blob: ff1744e34cd8efbf83d5f7f01a5edd51a94cc9a6 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090015 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090020 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070022 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
Linus Torvalds1da177e2005-04-16 15:20:36 -070027#include <linux/module.h>
28
29#include <linux/types.h>
Randy Dunlap4fc268d2006-01-11 12:17:47 -080030#include <linux/capability.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <linux/errno.h>
32#include <linux/kernel.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070033#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070041#include <linux/list.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -080042#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070043#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
Marcel Holtmanne1027a72009-02-09 09:18:02 +010053#define VERSION "2.13"
Marcel Holtmannf0709e02007-10-20 13:38:51 +020054
Marcel Holtmanne1027a72009-02-09 09:18:02 +010055static u32 l2cap_feat_mask = 0x0080;
56static u8 l2cap_fixed_chan[8] = { 0x02, };
Linus Torvalds1da177e2005-04-16 15:20:36 -070057
Eric Dumazet90ddc4f2005-12-22 12:49:22 -080058static const struct proto_ops l2cap_sock_ops;
Linus Torvalds1da177e2005-04-16 15:20:36 -070059
60static struct bt_sock_list l2cap_sk_list = {
Robert P. J. Dayd5fb2962008-03-28 16:17:38 -070061 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
Linus Torvalds1da177e2005-04-16 15:20:36 -070062};
63
Linus Torvalds1da177e2005-04-16 15:20:36 -070064static void __l2cap_sock_close(struct sock *sk, int reason);
65static void l2cap_sock_close(struct sock *sk);
66static void l2cap_sock_kill(struct sock *sk);
67
68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
70
71/* ---- L2CAP timers ---- */
72static void l2cap_sock_timeout(unsigned long arg)
73{
74 struct sock *sk = (struct sock *) arg;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020075 int reason;
Linus Torvalds1da177e2005-04-16 15:20:36 -070076
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
78
79 bh_lock_sock(sk);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020080
Marcel Holtmannf62e4322009-01-15 21:58:44 +010081 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +010084 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020085 reason = ECONNREFUSED;
86 else
87 reason = ETIMEDOUT;
88
89 __l2cap_sock_close(sk, reason);
90
Linus Torvalds1da177e2005-04-16 15:20:36 -070091 bh_unlock_sock(sk);
92
93 l2cap_sock_kill(sk);
94 sock_put(sk);
95}
96
97static void l2cap_sock_set_timer(struct sock *sk, long timeout)
98{
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
101}
102
103static void l2cap_sock_clear_timer(struct sock *sk)
104{
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
107}
108
Marcel Holtmann01394182006-07-03 10:02:46 +0200109/* ---- L2CAP channels ---- */
110static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
111{
112 struct sock *s;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
115 break;
116 }
117 return s;
118}
119
120static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
121{
122 struct sock *s;
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
125 break;
126 }
127 return s;
128}
129
130/* Find channel with given SCID.
131 * Returns locked socket */
132static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
133{
134 struct sock *s;
135 read_lock(&l->lock);
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s) bh_lock_sock(s);
138 read_unlock(&l->lock);
139 return s;
140}
141
142static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
143{
144 struct sock *s;
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->ident == ident)
147 break;
148 }
149 return s;
150}
151
152static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
153{
154 struct sock *s;
155 read_lock(&l->lock);
156 s = __l2cap_get_chan_by_ident(l, ident);
157 if (s) bh_lock_sock(s);
158 read_unlock(&l->lock);
159 return s;
160}
161
162static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
163{
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300164 u16 cid = L2CAP_CID_DYN_START;
Marcel Holtmann01394182006-07-03 10:02:46 +0200165
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300166 for (; cid < L2CAP_CID_DYN_END; cid++) {
Marcel Holtmann01394182006-07-03 10:02:46 +0200167 if(!__l2cap_get_chan_by_scid(l, cid))
168 return cid;
169 }
170
171 return 0;
172}
173
174static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
175{
176 sock_hold(sk);
177
178 if (l->head)
179 l2cap_pi(l->head)->prev_c = sk;
180
181 l2cap_pi(sk)->next_c = l->head;
182 l2cap_pi(sk)->prev_c = NULL;
183 l->head = sk;
184}
185
186static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
187{
188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
189
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200190 write_lock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200191 if (sk == l->head)
192 l->head = next;
193
194 if (next)
195 l2cap_pi(next)->prev_c = prev;
196 if (prev)
197 l2cap_pi(prev)->next_c = next;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200198 write_unlock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200199
200 __sock_put(sk);
201}
202
203static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
204{
205 struct l2cap_chan_list *l = &conn->chan_list;
206
207 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
208
Marcel Holtmann2950f212009-02-12 14:02:50 +0100209 conn->disc_reason = 0x13;
210
Marcel Holtmann01394182006-07-03 10:02:46 +0200211 l2cap_pi(sk)->conn = conn;
212
213 if (sk->sk_type == SOCK_SEQPACKET) {
214 /* Alloc CID for connection-oriented socket */
215 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
216 } else if (sk->sk_type == SOCK_DGRAM) {
217 /* Connectionless socket */
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300218 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
219 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
Marcel Holtmann01394182006-07-03 10:02:46 +0200220 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
221 } else {
222 /* Raw socket can send/recv signalling messages only */
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300223 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
224 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
Marcel Holtmann01394182006-07-03 10:02:46 +0200225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
226 }
227
228 __l2cap_chan_link(l, sk);
229
230 if (parent)
231 bt_accept_enqueue(parent, sk);
232}
233
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900234/* Delete channel.
