blob: 3396d5bdef1c3f8e0f24af0a64dd7b1eca7a333f [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090015 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090020 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070022 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
Linus Torvalds1da177e2005-04-16 15:20:36 -070027#include <linux/module.h>
28
29#include <linux/types.h>
Randy Dunlap4fc268d2006-01-11 12:17:47 -080030#include <linux/capability.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <linux/errno.h>
32#include <linux/kernel.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070033#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070041#include <linux/list.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -080042#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070043#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
53#ifndef CONFIG_BT_L2CAP_DEBUG
54#undef BT_DBG
55#define BT_DBG(D...)
56#endif
57
Marcel Holtmann79d554a2008-07-14 20:13:44 +020058#define VERSION "2.10"
Marcel Holtmannf0709e02007-10-20 13:38:51 +020059
60static u32 l2cap_feat_mask = 0x0000;
Linus Torvalds1da177e2005-04-16 15:20:36 -070061
Eric Dumazet90ddc4f2005-12-22 12:49:22 -080062static const struct proto_ops l2cap_sock_ops;
Linus Torvalds1da177e2005-04-16 15:20:36 -070063
64static struct bt_sock_list l2cap_sk_list = {
Robert P. J. Dayd5fb2962008-03-28 16:17:38 -070065 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
Linus Torvalds1da177e2005-04-16 15:20:36 -070066};
67
Linus Torvalds1da177e2005-04-16 15:20:36 -070068static void __l2cap_sock_close(struct sock *sk, int reason);
69static void l2cap_sock_close(struct sock *sk);
70static void l2cap_sock_kill(struct sock *sk);
71
72static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
73 u8 code, u8 ident, u16 dlen, void *data);
74
75/* ---- L2CAP timers ---- */
76static void l2cap_sock_timeout(unsigned long arg)
77{
78 struct sock *sk = (struct sock *) arg;
Marcel Holtmannb1235d72008-07-14 20:13:54 +020079 int reason;
Linus Torvalds1da177e2005-04-16 15:20:36 -070080
81 BT_DBG("sock %p state %d", sk, sk->sk_state);
82
83 bh_lock_sock(sk);
Marcel Holtmannb1235d72008-07-14 20:13:54 +020084
85 if (sk->sk_state == BT_CONNECT &&
86 (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH |
87 L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)))
88 reason = ECONNREFUSED;
89 else
90 reason = ETIMEDOUT;
91
92 __l2cap_sock_close(sk, reason);
93
Linus Torvalds1da177e2005-04-16 15:20:36 -070094 bh_unlock_sock(sk);
95
96 l2cap_sock_kill(sk);
97 sock_put(sk);
98}
99
100static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101{
102 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
103 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
104}
105
106static void l2cap_sock_clear_timer(struct sock *sk)
107{
108 BT_DBG("sock %p state %d", sk, sk->sk_state);
109 sk_stop_timer(sk, &sk->sk_timer);
110}
111
Marcel Holtmann01394182006-07-03 10:02:46 +0200112/* ---- L2CAP channels ---- */
113static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
114{
115 struct sock *s;
116 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
117 if (l2cap_pi(s)->dcid == cid)
118 break;
119 }
120 return s;
121}
122
123static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
124{
125 struct sock *s;
126 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
127 if (l2cap_pi(s)->scid == cid)
128 break;
129 }
130 return s;
131}
132
133/* Find channel with given SCID.
134 * Returns locked socket */
135static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136{
137 struct sock *s;
138 read_lock(&l->lock);
139 s = __l2cap_get_chan_by_scid(l, cid);
140 if (s) bh_lock_sock(s);
141 read_unlock(&l->lock);
142 return s;
143}
144
145static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
146{
147 struct sock *s;
148 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
149 if (l2cap_pi(s)->ident == ident)
150 break;
151 }
152 return s;
153}
154
155static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156{
157 struct sock *s;
158 read_lock(&l->lock);
159 s = __l2cap_get_chan_by_ident(l, ident);
160 if (s) bh_lock_sock(s);
161 read_unlock(&l->lock);
162 return s;
163}
164
165static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166{
167 u16 cid = 0x0040;
168
169 for (; cid < 0xffff; cid++) {
170 if(!__l2cap_get_chan_by_scid(l, cid))
171 return cid;
172 }
173
174 return 0;
175}
176
177static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
178{
179 sock_hold(sk);
180
181 if (l->head)
182 l2cap_pi(l->head)->prev_c = sk;
183
184 l2cap_pi(sk)->next_c = l->head;
185 l2cap_pi(sk)->prev_c = NULL;
186 l->head = sk;
187}
188
189static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
190{
191 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
192
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200193 write_lock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200194 if (sk == l->head)
195 l->head = next;
196
197 if (next)
198 l2cap_pi(next)->prev_c = prev;
199 if (prev)
200 l2cap_pi(prev)->next_c = next;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200201 write_unlock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200202
203 __sock_put(sk);
204}
205
206static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
207{
208 struct l2cap_chan_list *l = &conn->chan_list;
209
210 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
211
212 l2cap_pi(sk)->conn = conn;
213
214 if (sk->sk_type == SOCK_SEQPACKET) {
215 /* Alloc CID for connection-oriented socket */
216 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
217 } else if (sk->sk_type == SOCK_DGRAM) {
218 /* Connectionless socket */
219 l2cap_pi(sk)->scid = 0x0002;
220 l2cap_pi(sk)->dcid = 0x0002;
221 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
222 } else {
223 /* Raw socket can send/recv signalling messages only */
224 l2cap_pi(sk)->scid = 0x0001;
225 l2cap_pi(sk)->dcid = 0x0001;
226 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
227 }
228
229 __l2cap_chan_link(l, sk);
230
231 if (parent)
232 bt_accept_enqueue(parent, sk);
233}
234
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900235/* Delete channel.
Marcel Holtmann01394182006-07-03 10:02:46 +0200236 * Must be called on the locked socket. */
237static void l2cap_chan_del(struct sock *sk, int err)
238{
239 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
240 struct sock *parent = bt_sk(sk)->parent;
241
242 l2cap_sock_clear_timer(sk);
243
244 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
245
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900246 if (conn) {
Marcel Holtmann01394182006-07-03 10:02:46 +0200247 /* Unlink from channel list */
248 l2cap_chan_unlink(&conn->chan_list, sk);
249 l2cap_pi(sk)->conn = NULL;
250 hci_conn_put(conn->hcon);
251 }
252
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200253 sk->sk_state = BT_CLOSED;
Marcel Holtmann01394182006-07-03 10:02:46 +0200254 sock_set_flag(sk, SOCK_ZAPPED);
255
256 if (err)
257 sk->sk_err = err;
258
259 if (parent) {
260 bt_accept_unlink(sk);
261 parent->sk_data_ready(parent, 0);
262 } else
263 sk->sk_state_change(sk);
264}
265
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200266/* Service level security */
267static inline int l2cap_check_link_mode(struct sock *sk)
268{
269 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
270
271 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
272 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))
273 return hci_conn_encrypt(conn->hcon);
274
275 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)
276 return hci_conn_auth(conn->hcon);
277
278 return 1;
279}
280
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200281static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
282{
283 u8 id;
284
285 /* Get next available identificator.
286 * 1 - 128 are used by kernel.
287 * 129 - 199 are reserved.
288 * 200 - 254 are used by utilities like l2ping, etc.
