projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix memory leak with L2CAP channels
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25*/
26
27/* Bluetooth L2CAP sockets. */
28
29#include <net/bluetooth/bluetooth.h>
33575df7 30#include <net/bluetooth/hci_core.h>
bb58f747
GP		 31#include <net/bluetooth/l2cap.h>
32
6ddc0485 33/* ---- L2CAP timers ---- */
bb58f747
GP		 34static void l2cap_sock_timeout(unsigned long arg)
35{
36 struct sock *sk = (struct sock *) arg;
37 int reason;
38
39 BT_DBG("sock %p state %d", sk, sk->sk_state);
40
41 bh_lock_sock(sk);
42
43 if (sock_owned_by_user(sk)) {
44 /* sk is owned by user. Try again later */
45 l2cap_sock_set_timer(sk, HZ / 5);
46 bh_unlock_sock(sk);
47 sock_put(sk);
48 return;
49 }
50
51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
52 reason = ECONNREFUSED;
53 else if (sk->sk_state == BT_CONNECT &&
4343478f 54 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
bb58f747
GP		 55 reason = ECONNREFUSED;
56 else
57 reason = ETIMEDOUT;
58
59 __l2cap_sock_close(sk, reason);
60
61 bh_unlock_sock(sk);
62
63 l2cap_sock_kill(sk);
64 sock_put(sk);
65}
66
6ddc0485
GP		 67void l2cap_sock_set_timer(struct sock *sk, long timeout)
68{
69 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
70 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
71}
72
73void l2cap_sock_clear_timer(struct sock *sk)
74{
75 BT_DBG("sock %p state %d", sk, sk->sk_state);
76 sk_stop_timer(sk, &sk->sk_timer);
77}
78
af6bcd82
GP		 79static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
80{
81 struct sock *sk;
82 struct hlist_node *node;
0c1bc5c6
GP		 83 sk_for_each(sk, node, &l2cap_sk_list.head) {
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85
86 if (chan->sport == psm && !bacmp(&bt_sk(sk)->src, src))
af6bcd82 87 goto found;
0c1bc5c6
GP		 88 }
89
af6bcd82
GP		 90 sk = NULL;
91found:
92 return sk;
93}
94
95static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
96{
97 struct sock *sk = sock->sk;
4343478f 98 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 99 struct sockaddr_l2 la;
100 int len, err = 0;
101
102 BT_DBG("sk %p", sk);
103
104 if (!addr || addr->sa_family != AF_BLUETOOTH)
105 return -EINVAL;
106
107 memset(&la, 0, sizeof(la));
108 len = min_t(unsigned int, sizeof(la), alen);
109 memcpy(&la, addr, len);
110
b62f328b 111 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 112 return -EINVAL;
113
114 lock_sock(sk);
115
116 if (sk->sk_state != BT_OPEN) {
117 err = -EBADFD;
118 goto done;
119 }
120
121 if (la.l2_psm) {
122 __u16 psm = __le16_to_cpu(la.l2_psm);
123
124 /* PSM must be odd and lsb of upper byte must be 0 */
125 if ((psm & 0x0101) != 0x0001) {
126 err = -EINVAL;
127 goto done;
128 }
129
130 /* Restrict usage of well-known PSMs */
131 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
132 err = -EACCES;
133 goto done;
134 }
135 }
136
137 write_lock_bh(&l2cap_sk_list.lock);
138
139 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
140 err = -EADDRINUSE;
141 } else {
142 /* Save source address */
143 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
fe4128e0 144 chan->psm = la.l2_psm;
0c1bc5c6 145 chan->sport = la.l2_psm;
af6bcd82
GP		 146 sk->sk_state = BT_BOUND;
147
148 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
149 __le16_to_cpu(la.l2_psm) == 0x0003)
4343478f 150 chan->sec_level = BT_SECURITY_SDP;
af6bcd82
GP		 151 }
152
b62f328b 153 if (la.l2_cid)
fe4128e0 154 chan->scid = la.l2_cid;
b62f328b 155
af6bcd82
GP		 156 write_unlock_bh(&l2cap_sk_list.lock);
157
158done:
159 release_sock(sk);
160 return err;
161}
162
4e34c50b