Marcel Holtmann01394182006-07-03 10:02:46 +0200235 * Must be called on the locked socket. */
236static void l2cap_chan_del(struct sock *sk, int err)
237{
238 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
239 struct sock *parent = bt_sk(sk)->parent;
240
241 l2cap_sock_clear_timer(sk);
242
243 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
244
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900245 if (conn) {
Marcel Holtmann01394182006-07-03 10:02:46 +0200246 /* Unlink from channel list */
247 l2cap_chan_unlink(&conn->chan_list, sk);
248 l2cap_pi(sk)->conn = NULL;
249 hci_conn_put(conn->hcon);
250 }
251
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200252 sk->sk_state = BT_CLOSED;
Marcel Holtmann01394182006-07-03 10:02:46 +0200253 sock_set_flag(sk, SOCK_ZAPPED);
254
255 if (err)
256 sk->sk_err = err;
257
258 if (parent) {
259 bt_accept_unlink(sk);
260 parent->sk_data_ready(parent, 0);
261 } else
262 sk->sk_state_change(sk);
263}
264
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200265/* Service level security */
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100266static inline int l2cap_check_security(struct sock *sk)
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200267{
268 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100269 __u8 auth_type;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200270
Marcel Holtmann00ae4af2009-02-12 16:19:45 +0100271 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
272 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
273 auth_type = HCI_AT_NO_BONDING_MITM;
274 else
275 auth_type = HCI_AT_NO_BONDING;
276
277 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
278 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
279 } else {
280 switch (l2cap_pi(sk)->sec_level) {
281 case BT_SECURITY_HIGH:
282 auth_type = HCI_AT_GENERAL_BONDING_MITM;
283 break;
284 case BT_SECURITY_MEDIUM:
285 auth_type = HCI_AT_GENERAL_BONDING;
286 break;
287 default:
288 auth_type = HCI_AT_NO_BONDING;
289 break;
290 }
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100291 }
292
293 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
294 auth_type);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200295}
296
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200297static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
298{
299 u8 id;
300
301 /* Get next available identificator.
302 * 1 - 128 are used by kernel.
303 * 129 - 199 are reserved.
304 * 200 - 254 are used by utilities like l2ping, etc.
