projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Set authentication requirements if not available
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
1da177e4 41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
1da177e4
LT		 43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
5f9018af 53#define VERSION "2.12"
f0709e03
MH		 54
55static u32 l2cap_feat_mask = 0x0000;
1da177e4 56
90ddc4f0 57static const struct proto_ops l2cap_sock_ops;
1da177e4
LT		 58
59static struct bt_sock_list l2cap_sk_list = {
d5fb2962 60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 61};
62
1da177e4
LT		 63static void __l2cap_sock_close(struct sock *sk, int reason);
64static void l2cap_sock_close(struct sock *sk);
65static void l2cap_sock_kill(struct sock *sk);
66
67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
69
70/* ---- L2CAP timers ---- */
71static void l2cap_sock_timeout(unsigned long arg)
72{
73 struct sock *sk = (struct sock *) arg;
b1235d79 74 int reason;
1da177e4
LT		 75
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77
78 bh_lock_sock(sk);
b1235d79 79
f62e4323
MH		 80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
81 reason = ECONNREFUSED;
82 else if (sk->sk_state == BT_CONNECT &&
2af6b9d5 83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
b1235d79
MH		 84 reason = ECONNREFUSED;
85 else
86 reason = ETIMEDOUT;
87
88 __l2cap_sock_close(sk, reason);
89
1da177e4
LT		 90 bh_unlock_sock(sk);
91
92 l2cap_sock_kill(sk);
93 sock_put(sk);
94}
95
96static void l2cap_sock_set_timer(struct sock *sk, long timeout)
97{
98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
100}
101
102static void l2cap_sock_clear_timer(struct sock *sk)
103{
104 BT_DBG("sock %p state %d", sk, sk->sk_state);
105 sk_stop_timer(sk, &sk->sk_timer);
106}
107
0139418c
MH		 108/* ---- L2CAP channels ---- */
109static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
110{
111 struct sock *s;
112 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
113 if (l2cap_pi(s)->dcid == cid)
114 break;
115 }
116 return s;
117}
118
119static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
120{
121 struct sock *s;
122 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
123 if (l2cap_pi(s)->scid == cid)
124 break;
125 }
126 return s;
127}
128
129/* Find channel with given SCID.
130 * Returns locked socket */
131static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
132{
133 struct sock *s;
134 read_lock(&l->lock);
135 s = __l2cap_get_chan_by_scid(l, cid);
136 if (s) bh_lock_sock(s);
137 read_unlock(&l->lock);
138 return s;
139}
140
141static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
142{
143 struct sock *s;
144 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
145 if (l2cap_pi(s)->ident == ident)
146 break;
147 }
148 return s;
149}
150
151static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152{
153 struct sock *s;
154 read_lock(&l->lock);
155 s = __l2cap_get_chan_by_ident(l, ident);
156 if (s) bh_lock_sock(s);
157 read_unlock(&l->lock);
158 return s;
159}
160
161static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
162{
163 u16 cid = 0x0040;
164
165 for (; cid < 0xffff; cid++) {
166 if(!__l2cap_get_chan_by_scid(l, cid))
167 return cid;
168 }
169
170 return 0;
171}
172
173static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
174{
175 sock_hold(sk);
176
177 if (l->head)
178 l2cap_pi(l->head)->prev_c = sk;
179
180 l2cap_pi(sk)->next_c = l->head;
181 l2cap_pi(sk)->prev_c = NULL;
182 l->head = sk;
183}
184
185static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
186{
187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
188
fd1278d7 189 write_lock_bh(&l->lock);
0139418c
MH		 190 if (sk == l->head)
191 l->head = next;
192
193 if (next)
194 l2cap_pi(next)->prev_c = prev;
195 if (prev)
196 l2cap_pi(prev)->next_c = next;
fd1278d7 197 write_unlock_bh(&l->lock);
0139418c
MH		 198
199 __sock_put(sk);
200}
201
202static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
203{
204 struct l2cap_chan_list *l = &conn->chan_list;
205
206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
207
208 l2cap_pi(sk)->conn = conn;
209
210 if (sk->sk_type == SOCK_SEQPACKET) {
211 /* Alloc CID for connection-oriented socket */
212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
213 } else if (sk->sk_type == SOCK_DGRAM) {
214 /* Connectionless socket */
215 l2cap_pi(sk)->scid = 0x0002;
216 l2cap_pi(sk)->dcid = 0x0002;
217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
218 } else {
219 /* Raw socket can send/recv signalling messages only */
220 l2cap_pi(sk)->scid = 0x0001;
221 l2cap_pi(sk)->dcid = 0x0001;
222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
223 }
224
225 __l2cap_chan_link(l, sk);
226
227 if (parent)
228 bt_accept_enqueue(parent, sk);
229}
230
8e87d142 231/* Delete channel.
0139418c
MH		 232 * Must be called on the locked socket. */
233static void l2cap_chan_del(struct sock *sk, int err)
234{
235 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
236 struct sock *parent = bt_sk(sk)->parent;
237
238 l2cap_sock_clear_timer(sk);
239
240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
241
8e87d142 242 if (conn) {
0139418c
MH		 243 /* Unlink from channel list */
244 l2cap_chan_unlink(&conn->chan_list, sk);
245 l2cap_pi(sk)->conn = NULL;
246 hci_conn_put(conn->hcon);
247 }
248
b1235d79 249 sk->sk_state = BT_CLOSED;
0139418c
MH		 250 sock_set_flag(sk, SOCK_ZAPPED);
251
252 if (err)
253 sk->sk_err = err;
254
255 if (parent) {
256 bt_accept_unlink(sk);
257 parent->sk_data_ready(parent, 0);
258 } else
259 sk->sk_state_change(sk);
260}
261
79d554a6 262/* Service level security */
2af6b9d5 263static inline int l2cap_check_security(struct sock *sk)
79d554a6
MH		 264{
265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
0684e5f9
MH		 266 __u8 auth_type;
267
268 switch (l2cap_pi(sk)->sec_level) {
269 case BT_SECURITY_HIGH:
270 auth_type = HCI_AT_GENERAL_BONDING_MITM;
271 break;
272 case BT_SECURITY_MEDIUM:
273 auth_type = HCI_AT_GENERAL_BONDING;
274 break;
275 default:
276 auth_type = HCI_AT_NO_BONDING;
277 break;
278 }
79d554a6 279
0684e5f9
MH		 280 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
281 auth_type);
79d554a6
MH		 282}
283
4e8402a3
MH		 284static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
285{
286 u8 id;
287
288 /* Get next available identificator.
289 * 1 - 128 are used by kernel.
290 * 129 - 199 are reserved.
291 * 200 - 254 are used by utilities like l2ping, etc.
292 */
293
294 spin_lock_bh(&conn->lock);
295
296 if (++conn->tx_ident > 128)
297 conn->tx_ident = 1;
298
299 id = conn->tx_ident;
300
301 spin_unlock_bh(&conn->lock);
302
303 return id;
304}
305
306static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
307{
308 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
309
310 BT_DBG("code 0x%2.2x", code);
311
312 if (!skb)
313 return -ENOMEM;
314
315 return hci_send_acl(conn->hcon, skb, 0);
316}
317
79d554a6
MH		 318static void l2cap_do_start(struct sock *sk)
319{
320 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
321
322 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 323 if (l2cap_check_security(sk)) {
b1235d79
MH		 324 struct l2cap_conn_req req;
325 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
326 req.psm = l2cap_pi(sk)->psm;
79d554a6 327
b1235d79 328 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 329
b1235d79 330 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 331 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 332 }
79d554a6
MH		 333 } else {
334 struct l2cap_info_req req;
335 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
336
337 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
338 conn->info_ident = l2cap_get_ident(conn);
339
340 mod_timer(&conn->info_timer, jiffies +
341 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
342
343 l2cap_send_cmd(conn, conn->info_ident,
344 L2CAP_INFO_REQ, sizeof(req), &req);
345 }
346}
347
1da177e4 348/* ---- L2CAP connections ---- */
4e8402a3
MH		 349static void l2cap_conn_start(struct l2cap_conn *conn)
350{
351 struct l2cap_chan_list *l = &conn->chan_list;
352 struct sock *sk;
353
354 BT_DBG("conn %p", conn);
355
356 read_lock(&l->lock);
357
358 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
359 bh_lock_sock(sk);
360
361 if (sk->sk_type != SOCK_SEQPACKET) {
79d554a6
MH		 362 bh_unlock_sock(sk);
363 continue;
364 }
365
366 if (sk->sk_state == BT_CONNECT) {
2af6b9d5 367 if (l2cap_check_security(sk)) {
b1235d79
MH		 368 struct l2cap_conn_req req;
369 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
370 req.psm = l2cap_pi(sk)->psm;
79d554a6 371
b1235d79 372 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 373
b1235d79 374 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4e8402a3 375 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 376 }
79d554a6
MH		 377 } else if (sk->sk_state == BT_CONNECT2) {
378 struct l2cap_conn_rsp rsp;
379 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
380 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
381
2af6b9d5 382 if (l2cap_check_security(sk)) {
f66dc81f
MH		 383 if (bt_sk(sk)->defer_setup) {
384 struct sock *parent = bt_sk(sk)->parent;
385 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
386 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
387 parent->sk_data_ready(parent, 0);
388
389 } else {
