projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Pause RFCOMM TX when encryption drops
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
4fc268d2 30#include <linux/capability.h>
1da177e4
LT		 31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
1da177e4 41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
1da177e4
LT		 43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
09ab6f4c 53#define VERSION "2.11"
f0709e03
MH		 54
55static u32 l2cap_feat_mask = 0x0000;
1da177e4 56
90ddc4f0 57static const struct proto_ops l2cap_sock_ops;
1da177e4
LT		 58
59static struct bt_sock_list l2cap_sk_list = {
d5fb2962 60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
1da177e4
LT		 61};
62
1da177e4
LT		 63static void __l2cap_sock_close(struct sock *sk, int reason);
64static void l2cap_sock_close(struct sock *sk);
65static void l2cap_sock_kill(struct sock *sk);
66
67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
69
70/* ---- L2CAP timers ---- */
71static void l2cap_sock_timeout(unsigned long arg)
72{
73 struct sock *sk = (struct sock *) arg;
b1235d79 74 int reason;
1da177e4
LT		 75
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77
78 bh_lock_sock(sk);
b1235d79
MH		 79
80 if (sk->sk_state == BT_CONNECT &&
2af6b9d5 81 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
b1235d79
MH		 82 reason = ECONNREFUSED;
83 else
84 reason = ETIMEDOUT;
85
86 __l2cap_sock_close(sk, reason);
87
1da177e4
LT		 88 bh_unlock_sock(sk);
89
90 l2cap_sock_kill(sk);
91 sock_put(sk);
92}
93
94static void l2cap_sock_set_timer(struct sock *sk, long timeout)
95{
96 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
97 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
98}
99
100static void l2cap_sock_clear_timer(struct sock *sk)
101{
102 BT_DBG("sock %p state %d", sk, sk->sk_state);
103 sk_stop_timer(sk, &sk->sk_timer);
104}
105
0139418c
MH		 106/* ---- L2CAP channels ---- */
107static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
108{
109 struct sock *s;
110 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
111 if (l2cap_pi(s)->dcid == cid)
112 break;
113 }
114 return s;
115}
116
117static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
118{
119 struct sock *s;
120 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
121 if (l2cap_pi(s)->scid == cid)
122 break;
123 }
124 return s;
125}
126
127/* Find channel with given SCID.
128 * Returns locked socket */
129static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
130{
131 struct sock *s;
132 read_lock(&l->lock);
133 s = __l2cap_get_chan_by_scid(l, cid);
134 if (s) bh_lock_sock(s);
135 read_unlock(&l->lock);
136 return s;
137}
138
139static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
140{
141 struct sock *s;
142 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
143 if (l2cap_pi(s)->ident == ident)
144 break;
145 }
146 return s;
147}
148
149static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
150{
151 struct sock *s;
152 read_lock(&l->lock);
153 s = __l2cap_get_chan_by_ident(l, ident);
154 if (s) bh_lock_sock(s);
155 read_unlock(&l->lock);
156 return s;
157}
158
159static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
160{
161 u16 cid = 0x0040;
162
163 for (; cid < 0xffff; cid++) {
164 if(!__l2cap_get_chan_by_scid(l, cid))
165 return cid;
166 }
167
168 return 0;
169}
170
171static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
172{
173 sock_hold(sk);
174
175 if (l->head)
176 l2cap_pi(l->head)->prev_c = sk;
177
178 l2cap_pi(sk)->next_c = l->head;
179 l2cap_pi(sk)->prev_c = NULL;
180 l->head = sk;
181}
182
183static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
184{
185 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
186
fd1278d7 187 write_lock_bh(&l->lock);
0139418c
MH		 188 if (sk == l->head)
189 l->head = next;
190
191 if (next)
192 l2cap_pi(next)->prev_c = prev;
193 if (prev)
194 l2cap_pi(prev)->next_c = next;
fd1278d7 195 write_unlock_bh(&l->lock);
0139418c
MH		 196
197 __sock_put(sk);
198}
199
200static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
201{
202 struct l2cap_chan_list *l = &conn->chan_list;
203
204 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
205
206 l2cap_pi(sk)->conn = conn;
207
208 if (sk->sk_type == SOCK_SEQPACKET) {
209 /* Alloc CID for connection-oriented socket */
210 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
211 } else if (sk->sk_type == SOCK_DGRAM) {
212 /* Connectionless socket */
213 l2cap_pi(sk)->scid = 0x0002;
214 l2cap_pi(sk)->dcid = 0x0002;
215 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
216 } else {
217 /* Raw socket can send/recv signalling messages only */
218 l2cap_pi(sk)->scid = 0x0001;
219 l2cap_pi(sk)->dcid = 0x0001;
220 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
221 }
222
223 __l2cap_chan_link(l, sk);
224
225 if (parent)
226 bt_accept_enqueue(parent, sk);
227}
228
8e87d142 229/* Delete channel.
0139418c
MH		 230 * Must be called on the locked socket. */
231static void l2cap_chan_del(struct sock *sk, int err)
232{
233 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
234 struct sock *parent = bt_sk(sk)->parent;
235
236 l2cap_sock_clear_timer(sk);
237
238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
239
8e87d142 240 if (conn) {
0139418c
MH		 241 /* Unlink from channel list */
242 l2cap_chan_unlink(&conn->chan_list, sk);
243 l2cap_pi(sk)->conn = NULL;
244 hci_conn_put(conn->hcon);
245 }
246
b1235d79 247 sk->sk_state = BT_CLOSED;
0139418c
MH		 248 sock_set_flag(sk, SOCK_ZAPPED);
249
250 if (err)
251 sk->sk_err = err;
252
253 if (parent) {
254 bt_accept_unlink(sk);
255 parent->sk_data_ready(parent, 0);
256 } else
257 sk->sk_state_change(sk);
258}
259
79d554a6 260/* Service level security */
2af6b9d5 261static inline int l2cap_check_security(struct sock *sk)
79d554a6
MH		 262{
263 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
264
2af6b9d5 265 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
79d554a6
MH		 266}
267
4e8402a3
MH		 268static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
269{
270 u8 id;
271
272 /* Get next available identificator.
273 * 1 - 128 are used by kernel.
274 * 129 - 199 are reserved.
275 * 200 - 254 are used by utilities like l2ping, etc.
276 */
277
278 spin_lock_bh(&conn->lock);
279
280 if (++conn->tx_ident > 128)
281 conn->tx_ident = 1;
282
283 id = conn->tx_ident;
284
285 spin_unlock_bh(&conn->lock);
286
287 return id;
288}
289
290static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
291{
292 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
293
294 BT_DBG("code 0x%2.2x", code);
295
296 if (!skb)
297 return -ENOMEM;
298
299 return hci_send_acl(conn->hcon, skb, 0);
300}
301
79d554a6
MH		 302static void l2cap_do_start(struct sock *sk)
303{
304 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
305
306 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 307 if (l2cap_check_security(sk)) {
b1235d79
MH		 308 struct l2cap_conn_req req;
309 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
310 req.psm = l2cap_pi(sk)->psm;
79d554a6 311
b1235d79 312 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 313
b1235d79 314 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
79d554a6 315 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 316 }
79d554a6
MH		 317 } else {
318 struct l2cap_info_req req;
319 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
320
321 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
322 conn->info_ident = l2cap_get_ident(conn);
323
324 mod_timer(&conn->info_timer, jiffies +
325 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
326
327 l2cap_send_cmd(conn, conn->info_ident,
328 L2CAP_INFO_REQ, sizeof(req), &req);
329 }
330}
331
1da177e4 332/* ---- L2CAP connections ---- */
4e8402a3
MH		 333static void l2cap_conn_start(struct l2cap_conn *conn)
334{
335 struct l2cap_chan_list *l = &conn->chan_list;
336 struct sock *sk;
337
338 BT_DBG("conn %p", conn);
339
340 read_lock(&l->lock);
341
342 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
343 bh_lock_sock(sk);
344
345 if (sk->sk_type != SOCK_SEQPACKET) {
79d554a6
MH		 346 bh_unlock_sock(sk);
347 continue;
348 }
349
350 if (sk->sk_state == BT_CONNECT) {
2af6b9d5 351 if (l2cap_check_security(sk)) {
b1235d79
MH		 352 struct l2cap_conn_req req;
353 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
354 req.psm = l2cap_pi(sk)->psm;
79d554a6 355
b1235d79 356 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
79d554a6 357
b1235d79 358 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4e8402a3 359 L2CAP_CONN_REQ, sizeof(req), &req);
b1235d79 360 }
79d554a6
MH		 361 } else if (sk->sk_state == BT_CONNECT2) {
362 struct l2cap_conn_rsp rsp;
363 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
364 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
365
2af6b9d5 366 if (l2cap_check_security(sk)) {
f66dc81f
MH		 367 if (bt_sk(sk)->defer_setup) {
368 struct sock *parent = bt_sk(sk)->parent;
369 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
370 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
371 parent->sk_data_ready(parent, 0);
372
373 } else {
374 sk->sk_state = BT_CONFIG;
375 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