GP		 163static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
164{
165 struct sock *sk = sock->sk;
0c1bc5c6 166 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 167 struct sockaddr_l2 la;
168 int len, err = 0;
169
170 BT_DBG("sk %p", sk);
171
172 if (!addr || alen < sizeof(addr->sa_family) ||
173 addr->sa_family != AF_BLUETOOTH)
174 return -EINVAL;
175
176 memset(&la, 0, sizeof(la));
177 len = min_t(unsigned int, sizeof(la), alen);
178 memcpy(&la, addr, len);
179
acd7d370 180 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 181 return -EINVAL;
182
183 lock_sock(sk);
184
185 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
acd7d370 186 && !(la.l2_psm || la.l2_cid)) {
4e34c50b
GP		 187 err = -EINVAL;
188 goto done;
189 }
190
0c1bc5c6 191 switch (chan->mode) {
4e34c50b
GP		 192 case L2CAP_MODE_BASIC:
193 break;
194 case L2CAP_MODE_ERTM:
195 case L2CAP_MODE_STREAMING:
196 if (!disable_ertm)
197 break;
198 /* fall through */
199 default:
200 err = -ENOTSUPP;
201 goto done;
202 }
203
204 switch (sk->sk_state) {
205 case BT_CONNECT:
206 case BT_CONNECT2:
207 case BT_CONFIG:
208 /* Already connecting */
209 goto wait;
210
211 case BT_CONNECTED:
212 /* Already connected */
213 err = -EISCONN;
214 goto done;
215
216 case BT_OPEN:
217 case BT_BOUND:
218 /* Can connect */
219 break;
220
221 default:
222 err = -EBADFD;
223 goto done;
224 }
225
226 /* PSM must be odd and lsb of upper byte must be 0 */
227 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
acd7d370 228 sk->sk_type != SOCK_RAW && !la.l2_cid) {
4e34c50b
GP		 229 err = -EINVAL;
230 goto done;
231 }
232
233 /* Set destination address and psm */
234 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
fe4128e0
GP		 235 chan->psm = la.l2_psm;
236 chan->dcid = la.l2_cid;
4e34c50b 237
77a74c7e 238 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
4e34c50b
GP		 239 if (err)
240 goto done;
241
242wait:
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
245done:
246 release_sock(sk);
247 return err;
248}
249
af6bcd82
GP		 250static int l2cap_sock_listen(struct socket *sock, int backlog)
251{
252 struct sock *sk = sock->sk;
0c1bc5c6 253 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 254 int err = 0;
255
256 BT_DBG("sk %p backlog %d", sk, backlog);
257
258 lock_sock(sk);
259
260 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
261 || sk->sk_state != BT_BOUND) {
262 err = -EBADFD;
263 goto done;
264 }
265
0c1bc5c6 266 switch (chan->mode) {
af6bcd82
GP		 267 case L2CAP_MODE_BASIC:
268 break;
269 case L2CAP_MODE_ERTM:
270 case L2CAP_MODE_STREAMING:
271 if (!disable_ertm)
272 break;
273 /* fall through */
274 default:
275 err = -ENOTSUPP;
276 goto done;
277 }
278
fe4128e0 279 if (!chan->psm && !chan->scid) {
af6bcd82
GP		 280 bdaddr_t *src = &bt_sk(sk)->src;
281 u16 psm;
282
283 err = -EINVAL;
284
285 write_lock_bh(&l2cap_sk_list.lock);
286
287 for (psm = 0x1001; psm < 0x1100; psm += 2)
288 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
fe4128e0 289 chan->psm = cpu_to_le16(psm);
0c1bc5c6 290 chan->sport = cpu_to_le16(psm);
af6bcd82
GP		 291 err = 0;
292 break;
293 }
294
295 write_unlock_bh(&l2cap_sk_list.lock);
296
297 if (err < 0)
298 goto done;
299 }
300
301 sk->sk_max_ack_backlog = backlog;
302 sk->sk_ack_backlog = 0;
303 sk->sk_state = BT_LISTEN;
304
305done:
306 release_sock(sk);
307 return err;
308}
309
c47b7c72
GP		 310static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
311{
312 DECLARE_WAITQUEUE(wait, current);
313 struct sock *sk = sock->sk, *nsk;
314 long timeo;
315 int err = 0;
316