390 sk->sk_state = BT_CONFIG;
391 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
392 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
393 }
79d554a6
MH		 394 } else {
395 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
396 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
397 }
398
399 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
400 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4e8402a3
MH		 401 }
402
403 bh_unlock_sock(sk);
404 }
405
406 read_unlock(&l->lock);
407}
408
409static void l2cap_conn_ready(struct l2cap_conn *conn)
410{
79d554a6
MH		 411 struct l2cap_chan_list *l = &conn->chan_list;
412 struct sock *sk;
4e8402a3 413
79d554a6 414 BT_DBG("conn %p", conn);
4e8402a3 415
79d554a6 416 read_lock(&l->lock);
4e8402a3 417
79d554a6
MH		 418 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
419 bh_lock_sock(sk);
4e8402a3 420
79d554a6
MH		 421 if (sk->sk_type != SOCK_SEQPACKET) {
422 l2cap_sock_clear_timer(sk);
423 sk->sk_state = BT_CONNECTED;
424 sk->sk_state_change(sk);
425 } else if (sk->sk_state == BT_CONNECT)
426 l2cap_do_start(sk);
4e8402a3 427
79d554a6 428 bh_unlock_sock(sk);
4e8402a3 429 }
79d554a6
MH		 430
431 read_unlock(&l->lock);
4e8402a3
MH		 432}
433
434/* Notify sockets that we cannot guaranty reliability anymore */
435static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
436{
437 struct l2cap_chan_list *l = &conn->chan_list;
438 struct sock *sk;
439
440 BT_DBG("conn %p", conn);
441
442 read_lock(&l->lock);
443
444 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 445 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 446 sk->sk_err = err;
447 }
448
449 read_unlock(&l->lock);
450}
451
452static void l2cap_info_timeout(unsigned long arg)
453{
454 struct l2cap_conn *conn = (void *) arg;
455
456 conn->info_ident = 0;
457
458 l2cap_conn_start(conn);
459}
460
1da177e4
LT		 461static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
462{
0139418c 463 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 464
0139418c 465 if (conn || status)
1da177e4
LT		 466 return conn;
467
0139418c
MH		 468 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
469 if (!conn)
1da177e4 470 return NULL;
1da177e4
LT		 471
472 hcon->l2cap_data = conn;
473 conn->hcon = hcon;
474
0139418c
MH		 475 BT_DBG("hcon %p conn %p", hcon, conn);
476
1da177e4
LT		 477 conn->mtu = hcon->hdev->acl_mtu;
478 conn->src = &hcon->hdev->bdaddr;
479 conn->dst = &hcon->dst;
480
4e8402a3
MH		 481 conn->feat_mask = 0;
482
b1235d79
MH		 483 setup_timer(&conn->info_timer, l2cap_info_timeout,
484 (unsigned long) conn);
4e8402a3 485
1da177e4
LT		 486 spin_lock_init(&conn->lock);
487 rwlock_init(&conn->chan_list.lock);
488
1da177e4
LT		 489 return conn;
490}
491
0139418c 492static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 493{
0139418c 494 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 495 struct sock *sk;
496
0139418c
MH		 497 if (!conn)
498 return;
1da177e4
LT		 499
500 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
501
502 if (conn->rx_skb)
503 kfree_skb(conn->rx_skb);
504
505 /* Kill channels */
506 while ((sk = conn->chan_list.head)) {
507 bh_lock_sock(sk);
508 l2cap_chan_del(sk, err);
509 bh_unlock_sock(sk);
510 l2cap_sock_kill(sk);
511 }
512
8e8440f5
DY		 513 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
514 del_timer_sync(&conn->info_timer);
3ab22731 515
1da177e4
LT		 516 hcon->l2cap_data = NULL;
517 kfree(conn);
1da177e4
LT		 518}
519
520static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
521{
522 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 523 write_lock_bh(&l->lock);
1da177e4 524 __l2cap_chan_add(conn, sk, parent);
fd1278d7 525 write_unlock_bh(&l->lock);
1da177e4
LT		 526}
527
1da177e4 528/* ---- Socket interface ---- */
8e036fc3 529static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
1da177e4
LT		 530{
531 struct sock *sk;
532 struct hlist_node *node;
533 sk_for_each(sk, node, &l2cap_sk_list.head)
534 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
535 goto found;
536 sk = NULL;
537found:
538 return sk;
539}
540
541/* Find socket with psm and source bdaddr.
542 * Returns closest match.
543 */
8e036fc3 544static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 545{
546 struct sock *sk = NULL, *sk1 = NULL;
547 struct hlist_node *node;
548
549 sk_for_each(sk, node, &l2cap_sk_list.head) {
550 if (state && sk->sk_state != state)
551 continue;
552
553 if (l2cap_pi(sk)->psm == psm) {
554 /* Exact match. */
555 if (!bacmp(&bt_sk(sk)->src, src))
556 break;
557
558 /* Closest match */
559 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
560 sk1 = sk;
561 }
562 }
563 return node ? sk : sk1;
564}
565
566/* Find socket with given address (psm, src).
567 * Returns locked socket */
8e036fc3 568static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 569{
570 struct sock *s;
571 read_lock(&l2cap_sk_list.lock);
572 s = __l2cap_get_sock_by_psm(state, psm, src);
573 if (s) bh_lock_sock(s);
574 read_unlock(&l2cap_sk_list.lock);
575 return s;
576}
577
578static void l2cap_sock_destruct(struct sock *sk)
579{
580 BT_DBG("sk %p", sk);
581
582 skb_queue_purge(&sk->sk_receive_queue);
583 skb_queue_purge(&sk->sk_write_queue);
584}
585
586static void l2cap_sock_cleanup_listen(struct sock *parent)
587{
588 struct sock *sk;
589
590 BT_DBG("parent %p", parent);
591
592 /* Close not yet accepted channels */
593 while ((sk = bt_accept_dequeue(parent, NULL)))
594 l2cap_sock_close(sk);
595
b1235d79 596 parent->sk_state = BT_CLOSED;
1da177e4
LT		 597 sock_set_flag(parent, SOCK_ZAPPED);
598}
599
600/* Kill socket (only if zapped and orphan)
601 * Must be called on unlocked socket.
602 */
603static void l2cap_sock_kill(struct sock *sk)
604{
605 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
606 return;
607
608 BT_DBG("sk %p state %d", sk, sk->sk_state);
609
610 /* Kill poor orphan */
611 bt_sock_unlink(&l2cap_sk_list, sk);
612 sock_set_flag(sk, SOCK_DEAD);
613 sock_put(sk);
614}
615
616static void __l2cap_sock_close(struct sock *sk, int reason)
617{
618 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
619
620 switch (sk->sk_state) {
621 case BT_LISTEN:
622 l2cap_sock_cleanup_listen(sk);
623 break;
624
625 case BT_CONNECTED:
626 case BT_CONFIG:
1da177e4
LT		 627 if (sk->sk_type == SOCK_SEQPACKET) {
628 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
629 struct l2cap_disconn_req req;
630
631 sk->sk_state = BT_DISCONN;
632 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
633
aca3192c
YH		 634 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
635 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 636 l2cap_send_cmd(conn, l2cap_get_ident(conn),
637 L2CAP_DISCONN_REQ, sizeof(req), &req);
b1235d79 638 } else
1da177e4 639 l2cap_chan_del(sk, reason);
1da177e4
LT		 640 break;
641
f66dc81f
MH		 642 case BT_CONNECT2:
643 if (sk->sk_type == SOCK_SEQPACKET) {
644 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
645 struct l2cap_conn_rsp rsp;
646 __u16 result;
647
648 if (bt_sk(sk)->defer_setup)
649 result = L2CAP_CR_SEC_BLOCK;
650 else
651 result = L2CAP_CR_BAD_PSM;
652
653 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
654 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
655 rsp.result = cpu_to_le16(result);
656 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
657 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
658 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
659 } else
660 l2cap_chan_del(sk, reason);
661 break;
662
1da177e4
LT		 663 case BT_CONNECT:
664 case BT_DISCONN:
665 l2cap_chan_del(sk, reason);
666 break;
667
668 default:
669 sock_set_flag(sk, SOCK_ZAPPED);
670 break;
671 }
672}
673
674/* Must be called on unlocked socket. */
675static void l2cap_sock_close(struct sock *sk)
676{
677 l2cap_sock_clear_timer(sk);
678 lock_sock(sk);
679 __l2cap_sock_close(sk, ECONNRESET);
680 release_sock(sk);
681 l2cap_sock_kill(sk);
682}
683
684static void l2cap_sock_init(struct sock *sk, struct sock *parent)
685{
686 struct l2cap_pinfo *pi = l2cap_pi(sk);
687
688 BT_DBG("sk %p", sk);
689
690 if (parent) {
691 sk->sk_type = parent->sk_type;
f66dc81f
MH		 692 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
693
1da177e4
LT		 694 pi->imtu = l2cap_pi(parent)->imtu;
695 pi->omtu = l2cap_pi(parent)->omtu;
2af6b9d5
MH		 696 pi->sec_level = l2cap_pi(parent)->sec_level;
697 pi->role_switch = l2cap_pi(parent)->role_switch;
698 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1da177e4
LT		 699 } else {
700 pi->imtu = L2CAP_DEFAULT_MTU;
701 pi->omtu = 0;
2af6b9d5
MH		 702 pi->sec_level = BT_SECURITY_LOW;
703 pi->role_switch = 0;
704 pi->force_reliable = 0;
1da177e4
LT		 705 }
706
707 /* Default config options */
5dee9e7c 708 pi->conf_len = 0;
1da177e4
LT		 709 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
710}
711
712static struct proto l2cap_proto = {
713 .name = "L2CAP",
714 .owner = THIS_MODULE,
715 .obj_size = sizeof(struct l2cap_pinfo)
716};
717
1b8d7ae4 718static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 719{
720 struct sock *sk;
721
6257ff21 722 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1da177e4
LT		 723 if (!sk)
724 return NULL;
725
726 sock_init_data(sock, sk);
727 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
728
729 sk->sk_destruct = l2cap_sock_destruct;
4e8402a3 730 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1da177e4