376 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
377 }
79d554a6
MH		 378 } else {
379 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
380 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
381 }
382
383 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
384 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4e8402a3
MH		 385 }
386
387 bh_unlock_sock(sk);
388 }
389
390 read_unlock(&l->lock);
391}
392
393static void l2cap_conn_ready(struct l2cap_conn *conn)
394{
79d554a6
MH		 395 struct l2cap_chan_list *l = &conn->chan_list;
396 struct sock *sk;
4e8402a3 397
79d554a6 398 BT_DBG("conn %p", conn);
4e8402a3 399
79d554a6 400 read_lock(&l->lock);
4e8402a3 401
79d554a6
MH		 402 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
403 bh_lock_sock(sk);
4e8402a3 404
79d554a6
MH		 405 if (sk->sk_type != SOCK_SEQPACKET) {
406 l2cap_sock_clear_timer(sk);
407 sk->sk_state = BT_CONNECTED;
408 sk->sk_state_change(sk);
409 } else if (sk->sk_state == BT_CONNECT)
410 l2cap_do_start(sk);
4e8402a3 411
79d554a6 412 bh_unlock_sock(sk);
4e8402a3 413 }
79d554a6
MH		 414
415 read_unlock(&l->lock);
4e8402a3
MH		 416}
417
418/* Notify sockets that we cannot guaranty reliability anymore */
419static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
420{
421 struct l2cap_chan_list *l = &conn->chan_list;
422 struct sock *sk;
423
424 BT_DBG("conn %p", conn);
425
426 read_lock(&l->lock);
427
428 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2af6b9d5 429 if (l2cap_pi(sk)->force_reliable)
4e8402a3
MH		 430 sk->sk_err = err;
431 }
432
433 read_unlock(&l->lock);
434}
435
436static void l2cap_info_timeout(unsigned long arg)
437{
438 struct l2cap_conn *conn = (void *) arg;
439
440 conn->info_ident = 0;
441
442 l2cap_conn_start(conn);
443}
444
1da177e4
LT		 445static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
446{
0139418c 447 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 448
0139418c 449 if (conn || status)
1da177e4
LT		 450 return conn;
451
0139418c
MH		 452 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
453 if (!conn)
1da177e4 454 return NULL;
1da177e4
LT		 455
456 hcon->l2cap_data = conn;
457 conn->hcon = hcon;
458
0139418c
MH		 459 BT_DBG("hcon %p conn %p", hcon, conn);
460
1da177e4
LT		 461 conn->mtu = hcon->hdev->acl_mtu;
462 conn->src = &hcon->hdev->bdaddr;
463 conn->dst = &hcon->dst;
464
4e8402a3
MH		 465 conn->feat_mask = 0;
466
b1235d79
MH		 467 setup_timer(&conn->info_timer, l2cap_info_timeout,
468 (unsigned long) conn);
4e8402a3 469
1da177e4
LT		 470 spin_lock_init(&conn->lock);
471 rwlock_init(&conn->chan_list.lock);
472
1da177e4
LT		 473 return conn;
474}
475
0139418c 476static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 477{
0139418c 478 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4
LT		 479 struct sock *sk;
480
0139418c
MH		 481 if (!conn)
482 return;
1da177e4
LT		 483
484 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
485
486 if (conn->rx_skb)
487 kfree_skb(conn->rx_skb);
488
489 /* Kill channels */
490 while ((sk = conn->chan_list.head)) {
491 bh_lock_sock(sk);
492 l2cap_chan_del(sk, err);
493 bh_unlock_sock(sk);
494 l2cap_sock_kill(sk);
495 }
496
8e8440f5
DY		 497 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
498 del_timer_sync(&conn->info_timer);
3ab22731 499
1da177e4
LT		 500 hcon->l2cap_data = NULL;
501 kfree(conn);
1da177e4
LT		 502}
503
504static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
505{
506 struct l2cap_chan_list *l = &conn->chan_list;
fd1278d7 507 write_lock_bh(&l->lock);
1da177e4 508 __l2cap_chan_add(conn, sk, parent);
fd1278d7 509 write_unlock_bh(&l->lock);
1da177e4
LT		 510}
511
1da177e4 512/* ---- Socket interface ---- */
8e036fc3 513static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
1da177e4
LT		 514{
515 struct sock *sk;
516 struct hlist_node *node;
517 sk_for_each(sk, node, &l2cap_sk_list.head)
518 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
519 goto found;
520 sk = NULL;
521found:
522 return sk;
523}
524
525/* Find socket with psm and source bdaddr.
526 * Returns closest match.
527 */
8e036fc3 528static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 529{
530 struct sock *sk = NULL, *sk1 = NULL;
531 struct hlist_node *node;
532
533 sk_for_each(sk, node, &l2cap_sk_list.head) {
534 if (state && sk->sk_state != state)
535 continue;
536
537 if (l2cap_pi(sk)->psm == psm) {
538 /* Exact match. */
539 if (!bacmp(&bt_sk(sk)->src, src))
540 break;
541
542 /* Closest match */
543 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
544 sk1 = sk;
545 }
546 }
547 return node ? sk : sk1;
548}
549
550/* Find socket with given address (psm, src).
551 * Returns locked socket */
8e036fc3 552static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4
LT		 553{
554 struct sock *s;
555 read_lock(&l2cap_sk_list.lock);
556 s = __l2cap_get_sock_by_psm(state, psm, src);
557 if (s) bh_lock_sock(s);
558 read_unlock(&l2cap_sk_list.lock);
559 return s;
560}
561
562static void l2cap_sock_destruct(struct sock *sk)
563{
564 BT_DBG("sk %p", sk);
565
566 skb_queue_purge(&sk->sk_receive_queue);
567 skb_queue_purge(&sk->sk_write_queue);
568}
569
570static void l2cap_sock_cleanup_listen(struct sock *parent)
571{
572 struct sock *sk;
573
574 BT_DBG("parent %p", parent);
575
576 /* Close not yet accepted channels */
577 while ((sk = bt_accept_dequeue(parent, NULL)))
578 l2cap_sock_close(sk);
579
b1235d79 580 parent->sk_state = BT_CLOSED;
1da177e4
LT		 581 sock_set_flag(parent, SOCK_ZAPPED);
582}
583
584/* Kill socket (only if zapped and orphan)
585 * Must be called on unlocked socket.
586 */
587static void l2cap_sock_kill(struct sock *sk)
588{
589 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
590 return;
591
592 BT_DBG("sk %p state %d", sk, sk->sk_state);
593
594 /* Kill poor orphan */
595 bt_sock_unlink(&l2cap_sk_list, sk);
596 sock_set_flag(sk, SOCK_DEAD);
597 sock_put(sk);
598}
599
600static void __l2cap_sock_close(struct sock *sk, int reason)
601{
602 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
603
604 switch (sk->sk_state) {
605 case BT_LISTEN:
606 l2cap_sock_cleanup_listen(sk);
607 break;
608
609 case BT_CONNECTED:
610 case BT_CONFIG:
1da177e4
LT		 611 if (sk->sk_type == SOCK_SEQPACKET) {
612 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
613 struct l2cap_disconn_req req;
614
615 sk->sk_state = BT_DISCONN;
616 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
617
aca3192c
YH		 618 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
619 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 620 l2cap_send_cmd(conn, l2cap_get_ident(conn),
621 L2CAP_DISCONN_REQ, sizeof(req), &req);
b1235d79 622 } else
1da177e4 623 l2cap_chan_del(sk, reason);
1da177e4
LT		 624 break;
625
f66dc81f
MH		 626 case BT_CONNECT2:
627 if (sk->sk_type == SOCK_SEQPACKET) {
628 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
629 struct l2cap_conn_rsp rsp;
630 __u16 result;
631
632 if (bt_sk(sk)->defer_setup)
633 result = L2CAP_CR_SEC_BLOCK;
634 else
635 result = L2CAP_CR_BAD_PSM;
636
637 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
638 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
639 rsp.result = cpu_to_le16(result);
640 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
641 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
642 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
643 } else
644 l2cap_chan_del(sk, reason);
645 break;
646
1da177e4
LT		 647 case BT_CONNECT:
648 case BT_DISCONN:
649 l2cap_chan_del(sk, reason);
650 break;
651
652 default:
653 sock_set_flag(sk, SOCK_ZAPPED);
654 break;
655 }
656}
657
658/* Must be called on unlocked socket. */
659static void l2cap_sock_close(struct sock *sk)
660{
661 l2cap_sock_clear_timer(sk);
662 lock_sock(sk);
663 __l2cap_sock_close(sk, ECONNRESET);
664 release_sock(sk);
665 l2cap_sock_kill(sk);
666}
667
668static void l2cap_sock_init(struct sock *sk, struct sock *parent)
669{
670 struct l2cap_pinfo *pi = l2cap_pi(sk);
671
672 BT_DBG("sk %p", sk);
673
674 if (parent) {
675 sk->sk_type = parent->sk_type;
f66dc81f
MH		 676 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
677
1da177e4
LT		 678 pi->imtu = l2cap_pi(parent)->imtu;
679 pi->omtu = l2cap_pi(parent)->omtu;
2af6b9d5
MH		 680 pi->sec_level = l2cap_pi(parent)->sec_level;
681 pi->role_switch = l2cap_pi(parent)->role_switch;
682 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1da177e4
LT		 683 } else {
684 pi->imtu = L2CAP_DEFAULT_MTU;
685 pi->omtu = 0;
2af6b9d5
MH		 686 pi->sec_level = BT_SECURITY_LOW;
687 pi->role_switch = 0;
688 pi->force_reliable = 0;
1da177e4
LT		 689 }
690
691 /* Default config options */
5dee9e7c 692 pi->conf_len = 0;
1da177e4
LT		 693 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
694}
695
696static struct proto l2cap_proto = {
697 .name = "L2CAP",
698 .owner = THIS_MODULE,
699 .obj_size = sizeof(struct l2cap_pinfo)
700};
701
1b8d7ae4 702static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 703{
704 struct sock *sk;
705
6257ff21 706 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1da177e4
LT		 707 if (!sk)
708 return NULL;
709
710 sock_init_data(sock, sk);
711 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
712