289 */
290
291 spin_lock_bh(&conn->lock);
292
293 if (++conn->tx_ident > 128)
294 conn->tx_ident = 1;
295
296 id = conn->tx_ident;
297
298 spin_unlock_bh(&conn->lock);
299
300 return id;
301}
302
303static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
304{
305 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
306
307 BT_DBG("code 0x%2.2x", code);
308
309 if (!skb)
310 return -ENOMEM;
311
312 return hci_send_acl(conn->hcon, skb, 0);
313}
314
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200315static void l2cap_do_start(struct sock *sk)
316{
317 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
318
319 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200320 if (l2cap_check_link_mode(sk)) {
321 struct l2cap_conn_req req;
322 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
323 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200324
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200325 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200326
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200327 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200328 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200329 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200330 } else {
331 struct l2cap_info_req req;
332 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
333
334 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
335 conn->info_ident = l2cap_get_ident(conn);
336
337 mod_timer(&conn->info_timer, jiffies +
338 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
339
340 l2cap_send_cmd(conn, conn->info_ident,
341 L2CAP_INFO_REQ, sizeof(req), &req);
342 }
343}
344
Linus Torvalds1da177e2005-04-16 15:20:36 -0700345/* ---- L2CAP connections ---- */
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200346static void l2cap_conn_start(struct l2cap_conn *conn)
347{
348 struct l2cap_chan_list *l = &conn->chan_list;
349 struct sock *sk;
350
351 BT_DBG("conn %p", conn);
352
353 read_lock(&l->lock);
354
355 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
356 bh_lock_sock(sk);
357
358 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200359 bh_unlock_sock(sk);
360 continue;
361 }
362
363 if (sk->sk_state == BT_CONNECT) {
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200364 if (l2cap_check_link_mode(sk)) {
365 struct l2cap_conn_req req;
366 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
367 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200368
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200369 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200370
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200371 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200372 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200373 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200374 } else if (sk->sk_state == BT_CONNECT2) {
375 struct l2cap_conn_rsp rsp;
376 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
377 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
378
379 if (l2cap_check_link_mode(sk)) {
380 sk->sk_state = BT_CONFIG;
381 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
382 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
383 } else {
384 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
385 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
386 }
387
388 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
389 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
390 }
391
392 bh_unlock_sock(sk);
393 }
394
395 read_unlock(&l->lock);
396}
397
398static void l2cap_conn_ready(struct l2cap_conn *conn)
399{
400 struct l2cap_chan_list *l = &conn->chan_list;
401 struct sock *sk;
402
403 BT_DBG("conn %p", conn);
404
405 read_lock(&l->lock);
406
407 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
408 bh_lock_sock(sk);
409
410 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200411 l2cap_sock_clear_timer(sk);
412 sk->sk_state = BT_CONNECTED;
413 sk->sk_state_change(sk);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200414 } else if (sk->sk_state == BT_CONNECT)
415 l2cap_do_start(sk);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200416
417 bh_unlock_sock(sk);
418 }
419
420 read_unlock(&l->lock);
421}
422
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200423/* Notify sockets that we cannot guaranty reliability anymore */
424static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
425{
426 struct l2cap_chan_list *l = &conn->chan_list;
427 struct sock *sk;
428
429 BT_DBG("conn %p", conn);
430
431 read_lock(&l->lock);
432
433 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
434 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
435 sk->sk_err = err;
436 }
437
438 read_unlock(&l->lock);
439}
440
441static void l2cap_info_timeout(unsigned long arg)
442{
443 struct l2cap_conn *conn = (void *) arg;
444
445 conn->info_ident = 0;
446
447 l2cap_conn_start(conn);
448}
449
Linus Torvalds1da177e2005-04-16 15:20:36 -0700450static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
451{
Marcel Holtmann01394182006-07-03 10:02:46 +0200452 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700453
Marcel Holtmann01394182006-07-03 10:02:46 +0200454 if (conn || status)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700455 return conn;
456
Marcel Holtmann01394182006-07-03 10:02:46 +0200457 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
458 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700459 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700460
461 hcon->l2cap_data = conn;
462 conn->hcon = hcon;
463
Marcel Holtmann01394182006-07-03 10:02:46 +0200464 BT_DBG("hcon %p conn %p", hcon, conn);
465
Linus Torvalds1da177e2005-04-16 15:20:36 -0700466 conn->mtu = hcon->hdev->acl_mtu;
467 conn->src = &hcon->hdev->bdaddr;
468 conn->dst = &hcon->dst;
469
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200470 conn->feat_mask = 0;
471
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200472 setup_timer(&conn->info_timer, l2cap_info_timeout,
473 (unsigned long) conn);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200474
Linus Torvalds1da177e2005-04-16 15:20:36 -0700475 spin_lock_init(&conn->lock);
476 rwlock_init(&conn->chan_list.lock);
477
Linus Torvalds1da177e2005-04-16 15:20:36 -0700478 return conn;
479}
480
Marcel Holtmann01394182006-07-03 10:02:46 +0200481static void l2cap_conn_del(struct hci_conn *hcon, int err)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700482{
Marcel Holtmann01394182006-07-03 10:02:46 +0200483 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700484 struct sock *sk;
485
Marcel Holtmann01394182006-07-03 10:02:46 +0200486 if (!conn)
487 return;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700488
489 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
490
491 if (conn->rx_skb)
492 kfree_skb(conn->rx_skb);
493
494 /* Kill channels */
495 while ((sk = conn->chan_list.head)) {
496 bh_lock_sock(sk);
497 l2cap_chan_del(sk, err);
498 bh_unlock_sock(sk);
499 l2cap_sock_kill(sk);
500 }
501
Dave Young8e8440f2008-03-03 12:18:55 -0800502 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
503 del_timer_sync(&conn->info_timer);
Thomas Gleixner3ab22732008-02-26 17:42:56 -0800504
Linus Torvalds1da177e2005-04-16 15:20:36 -0700505 hcon->l2cap_data = NULL;
506 kfree(conn);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700507}
508
509static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
510{
511 struct l2cap_chan_list *l = &conn->chan_list;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200512 write_lock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700513 __l2cap_chan_add(conn, sk, parent);
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200514 write_unlock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700515}
516
Linus Torvalds1da177e2005-04-16 15:20:36 -0700517/* ---- Socket interface ---- */
Al Viro8e036fc2007-07-29 00:16:36 -0700518static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700519{
520 struct sock *sk;
521 struct hlist_node *node;
522 sk_for_each(sk, node, &l2cap_sk_list.head)
523 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
524 goto found;
525 sk = NULL;
526found:
527 return sk;
528}
529
530/* Find socket with psm and source bdaddr.
531 * Returns closest match.
532 */
Al Viro8e036fc2007-07-29 00:16:36 -0700533static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700534{
535 struct sock *sk = NULL, *sk1 = NULL;
536 struct hlist_node *node;
537
538 sk_for_each(sk, node, &l2cap_sk_list.head) {
539 if (state && sk->sk_state != state)
540 continue;
541
542 if (l2cap_pi(sk)->psm == psm) {
543 /* Exact match. */
544 if (!bacmp(&bt_sk(sk)->src, src))
545 break;
546
547 /* Closest match */
548 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
549 sk1 = sk;
550 }
551 }
552 return node ? sk : sk1;
553}
554
555/* Find socket with given address (psm, src).
556 * Returns locked socket */
Al Viro8e036fc2007-07-29 00:16:36 -0700557static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700558{
559 struct sock *s;
560 read_lock(&l2cap_sk_list.lock);
561 s = __l2cap_get_sock_by_psm(state, psm, src);
562 if (s) bh_lock_sock(s);
563 read_unlock(&l2cap_sk_list.lock);
564 return s;
565}
566
567static void l2cap_sock_destruct(struct sock *sk)
568{
569 BT_DBG("sk %p", sk);
570
571 skb_queue_purge(&sk->sk_receive_queue);
572 skb_queue_purge(&sk->sk_write_queue);
573}
574
575static void l2cap_sock_cleanup_listen(struct sock *parent)
576{
577 struct sock *sk;
578
579 BT_DBG("parent %p", parent);
580
581 /* Close not yet accepted channels */
582 while ((sk = bt_accept_dequeue(parent, NULL)))
583 l2cap_sock_close(sk);
584
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200585 parent->sk_state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700586 sock_set_flag(parent, SOCK_ZAPPED);
587}
588
589/* Kill socket (only if zapped and orphan)
590 * Must be called on unlocked socket.