305 */
306
307 spin_lock_bh(&conn->lock);
308
309 if (++conn->tx_ident > 128)
310 conn->tx_ident = 1;
311
312 id = conn->tx_ident;
313
314 spin_unlock_bh(&conn->lock);
315
316 return id;
317}
318
319static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
320{
321 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
322
323 BT_DBG("code 0x%2.2x", code);
324
325 if (!skb)
326 return -ENOMEM;
327
328 return hci_send_acl(conn->hcon, skb, 0);
329}
330
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200331static void l2cap_do_start(struct sock *sk)
332{
333 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
334
335 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
Marcel Holtmann984947d2009-02-06 23:35:19 +0100336 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
337 return;
338
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100339 if (l2cap_check_security(sk)) {
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200340 struct l2cap_conn_req req;
341 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
342 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200343
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200344 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200345
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200346 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200347 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200348 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200349 } else {
350 struct l2cap_info_req req;
351 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
352
353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
354 conn->info_ident = l2cap_get_ident(conn);
355
356 mod_timer(&conn->info_timer, jiffies +
357 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
358
359 l2cap_send_cmd(conn, conn->info_ident,
360 L2CAP_INFO_REQ, sizeof(req), &req);
361 }
362}
363
Linus Torvalds1da177e2005-04-16 15:20:36 -0700364/* ---- L2CAP connections ---- */
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200365static void l2cap_conn_start(struct l2cap_conn *conn)
366{
367 struct l2cap_chan_list *l = &conn->chan_list;
368 struct sock *sk;
369
370 BT_DBG("conn %p", conn);
371
372 read_lock(&l->lock);
373
374 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
375 bh_lock_sock(sk);
376
377 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200378 bh_unlock_sock(sk);
379 continue;
380 }
381
382 if (sk->sk_state == BT_CONNECT) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100383 if (l2cap_check_security(sk)) {
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200384 struct l2cap_conn_req req;
385 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
386 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200387
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200388 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200389
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200390 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200391 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200392 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200393 } else if (sk->sk_state == BT_CONNECT2) {
394 struct l2cap_conn_rsp rsp;
395 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
396 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
397
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100398 if (l2cap_check_security(sk)) {
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100399 if (bt_sk(sk)->defer_setup) {
400 struct sock *parent = bt_sk(sk)->parent;
401 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
402 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
403 parent->sk_data_ready(parent, 0);
404
405 } else {
406 sk->sk_state = BT_CONFIG;
407 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
408 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
409 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200410 } else {
411 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
412 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
413 }
414
415 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
416 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
417 }
418
419 bh_unlock_sock(sk);
420 }
421
422 read_unlock(&l->lock);
423}
424
425static void l2cap_conn_ready(struct l2cap_conn *conn)
426{
427 struct l2cap_chan_list *l = &conn->chan_list;
428 struct sock *sk;
429
430 BT_DBG("conn %p", conn);
431
432 read_lock(&l->lock);
433
434 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
435 bh_lock_sock(sk);
436
437 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200438 l2cap_sock_clear_timer(sk);
439 sk->sk_state = BT_CONNECTED;
440 sk->sk_state_change(sk);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200441 } else if (sk->sk_state == BT_CONNECT)
442 l2cap_do_start(sk);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200443
444 bh_unlock_sock(sk);
445 }
446
447 read_unlock(&l->lock);
448}
449
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200450/* Notify sockets that we cannot guaranty reliability anymore */
451static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
452{
453 struct l2cap_chan_list *l = &conn->chan_list;
454 struct sock *sk;
455
456 BT_DBG("conn %p", conn);
457
458 read_lock(&l->lock);
459
460 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100461 if (l2cap_pi(sk)->force_reliable)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200462 sk->sk_err = err;
463 }
464
465 read_unlock(&l->lock);
466}
467