317 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
318
319 if (sk->sk_state != BT_LISTEN) {
320 err = -EBADFD;
321 goto done;
322 }
323
324 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
325
326 BT_DBG("sk %p timeo %ld", sk, timeo);
327
328 /* Wait for an incoming connection. (wake-one). */
329 add_wait_queue_exclusive(sk_sleep(sk), &wait);
330 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
331 set_current_state(TASK_INTERRUPTIBLE);
332 if (!timeo) {
333 err = -EAGAIN;
334 break;
335 }
336
337 release_sock(sk);
338 timeo = schedule_timeout(timeo);
339 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
340
341 if (sk->sk_state != BT_LISTEN) {
342 err = -EBADFD;
343 break;
344 }
345
346 if (signal_pending(current)) {
347 err = sock_intr_errno(timeo);
348 break;
349 }
350 }
351 set_current_state(TASK_RUNNING);
352 remove_wait_queue(sk_sleep(sk), &wait);
353
354 if (err)
355 goto done;
356
357 newsock->state = SS_CONNECTED;
358
359 BT_DBG("new socket %p", nsk);
360
361done:
362 release_sock(sk);
363 return err;
364}
365
d7175d55
GP		 366static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
367{
368 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
369 struct sock *sk = sock->sk;
0c1bc5c6 370 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 371
372 BT_DBG("sock %p, sk %p", sock, sk);
373
374 addr->sa_family = AF_BLUETOOTH;
375 *len = sizeof(struct sockaddr_l2);
376
377 if (peer) {
fe4128e0 378 la->l2_psm = chan->psm;
d7175d55 379 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
fe4128e0 380 la->l2_cid = cpu_to_le16(chan->dcid);
d7175d55 381 } else {
0c1bc5c6 382 la->l2_psm = chan->sport;
d7175d55 383 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
fe4128e0 384 la->l2_cid = cpu_to_le16(chan->scid);
d7175d55
GP		 385 }
386
387 return 0;
388}
389
99f4808d
GP		 390static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
391{
392 struct sock *sk = sock->sk;
4343478f 393 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 394 struct l2cap_options opts;
395 struct l2cap_conninfo cinfo;
396 int len, err = 0;
397 u32 opt;
398
399 BT_DBG("sk %p", sk);
400
401 if (get_user(len, optlen))
402 return -EFAULT;
403
404 lock_sock(sk);
405
406 switch (optname) {
407 case L2CAP_OPTIONS:
e3fb592b 408 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 409 opts.imtu = chan->imtu;
410 opts.omtu = chan->omtu;
411 opts.flush_to = chan->flush_to;
412 opts.mode = chan->mode;
47d1ec61
GP		 413 opts.fcs = chan->fcs;
414 opts.max_tx = chan->max_tx;
415 opts.txwin_size = (__u16)chan->tx_win;
99f4808d
GP		 416
417 len = min_t(unsigned int, len, sizeof(opts));
418 if (copy_to_user(optval, (char *) &opts, len))
419 err = -EFAULT;
420
421 break;
422
423 case L2CAP_LM:
4343478f 424 switch (chan->sec_level) {
99f4808d
GP		 425 case BT_SECURITY_LOW:
426 opt = L2CAP_LM_AUTH;
427 break;
428 case BT_SECURITY_MEDIUM:
429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
430 break;
431 case BT_SECURITY_HIGH:
432 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
433 L2CAP_LM_SECURE;
434 break;
435 default:
436 opt = 0;
437 break;
438 }
439
4343478f 440 if (chan->role_switch)
99f4808d
GP		 441 opt |= L2CAP_LM_MASTER;
442
4343478f 443 if (chan->force_reliable)
99f4808d
GP		 444 opt |= L2CAP_LM_RELIABLE;
445
446 if (put_user(opt, (u32 __user *) optval))
447 err = -EFAULT;
448 break;
449
450 case L2CAP_CONNINFO:
451 if (sk->sk_state != BT_CONNECTED &&
452 !(sk->sk_state == BT_CONNECT2 &&
453 bt_sk(sk)->defer_setup)) {
454 err = -ENOTCONN;
455 break;
456 }
457
8c1d787b
GP		 458 cinfo.hci_handle = chan->conn->hcon->handle;