LT		 731
732 sock_reset_flag(sk, SOCK_ZAPPED);
733
734 sk->sk_protocol = proto;
b1235d79 735 sk->sk_state = BT_OPEN;
1da177e4 736
b1235d79 737 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1da177e4
LT		 738
739 bt_sock_link(&l2cap_sk_list, sk);
740 return sk;
741}
742
1b8d7ae4 743static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 744{
745 struct sock *sk;
746
747 BT_DBG("sock %p", sock);
748
749 sock->state = SS_UNCONNECTED;
750
751 if (sock->type != SOCK_SEQPACKET &&
752 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
753 return -ESOCKTNOSUPPORT;
754
755 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
756 return -EPERM;
757
758 sock->ops = &l2cap_sock_ops;
759
1b8d7ae4 760 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1da177e4
LT		 761 if (!sk)
762 return -ENOMEM;
763
764 l2cap_sock_init(sk, NULL);
765 return 0;
766}
767
768static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
769{
770 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
771 struct sock *sk = sock->sk;
772 int err = 0;
773
774 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
775
776 if (!addr || addr->sa_family != AF_BLUETOOTH)
777 return -EINVAL;
778
779 lock_sock(sk);
780
781 if (sk->sk_state != BT_OPEN) {
782 err = -EBADFD;
783 goto done;
784 }
785
8e036fc3 786 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
847641d7
MH		 787 !capable(CAP_NET_BIND_SERVICE)) {
788 err = -EACCES;
789 goto done;
790 }
8e87d142 791
1da177e4
LT		 792 write_lock_bh(&l2cap_sk_list.lock);
793
794 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
795 err = -EADDRINUSE;
796 } else {
797 /* Save source address */
798 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
799 l2cap_pi(sk)->psm = la->l2_psm;
800 l2cap_pi(sk)->sport = la->l2_psm;
801 sk->sk_state = BT_BOUND;
2af6b9d5
MH		 802
803 if (btohs(la->l2_psm) == 0x0001)
804 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1da177e4
LT		 805 }
806
807 write_unlock_bh(&l2cap_sk_list.lock);
808
809done:
810 release_sock(sk);
811 return err;
812}
813
814static int l2cap_do_connect(struct sock *sk)
815{
816 bdaddr_t *src = &bt_sk(sk)->src;
817 bdaddr_t *dst = &bt_sk(sk)->dst;
818 struct l2cap_conn *conn;
819 struct hci_conn *hcon;
820 struct hci_dev *hdev;
09ab6f4c 821 __u8 auth_type;
1da177e4
LT		 822 int err = 0;
823
824 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
825
826 if (!(hdev = hci_get_route(dst, src)))
827 return -EHOSTUNREACH;
828
829 hci_dev_lock_bh(hdev);
830
831 err = -ENOMEM;
832
8c1b2355 833 if (sk->sk_type == SOCK_RAW) {
2af6b9d5
MH		 834 switch (l2cap_pi(sk)->sec_level) {
835 case BT_SECURITY_HIGH:
8c1b2355 836 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2af6b9d5
MH		 837 break;
838 case BT_SECURITY_MEDIUM:
8c1b2355 839 auth_type = HCI_AT_DEDICATED_BONDING;
2af6b9d5
MH		 840 break;
841 default:
09ab6f4c 842 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 843 break;
844 }
8c1b2355 845 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
2af6b9d5 846 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8c1b2355 847 auth_type = HCI_AT_NO_BONDING_MITM;
09ab6f4c 848 else
8c1b2355
MH		 849 auth_type = HCI_AT_NO_BONDING;
850 } else {
2af6b9d5
MH		 851 switch (l2cap_pi(sk)->sec_level) {
852 case BT_SECURITY_HIGH:
8c1b2355 853 auth_type = HCI_AT_GENERAL_BONDING_MITM;
2af6b9d5
MH		 854 break;
855 case BT_SECURITY_MEDIUM:
09ab6f4c 856 auth_type = HCI_AT_GENERAL_BONDING;
2af6b9d5
MH		 857 break;
858 default:
8c1b2355 859 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 860 break;
861 }
09ab6f4c
MH		 862 }
863
2af6b9d5
MH		 864 hcon = hci_connect(hdev, ACL_LINK, dst,
865 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 866 if (!hcon)
867 goto done;
868
869 conn = l2cap_conn_add(hcon, 0);
870 if (!conn) {
871 hci_conn_put(hcon);
872 goto done;
873 }
874
875 err = 0;
876
877 /* Update source addr of the socket */
878 bacpy(src, conn->src);
879
880 l2cap_chan_add(conn, sk, NULL);
881
882 sk->sk_state = BT_CONNECT;
883 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
884
885 if (hcon->state == BT_CONNECTED) {
79d554a6 886 if (sk->sk_type != SOCK_SEQPACKET) {
1da177e4
LT		 887 l2cap_sock_clear_timer(sk);
888 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 889 } else
890 l2cap_do_start(sk);
1da177e4
LT		 891 }
892
893done:
894 hci_dev_unlock_bh(hdev);
895 hci_dev_put(hdev);
896 return err;
897}
898
899static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
900{
901 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
902 struct sock *sk = sock->sk;
903 int err = 0;
904
905 lock_sock(sk);
906
907 BT_DBG("sk %p", sk);
908
909 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
910 err = -EINVAL;
911 goto done;
912 }
913
914 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
915 err = -EINVAL;
916 goto done;
917 }
918
919 switch(sk->sk_state) {
920 case BT_CONNECT:
921 case BT_CONNECT2:
922 case BT_CONFIG:
923 /* Already connecting */
924 goto wait;
925
926 case BT_CONNECTED:
927 /* Already connected */
928 goto done;
929
930 case BT_OPEN:
931 case BT_BOUND:
932 /* Can connect */
933 break;
934
935 default:
936 err = -EBADFD;
937 goto done;
938 }
939
940 /* Set destination address and psm */
941 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
942 l2cap_pi(sk)->psm = la->l2_psm;
943
944 if ((err = l2cap_do_connect(sk)))
945 goto done;
946
947wait:
948 err = bt_sock_wait_state(sk, BT_CONNECTED,
949 sock_sndtimeo(sk, flags & O_NONBLOCK));
950done:
951 release_sock(sk);
952 return err;
953}
954
955static int l2cap_sock_listen(struct socket *sock, int backlog)
956{
957 struct sock *sk = sock->sk;
958 int err = 0;
959
960 BT_DBG("sk %p backlog %d", sk, backlog);
961
962 lock_sock(sk);
963
964 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
965 err = -EBADFD;
966 goto done;
967 }
968
969 if (!l2cap_pi(sk)->psm) {
970 bdaddr_t *src = &bt_sk(sk)->src;
971 u16 psm;
972
973 err = -EINVAL;
974
975 write_lock_bh(&l2cap_sk_list.lock);
976
977 for (psm = 0x1001; psm < 0x1100; psm += 2)
6dc0c208 978 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1da177e4
LT		 979 l2cap_pi(sk)->psm = htobs(psm);
980 l2cap_pi(sk)->sport = htobs(psm);
981 err = 0;
982 break;
983 }
984
985 write_unlock_bh(&l2cap_sk_list.lock);
986
987 if (err < 0)
988 goto done;
989 }
990
991 sk->sk_max_ack_backlog = backlog;
992 sk->sk_ack_backlog = 0;
993 sk->sk_state = BT_LISTEN;
994
995done:
996 release_sock(sk);
997 return err;
998}
999
1000static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1001{
1002 DECLARE_WAITQUEUE(wait, current);
1003 struct sock *sk = sock->sk, *nsk;
1004 long timeo;
1005 int err = 0;
1006
fcc70d5f 1007 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1008
1009 if (sk->sk_state != BT_LISTEN) {
1010 err = -EBADFD;
1011 goto done;
1012 }
1013
1014 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1015
1016 BT_DBG("sk %p timeo %ld", sk, timeo);
1017
1018 /* Wait for an incoming connection. (wake-one). */
1019 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1020 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1021 set_current_state(TASK_INTERRUPTIBLE);
1022 if (!timeo) {
1023 err = -EAGAIN;
1024 break;
1025 }
1026
1027 release_sock(sk);
1028 timeo = schedule_timeout(timeo);
fcc70d5f 1029 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1030
1031 if (sk->sk_state != BT_LISTEN) {
1032 err = -EBADFD;
1033 break;
1034 }
1035
1036 if (signal_pending(current)) {
1037 err = sock_intr_errno(timeo);
1038 break;
1039 }
1040 }
1041 set_current_state(TASK_RUNNING);
1042 remove_wait_queue(sk->sk_sleep, &wait);
1043
1044 if (err)
1045 goto done;
1046
1047 newsock->state = SS_CONNECTED;
1048
1049 BT_DBG("new socket %p", nsk);
1050
1051done:
1052 release_sock(sk);
1053 return err;
1054}
1055
1056static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1057{
1058 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1059 struct sock *sk = sock->sk;
1060
1061 BT_DBG("sock %p, sk %p", sock, sk);
1062
1063 addr->sa_family = AF_BLUETOOTH;
1064 *len = sizeof(struct sockaddr_l2);
1065
1066 if (peer)
1067 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1068 else
1069 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1070
1071 la->l2_psm = l2cap_pi(sk)->psm;
1072 return 0;
1073}
1074
1075static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1076{
1077 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1078 struct sk_buff *skb, **frag;
1079 int err, hlen, count, sent=0;
1080 struct l2cap_hdr *lh;
1081
1082 BT_DBG("sk %p len %d", sk, len);
1083
1084 /* First fragment (with L2CAP header) */
1085 if (sk->sk_type == SOCK_DGRAM)
1086 hlen = L2CAP_HDR_SIZE + 2;
1087 else
1088 hlen = L2CAP_HDR_SIZE;
1089
1090 count = min_t(unsigned int, (conn->mtu - hlen), len);
1091
1092 skb = bt_skb_send_alloc(sk, hlen + count,
1093 msg->msg_flags & MSG_DONTWAIT, &err);
1094 if (!skb)
1095 return err;
1096
1097 /* Create L2CAP header */
1098 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1099 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1100 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1da177e4
LT		 1101
1102 if (sk->sk_type == SOCK_DGRAM)
8e036fc3 1103 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1da177e4
LT		 1104
1105 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1106 err = -EFAULT;
1107 goto fail;
1108 }
1109
