408
2409static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2410{
2411 BT_DBG("hcon %p reason %d", hcon, reason);
2412
2413 if (hcon->type != ACL_LINK)
2414 return 0;
2415
2416 l2cap_conn_del(hcon, bt_err(reason));
0139418c 2417
1da177e4
LT		 2418 return 0;
2419}
2420
f62e4323
MH		 2421static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2422{
2423 if (encrypt == 0x00) {
2424 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2425 l2cap_sock_clear_timer(sk);
2426 l2cap_sock_set_timer(sk, HZ * 5);
2427 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2428 __l2cap_sock_close(sk, ECONNREFUSED);
2429 } else {
2430 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2431 l2cap_sock_clear_timer(sk);
2432 }
2433}
2434
8c1b2355 2435static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 2436{
2437 struct l2cap_chan_list *l;
0139418c 2438 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2439 struct sock *sk;
1da177e4 2440
0139418c 2441 if (!conn)
1da177e4 2442 return 0;
0139418c 2443
1da177e4
LT		 2444 l = &conn->chan_list;
2445
2446 BT_DBG("conn %p", conn);
2447
2448 read_lock(&l->lock);
2449
2450 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2451 bh_lock_sock(sk);
2452
f62e4323 2453 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 2454 sk->sk_state == BT_CONFIG)) {
f62e4323 2455 l2cap_check_encryption(sk, encrypt);
9719f8af
MH		 2456 bh_unlock_sock(sk);
2457 continue;
2458 }
2459
b1235d79
MH		 2460 if (sk->sk_state == BT_CONNECT) {
2461 if (!status) {
2462 struct l2cap_conn_req req;
2463 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2464 req.psm = l2cap_pi(sk)->psm;
1da177e4 2465
b1235d79 2466 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1da177e4 2467
b1235d79
MH		 2468 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2469 L2CAP_CONN_REQ, sizeof(req), &req);
2470 } else {
2471 l2cap_sock_clear_timer(sk);
2472 l2cap_sock_set_timer(sk, HZ / 10);
2473 }
2474 } else if (sk->sk_state == BT_CONNECT2) {
2475 struct l2cap_conn_rsp rsp;
2476 __u16 result;
1da177e4 2477
b1235d79
MH		 2478 if (!status) {
2479 sk->sk_state = BT_CONFIG;
2480 result = L2CAP_CR_SUCCESS;
2481 } else {
2482 sk->sk_state = BT_DISCONN;
2483 l2cap_sock_set_timer(sk, HZ / 10);
2484 result = L2CAP_CR_SEC_BLOCK;
2485 }
2486
2487 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2488 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2489 rsp.result = cpu_to_le16(result);
e7c29cb1 2490 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2491 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2492 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2493 }
1da177e4
LT		 2494
2495 bh_unlock_sock(sk);
2496 }
2497
2498 read_unlock(&l->lock);
b1235d79 2499
1da177e4
LT		 2500 return 0;
2501}
2502
2503static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2504{
2505 struct l2cap_conn *conn = hcon->l2cap_data;
2506
2507 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2508 goto drop;
2509
2510 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2511
2512 if (flags & ACL_START) {
2513 struct l2cap_hdr *hdr;
2514 int len;
2515
2516 if (conn->rx_len) {
2517 BT_ERR("Unexpected start frame (len %d)", skb->len);
2518 kfree_skb(conn->rx_skb);
2519 conn->rx_skb = NULL;
2520 conn->rx_len = 0;
2521 l2cap_conn_unreliable(conn, ECOMM);
2522 }
2523
2524 if (skb->len < 2) {
2525 BT_ERR("Frame is too short (len %d)", skb->len);
2526 l2cap_conn_unreliable(conn, ECOMM);
2527 goto drop;
2528 }
2529
2530 hdr = (struct l2cap_hdr *) skb->data;
2531 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2532
2533 if (len == skb->len) {
2534 /* Complete frame received */
2535 l2cap_recv_frame(conn, skb);
2536 return 0;
2537 }
2538
2539 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2540
2541 if (skb->len > len) {
2542 BT_ERR("Frame is too long (len %d, expected len %d)",
2543 skb->len, len);
2544 l2cap_conn_unreliable(conn, ECOMM);
2545 goto drop;
2546 }
2547
2548 /* Allocate skb for the complete frame (with header) */
2549 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2550 goto drop;
2551
d626f62b
ACM		 2552 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2553 skb->len);
1da177e4
LT		 2554 conn->rx_len = len - skb->len;
2555 } else {
2556 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2557
2558 if (!conn->rx_len) {
2559 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2560 l2cap_conn_unreliable(conn, ECOMM);
2561 goto drop;
2562 }
2563
2564 if (skb->len > conn->rx_len) {