591 */
592static void l2cap_sock_kill(struct sock *sk)
593{
594 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
595 return;
596
597 BT_DBG("sk %p state %d", sk, sk->sk_state);
598
599 /* Kill poor orphan */
600 bt_sock_unlink(&l2cap_sk_list, sk);
601 sock_set_flag(sk, SOCK_DEAD);
602 sock_put(sk);
603}
604
605static void __l2cap_sock_close(struct sock *sk, int reason)
606{
607 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
608
609 switch (sk->sk_state) {
610 case BT_LISTEN:
611 l2cap_sock_cleanup_listen(sk);
612 break;
613
614 case BT_CONNECTED:
615 case BT_CONFIG:
616 case BT_CONNECT2:
617 if (sk->sk_type == SOCK_SEQPACKET) {
618 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
619 struct l2cap_disconn_req req;
620
621 sk->sk_state = BT_DISCONN;
622 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
623
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -0700624 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
625 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700626 l2cap_send_cmd(conn, l2cap_get_ident(conn),
627 L2CAP_DISCONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200628 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700629 l2cap_chan_del(sk, reason);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700630 break;
631
632 case BT_CONNECT:
633 case BT_DISCONN:
634 l2cap_chan_del(sk, reason);
635 break;
636
637 default:
638 sock_set_flag(sk, SOCK_ZAPPED);
639 break;
640 }
641}
642
643/* Must be called on unlocked socket. */
644static void l2cap_sock_close(struct sock *sk)
645{
646 l2cap_sock_clear_timer(sk);
647 lock_sock(sk);
648 __l2cap_sock_close(sk, ECONNRESET);
649 release_sock(sk);
650 l2cap_sock_kill(sk);
651}
652
653static void l2cap_sock_init(struct sock *sk, struct sock *parent)
654{
655 struct l2cap_pinfo *pi = l2cap_pi(sk);
656
657 BT_DBG("sk %p", sk);
658
659 if (parent) {
660 sk->sk_type = parent->sk_type;
661 pi->imtu = l2cap_pi(parent)->imtu;
662 pi->omtu = l2cap_pi(parent)->omtu;
663 pi->link_mode = l2cap_pi(parent)->link_mode;
664 } else {
665 pi->imtu = L2CAP_DEFAULT_MTU;
666 pi->omtu = 0;
667 pi->link_mode = 0;
668 }
669
670 /* Default config options */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +0200671 pi->conf_len = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700672 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
673}
674
675static struct proto l2cap_proto = {
676 .name = "L2CAP",
677 .owner = THIS_MODULE,
678 .obj_size = sizeof(struct l2cap_pinfo)
679};
680
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700681static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700682{
683 struct sock *sk;
684
Pavel Emelyanov6257ff22007-11-01 00:39:31 -0700685 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700686 if (!sk)
687 return NULL;
688
689 sock_init_data(sock, sk);
690 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
691
692 sk->sk_destruct = l2cap_sock_destruct;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200693 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700694
695 sock_reset_flag(sk, SOCK_ZAPPED);
696
697 sk->sk_protocol = proto;
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200698 sk->sk_state = BT_OPEN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700699
Marcel Holtmannb1235d72008-07-14 20:13:54 +0200700 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700701
702 bt_sock_link(&l2cap_sk_list, sk);
703 return sk;
704}
705
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700706static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700707{
708 struct sock *sk;
709
710 BT_DBG("sock %p", sock);
711
712 sock->state = SS_UNCONNECTED;
713
714 if (sock->type != SOCK_SEQPACKET &&
715 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
716 return -ESOCKTNOSUPPORT;
717
718 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
719 return -EPERM;
720
721 sock->ops = &l2cap_sock_ops;
722
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700723 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700724 if (!sk)
725 return -ENOMEM;
726
727 l2cap_sock_init(sk, NULL);
728 return 0;
729}
730
731static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
732{
733 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
734 struct sock *sk = sock->sk;
735 int err = 0;
736
737 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
738
739 if (!addr || addr->sa_family != AF_BLUETOOTH)
740 return -EINVAL;
741
742 lock_sock(sk);
743
744 if (sk->sk_state != BT_OPEN) {
745 err = -EBADFD;
746 goto done;
747 }
748
Al Viro8e036fc2007-07-29 00:16:36 -0700749 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
Marcel Holtmann847641d2007-01-22 22:00:45 +0100750 !capable(CAP_NET_BIND_SERVICE)) {
751 err = -EACCES;
752 goto done;
753 }
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900754
Linus Torvalds1da177e2005-04-16 15:20:36 -0700755 write_lock_bh(&l2cap_sk_list.lock);
756
757 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
758 err = -EADDRINUSE;
759 } else {
760 /* Save source address */
761 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
762 l2cap_pi(sk)->psm = la->l2_psm;
763 l2cap_pi(sk)->sport = la->l2_psm;
764 sk->sk_state = BT_BOUND;
765 }
766
767 write_unlock_bh(&l2cap_sk_list.lock);
768
769done:
770 release_sock(sk);
771 return err;
772}
773
774static int l2cap_do_connect(struct sock *sk)
775{
776 bdaddr_t *src = &bt_sk(sk)->src;
777 bdaddr_t *dst = &bt_sk(sk)->dst;
778 struct l2cap_conn *conn;
779 struct hci_conn *hcon;
780 struct hci_dev *hdev;
781 int err = 0;
782
783 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
784
785 if (!(hdev = hci_get_route(dst, src)))
786 return -EHOSTUNREACH;
787
788 hci_dev_lock_bh(hdev);
789
790 err = -ENOMEM;
791
792 hcon = hci_connect(hdev, ACL_LINK, dst);
793 if (!hcon)
794 goto done;
795
796 conn = l2cap_conn_add(hcon, 0);
797 if (!conn) {
798 hci_conn_put(hcon);
799 goto done;
800 }
801
802 err = 0;
803
804 /* Update source addr of the socket */
805 bacpy(src, conn->src);
806
807 l2cap_chan_add(conn, sk, NULL);
808
809 sk->sk_state = BT_CONNECT;
810 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
811
812 if (hcon->state == BT_CONNECTED) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200813 if (sk->sk_type != SOCK_SEQPACKET) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700814 l2cap_sock_clear_timer(sk);
815 sk->sk_state = BT_CONNECTED;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200816 } else
817 l2cap_do_start(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700818 }
819
820done:
821 hci_dev_unlock_bh(hdev);
822 hci_dev_put(hdev);
823 return err;
824}
825
826static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
827{
828 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
829 struct sock *sk = sock->sk;
830 int err = 0;
831
832 lock_sock(sk);
833
834 BT_DBG("sk %p", sk);
835
836 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
837 err = -EINVAL;
838 goto done;
839 }
840
841 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
842 err = -EINVAL;
843 goto done;
844 }
845
846 switch(sk->sk_state) {
847 case BT_CONNECT:
848 case BT_CONNECT2:
849 case BT_CONFIG:
850 /* Already connecting */
851 goto wait;
852
853 case BT_CONNECTED:
854 /* Already connected */
855 goto done;
856
857 case BT_OPEN:
858 case BT_BOUND:
859 /* Can connect */
860 break;
861
862 default:
863 err = -EBADFD;
864 goto done;
865 }
866
867 /* Set destination address and psm */
868 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
869 l2cap_pi(sk)->psm = la->l2_psm;
870
871 if ((err = l2cap_do_connect(sk)))
872 goto done;
873
874wait:
875 err = bt_sock_wait_state(sk, BT_CONNECTED,
876 sock_sndtimeo(sk, flags & O_NONBLOCK));
877done:
878 release_sock(sk);
879 return err;
880}
881
882static int l2cap_sock_listen(struct socket *sock, int backlog)
883{
884 struct sock *sk = sock->sk;
885 int err = 0;
886
887 BT_DBG("sk %p backlog %d", sk, backlog);
888
889 lock_sock(sk);
890
891 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
892 err = -EBADFD;
893 goto done;
894 }
895
896 if (!l2cap_pi(sk)->psm) {
897 bdaddr_t *src = &bt_sk(sk)->src;
898 u16 psm;
899
900 err = -EINVAL;
901
902 write_lock_bh(&l2cap_sk_list.lock);
903
904 for (psm = 0x1001; psm < 0x1100; psm += 2)
Al Viro6dc0c202007-07-29 00:15:18 -0700905 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700906 l2cap_pi(sk)->psm = htobs(psm);
907 l2cap_pi(sk)->sport = htobs(psm);
908 err = 0;
909 break;
910 }
911
912 write_unlock_bh(&l2cap_sk_list.lock);
913
914 if (err < 0)
915 goto done;
916 }
917