1110 sent += count;
1111 len -= count;
1112
1113 /* Continuation fragments (no L2CAP header) */
1114 frag = &skb_shinfo(skb)->frag_list;
1115 while (len) {
1116 count = min_t(unsigned int, conn->mtu, len);
1117
1118 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1119 if (!*frag)
1120 goto fail;
8e87d142 1121
1da177e4
LT		 1122 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1123 err = -EFAULT;
1124 goto fail;
1125 }
1126
1127 sent += count;
1128 len -= count;
1129
1130 frag = &(*frag)->next;
1131 }
1132
1133 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1134 goto fail;
1135
1136 return sent;
1137
1138fail:
1139 kfree_skb(skb);
1140 return err;
1141}
1142
1143static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1144{
1145 struct sock *sk = sock->sk;
1146 int err = 0;
1147
1148 BT_DBG("sock %p, sk %p", sock, sk);
1149
c1cbe4b7
BL		 1150 err = sock_error(sk);
1151 if (err)
1152 return err;
1da177e4
LT		 1153
1154 if (msg->msg_flags & MSG_OOB)
1155 return -EOPNOTSUPP;
1156
1157 /* Check outgoing MTU */
1158 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1159 return -EINVAL;
1160
1161 lock_sock(sk);
1162
1163 if (sk->sk_state == BT_CONNECTED)
1164 err = l2cap_do_send(sk, msg, len);
1165 else
1166 err = -ENOTCONN;
1167
1168 release_sock(sk);
1169 return err;
1170}
1171
f66dc81f
MH		 1172static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1173{
1174 struct sock *sk = sock->sk;
1175
1176 lock_sock(sk);
1177
1178 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1179 struct l2cap_conn_rsp rsp;
1180
1181 sk->sk_state = BT_CONFIG;
1182
1183 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1184 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1185 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1186 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1187 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1188 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1189
1190 release_sock(sk);
1191 return 0;
1192 }
1193
1194 release_sock(sk);
1195
1196 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1197}
1198
d58daf42 1199static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 1200{
1201 struct sock *sk = sock->sk;
1202 struct l2cap_options opts;
1203 int err = 0, len;
1204 u32 opt;
1205
1206 BT_DBG("sk %p", sk);
1207
1208 lock_sock(sk);
1209
1210 switch (optname) {
1211 case L2CAP_OPTIONS:
0878b666
MH		 1212 opts.imtu = l2cap_pi(sk)->imtu;
1213 opts.omtu = l2cap_pi(sk)->omtu;
1214 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1215 opts.mode = L2CAP_MODE_BASIC;
0878b666 1216
1da177e4
LT		 1217 len = min_t(unsigned int, sizeof(opts), optlen);
1218 if (copy_from_user((char *) &opts, optval, len)) {
1219 err = -EFAULT;
1220 break;
1221 }
0878b666 1222
1da177e4
LT		 1223 l2cap_pi(sk)->imtu = opts.imtu;
1224 l2cap_pi(sk)->omtu = opts.omtu;
1225 break;
1226
1227 case L2CAP_LM:
1228 if (get_user(opt, (u32 __user *) optval)) {
1229 err = -EFAULT;
1230 break;
1231 }
1232
2af6b9d5
MH		 1233 if (opt & L2CAP_LM_AUTH)
1234 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1235 if (opt & L2CAP_LM_ENCRYPT)
1236 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1237 if (opt & L2CAP_LM_SECURE)
1238 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1239
1240 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1241 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1da177e4
LT		 1242 break;
1243
1244 default:
1245 err = -ENOPROTOOPT;
1246 break;
1247 }
1248
1249 release_sock(sk);
1250 return err;
1251}
1252
d58daf42
MH		 1253static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1254{
1255 struct sock *sk = sock->sk;
2af6b9d5
MH		 1256 struct bt_security sec;
1257 int len, err = 0;
f66dc81f 1258 u32 opt;
d58daf42
MH		 1259
1260 BT_DBG("sk %p", sk);
1261
1262 if (level == SOL_L2CAP)
1263 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1264
0588d94f
MH		 1265 if (level != SOL_BLUETOOTH)
1266 return -ENOPROTOOPT;
1267
d58daf42
MH		 1268 lock_sock(sk);
1269
1270 switch (optname) {
2af6b9d5 1271 case BT_SECURITY:
0588d94f
MH		 1272 if (sk->sk_type != SOCK_SEQPACKET) {
1273 err = -EINVAL;
1274 break;
1275 }
1276
2af6b9d5
MH		 1277 sec.level = BT_SECURITY_LOW;
1278
1279 len = min_t(unsigned int, sizeof(sec), optlen);
1280 if (copy_from_user((char *) &sec, optval, len)) {
1281 err = -EFAULT;
1282 break;
1283 }
1284
1285 if (sec.level < BT_SECURITY_LOW ||
1286 sec.level > BT_SECURITY_HIGH) {
1287 err = -EINVAL;
1288 break;
1289 }
1290
1291 l2cap_pi(sk)->sec_level = sec.level;
1292 break;
1293
f66dc81f
MH		 1294 case BT_DEFER_SETUP:
1295 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1296 err = -EINVAL;
1297 break;
1298 }
1299
1300 if (get_user(opt, (u32 __user *) optval)) {
1301 err = -EFAULT;
1302 break;
1303 }
1304
1305 bt_sk(sk)->defer_setup = opt;
1306 break;
1307
d58daf42
MH		 1308 default:
1309 err = -ENOPROTOOPT;
1310 break;
1311 }
1312
1313 release_sock(sk);
1314 return err;
1315}
1316
1317static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 1318{
1319 struct sock *sk = sock->sk;
1320 struct l2cap_options opts;
1321 struct l2cap_conninfo cinfo;
1322 int len, err = 0;
2af6b9d5 1323 u32 opt;
1da177e4
LT		 1324
1325 BT_DBG("sk %p", sk);
1326
1327 if (get_user(len, optlen))
1328 return -EFAULT;
1329
1330 lock_sock(sk);
1331
1332 switch (optname) {
1333 case L2CAP_OPTIONS:
1334 opts.imtu = l2cap_pi(sk)->imtu;
1335 opts.omtu = l2cap_pi(sk)->omtu;
1336 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1337 opts.mode = L2CAP_MODE_BASIC;
1da177e4
LT		 1338
1339 len = min_t(unsigned int, len, sizeof(opts));
1340 if (copy_to_user(optval, (char *) &opts, len))
1341 err = -EFAULT;
1342
1343 break;
1344
1345 case L2CAP_LM:
2af6b9d5
MH		 1346 switch (l2cap_pi(sk)->sec_level) {
1347 case BT_SECURITY_LOW:
1348 opt = L2CAP_LM_AUTH;
1349 break;
1350 case BT_SECURITY_MEDIUM:
1351 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1352 break;
1353 case BT_SECURITY_HIGH:
1354 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1355 L2CAP_LM_SECURE;
1356 break;
1357 default:
1358 opt = 0;
1359 break;
1360 }
1361
1362 if (l2cap_pi(sk)->role_switch)
1363 opt |= L2CAP_LM_MASTER;
1364
1365 if (l2cap_pi(sk)->force_reliable)
1366 opt |= L2CAP_LM_RELIABLE;
1367
1368 if (put_user(opt, (u32 __user *) optval))
1da177e4
LT		 1369 err = -EFAULT;
1370 break;
1371
1372 case L2CAP_CONNINFO:
f66dc81f
MH		 1373 if (sk->sk_state != BT_CONNECTED &&
1374 !(sk->sk_state == BT_CONNECT2 &&
1375 bt_sk(sk)->defer_setup)) {
1da177e4
LT		 1376 err = -ENOTCONN;
1377 break;
1378 }
1379
1380 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1381 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1382
1383 len = min_t(unsigned int, len, sizeof(cinfo));
1384 if (copy_to_user(optval, (char *) &cinfo, len))
1385 err = -EFAULT;
1386
1387 break;
1388
1389 default:
1390 err = -ENOPROTOOPT;
1391 break;
1392 }
1393
1394 release_sock(sk);
1395 return err;
1396}
1397
d58daf42
MH		 1398static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1399{
1400 struct sock *sk = sock->sk;
2af6b9d5 1401 struct bt_security sec;
d58daf42
MH		 1402 int len, err = 0;
1403
1404 BT_DBG("sk %p", sk);
1405
1406 if (level == SOL_L2CAP)
1407 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1408
0588d94f
MH		 1409 if (level != SOL_BLUETOOTH)
1410 return -ENOPROTOOPT;
1411
d58daf42
MH		 1412 if (get_user(len, optlen))
1413 return -EFAULT;
1414
1415 lock_sock(sk);
1416
1417 switch (optname) {
2af6b9d5 1418 case BT_SECURITY:
0588d94f
MH		 1419 if (sk->sk_type != SOCK_SEQPACKET) {
1420 err = -EINVAL;
1421 break;
1422 }
1423
2af6b9d5
MH		 1424 sec.level = l2cap_pi(sk)->sec_level;
1425
1426 len = min_t(unsigned int, len, sizeof(sec));
1427 if (copy_to_user(optval, (char *) &sec, len))
1428 err = -EFAULT;
1429
1430 break;
1431
f66dc81f
MH		 1432 case BT_DEFER_SETUP:
1433 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1434 err = -EINVAL;
1435 break;
1436 }
1437
1438 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1439 err = -EFAULT;
1440
1441 break;
1442
d58daf42
MH		 1443 default:
1444 err = -ENOPROTOOPT;
1445 break;
1446 }
1447
1448 release_sock(sk);
1449 return err;
1450}
1451
1da177e4
LT		 1452static int l2cap_sock_shutdown(struct socket *sock, int how)
1453{
1454 struct sock *sk = sock->sk;
1455 int err = 0;
1456
1457 BT_DBG("sock %p, sk %p", sock, sk);
1458
1459 if (!sk)
1460 return 0;
1461
1462 lock_sock(sk);
1463 if (!sk->sk_shutdown) {
1464 sk->sk_shutdown = SHUTDOWN_MASK;
1465 l2cap_sock_clear_timer(sk);
1466 __l2cap_sock_close(sk, 0);
1467
1468 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
b1235d79
MH		 1469 err = bt_sock_wait_state(sk, BT_CLOSED,
1470 sk->sk_lingertime);
1da177e4
LT		 1471 }
1472 release_sock(sk);
1473 return err;
1474}
1475
1476static int l2cap_sock_release(struct socket *sock)
1477{
1478 struct sock *sk = sock->sk;
1479 int err;
1480
1481 BT_DBG("sock %p, sk %p", sock, sk);
1482
1483 if (!sk)
1484 return 0;
1485
1486 err = l2cap_sock_shutdown(sock, 2);
1487
1488 sock_orphan(sk);
1489 l2cap_sock_kill(sk);
1490 return err;
1491}
1492
1da177e4
LT		 1493static void l2cap_chan_ready(struct sock *sk)
1494{
1495 struct sock *parent = bt_sk(sk)->parent;
1496
1497 BT_DBG("sk %p, parent %p", sk, parent);
1498
1499 l2cap_pi(sk)->conf_state = 0;
1500 l2cap_sock_clear_timer(sk);
1501
1502 if (!parent) {
1503 /* Outgoing channel.