713 sk->sk_destruct = l2cap_sock_destruct;
4e8402a3 714 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1da177e4
LT		 715
716 sock_reset_flag(sk, SOCK_ZAPPED);
717
718 sk->sk_protocol = proto;
b1235d79 719 sk->sk_state = BT_OPEN;
1da177e4 720
b1235d79 721 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1da177e4
LT		 722
723 bt_sock_link(&l2cap_sk_list, sk);
724 return sk;
725}
726
1b8d7ae4 727static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 728{
729 struct sock *sk;
730
731 BT_DBG("sock %p", sock);
732
733 sock->state = SS_UNCONNECTED;
734
735 if (sock->type != SOCK_SEQPACKET &&
736 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
737 return -ESOCKTNOSUPPORT;
738
739 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
740 return -EPERM;
741
742 sock->ops = &l2cap_sock_ops;
743
1b8d7ae4 744 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1da177e4
LT		 745 if (!sk)
746 return -ENOMEM;
747
748 l2cap_sock_init(sk, NULL);
749 return 0;
750}
751
752static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
753{
754 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
755 struct sock *sk = sock->sk;
756 int err = 0;
757
758 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
759
760 if (!addr || addr->sa_family != AF_BLUETOOTH)
761 return -EINVAL;
762
763 lock_sock(sk);
764
765 if (sk->sk_state != BT_OPEN) {
766 err = -EBADFD;
767 goto done;
768 }
769
8e036fc3 770 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
847641d7
MH		 771 !capable(CAP_NET_BIND_SERVICE)) {
772 err = -EACCES;
773 goto done;
774 }
8e87d142 775
1da177e4
LT		 776 write_lock_bh(&l2cap_sk_list.lock);
777
778 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
779 err = -EADDRINUSE;
780 } else {
781 /* Save source address */
782 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
783 l2cap_pi(sk)->psm = la->l2_psm;
784 l2cap_pi(sk)->sport = la->l2_psm;
785 sk->sk_state = BT_BOUND;
2af6b9d5
MH		 786
787 if (btohs(la->l2_psm) == 0x0001)
788 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1da177e4
LT		 789 }
790
791 write_unlock_bh(&l2cap_sk_list.lock);
792
793done:
794 release_sock(sk);
795 return err;
796}
797
798static int l2cap_do_connect(struct sock *sk)
799{
800 bdaddr_t *src = &bt_sk(sk)->src;
801 bdaddr_t *dst = &bt_sk(sk)->dst;
802 struct l2cap_conn *conn;
803 struct hci_conn *hcon;
804 struct hci_dev *hdev;
09ab6f4c 805 __u8 auth_type;
1da177e4
LT		 806 int err = 0;
807
808 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
809
810 if (!(hdev = hci_get_route(dst, src)))
811 return -EHOSTUNREACH;
812
813 hci_dev_lock_bh(hdev);
814
815 err = -ENOMEM;
816
8c1b2355 817 if (sk->sk_type == SOCK_RAW) {
2af6b9d5
MH		 818 switch (l2cap_pi(sk)->sec_level) {
819 case BT_SECURITY_HIGH:
8c1b2355 820 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2af6b9d5
MH		 821 break;
822 case BT_SECURITY_MEDIUM:
8c1b2355 823 auth_type = HCI_AT_DEDICATED_BONDING;
2af6b9d5
MH		 824 break;
825 default:
09ab6f4c 826 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 827 break;
828 }
8c1b2355 829 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
2af6b9d5 830 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
8c1b2355 831 auth_type = HCI_AT_NO_BONDING_MITM;
09ab6f4c 832 else
8c1b2355
MH		 833 auth_type = HCI_AT_NO_BONDING;
834 } else {
2af6b9d5
MH		 835 switch (l2cap_pi(sk)->sec_level) {
836 case BT_SECURITY_HIGH:
8c1b2355 837 auth_type = HCI_AT_GENERAL_BONDING_MITM;
2af6b9d5
MH		 838 break;
839 case BT_SECURITY_MEDIUM:
09ab6f4c 840 auth_type = HCI_AT_GENERAL_BONDING;
2af6b9d5
MH		 841 break;
842 default:
8c1b2355 843 auth_type = HCI_AT_NO_BONDING;
2af6b9d5
MH		 844 break;
845 }
09ab6f4c
MH		 846 }
847
2af6b9d5
MH		 848 hcon = hci_connect(hdev, ACL_LINK, dst,
849 l2cap_pi(sk)->sec_level, auth_type);
1da177e4
LT		 850 if (!hcon)
851 goto done;
852
853 conn = l2cap_conn_add(hcon, 0);
854 if (!conn) {
855 hci_conn_put(hcon);
856 goto done;
857 }
858
859 err = 0;
860
861 /* Update source addr of the socket */
862 bacpy(src, conn->src);
863
864 l2cap_chan_add(conn, sk, NULL);
865
866 sk->sk_state = BT_CONNECT;
867 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
868
869 if (hcon->state == BT_CONNECTED) {
79d554a6 870 if (sk->sk_type != SOCK_SEQPACKET) {
1da177e4
LT		 871 l2cap_sock_clear_timer(sk);
872 sk->sk_state = BT_CONNECTED;
79d554a6
MH		 873 } else
874 l2cap_do_start(sk);
1da177e4
LT		 875 }
876
877done:
878 hci_dev_unlock_bh(hdev);
879 hci_dev_put(hdev);
880 return err;
881}
882
883static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
884{
885 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
886 struct sock *sk = sock->sk;
887 int err = 0;
888
889 lock_sock(sk);
890
891 BT_DBG("sk %p", sk);
892
893 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
894 err = -EINVAL;
895 goto done;
896 }
897
898 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
899 err = -EINVAL;
900 goto done;
901 }
902
903 switch(sk->sk_state) {
904 case BT_CONNECT:
905 case BT_CONNECT2:
906 case BT_CONFIG:
907 /* Already connecting */
908 goto wait;
909
910 case BT_CONNECTED:
911 /* Already connected */
912 goto done;
913
914 case BT_OPEN:
915 case BT_BOUND:
916 /* Can connect */
917 break;
918
919 default:
920 err = -EBADFD;
921 goto done;
922 }
923
924 /* Set destination address and psm */
925 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
926 l2cap_pi(sk)->psm = la->l2_psm;
927
928 if ((err = l2cap_do_connect(sk)))
929 goto done;
930
931wait:
932 err = bt_sock_wait_state(sk, BT_CONNECTED,
933 sock_sndtimeo(sk, flags & O_NONBLOCK));
934done:
935 release_sock(sk);
936 return err;
937}
938
939static int l2cap_sock_listen(struct socket *sock, int backlog)
940{
941 struct sock *sk = sock->sk;
942 int err = 0;
943
944 BT_DBG("sk %p backlog %d", sk, backlog);
945
946 lock_sock(sk);
947
948 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
949 err = -EBADFD;
950 goto done;
951 }
952
953 if (!l2cap_pi(sk)->psm) {
954 bdaddr_t *src = &bt_sk(sk)->src;
955 u16 psm;
956
957 err = -EINVAL;
958
959 write_lock_bh(&l2cap_sk_list.lock);
960
961 for (psm = 0x1001; psm < 0x1100; psm += 2)
6dc0c208 962 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1da177e4
LT		 963 l2cap_pi(sk)->psm = htobs(psm);
964 l2cap_pi(sk)->sport = htobs(psm);
965 err = 0;
966 break;
967 }
968
969 write_unlock_bh(&l2cap_sk_list.lock);
970
971 if (err < 0)
972 goto done;
973 }
974
975 sk->sk_max_ack_backlog = backlog;
976 sk->sk_ack_backlog = 0;
977 sk->sk_state = BT_LISTEN;
978
979done:
980 release_sock(sk);
981 return err;
982}
983
984static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
985{
986 DECLARE_WAITQUEUE(wait, current);
987 struct sock *sk = sock->sk, *nsk;
988 long timeo;
989 int err = 0;
990
fcc70d5f 991 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 992
993 if (sk->sk_state != BT_LISTEN) {
994 err = -EBADFD;
995 goto done;
996 }
997
998 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
999
1000 BT_DBG("sk %p timeo %ld", sk, timeo);
1001
1002 /* Wait for an incoming connection. (wake-one). */
1003 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1004 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1005 set_current_state(TASK_INTERRUPTIBLE);
1006 if (!timeo) {
1007 err = -EAGAIN;
1008 break;
1009 }
1010
1011 release_sock(sk);
1012 timeo = schedule_timeout(timeo);
fcc70d5f 1013 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4
LT		 1014
1015 if (sk->sk_state != BT_LISTEN) {
1016 err = -EBADFD;
1017 break;
1018 }
1019
1020 if (signal_pending(current)) {
1021 err = sock_intr_errno(timeo);
1022 break;
1023 }
1024 }
1025 set_current_state(TASK_RUNNING);
1026 remove_wait_queue(sk->sk_sleep, &wait);
1027
1028 if (err)
1029 goto done;
1030
1031 newsock->state = SS_CONNECTED;
1032
1033 BT_DBG("new socket %p", nsk);
1034
1035done:
1036 release_sock(sk);
1037 return err;
1038}
1039
1040static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1041{
1042 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1043 struct sock *sk = sock->sk;
1044
1045 BT_DBG("sock %p, sk %p", sock, sk);
1046
1047 addr->sa_family = AF_BLUETOOTH;
1048 *len = sizeof(struct sockaddr_l2);
1049
1050 if (peer)
1051 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1052 else
1053 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1054
1055 la->l2_psm = l2cap_pi(sk)->psm;
1056 return 0;
1057}
1058
1059static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1060{
1061 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1062 struct sk_buff *skb, **frag;
1063 int err, hlen, count, sent=0;
1064 struct l2cap_hdr *lh;
1065
1066 BT_DBG("sk %p len %d", sk, len);
1067
1068 /* First fragment (with L2CAP header) */
1069 if (sk->sk_type == SOCK_DGRAM)
1070 hlen = L2CAP_HDR_SIZE + 2;
1071 else
1072 hlen = L2CAP_HDR_SIZE;
1073
1074 count = min_t(unsigned int, (conn->mtu - hlen), len);
1075
1076 skb = bt_skb_send_alloc(sk, hlen + count,
1077 msg->msg_flags & MSG_DONTWAIT, &err);
1078 if (!skb)
1079 return err;
1080
1081 /* Create L2CAP header */
1082 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1083 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1084 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1da177e4
