1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth L2CAP core and sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/uaccess.h>
44 #include <net/sock.h>
45
46 #include <asm/system.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52
53 #define VERSION "2.13"
54
55 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
56 static u8 l2cap_fixed_chan[8] = { 0x02, };
57
58 static const struct proto_ops l2cap_sock_ops;
59
60 static struct bt_sock_list l2cap_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
62 };
63
64 static void __l2cap_sock_close(struct sock *sk, int reason);
65 static void l2cap_sock_close(struct sock *sk);
66 static void l2cap_sock_kill(struct sock *sk);
67
68 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
70
71 /* ---- L2CAP timers ---- */
72 static void l2cap_sock_timeout(unsigned long arg)
73 {
74 struct sock *sk = (struct sock *) arg;
75 int reason;
76
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
78
79 bh_lock_sock(sk);
80
81 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
84 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
85 reason = ECONNREFUSED;
86 else
87 reason = ETIMEDOUT;
88
89 __l2cap_sock_close(sk, reason);
90
91 bh_unlock_sock(sk);
92
93 l2cap_sock_kill(sk);
94 sock_put(sk);
95 }
96
97 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
98 {
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
101 }
102
103 static void l2cap_sock_clear_timer(struct sock *sk)
104 {
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
107 }
108
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
111 {
112 struct sock *s;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
115 break;
116 }
117 return s;
118 }
119
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
121 {
122 struct sock *s;
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
125 break;
126 }
127 return s;
128 }
129
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
133 {
134 struct sock *s;
135 read_lock(&l->lock);
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s)
138 bh_lock_sock(s);
139 read_unlock(&l->lock);
140 return s;
141 }
142
143 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
144 {
145 struct sock *s;
146 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
147 if (l2cap_pi(s)->ident == ident)
148 break;
149 }
150 return s;
151 }
152
153 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
154 {
155 struct sock *s;
156 read_lock(&l->lock);
157 s = __l2cap_get_chan_by_ident(l, ident);
158 if (s)
159 bh_lock_sock(s);
160 read_unlock(&l->lock);
161 return s;
162 }
163
164 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
165 {
166 u16 cid = L2CAP_CID_DYN_START;
167
168 for (; cid < L2CAP_CID_DYN_END; cid++) {
169 if (!__l2cap_get_chan_by_scid(l, cid))
170 return cid;
171 }
172
173 return 0;
174 }
175
176 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
177 {
178 sock_hold(sk);
179
180 if (l->head)
181 l2cap_pi(l->head)->prev_c = sk;
182
183 l2cap_pi(sk)->next_c = l->head;
184 l2cap_pi(sk)->prev_c = NULL;
185 l->head = sk;
186 }
187
188 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
189 {
190 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
191
192 write_lock_bh(&l->lock);
193 if (sk == l->head)
194 l->head = next;
195
196 if (next)
197 l2cap_pi(next)->prev_c = prev;
198 if (prev)
199 l2cap_pi(prev)->next_c = next;
200 write_unlock_bh(&l->lock);
201
202 __sock_put(sk);
203 }
204
205 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
206 {
207 struct l2cap_chan_list *l = &conn->chan_list;
208
209 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
210 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
211
212 conn->disc_reason = 0x13;
213
214 l2cap_pi(sk)->conn = conn;
215
216 if (sk->sk_type == SOCK_SEQPACKET) {
217 /* Alloc CID for connection-oriented socket */
218 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
219 } else if (sk->sk_type == SOCK_DGRAM) {
220 /* Connectionless socket */
221 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
222 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
223 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
224 } else {
225 /* Raw socket can send/recv signalling messages only */
226 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
227 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
228 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
229 }
230
231 __l2cap_chan_link(l, sk);
232
233 if (parent)
234 bt_accept_enqueue(parent, sk);
235 }
236
237 /* Delete channel.
238 * Must be called on the locked socket. */
239 static void l2cap_chan_del(struct sock *sk, int err)
240 {
241 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
242 struct sock *parent = bt_sk(sk)->parent;
243
244 l2cap_sock_clear_timer(sk);
245
246 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
247
248 if (conn) {
249 /* Unlink from channel list */
250 l2cap_chan_unlink(&conn->chan_list, sk);
251 l2cap_pi(sk)->conn = NULL;
252 hci_conn_put(conn->hcon);
253 }
254
255 sk->sk_state = BT_CLOSED;
256 sock_set_flag(sk, SOCK_ZAPPED);
257
258 if (err)
259 sk->sk_err = err;
260
261 if (parent) {
262 bt_accept_unlink(sk);
263 parent->sk_data_ready(parent, 0);
264 } else
265 sk->sk_state_change(sk);
266 }
267
268 /* Service level security */
269 static inline int l2cap_check_security(struct sock *sk)
270 {
271 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
272 __u8 auth_type;
273
274 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
275 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
276 auth_type = HCI_AT_NO_BONDING_MITM;
277 else
278 auth_type = HCI_AT_NO_BONDING;
279
280 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
281 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
282 } else {
283 switch (l2cap_pi(sk)->sec_level) {
284 case BT_SECURITY_HIGH:
285 auth_type = HCI_AT_GENERAL_BONDING_MITM;
286 break;
287 case BT_SECURITY_MEDIUM:
288 auth_type = HCI_AT_GENERAL_BONDING;
289 break;
290 default:
291 auth_type = HCI_AT_NO_BONDING;
292 break;
293 }
294 }
295
296 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
297 auth_type);
298 }
299
300 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
301 {
302 u8 id;
303
304 /* Get next available identificator.
305 * 1 - 128 are used by kernel.
306 * 129 - 199 are reserved.
307 * 200 - 254 are used by utilities like l2ping, etc.
308 */
309
310 spin_lock_bh(&conn->lock);
311
312 if (++conn->tx_ident > 128)
313 conn->tx_ident = 1;
314
315 id = conn->tx_ident;
316
317 spin_unlock_bh(&conn->lock);
318
319 return id;
320 }
321
322 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
323 {
324 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
325
326 BT_DBG("code 0x%2.2x", code);
327
328 if (!skb)
329 return -ENOMEM;
330
331 return hci_send_acl(conn->hcon, skb, 0);
332 }
333
334 static void l2cap_do_start(struct sock *sk)
335 {
336 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
337
338 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
339 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
340 return;
341
342 if (l2cap_check_security(sk)) {
343 struct l2cap_conn_req req;
344 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
345 req.psm = l2cap_pi(sk)->psm;
346
347 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
348
349 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
350 L2CAP_CONN_REQ, sizeof(req), &req);
351 }
352 } else {
353 struct l2cap_info_req req;
354 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
355
356 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
357 conn->info_ident = l2cap_get_ident(conn);
358
359 mod_timer(&conn->info_timer, jiffies +
360 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
361
362 l2cap_send_cmd(conn, conn->info_ident,
363 L2CAP_INFO_REQ, sizeof(req), &req);
364 }
365 }
366
367 /* ---- L2CAP connections ---- */
368 static void l2cap_conn_start(struct l2cap_conn *conn)
369 {
370 struct l2cap_chan_list *l = &conn->chan_list;
371 struct sock *sk;
372
373 BT_DBG("conn %p", conn);
374
375 read_lock(&l->lock);
376
377 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
378 bh_lock_sock(sk);
379
380 if (sk->sk_type != SOCK_SEQPACKET) {
381 bh_unlock_sock(sk);
382 continue;
383 }
384
385 if (sk->sk_state == BT_CONNECT) {
386 if (l2cap_check_security(sk)) {
387 struct l2cap_conn_req req;
388 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
389 req.psm = l2cap_pi(sk)->psm;
390
391 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
392
393 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
394 L2CAP_CONN_REQ, sizeof(req), &req);
395 }
396 } else if (sk->sk_state == BT_CONNECT2) {
397 struct l2cap_conn_rsp rsp;
398 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
399 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
400
401 if (l2cap_check_security(sk)) {
402 if (bt_sk(sk)->defer_setup) {
403 struct sock *parent = bt_sk(sk)->parent;
404 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
405 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
406 parent->sk_data_ready(parent, 0);
407
408 } else {
409 sk->sk_state = BT_CONFIG;
410 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
411 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
412 }
413 } else {
414 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
415 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
416 }
417
418 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
419 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
420 }
421
422 bh_unlock_sock(sk);
423 }
424
425 read_unlock(&l->lock);
426 }
427
428 static void l2cap_conn_ready(struct l2cap_conn *conn)
429 {
430 struct l2cap_chan_list *l = &conn->chan_list;
431 struct sock *sk;
432
433 BT_DBG("conn %p", conn);
434
435 read_lock(&l->lock);
436
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
438 bh_lock_sock(sk);
439
440 if (sk->sk_type != SOCK_SEQPACKET) {
441 l2cap_sock_clear_timer(sk);
442 sk->sk_state = BT_CONNECTED;
443 sk->sk_state_change(sk);
444 } else if (sk->sk_state == BT_CONNECT)
445 l2cap_do_start(sk);
446
447 bh_unlock_sock(sk);
448 }
449
450 read_unlock(&l->lock);
451 }
452
453 /* Notify sockets that we cannot guaranty reliability anymore */
454 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
455 {
456 struct l2cap_chan_list *l = &conn->chan_list;
457 struct sock *sk;
458
459 BT_DBG("conn %p", conn);
460
461 read_lock(&l->lock);
462
463 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
464 if (l2cap_pi(sk)->force_reliable)
465 sk->sk_err = err;
466 }
467
468 read_unlock(&l->lock);
469 }
470
471 static void l2cap_info_timeout(unsigned long arg)
472 {
473 struct l2cap_conn *conn = (void *) arg;
474
475 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
476 conn->info_ident = 0;
477
478 l2cap_conn_start(conn);
479 }
480
481 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
482 {
483 struct l2cap_conn *conn = hcon->l2cap_data;
484
485 if (conn || status)
486 return conn;
487
488 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
489 if (!conn)
490 return NULL;
491
492 hcon->l2cap_data = conn;
493 conn->hcon = hcon;
494
495 BT_DBG("hcon %p conn %p", hcon, conn);
496
497 conn->mtu = hcon->hdev->acl_mtu;
498 conn->src = &hcon->hdev->bdaddr;
499 conn->dst = &hcon->dst;
500
501 conn->feat_mask = 0;
502
503 setup_timer(&conn->info_timer, l2cap_info_timeout,
504 (unsigned long) conn);
505
506 spin_lock_init(&conn->lock);
507 rwlock_init(&conn->chan_list.lock);
508
509 conn->disc_reason = 0x13;
510
511 return conn;
512 }
513
514 static void l2cap_conn_del(struct hci_conn *hcon, int err)
515 {
516 struct l2cap_conn *conn = hcon->l2cap_data;
517 struct sock *sk;
518
519 if (!conn)
520 return;
521
522 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
523
524 kfree_skb(conn->rx_skb);
525
526 /* Kill channels */
527 while ((sk = conn->chan_list.head)) {
528 bh_lock_sock(sk);
529 l2cap_chan_del(sk, err);
530 bh_unlock_sock(sk);
531 l2cap_sock_kill(sk);
532 }
533
534 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
535 del_timer_sync(&conn->info_timer);
536
537 hcon->l2cap_data = NULL;
538 kfree(conn);
539 }
540
541 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
542 {
543 struct l2cap_chan_list *l = &conn->chan_list;
544 write_lock_bh(&l->lock);
545 __l2cap_chan_add(conn, sk, parent);
546 write_unlock_bh(&l->lock);
547 }
548
549 /* ---- Socket interface ---- */
550 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
551 {
552 struct sock *sk;
553 struct hlist_node *node;
554 sk_for_each(sk, node, &l2cap_sk_list.head)
555 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
556 goto found;
557 sk = NULL;
558 found:
559 return sk;
560 }
561
562 /* Find socket with psm and source bdaddr.