1504 * Wake up socket sleeping on connect.
1505 */
1506 sk->sk_state = BT_CONNECTED;
1507 sk->sk_state_change(sk);
1508 } else {
1509 /* Incoming channel.
1510 * Wake up socket sleeping on accept.
1511 */
1512 parent->sk_data_ready(parent, 0);
1513 }
1514}
1515
1516/* Copy frame to all raw sockets on that connection */
1517static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1518{
1519 struct l2cap_chan_list *l = &conn->chan_list;
1520 struct sk_buff *nskb;
1521 struct sock * sk;
1522
1523 BT_DBG("conn %p", conn);
1524
1525 read_lock(&l->lock);
1526 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1527 if (sk->sk_type != SOCK_RAW)
1528 continue;
1529
1530 /* Don't send frame to the socket it came from */
1531 if (skb->sk == sk)
1532 continue;
1533
1534 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1535 continue;
1536
1537 if (sock_queue_rcv_skb(sk, nskb))
1538 kfree_skb(nskb);
1539 }
1540 read_unlock(&l->lock);
1541}
1542
1543/* ---- L2CAP signalling commands ---- */
1544static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1545 u8 code, u8 ident, u16 dlen, void *data)
1546{
1547 struct sk_buff *skb, **frag;
1548 struct l2cap_cmd_hdr *cmd;
1549 struct l2cap_hdr *lh;
1550 int len, count;
1551
1552 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1553
1554 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1555 count = min_t(unsigned int, conn->mtu, len);
1556
1557 skb = bt_skb_alloc(count, GFP_ATOMIC);
1558 if (!skb)
1559 return NULL;
1560
1561 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1562 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1563 lh->cid = cpu_to_le16(0x0001);
1da177e4
LT		 1564
1565 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1566 cmd->code = code;
1567 cmd->ident = ident;
aca3192c 1568 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1569
1570 if (dlen) {
1571 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1572 memcpy(skb_put(skb, count), data, count);
1573 data += count;
1574 }
1575
1576 len -= skb->len;
1577
1578 /* Continuation fragments (no L2CAP header) */
1579 frag = &skb_shinfo(skb)->frag_list;
1580 while (len) {
1581 count = min_t(unsigned int, conn->mtu, len);
1582
1583 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1584 if (!*frag)
1585 goto fail;
1586
1587 memcpy(skb_put(*frag, count), data, count);
1588
1589 len -= count;
1590 data += count;
1591
1592 frag = &(*frag)->next;
1593 }
1594
1595 return skb;
1596
1597fail:
1598 kfree_skb(skb);
1599 return NULL;
1600}
1601
1602static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1603{
1604 struct l2cap_conf_opt *opt = *ptr;
1605 int len;
1606
1607 len = L2CAP_CONF_OPT_SIZE + opt->len;
1608 *ptr += len;
1609
1610 *type = opt->type;
1611 *olen = opt->len;
1612
1613 switch (opt->len) {
1614 case 1:
1615 *val = *((u8 *) opt->val);
1616 break;
1617
1618 case 2:
861d6882 1619 *val = __le16_to_cpu(*((__le16 *) opt->val));
1da177e4
LT		 1620 break;
1621
1622 case 4:
861d6882 1623 *val = __le32_to_cpu(*((__le32 *) opt->val));
1da177e4
LT		 1624 break;
1625
1626 default:
1627 *val = (unsigned long) opt->val;
1628 break;
1629 }
1630
1631 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1632 return len;
1633}
1634
1da177e4
LT		 1635static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1636{
1637 struct l2cap_conf_opt *opt = *ptr;
1638
1639 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1640
1641 opt->type = type;
1642 opt->len = len;
1643
1644 switch (len) {
1645 case 1:
1646 *((u8 *) opt->val) = val;
1647 break;
1648
1649 case 2:
8e036fc3 1650 *((__le16 *) opt->val) = cpu_to_le16(val);
1da177e4
LT		 1651 break;
1652
1653 case 4:
8e036fc3 1654 *((__le32 *) opt->val) = cpu_to_le32(val);
1da177e4
LT		 1655 break;
1656
1657 default:
1658 memcpy(opt->val, (void *) val, len);
1659 break;
1660 }
1661
1662 *ptr += L2CAP_CONF_OPT_SIZE + len;
1663}
1664
1665static int l2cap_build_conf_req(struct sock *sk, void *data)
1666{
1667 struct l2cap_pinfo *pi = l2cap_pi(sk);
1668 struct l2cap_conf_req *req = data;
1669 void *ptr = req->data;
1670
1671 BT_DBG("sk %p", sk);
1672
1673 if (pi->imtu != L2CAP_DEFAULT_MTU)
1674 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1675
1676 /* FIXME: Need actual value of the flush timeout */
1677 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1678 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1679
aca3192c
YH		 1680 req->dcid = cpu_to_le16(pi->dcid);
1681 req->flags = cpu_to_le16(0);
1da177e4
LT		 1682
1683 return ptr - data;
1684}
1685
5dee9e7c 1686static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1687{
1688 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1689 struct l2cap_conf_rsp *rsp = data;
1690 void *ptr = rsp->data;
1691 void *req = pi->conf_req;
1692 int len = pi->conf_len;
1693 int type, hint, olen;
1694 unsigned long val;
6464f35f 1695 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1696 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1697 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1698
5dee9e7c 1699 BT_DBG("sk %p", sk);
820ae1b8 1700
5dee9e7c
MH		 1701 while (len >= L2CAP_CONF_OPT_SIZE) {
1702 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1703
5dee9e7c
MH		 1704 hint = type & 0x80;
1705 type &= 0x7f;
1706
1707 switch (type) {
1708 case L2CAP_CONF_MTU:
861d6882 1709 mtu = val;
5dee9e7c
MH		 1710 break;
1711
1712 case L2CAP_CONF_FLUSH_TO:
1713 pi->flush_to = val;
1714 break;
1715
1716 case L2CAP_CONF_QOS:
1717 break;
1718
6464f35f
MH		 1719 case L2CAP_CONF_RFC:
1720 if (olen == sizeof(rfc))
1721 memcpy(&rfc, (void *) val, olen);
1722 break;
1723
5dee9e7c
MH		 1724 default:
1725 if (hint)
1726 break;
1727
1728 result = L2CAP_CONF_UNKNOWN;
1729 *((u8 *) ptr++) = type;
1730 break;
1731 }
1732 }
1733
1734 if (result == L2CAP_CONF_SUCCESS) {
1735 /* Configure output options and let the other side know
1736 * which ones we don't like. */
1737
6464f35f
MH		 1738 if (rfc.mode == L2CAP_MODE_BASIC) {
1739 if (mtu < pi->omtu)
1740 result = L2CAP_CONF_UNACCEPT;
1741 else {
1742 pi->omtu = mtu;
1743 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1744 }
1745
1746 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1747 } else {
5dee9e7c 1748 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1749
6464f35f
MH		 1750 memset(&rfc, 0, sizeof(rfc));
1751 rfc.mode = L2CAP_MODE_BASIC;
1752
1753 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1754 sizeof(rfc), (unsigned long) &rfc);
1755 }
5dee9e7c
MH		 1756 }
1757
1758 rsp->scid = cpu_to_le16(pi->dcid);
1759 rsp->result = cpu_to_le16(result);
1760 rsp->flags = cpu_to_le16(0x0000);
1761
1762 return ptr - data;
1da177e4
LT		 1763}
1764
5dee9e7c 1765static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1766{
1767 struct l2cap_conf_rsp *rsp = data;
1768 void *ptr = rsp->data;
1da177e4 1769
5dee9e7c 1770 BT_DBG("sk %p", sk);
1da177e4 1771
aca3192c 1772 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1773 rsp->result = cpu_to_le16(result);
aca3192c 1774 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1775
1776 return ptr - data;
1777}
1778
4e8402a3
MH		 1779static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1780{
1781 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1782
1783 if (rej->reason != 0x0000)
1784 return 0;
1785
1786 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1787 cmd->ident == conn->info_ident) {
1788 conn->info_ident = 0;
1789 del_timer(&conn->info_timer);
1790 l2cap_conn_start(conn);
1791 }
1792
1793 return 0;
1794}
1795
1da177e4
LT		 1796static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1797{
1798 struct l2cap_chan_list *list = &conn->chan_list;
1799 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1800 struct l2cap_conn_rsp rsp;
1801 struct sock *sk, *parent;
e7c29cb1 1802 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1803
1804 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1805 __le16 psm = req->psm;
1da177e4
LT		 1806
1807 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1808
1809 /* Check if we have socket listening on psm */
1810 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1811 if (!parent) {
1812 result = L2CAP_CR_BAD_PSM;
1813 goto sendresp;
1814 }
1815
e7c29cb1
MH		 1816 /* Check if the ACL is secure enough (if not SDP) */
1817 if (psm != cpu_to_le16(0x0001) &&
1818 !hci_conn_check_link_mode(conn->hcon)) {
1819 result = L2CAP_CR_SEC_BLOCK;
1820 goto response;
1821 }
1822
1da177e4
LT		 1823 result = L2CAP_CR_NO_MEM;