459 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 460
461 len = min_t(unsigned int, len, sizeof(cinfo));
462 if (copy_to_user(optval, (char *) &cinfo, len))
463 err = -EFAULT;
464
465 break;
466
467 default:
468 err = -ENOPROTOOPT;
469 break;
470 }
471
472 release_sock(sk);
473 return err;
474}
475
476static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
477{
478 struct sock *sk = sock->sk;
4343478f 479 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 480 struct bt_security sec;
481 int len, err = 0;
482
483 BT_DBG("sk %p", sk);
484
485 if (level == SOL_L2CAP)
486 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
487
488 if (level != SOL_BLUETOOTH)
489 return -ENOPROTOOPT;
490
491 if (get_user(len, optlen))
492 return -EFAULT;
493
494 lock_sock(sk);
495
496 switch (optname) {
497 case BT_SECURITY:
498 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
499 && sk->sk_type != SOCK_RAW) {
500 err = -EINVAL;
501 break;
502 }
503
4343478f 504 sec.level = chan->sec_level;
99f4808d
GP		 505
506 len = min_t(unsigned int, len, sizeof(sec));
507 if (copy_to_user(optval, (char *) &sec, len))
508 err = -EFAULT;
509
510 break;
511
512 case BT_DEFER_SETUP:
513 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
514 err = -EINVAL;
515 break;
516 }
517
518 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
519 err = -EFAULT;
520
521 break;
522
523 case BT_FLUSHABLE:
4343478f 524 if (put_user(chan->flushable, (u32 __user *) optval))
99f4808d
GP		 525 err = -EFAULT;
526
527 break;
528
529 default:
530 err = -ENOPROTOOPT;
531 break;
532 }
533
534 release_sock(sk);
535 return err;
536}
537
33575df7
GP		 538static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
539{
540 struct sock *sk = sock->sk;
b4450035 541 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 542 struct l2cap_options opts;
543 int len, err = 0;
544 u32 opt;
545
546 BT_DBG("sk %p", sk);
547
548 lock_sock(sk);
549
550 switch (optname) {
551 case L2CAP_OPTIONS:
552 if (sk->sk_state == BT_CONNECTED) {
553 err = -EINVAL;
554 break;
555 }
556
0c1bc5c6
GP		 557 opts.imtu = chan->imtu;
558 opts.omtu = chan->omtu;
559 opts.flush_to = chan->flush_to;
560 opts.mode = chan->mode;
47d1ec61
GP		 561 opts.fcs = chan->fcs;
562 opts.max_tx = chan->max_tx;
563 opts.txwin_size = (__u16)chan->tx_win;
33575df7
GP		 564
565 len = min_t(unsigned int, sizeof(opts), optlen);
566 if (copy_from_user((char *) &opts, optval, len)) {
567 err = -EFAULT;
568 break;
569 }
570
571 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
572 err = -EINVAL;
573 break;
574 }
575
0c1bc5c6
GP		 576 chan->mode = opts.mode;
577 switch (chan->mode) {
33575df7 578 case L2CAP_MODE_BASIC:
b4450035 579 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
33575df7
GP		 580 break;
581 case L2CAP_MODE_ERTM:
582 case L2CAP_MODE_STREAMING:
583 if (!disable_ertm)
584 break;
585 /* fall through */
586 default:
587 err = -EINVAL;
588 break;
589 }
590
0c1bc5c6
GP		 591 chan->imtu = opts.imtu;
592 chan->omtu = opts.omtu;
47d1ec61
GP		 593 chan->fcs = opts.fcs;
594 chan->max_tx = opts.max_tx;
595 chan->tx_win = (__u8)opts.txwin_size;
33575df7
GP		 596 break;
597
598 case L2CAP_LM:
599 if (get_user(opt, (u32 __user *) optval)) {
600 err = -EFAULT;
601 break;
602 }
603
604 if (opt & L2CAP_LM_AUTH)
4343478f 605 chan->sec_level = BT_SECURITY_LOW;
33575df7 606 if (opt & L2CAP_LM_ENCRYPT)
4343478f 607 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 608 if (opt & L2CAP_LM_SECURE)
4343478f 609 chan->sec_level = BT_SECURITY_HIGH;
33575df7 610
4343478f
GP		 611 chan->role_switch = (opt & L2CAP_LM_MASTER);