LT		 1085
1086 if (sk->sk_type == SOCK_DGRAM)
8e036fc3 1087 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1da177e4
LT		 1088
1089 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1090 err = -EFAULT;
1091 goto fail;
1092 }
1093
1094 sent += count;
1095 len -= count;
1096
1097 /* Continuation fragments (no L2CAP header) */
1098 frag = &skb_shinfo(skb)->frag_list;
1099 while (len) {
1100 count = min_t(unsigned int, conn->mtu, len);
1101
1102 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1103 if (!*frag)
1104 goto fail;
8e87d142 1105
1da177e4
LT		 1106 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1107 err = -EFAULT;
1108 goto fail;
1109 }
1110
1111 sent += count;
1112 len -= count;
1113
1114 frag = &(*frag)->next;
1115 }
1116
1117 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1118 goto fail;
1119
1120 return sent;
1121
1122fail:
1123 kfree_skb(skb);
1124 return err;
1125}
1126
1127static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1128{
1129 struct sock *sk = sock->sk;
1130 int err = 0;
1131
1132 BT_DBG("sock %p, sk %p", sock, sk);
1133
c1cbe4b7
BL		 1134 err = sock_error(sk);
1135 if (err)
1136 return err;
1da177e4
LT		 1137
1138 if (msg->msg_flags & MSG_OOB)
1139 return -EOPNOTSUPP;
1140
1141 /* Check outgoing MTU */
1142 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1143 return -EINVAL;
1144
1145 lock_sock(sk);
1146
1147 if (sk->sk_state == BT_CONNECTED)
1148 err = l2cap_do_send(sk, msg, len);
1149 else
1150 err = -ENOTCONN;
1151
1152 release_sock(sk);
1153 return err;
1154}
1155
f66dc81f
MH		 1156static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1157{
1158 struct sock *sk = sock->sk;
1159
1160 lock_sock(sk);
1161
1162 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1163 struct l2cap_conn_rsp rsp;
1164
1165 sk->sk_state = BT_CONFIG;
1166
1167 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1168 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1169 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1170 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1171 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1172 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1173
1174 release_sock(sk);
1175 return 0;
1176 }
1177
1178 release_sock(sk);
1179
1180 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1181}
1182
d58daf42 1183static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 1184{
1185 struct sock *sk = sock->sk;
1186 struct l2cap_options opts;
1187 int err = 0, len;
1188 u32 opt;
1189
1190 BT_DBG("sk %p", sk);
1191
1192 lock_sock(sk);
1193
1194 switch (optname) {
1195 case L2CAP_OPTIONS:
0878b666
MH		 1196 opts.imtu = l2cap_pi(sk)->imtu;
1197 opts.omtu = l2cap_pi(sk)->omtu;
1198 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1199 opts.mode = L2CAP_MODE_BASIC;
0878b666 1200
1da177e4
LT		 1201 len = min_t(unsigned int, sizeof(opts), optlen);
1202 if (copy_from_user((char *) &opts, optval, len)) {
1203 err = -EFAULT;
1204 break;
1205 }
0878b666 1206
1da177e4
LT		 1207 l2cap_pi(sk)->imtu = opts.imtu;
1208 l2cap_pi(sk)->omtu = opts.omtu;
1209 break;
1210
1211 case L2CAP_LM:
1212 if (get_user(opt, (u32 __user *) optval)) {
1213 err = -EFAULT;
1214 break;
1215 }
1216
2af6b9d5
MH		 1217 if (opt & L2CAP_LM_AUTH)
1218 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1219 if (opt & L2CAP_LM_ENCRYPT)
1220 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1221 if (opt & L2CAP_LM_SECURE)
1222 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1223
1224 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1225 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1da177e4
LT		 1226 break;
1227
1228 default:
1229 err = -ENOPROTOOPT;
1230 break;
1231 }
1232
1233 release_sock(sk);
1234 return err;
1235}
1236
d58daf42
MH		 1237static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1238{
1239 struct sock *sk = sock->sk;
2af6b9d5
MH		 1240 struct bt_security sec;
1241 int len, err = 0;
f66dc81f 1242 u32 opt;
d58daf42
MH		 1243
1244 BT_DBG("sk %p", sk);
1245
1246 if (level == SOL_L2CAP)
1247 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1248
1249 lock_sock(sk);
1250
1251 switch (optname) {
2af6b9d5
MH		 1252 case BT_SECURITY:
1253 sec.level = BT_SECURITY_LOW;
1254
1255 len = min_t(unsigned int, sizeof(sec), optlen);
1256 if (copy_from_user((char *) &sec, optval, len)) {
1257 err = -EFAULT;
1258 break;
1259 }
1260
1261 if (sec.level < BT_SECURITY_LOW ||
1262 sec.level > BT_SECURITY_HIGH) {
1263 err = -EINVAL;
1264 break;
1265 }
1266
1267 l2cap_pi(sk)->sec_level = sec.level;
1268 break;
1269
f66dc81f
MH		 1270 case BT_DEFER_SETUP:
1271 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1272 err = -EINVAL;
1273 break;
1274 }
1275
1276 if (get_user(opt, (u32 __user *) optval)) {
1277 err = -EFAULT;
1278 break;
1279 }
1280
1281 bt_sk(sk)->defer_setup = opt;
1282 break;
1283
d58daf42
MH		 1284 default:
1285 err = -ENOPROTOOPT;
1286 break;
1287 }
1288
1289 release_sock(sk);
1290 return err;
1291}
1292
1293static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 1294{
1295 struct sock *sk = sock->sk;
1296 struct l2cap_options opts;
1297 struct l2cap_conninfo cinfo;
1298 int len, err = 0;
2af6b9d5 1299 u32 opt;
1da177e4
LT		 1300
1301 BT_DBG("sk %p", sk);
1302
1303 if (get_user(len, optlen))
1304 return -EFAULT;
1305
1306 lock_sock(sk);
1307
1308 switch (optname) {
1309 case L2CAP_OPTIONS:
1310 opts.imtu = l2cap_pi(sk)->imtu;
1311 opts.omtu = l2cap_pi(sk)->omtu;
1312 opts.flush_to = l2cap_pi(sk)->flush_to;
6464f35f 1313 opts.mode = L2CAP_MODE_BASIC;
1da177e4
LT		 1314
1315 len = min_t(unsigned int, len, sizeof(opts));
1316 if (copy_to_user(optval, (char *) &opts, len))
1317 err = -EFAULT;
1318
1319 break;
1320
1321 case L2CAP_LM:
2af6b9d5
MH		 1322 switch (l2cap_pi(sk)->sec_level) {
1323 case BT_SECURITY_LOW:
1324 opt = L2CAP_LM_AUTH;
1325 break;
1326 case BT_SECURITY_MEDIUM:
1327 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1328 break;
1329 case BT_SECURITY_HIGH:
1330 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1331 L2CAP_LM_SECURE;
1332 break;
1333 default:
1334 opt = 0;
1335 break;
1336 }
1337
1338 if (l2cap_pi(sk)->role_switch)
1339 opt |= L2CAP_LM_MASTER;
1340
1341 if (l2cap_pi(sk)->force_reliable)
1342 opt |= L2CAP_LM_RELIABLE;
1343
1344 if (put_user(opt, (u32 __user *) optval))
1da177e4
LT		 1345 err = -EFAULT;
1346 break;
1347
1348 case L2CAP_CONNINFO:
f66dc81f
MH		 1349 if (sk->sk_state != BT_CONNECTED &&
1350 !(sk->sk_state == BT_CONNECT2 &&
1351 bt_sk(sk)->defer_setup)) {
1da177e4
LT		 1352 err = -ENOTCONN;
1353 break;
1354 }
1355
1356 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1357 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1358
1359 len = min_t(unsigned int, len, sizeof(cinfo));
1360 if (copy_to_user(optval, (char *) &cinfo, len))
1361 err = -EFAULT;
1362
1363 break;
1364
1365 default:
1366 err = -ENOPROTOOPT;
1367 break;
1368 }
1369
1370 release_sock(sk);
1371 return err;
1372}
1373
d58daf42
MH		 1374static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1375{
1376 struct sock *sk = sock->sk;
2af6b9d5 1377 struct bt_security sec;
d58daf42
MH		 1378 int len, err = 0;
1379
1380 BT_DBG("sk %p", sk);
1381
1382 if (level == SOL_L2CAP)
1383 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1384
1385 if (get_user(len, optlen))
1386 return -EFAULT;
1387
1388 lock_sock(sk);
1389
1390 switch (optname) {
2af6b9d5
MH		 1391 case BT_SECURITY:
1392 sec.level = l2cap_pi(sk)->sec_level;
1393
1394 len = min_t(unsigned int, len, sizeof(sec));
1395 if (copy_to_user(optval, (char *) &sec, len))
1396 err = -EFAULT;
1397
1398 break;
1399
f66dc81f
MH		 1400 case BT_DEFER_SETUP:
1401 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1402 err = -EINVAL;
1403 break;
1404 }
1405
1406 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1407 err = -EFAULT;
1408
1409 break;
1410
d58daf42
MH		 1411 default:
1412 err = -ENOPROTOOPT;
1413 break;
1414 }
1415
1416 release_sock(sk);
1417 return err;
1418}
1419
1da177e4
LT		 1420static int l2cap_sock_shutdown(struct socket *sock, int how)
1421{
1422 struct sock *sk = sock->sk;
1423 int err = 0;
1424
1425 BT_DBG("sock %p, sk %p", sock, sk);
1426
1427 if (!sk)
1428 return 0;
1429
1430 lock_sock(sk);
1431 if (!sk->sk_shutdown) {
1432 sk->sk_shutdown = SHUTDOWN_MASK;
1433 l2cap_sock_clear_timer(sk);
1434 __l2cap_sock_close(sk, 0);
1435
1436 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
b1235d79
MH		 1437 err = bt_sock_wait_state(sk, BT_CLOSED,
1438 sk->sk_lingertime);
1da177e4
LT		 1439 }
1440 release_sock(sk);
1441 return err;
1442}
1443
1444static int l2cap_sock_release(struct socket *sock)
1445{
1446 struct sock *sk = sock->sk;
1447 int err;
1448
1449 BT_DBG("sock %p, sk %p", sock, sk);
1450
1451 if (!sk)
1452 return 0;
1453
1454 err = l2cap_sock_shutdown(sock, 2);
1455
1456 sock_orphan(sk);
1457 l2cap_sock_kill(sk);
1458 return err;
1459}
1460
1da177e4
LT		 1461static void l2cap_chan_ready(struct sock *sk)
1462{
1463 struct sock *parent = bt_sk(sk)->parent;
1464
1465 BT_DBG("sk %p, parent %p", sk, parent);
1466
1467 l2cap_pi(sk)->conf_state = 0;
1468 l2cap_sock_clear_timer(sk);
1469
1470 if (!parent) {
1471 /* Outgoing channel.