563 * Returns closest match.
564 */
565 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
566 {
567 struct sock *sk = NULL, *sk1 = NULL;
568 struct hlist_node *node;
569
570 sk_for_each(sk, node, &l2cap_sk_list.head) {
571 if (state && sk->sk_state != state)
572 continue;
573
574 if (l2cap_pi(sk)->psm == psm) {
575 /* Exact match. */
576 if (!bacmp(&bt_sk(sk)->src, src))
577 break;
578
579 /* Closest match */
580 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
581 sk1 = sk;
582 }
583 }
584 return node ? sk : sk1;
585 }
586
587 /* Find socket with given address (psm, src).
588 * Returns locked socket */
589 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
590 {
591 struct sock *s;
592 read_lock(&l2cap_sk_list.lock);
593 s = __l2cap_get_sock_by_psm(state, psm, src);
594 if (s)
595 bh_lock_sock(s);
596 read_unlock(&l2cap_sk_list.lock);
597 return s;
598 }
599
600 static void l2cap_sock_destruct(struct sock *sk)
601 {
602 BT_DBG("sk %p", sk);
603
604 skb_queue_purge(&sk->sk_receive_queue);
605 skb_queue_purge(&sk->sk_write_queue);
606 }
607
608 static void l2cap_sock_cleanup_listen(struct sock *parent)
609 {
610 struct sock *sk;
611
612 BT_DBG("parent %p", parent);
613
614 /* Close not yet accepted channels */
615 while ((sk = bt_accept_dequeue(parent, NULL)))
616 l2cap_sock_close(sk);
617
618 parent->sk_state = BT_CLOSED;
619 sock_set_flag(parent, SOCK_ZAPPED);
620 }
621
622 /* Kill socket (only if zapped and orphan)
623 * Must be called on unlocked socket.
624 */
625 static void l2cap_sock_kill(struct sock *sk)
626 {
627 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
628 return;
629
630 BT_DBG("sk %p state %d", sk, sk->sk_state);
631
632 /* Kill poor orphan */
633 bt_sock_unlink(&l2cap_sk_list, sk);
634 sock_set_flag(sk, SOCK_DEAD);
635 sock_put(sk);
636 }
637
638 static void __l2cap_sock_close(struct sock *sk, int reason)
639 {
640 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
641
642 switch (sk->sk_state) {
643 case BT_LISTEN:
644 l2cap_sock_cleanup_listen(sk);
645 break;
646
647 case BT_CONNECTED:
648 case BT_CONFIG:
649 if (sk->sk_type == SOCK_SEQPACKET) {
650 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
651 struct l2cap_disconn_req req;
652
653 sk->sk_state = BT_DISCONN;
654 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
655
656 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
657 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
658 l2cap_send_cmd(conn, l2cap_get_ident(conn),
659 L2CAP_DISCONN_REQ, sizeof(req), &req);
660 } else
661 l2cap_chan_del(sk, reason);
662 break;
663
664 case BT_CONNECT2:
665 if (sk->sk_type == SOCK_SEQPACKET) {
666 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
667 struct l2cap_conn_rsp rsp;
668 __u16 result;
669
670 if (bt_sk(sk)->defer_setup)
671 result = L2CAP_CR_SEC_BLOCK;
672 else
673 result = L2CAP_CR_BAD_PSM;
674
675 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
676 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
677 rsp.result = cpu_to_le16(result);
678 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
679 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
680 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
681 } else
682 l2cap_chan_del(sk, reason);
683 break;
684
685 case BT_CONNECT:
686 case BT_DISCONN:
687 l2cap_chan_del(sk, reason);
688 break;
689
690 default:
691 sock_set_flag(sk, SOCK_ZAPPED);
692 break;
693 }
694 }
695
696 /* Must be called on unlocked socket. */
697 static void l2cap_sock_close(struct sock *sk)
698 {
699 l2cap_sock_clear_timer(sk);
700 lock_sock(sk);
701 __l2cap_sock_close(sk, ECONNRESET);
702 release_sock(sk);
703 l2cap_sock_kill(sk);
704 }
705
706 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
707 {
708 struct l2cap_pinfo *pi = l2cap_pi(sk);
709
710 BT_DBG("sk %p", sk);
711
712 if (parent) {
713 sk->sk_type = parent->sk_type;
714 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
715
716 pi->imtu = l2cap_pi(parent)->imtu;
717 pi->omtu = l2cap_pi(parent)->omtu;
718 pi->sec_level = l2cap_pi(parent)->sec_level;
719 pi->role_switch = l2cap_pi(parent)->role_switch;
720 pi->force_reliable = l2cap_pi(parent)->force_reliable;
721 } else {
722 pi->imtu = L2CAP_DEFAULT_MTU;
723 pi->omtu = 0;
724 pi->sec_level = BT_SECURITY_LOW;
725 pi->role_switch = 0;
726 pi->force_reliable = 0;
727 }
728
729 /* Default config options */
730 pi->conf_len = 0;
731 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
732 }
733
734 static struct proto l2cap_proto = {
735 .name = "L2CAP",
736 .owner = THIS_MODULE,
737 .obj_size = sizeof(struct l2cap_pinfo)
738 };
739
740 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
741 {
742 struct sock *sk;
743
744 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
745 if (!sk)
746 return NULL;
747
748 sock_init_data(sock, sk);
749 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
750
751 sk->sk_destruct = l2cap_sock_destruct;
752 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
753
754 sock_reset_flag(sk, SOCK_ZAPPED);
755
756 sk->sk_protocol = proto;
757 sk->sk_state = BT_OPEN;
758
759 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
760
761 bt_sock_link(&l2cap_sk_list, sk);
762 return sk;
763 }
764
765 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
766 {
767 struct sock *sk;
768
769 BT_DBG("sock %p", sock);
770
771 sock->state = SS_UNCONNECTED;
772
773 if (sock->type != SOCK_SEQPACKET &&
774 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
775 return -ESOCKTNOSUPPORT;
776
777 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
778 return -EPERM;
779
780 sock->ops = &l2cap_sock_ops;
781
782 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
783 if (!sk)
784 return -ENOMEM;
785
786 l2cap_sock_init(sk, NULL);
787 return 0;
788 }
789
790 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
791 {
792 struct sock *sk = sock->sk;
793 struct sockaddr_l2 la;
794 int len, err = 0;
795
796 BT_DBG("sk %p", sk);
797
798 if (!addr || addr->sa_family != AF_BLUETOOTH)
799 return -EINVAL;
800
801 memset(&la, 0, sizeof(la));
802 len = min_t(unsigned int, sizeof(la), alen);
803 memcpy(&la, addr, len);
804
805 if (la.l2_cid)
806 return -EINVAL;
807
808 lock_sock(sk);
809
810 if (sk->sk_state != BT_OPEN) {
811 err = -EBADFD;
812 goto done;
813 }
814
815 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
816 !capable(CAP_NET_BIND_SERVICE)) {
817 err = -EACCES;
818 goto done;
819 }
820
821 write_lock_bh(&l2cap_sk_list.lock);
822
823 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
824 err = -EADDRINUSE;
825 } else {
826 /* Save source address */
827 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
828 l2cap_pi(sk)->psm = la.l2_psm;
829 l2cap_pi(sk)->sport = la.l2_psm;
830 sk->sk_state = BT_BOUND;
831
832 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
833 __le16_to_cpu(la.l2_psm) == 0x0003)
834 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
835 }
836
837 write_unlock_bh(&l2cap_sk_list.lock);
838
839 done:
840 release_sock(sk);
841 return err;
842 }
843
844 static int l2cap_do_connect(struct sock *sk)
845 {
846 bdaddr_t *src = &bt_sk(sk)->src;
847 bdaddr_t *dst = &bt_sk(sk)->dst;
848 struct l2cap_conn *conn;
849 struct hci_conn *hcon;
850 struct hci_dev *hdev;
851 __u8 auth_type;
852 int err;
853
854 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
855 l2cap_pi(sk)->psm);
856
857 hdev = hci_get_route(dst, src);
858 if (!hdev)
859 return -EHOSTUNREACH;
860
861 hci_dev_lock_bh(hdev);
862
863 err = -ENOMEM;
864
865 if (sk->sk_type == SOCK_RAW) {
866 switch (l2cap_pi(sk)->sec_level) {
867 case BT_SECURITY_HIGH:
868 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
869 break;
870 case BT_SECURITY_MEDIUM:
871 auth_type = HCI_AT_DEDICATED_BONDING;
872 break;
873 default:
874 auth_type = HCI_AT_NO_BONDING;
875 break;
876 }
877 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
878 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
879 auth_type = HCI_AT_NO_BONDING_MITM;
880 else
881 auth_type = HCI_AT_NO_BONDING;
882
883 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
884 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
885 } else {
886 switch (l2cap_pi(sk)->sec_level) {
887 case BT_SECURITY_HIGH:
888 auth_type = HCI_AT_GENERAL_BONDING_MITM;
889 break;
890 case BT_SECURITY_MEDIUM:
891 auth_type = HCI_AT_GENERAL_BONDING;
892 break;
893 default:
894 auth_type = HCI_AT_NO_BONDING;
895 break;
896 }
897 }
898
899 hcon = hci_connect(hdev, ACL_LINK, dst,
900 l2cap_pi(sk)->sec_level, auth_type);
901 if (!hcon)
902 goto done;
903
904 conn = l2cap_conn_add(hcon, 0);
905 if (!conn) {
906 hci_conn_put(hcon);
907 goto done;
908 }
909
910 err = 0;
911
912 /* Update source addr of the socket */
913 bacpy(src, conn->src);
914
915 l2cap_chan_add(conn, sk, NULL);
916
917 sk->sk_state = BT_CONNECT;
918 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
919
920 if (hcon->state == BT_CONNECTED) {
921 if (sk->sk_type != SOCK_SEQPACKET) {
922 l2cap_sock_clear_timer(sk);
923 sk->sk_state = BT_CONNECTED;
924 } else
925 l2cap_do_start(sk);
926 }
927
928 done:
929 hci_dev_unlock_bh(hdev);
930 hci_dev_put(hdev);
931 return err;
932 }
933
934 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
935 {
936 struct sock *sk = sock->sk;
937 struct sockaddr_l2 la;
938 int len, err = 0;
939
940 BT_DBG("sk %p", sk);
941
942 if (!addr || addr->sa_family != AF_BLUETOOTH)
943 return -EINVAL;
944
945 memset(&la, 0, sizeof(la));
946 len = min_t(unsigned int, sizeof(la), alen);
947 memcpy(&la, addr, len);
948
949 if (la.l2_cid)
950 return -EINVAL;
951
952 lock_sock(sk);
953
954 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
955 err = -EINVAL;
956 goto done;
957 }
958
959 switch (sk->sk_state) {
960 case BT_CONNECT:
961 case BT_CONNECT2:
962 case BT_CONFIG:
963 /* Already connecting */
964 goto wait;
965
966 case BT_CONNECTED:
967 /* Already connected */
968 goto done;
969
970 case BT_OPEN:
971 case BT_BOUND:
972 /* Can connect */
973 break;
974
975 default:
976 err = -EBADFD;
977 goto done;
978 }
979
980 /* Set destination address and psm */
981 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
982 l2cap_pi(sk)->psm = la.l2_psm;
983
984 err = l2cap_do_connect(sk);
985 if (err)
986 goto done;
987
988 wait:
989 err = bt_sock_wait_state(sk, BT_CONNECTED,
990 sock_sndtimeo(sk, flags & O_NONBLOCK));
991 done:
992 release_sock(sk);
993 return err;
994 }
995
996 static int l2cap_sock_listen(struct socket *sock, int backlog)
997 {
998 struct sock *sk = sock->sk;
999 int err = 0;
1000
1001 BT_DBG("sk %p backlog %d", sk, backlog);
1002
1003 lock_sock(sk);
1004
1005 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1006 err = -EBADFD;
1007 goto done;
1008 }
1009
1010 if (!l2cap_pi(sk)->psm) {
1011 bdaddr_t *src = &bt_sk(sk)->src;
1012 u16 psm;
1013
1014 err = -EINVAL;
1015
1016 write_lock_bh(&l2cap_sk_list.lock);
1017
1018 for (psm = 0x1001; psm < 0x1100; psm += 2)
1019 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1020 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1021 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1022 err = 0;
1023 break;
1024 }
1025
1026 write_unlock_bh(&l2cap_sk_list.lock);
1027
1028 if (err < 0)
1029 goto done;
1030 }
1031
1032 sk->sk_max_ack_backlog = backlog;
1033 sk->sk_ack_backlog = 0;
1034 sk->sk_state = BT_LISTEN;
1035
1036 done:
1037 release_sock(sk);
1038 return err;
1039 }
1040
1041 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1042 {
1043 DECLARE_WAITQUEUE(wait, current);
1044 struct sock *sk = sock->sk, *nsk;
1045 long timeo;
1046 int err = 0;
1047
1048 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1049
1050 if (sk->sk_state != BT_LISTEN) {
1051 err = -EBADFD;
1052 goto done;
1053 }
1054
1055 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1056
1057 BT_DBG("sk %p timeo %ld", sk, timeo);
1058
1059 /* Wait for an incoming connection. (wake-one). */
1060 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1061 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1062 set_current_state(TASK_INTERRUPTIBLE);
1063 if (!timeo) {
1064 err = -EAGAIN;
1065 break;
1066 }
1067
1068 release_sock(sk);
1069 timeo = schedule_timeout(timeo);
1070 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1071
1072 if (sk->sk_state != BT_LISTEN) {
1073 err = -EBADFD;
1074 break;
1075 }
1076
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1079 break;
1080 }
1081 }
1082 set_current_state(TASK_RUNNING);
1083 remove_wait_queue(sk->sk_sleep, &wait);
1084
1085 if (err)
1086 goto done;
1087
1088 newsock->state = SS_CONNECTED;
1089
1090 BT_DBG("new socket %p", nsk);
1091
1092 done:
1093 release_sock(sk);
1094 return err;
1095 }
1096
1097 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1098 {
1099 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1100 struct sock *sk = sock->sk;
1101
1102 BT_DBG("sock %p, sk %p", sock, sk);
1103
1104 addr->sa_family = AF_BLUETOOTH;
1105 *len = sizeof(struct sockaddr_l2);
1106
1107 if (peer) {
1108 la->l2_psm = l2cap_pi(sk)->psm;
1109 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1110 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1111 } else {
1112 la->l2_psm = l2cap_pi(sk)->sport;
1113 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1114 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1115 }
1116
1117 return 0;
1118 }
1119
1120 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1121 {
1122 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1123 struct sk_buff *skb, **frag;
1124 int err, hlen, count, sent = 0;
1125 struct l2cap_hdr *lh;
1126
1127 BT_DBG("sk %p len %d", sk, len);
1128
1129 /* First fragment (with L2CAP header) */
1130 if (sk->sk_type == SOCK_DGRAM)
1131 hlen = L2CAP_HDR_SIZE + 2;
1132 else
1133 hlen = L2CAP_HDR_SIZE;
1134
1135 count = min_t(unsigned int, (conn->mtu - hlen), len);
1136
1137 skb = bt_skb_send_alloc(sk, hlen + count,
1138 msg->msg_flags & MSG_DONTWAIT, &err);
1139 if (!skb)
1140 return err;
1141
1142 /* Create L2CAP header */
1143 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1144 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1145 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1146
1147 if (sk->sk_type == SOCK_DGRAM)
1148 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1149
1150 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1151 err = -EFAULT;
1152 goto fail;
1153 }
1154
1155 sent += count;
1156 len -= count;
1157
1158 /* Continuation fragments (no L2CAP header) */
1159 frag = &skb_shinfo(skb)->frag_list;
1160 while (len) {
1161 count = min_t(unsigned int, conn->mtu, len);
1162
1163 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1164 if (!*frag)
1165 goto fail;
1166
1167 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1168 err = -EFAULT;
1169 goto fail;
1170 }
1171
1172 sent += count;
1173 len -= count;
1174
1175 frag = &(*frag)->next;
1176 }
1177 err = hci_send_acl(conn->hcon, skb, 0);
1178 if (err < 0)
1179 goto fail;
1180
1181 return sent;
1182
1183 fail:
1184 kfree_skb(skb);
1185 return err;
1186 }
1187
1188 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1189 {
1190 struct sock *sk = sock->sk;
1191 int err = 0;
1192
1193 BT_DBG("sock %p, sk %p", sock, sk);
1194
1195 err = sock_error(sk);
1196 if (err)
1197 return err;
1198
1199 if (msg->msg_flags & MSG_OOB)
1200 return -EOPNOTSUPP;
1201
1202 /* Check outgoing MTU */
1203 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1204 return -EINVAL;