612 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
33575df7
GP		 613 break;
614
615 default:
616 err = -ENOPROTOOPT;
617 break;
618 }
619
620 release_sock(sk);
621 return err;
622}
623
624static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
625{
626 struct sock *sk = sock->sk;
4343478f 627 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 628 struct bt_security sec;
629 int len, err = 0;
630 u32 opt;
631
632 BT_DBG("sk %p", sk);
633
634 if (level == SOL_L2CAP)
635 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
636
637 if (level != SOL_BLUETOOTH)
638 return -ENOPROTOOPT;
639
640 lock_sock(sk);
641
642 switch (optname) {
643 case BT_SECURITY:
644 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
645 && sk->sk_type != SOCK_RAW) {
646 err = -EINVAL;
647 break;
648 }
649
650 sec.level = BT_SECURITY_LOW;
651
652 len = min_t(unsigned int, sizeof(sec), optlen);
653 if (copy_from_user((char *) &sec, optval, len)) {
654 err = -EFAULT;
655 break;
656 }
657
658 if (sec.level < BT_SECURITY_LOW ||
659 sec.level > BT_SECURITY_HIGH) {
660 err = -EINVAL;
661 break;
662 }
663
4343478f 664 chan->sec_level = sec.level;
33575df7
GP		 665 break;
666
667 case BT_DEFER_SETUP:
668 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
669 err = -EINVAL;
670 break;
671 }
672
673 if (get_user(opt, (u32 __user *) optval)) {
674 err = -EFAULT;
675 break;
676 }
677
678 bt_sk(sk)->defer_setup = opt;
679 break;
680
681 case BT_FLUSHABLE:
682 if (get_user(opt, (u32 __user *) optval)) {
683 err = -EFAULT;
684 break;
685 }
686
687 if (opt > BT_FLUSHABLE_ON) {
688 err = -EINVAL;
689 break;
690 }
691
692 if (opt == BT_FLUSHABLE_OFF) {
8c1d787b 693 struct l2cap_conn *conn = chan->conn;
33575df7
GP		 694 /* proceed futher only when we have l2cap_conn and
695 No Flush support in the LM */
696 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
697 err = -EINVAL;
698 break;
699 }
700 }
701
4343478f 702 chan->flushable = opt;
33575df7
GP		 703 break;
704
705 default:
706 err = -ENOPROTOOPT;
707 break;
708 }
709
710 release_sock(sk);
711 return err;
712}
fd83ccdb
GP		 713
714static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
715{
716 struct sock *sk = sock->sk;
0c1bc5c6 717 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 718 struct sk_buff *skb;
719 u16 control;
720 int err;
721
722 BT_DBG("sock %p, sk %p", sock, sk);
723
724 err = sock_error(sk);
725 if (err)
726 return err;
727
728 if (msg->msg_flags & MSG_OOB)
729 return -EOPNOTSUPP;
730
731 lock_sock(sk);
732
733 if (sk->sk_state != BT_CONNECTED) {
734 err = -ENOTCONN;
735 goto done;
736 }
737
738 /* Connectionless channel */
739 if (sk->sk_type == SOCK_DGRAM) {
fe4128e0 740 skb = l2cap_create_connless_pdu(chan, msg, len);
fd83ccdb
GP		 741 if (IS_ERR(skb)) {
742 err = PTR_ERR(skb);
743 } else {
0c1bc5c6 744 l2cap_do_send(chan, skb);
fd83ccdb
GP		 745 err = len;
746 }
747 goto done;
748 }
749
0c1bc5c6 750 switch (chan->mode) {
fd83ccdb
GP		 751 case L2CAP_MODE_BASIC:
752 /* Check outgoing MTU */
0c1bc5c6 753 if (len > chan->omtu) {
fd83ccdb
GP		 754 err = -EMSGSIZE;
755 goto done;
756 }
757
758 /* Create a basic PDU */
fe4128e0 759 skb = l2cap_create_basic_pdu(chan, msg, len);
fd83ccdb
GP		 760 if (IS_ERR(skb)) {
761 err = PTR_ERR(skb);
762 goto done;
763 }
764
0c1bc5c6 765 l2cap_do_send(chan, skb);
fd83ccdb
GP		 766 err = len;
767 break;
768
769 case L2CAP_MODE_ERTM:
770 case L2CAP_MODE_STREAMING:
771 /* Entire SDU fits into one PDU */
0c1bc5c6 772 if (len <= chan->remote_mps) {
fd83ccdb 773 control = L2CAP_SDU_UNSEGMENTED;