1472 * Wake up socket sleeping on connect.
1473 */
1474 sk->sk_state = BT_CONNECTED;
1475 sk->sk_state_change(sk);
1476 } else {
1477 /* Incoming channel.
1478 * Wake up socket sleeping on accept.
1479 */
1480 parent->sk_data_ready(parent, 0);
1481 }
1482}
1483
1484/* Copy frame to all raw sockets on that connection */
1485static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1486{
1487 struct l2cap_chan_list *l = &conn->chan_list;
1488 struct sk_buff *nskb;
1489 struct sock * sk;
1490
1491 BT_DBG("conn %p", conn);
1492
1493 read_lock(&l->lock);
1494 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1495 if (sk->sk_type != SOCK_RAW)
1496 continue;
1497
1498 /* Don't send frame to the socket it came from */
1499 if (skb->sk == sk)
1500 continue;
1501
1502 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1503 continue;
1504
1505 if (sock_queue_rcv_skb(sk, nskb))
1506 kfree_skb(nskb);
1507 }
1508 read_unlock(&l->lock);
1509}
1510
1511/* ---- L2CAP signalling commands ---- */
1512static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1513 u8 code, u8 ident, u16 dlen, void *data)
1514{
1515 struct sk_buff *skb, **frag;
1516 struct l2cap_cmd_hdr *cmd;
1517 struct l2cap_hdr *lh;
1518 int len, count;
1519
1520 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1521
1522 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1523 count = min_t(unsigned int, conn->mtu, len);
1524
1525 skb = bt_skb_alloc(count, GFP_ATOMIC);
1526 if (!skb)
1527 return NULL;
1528
1529 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c
YH		 1530 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1531 lh->cid = cpu_to_le16(0x0001);
1da177e4
LT		 1532
1533 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1534 cmd->code = code;
1535 cmd->ident = ident;
aca3192c 1536 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1537
1538 if (dlen) {
1539 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1540 memcpy(skb_put(skb, count), data, count);
1541 data += count;
1542 }
1543
1544 len -= skb->len;
1545
1546 /* Continuation fragments (no L2CAP header) */
1547 frag = &skb_shinfo(skb)->frag_list;
1548 while (len) {
1549 count = min_t(unsigned int, conn->mtu, len);
1550
1551 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1552 if (!*frag)
1553 goto fail;
1554
1555 memcpy(skb_put(*frag, count), data, count);
1556
1557 len -= count;
1558 data += count;
1559
1560 frag = &(*frag)->next;
1561 }
1562
1563 return skb;
1564
1565fail:
1566 kfree_skb(skb);
1567 return NULL;
1568}
1569
1570static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1571{
1572 struct l2cap_conf_opt *opt = *ptr;
1573 int len;
1574
1575 len = L2CAP_CONF_OPT_SIZE + opt->len;
1576 *ptr += len;
1577
1578 *type = opt->type;
1579 *olen = opt->len;
1580
1581 switch (opt->len) {
1582 case 1:
1583 *val = *((u8 *) opt->val);
1584 break;
1585
1586 case 2:
861d6882 1587 *val = __le16_to_cpu(*((__le16 *) opt->val));
1da177e4
LT		 1588 break;
1589
1590 case 4:
861d6882 1591 *val = __le32_to_cpu(*((__le32 *) opt->val));
1da177e4
LT		 1592 break;
1593
1594 default:
1595 *val = (unsigned long) opt->val;
1596 break;
1597 }
1598
1599 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1600 return len;
1601}
1602
1da177e4
LT		 1603static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1604{
1605 struct l2cap_conf_opt *opt = *ptr;
1606
1607 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1608
1609 opt->type = type;
1610 opt->len = len;
1611
1612 switch (len) {
1613 case 1:
1614 *((u8 *) opt->val) = val;
1615 break;
1616
1617 case 2:
8e036fc3 1618 *((__le16 *) opt->val) = cpu_to_le16(val);
1da177e4
LT		 1619 break;
1620
1621 case 4:
8e036fc3 1622 *((__le32 *) opt->val) = cpu_to_le32(val);
1da177e4
LT		 1623 break;
1624
1625 default:
1626 memcpy(opt->val, (void *) val, len);
1627 break;
1628 }
1629
1630 *ptr += L2CAP_CONF_OPT_SIZE + len;
1631}
1632
1633static int l2cap_build_conf_req(struct sock *sk, void *data)
1634{
1635 struct l2cap_pinfo *pi = l2cap_pi(sk);
1636 struct l2cap_conf_req *req = data;
1637 void *ptr = req->data;
1638
1639 BT_DBG("sk %p", sk);
1640
1641 if (pi->imtu != L2CAP_DEFAULT_MTU)
1642 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1643
1644 /* FIXME: Need actual value of the flush timeout */
1645 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1646 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1647
aca3192c
YH		 1648 req->dcid = cpu_to_le16(pi->dcid);
1649 req->flags = cpu_to_le16(0);
1da177e4
LT		 1650
1651 return ptr - data;
1652}
1653
5dee9e7c 1654static int l2cap_parse_conf_req(struct sock *sk, void *data)
1da177e4
LT		 1655{
1656 struct l2cap_pinfo *pi = l2cap_pi(sk);
5dee9e7c
MH		 1657 struct l2cap_conf_rsp *rsp = data;
1658 void *ptr = rsp->data;
1659 void *req = pi->conf_req;
1660 int len = pi->conf_len;
1661 int type, hint, olen;
1662 unsigned long val;
6464f35f 1663 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1664 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1665 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1666
5dee9e7c 1667 BT_DBG("sk %p", sk);
820ae1b8 1668
5dee9e7c
MH		 1669 while (len >= L2CAP_CONF_OPT_SIZE) {
1670 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1671
5dee9e7c
MH		 1672 hint = type & 0x80;
1673 type &= 0x7f;
1674
1675 switch (type) {
1676 case L2CAP_CONF_MTU:
861d6882 1677 mtu = val;
5dee9e7c
MH		 1678 break;
1679
1680 case L2CAP_CONF_FLUSH_TO:
1681 pi->flush_to = val;
1682 break;
1683
1684 case L2CAP_CONF_QOS:
1685 break;
1686
6464f35f
MH		 1687 case L2CAP_CONF_RFC:
1688 if (olen == sizeof(rfc))
1689 memcpy(&rfc, (void *) val, olen);
1690 break;
1691
5dee9e7c
MH		 1692 default:
1693 if (hint)
1694 break;
1695
1696 result = L2CAP_CONF_UNKNOWN;
1697 *((u8 *) ptr++) = type;
1698 break;
1699 }
1700 }
1701
1702 if (result == L2CAP_CONF_SUCCESS) {
1703 /* Configure output options and let the other side know
1704 * which ones we don't like. */
1705
6464f35f
MH		 1706 if (rfc.mode == L2CAP_MODE_BASIC) {
1707 if (mtu < pi->omtu)
1708 result = L2CAP_CONF_UNACCEPT;
1709 else {
1710 pi->omtu = mtu;
1711 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1712 }
1713
1714 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1715 } else {
5dee9e7c 1716 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1717
6464f35f
MH		 1718 memset(&rfc, 0, sizeof(rfc));
1719 rfc.mode = L2CAP_MODE_BASIC;
1720
1721 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1722 sizeof(rfc), (unsigned long) &rfc);
1723 }
5dee9e7c
MH		 1724 }
1725
1726 rsp->scid = cpu_to_le16(pi->dcid);
1727 rsp->result = cpu_to_le16(result);
1728 rsp->flags = cpu_to_le16(0x0000);
1729
1730 return ptr - data;
1da177e4
LT		 1731}
1732
5dee9e7c 1733static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1da177e4
LT		 1734{
1735 struct l2cap_conf_rsp *rsp = data;
1736 void *ptr = rsp->data;
1da177e4 1737
5dee9e7c 1738 BT_DBG("sk %p", sk);
1da177e4 1739
aca3192c 1740 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
5dee9e7c 1741 rsp->result = cpu_to_le16(result);
aca3192c 1742 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 1743
1744 return ptr - data;
1745}
1746
4e8402a3
MH		 1747static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1748{
1749 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1750
1751 if (rej->reason != 0x0000)
1752 return 0;
1753
1754 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1755 cmd->ident == conn->info_ident) {
1756 conn->info_ident = 0;
1757 del_timer(&conn->info_timer);
1758 l2cap_conn_start(conn);
1759 }
1760
1761 return 0;
1762}
1763
1da177e4
LT		 1764static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1765{
1766 struct l2cap_chan_list *list = &conn->chan_list;
1767 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1768 struct l2cap_conn_rsp rsp;
1769 struct sock *sk, *parent;
e7c29cb1 1770 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1771
1772 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 1773 __le16 psm = req->psm;
1da177e4
LT		 1774
1775 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1776
1777 /* Check if we have socket listening on psm */
1778 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1779 if (!parent) {
1780 result = L2CAP_CR_BAD_PSM;
1781 goto sendresp;
1782 }
1783
e7c29cb1
MH		 1784 /* Check if the ACL is secure enough (if not SDP) */
1785 if (psm != cpu_to_le16(0x0001) &&
1786 !hci_conn_check_link_mode(conn->hcon)) {