1205
1206 lock_sock(sk);
1207
1208 if (sk->sk_state == BT_CONNECTED)
1209 err = l2cap_do_send(sk, msg, len);
1210 else
1211 err = -ENOTCONN;
1212
1213 release_sock(sk);
1214 return err;
1215 }
1216
1217 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1218 {
1219 struct sock *sk = sock->sk;
1220
1221 lock_sock(sk);
1222
1223 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1224 struct l2cap_conn_rsp rsp;
1225
1226 sk->sk_state = BT_CONFIG;
1227
1228 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1229 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1230 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1231 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1232 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1233 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1234
1235 release_sock(sk);
1236 return 0;
1237 }
1238
1239 release_sock(sk);
1240
1241 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1242 }
1243
1244 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1245 {
1246 struct sock *sk = sock->sk;
1247 struct l2cap_options opts;
1248 int len, err = 0;
1249 u32 opt;
1250
1251 BT_DBG("sk %p", sk);
1252
1253 lock_sock(sk);
1254
1255 switch (optname) {
1256 case L2CAP_OPTIONS:
1257 opts.imtu = l2cap_pi(sk)->imtu;
1258 opts.omtu = l2cap_pi(sk)->omtu;
1259 opts.flush_to = l2cap_pi(sk)->flush_to;
1260 opts.mode = L2CAP_MODE_BASIC;
1261
1262 len = min_t(unsigned int, sizeof(opts), optlen);
1263 if (copy_from_user((char *) &opts, optval, len)) {
1264 err = -EFAULT;
1265 break;
1266 }
1267
1268 l2cap_pi(sk)->imtu = opts.imtu;
1269 l2cap_pi(sk)->omtu = opts.omtu;
1270 break;
1271
1272 case L2CAP_LM:
1273 if (get_user(opt, (u32 __user *) optval)) {
1274 err = -EFAULT;
1275 break;
1276 }
1277
1278 if (opt & L2CAP_LM_AUTH)
1279 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1280 if (opt & L2CAP_LM_ENCRYPT)
1281 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1282 if (opt & L2CAP_LM_SECURE)
1283 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1284
1285 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1286 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1287 break;
1288
1289 default:
1290 err = -ENOPROTOOPT;
1291 break;
1292 }
1293
1294 release_sock(sk);
1295 return err;
1296 }
1297
1298 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1299 {
1300 struct sock *sk = sock->sk;
1301 struct bt_security sec;
1302 int len, err = 0;
1303 u32 opt;
1304
1305 BT_DBG("sk %p", sk);
1306
1307 if (level == SOL_L2CAP)
1308 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1309
1310 if (level != SOL_BLUETOOTH)
1311 return -ENOPROTOOPT;
1312
1313 lock_sock(sk);
1314
1315 switch (optname) {
1316 case BT_SECURITY:
1317 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1318 err = -EINVAL;
1319 break;
1320 }
1321
1322 sec.level = BT_SECURITY_LOW;
1323
1324 len = min_t(unsigned int, sizeof(sec), optlen);
1325 if (copy_from_user((char *) &sec, optval, len)) {
1326 err = -EFAULT;
1327 break;
1328 }
1329
1330 if (sec.level < BT_SECURITY_LOW ||
1331 sec.level > BT_SECURITY_HIGH) {
1332 err = -EINVAL;
1333 break;
1334 }
1335
1336 l2cap_pi(sk)->sec_level = sec.level;
1337 break;
1338
1339 case BT_DEFER_SETUP:
1340 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1341 err = -EINVAL;
1342 break;
1343 }
1344
1345 if (get_user(opt, (u32 __user *) optval)) {
1346 err = -EFAULT;
1347 break;
1348 }
1349
1350 bt_sk(sk)->defer_setup = opt;
1351 break;
1352
1353 default:
1354 err = -ENOPROTOOPT;
1355 break;
1356 }
1357
1358 release_sock(sk);
1359 return err;
1360 }
1361
1362 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1363 {
1364 struct sock *sk = sock->sk;
1365 struct l2cap_options opts;
1366 struct l2cap_conninfo cinfo;
1367 int len, err = 0;
1368 u32 opt;
1369
1370 BT_DBG("sk %p", sk);
1371
1372 if (get_user(len, optlen))
1373 return -EFAULT;
1374
1375 lock_sock(sk);
1376
1377 switch (optname) {
1378 case L2CAP_OPTIONS:
1379 opts.imtu = l2cap_pi(sk)->imtu;
1380 opts.omtu = l2cap_pi(sk)->omtu;
1381 opts.flush_to = l2cap_pi(sk)->flush_to;
1382 opts.mode = L2CAP_MODE_BASIC;
1383
1384 len = min_t(unsigned int, len, sizeof(opts));
1385 if (copy_to_user(optval, (char *) &opts, len))
1386 err = -EFAULT;
1387
1388 break;
1389
1390 case L2CAP_LM:
1391 switch (l2cap_pi(sk)->sec_level) {
1392 case BT_SECURITY_LOW:
1393 opt = L2CAP_LM_AUTH;
1394 break;
1395 case BT_SECURITY_MEDIUM:
1396 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1397 break;
1398 case BT_SECURITY_HIGH:
1399 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1400 L2CAP_LM_SECURE;
1401 break;
1402 default:
1403 opt = 0;
1404 break;
1405 }
1406
1407 if (l2cap_pi(sk)->role_switch)
1408 opt |= L2CAP_LM_MASTER;
1409
1410 if (l2cap_pi(sk)->force_reliable)
1411 opt |= L2CAP_LM_RELIABLE;
1412
1413 if (put_user(opt, (u32 __user *) optval))
1414 err = -EFAULT;
1415 break;
1416
1417 case L2CAP_CONNINFO:
1418 if (sk->sk_state != BT_CONNECTED &&
1419 !(sk->sk_state == BT_CONNECT2 &&
1420 bt_sk(sk)->defer_setup)) {
1421 err = -ENOTCONN;
1422 break;
1423 }
1424
1425 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1426 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1427
1428 len = min_t(unsigned int, len, sizeof(cinfo));
1429 if (copy_to_user(optval, (char *) &cinfo, len))
1430 err = -EFAULT;
1431
1432 break;
1433
1434 default:
1435 err = -ENOPROTOOPT;
1436 break;
1437 }
1438
1439 release_sock(sk);
1440 return err;
1441 }
1442
1443 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1444 {
1445 struct sock *sk = sock->sk;
1446 struct bt_security sec;
1447 int len, err = 0;
1448
1449 BT_DBG("sk %p", sk);
1450
1451 if (level == SOL_L2CAP)
1452 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1453
1454 if (level != SOL_BLUETOOTH)
1455 return -ENOPROTOOPT;
1456
1457 if (get_user(len, optlen))
1458 return -EFAULT;
1459
1460 lock_sock(sk);
1461
1462 switch (optname) {
1463 case BT_SECURITY:
1464 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1465 err = -EINVAL;
1466 break;
1467 }
1468
1469 sec.level = l2cap_pi(sk)->sec_level;
1470
1471 len = min_t(unsigned int, len, sizeof(sec));
1472 if (copy_to_user(optval, (char *) &sec, len))
1473 err = -EFAULT;
1474
1475 break;
1476
1477 case BT_DEFER_SETUP:
1478 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1479 err = -EINVAL;
1480 break;
1481 }
1482
1483 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1484 err = -EFAULT;
1485
1486 break;
1487
1488 default:
1489 err = -ENOPROTOOPT;
1490 break;
1491 }
1492
1493 release_sock(sk);
1494 return err;
1495 }
1496
1497 static int l2cap_sock_shutdown(struct socket *sock, int how)
1498 {
1499 struct sock *sk = sock->sk;
1500 int err = 0;
1501
1502 BT_DBG("sock %p, sk %p", sock, sk);
1503
1504 if (!sk)
1505 return 0;
1506
1507 lock_sock(sk);
1508 if (!sk->sk_shutdown) {
1509 sk->sk_shutdown = SHUTDOWN_MASK;
1510 l2cap_sock_clear_timer(sk);
1511 __l2cap_sock_close(sk, 0);
1512
1513 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1514 err = bt_sock_wait_state(sk, BT_CLOSED,
1515 sk->sk_lingertime);
1516 }
1517 release_sock(sk);
1518 return err;
1519 }
1520
1521 static int l2cap_sock_release(struct socket *sock)
1522 {
1523 struct sock *sk = sock->sk;
1524 int err;
1525
1526 BT_DBG("sock %p, sk %p", sock, sk);
1527
1528 if (!sk)
1529 return 0;
1530
1531 err = l2cap_sock_shutdown(sock, 2);
1532
1533 sock_orphan(sk);
1534 l2cap_sock_kill(sk);
1535 return err;
1536 }
1537
1538 static void l2cap_chan_ready(struct sock *sk)
1539 {
1540 struct sock *parent = bt_sk(sk)->parent;
1541
1542 BT_DBG("sk %p, parent %p", sk, parent);
1543
1544 l2cap_pi(sk)->conf_state = 0;
1545 l2cap_sock_clear_timer(sk);
1546
1547 if (!parent) {
1548 /* Outgoing channel.