0c1bc5c6
GP		 774 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
775 0);
fd83ccdb
GP		 776 if (IS_ERR(skb)) {
777 err = PTR_ERR(skb);
778 goto done;
779 }
0c1bc5c6 780 __skb_queue_tail(&chan->tx_q, skb);
fd83ccdb 781
0c1bc5c6
GP		 782 if (chan->tx_send_head == NULL)
783 chan->tx_send_head = skb;
fd83ccdb
GP		 784
785 } else {
786 /* Segment SDU into multiples PDUs */
0c1bc5c6 787 err = l2cap_sar_segment_sdu(chan, msg, len);
fd83ccdb
GP		 788 if (err < 0)
789 goto done;
790 }
791
0c1bc5c6
GP		 792 if (chan->mode == L2CAP_MODE_STREAMING) {
793 l2cap_streaming_send(chan);
525cd185
GP		 794 err = len;
795 break;
796 }
797
0c1bc5c6
GP		 798 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
799 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
525cd185
GP		 800 err = len;
801 break;
fd83ccdb 802 }
0c1bc5c6 803 err = l2cap_ertm_send(chan);
fd83ccdb
GP		 804
805 if (err >= 0)
806 err = len;
807 break;
808
809 default:
0c1bc5c6 810 BT_DBG("bad state %1.1x", chan->mode);
fd83ccdb
GP		 811 err = -EBADFD;
812 }
813
814done:
815 release_sock(sk);
816 return err;
817}
33575df7 818
68983259
GP		 819static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
820{
821 struct sock *sk = sock->sk;
822
823 lock_sock(sk);
824
825 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
8c1d787b
GP		 826 sk->sk_state = BT_CONFIG;
827
828 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
68983259
GP		 829 release_sock(sk);
830 return 0;
831 }
832
833 release_sock(sk);
834
835 if (sock->type == SOCK_STREAM)
836 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
837
838 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
839}
840
05fc1576
GP		 841/* Kill socket (only if zapped and orphan)
842 * Must be called on unlocked socket.
843 */
844void l2cap_sock_kill(struct sock *sk)
845{
846 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
847 return;
848
849 BT_DBG("sk %p state %d", sk, sk->sk_state);
850
851 /* Kill poor orphan */
6ff5abbf
GP		 852
853 l2cap_chan_free(l2cap_pi(sk)->chan);
05fc1576
GP		 854 bt_sock_unlink(&l2cap_sk_list, sk);
855 sock_set_flag(sk, SOCK_DEAD);
856 sock_put(sk);
857}
858
6de0702b
GP		 859/* Must be called on unlocked socket. */
860static void l2cap_sock_close(struct sock *sk)
861{
862 l2cap_sock_clear_timer(sk);
863 lock_sock(sk);
864 __l2cap_sock_close(sk, ECONNRESET);
865 release_sock(sk);
866 l2cap_sock_kill(sk);
867}
868
869static void l2cap_sock_cleanup_listen(struct sock *parent)
870{
871 struct sock *sk;
872
873 BT_DBG("parent %p", parent);
874
875 /* Close not yet accepted channels */
876 while ((sk = bt_accept_dequeue(parent, NULL)))
877 l2cap_sock_close(sk);
878
879 parent->sk_state = BT_CLOSED;
880 sock_set_flag(parent, SOCK_ZAPPED);
881}
882
883void __l2cap_sock_close(struct sock *sk, int reason)
884{
e92c8e70 885 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
8c1d787b 886 struct l2cap_conn *conn = chan->conn;
5589fa9c 887
6de0702b
GP		 888 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
889
890 switch (sk->sk_state) {
891 case BT_LISTEN:
892 l2cap_sock_cleanup_listen(sk);
893 break;
894
895 case BT_CONNECTED:
896 case BT_CONFIG:
5589fa9c
VT		 897 if ((sk->sk_type == SOCK_SEQPACKET ||
898 sk->sk_type == SOCK_STREAM) &&
899 conn->hcon->type == ACL_LINK) {
6de0702b 900 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
e92c8e70 901 l2cap_send_disconn_req(conn, chan, reason);
6de0702b 902 } else
e92c8e70 903 l2cap_chan_del(chan, reason);
6de0702b
GP		 904 break;
905
906 case BT_CONNECT2:
5589fa9c
VT		 907 if ((sk->sk_type == SOCK_SEQPACKET ||
908 sk->sk_type == SOCK_STREAM) &&