1787 result = L2CAP_CR_SEC_BLOCK;
1788 goto response;
1789 }
1790
1da177e4
LT		 1791 result = L2CAP_CR_NO_MEM;
1792
1793 /* Check for backlog size */
1794 if (sk_acceptq_is_full(parent)) {
8e87d142 1795 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 1796 goto response;
1797 }
1798
3b1e0a65 1799 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 1800 if (!sk)
1801 goto response;
1802
fd1278d7 1803 write_lock_bh(&list->lock);
1da177e4
LT		 1804
1805 /* Check if we already have channel with that dcid */
1806 if (__l2cap_get_chan_by_dcid(list, scid)) {
fd1278d7 1807 write_unlock_bh(&list->lock);
1da177e4
LT		 1808 sock_set_flag(sk, SOCK_ZAPPED);
1809 l2cap_sock_kill(sk);
1810 goto response;
1811 }
1812
1813 hci_conn_hold(conn->hcon);
1814
1815 l2cap_sock_init(sk, parent);
1816 bacpy(&bt_sk(sk)->src, conn->src);
1817 bacpy(&bt_sk(sk)->dst, conn->dst);
1818 l2cap_pi(sk)->psm = psm;
1819 l2cap_pi(sk)->dcid = scid;
1820
1821 __l2cap_chan_add(conn, sk, parent);
1822 dcid = l2cap_pi(sk)->scid;
1823
1824 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1825
1da177e4
LT		 1826 l2cap_pi(sk)->ident = cmd->ident;
1827
79d554a6 1828 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
2af6b9d5 1829 if (l2cap_check_security(sk)) {
f66dc81f
MH		 1830 if (bt_sk(sk)->defer_setup) {
1831 sk->sk_state = BT_CONNECT2;
1832 result = L2CAP_CR_PEND;
1833 status = L2CAP_CS_AUTHOR_PEND;
1834 parent->sk_data_ready(parent, 0);
1835 } else {
1836 sk->sk_state = BT_CONFIG;
1837 result = L2CAP_CR_SUCCESS;
1838 status = L2CAP_CS_NO_INFO;
1839 }
79d554a6
MH		 1840 } else {
1841 sk->sk_state = BT_CONNECT2;
1842 result = L2CAP_CR_PEND;
1843 status = L2CAP_CS_AUTHEN_PEND;
1844 }
1845 } else {
1846 sk->sk_state = BT_CONNECT2;
1847 result = L2CAP_CR_PEND;
1848 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 1849 }
1850
fd1278d7 1851 write_unlock_bh(&list->lock);
1da177e4
LT		 1852
1853response:
1854 bh_unlock_sock(parent);
1855
1856sendresp:
aca3192c
YH		 1857 rsp.scid = cpu_to_le16(scid);
1858 rsp.dcid = cpu_to_le16(dcid);
1859 rsp.result = cpu_to_le16(result);
1860 rsp.status = cpu_to_le16(status);
1da177e4 1861 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 1862
1863 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1864 struct l2cap_info_req info;
1865 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1866
1867 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1868 conn->info_ident = l2cap_get_ident(conn);
1869
1870 mod_timer(&conn->info_timer, jiffies +
1871 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1872
1873 l2cap_send_cmd(conn, conn->info_ident,
1874 L2CAP_INFO_REQ, sizeof(info), &info);
1875 }
1876
1da177e4
LT		 1877 return 0;
1878}
1879
1880static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1881{
1882 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1883 u16 scid, dcid, result, status;
1884 struct sock *sk;
1885 u8 req[128];
1886
1887 scid = __le16_to_cpu(rsp->scid);
1888 dcid = __le16_to_cpu(rsp->dcid);
1889 result = __le16_to_cpu(rsp->result);
1890 status = __le16_to_cpu(rsp->status);
1891
1892 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1893
1894 if (scid) {
1895 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1896 return 0;
1897 } else {
1898 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1899 return 0;
1900 }
1901
1902 switch (result) {
1903 case L2CAP_CR_SUCCESS:
1904 sk->sk_state = BT_CONFIG;
1905 l2cap_pi(sk)->ident = 0;
1906 l2cap_pi(sk)->dcid = dcid;
1907 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1908
1909 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1910 l2cap_build_conf_req(sk, req), req);
1911 break;
1912
1913 case L2CAP_CR_PEND:
1914 break;
1915
1916 default:
1917 l2cap_chan_del(sk, ECONNREFUSED);
1918 break;
1919 }
1920
1921 bh_unlock_sock(sk);
1922 return 0;
1923}
1924
88219a0f 1925static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 1926{
1927 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1928 u16 dcid, flags;
1929 u8 rsp[64];
1930 struct sock *sk;
5dee9e7c 1931 int len;
1da177e4
LT		 1932
1933 dcid = __le16_to_cpu(req->dcid);
1934 flags = __le16_to_cpu(req->flags);
1935
1936 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1937
1938 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1939 return -ENOENT;
1940
354f60a9
MH		 1941 if (sk->sk_state == BT_DISCONN)
1942 goto unlock;
1943
5dee9e7c 1944 /* Reject if config buffer is too small. */
88219a0f 1945 len = cmd_len - sizeof(*req);
5dee9e7c
MH		 1946 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1947 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1948 l2cap_build_conf_rsp(sk, rsp,
1949 L2CAP_CONF_REJECT, flags), rsp);
1950 goto unlock;
1951 }
1952
1953 /* Store config. */
1954 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1955 l2cap_pi(sk)->conf_len += len;
1da177e4
LT		 1956
1957 if (flags & 0x0001) {
1958 /* Incomplete config. Send empty response. */
1959 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
5dee9e7c
MH		 1960 l2cap_build_conf_rsp(sk, rsp,
1961 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 1962 goto unlock;
1963 }
1964
1965 /* Complete config. */
5dee9e7c
MH		 1966 len = l2cap_parse_conf_req(sk, rsp);
1967 if (len < 0)
1da177e4
LT		 1968 goto unlock;
1969
5dee9e7c
MH		 1970 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1971
5dee9e7c
MH		 1972 /* Reset config buffer. */
1973 l2cap_pi(sk)->conf_len = 0;
1974
876d9484
MH		 1975 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1976 goto unlock;
1977
1da177e4
LT		 1978 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1979 sk->sk_state = BT_CONNECTED;
1980 l2cap_chan_ready(sk);
876d9484
MH		 1981 goto unlock;
1982 }
1983
1984 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 1985 u8 buf[64];
1da177e4 1986 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
79d554a6 1987 l2cap_build_conf_req(sk, buf), buf);
1da177e4
LT		 1988 }
1989
1990unlock:
1991 bh_unlock_sock(sk);
1992 return 0;
1993}
1994
1995static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1996{
1997 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1998 u16 scid, flags, result;
1999 struct sock *sk;
2000
2001 scid = __le16_to_cpu(rsp->scid);
2002 flags = __le16_to_cpu(rsp->flags);
2003 result = __le16_to_cpu(rsp->result);
2004
2005 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2006
2007 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2008 return 0;
2009
2010 switch (result) {
2011 case L2CAP_CONF_SUCCESS:
2012 break;
2013
2014 case L2CAP_CONF_UNACCEPT:
2015 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2016 char req[128];
2017 /* It does not make sense to adjust L2CAP parameters
2018 * that are currently defined in the spec. We simply
2019 * resend config request that we sent earlier. It is
2020 * stupid, but it helps qualification testing which
2021 * expects at least some response from us. */
2022 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2023 l2cap_build_conf_req(sk, req), req);
2024 goto done;
2025 }
2026
8e87d142 2027 default:
1da177e4 2028 sk->sk_state = BT_DISCONN;
b1235d79 2029 sk->sk_err = ECONNRESET;
1da177e4
LT		 2030 l2cap_sock_set_timer(sk, HZ * 5);
2031 {
2032 struct l2cap_disconn_req req;
aca3192c
YH		 2033 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2034 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1da177e4
LT		 2035 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2036 L2CAP_DISCONN_REQ, sizeof(req), &req);
2037 }
2038 goto done;
2039 }
2040
2041 if (flags & 0x01)
2042 goto done;
2043
1da177e4
LT		 2044 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2045
2046 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2047 sk->sk_state = BT_CONNECTED;
2048 l2cap_chan_ready(sk);
2049 }
2050
2051done:
2052 bh_unlock_sock(sk);
2053 return 0;
2054}
2055
2056static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2057{
2058 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2059 struct l2cap_disconn_rsp rsp;
2060 u16 dcid, scid;
2061 struct sock *sk;
2062
2063 scid = __le16_to_cpu(req->scid);
2064 dcid = __le16_to_cpu(req->dcid);
2065
2066 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2067
2068 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2069 return 0;
2070
aca3192c
YH		 2071 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2072 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1da177e4