1549 * Wake up socket sleeping on connect.
1550 */
1551 sk->sk_state = BT_CONNECTED;
1552 sk->sk_state_change(sk);
1553 } else {
1554 /* Incoming channel.
1555 * Wake up socket sleeping on accept.
1556 */
1557 parent->sk_data_ready(parent, 0);
1558 }
1559 }
1560
1561 /* Copy frame to all raw sockets on that connection */
1562 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1563 {
1564 struct l2cap_chan_list *l = &conn->chan_list;
1565 struct sk_buff *nskb;
1566 struct sock *sk;
1567
1568 BT_DBG("conn %p", conn);
1569
1570 read_lock(&l->lock);
1571 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1572 if (sk->sk_type != SOCK_RAW)
1573 continue;
1574
1575 /* Don't send frame to the socket it came from */
1576 if (skb->sk == sk)
1577 continue;
1578 nskb = skb_clone(skb, GFP_ATOMIC);
1579 if (!nskb)
1580 continue;
1581
1582 if (sock_queue_rcv_skb(sk, nskb))
1583 kfree_skb(nskb);
1584 }
1585 read_unlock(&l->lock);
1586 }
1587
1588 /* ---- L2CAP signalling commands ---- */
1589 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1590 u8 code, u8 ident, u16 dlen, void *data)
1591 {
1592 struct sk_buff *skb, **frag;
1593 struct l2cap_cmd_hdr *cmd;
1594 struct l2cap_hdr *lh;
1595 int len, count;
1596
1597 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1598 conn, code, ident, dlen);
1599
1600 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1601 count = min_t(unsigned int, conn->mtu, len);
1602
1603 skb = bt_skb_alloc(count, GFP_ATOMIC);
1604 if (!skb)
1605 return NULL;
1606
1607 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1608 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1609 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1610
1611 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1612 cmd->code = code;
1613 cmd->ident = ident;
1614 cmd->len = cpu_to_le16(dlen);
1615
1616 if (dlen) {
1617 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1618 memcpy(skb_put(skb, count), data, count);
1619 data += count;
1620 }
1621
1622 len -= skb->len;
1623
1624 /* Continuation fragments (no L2CAP header) */
1625 frag = &skb_shinfo(skb)->frag_list;
1626 while (len) {
1627 count = min_t(unsigned int, conn->mtu, len);
1628
1629 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1630 if (!*frag)
1631 goto fail;
1632
1633 memcpy(skb_put(*frag, count), data, count);
1634
1635 len -= count;
1636 data += count;
1637
1638 frag = &(*frag)->next;
1639 }
1640
1641 return skb;
1642
1643 fail:
1644 kfree_skb(skb);
1645 return NULL;
1646 }
1647
1648 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1649 {
1650 struct l2cap_conf_opt *opt = *ptr;
1651 int len;
1652
1653 len = L2CAP_CONF_OPT_SIZE + opt->len;
1654 *ptr += len;
1655
1656 *type = opt->type;
1657 *olen = opt->len;
1658
1659 switch (opt->len) {
1660 case 1:
1661 *val = *((u8 *) opt->val);
1662 break;
1663
1664 case 2:
1665 *val = __le16_to_cpu(*((__le16 *) opt->val));
1666 break;
1667
1668 case 4:
1669 *val = __le32_to_cpu(*((__le32 *) opt->val));
1670 break;
1671
1672 default:
1673 *val = (unsigned long) opt->val;
1674 break;
1675 }
1676
1677 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1678 return len;
1679 }
1680
1681 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1682 {
1683 struct l2cap_conf_opt *opt = *ptr;
1684
1685 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1686
1687 opt->type = type;
1688 opt->len = len;
1689
1690 switch (len) {
1691 case 1:
1692 *((u8 *) opt->val) = val;
1693 break;
1694
1695 case 2:
1696 *((__le16 *) opt->val) = cpu_to_le16(val);
1697 break;
1698
1699 case 4:
1700 *((__le32 *) opt->val) = cpu_to_le32(val);
1701 break;
1702
1703 default:
1704 memcpy(opt->val, (void *) val, len);
1705 break;
1706 }
1707
1708 *ptr += L2CAP_CONF_OPT_SIZE + len;
1709 }
1710
1711 static int l2cap_build_conf_req(struct sock *sk, void *data)
1712 {
1713 struct l2cap_pinfo *pi = l2cap_pi(sk);
1714 struct l2cap_conf_req *req = data;
1715 void *ptr = req->data;
1716
1717 BT_DBG("sk %p", sk);
1718
1719 if (pi->imtu != L2CAP_DEFAULT_MTU)
1720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1721
1722 /* FIXME: Need actual value of the flush timeout */
1723 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1724 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1725
1726 req->dcid = cpu_to_le16(pi->dcid);
1727 req->flags = cpu_to_le16(0);
1728
1729 return ptr - data;
1730 }
1731
1732 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1733 {
1734 struct l2cap_pinfo *pi = l2cap_pi(sk);
1735 struct l2cap_conf_rsp *rsp = data;
1736 void *ptr = rsp->data;
1737 void *req = pi->conf_req;
1738 int len = pi->conf_len;
1739 int type, hint, olen;
1740 unsigned long val;
1741 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1742 u16 mtu = L2CAP_DEFAULT_MTU;
1743 u16 result = L2CAP_CONF_SUCCESS;
1744
1745 BT_DBG("sk %p", sk);
1746
1747 while (len >= L2CAP_CONF_OPT_SIZE) {
1748 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1749
1750 hint = type & L2CAP_CONF_HINT;
1751 type &= L2CAP_CONF_MASK;
1752
1753 switch (type) {
1754 case L2CAP_CONF_MTU:
1755 mtu = val;
1756 break;
1757
1758 case L2CAP_CONF_FLUSH_TO:
1759 pi->flush_to = val;
1760 break;
1761
1762 case L2CAP_CONF_QOS:
1763 break;
1764
1765 case L2CAP_CONF_RFC:
1766 if (olen == sizeof(rfc))
1767 memcpy(&rfc, (void *) val, olen);
1768 break;
1769
1770 default:
1771 if (hint)
1772 break;
1773
1774 result = L2CAP_CONF_UNKNOWN;
1775 *((u8 *) ptr++) = type;
1776 break;
1777 }
1778 }
1779
1780 if (result == L2CAP_CONF_SUCCESS) {
1781 /* Configure output options and let the other side know
1782 * which ones we don't like. */
1783
1784 if (rfc.mode == L2CAP_MODE_BASIC) {
1785 if (mtu < pi->omtu)
1786 result = L2CAP_CONF_UNACCEPT;
1787 else {
1788 pi->omtu = mtu;
1789 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1790 }
1791
1792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1793 } else {
1794 result = L2CAP_CONF_UNACCEPT;
1795
1796 memset(&rfc, 0, sizeof(rfc));
1797 rfc.mode = L2CAP_MODE_BASIC;
1798
1799 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1800 sizeof(rfc), (unsigned long) &rfc);
1801 }
1802 }
1803
1804 rsp->scid = cpu_to_le16(pi->dcid);
1805 rsp->result = cpu_to_le16(result);
1806 rsp->flags = cpu_to_le16(0x0000);
1807
1808 return ptr - data;
1809 }
1810
1811 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1812 {
1813 struct l2cap_conf_rsp *rsp = data;
1814 void *ptr = rsp->data;
1815
1816 BT_DBG("sk %p", sk);
1817
1818 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1819 rsp->result = cpu_to_le16(result);
1820 rsp->flags = cpu_to_le16(flags);
1821
1822 return ptr - data;
1823 }
1824
1825 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1826 {
1827 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1828
1829 if (rej->reason != 0x0000)
1830 return 0;
1831
1832 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1833 cmd->ident == conn->info_ident) {
1834 del_timer(&conn->info_timer);
1835
1836 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1837 conn->info_ident = 0;
1838
1839 l2cap_conn_start(conn);
1840 }
1841
1842 return 0;
1843 }
1844
1845 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1846 {
1847 struct l2cap_chan_list *list = &conn->chan_list;
1848 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1849 struct l2cap_conn_rsp rsp;
1850 struct sock *sk, *parent;
1851 int result, status = L2CAP_CS_NO_INFO;
1852
1853 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1854 __le16 psm = req->psm;
1855
1856 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1857
1858 /* Check if we have socket listening on psm */
1859 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1860 if (!parent) {
1861 result = L2CAP_CR_BAD_PSM;
1862 goto sendresp;
1863 }
1864
1865 /* Check if the ACL is secure enough (if not SDP) */
1866 if (psm != cpu_to_le16(0x0001) &&
1867 !hci_conn_check_link_mode(conn->hcon)) {
1868 conn->disc_reason = 0x05;
1869 result = L2CAP_CR_SEC_BLOCK;
1870 goto response;
1871 }
1872
1873 result = L2CAP_CR_NO_MEM;
1874
1875 /* Check for backlog size */
1876 if (sk_acceptq_is_full(parent)) {
1877 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1878 goto response;
1879 }
1880
1881 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1882 if (!sk)
1883 goto response;
1884
1885 write_lock_bh(&list->lock);
1886