918 sk->sk_max_ack_backlog = backlog;
919 sk->sk_ack_backlog = 0;
920 sk->sk_state = BT_LISTEN;
921
922done:
923 release_sock(sk);
924 return err;
925}
926
927static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
928{
929 DECLARE_WAITQUEUE(wait, current);
930 struct sock *sk = sock->sk, *nsk;
931 long timeo;
932 int err = 0;
933
Peter Zijlstrafcc70d52006-11-08 22:44:35 -0800934 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700935
936 if (sk->sk_state != BT_LISTEN) {
937 err = -EBADFD;
938 goto done;
939 }
940
941 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
942
943 BT_DBG("sk %p timeo %ld", sk, timeo);
944
945 /* Wait for an incoming connection. (wake-one). */
946 add_wait_queue_exclusive(sk->sk_sleep, &wait);
947 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
948 set_current_state(TASK_INTERRUPTIBLE);
949 if (!timeo) {
950 err = -EAGAIN;
951 break;
952 }
953
954 release_sock(sk);
955 timeo = schedule_timeout(timeo);
Peter Zijlstrafcc70d52006-11-08 22:44:35 -0800956 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700957
958 if (sk->sk_state != BT_LISTEN) {
959 err = -EBADFD;
960 break;
961 }
962
963 if (signal_pending(current)) {
964 err = sock_intr_errno(timeo);
965 break;
966 }
967 }
968 set_current_state(TASK_RUNNING);
969 remove_wait_queue(sk->sk_sleep, &wait);
970
971 if (err)
972 goto done;
973
974 newsock->state = SS_CONNECTED;
975
976 BT_DBG("new socket %p", nsk);
977
978done:
979 release_sock(sk);
980 return err;
981}
982
983static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
984{
985 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
986 struct sock *sk = sock->sk;
987
988 BT_DBG("sock %p, sk %p", sock, sk);
989
990 addr->sa_family = AF_BLUETOOTH;
991 *len = sizeof(struct sockaddr_l2);
992
993 if (peer)
994 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
995 else
996 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
997
998 la->l2_psm = l2cap_pi(sk)->psm;
999 return 0;
1000}
1001
1002static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1003{
1004 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1005 struct sk_buff *skb, **frag;
1006 int err, hlen, count, sent=0;
1007 struct l2cap_hdr *lh;
1008
1009 BT_DBG("sk %p len %d", sk, len);
1010
1011 /* First fragment (with L2CAP header) */
1012 if (sk->sk_type == SOCK_DGRAM)
1013 hlen = L2CAP_HDR_SIZE + 2;
1014 else
1015 hlen = L2CAP_HDR_SIZE;
1016
1017 count = min_t(unsigned int, (conn->mtu - hlen), len);
1018
1019 skb = bt_skb_send_alloc(sk, hlen + count,
1020 msg->msg_flags & MSG_DONTWAIT, &err);
1021 if (!skb)
1022 return err;
1023
1024 /* Create L2CAP header */
1025 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001026 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1027 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001028
1029 if (sk->sk_type == SOCK_DGRAM)
Al Viro8e036fc2007-07-29 00:16:36 -07001030 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001031
1032 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1033 err = -EFAULT;
1034 goto fail;
1035 }
1036
1037 sent += count;
1038 len -= count;
1039
1040 /* Continuation fragments (no L2CAP header) */
1041 frag = &skb_shinfo(skb)->frag_list;
1042 while (len) {
1043 count = min_t(unsigned int, conn->mtu, len);
1044
1045 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1046 if (!*frag)
1047 goto fail;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001048
Linus Torvalds1da177e2005-04-16 15:20:36 -07001049 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1050 err = -EFAULT;
1051 goto fail;
1052 }
1053
1054 sent += count;
1055 len -= count;
1056
1057 frag = &(*frag)->next;
1058 }
1059
1060 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1061 goto fail;
1062
1063 return sent;
1064
1065fail:
1066 kfree_skb(skb);
1067 return err;
1068}
1069
1070static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1071{
1072 struct sock *sk = sock->sk;
1073 int err = 0;
1074
1075 BT_DBG("sock %p, sk %p", sock, sk);
1076
Benjamin LaHaisec1cbe4b2005-12-13 23:22:19 -08001077 err = sock_error(sk);
1078 if (err)
1079 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001080
1081 if (msg->msg_flags & MSG_OOB)
1082 return -EOPNOTSUPP;
1083
1084 /* Check outgoing MTU */
1085 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1086 return -EINVAL;
1087
1088 lock_sock(sk);
1089
1090 if (sk->sk_state == BT_CONNECTED)
1091 err = l2cap_do_send(sk, msg, len);
1092 else
1093 err = -ENOTCONN;
1094
1095 release_sock(sk);
1096 return err;
1097}
1098
1099static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1100{
1101 struct sock *sk = sock->sk;
1102 struct l2cap_options opts;
1103 int err = 0, len;
1104 u32 opt;
1105
1106 BT_DBG("sk %p", sk);
1107
1108 lock_sock(sk);
1109
1110 switch (optname) {
1111 case L2CAP_OPTIONS:
Marcel Holtmann0878b662007-05-05 00:35:59 +02001112 opts.imtu = l2cap_pi(sk)->imtu;
1113 opts.omtu = l2cap_pi(sk)->omtu;
1114 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001115 opts.mode = L2CAP_MODE_BASIC;
Marcel Holtmann0878b662007-05-05 00:35:59 +02001116
Linus Torvalds1da177e2005-04-16 15:20:36 -07001117 len = min_t(unsigned int, sizeof(opts), optlen);
1118 if (copy_from_user((char *) &opts, optval, len)) {
1119 err = -EFAULT;
1120 break;
1121 }
Marcel Holtmann0878b662007-05-05 00:35:59 +02001122
Linus Torvalds1da177e2005-04-16 15:20:36 -07001123 l2cap_pi(sk)->imtu = opts.imtu;
1124 l2cap_pi(sk)->omtu = opts.omtu;
1125 break;
1126
1127 case L2CAP_LM:
1128 if (get_user(opt, (u32 __user *) optval)) {
1129 err = -EFAULT;
1130 break;
1131 }
1132
1133 l2cap_pi(sk)->link_mode = opt;
1134 break;
1135
1136 default:
1137 err = -ENOPROTOOPT;
1138 break;
1139 }
1140
1141 release_sock(sk);
1142 return err;
1143}
1144
1145static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1146{
1147 struct sock *sk = sock->sk;
1148 struct l2cap_options opts;
1149 struct l2cap_conninfo cinfo;
1150 int len, err = 0;
1151
1152 BT_DBG("sk %p", sk);
1153
1154 if (get_user(len, optlen))
1155 return -EFAULT;
1156
1157 lock_sock(sk);
1158
1159 switch (optname) {
1160 case L2CAP_OPTIONS:
1161 opts.imtu = l2cap_pi(sk)->imtu;
1162 opts.omtu = l2cap_pi(sk)->omtu;
1163 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001164 opts.mode = L2CAP_MODE_BASIC;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001165
1166 len = min_t(unsigned int, len, sizeof(opts));
1167 if (copy_to_user(optval, (char *) &opts, len))
1168 err = -EFAULT;
1169
1170 break;
1171
1172 case L2CAP_LM:
1173 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
1174 err = -EFAULT;
1175 break;
1176
1177 case L2CAP_CONNINFO:
1178 if (sk->sk_state != BT_CONNECTED) {
1179 err = -ENOTCONN;
1180 break;
1181 }
1182
1183 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1184 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1185
1186 len = min_t(unsigned int, len, sizeof(cinfo));
1187 if (copy_to_user(optval, (char *) &cinfo, len))
1188 err = -EFAULT;
1189
1190 break;
1191
1192 default:
1193 err = -ENOPROTOOPT;
1194 break;
1195 }
1196
1197 release_sock(sk);
1198 return err;
1199}
1200
1201static int l2cap_sock_shutdown(struct socket *sock, int how)
1202{
1203 struct sock *sk = sock->sk;
1204 int err = 0;
1205
1206 BT_DBG("sock %p, sk %p", sock, sk);
1207
1208 if (!sk)
1209 return 0;
1210
1211 lock_sock(sk);
1212 if (!sk->sk_shutdown) {
1213 sk->sk_shutdown = SHUTDOWN_MASK;
1214 l2cap_sock_clear_timer(sk);
1215 __l2cap_sock_close(sk, 0);
1216
1217 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
Marcel Holtmannb1235d72008-07-14 20:13:54 +02001218 err = bt_sock_wait_state(sk, BT_CLOSED,
1219 sk->sk_lingertime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001220 }
1221 release_sock(sk);
1222 return err;
1223}
1224
1225static int l2cap_sock_release(struct socket *sock)
1226{
1227 struct sock *sk = sock->sk;
1228 int err;
1229
1230 BT_DBG("sock %p, sk %p", sock, sk);
1231
1232 if (!sk)
1233 return 0;
1234
1235 err = l2cap_sock_shutdown(sock, 2);
1236
1237 sock_orphan(sk);
1238 l2cap_sock_kill(sk);
1239 return err;
1240}
1241
Linus Torvalds1da177e2005-04-16 15:20:36 -07001242static void l2cap_chan_ready(struct sock *sk)
1243{
1244 struct sock *parent = bt_sk(sk)->parent;
1245
1246 BT_DBG("sk %p, parent %p", sk, parent);
1247
1248 l2cap_pi(sk)->conf_state = 0;
1249 l2cap_sock_clear_timer(sk);
1250
1251 if (!parent) {
1252 /* Outgoing channel.
1253 * Wake up socket sleeping on connect.
1254 */
1255 sk->sk_state = BT_CONNECTED;
1256 sk->sk_state_change(sk);
1257 } else {
1258 /* Incoming channel.
1259 * Wake up socket sleeping on accept.