LT		 2073 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2074
2075 sk->sk_shutdown = SHUTDOWN_MASK;
2076
2077 l2cap_chan_del(sk, ECONNRESET);
2078 bh_unlock_sock(sk);
2079
2080 l2cap_sock_kill(sk);
2081 return 0;
2082}
2083
2084static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2085{
2086 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2087 u16 dcid, scid;
2088 struct sock *sk;
2089
2090 scid = __le16_to_cpu(rsp->scid);
2091 dcid = __le16_to_cpu(rsp->dcid);
2092
2093 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2094
2095 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2096 return 0;
2097
2098 l2cap_chan_del(sk, 0);
2099 bh_unlock_sock(sk);
2100
2101 l2cap_sock_kill(sk);
2102 return 0;
2103}
2104
2105static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2106{
2107 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2108 u16 type;
2109
2110 type = __le16_to_cpu(req->type);
2111
2112 BT_DBG("type 0x%4.4x", type);
2113
f0709e03
MH		 2114 if (type == L2CAP_IT_FEAT_MASK) {
2115 u8 buf[8];
2116 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2117 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2118 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2119 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2120 l2cap_send_cmd(conn, cmd->ident,
2121 L2CAP_INFO_RSP, sizeof(buf), buf);
2122 } else {
2123 struct l2cap_info_rsp rsp;
2124 rsp.type = cpu_to_le16(type);
2125 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2126 l2cap_send_cmd(conn, cmd->ident,
2127 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2128 }
1da177e4
LT		 2129
2130 return 0;
2131}
2132
2133static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2134{
2135 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2136 u16 type, result;
2137
2138 type = __le16_to_cpu(rsp->type);
2139 result = __le16_to_cpu(rsp->result);
2140
2141 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2142
4e8402a3
MH		 2143 conn->info_ident = 0;
2144
2145 del_timer(&conn->info_timer);
2146
2147 if (type == L2CAP_IT_FEAT_MASK)
83985319 2148 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3
MH		 2149
2150 l2cap_conn_start(conn);
2151
1da177e4
LT		 2152 return 0;
2153}
2154
2155static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2156{
2157 u8 *data = skb->data;
2158 int len = skb->len;
2159 struct l2cap_cmd_hdr cmd;
2160 int err = 0;
2161
2162 l2cap_raw_recv(conn, skb);
2163
2164 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2165 u16 cmd_len;
1da177e4
LT		 2166 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2167 data += L2CAP_CMD_HDR_SIZE;
2168 len -= L2CAP_CMD_HDR_SIZE;
2169
88219a0f 2170 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2171
88219a0f 2172 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2173
88219a0f 2174 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2175 BT_DBG("corrupted command");
2176 break;
2177 }
2178
2179 switch (cmd.code) {
2180 case L2CAP_COMMAND_REJ:
4e8402a3 2181 l2cap_command_rej(conn, &cmd, data);
1da177e4
LT		 2182 break;
2183
2184 case L2CAP_CONN_REQ:
2185 err = l2cap_connect_req(conn, &cmd, data);
2186 break;
2187
2188 case L2CAP_CONN_RSP:
2189 err = l2cap_connect_rsp(conn, &cmd, data);
2190 break;
2191
2192 case L2CAP_CONF_REQ:
88219a0f 2193 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1da177e4
LT		 2194 break;
2195
2196 case L2CAP_CONF_RSP:
2197 err = l2cap_config_rsp(conn, &cmd, data);
2198 break;
2199
2200 case L2CAP_DISCONN_REQ:
2201 err = l2cap_disconnect_req(conn, &cmd, data);
2202 break;
2203
2204 case L2CAP_DISCONN_RSP:
2205 err = l2cap_disconnect_rsp(conn, &cmd, data);
2206 break;
2207
2208 case L2CAP_ECHO_REQ:
88219a0f 2209 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
1da177e4
LT		 2210 break;
2211
2212 case L2CAP_ECHO_RSP:
2213 break;
2214
2215 case L2CAP_INFO_REQ:
2216 err = l2cap_information_req(conn, &cmd, data);
2217 break;
2218
2219 case L2CAP_INFO_RSP:
2220 err = l2cap_information_rsp(conn, &cmd, data);
2221 break;
2222
2223 default:
2224 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2225 err = -EINVAL;
2226 break;
2227 }
2228
2229 if (err) {
2230 struct l2cap_cmd_rej rej;
2231 BT_DBG("error %d", err);
2232
2233 /* FIXME: Map err to a valid reason */
aca3192c 2234 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2235 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2236 }
2237
88219a0f
AV		 2238 data += cmd_len;
2239 len -= cmd_len;
1da177e4
LT		 2240 }
2241
2242 kfree_skb(skb);
2243}
2244
2245static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2246{
2247 struct sock *sk;
2248
2249 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2250 if (!sk) {
2251 BT_DBG("unknown cid 0x%4.4x", cid);
2252 goto drop;
2253 }
2254
2255 BT_DBG("sk %p, len %d", sk, skb->len);
2256
2257 if (sk->sk_state != BT_CONNECTED)
2258 goto drop;
2259
2260 if (l2cap_pi(sk)->imtu < skb->len)
2261 goto drop;
2262
2263 /* If socket recv buffers overflows we drop data here
2264 * which is *bad* because L2CAP has to be reliable.
2265 * But we don't have any other choice. L2CAP doesn't
2266 * provide flow control mechanism. */
2267
2268 if (!sock_queue_rcv_skb(sk, skb))
2269 goto done;
2270
2271drop:
2272 kfree_skb(skb);
2273
2274done:
0139418c
MH		 2275 if (sk)
2276 bh_unlock_sock(sk);
2277
1da177e4
LT		 2278 return 0;
2279}
2280
8e036fc3 2281static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4
LT		 2282{
2283 struct sock *sk;
2284
2285 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2286 if (!sk)
2287 goto drop;
2288
2289 BT_DBG("sk %p, len %d", sk, skb->len);
2290
2291 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2292 goto drop;
2293
2294 if (l2cap_pi(sk)->imtu < skb->len)
2295 goto drop;
2296
2297 if (!sock_queue_rcv_skb(sk, skb))
2298 goto done;
2299
2300drop:
2301 kfree_skb(skb);
2302
2303done:
2304 if (sk) bh_unlock_sock(sk);
2305 return 0;
2306}
2307
2308static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2309{
2310 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 2311 u16 cid, len;
2312 __le16 psm;
1da177e4
LT		 2313
2314 skb_pull(skb, L2CAP_HDR_SIZE);
2315 cid = __le16_to_cpu(lh->cid);
2316 len = __le16_to_cpu(lh->len);
2317
2318 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2319
2320 switch (cid) {
2321 case 0x0001:
2322 l2cap_sig_channel(conn, skb);
2323 break;
2324
2325 case 0x0002:
8e036fc3 2326 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 2327 skb_pull(skb, 2);
2328 l2cap_conless_channel(conn, psm, skb);
2329 break;
2330
2331 default:
2332 l2cap_data_channel(conn, cid, skb);
2333 break;
2334 }
2335}
2336
2337/* ---- L2CAP interface with lower layer (HCI) ---- */
2338
2339static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2340{
2341 int exact = 0, lm1 = 0, lm2 = 0;
2342 register struct sock *sk;
2343 struct hlist_node *node;
2344
2345 if (type != ACL_LINK)
2346 return 0;
2347
2348 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2349
2350 /* Find listening sockets and check their link_mode */
2351 read_lock(&l2cap_sk_list.lock);
2352 sk_for_each(sk, node, &l2cap_sk_list.head) {
2353 if (sk->sk_state != BT_LISTEN)
2354 continue;
2355
2356 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5
MH		 2357 lm1 |= HCI_LM_ACCEPT;
2358 if (l2cap_pi(sk)->role_switch)
2359 lm1 |= HCI_LM_MASTER;
1da177e4 2360 exact++;
2af6b9d5
MH		 2361 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2362 lm2 |= HCI_LM_ACCEPT;
2363 if (l2cap_pi(sk)->role_switch)
2364 lm2 |= HCI_LM_MASTER;
2365 }
1da177e4
LT		 2366 }
2367 read_unlock(&l2cap_sk_list.lock);
2368
2369 return exact ? lm1 : lm2;
2370}
2371
2372static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2373{
0139418c
MH		 2374 struct l2cap_conn *conn;
2375
1da177e4
LT		 2376 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2377
2378 if (hcon->type != ACL_LINK)
2379 return 0;
2380
2381 if (!status) {
1da177e4
LT		 2382 conn = l2cap_conn_add(hcon, status);
2383 if (conn)
2384 l2cap_conn_ready(conn);
0139418c 2385 } else
1da177e4
LT		 2386 l2cap_conn_del(hcon, bt_err(status));
2387
2388 return 0;
2389}
2390
2391static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2392{
2393 BT_DBG("hcon %p reason %d", hcon, reason);
2394
2395 if (hcon->type != ACL_LINK)
2396 return 0;
2397
2398 l2cap_conn_del(hcon, bt_err(reason));
0139418c 2399
1da177e4
LT		 2400 return 0;
2401}
2402