909 conn->hcon->type == ACL_LINK) {
6de0702b
GP		 910 struct l2cap_conn_rsp rsp;
911 __u16 result;
912
913 if (bt_sk(sk)->defer_setup)
914 result = L2CAP_CR_SEC_BLOCK;
915 else
916 result = L2CAP_CR_BAD_PSM;
917
fe4128e0
GP		 918 rsp.scid = cpu_to_le16(chan->dcid);
919 rsp.dcid = cpu_to_le16(chan->scid);
6de0702b
GP		 920 rsp.result = cpu_to_le16(result);
921 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
e92c8e70
GP		 922 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
923 sizeof(rsp), &rsp);
34bd0273
AE		 924 }
925
e92c8e70 926 l2cap_chan_del(chan, reason);
6de0702b
GP		 927 break;
928
929 case BT_CONNECT:
930 case BT_DISCONN:
e92c8e70 931 l2cap_chan_del(chan, reason);
6de0702b
GP		 932 break;
933
934 default:
935 sock_set_flag(sk, SOCK_ZAPPED);
936 break;
937 }
938}
939
dcba0dba
GP		 940static int l2cap_sock_shutdown(struct socket *sock, int how)
941{
942 struct sock *sk = sock->sk;
0c1bc5c6 943 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
dcba0dba
GP		 944 int err = 0;
945
946 BT_DBG("sock %p, sk %p", sock, sk);
947
948 if (!sk)
949 return 0;
950
951 lock_sock(sk);
952 if (!sk->sk_shutdown) {
0c1bc5c6 953 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 954 err = __l2cap_wait_ack(sk);
955
956 sk->sk_shutdown = SHUTDOWN_MASK;
957 l2cap_sock_clear_timer(sk);
958 __l2cap_sock_close(sk, 0);
959
960 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
961 err = bt_sock_wait_state(sk, BT_CLOSED,
962 sk->sk_lingertime);
963 }
964
965 if (!err && sk->sk_err)
966 err = -sk->sk_err;
967
968 release_sock(sk);
969 return err;
970}
971
554f05bb
GP		 972static int l2cap_sock_release(struct socket *sock)
973{
974 struct sock *sk = sock->sk;
975 int err;
976
977 BT_DBG("sock %p, sk %p", sock, sk);
978
979 if (!sk)
980 return 0;
981
982 err = l2cap_sock_shutdown(sock, 2);
983
984 sock_orphan(sk);
985 l2cap_sock_kill(sk);
986 return err;
987}
988
bb58f747
GP		 989static void l2cap_sock_destruct(struct sock *sk)
990{
991 BT_DBG("sk %p", sk);
992
993 skb_queue_purge(&sk->sk_receive_queue);
994 skb_queue_purge(&sk->sk_write_queue);
995}
996
997void l2cap_sock_init(struct sock *sk, struct sock *parent)
998{
999 struct l2cap_pinfo *pi = l2cap_pi(sk);
b4450035 1000 struct l2cap_chan *chan = pi->chan;
bb58f747
GP		 1001
1002 BT_DBG("sk %p", sk);
1003
1004 if (parent) {
b4450035
GP		 1005 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1006
bb58f747
GP		 1007 sk->sk_type = parent->sk_type;
1008 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
1009
0c1bc5c6
GP		 1010 chan->imtu = pchan->imtu;
1011 chan->omtu = pchan->omtu;
b4450035 1012 chan->conf_state = pchan->conf_state;
0c1bc5c6 1013 chan->mode = pchan->mode;
47d1ec61
GP		 1014 chan->fcs = pchan->fcs;
1015 chan->max_tx = pchan->max_tx;
1016 chan->tx_win = pchan->tx_win;
4343478f
GP		 1017 chan->sec_level = pchan->sec_level;
1018 chan->role_switch = pchan->role_switch;
1019 chan->force_reliable = pchan->force_reliable;
1020 chan->flushable = pchan->flushable;
bb58f747 1021 } else {
0c1bc5c6
GP		 1022 chan->imtu = L2CAP_DEFAULT_MTU;
1023 chan->omtu = 0;
bb58f747 1024 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1025 chan->mode = L2CAP_MODE_ERTM;
b4450035 1026 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
bb58f747 1027 } else {
0c1bc5c6 1028 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1029 }
47d1ec61
GP		 1030 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
1031 chan->fcs = L2CAP_FCS_CRC16;
1032 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
4343478f
GP		 1033 chan->sec_level = BT_SECURITY_LOW;