1260 */
1261 parent->sk_data_ready(parent, 0);
1262 }
Marcel Holtmannb1235d72008-07-14 20:13:54 +02001263
1264 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
1265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1266 hci_conn_change_link_key(conn->hcon);
1267 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001268}
1269
1270/* Copy frame to all raw sockets on that connection */
1271static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1272{
1273 struct l2cap_chan_list *l = &conn->chan_list;
1274 struct sk_buff *nskb;
1275 struct sock * sk;
1276
1277 BT_DBG("conn %p", conn);
1278
1279 read_lock(&l->lock);
1280 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1281 if (sk->sk_type != SOCK_RAW)
1282 continue;
1283
1284 /* Don't send frame to the socket it came from */
1285 if (skb->sk == sk)
1286 continue;
1287
1288 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1289 continue;
1290
1291 if (sock_queue_rcv_skb(sk, nskb))
1292 kfree_skb(nskb);
1293 }
1294 read_unlock(&l->lock);
1295}
1296
1297/* ---- L2CAP signalling commands ---- */
1298static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1299 u8 code, u8 ident, u16 dlen, void *data)
1300{
1301 struct sk_buff *skb, **frag;
1302 struct l2cap_cmd_hdr *cmd;
1303 struct l2cap_hdr *lh;
1304 int len, count;
1305
1306 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1307
1308 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1309 count = min_t(unsigned int, conn->mtu, len);
1310
1311 skb = bt_skb_alloc(count, GFP_ATOMIC);
1312 if (!skb)
1313 return NULL;
1314
1315 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001316 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1317 lh->cid = cpu_to_le16(0x0001);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001318
1319 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1320 cmd->code = code;
1321 cmd->ident = ident;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001322 cmd->len = cpu_to_le16(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001323
1324 if (dlen) {
1325 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1326 memcpy(skb_put(skb, count), data, count);
1327 data += count;
1328 }
1329
1330 len -= skb->len;
1331
1332 /* Continuation fragments (no L2CAP header) */
1333 frag = &skb_shinfo(skb)->frag_list;
1334 while (len) {
1335 count = min_t(unsigned int, conn->mtu, len);
1336
1337 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1338 if (!*frag)
1339 goto fail;
1340
1341 memcpy(skb_put(*frag, count), data, count);
1342
1343 len -= count;
1344 data += count;
1345
1346 frag = &(*frag)->next;
1347 }
1348
1349 return skb;
1350
1351fail:
1352 kfree_skb(skb);
1353 return NULL;
1354}
1355
1356static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1357{
1358 struct l2cap_conf_opt *opt = *ptr;
1359 int len;
1360
1361 len = L2CAP_CONF_OPT_SIZE + opt->len;
1362 *ptr += len;
1363
1364 *type = opt->type;
1365 *olen = opt->len;
1366
1367 switch (opt->len) {
1368 case 1:
1369 *val = *((u8 *) opt->val);
1370 break;
1371
1372 case 2:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001373 *val = __le16_to_cpu(*((__le16 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001374 break;
1375
1376 case 4:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001377 *val = __le32_to_cpu(*((__le32 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001378 break;
1379
1380 default:
1381 *val = (unsigned long) opt->val;
1382 break;
1383 }
1384
1385 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1386 return len;
1387}
1388
Linus Torvalds1da177e2005-04-16 15:20:36 -07001389static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1390{
1391 struct l2cap_conf_opt *opt = *ptr;
1392
1393 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1394
1395 opt->type = type;
1396 opt->len = len;
1397
1398 switch (len) {
1399 case 1:
1400 *((u8 *) opt->val) = val;
1401 break;
1402
1403 case 2:
Al Viro8e036fc2007-07-29 00:16:36 -07001404 *((__le16 *) opt->val) = cpu_to_le16(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001405 break;
1406
1407 case 4:
Al Viro8e036fc2007-07-29 00:16:36 -07001408 *((__le32 *) opt->val) = cpu_to_le32(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001409 break;
1410
1411 default:
1412 memcpy(opt->val, (void *) val, len);
1413 break;
1414 }
1415
1416 *ptr += L2CAP_CONF_OPT_SIZE + len;
1417}
1418
1419static int l2cap_build_conf_req(struct sock *sk, void *data)
1420{
1421 struct l2cap_pinfo *pi = l2cap_pi(sk);
1422 struct l2cap_conf_req *req = data;
1423 void *ptr = req->data;
1424
1425 BT_DBG("sk %p", sk);
1426
1427 if (pi->imtu != L2CAP_DEFAULT_MTU)
1428 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1429
1430 /* FIXME: Need actual value of the flush timeout */
1431 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1432 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1433
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001434 req->dcid = cpu_to_le16(pi->dcid);
1435 req->flags = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001436
1437 return ptr - data;
1438}
1439
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001440static int l2cap_parse_conf_req(struct sock *sk, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001441{
1442 struct l2cap_pinfo *pi = l2cap_pi(sk);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001443 struct l2cap_conf_rsp *rsp = data;
1444 void *ptr = rsp->data;
1445 void *req = pi->conf_req;
1446 int len = pi->conf_len;
1447 int type, hint, olen;
1448 unsigned long val;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001449 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
Marcel Holtmann861d6882007-10-20 13:37:06 +02001450 u16 mtu = L2CAP_DEFAULT_MTU;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001451 u16 result = L2CAP_CONF_SUCCESS;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001452
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001453 BT_DBG("sk %p", sk);
Marcel Holtmann820ae1b2006-11-18 22:15:00 +01001454
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001455 while (len >= L2CAP_CONF_OPT_SIZE) {
1456 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001457
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001458 hint = type & 0x80;
1459 type &= 0x7f;
1460
1461 switch (type) {
1462 case L2CAP_CONF_MTU:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001463 mtu = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001464 break;
1465
1466 case L2CAP_CONF_FLUSH_TO:
1467 pi->flush_to = val;
1468 break;
1469
1470 case L2CAP_CONF_QOS:
1471 break;
1472
Marcel Holtmann6464f352007-10-20 13:39:51 +02001473 case L2CAP_CONF_RFC:
1474 if (olen == sizeof(rfc))
1475 memcpy(&rfc, (void *) val, olen);
1476 break;
1477
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001478 default:
1479 if (hint)
1480 break;
1481
1482 result = L2CAP_CONF_UNKNOWN;
1483 *((u8 *) ptr++) = type;
1484 break;
1485 }
1486 }
1487
1488 if (result == L2CAP_CONF_SUCCESS) {
1489 /* Configure output options and let the other side know
1490 * which ones we don't like. */
1491
Marcel Holtmann6464f352007-10-20 13:39:51 +02001492 if (rfc.mode == L2CAP_MODE_BASIC) {
1493 if (mtu < pi->omtu)
1494 result = L2CAP_CONF_UNACCEPT;
1495 else {
1496 pi->omtu = mtu;
1497 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1498 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001499
Marcel Holtmann6464f352007-10-20 13:39:51 +02001500 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1501 } else {
1502 result = L2CAP_CONF_UNACCEPT;
1503
1504 memset(&rfc, 0, sizeof(rfc));
1505 rfc.mode = L2CAP_MODE_BASIC;
1506
1507 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1508 sizeof(rfc), (unsigned long) &rfc);
1509 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001510 }
1511
1512 rsp->scid = cpu_to_le16(pi->dcid);
1513 rsp->result = cpu_to_le16(result);
1514 rsp->flags = cpu_to_le16(0x0000);
1515
1516 return ptr - data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001517}
1518
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001519static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001520{
1521 struct l2cap_conf_rsp *rsp = data;
1522 void *ptr = rsp->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001523
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001524 BT_DBG("sk %p", sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001525
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001526 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001527 rsp->result = cpu_to_le16(result);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001528 rsp->flags = cpu_to_le16(flags);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001529
1530 return ptr - data;
1531}
1532
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001533static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1534{
1535 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1536
1537 if (rej->reason != 0x0000)
1538 return 0;
1539
1540 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1541 cmd->ident == conn->info_ident) {
1542 conn->info_ident = 0;
1543 del_timer(&conn->info_timer);
1544 l2cap_conn_start(conn);
1545 }
1546
1547 return 0;
1548}
1549
Linus Torvalds1da177e2005-04-16 15:20:36 -07001550static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1551{
1552 struct l2cap_chan_list *list = &conn->chan_list;
1553 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1554 struct l2cap_conn_rsp rsp;
1555 struct sock *sk, *parent;
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001556 int result, status = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001557
1558 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
Al Viro8e036fc2007-07-29 00:16:36 -07001559 __le16 psm = req->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001560
1561 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1562
1563 /* Check if we have socket listening on psm */
1564 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1565 if (!parent) {
1566 result = L2CAP_CR_BAD_PSM;
1567 goto sendresp;
1568 }
1569
1570 result = L2CAP_CR_NO_MEM;
1571
1572 /* Check for backlog size */
1573 if (sk_acceptq_is_full(parent)) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001574 BT_DBG("backlog full %d", parent->sk_ack_backlog);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001575 goto response;
1576 }
1577
YOSHIFUJI Hideaki3b1e0a62008-03-26 02:26:21 +09001578 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001579 if (!sk)
1580 goto response;
1581
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001582 write_lock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001583
1584 /* Check if we already have channel with that dcid */
1585 if (__l2cap_get_chan_by_dcid(list, scid)) {
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001586 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001587 sock_set_flag(sk, SOCK_ZAPPED);
1588 l2cap_sock_kill(sk);
1589 goto response;
1590 }
1591
1592 hci_conn_hold(conn->hcon);
1593
1594 l2cap_sock_init(sk, parent);
1595 bacpy(&bt_sk(sk)->src, conn->src);
1596 bacpy(&bt_sk(sk)->dst, conn->dst);
1597 l2cap_pi(sk)->psm = psm;
1598 l2cap_pi(sk)->dcid = scid;
1599
1600 __l2cap_chan_add(conn, sk, parent);
1601 dcid = l2cap_pi(sk)->scid;
1602
1603 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1604
Linus Torvalds1da177e2005-04-16 15:20:36 -07001605 l2cap_pi(sk)->ident = cmd->ident;
1606
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001607 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1608 if (l2cap_check_link_mode(sk)) {
1609 sk->sk_state = BT_CONFIG;
1610 result = L2CAP_CR_SUCCESS;
1611 status = L2CAP_CS_NO_INFO;
1612 } else {
1613 sk->sk_state = BT_CONNECT2;
1614 result = L2CAP_CR_PEND;
1615 status = L2CAP_CS_AUTHEN_PEND;
1616 }
1617 } else {
1618 sk->sk_state = BT_CONNECT2;
1619 result = L2CAP_CR_PEND;
1620 status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001621 }
1622
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001623 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001624
1625response:
1626 bh_unlock_sock(parent);
1627
1628sendresp:
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001629 rsp.scid = cpu_to_le16(scid);
1630 rsp.dcid = cpu_to_le16(dcid);
1631 rsp.result = cpu_to_le16(result);
1632 rsp.status = cpu_to_le16(status);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001633 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001634
1635 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1636 struct l2cap_info_req info;
1637 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1638
1639 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1640 conn->info_ident = l2cap_get_ident(conn);