468static void l2cap_info_timeout(unsigned long arg)
469{
470 struct l2cap_conn *conn = (void *) arg;
471
Marcel Holtmann984947d2009-02-06 23:35:19 +0100472 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +0100473 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +0100474
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200475 l2cap_conn_start(conn);
476}
477
Linus Torvalds1da177e2005-04-16 15:20:36 -0700478static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
479{
Marcel Holtmann01394182006-07-03 10:02:46 +0200480 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700481
Marcel Holtmann01394182006-07-03 10:02:46 +0200482 if (conn || status)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700483 return conn;
484
Marcel Holtmann01394182006-07-03 10:02:46 +0200485 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
486 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700487 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700488
489 hcon->l2cap_data = conn;
490 conn->hcon = hcon;
491
Marcel Holtmann01394182006-07-03 10:02:46 +0200492 BT_DBG("hcon %p conn %p", hcon, conn);
493
Linus Torvalds1da177e2005-04-16 15:20:36 -0700494 conn->mtu = hcon->hdev->acl_mtu;
495 conn->src = &hcon->hdev->bdaddr;
496 conn->dst = &hcon->dst;
497
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200498 conn->feat_mask = 0;
499
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200500 setup_timer(&conn->info_timer, l2cap_info_timeout,
501 (unsigned long) conn);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200502
Linus Torvalds1da177e2005-04-16 15:20:36 -0700503 spin_lock_init(&conn->lock);
504 rwlock_init(&conn->chan_list.lock);
505
Marcel Holtmann2950f212009-02-12 14:02:50 +0100506 conn->disc_reason = 0x13;
507
Linus Torvalds1da177e2005-04-16 15:20:36 -0700508 return conn;
509}
510
Marcel Holtmann01394182006-07-03 10:02:46 +0200511static void l2cap_conn_del(struct hci_conn *hcon, int err)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700512{
Marcel Holtmann01394182006-07-03 10:02:46 +0200513 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700514 struct sock *sk;
515
Marcel Holtmann01394182006-07-03 10:02:46 +0200516 if (!conn)
517 return;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700518
519 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
520
Wei Yongjun7585b972009-02-25 18:29:52 +0800521 kfree_skb(conn->rx_skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700522
523 /* Kill channels */
524 while ((sk = conn->chan_list.head)) {
525 bh_lock_sock(sk);
526 l2cap_chan_del(sk, err);
527 bh_unlock_sock(sk);
528 l2cap_sock_kill(sk);
529 }
530
Dave Young8e8440f2008-03-03 12:18:55 -0800531 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
532 del_timer_sync(&conn->info_timer);
Thomas Gleixner3ab22732008-02-26 17:42:56 -0800533
Linus Torvalds1da177e2005-04-16 15:20:36 -0700534 hcon->l2cap_data = NULL;
535 kfree(conn);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700536}
537
538static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
539{
540 struct l2cap_chan_list *l = &conn->chan_list;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200541 write_lock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700542 __l2cap_chan_add(conn, sk, parent);
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200543 write_unlock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700544}
545
Linus Torvalds1da177e2005-04-16 15:20:36 -0700546/* ---- Socket interface ---- */
Al Viro8e036fc2007-07-29 00:16:36 -0700547static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700548{
549 struct sock *sk;
550 struct hlist_node *node;
551 sk_for_each(sk, node, &l2cap_sk_list.head)
552 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
553 goto found;
554 sk = NULL;
555found:
556 return sk;
557}
558
559/* Find socket with psm and source bdaddr.
560 * Returns closest match.
561 */
Al Viro8e036fc2007-07-29 00:16:36 -0700562static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700563{
564 struct sock *sk = NULL, *sk1 = NULL;
565 struct hlist_node *node;
566
567 sk_for_each(sk, node, &l2cap_sk_list.head) {
568 if (state && sk->sk_state != state)
569 continue;
570
571 if (l2cap_pi(sk)->psm == psm) {
572 /* Exact match. */
573 if (!bacmp(&bt_sk(sk)->src, src))
574 break;
575
576 /* Closest match */
577 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
578 sk1 = sk;
579 }
580 }
581 return node ? sk : sk1;
582}
583
584/* Find socket with given address (psm, src).
585 * Returns locked socket */
Al Viro8e036fc2007-07-29 00:16:36 -0700586static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700587{
588 struct sock *s;
589 read_lock(&l2cap_sk_list.lock);
590 s = __l2cap_get_sock_by_psm(state, psm, src);
591 if (s) bh_lock_sock(s);
592 read_unlock(&l2cap_sk_list.lock);
593 return s;
594}
595
596static void l2cap_sock_destruct(struct sock *sk)
597{
598 BT_DBG("sk %p", sk);
599
600 skb_queue_purge(&sk->sk_receive_queue);
601 skb_queue_purge(&sk->sk_write_queue);
602}
603
604static void l2cap_sock_cleanup_listen(struct sock *parent)
605{
606 struct sock *sk;
607
608 BT_DBG("parent %p", parent);
609
610 /* Close not yet accepted channels */
611 while ((sk = bt_accept_dequeue(parent, NULL)))
612 l2cap_sock_close(sk);
613
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200614 parent->sk_state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700615 sock_set_flag(parent, SOCK_ZAPPED);
616}
617
618/* Kill socket (only if zapped and orphan)
619 * Must be called on unlocked socket.