1824
1825 /* Check for backlog size */
1826 if (sk_acceptq_is_full(parent)) {
8e87d142 1827 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1828 goto response;
1829 }
1830
3b1e0a65 1831 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 1832 if (!sk)
1833 goto response;
1834
fd1278d7 1835 write_lock_bh(&list->lock);
1da177e4
LT		 1836
1837 /* Check if we already have channel with that dcid */
1838 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 1839 write_unlock_bh(&list->lock);
1da177e4
LT		 1840 sock_set_flag(sk, SOCK_ZAPPED);
1841 l2cap_sock_kill(sk);
1842 goto response;
1843 }
1844
1845 hci_conn_hold(conn->hcon);
1846
1847 l2cap_sock_init(sk, parent);
1848 bacpy(&bt_sk(sk)->src, conn->src);
1849 bacpy(&bt_sk(sk)->dst, conn->dst);
1850 l2cap_pi(sk)->psm = psm;
1851 l2cap_pi(sk)->dcid = scid;
1852
1853 __l2cap_chan_add(conn, sk, parent);
1854 dcid = l2cap_pi(sk)->scid;
1855
1856 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1857
1da177e4
LT		 1858 l2cap_pi(sk)->ident = cmd->ident;
1859
79d554a6 1860 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 1861 if (l2cap_check_security(sk)) {
f66dc81f
MH		 1862 if (bt_sk(sk)->defer_setup) {
1863 sk->sk_state = BT_CONNECT2;
1864 result = L2CAP_CR_PEND;
1865 status = L2CAP_CS_AUTHOR_PEND;
1866 parent->sk_data_ready(parent, 0);
1867 } else {
1868 sk->sk_state = BT_CONFIG;
1869 result = L2CAP_CR_SUCCESS;
1870 status = L2CAP_CS_NO_INFO;
1871 }
79d554a6
MH		 1872 } else {
1873 sk->sk_state = BT_CONNECT2;
1874 result = L2CAP_CR_PEND;
1875 status = L2CAP_CS_AUTHEN_PEND;
1876 }
1877 } else {
1878 sk->sk_state = BT_CONNECT2;
1879 result = L2CAP_CR_PEND;
1880 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1881 }
1882
fd1278d7 1883 write_unlock_bh(&list->lock);
1da177e4
LT		 1884
1885response:
1886 bh_unlock_sock(parent);
1887
1888sendresp:
aca3192c
YH		 1889 rsp.scid = cpu_to_le16(scid);
1890 rsp.dcid = cpu_to_le16(dcid);
1891 rsp.result = cpu_to_le16(result);
1892 rsp.status = cpu_to_le16(status);
1da177e4 1893 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 1894
1895 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1896 struct l2cap_info_req info;
1897 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1898
1899 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1900 conn->info_ident = l2cap_get_ident(conn);
1901
1902 mod_timer(&conn->info_timer, jiffies +
1903 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1904
1905 l2cap_send_cmd(conn, conn->info_ident,
1906 L2CAP_INFO_REQ, sizeof(info), &info);
1907 }
1908
1da177e4
LT		 1909 return 0;
1910}
1911
1912static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1913{
1914 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1915 u16 scid, dcid, result, status;
1916 struct sock *sk;
1917 u8 req[128];
1918
1919 scid = __le16_to_cpu(rsp->scid);
1920 dcid = __le16_to_cpu(rsp->dcid);
1921 result = __le16_to_cpu(rsp->result);
1922 status = __le16_to_cpu(rsp->status);
1923
1924 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1925
1926 if (scid) {
1927 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1928 return 0;
1929 } else {
1930 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1931 return 0;
1932 }
1933
1934 switch (result) {
1935 case L2CAP_CR_SUCCESS:
1936 sk->sk_state = BT_CONFIG;
1937 l2cap_pi(sk)->ident = 0;
1938 l2cap_pi(sk)->dcid = dcid;
1939 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1940
1941 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1942 l2cap_build_conf_req(sk, req), req);
1943 break;
1944
1945 case L2CAP_CR_PEND:
1946 break;
1947
1948 default:
1949 l2cap_chan_del(sk, ECONNREFUSED);
1950 break;
1951 }
1952
1953 bh_unlock_sock(sk);
1954 return 0;
1955}
1956
88219a0f 1957static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 1958{
1959 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1960 u16 dcid, flags;
1961 u8 rsp[64];
1962 struct sock *sk;
5dee9e7c 1963 int len;
1da177e4
LT		 1964
1965 dcid = __le16_to_cpu(req->dcid);
1966 flags = __le16_to_cpu(req->flags);
1967
1968 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1969
1970 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1971 return -ENOENT;
1972
354f60a9
MH		 1973 if (sk->sk_state == BT_DISCONN)
1974 goto unlock;
1975
5dee9e7c 1976 /* Reject if config buffer is too small. */
88219a0f 1977 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 1978 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1979 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1980 l2cap_build_conf_rsp(sk, rsp,
1981 L2CAP_CONF_REJECT, flags), rsp);
1982 goto unlock;
1983 }
1984
1985 /* Store config. */
1986 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1987 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 1988
1989 if (flags & 0x0001) {
1990 /* Incomplete config. Send empty response. */
1991 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 1992 l2cap_build_conf_rsp(sk, rsp,
1993 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 1994 goto unlock;
1995 }
1996
1997 /* Complete config. */
5dee9e7c
MH		 1998 len = l2cap_parse_conf_req(sk, rsp);
1999 if (len < 0)
1da177e4
LT		 2000 goto unlock;
2001
5dee9e7c
MH		 2002 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2003
5dee9e7c
MH		 2004 /* Reset config buffer. */
2005 l2cap_pi(sk)->conf_len = 0;
2006
876d9484
MH		 2007 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2008 goto unlock;
2009
1da177e4
LT		 2010 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2011 sk->sk_state = BT_CONNECTED;
2012 l2cap_chan_ready(sk);
876d9484
MH		 2013 goto unlock;
2014 }
2015
2016 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2017 u8 buf[64];
1da177e4 2018 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 2019 l2cap_build_conf_req(sk, buf), buf);
1da177e4
LT		 2020 }
2021
2022unlock:
2023 bh_unlock_sock(sk);
2024 return 0;
2025}
2026
2027static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2028{
2029 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2030 u16 scid, flags, result;
2031 struct sock *sk;
2032
2033 scid = __le16_to_cpu(rsp->scid);
2034 flags = __le16_to_cpu(rsp->flags);
2035 result = __le16_to_cpu(rsp->result);
2036
2037 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2038
2039 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2040 return 0;
2041
2042 switch (result) {
2043 case L2CAP_CONF_SUCCESS:
2044 break;
2045
2046 case L2CAP_CONF_UNACCEPT:
2047 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2048 char req[128];
2049 /* It does not make sense to adjust L2CAP parameters
2050 * that are currently defined in the spec. We simply
2051 * resend config request that we sent earlier. It is
2052 * stupid, but it helps qualification testing which
2053 * expects at least some response from us. */
2054 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2055 l2cap_build_conf_req(sk, req), req);
2056 goto done;
2057 }
2058
8e87d142 2059 default:
1da177e4 2060 sk->sk_state = BT_DISCONN;
b1235d79 2061 sk->sk_err = ECONNRESET;
1da177e4
LT		 2062 l2cap_sock_set_timer(sk, HZ * 5);
2063 {
2064 struct l2cap_disconn_req req;
aca3192c
YH		 2065 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2066 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 2067 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2068 L2CAP_DISCONN_REQ, sizeof(req), &req);
2069 }
2070 goto done;
2071 }
2072
2073 if (flags & 0x01)
2074 goto done;
2075
1da177e4
LT		 2076 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2077
2078 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2079 sk->sk_state = BT_CONNECTED;
2080 l2cap_chan_ready(sk);
2081 }
2082
2083done:
2084 bh_unlock_sock(sk);
2085 return 0;
2086}
2087
2088static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2089{
2090 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2091 struct l2cap_disconn_rsp rsp;
2092 u16 dcid, scid;
2093 struct sock *sk;
2094
2095 scid = __le16_to_cpu(req->scid);
2096 dcid = __le16_to_cpu(req->dcid);
2097
2098 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2099
2100 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2101 return 0;
2102
aca3192c
YH		 2103 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2104 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2105 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2106
2107 sk->sk_shutdown = SHUTDOWN_MASK;
2108
2109 l2cap_chan_del(sk, ECONNRESET);
2110 bh_unlock_sock(sk);
2111
2112 l2cap_sock_kill(sk);