1887 /* Check if we already have channel with that dcid */
1888 if (__l2cap_get_chan_by_dcid(list, scid)) {
1889 write_unlock_bh(&list->lock);
1890 sock_set_flag(sk, SOCK_ZAPPED);
1891 l2cap_sock_kill(sk);
1892 goto response;
1893 }
1894
1895 hci_conn_hold(conn->hcon);
1896
1897 l2cap_sock_init(sk, parent);
1898 bacpy(&bt_sk(sk)->src, conn->src);
1899 bacpy(&bt_sk(sk)->dst, conn->dst);
1900 l2cap_pi(sk)->psm = psm;
1901 l2cap_pi(sk)->dcid = scid;
1902
1903 __l2cap_chan_add(conn, sk, parent);
1904 dcid = l2cap_pi(sk)->scid;
1905
1906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1907
1908 l2cap_pi(sk)->ident = cmd->ident;
1909
1910 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1911 if (l2cap_check_security(sk)) {
1912 if (bt_sk(sk)->defer_setup) {
1913 sk->sk_state = BT_CONNECT2;
1914 result = L2CAP_CR_PEND;
1915 status = L2CAP_CS_AUTHOR_PEND;
1916 parent->sk_data_ready(parent, 0);
1917 } else {
1918 sk->sk_state = BT_CONFIG;
1919 result = L2CAP_CR_SUCCESS;
1920 status = L2CAP_CS_NO_INFO;
1921 }
1922 } else {
1923 sk->sk_state = BT_CONNECT2;
1924 result = L2CAP_CR_PEND;
1925 status = L2CAP_CS_AUTHEN_PEND;
1926 }
1927 } else {
1928 sk->sk_state = BT_CONNECT2;
1929 result = L2CAP_CR_PEND;
1930 status = L2CAP_CS_NO_INFO;
1931 }
1932
1933 write_unlock_bh(&list->lock);
1934
1935 response:
1936 bh_unlock_sock(parent);
1937
1938 sendresp:
1939 rsp.scid = cpu_to_le16(scid);
1940 rsp.dcid = cpu_to_le16(dcid);
1941 rsp.result = cpu_to_le16(result);
1942 rsp.status = cpu_to_le16(status);
1943 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1944
1945 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1946 struct l2cap_info_req info;
1947 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1948
1949 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1950 conn->info_ident = l2cap_get_ident(conn);
1951
1952 mod_timer(&conn->info_timer, jiffies +
1953 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1954
1955 l2cap_send_cmd(conn, conn->info_ident,
1956 L2CAP_INFO_REQ, sizeof(info), &info);
1957 }
1958
1959 return 0;
1960 }
1961
1962 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1963 {
1964 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1965 u16 scid, dcid, result, status;
1966 struct sock *sk;
1967 u8 req[128];
1968
1969 scid = __le16_to_cpu(rsp->scid);
1970 dcid = __le16_to_cpu(rsp->dcid);
1971 result = __le16_to_cpu(rsp->result);
1972 status = __le16_to_cpu(rsp->status);
1973
1974 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1975
1976 if (scid) {
1977 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
1978 if (!sk)
1979 return 0;
1980 } else {
1981 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
1982 if (!sk)
1983 return 0;
1984 }
1985
1986 switch (result) {
1987 case L2CAP_CR_SUCCESS:
1988 sk->sk_state = BT_CONFIG;
1989 l2cap_pi(sk)->ident = 0;
1990 l2cap_pi(sk)->dcid = dcid;
1991 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1992
1993 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1994
1995 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1996 l2cap_build_conf_req(sk, req), req);
1997 break;
1998
1999 case L2CAP_CR_PEND:
2000 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2001 break;
2002
2003 default:
2004 l2cap_chan_del(sk, ECONNREFUSED);
2005 break;
2006 }
2007
2008 bh_unlock_sock(sk);
2009 return 0;
2010 }
2011
2012 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2013 {
2014 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2015 u16 dcid, flags;
2016 u8 rsp[64];
2017 struct sock *sk;
2018 int len;
2019
2020 dcid = __le16_to_cpu(req->dcid);
2021 flags = __le16_to_cpu(req->flags);
2022
2023 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2024
2025 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2026 if (!sk)
2027 return -ENOENT;
2028
2029 if (sk->sk_state == BT_DISCONN)
2030 goto unlock;
2031
2032 /* Reject if config buffer is too small. */
2033 len = cmd_len - sizeof(*req);
2034 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2035 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2036 l2cap_build_conf_rsp(sk, rsp,
2037 L2CAP_CONF_REJECT, flags), rsp);
2038 goto unlock;
2039 }
2040
2041 /* Store config. */
2042 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2043 l2cap_pi(sk)->conf_len += len;
2044
2045 if (flags & 0x0001) {
2046 /* Incomplete config. Send empty response. */
2047 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2048 l2cap_build_conf_rsp(sk, rsp,
2049 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2050 goto unlock;
2051 }
2052
2053 /* Complete config. */
2054 len = l2cap_parse_conf_req(sk, rsp);
2055 if (len < 0)
2056 goto unlock;
2057
2058 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2059
2060 /* Reset config buffer. */
2061 l2cap_pi(sk)->conf_len = 0;
2062
2063 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2064 goto unlock;
2065
2066 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2067 sk->sk_state = BT_CONNECTED;
2068 l2cap_chan_ready(sk);
2069 goto unlock;
2070 }
2071
2072 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2073 u8 buf[64];
2074 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2075 l2cap_build_conf_req(sk, buf), buf);
2076 }
2077
2078 unlock:
2079 bh_unlock_sock(sk);
2080 return 0;
2081 }
2082
2083 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2084 {
2085 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2086 u16 scid, flags, result;
2087 struct sock *sk;
2088
2089 scid = __le16_to_cpu(rsp->scid);
2090 flags = __le16_to_cpu(rsp->flags);
2091 result = __le16_to_cpu(rsp->result);
2092
2093 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2094 scid, flags, result);
2095
2096 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2097 if (!sk)
2098 return 0;
2099
2100 switch (result) {
2101 case L2CAP_CONF_SUCCESS:
2102 break;
2103
2104 case L2CAP_CONF_UNACCEPT:
2105 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2106 char req[128];
2107 /* It does not make sense to adjust L2CAP parameters
2108 * that are currently defined in the spec. We simply
2109 * resend config request that we sent earlier. It is
2110 * stupid, but it helps qualification testing which
2111 * expects at least some response from us. */
2112 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2113 l2cap_build_conf_req(sk, req), req);
2114 goto done;
2115 }
2116
2117 default:
2118 sk->sk_state = BT_DISCONN;
2119 sk->sk_err = ECONNRESET;
2120 l2cap_sock_set_timer(sk, HZ * 5);
2121 {
2122 struct l2cap_disconn_req req;
2123 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2124 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2125 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2126 L2CAP_DISCONN_REQ, sizeof(req), &req);
2127 }
2128 goto done;
2129 }
2130
2131 if (flags & 0x01)
2132 goto done;
2133
2134 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2135
2136 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2137 sk->sk_state = BT_CONNECTED;
2138 l2cap_chan_ready(sk);
2139 }
2140
2141 done:
2142 bh_unlock_sock(sk);
2143 return 0;
2144 }
2145
2146 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2147 {
2148 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2149 struct l2cap_disconn_rsp rsp;
2150 u16 dcid, scid;
2151 struct sock *sk;
2152
2153 scid = __le16_to_cpu(req->scid);
2154 dcid = __le16_to_cpu(req->dcid);
2155
2156 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2157
2158 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2159 if (!sk)
2160 return 0;
2161
2162 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2163 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2164 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2165
2166 sk->sk_shutdown = SHUTDOWN_MASK;
2167
2168 l2cap_chan_del(sk, ECONNRESET);
2169 bh_unlock_sock(sk);
2170
2171 l2cap_sock_kill(sk);
2172 return 0;
2173 }
2174
2175 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2176 {
2177 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2178 u16 dcid, scid;
2179 struct sock *sk;
2180
2181 scid = __le16_to_cpu(rsp->scid);
2182 dcid = __le16_to_cpu(rsp->dcid);
2183
2184 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2185
2186 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2187 if (!sk)
2188 return 0;
2189
2190 l2cap_chan_del(sk, 0);
2191 bh_unlock_sock(sk);