1641
1642 mod_timer(&conn->info_timer, jiffies +
1643 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1644
1645 l2cap_send_cmd(conn, conn->info_ident,
1646 L2CAP_INFO_REQ, sizeof(info), &info);
1647 }
1648
Linus Torvalds1da177e2005-04-16 15:20:36 -07001649 return 0;
1650}
1651
1652static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1653{
1654 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1655 u16 scid, dcid, result, status;
1656 struct sock *sk;
1657 u8 req[128];
1658
1659 scid = __le16_to_cpu(rsp->scid);
1660 dcid = __le16_to_cpu(rsp->dcid);
1661 result = __le16_to_cpu(rsp->result);
1662 status = __le16_to_cpu(rsp->status);
1663
1664 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1665
1666 if (scid) {
1667 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1668 return 0;
1669 } else {
1670 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1671 return 0;
1672 }
1673
1674 switch (result) {
1675 case L2CAP_CR_SUCCESS:
1676 sk->sk_state = BT_CONFIG;
1677 l2cap_pi(sk)->ident = 0;
1678 l2cap_pi(sk)->dcid = dcid;
1679 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1680
1681 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1682 l2cap_build_conf_req(sk, req), req);
1683 break;
1684
1685 case L2CAP_CR_PEND:
1686 break;
1687
1688 default:
1689 l2cap_chan_del(sk, ECONNREFUSED);
1690 break;
1691 }
1692
1693 bh_unlock_sock(sk);
1694 return 0;
1695}
1696
Al Viro88219a02007-07-29 00:17:25 -07001697static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001698{
1699 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1700 u16 dcid, flags;
1701 u8 rsp[64];
1702 struct sock *sk;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001703 int len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001704
1705 dcid = __le16_to_cpu(req->dcid);
1706 flags = __le16_to_cpu(req->flags);
1707
1708 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1709
1710 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1711 return -ENOENT;
1712
Marcel Holtmann354f60a2006-11-18 22:15:20 +01001713 if (sk->sk_state == BT_DISCONN)
1714 goto unlock;
1715
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001716 /* Reject if config buffer is too small. */
Al Viro88219a02007-07-29 00:17:25 -07001717 len = cmd_len - sizeof(*req);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001718 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1719 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1720 l2cap_build_conf_rsp(sk, rsp,
1721 L2CAP_CONF_REJECT, flags), rsp);
1722 goto unlock;
1723 }
1724
1725 /* Store config. */
1726 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1727 l2cap_pi(sk)->conf_len += len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001728
1729 if (flags & 0x0001) {
1730 /* Incomplete config. Send empty response. */
1731 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001732 l2cap_build_conf_rsp(sk, rsp,
1733 L2CAP_CONF_SUCCESS, 0x0001), rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001734 goto unlock;
1735 }
1736
1737 /* Complete config. */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001738 len = l2cap_parse_conf_req(sk, rsp);
1739 if (len < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001740 goto unlock;
1741
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001742 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1743
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001744 /* Reset config buffer. */
1745 l2cap_pi(sk)->conf_len = 0;
1746
Marcel Holtmann876d9482007-10-20 13:35:42 +02001747 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1748 goto unlock;
1749
Linus Torvalds1da177e2005-04-16 15:20:36 -07001750 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1751 sk->sk_state = BT_CONNECTED;
1752 l2cap_chan_ready(sk);
Marcel Holtmann876d9482007-10-20 13:35:42 +02001753 goto unlock;
1754 }
1755
1756 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001757 u8 buf[64];
Linus Torvalds1da177e2005-04-16 15:20:36 -07001758 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001759 l2cap_build_conf_req(sk, buf), buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001760 }
1761
1762unlock:
1763 bh_unlock_sock(sk);
1764 return 0;
1765}
1766
1767static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1768{
1769 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1770 u16 scid, flags, result;
1771 struct sock *sk;
1772
1773 scid = __le16_to_cpu(rsp->scid);
1774 flags = __le16_to_cpu(rsp->flags);
1775 result = __le16_to_cpu(rsp->result);
1776
1777 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1778
1779 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1780 return 0;
1781
1782 switch (result) {
1783 case L2CAP_CONF_SUCCESS:
1784 break;
1785
1786 case L2CAP_CONF_UNACCEPT:
1787 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1788 char req[128];
1789 /* It does not make sense to adjust L2CAP parameters
1790 * that are currently defined in the spec. We simply
1791 * resend config request that we sent earlier. It is
1792 * stupid, but it helps qualification testing which
1793 * expects at least some response from us. */
1794 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1795 l2cap_build_conf_req(sk, req), req);
1796 goto done;
1797 }
1798
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001799 default:
Linus Torvalds1da177e2005-04-16 15:20:36 -07001800 sk->sk_state = BT_DISCONN;
Marcel Holtmannb1235d72008-07-14 20:13:54 +02001801 sk->sk_err = ECONNRESET;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001802 l2cap_sock_set_timer(sk, HZ * 5);
1803 {
1804 struct l2cap_disconn_req req;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001805 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
1806 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001807 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1808 L2CAP_DISCONN_REQ, sizeof(req), &req);
1809 }
1810 goto done;
1811 }
1812
1813 if (flags & 0x01)
1814 goto done;
1815
Linus Torvalds1da177e2005-04-16 15:20:36 -07001816 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1817
1818 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1819 sk->sk_state = BT_CONNECTED;
1820 l2cap_chan_ready(sk);
1821 }
1822
1823done:
1824 bh_unlock_sock(sk);
1825 return 0;
1826}
1827
1828static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1829{
1830 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1831 struct l2cap_disconn_rsp rsp;
1832 u16 dcid, scid;
1833 struct sock *sk;
1834
1835 scid = __le16_to_cpu(req->scid);
1836 dcid = __le16_to_cpu(req->dcid);
1837
1838 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1839
1840 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1841 return 0;
1842
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001843 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1844 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001845 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
1846
1847 sk->sk_shutdown = SHUTDOWN_MASK;
1848
1849 l2cap_chan_del(sk, ECONNRESET);
1850 bh_unlock_sock(sk);
1851
1852 l2cap_sock_kill(sk);
1853 return 0;
1854}
1855
1856static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1857{
1858 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
1859 u16 dcid, scid;
1860 struct sock *sk;
1861
1862 scid = __le16_to_cpu(rsp->scid);
1863 dcid = __le16_to_cpu(rsp->dcid);
1864
1865 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1866
1867 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1868 return 0;
1869
1870 l2cap_chan_del(sk, 0);
1871 bh_unlock_sock(sk);
1872
1873 l2cap_sock_kill(sk);
1874 return 0;
1875}
1876
1877static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1878{
1879 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001880 u16 type;
1881
1882 type = __le16_to_cpu(req->type);
1883
1884 BT_DBG("type 0x%4.4x", type);
1885
Marcel Holtmannf0709e02007-10-20 13:38:51 +02001886 if (type == L2CAP_IT_FEAT_MASK) {
1887 u8 buf[8];
1888 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
1889 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1890 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
1891 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
1892 l2cap_send_cmd(conn, cmd->ident,
1893 L2CAP_INFO_RSP, sizeof(buf), buf);
1894 } else {
1895 struct l2cap_info_rsp rsp;
1896 rsp.type = cpu_to_le16(type);
1897 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
1898 l2cap_send_cmd(conn, cmd->ident,
1899 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1900 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001901
1902 return 0;
1903}
1904
1905static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1906{
1907 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
1908 u16 type, result;
1909
1910 type = __le16_to_cpu(rsp->type);
1911 result = __le16_to_cpu(rsp->result);
1912
1913 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1914
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001915 conn->info_ident = 0;
1916
1917 del_timer(&conn->info_timer);
1918
1919 if (type == L2CAP_IT_FEAT_MASK)
Harvey Harrison83985312008-05-02 16:25:46 -07001920 conn->feat_mask = get_unaligned_le32(rsp->data);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001921
1922 l2cap_conn_start(conn);
1923
Linus Torvalds1da177e2005-04-16 15:20:36 -07001924 return 0;
1925}
1926
1927static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1928{
1929 u8 *data = skb->data;
1930 int len = skb->len;
1931 struct l2cap_cmd_hdr cmd;
1932 int err = 0;
1933
1934 l2cap_raw_recv(conn, skb);
1935
1936 while (len >= L2CAP_CMD_HDR_SIZE) {
Al Viro88219a02007-07-29 00:17:25 -07001937 u16 cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001938 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1939 data += L2CAP_CMD_HDR_SIZE;
1940 len -= L2CAP_CMD_HDR_SIZE;
1941
Al Viro88219a02007-07-29 00:17:25 -07001942 cmd_len = le16_to_cpu(cmd.len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001943
Al Viro88219a02007-07-29 00:17:25 -07001944 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001945
Al Viro88219a02007-07-29 00:17:25 -07001946 if (cmd_len > len || !cmd.ident) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001947 BT_DBG("corrupted command");
1948 break;
1949 }
1950
1951 switch (cmd.code) {
1952 case L2CAP_COMMAND_REJ:
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001953 l2cap_command_rej(conn, &cmd, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001954 break;
1955
1956 case L2CAP_CONN_REQ:
1957 err = l2cap_connect_req(conn, &cmd, data);
1958 break;
1959
1960 case L2CAP_CONN_RSP:
1961 err = l2cap_connect_rsp(conn, &cmd, data);
1962 break;
1963
1964 case L2CAP_CONF_REQ:
Al Viro88219a02007-07-29 00:17:25 -07001965 err = l2cap_config_req(conn, &cmd, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001966 break;
1967
1968 case L2CAP_CONF_RSP:
1969 err = l2cap_config_rsp(conn, &cmd, data);
1970 break;
1971
1972 case L2CAP_DISCONN_REQ:
1973 err = l2cap_disconnect_req(conn, &cmd, data);
1974 break;
1975
1976 case L2CAP_DISCONN_RSP:
1977 err = l2cap_disconnect_rsp(conn, &cmd, data);
1978 break;
1979
1980 case L2CAP_ECHO_REQ:
Al Viro88219a02007-07-29 00:17:25 -07001981 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001982 break;
1983
1984 case L2CAP_ECHO_RSP:
1985 break;
1986
1987 case L2CAP_INFO_REQ:
1988 err = l2cap_information_req(conn, &cmd, data);
1989 break;
1990
1991 case L2CAP_INFO_RSP:
1992 err = l2cap_information_rsp(conn, &cmd, data);
1993 break;
1994
1995 default:
1996 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
1997 err = -EINVAL;
1998 break;
1999 }
2000
2001 if (err) {
2002 struct l2cap_cmd_rej rej;
2003 BT_DBG("error %d", err);
2004
2005 /* FIXME: Map err to a valid reason */
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002006 rej.reason = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002007 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2008 }
2009
Al Viro88219a02007-07-29 00:17:25 -07002010 data += cmd_len;
2011 len -= cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002012 }
2013
2014 kfree_skb(skb);
2015}
2016
2017static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2018{
2019 struct sock *sk;
2020
2021 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2022 if (!sk) {
2023 BT_DBG("unknown cid 0x%4.4x", cid);
2024 goto drop;
2025 }
2026
2027 BT_DBG("sk %p, len %d", sk, skb->len);
2028
2029 if (sk->sk_state != BT_CONNECTED)
2030 goto drop;
2031
2032 if (l2cap_pi(sk)->imtu < skb->len)
2033 goto drop;
2034
2035 /* If socket recv buffers overflows we drop data here
2036 * which is *bad* because L2CAP has to be reliable.