2113 return 0;
2114}
2115
2116static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2117{
2118 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2119 u16 dcid, scid;
2120 struct sock *sk;
2121
2122 scid = __le16_to_cpu(rsp->scid);
2123 dcid = __le16_to_cpu(rsp->dcid);
2124
2125 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2126
2127 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2128 return 0;
2129
2130 l2cap_chan_del(sk, 0);
2131 bh_unlock_sock(sk);
2132
2133 l2cap_sock_kill(sk);
2134 return 0;
2135}
2136
2137static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2138{
2139 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2140 u16 type;
2141
2142 type = __le16_to_cpu(req->type);
2143
2144 BT_DBG("type 0x%4.4x", type);
2145
f0709e03
MH		 2146 if (type == L2CAP_IT_FEAT_MASK) {
2147 u8 buf[8];
2148 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2149 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2150 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2151 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2152 l2cap_send_cmd(conn, cmd->ident,
2153 L2CAP_INFO_RSP, sizeof(buf), buf);
2154 } else {
2155 struct l2cap_info_rsp rsp;
2156 rsp.type = cpu_to_le16(type);
2157 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2158 l2cap_send_cmd(conn, cmd->ident,
2159 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2160 }
1da177e4
LT		 2161
2162 return 0;
2163}
2164
2165static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2166{
2167 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2168 u16 type, result;
2169
2170 type = __le16_to_cpu(rsp->type);
2171 result = __le16_to_cpu(rsp->result);
2172
2173 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2174
4e8402a3
MH		 2175 conn->info_ident = 0;
2176
2177 del_timer(&conn->info_timer);
2178
2179 if (type == L2CAP_IT_FEAT_MASK)
83985319 2180 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3
MH		 2181
2182 l2cap_conn_start(conn);
2183
1da177e4
LT		 2184 return 0;
2185}
2186
2187static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2188{
2189 u8 *data = skb->data;
2190 int len = skb->len;
2191 struct l2cap_cmd_hdr cmd;
2192 int err = 0;
2193
2194 l2cap_raw_recv(conn, skb);
2195
2196 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2197 u16 cmd_len;
1da177e4
LT		 2198 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2199 data += L2CAP_CMD_HDR_SIZE;
2200 len -= L2CAP_CMD_HDR_SIZE;
2201
88219a0f 2202 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2203
88219a0f 2204 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2205
88219a0f 2206 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2207 BT_DBG("corrupted command");
2208 break;
2209 }
2210
2211 switch (cmd.code) {
2212 case L2CAP_COMMAND_REJ:
4e8402a3 2213 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2214 break;
2215
2216 case L2CAP_CONN_REQ:
2217 err = l2cap_connect_req(conn, &cmd, data);
2218 break;
2219
2220 case L2CAP_CONN_RSP:
2221 err = l2cap_connect_rsp(conn, &cmd, data);
2222 break;
2223
2224 case L2CAP_CONF_REQ:
88219a0f 2225 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2226 break;
2227
2228 case L2CAP_CONF_RSP:
2229 err = l2cap_config_rsp(conn, &cmd, data);
2230 break;
2231
2232 case L2CAP_DISCONN_REQ:
2233 err = l2cap_disconnect_req(conn, &cmd, data);
2234 break;
2235
2236 case L2CAP_DISCONN_RSP:
2237 err = l2cap_disconnect_rsp(conn, &cmd, data);
2238 break;
2239
2240 case L2CAP_ECHO_REQ:
88219a0f 2241 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2242 break;
2243
2244 case L2CAP_ECHO_RSP:
2245 break;
2246
2247 case L2CAP_INFO_REQ:
2248 err = l2cap_information_req(conn, &cmd, data);
2249 break;
2250
2251 case L2CAP_INFO_RSP:
2252 err = l2cap_information_rsp(conn, &cmd, data);
2253 break;
2254
2255 default:
2256 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2257 err = -EINVAL;
2258 break;
2259 }
2260
2261 if (err) {
2262 struct l2cap_cmd_rej rej;
2263 BT_DBG("error %d", err);
2264
2265 /* FIXME: Map err to a valid reason */
aca3192c 2266 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2267 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2268 }
2269
88219a0f
AV		 2270 data += cmd_len;
2271 len -= cmd_len;
1da177e4
LT		 2272 }
2273
2274 kfree_skb(skb);
2275}
2276
2277static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2278{
2279 struct sock *sk;
2280
2281 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2282 if (!sk) {
2283 BT_DBG("unknown cid 0x%4.4x", cid);
2284 goto drop;
2285 }
2286
2287 BT_DBG("sk %p, len %d", sk, skb->len);
2288
2289 if (sk->sk_state != BT_CONNECTED)
2290 goto drop;
2291
2292 if (l2cap_pi(sk)->imtu < skb->len)
2293 goto drop;
2294
2295 /* If socket recv buffers overflows we drop data here
2296 * which is *bad* because L2CAP has to be reliable.
2297 * But we don't have any other choice. L2CAP doesn't
2298 * provide flow control mechanism. */
2299
2300 if (!sock_queue_rcv_skb(sk, skb))
2301 goto done;
2302
2303drop:
2304 kfree_skb(skb);
2305
2306done:
0139418c
MH		 2307 if (sk)
2308 bh_unlock_sock(sk);
2309
1da177e4
LT		 2310 return 0;
2311}
2312
8e036fc3 2313static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 2314{
2315 struct sock *sk;
2316
2317 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2318 if (!sk)
2319 goto drop;
2320
2321 BT_DBG("sk %p, len %d", sk, skb->len);
2322
2323 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2324 goto drop;
2325
2326 if (l2cap_pi(sk)->imtu < skb->len)
2327 goto drop;
2328
2329 if (!sock_queue_rcv_skb(sk, skb))
2330 goto done;
2331
2332drop:
2333 kfree_skb(skb);
2334
2335done:
2336 if (sk) bh_unlock_sock(sk);
2337 return 0;
2338}
2339
2340static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2341{
2342 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 2343 u16 cid, len;
2344 __le16 psm;
1da177e4
LT		 2345
2346 skb_pull(skb, L2CAP_HDR_SIZE);
2347 cid = __le16_to_cpu(lh->cid);
2348 len = __le16_to_cpu(lh->len);
2349
2350 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2351
2352 switch (cid) {
2353 case 0x0001:
2354 l2cap_sig_channel(conn, skb);
2355 break;
2356
2357 case 0x0002:
8e036fc3 2358 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 2359 skb_pull(skb, 2);
2360 l2cap_conless_channel(conn, psm, skb);
2361 break;
2362
2363 default:
2364 l2cap_data_channel(conn, cid, skb);
2365 break;
2366 }
2367}
2368
2369/* ---- L2CAP interface with lower layer (HCI) ---- */
2370
2371static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2372{
2373 int exact = 0, lm1 = 0, lm2 = 0;
2374 register struct sock *sk;
2375 struct hlist_node *node;
2376
2377 if (type != ACL_LINK)
2378 return 0;
2379
2380 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2381
2382 /* Find listening sockets and check their link_mode */
2383 read_lock(&l2cap_sk_list.lock);
2384 sk_for_each(sk, node, &l2cap_sk_list.head) {
2385 if (sk->sk_state != BT_LISTEN)
2386 continue;
2387
2388 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 2389 lm1 |= HCI_LM_ACCEPT;
2390 if (l2cap_pi(sk)->role_switch)
2391 lm1 |= HCI_LM_MASTER;
1da177e4 2392 exact++;
2af6b9d5
MH		 2393 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2394 lm2 |= HCI_LM_ACCEPT;
2395 if (l2cap_pi(sk)->role_switch)
2396 lm2 |= HCI_LM_MASTER;
2397 }
1da177e4
LT		 2398 }
2399 read_unlock(&l2cap_sk_list.lock);
2400
2401 return exact ? lm1 : lm2;
2402}
2403
2404static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2405{
0139418c
MH		 2406 struct l2cap_conn *conn;
2407
1da177e4
LT		 2408 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2409
2410 if (hcon->type != ACL_LINK)
2411 return 0;
2412
2413 if (!status) {
1da177e4
LT		 2414 conn = l2cap_conn_add(hcon, status);
2415 if (conn)
2416 l2cap_conn_ready(conn);
0139418c 2417 } else
1da177e4
LT		 2418 l2cap_conn_del(hcon, bt_err(status));
2419
2420 return 0;
2421}
2422
2423static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2424{
2425 BT_DBG("hcon %p reason %d", hcon, reason);
2426
2427 if (hcon->type != ACL_LINK)
2428 return 0;
2429
2430 l2cap_conn_del(hcon, bt_err(reason));
0139418c 2431
1da177e4
LT		 2432 return 0;
2433}
2434
f62e4323
MH		 2435static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2436{
255c7601
MH		 2437 if (sk->sk_type != SOCK_SEQPACKET)
2438 return;
2439
f62e4323
MH		 2440 if (encrypt == 0x00) {
2441 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2442 l2cap_sock_clear_timer(sk);
2443 l2cap_sock_set_timer(sk, HZ * 5);