2192
2193 l2cap_sock_kill(sk);
2194 return 0;
2195 }
2196
2197 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2198 {
2199 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2200 u16 type;
2201
2202 type = __le16_to_cpu(req->type);
2203
2204 BT_DBG("type 0x%4.4x", type);
2205
2206 if (type == L2CAP_IT_FEAT_MASK) {
2207 u8 buf[8];
2208 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2209 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2210 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2211 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2212 l2cap_send_cmd(conn, cmd->ident,
2213 L2CAP_INFO_RSP, sizeof(buf), buf);
2214 } else if (type == L2CAP_IT_FIXED_CHAN) {
2215 u8 buf[12];
2216 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2217 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2218 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2219 memcpy(buf + 4, l2cap_fixed_chan, 8);
2220 l2cap_send_cmd(conn, cmd->ident,
2221 L2CAP_INFO_RSP, sizeof(buf), buf);
2222 } else {
2223 struct l2cap_info_rsp rsp;
2224 rsp.type = cpu_to_le16(type);
2225 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2226 l2cap_send_cmd(conn, cmd->ident,
2227 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2228 }
2229
2230 return 0;
2231 }
2232
2233 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2234 {
2235 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2236 u16 type, result;
2237
2238 type = __le16_to_cpu(rsp->type);
2239 result = __le16_to_cpu(rsp->result);
2240
2241 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2242
2243 del_timer(&conn->info_timer);
2244
2245 if (type == L2CAP_IT_FEAT_MASK) {
2246 conn->feat_mask = get_unaligned_le32(rsp->data);
2247
2248 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
2249 struct l2cap_info_req req;
2250 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2251
2252 conn->info_ident = l2cap_get_ident(conn);
2253
2254 l2cap_send_cmd(conn, conn->info_ident,
2255 L2CAP_INFO_REQ, sizeof(req), &req);
2256 } else {
2257 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2258 conn->info_ident = 0;
2259
2260 l2cap_conn_start(conn);
2261 }
2262 } else if (type == L2CAP_IT_FIXED_CHAN) {
2263 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2264 conn->info_ident = 0;
2265
2266 l2cap_conn_start(conn);
2267 }
2268
2269 return 0;
2270 }
2271
2272 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2273 {
2274 u8 *data = skb->data;
2275 int len = skb->len;
2276 struct l2cap_cmd_hdr cmd;
2277 int err = 0;
2278
2279 l2cap_raw_recv(conn, skb);
2280
2281 while (len >= L2CAP_CMD_HDR_SIZE) {
2282 u16 cmd_len;
2283 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2284 data += L2CAP_CMD_HDR_SIZE;
2285 len -= L2CAP_CMD_HDR_SIZE;
2286
2287 cmd_len = le16_to_cpu(cmd.len);
2288
2289 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2290
2291 if (cmd_len > len || !cmd.ident) {
2292 BT_DBG("corrupted command");
2293 break;
2294 }
2295
2296 switch (cmd.code) {
2297 case L2CAP_COMMAND_REJ:
2298 l2cap_command_rej(conn, &cmd, data);
2299 break;
2300
2301 case L2CAP_CONN_REQ:
2302 err = l2cap_connect_req(conn, &cmd, data);
2303 break;
2304
2305 case L2CAP_CONN_RSP:
2306 err = l2cap_connect_rsp(conn, &cmd, data);
2307 break;
2308
2309 case L2CAP_CONF_REQ:
2310 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2311 break;
2312
2313 case L2CAP_CONF_RSP:
2314 err = l2cap_config_rsp(conn, &cmd, data);
2315 break;
2316
2317 case L2CAP_DISCONN_REQ:
2318 err = l2cap_disconnect_req(conn, &cmd, data);
2319 break;
2320
2321 case L2CAP_DISCONN_RSP:
2322 err = l2cap_disconnect_rsp(conn, &cmd, data);
2323 break;
2324
2325 case L2CAP_ECHO_REQ:
2326 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2327 break;
2328
2329 case L2CAP_ECHO_RSP:
2330 break;
2331
2332 case L2CAP_INFO_REQ:
2333 err = l2cap_information_req(conn, &cmd, data);
2334 break;
2335
2336 case L2CAP_INFO_RSP:
2337 err = l2cap_information_rsp(conn, &cmd, data);
2338 break;
2339
2340 default:
2341 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2342 err = -EINVAL;
2343 break;
2344 }
2345
2346 if (err) {
2347 struct l2cap_cmd_rej rej;
2348 BT_DBG("error %d", err);
2349
2350 /* FIXME: Map err to a valid reason */
2351 rej.reason = cpu_to_le16(0);
2352 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2353 }
2354
2355 data += cmd_len;
2356 len -= cmd_len;
2357 }
2358
2359 kfree_skb(skb);
2360 }
2361
2362 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2363 {
2364 struct sock *sk;
2365
2366 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2367 if (!sk) {
2368 BT_DBG("unknown cid 0x%4.4x", cid);
2369 goto drop;
2370 }
2371
2372 BT_DBG("sk %p, len %d", sk, skb->len);
2373
2374 if (sk->sk_state != BT_CONNECTED)
2375 goto drop;
2376
2377 if (l2cap_pi(sk)->imtu < skb->len)
2378 goto drop;
2379
2380 /* If socket recv buffers overflows we drop data here
2381 * which is *bad* because L2CAP has to be reliable.
2382 * But we don't have any other choice. L2CAP doesn't
2383 * provide flow control mechanism. */
2384
2385 if (!sock_queue_rcv_skb(sk, skb))
2386 goto done;
2387
2388 drop:
2389 kfree_skb(skb);
2390
2391 done:
2392 if (sk)
2393 bh_unlock_sock(sk);
2394
2395 return 0;
2396 }
2397
2398 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2399 {
2400 struct sock *sk;
2401
2402 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2403 if (!sk)
2404 goto drop;
2405
2406 BT_DBG("sk %p, len %d", sk, skb->len);
2407
2408 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2409 goto drop;
2410
2411 if (l2cap_pi(sk)->imtu < skb->len)
2412 goto drop;
2413
2414 if (!sock_queue_rcv_skb(sk, skb))
2415 goto done;
2416
2417 drop:
2418 kfree_skb(skb);
2419
2420 done:
2421 if (sk)
2422 bh_unlock_sock(sk);
2423 return 0;
2424 }
2425
2426 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2427 {
2428 struct l2cap_hdr *lh = (void *) skb->data;
2429 u16 cid, len;
2430 __le16 psm;
2431
2432 skb_pull(skb, L2CAP_HDR_SIZE);
2433 cid = __le16_to_cpu(lh->cid);
2434 len = __le16_to_cpu(lh->len);
2435
2436 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2437
2438 switch (cid) {
2439 case L2CAP_CID_SIGNALING:
2440 l2cap_sig_channel(conn, skb);
2441 break;
2442
2443 case L2CAP_CID_CONN_LESS:
2444 psm = get_unaligned((__le16 *) skb->data);
2445 skb_pull(skb, 2);
2446 l2cap_conless_channel(conn, psm, skb);
2447 break;
2448
2449 default:
2450 l2cap_data_channel(conn, cid, skb);
2451 break;
2452 }
2453 }
2454
2455 /* ---- L2CAP interface with lower layer (HCI) ---- */
2456
2457 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2458 {
2459 int exact = 0, lm1 = 0, lm2 = 0;
2460 register struct sock *sk;
2461 struct hlist_node *node;
2462
2463 if (type != ACL_LINK)
2464 return 0;
2465
2466 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2467
2468 /* Find listening sockets and check their link_mode */
2469 read_lock(&l2cap_sk_list.lock);
2470 sk_for_each(sk, node, &l2cap_sk_list.head) {
2471 if (sk->sk_state != BT_LISTEN)
2472 continue;
2473
2474 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2475 lm1 |= HCI_LM_ACCEPT;
2476 if (l2cap_pi(sk)->role_switch)
2477 lm1 |= HCI_LM_MASTER;
2478 exact++;
2479 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2480 lm2 |= HCI_LM_ACCEPT;
2481 if (l2cap_pi(sk)->role_switch)
2482 lm2 |= HCI_LM_MASTER;
2483 }
2484 }
2485 read_unlock(&l2cap_sk_list.lock);
2486
2487 return exact ? lm1 : lm2;
2488 }
2489
2490 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2491 {
2492 struct l2cap_conn *conn;
2493
2494 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2495
2496 if (hcon->type != ACL_LINK)
2497 return 0;
2498
2499 if (!status) {
2500 conn = l2cap_conn_add(hcon, status);
2501 if (conn)
2502 l2cap_conn_ready(conn);
2503 } else
2504 l2cap_conn_del(hcon, bt_err(status));
2505
2506 return 0;
2507 }
2508
2509 static int l2cap_disconn_ind(struct hci_conn *hcon)
2510 {
2511 struct l2cap_conn *conn = hcon->l2cap_data;
2512
2513 BT_DBG("hcon %p", hcon);
2514
2515 if (hcon->type != ACL_LINK || !conn)
2516 return 0x13;
2517
2518 return conn->disc_reason;
2519 }
2520
2521 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2522 {
2523 BT_DBG("hcon %p reason %d", hcon, reason);
2524
2525 if (hcon->type != ACL_LINK)
2526 return 0;
2527
2528 l2cap_conn_del(hcon, bt_err(reason));
2529