2565 BT_ERR("Fragment is too long (len %d, expected %d)",
2566 skb->len, conn->rx_len);
2567 kfree_skb(conn->rx_skb);
2568 conn->rx_skb = NULL;
2569 conn->rx_len = 0;
2570 l2cap_conn_unreliable(conn, ECOMM);
2571 goto drop;
2572 }
2573
d626f62b
ACM		 2574 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2575 skb->len);
1da177e4
LT		 2576 conn->rx_len -= skb->len;
2577
2578 if (!conn->rx_len) {
2579 /* Complete frame received */
2580 l2cap_recv_frame(conn, conn->rx_skb);
2581 conn->rx_skb = NULL;
2582 }
2583 }
2584
2585drop:
2586 kfree_skb(skb);
2587 return 0;
2588}
2589
be9d1227 2590static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2591{
2592 struct sock *sk;
2593 struct hlist_node *node;
be9d1227 2594 char *str = buf;
1da177e4
LT		 2595
2596 read_lock_bh(&l2cap_sk_list.lock);
2597
be9d1227
MH		 2598 sk_for_each(sk, node, &l2cap_sk_list.head) {
2599 struct l2cap_pinfo *pi = l2cap_pi(sk);
1da177e4 2600
2af6b9d5 2601 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
be9d1227 2602 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
73863976 2603 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2af6b9d5 2604 pi->imtu, pi->omtu, pi->sec_level);
be9d1227 2605 }
1da177e4 2606
1da177e4 2607 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 2608
be9d1227 2609 return (str - buf);
1da177e4
LT		 2610}
2611
be9d1227 2612static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
1da177e4 2613
90ddc4f0 2614static const struct proto_ops l2cap_sock_ops = {
1da177e4
LT		 2615 .family = PF_BLUETOOTH,
2616 .owner = THIS_MODULE,
2617 .release = l2cap_sock_release,
2618 .bind = l2cap_sock_bind,
2619 .connect = l2cap_sock_connect,
2620 .listen = l2cap_sock_listen,
2621 .accept = l2cap_sock_accept,
2622 .getname = l2cap_sock_getname,
2623 .sendmsg = l2cap_sock_sendmsg,
f66dc81f 2624 .recvmsg = l2cap_sock_recvmsg,
1da177e4 2625 .poll = bt_sock_poll,
3241ad82 2626 .ioctl = bt_sock_ioctl,
1da177e4
LT		 2627 .mmap = sock_no_mmap,
2628 .socketpair = sock_no_socketpair,
1da177e4
LT		 2629 .shutdown = l2cap_sock_shutdown,
2630 .setsockopt = l2cap_sock_setsockopt,
2631 .getsockopt = l2cap_sock_getsockopt
2632};
2633
2634static struct net_proto_family l2cap_sock_family_ops = {
2635 .family = PF_BLUETOOTH,
2636 .owner = THIS_MODULE,
2637 .create = l2cap_sock_create,
2638};
2639
2640static struct hci_proto l2cap_hci_proto = {
2641 .name = "L2CAP",
2642 .id = HCI_PROTO_L2CAP,
2643 .connect_ind = l2cap_connect_ind,
2644 .connect_cfm = l2cap_connect_cfm,
2645 .disconn_ind = l2cap_disconn_ind,
8c1b2355 2646 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 2647 .recv_acldata = l2cap_recv_acldata
2648};
2649
2650static int __init l2cap_init(void)
2651{
2652 int err;
be9d1227 2653
1da177e4
LT		 2654 err = proto_register(&l2cap_proto, 0);
2655 if (err < 0)
2656 return err;
2657
2658 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2659 if (err < 0) {
2660 BT_ERR("L2CAP socket registration failed");
2661 goto error;
2662 }
2663
2664 err = hci_register_proto(&l2cap_hci_proto);
2665 if (err < 0) {
2666 BT_ERR("L2CAP protocol registration failed");
2667 bt_sock_unregister(BTPROTO_L2CAP);
2668 goto error;
2669 }
2670
df5c37ea
MH		 2671 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2672 BT_ERR("Failed to create L2CAP info file");
1da177e4
LT		 2673
2674 BT_INFO("L2CAP ver %s", VERSION);
2675 BT_INFO("L2CAP socket layer initialized");
2676
2677 return 0;
2678
2679error:
2680 proto_unregister(&l2cap_proto);
2681 return err;
2682}
2683
2684static void __exit l2cap_exit(void)
2685{
a91f2e39 2686 class_remove_file(bt_class, &class_attr_l2cap);
1da177e4
LT		 2687
2688 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2689 BT_ERR("L2CAP socket unregistration failed");
2690
2691 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2692 BT_ERR("L2CAP protocol unregistration failed");
2693
2694 proto_unregister(&l2cap_proto);
2695}
2696
2697void l2cap_load(void)
2698{
2699 /* Dummy function to trigger automatic L2CAP module loading by
2700 * other modules that use L2CAP sockets but don't use any other
2701 * symbols from it. */
2702 return;
2703}
2704EXPORT_SYMBOL(l2cap_load);
2705
2706module_init(l2cap_init);
2707module_exit(l2cap_exit);
2708
63fbd24e 2709MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2710MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2711MODULE_VERSION(VERSION);
2712MODULE_LICENSE("GPL");
2713MODULE_ALIAS("bt-proto-0");
kernel source for telekom puls (alcatel/mediatek)