2444 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2445 __l2cap_sock_close(sk, ECONNREFUSED);
2446 } else {
2447 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2448 l2cap_sock_clear_timer(sk);
2449 }
2450}
2451
8c1b2355 2452static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 2453{
2454 struct l2cap_chan_list *l;
0139418c 2455 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2456 struct sock *sk;
1da177e4 2457
0139418c 2458 if (!conn)
1da177e4 2459 return 0;
0139418c 2460
1da177e4
LT		 2461 l = &conn->chan_list;
2462
2463 BT_DBG("conn %p", conn);
2464
2465 read_lock(&l->lock);
2466
2467 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2468 bh_lock_sock(sk);
2469
f62e4323 2470 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 2471 sk->sk_state == BT_CONFIG)) {
f62e4323 2472 l2cap_check_encryption(sk, encrypt);
9719f8af
MH		 2473 bh_unlock_sock(sk);
2474 continue;
2475 }
2476
b1235d79
MH		 2477 if (sk->sk_state == BT_CONNECT) {
2478 if (!status) {
2479 struct l2cap_conn_req req;
2480 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2481 req.psm = l2cap_pi(sk)->psm;
1da177e4 2482
b1235d79 2483 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1da177e4 2484
b1235d79
MH		 2485 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2486 L2CAP_CONN_REQ, sizeof(req), &req);
2487 } else {
2488 l2cap_sock_clear_timer(sk);
2489 l2cap_sock_set_timer(sk, HZ / 10);
2490 }
2491 } else if (sk->sk_state == BT_CONNECT2) {
2492 struct l2cap_conn_rsp rsp;
2493 __u16 result;
1da177e4 2494
b1235d79
MH		 2495 if (!status) {
2496 sk->sk_state = BT_CONFIG;
2497 result = L2CAP_CR_SUCCESS;
2498 } else {
2499 sk->sk_state = BT_DISCONN;
2500 l2cap_sock_set_timer(sk, HZ / 10);
2501 result = L2CAP_CR_SEC_BLOCK;
2502 }
2503
2504 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2505 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2506 rsp.result = cpu_to_le16(result);
e7c29cb1 2507 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2508 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2509 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2510 }
1da177e4
LT		 2511
2512 bh_unlock_sock(sk);
2513 }
2514
2515 read_unlock(&l->lock);
b1235d79 2516
1da177e4
LT		 2517 return 0;
2518}
2519
2520static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2521{
2522 struct l2cap_conn *conn = hcon->l2cap_data;
2523
2524 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2525 goto drop;
2526
2527 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2528
2529 if (flags & ACL_START) {
2530 struct l2cap_hdr *hdr;
2531 int len;
2532
2533 if (conn->rx_len) {
2534 BT_ERR("Unexpected start frame (len %d)", skb->len);
2535 kfree_skb(conn->rx_skb);
2536 conn->rx_skb = NULL;
2537 conn->rx_len = 0;
2538 l2cap_conn_unreliable(conn, ECOMM);
2539 }
2540
2541 if (skb->len < 2) {
2542 BT_ERR("Frame is too short (len %d)", skb->len);
2543 l2cap_conn_unreliable(conn, ECOMM);
2544 goto drop;
2545 }
2546
2547 hdr = (struct l2cap_hdr *) skb->data;
2548 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2549
2550 if (len == skb->len) {
2551 /* Complete frame received */
2552 l2cap_recv_frame(conn, skb);
2553 return 0;
2554 }
2555
2556 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2557
2558 if (skb->len > len) {
2559 BT_ERR("Frame is too long (len %d, expected len %d)",
2560 skb->len, len);
2561 l2cap_conn_unreliable(conn, ECOMM);
2562 goto drop;
2563 }
2564
2565 /* Allocate skb for the complete frame (with header) */
2566 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2567 goto drop;
2568
d626f62b
ACM		 2569 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2570 skb->len);
1da177e4
LT		 2571 conn->rx_len = len - skb->len;
2572 } else {
2573 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2574
2575 if (!conn->rx_len) {
2576 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2577 l2cap_conn_unreliable(conn, ECOMM);
2578 goto drop;
2579 }
2580
2581 if (skb->len > conn->rx_len) {
2582 BT_ERR("Fragment is too long (len %d, expected %d)",
2583 skb->len, conn->rx_len);
2584 kfree_skb(conn->rx_skb);
2585 conn->rx_skb = NULL;
2586 conn->rx_len = 0;
2587 l2cap_conn_unreliable(conn, ECOMM);
2588 goto drop;
2589 }
2590
d626f62b
ACM		 2591 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2592 skb->len);
1da177e4
LT		 2593 conn->rx_len -= skb->len;
2594
2595 if (!conn->rx_len) {
2596 /* Complete frame received */
2597 l2cap_recv_frame(conn, conn->rx_skb);
2598 conn->rx_skb = NULL;
2599 }
2600 }
2601
2602drop:
2603 kfree_skb(skb);
2604 return 0;
2605}
2606
be9d1227 2607static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2608{
2609 struct sock *sk;
2610 struct hlist_node *node;
be9d1227 2611 char *str = buf;
1da177e4
LT		 2612
2613 read_lock_bh(&l2cap_sk_list.lock);
2614
be9d1227
MH		 2615 sk_for_each(sk, node, &l2cap_sk_list.head) {
2616 struct l2cap_pinfo *pi = l2cap_pi(sk);
1da177e4 2617
2af6b9d5 2618 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
be9d1227 2619 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
73863976 2620 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2af6b9d5 2621 pi->imtu, pi->omtu, pi->sec_level);
be9d1227 2622 }
1da177e4 2623
1da177e4 2624 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 2625
be9d1227 2626 return (str - buf);
1da177e4
LT		 2627}
2628
be9d1227 2629static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
1da177e4 2630
90ddc4f0 2631static const struct proto_ops l2cap_sock_ops = {
1da177e4
LT		 2632 .family = PF_BLUETOOTH,
2633 .owner = THIS_MODULE,
2634 .release = l2cap_sock_release,
2635 .bind = l2cap_sock_bind,
2636 .connect = l2cap_sock_connect,
2637 .listen = l2cap_sock_listen,
2638 .accept = l2cap_sock_accept,
2639 .getname = l2cap_sock_getname,
2640 .sendmsg = l2cap_sock_sendmsg,
f66dc81f 2641 .recvmsg = l2cap_sock_recvmsg,
1da177e4 2642 .poll = bt_sock_poll,
3241ad82 2643 .ioctl = bt_sock_ioctl,
1da177e4
LT		 2644 .mmap = sock_no_mmap,
2645 .socketpair = sock_no_socketpair,
1da177e4
LT		 2646 .shutdown = l2cap_sock_shutdown,
2647 .setsockopt = l2cap_sock_setsockopt,
2648 .getsockopt = l2cap_sock_getsockopt
2649};
2650
2651static struct net_proto_family l2cap_sock_family_ops = {
2652 .family = PF_BLUETOOTH,
2653 .owner = THIS_MODULE,
2654 .create = l2cap_sock_create,
2655};
2656
2657static struct hci_proto l2cap_hci_proto = {
2658 .name = "L2CAP",
2659 .id = HCI_PROTO_L2CAP,
2660 .connect_ind = l2cap_connect_ind,
2661 .connect_cfm = l2cap_connect_cfm,
2662 .disconn_ind = l2cap_disconn_ind,
8c1b2355 2663 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 2664 .recv_acldata = l2cap_recv_acldata
2665};
2666
2667static int __init l2cap_init(void)
2668{
2669 int err;
be9d1227 2670
1da177e4
LT		 2671 err = proto_register(&l2cap_proto, 0);
2672 if (err < 0)
2673 return err;
2674
2675 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2676 if (err < 0) {
2677 BT_ERR("L2CAP socket registration failed");
2678 goto error;
2679 }
2680
2681 err = hci_register_proto(&l2cap_hci_proto);
2682 if (err < 0) {
2683 BT_ERR("L2CAP protocol registration failed");
2684 bt_sock_unregister(BTPROTO_L2CAP);
2685 goto error;
2686 }
2687
df5c37ea
MH		 2688 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2689 BT_ERR("Failed to create L2CAP info file");
1da177e4
LT		 2690
2691 BT_INFO("L2CAP ver %s", VERSION);
2692 BT_INFO("L2CAP socket layer initialized");
2693
2694 return 0;
2695
2696error:
2697 proto_unregister(&l2cap_proto);
2698 return err;
2699}
2700
2701static void __exit l2cap_exit(void)
2702{
a91f2e39 2703 class_remove_file(bt_class, &class_attr_l2cap);
1da177e4
LT		 2704
2705 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2706 BT_ERR("L2CAP socket unregistration failed");
2707
2708 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2709 BT_ERR("L2CAP protocol unregistration failed");
2710
2711 proto_unregister(&l2cap_proto);
2712}
2713
2714void l2cap_load(void)
2715{
2716 /* Dummy function to trigger automatic L2CAP module loading by
2717 * other modules that use L2CAP sockets but don't use any other
2718 * symbols from it. */
2719 return;
2720}
2721EXPORT_SYMBOL(l2cap_load);
2722
2723module_init(l2cap_init);
2724module_exit(l2cap_exit);
2725
63fbd24e 2726MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2727MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2728MODULE_VERSION(VERSION);
2729MODULE_LICENSE("GPL");
2730MODULE_ALIAS("bt-proto-0");
kernel source for telekom puls (alcatel/mediatek)