2037 * But we don't have any other choice. L2CAP doesn't
2038 * provide flow control mechanism. */
2039
2040 if (!sock_queue_rcv_skb(sk, skb))
2041 goto done;
2042
2043drop:
2044 kfree_skb(skb);
2045
2046done:
Marcel Holtmann01394182006-07-03 10:02:46 +02002047 if (sk)
2048 bh_unlock_sock(sk);
2049
Linus Torvalds1da177e2005-04-16 15:20:36 -07002050 return 0;
2051}
2052
Al Viro8e036fc2007-07-29 00:16:36 -07002053static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002054{
2055 struct sock *sk;
2056
2057 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2058 if (!sk)
2059 goto drop;
2060
2061 BT_DBG("sk %p, len %d", sk, skb->len);
2062
2063 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2064 goto drop;
2065
2066 if (l2cap_pi(sk)->imtu < skb->len)
2067 goto drop;
2068
2069 if (!sock_queue_rcv_skb(sk, skb))
2070 goto done;
2071
2072drop:
2073 kfree_skb(skb);
2074
2075done:
2076 if (sk) bh_unlock_sock(sk);
2077 return 0;
2078}
2079
2080static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2081{
2082 struct l2cap_hdr *lh = (void *) skb->data;
Al Viro8e036fc2007-07-29 00:16:36 -07002083 u16 cid, len;
2084 __le16 psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002085
2086 skb_pull(skb, L2CAP_HDR_SIZE);
2087 cid = __le16_to_cpu(lh->cid);
2088 len = __le16_to_cpu(lh->len);
2089
2090 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2091
2092 switch (cid) {
2093 case 0x0001:
2094 l2cap_sig_channel(conn, skb);
2095 break;
2096
2097 case 0x0002:
Al Viro8e036fc2007-07-29 00:16:36 -07002098 psm = get_unaligned((__le16 *) skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002099 skb_pull(skb, 2);
2100 l2cap_conless_channel(conn, psm, skb);
2101 break;
2102
2103 default:
2104 l2cap_data_channel(conn, cid, skb);
2105 break;
2106 }
2107}
2108
2109/* ---- L2CAP interface with lower layer (HCI) ---- */
2110
2111static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2112{
2113 int exact = 0, lm1 = 0, lm2 = 0;
2114 register struct sock *sk;
2115 struct hlist_node *node;
2116
2117 if (type != ACL_LINK)
2118 return 0;
2119
2120 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2121
2122 /* Find listening sockets and check their link_mode */
2123 read_lock(&l2cap_sk_list.lock);
2124 sk_for_each(sk, node, &l2cap_sk_list.head) {
2125 if (sk->sk_state != BT_LISTEN)
2126 continue;
2127
2128 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2129 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2130 exact++;
2131 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
2132 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2133 }
2134 read_unlock(&l2cap_sk_list.lock);
2135
2136 return exact ? lm1 : lm2;
2137}
2138
2139static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2140{
Marcel Holtmann01394182006-07-03 10:02:46 +02002141 struct l2cap_conn *conn;
2142
Linus Torvalds1da177e2005-04-16 15:20:36 -07002143 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2144
2145 if (hcon->type != ACL_LINK)
2146 return 0;
2147
2148 if (!status) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002149 conn = l2cap_conn_add(hcon, status);
2150 if (conn)
2151 l2cap_conn_ready(conn);
Marcel Holtmann01394182006-07-03 10:02:46 +02002152 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07002153 l2cap_conn_del(hcon, bt_err(status));
2154
2155 return 0;
2156}
2157
2158static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2159{
2160 BT_DBG("hcon %p reason %d", hcon, reason);
2161
2162 if (hcon->type != ACL_LINK)
2163 return 0;
2164
2165 l2cap_conn_del(hcon, bt_err(reason));
Marcel Holtmann01394182006-07-03 10:02:46 +02002166
Linus Torvalds1da177e2005-04-16 15:20:36 -07002167 return 0;
2168}
2169
2170static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2171{
2172 struct l2cap_chan_list *l;
Marcel Holtmann40be4922008-07-14 20:13:50 +02002173 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002174 struct sock *sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002175
Marcel Holtmann01394182006-07-03 10:02:46 +02002176 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002177 return 0;
Marcel Holtmann01394182006-07-03 10:02:46 +02002178
Linus Torvalds1da177e2005-04-16 15:20:36 -07002179 l = &conn->chan_list;
2180
2181 BT_DBG("conn %p", conn);
2182
2183 read_lock(&l->lock);
2184
2185 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
Marcel Holtmann40be4922008-07-14 20:13:50 +02002186 struct l2cap_pinfo *pi = l2cap_pi(sk);
2187
Linus Torvalds1da177e2005-04-16 15:20:36 -07002188 bh_lock_sock(sk);
2189
Marcel Holtmann40be4922008-07-14 20:13:50 +02002190 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002191 !(hcon->link_mode & HCI_LM_ENCRYPT) &&
2192 !status) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002193 bh_unlock_sock(sk);
2194 continue;
2195 }
2196
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002197 if (sk->sk_state == BT_CONNECT) {
2198 if (!status) {
2199 struct l2cap_conn_req req;
2200 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2201 req.psm = l2cap_pi(sk)->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002202
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002203 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2204
2205 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2206 L2CAP_CONN_REQ, sizeof(req), &req);
2207 } else {
2208 l2cap_sock_clear_timer(sk);
2209 l2cap_sock_set_timer(sk, HZ / 10);
2210 }
2211 } else if (sk->sk_state == BT_CONNECT2) {
2212 struct l2cap_conn_rsp rsp;
2213 __u16 result;
2214
2215 if (!status) {
2216 sk->sk_state = BT_CONFIG;
2217 result = L2CAP_CR_SUCCESS;
2218 } else {
2219 sk->sk_state = BT_DISCONN;
2220 l2cap_sock_set_timer(sk, HZ / 10);
2221 result = L2CAP_CR_SEC_BLOCK;
2222 }
2223
2224 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2225 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2226 rsp.result = cpu_to_le16(result);
2227 rsp.status = cpu_to_le16(0);
2228 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2229 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2230 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002231
2232 bh_unlock_sock(sk);
2233 }
2234
2235 read_unlock(&l->lock);
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002236
Linus Torvalds1da177e2005-04-16 15:20:36 -07002237 return 0;
2238}
2239
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002240static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002241{
2242 struct l2cap_chan_list *l;
Marcel Holtmann01394182006-07-03 10:02:46 +02002243 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002244 struct sock *sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002245
Marcel Holtmann01394182006-07-03 10:02:46 +02002246 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002247 return 0;
Marcel Holtmann01394182006-07-03 10:02:46 +02002248
Linus Torvalds1da177e2005-04-16 15:20:36 -07002249 l = &conn->chan_list;
2250
2251 BT_DBG("conn %p", conn);
2252
2253 read_lock(&l->lock);
2254
2255 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002256 struct l2cap_pinfo *pi = l2cap_pi(sk);
2257
Linus Torvalds1da177e2005-04-16 15:20:36 -07002258 bh_lock_sock(sk);
2259
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002260 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2261 (sk->sk_state == BT_CONNECTED ||
2262 sk->sk_state == BT_CONFIG) &&
2263 !status && encrypt == 0x00) {
2264 __l2cap_sock_close(sk, ECONNREFUSED);
2265 bh_unlock_sock(sk);
2266 continue;
2267 }
2268
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002269 if (sk->sk_state == BT_CONNECT) {
2270 if (!status) {
2271 struct l2cap_conn_req req;
2272 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2273 req.psm = l2cap_pi(sk)->psm;
2274
2275 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2276
2277 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2278 L2CAP_CONN_REQ, sizeof(req), &req);
2279 } else {
2280 l2cap_sock_clear_timer(sk);
2281 l2cap_sock_set_timer(sk, HZ / 10);
2282 }
2283 } else if (sk->sk_state == BT_CONNECT2) {
2284 struct l2cap_conn_rsp rsp;