8c1b2355 2403static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4
LT		 2404{
2405 struct l2cap_chan_list *l;
0139418c 2406 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 2407 struct sock *sk;
1da177e4 2408
0139418c 2409 if (!conn)
1da177e4 2410 return 0;
0139418c 2411
1da177e4
LT		 2412 l = &conn->chan_list;
2413
2414 BT_DBG("conn %p", conn);
2415
2416 read_lock(&l->lock);
2417
2418 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
9719f8af
MH		 2419 struct l2cap_pinfo *pi = l2cap_pi(sk);
2420
1da177e4
LT		 2421 bh_lock_sock(sk);
2422
8c1b2355 2423 if (!status && encrypt == 0x00 &&
2af6b9d5 2424 pi->sec_level == BT_SECURITY_HIGH &&
9719f8af 2425 (sk->sk_state == BT_CONNECTED ||
8c1b2355 2426 sk->sk_state == BT_CONFIG)) {
9719f8af
MH		 2427 __l2cap_sock_close(sk, ECONNREFUSED);
2428 bh_unlock_sock(sk);
2429 continue;
2430 }
2431
b1235d79
MH		 2432 if (sk->sk_state == BT_CONNECT) {
2433 if (!status) {
2434 struct l2cap_conn_req req;
2435 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2436 req.psm = l2cap_pi(sk)->psm;
1da177e4 2437
b1235d79 2438 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1da177e4 2439
b1235d79
MH		 2440 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2441 L2CAP_CONN_REQ, sizeof(req), &req);
2442 } else {
2443 l2cap_sock_clear_timer(sk);
2444 l2cap_sock_set_timer(sk, HZ / 10);
2445 }
2446 } else if (sk->sk_state == BT_CONNECT2) {
2447 struct l2cap_conn_rsp rsp;
2448 __u16 result;
1da177e4 2449
b1235d79
MH		 2450 if (!status) {
2451 sk->sk_state = BT_CONFIG;
2452 result = L2CAP_CR_SUCCESS;
2453 } else {
2454 sk->sk_state = BT_DISCONN;
2455 l2cap_sock_set_timer(sk, HZ / 10);
2456 result = L2CAP_CR_SEC_BLOCK;
2457 }
2458
2459 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2460 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2461 rsp.result = cpu_to_le16(result);
e7c29cb1 2462 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
b1235d79
MH		 2463 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2464 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2465 }
1da177e4
LT		 2466
2467 bh_unlock_sock(sk);
2468 }
2469
2470 read_unlock(&l->lock);
b1235d79 2471
1da177e4
LT		 2472 return 0;
2473}
2474
2475static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2476{
2477 struct l2cap_conn *conn = hcon->l2cap_data;
2478
2479 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2480 goto drop;
2481
2482 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2483
2484 if (flags & ACL_START) {
2485 struct l2cap_hdr *hdr;
2486 int len;
2487
2488 if (conn->rx_len) {
2489 BT_ERR("Unexpected start frame (len %d)", skb->len);
2490 kfree_skb(conn->rx_skb);
2491 conn->rx_skb = NULL;
2492 conn->rx_len = 0;
2493 l2cap_conn_unreliable(conn, ECOMM);
2494 }
2495
2496 if (skb->len < 2) {
2497 BT_ERR("Frame is too short (len %d)", skb->len);
2498 l2cap_conn_unreliable(conn, ECOMM);
2499 goto drop;
2500 }
2501
2502 hdr = (struct l2cap_hdr *) skb->data;
2503 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2504
2505 if (len == skb->len) {
2506 /* Complete frame received */
2507 l2cap_recv_frame(conn, skb);
2508 return 0;
2509 }
2510
2511 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2512
2513 if (skb->len > len) {
2514 BT_ERR("Frame is too long (len %d, expected len %d)",
2515 skb->len, len);
2516 l2cap_conn_unreliable(conn, ECOMM);
2517 goto drop;
2518 }
2519
2520 /* Allocate skb for the complete frame (with header) */
2521 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2522 goto drop;
2523
d626f62b
ACM		 2524 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2525 skb->len);
1da177e4
LT		 2526 conn->rx_len = len - skb->len;
2527 } else {
2528 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2529
2530 if (!conn->rx_len) {
2531 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2532 l2cap_conn_unreliable(conn, ECOMM);
2533 goto drop;
2534 }
2535
2536 if (skb->len > conn->rx_len) {
2537 BT_ERR("Fragment is too long (len %d, expected %d)",
2538 skb->len, conn->rx_len);
2539 kfree_skb(conn->rx_skb);
2540 conn->rx_skb = NULL;
2541 conn->rx_len = 0;
2542 l2cap_conn_unreliable(conn, ECOMM);
2543 goto drop;
2544 }
2545
d626f62b
ACM		 2546 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2547 skb->len);
1da177e4
LT		 2548 conn->rx_len -= skb->len;
2549
2550 if (!conn->rx_len) {
2551 /* Complete frame received */
2552 l2cap_recv_frame(conn, conn->rx_skb);
2553 conn->rx_skb = NULL;
2554 }
2555 }
2556
2557drop:
2558 kfree_skb(skb);
2559 return 0;
2560}
2561
be9d1227 2562static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2563{
2564 struct sock *sk;
2565 struct hlist_node *node;
be9d1227 2566 char *str = buf;
1da177e4
LT		 2567
2568 read_lock_bh(&l2cap_sk_list.lock);
2569
be9d1227
MH		 2570 sk_for_each(sk, node, &l2cap_sk_list.head) {
2571 struct l2cap_pinfo *pi = l2cap_pi(sk);
1da177e4 2572
2af6b9d5 2573 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
be9d1227 2574 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
73863976 2575 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2af6b9d5 2576 pi->imtu, pi->omtu, pi->sec_level);
be9d1227 2577 }
1da177e4 2578
1da177e4 2579 read_unlock_bh(&l2cap_sk_list.lock);
1da177e4 2580
be9d1227 2581 return (str - buf);
1da177e4
LT		 2582}
2583
be9d1227 2584static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
1da177e4 2585
90ddc4f0 2586static const struct proto_ops l2cap_sock_ops = {
1da177e4
LT		 2587 .family = PF_BLUETOOTH,
2588 .owner = THIS_MODULE,
2589 .release = l2cap_sock_release,
2590 .bind = l2cap_sock_bind,
2591 .connect = l2cap_sock_connect,
2592 .listen = l2cap_sock_listen,
2593 .accept = l2cap_sock_accept,
2594 .getname = l2cap_sock_getname,
2595 .sendmsg = l2cap_sock_sendmsg,
f66dc81f 2596 .recvmsg = l2cap_sock_recvmsg,
1da177e4 2597 .poll = bt_sock_poll,
3241ad82 2598 .ioctl = bt_sock_ioctl,
1da177e4
LT		 2599 .mmap = sock_no_mmap,
2600 .socketpair = sock_no_socketpair,
1da177e4
LT		 2601 .shutdown = l2cap_sock_shutdown,
2602 .setsockopt = l2cap_sock_setsockopt,
2603 .getsockopt = l2cap_sock_getsockopt
2604};
2605
2606static struct net_proto_family l2cap_sock_family_ops = {
2607 .family = PF_BLUETOOTH,
2608 .owner = THIS_MODULE,
2609 .create = l2cap_sock_create,
2610};
2611
2612static struct hci_proto l2cap_hci_proto = {
2613 .name = "L2CAP",
2614 .id = HCI_PROTO_L2CAP,
2615 .connect_ind = l2cap_connect_ind,
2616 .connect_cfm = l2cap_connect_cfm,
2617 .disconn_ind = l2cap_disconn_ind,
8c1b2355 2618 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 2619 .recv_acldata = l2cap_recv_acldata
2620};
2621
2622static int __init l2cap_init(void)
2623{
2624 int err;
be9d1227 2625
1da177e4
LT		 2626 err = proto_register(&l2cap_proto, 0);
2627 if (err < 0)
2628 return err;
2629
2630 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2631 if (err < 0) {
2632 BT_ERR("L2CAP socket registration failed");
2633 goto error;
2634 }
2635
2636 err = hci_register_proto(&l2cap_hci_proto);
2637 if (err < 0) {
2638 BT_ERR("L2CAP protocol registration failed");
2639 bt_sock_unregister(BTPROTO_L2CAP);
2640 goto error;
2641 }
2642
df5c37ea
MH		 2643 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2644 BT_ERR("Failed to create L2CAP info file");
1da177e4
LT		 2645
2646 BT_INFO("L2CAP ver %s", VERSION);
2647 BT_INFO("L2CAP socket layer initialized");
2648
2649 return 0;
2650
2651error:
2652 proto_unregister(&l2cap_proto);
2653 return err;
2654}
2655
2656static void __exit l2cap_exit(void)
2657{
a91f2e39 2658 class_remove_file(bt_class, &class_attr_l2cap);
1da177e4
LT		 2659
2660 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2661 BT_ERR("L2CAP socket unregistration failed");
2662
2663 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2664 BT_ERR("L2CAP protocol unregistration failed");
2665
2666 proto_unregister(&l2cap_proto);
2667}
2668
2669void l2cap_load(void)
2670{
2671 /* Dummy function to trigger automatic L2CAP module loading by
2672 * other modules that use L2CAP sockets but don't use any other
2673 * symbols from it. */
2674 return;
2675}
2676EXPORT_SYMBOL(l2cap_load);
2677
2678module_init(l2cap_init);
2679module_exit(l2cap_exit);
2680
63fbd24e 2681MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2682MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2683MODULE_VERSION(VERSION);
2684MODULE_LICENSE("GPL");
2685MODULE_ALIAS("bt-proto-0");
kernel source for telekom puls (alcatel/mediatek)