1034 chan->role_switch = 0;
1035 chan->force_reliable = 0;
1036 chan->flushable = BT_FLUSHABLE_OFF;
bb58f747
GP		 1037 }
1038
1039 /* Default config options */
0c1bc5c6 1040 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
bb58f747
GP		 1041}
1042
1043static struct proto l2cap_proto = {
1044 .name = "L2CAP",
1045 .owner = THIS_MODULE,
1046 .obj_size = sizeof(struct l2cap_pinfo)
1047};
1048
1049struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1050{
1051 struct sock *sk;
1052
1053 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1054 if (!sk)
1055 return NULL;
1056
1057 sock_init_data(sock, sk);
1058 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1059
1060 sk->sk_destruct = l2cap_sock_destruct;
1061 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1062
1063 sock_reset_flag(sk, SOCK_ZAPPED);
1064
1065 sk->sk_protocol = proto;
1066 sk->sk_state = BT_OPEN;
1067
1068 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1069
1070 bt_sock_link(&l2cap_sk_list, sk);
1071 return sk;
1072}
1073
1074static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1075 int kern)
1076{
1077 struct sock *sk;
5d41ce1d 1078 struct l2cap_chan *chan;
bb58f747
GP		 1079
1080 BT_DBG("sock %p", sock);
1081
1082 sock->state = SS_UNCONNECTED;
1083
1084 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1085 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1086 return -ESOCKTNOSUPPORT;
1087
1088 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1089 return -EPERM;
1090
1091 sock->ops = &l2cap_sock_ops;
1092
1093 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1094 if (!sk)
1095 return -ENOMEM;
1096
5d41ce1d
GP		 1097 chan = l2cap_chan_alloc(sk);
1098 if (!chan) {
1099 l2cap_sock_kill(sk);
1100 return -ENOMEM;
1101 }
1102
1103 l2cap_pi(sk)->chan = chan;
1104
bb58f747
GP		 1105 l2cap_sock_init(sk, NULL);
1106 return 0;
1107}
1108
65390587
GP		 1109const struct proto_ops l2cap_sock_ops = {
1110 .family = PF_BLUETOOTH,
1111 .owner = THIS_MODULE,
1112 .release = l2cap_sock_release,
1113 .bind = l2cap_sock_bind,
1114 .connect = l2cap_sock_connect,
1115 .listen = l2cap_sock_listen,
1116 .accept = l2cap_sock_accept,
1117 .getname = l2cap_sock_getname,
1118 .sendmsg = l2cap_sock_sendmsg,
1119 .recvmsg = l2cap_sock_recvmsg,
1120 .poll = bt_sock_poll,
1121 .ioctl = bt_sock_ioctl,
1122 .mmap = sock_no_mmap,
1123 .socketpair = sock_no_socketpair,
1124 .shutdown = l2cap_sock_shutdown,
1125 .setsockopt = l2cap_sock_setsockopt,
1126 .getsockopt = l2cap_sock_getsockopt
1127};
1128
bb58f747
GP		 1129static const struct net_proto_family l2cap_sock_family_ops = {
1130 .family = PF_BLUETOOTH,
1131 .owner = THIS_MODULE,
1132 .create = l2cap_sock_create,
1133};
1134
1135int __init l2cap_init_sockets(void)
1136{
e2174ca4 1137 int err;
bb58f747 1138
e2174ca4
GP		 1139 err = proto_register(&l2cap_proto, 0);
1140 if (err < 0)
1141 return err;
bb58f747 1142
e2174ca4
GP		 1143 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1144 if (err < 0)
1145 goto error;
bb58f747 1146
e2174ca4 1147 BT_INFO("L2CAP socket layer initialized");
bb58f747 1148
e2174ca4 1149 return 0;
bb58f747
GP		 1150
1151error:
e2174ca4
GP		 1152 BT_ERR("L2CAP socket registration failed");
1153 proto_unregister(&l2cap_proto);
1154 return err;
bb58f747
GP		 1155}
1156
1157void l2cap_cleanup_sockets(void)
1158{
e2174ca4
GP		 1159 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1160 BT_ERR("L2CAP socket unregistration failed");
bb58f747 1161
e2174ca4 1162 proto_unregister(&l2cap_proto);
bb58f747 1163}
kernel source for telekom puls (alcatel/mediatek)