2285 __u16 result;
2286
2287 if (!status) {
2288 sk->sk_state = BT_CONFIG;
2289 result = L2CAP_CR_SUCCESS;
2290 } else {
2291 sk->sk_state = BT_DISCONN;
2292 l2cap_sock_set_timer(sk, HZ / 10);
2293 result = L2CAP_CR_SEC_BLOCK;
2294 }
2295
2296 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2297 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2298 rsp.result = cpu_to_le16(result);
2299 rsp.status = cpu_to_le16(0);
2300 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2301 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002302 }
2303
Linus Torvalds1da177e2005-04-16 15:20:36 -07002304 bh_unlock_sock(sk);
2305 }
2306
2307 read_unlock(&l->lock);
Marcel Holtmannb1235d72008-07-14 20:13:54 +02002308
Linus Torvalds1da177e2005-04-16 15:20:36 -07002309 return 0;
2310}
2311
2312static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2313{
2314 struct l2cap_conn *conn = hcon->l2cap_data;
2315
2316 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2317 goto drop;
2318
2319 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2320
2321 if (flags & ACL_START) {
2322 struct l2cap_hdr *hdr;
2323 int len;
2324
2325 if (conn->rx_len) {
2326 BT_ERR("Unexpected start frame (len %d)", skb->len);
2327 kfree_skb(conn->rx_skb);
2328 conn->rx_skb = NULL;
2329 conn->rx_len = 0;
2330 l2cap_conn_unreliable(conn, ECOMM);
2331 }
2332
2333 if (skb->len < 2) {
2334 BT_ERR("Frame is too short (len %d)", skb->len);
2335 l2cap_conn_unreliable(conn, ECOMM);
2336 goto drop;
2337 }
2338
2339 hdr = (struct l2cap_hdr *) skb->data;
2340 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2341
2342 if (len == skb->len) {
2343 /* Complete frame received */
2344 l2cap_recv_frame(conn, skb);
2345 return 0;
2346 }
2347
2348 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2349
2350 if (skb->len > len) {
2351 BT_ERR("Frame is too long (len %d, expected len %d)",
2352 skb->len, len);
2353 l2cap_conn_unreliable(conn, ECOMM);
2354 goto drop;
2355 }
2356
2357 /* Allocate skb for the complete frame (with header) */
2358 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2359 goto drop;
2360
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002361 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2362 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002363 conn->rx_len = len - skb->len;
2364 } else {
2365 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2366
2367 if (!conn->rx_len) {
2368 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2369 l2cap_conn_unreliable(conn, ECOMM);
2370 goto drop;
2371 }
2372
2373 if (skb->len > conn->rx_len) {
2374 BT_ERR("Fragment is too long (len %d, expected %d)",
2375 skb->len, conn->rx_len);
2376 kfree_skb(conn->rx_skb);
2377 conn->rx_skb = NULL;
2378 conn->rx_len = 0;
2379 l2cap_conn_unreliable(conn, ECOMM);
2380 goto drop;
2381 }
2382
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002383 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2384 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002385 conn->rx_len -= skb->len;
2386
2387 if (!conn->rx_len) {
2388 /* Complete frame received */
2389 l2cap_recv_frame(conn, conn->rx_skb);
2390 conn->rx_skb = NULL;
2391 }
2392 }
2393
2394drop:
2395 kfree_skb(skb);
2396 return 0;
2397}
2398
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002399static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002400{
2401 struct sock *sk;
2402 struct hlist_node *node;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002403 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002404
2405 read_lock_bh(&l2cap_sk_list.lock);
2406
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002407 sk_for_each(sk, node, &l2cap_sk_list.head) {
2408 struct l2cap_pinfo *pi = l2cap_pi(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002409
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002410 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2411 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
Marcel Holtmann73863972007-01-22 22:00:40 +01002412 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2413 pi->imtu, pi->omtu, pi->link_mode);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002414 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002415
Linus Torvalds1da177e2005-04-16 15:20:36 -07002416 read_unlock_bh(&l2cap_sk_list.lock);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002417
2418 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002419}
2420
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002421static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002422
Eric Dumazet90ddc4f2005-12-22 12:49:22 -08002423static const struct proto_ops l2cap_sock_ops = {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002424 .family = PF_BLUETOOTH,
2425 .owner = THIS_MODULE,
2426 .release = l2cap_sock_release,
2427 .bind = l2cap_sock_bind,
2428 .connect = l2cap_sock_connect,
2429 .listen = l2cap_sock_listen,
2430 .accept = l2cap_sock_accept,
2431 .getname = l2cap_sock_getname,
2432 .sendmsg = l2cap_sock_sendmsg,
2433 .recvmsg = bt_sock_recvmsg,
2434 .poll = bt_sock_poll,
Marcel Holtmann3241ad82008-07-14 20:13:50 +02002435 .ioctl = bt_sock_ioctl,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002436 .mmap = sock_no_mmap,
2437 .socketpair = sock_no_socketpair,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002438 .shutdown = l2cap_sock_shutdown,
2439 .setsockopt = l2cap_sock_setsockopt,
2440 .getsockopt = l2cap_sock_getsockopt
2441};
2442
2443static struct net_proto_family l2cap_sock_family_ops = {
2444 .family = PF_BLUETOOTH,
2445 .owner = THIS_MODULE,
2446 .create = l2cap_sock_create,
2447};
2448
2449static struct hci_proto l2cap_hci_proto = {
2450 .name = "L2CAP",
2451 .id = HCI_PROTO_L2CAP,
2452 .connect_ind = l2cap_connect_ind,
2453 .connect_cfm = l2cap_connect_cfm,
2454 .disconn_ind = l2cap_disconn_ind,
2455 .auth_cfm = l2cap_auth_cfm,
2456 .encrypt_cfm = l2cap_encrypt_cfm,
2457 .recv_acldata = l2cap_recv_acldata
2458};
2459
2460static int __init l2cap_init(void)
2461{
2462 int err;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002463
Linus Torvalds1da177e2005-04-16 15:20:36 -07002464 err = proto_register(&l2cap_proto, 0);
2465 if (err < 0)
2466 return err;
2467
2468 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2469 if (err < 0) {
2470 BT_ERR("L2CAP socket registration failed");
2471 goto error;
2472 }
2473
2474 err = hci_register_proto(&l2cap_hci_proto);
2475 if (err < 0) {
2476 BT_ERR("L2CAP protocol registration failed");
2477 bt_sock_unregister(BTPROTO_L2CAP);
2478 goto error;
2479 }
2480
Marcel Holtmanndf5c37e2006-10-15 17:30:45 +02002481 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2482 BT_ERR("Failed to create L2CAP info file");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002483
2484 BT_INFO("L2CAP ver %s", VERSION);
2485 BT_INFO("L2CAP socket layer initialized");
2486
2487 return 0;
2488
2489error:
2490 proto_unregister(&l2cap_proto);
2491 return err;
2492}
2493
2494static void __exit l2cap_exit(void)
2495{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +02002496 class_remove_file(bt_class, &class_attr_l2cap);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002497
2498 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2499 BT_ERR("L2CAP socket unregistration failed");
2500
2501 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2502 BT_ERR("L2CAP protocol unregistration failed");
2503
2504 proto_unregister(&l2cap_proto);
2505}
2506
2507void l2cap_load(void)
2508{
2509 /* Dummy function to trigger automatic L2CAP module loading by
2510 * other modules that use L2CAP sockets but don't use any other
2511 * symbols from it. */
2512 return;
2513}
2514EXPORT_SYMBOL(l2cap_load);
2515
2516module_init(l2cap_init);
2517module_exit(l2cap_exit);
2518
Marcel Holtmann63fbd242008-08-18 13:23:53 +02002519MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002520MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2521MODULE_VERSION(VERSION);
2522MODULE_LICENSE("GPL");
2523MODULE_ALIAS("bt-proto-0");