2530 return 0;
2531 }
2532
2533 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2534 {
2535 if (sk->sk_type != SOCK_SEQPACKET)
2536 return;
2537
2538 if (encrypt == 0x00) {
2539 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2540 l2cap_sock_clear_timer(sk);
2541 l2cap_sock_set_timer(sk, HZ * 5);
2542 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2543 __l2cap_sock_close(sk, ECONNREFUSED);
2544 } else {
2545 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2546 l2cap_sock_clear_timer(sk);
2547 }
2548 }
2549
2550 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2551 {
2552 struct l2cap_chan_list *l;
2553 struct l2cap_conn *conn = hcon->l2cap_data;
2554 struct sock *sk;
2555
2556 if (!conn)
2557 return 0;
2558
2559 l = &conn->chan_list;
2560
2561 BT_DBG("conn %p", conn);
2562
2563 read_lock(&l->lock);
2564
2565 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2566 bh_lock_sock(sk);
2567
2568 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2569 bh_unlock_sock(sk);
2570 continue;
2571 }
2572
2573 if (!status && (sk->sk_state == BT_CONNECTED ||
2574 sk->sk_state == BT_CONFIG)) {
2575 l2cap_check_encryption(sk, encrypt);
2576 bh_unlock_sock(sk);
2577 continue;
2578 }
2579
2580 if (sk->sk_state == BT_CONNECT) {
2581 if (!status) {
2582 struct l2cap_conn_req req;
2583 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2584 req.psm = l2cap_pi(sk)->psm;
2585
2586 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2587
2588 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2589 L2CAP_CONN_REQ, sizeof(req), &req);
2590 } else {
2591 l2cap_sock_clear_timer(sk);
2592 l2cap_sock_set_timer(sk, HZ / 10);
2593 }
2594 } else if (sk->sk_state == BT_CONNECT2) {
2595 struct l2cap_conn_rsp rsp;
2596 __u16 result;
2597
2598 if (!status) {
2599 sk->sk_state = BT_CONFIG;
2600 result = L2CAP_CR_SUCCESS;
2601 } else {
2602 sk->sk_state = BT_DISCONN;
2603 l2cap_sock_set_timer(sk, HZ / 10);
2604 result = L2CAP_CR_SEC_BLOCK;
2605 }
2606
2607 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2608 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2609 rsp.result = cpu_to_le16(result);
2610 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2611 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2612 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2613 }
2614
2615 bh_unlock_sock(sk);
2616 }
2617
2618 read_unlock(&l->lock);
2619
2620 return 0;
2621 }
2622
2623 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2624 {
2625 struct l2cap_conn *conn = hcon->l2cap_data;
2626
2627 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2628 goto drop;
2629
2630 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2631
2632 if (flags & ACL_START) {
2633 struct l2cap_hdr *hdr;
2634 int len;
2635
2636 if (conn->rx_len) {
2637 BT_ERR("Unexpected start frame (len %d)", skb->len);
2638 kfree_skb(conn->rx_skb);
2639 conn->rx_skb = NULL;
2640 conn->rx_len = 0;
2641 l2cap_conn_unreliable(conn, ECOMM);
2642 }
2643
2644 if (skb->len < 2) {
2645 BT_ERR("Frame is too short (len %d)", skb->len);
2646 l2cap_conn_unreliable(conn, ECOMM);
2647 goto drop;
2648 }
2649
2650 hdr = (struct l2cap_hdr *) skb->data;
2651 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2652
2653 if (len == skb->len) {
2654 /* Complete frame received */
2655 l2cap_recv_frame(conn, skb);
2656 return 0;
2657 }
2658
2659 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2660
2661 if (skb->len > len) {
2662 BT_ERR("Frame is too long (len %d, expected len %d)",
2663 skb->len, len);
2664 l2cap_conn_unreliable(conn, ECOMM);
2665 goto drop;
2666 }
2667
2668 /* Allocate skb for the complete frame (with header) */
2669 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2670 if (!conn->rx_skb)
2671 goto drop;
2672
2673 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2674 skb->len);
2675 conn->rx_len = len - skb->len;
2676 } else {
2677 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2678
2679 if (!conn->rx_len) {
2680 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2681 l2cap_conn_unreliable(conn, ECOMM);
2682 goto drop;
2683 }
2684
2685 if (skb->len > conn->rx_len) {
2686 BT_ERR("Fragment is too long (len %d, expected %d)",
2687 skb->len, conn->rx_len);
2688 kfree_skb(conn->rx_skb);
2689 conn->rx_skb = NULL;
2690 conn->rx_len = 0;
2691 l2cap_conn_unreliable(conn, ECOMM);
2692 goto drop;
2693 }
2694
2695 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2696 skb->len);
2697 conn->rx_len -= skb->len;
2698
2699 if (!conn->rx_len) {
2700 /* Complete frame received */
2701 l2cap_recv_frame(conn, conn->rx_skb);
2702 conn->rx_skb = NULL;
2703 }
2704 }
2705
2706 drop:
2707 kfree_skb(skb);
2708 return 0;
2709 }
2710
2711 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2712 {
2713 struct sock *sk;
2714 struct hlist_node *node;
2715 char *str = buf;
2716
2717 read_lock_bh(&l2cap_sk_list.lock);
2718
2719 sk_for_each(sk, node, &l2cap_sk_list.head) {
2720 struct l2cap_pinfo *pi = l2cap_pi(sk);
2721
2722 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2723 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2724 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
2725 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
2726 }
2727
2728 read_unlock_bh(&l2cap_sk_list.lock);
2729
2730 return str - buf;
2731 }
2732
2733 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2734
2735 static const struct proto_ops l2cap_sock_ops = {
2736 .family = PF_BLUETOOTH,
2737 .owner = THIS_MODULE,
2738 .release = l2cap_sock_release,
2739 .bind = l2cap_sock_bind,
2740 .connect = l2cap_sock_connect,
2741 .listen = l2cap_sock_listen,
2742 .accept = l2cap_sock_accept,
2743 .getname = l2cap_sock_getname,
2744 .sendmsg = l2cap_sock_sendmsg,
2745 .recvmsg = l2cap_sock_recvmsg,
2746 .poll = bt_sock_poll,
2747 .ioctl = bt_sock_ioctl,
2748 .mmap = sock_no_mmap,
2749 .socketpair = sock_no_socketpair,
2750 .shutdown = l2cap_sock_shutdown,
2751 .setsockopt = l2cap_sock_setsockopt,
2752 .getsockopt = l2cap_sock_getsockopt
2753 };
2754
2755 static struct net_proto_family l2cap_sock_family_ops = {
2756 .family = PF_BLUETOOTH,
2757 .owner = THIS_MODULE,
2758 .create = l2cap_sock_create,
2759 };
2760
2761 static struct hci_proto l2cap_hci_proto = {
2762 .name = "L2CAP",
2763 .id = HCI_PROTO_L2CAP,
2764 .connect_ind = l2cap_connect_ind,
2765 .connect_cfm = l2cap_connect_cfm,
2766 .disconn_ind = l2cap_disconn_ind,
2767 .disconn_cfm = l2cap_disconn_cfm,
2768 .security_cfm = l2cap_security_cfm,
2769 .recv_acldata = l2cap_recv_acldata
2770 };
2771
2772 static int __init l2cap_init(void)
2773 {
2774 int err;
2775
2776 err = proto_register(&l2cap_proto, 0);
2777 if (err < 0)
2778 return err;
2779
2780 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2781 if (err < 0) {
2782 BT_ERR("L2CAP socket registration failed");
2783 goto error;
2784 }
2785
2786 err = hci_register_proto(&l2cap_hci_proto);
2787 if (err < 0) {
2788 BT_ERR("L2CAP protocol registration failed");
2789 bt_sock_unregister(BTPROTO_L2CAP);
2790 goto error;
2791 }
2792
2793 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2794 BT_ERR("Failed to create L2CAP info file");
2795
2796 BT_INFO("L2CAP ver %s", VERSION);
2797 BT_INFO("L2CAP socket layer initialized");
2798
2799 return 0;
2800
2801 error:
2802 proto_unregister(&l2cap_proto);
2803 return err;
2804 }
2805
2806 static void __exit l2cap_exit(void)
2807 {
2808 class_remove_file(bt_class, &class_attr_l2cap);
2809
2810 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2811 BT_ERR("L2CAP socket unregistration failed");
2812
2813 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2814 BT_ERR("L2CAP protocol unregistration failed");
2815
2816 proto_unregister(&l2cap_proto);
2817 }
2818
2819 void l2cap_load(void)
2820 {
2821 /* Dummy function to trigger automatic L2CAP module loading by
2822 * other modules that use L2CAP sockets but don't use any other
2823 * symbols from it. */
2824 return;
2825 }
2826 EXPORT_SYMBOL(l2cap_load);
2827
2828 module_init(l2cap_init);
2829 module_exit(l2cap_exit);
2830
2831 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2832 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2833 MODULE_VERSION(VERSION);
2834 MODULE_LICENSE("GPL");
2835 MODULE_ALIAS("bt-proto-0");
2836
|
This page was automatically generated by the
LXR engine.
|