620 */
621static void l2cap_sock_kill(struct sock *sk)
622{
623 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
624 return;
625
626 BT_DBG("sk %p state %d", sk, sk->sk_state);
627
628 /* Kill poor orphan */
629 bt_sock_unlink(&l2cap_sk_list, sk);
630 sock_set_flag(sk, SOCK_DEAD);
631 sock_put(sk);
632}
633
634static void __l2cap_sock_close(struct sock *sk, int reason)
635{
636 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
637
638 switch (sk->sk_state) {
639 case BT_LISTEN:
640 l2cap_sock_cleanup_listen(sk);
641 break;
642
643 case BT_CONNECTED:
644 case BT_CONFIG:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700645 if (sk->sk_type == SOCK_SEQPACKET) {
646 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
647 struct l2cap_disconn_req req;
648
649 sk->sk_state = BT_DISCONN;
650 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
651
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -0700652 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
653 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700654 l2cap_send_cmd(conn, l2cap_get_ident(conn),
655 L2CAP_DISCONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200656 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700657 l2cap_chan_del(sk, reason);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700658 break;
659
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100660 case BT_CONNECT2:
661 if (sk->sk_type == SOCK_SEQPACKET) {
662 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
663 struct l2cap_conn_rsp rsp;
664 __u16 result;
665
666 if (bt_sk(sk)->defer_setup)
667 result = L2CAP_CR_SEC_BLOCK;
668 else
669 result = L2CAP_CR_BAD_PSM;
670
671 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
672 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
673 rsp.result = cpu_to_le16(result);
674 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
675 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
676 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
677 } else
678 l2cap_chan_del(sk, reason);
679 break;
680
Linus Torvalds1da177e2005-04-16 15:20:36 -0700681 case BT_CONNECT:
682 case BT_DISCONN:
683 l2cap_chan_del(sk, reason);
684 break;
685
686 default:
687 sock_set_flag(sk, SOCK_ZAPPED);
688 break;
689 }
690}
691
692/* Must be called on unlocked socket. */
693static void l2cap_sock_close(struct sock *sk)
694{
695 l2cap_sock_clear_timer(sk);
696 lock_sock(sk);
697 __l2cap_sock_close(sk, ECONNRESET);
698 release_sock(sk);
699 l2cap_sock_kill(sk);
700}
701
702static void l2cap_sock_init(struct sock *sk, struct sock *parent)
703{
704 struct l2cap_pinfo *pi = l2cap_pi(sk);
705
706 BT_DBG("sk %p", sk);
707
708 if (parent) {
709 sk->sk_type = parent->sk_type;
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100710 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
711
Linus Torvalds1da177e2005-04-16 15:20:36 -0700712 pi->imtu = l2cap_pi(parent)->imtu;
713 pi->omtu = l2cap_pi(parent)->omtu;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100714 pi->sec_level = l2cap_pi(parent)->sec_level;
715 pi->role_switch = l2cap_pi(parent)->role_switch;
716 pi->force_reliable = l2cap_pi(parent)->force_reliable;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700717 } else {
718 pi->imtu = L2CAP_DEFAULT_MTU;
719 pi->omtu = 0;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100720 pi->sec_level = BT_SECURITY_LOW;
721 pi->role_switch = 0;
722 pi->force_reliable = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700723 }
724
725 /* Default config options */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +0200726 pi->conf_len = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700727 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
728}
729
730static struct proto l2cap_proto = {
731 .name = "L2CAP",
732 .owner = THIS_MODULE,
733 .obj_size = sizeof(struct l2cap_pinfo)
734};
735
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700736static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700737{
738 struct sock *sk;
739
Pavel Emelyanov6257ff22007-11-01 00:39:31 -0700740 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700741 if (!sk)
742 return NULL;
743
744 sock_init_data(sock, sk);
745 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
746
747 sk->sk_destruct = l2cap_sock_destruct;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200748 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700749
750 sock_reset_flag(sk, SOCK_ZAPPED);
751
752 sk->sk_protocol = proto;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200753 sk->sk_state = BT_OPEN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700754
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200755 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700756
757 bt_sock_link(&l2cap_sk_list, sk);
758 return sk;
759}
760
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700761static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700762{
763 struct sock *sk;
764
765 BT_DBG("sock %p", sock);
766
767 sock->state = SS_UNCONNECTED;
768
769 if (sock->type != SOCK_SEQPACKET &&
770 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
771 return -ESOCKTNOSUPPORT;
772
773 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
774 return -EPERM;
775
776 sock->ops = &l2cap_sock_ops;
777
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700778 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700779 if (!sk)
780 return -ENOMEM;
781
782 l2cap_sock_init(sk, NULL);
783 return 0;
784}
785
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100786static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700787{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700788 struct sock *sk = sock->sk;
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100789 struct sockaddr_l2 la;
790 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700791
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100792 BT_DBG("sk %p", sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700793
794 if (!addr || addr->sa_family != AF_BLUETOOTH)
795 return -EINVAL;
796
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100797 memset(&la, 0, sizeof(la));
798 len = min_t(unsigned int, sizeof(la), alen);
799 memcpy(&la, addr, len);
800
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100801 if (la.l2_cid)
802 return -EINVAL;
803
Linus Torvalds1da177e2005-04-16 15:20:36 -0700804 lock_sock(sk);
805
806 if (sk->sk_state != BT_OPEN) {
807 err = -EBADFD;
808 goto done;
809 }
810
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100811 if (la.l2_psm && btohs(la.l2_psm) < 0x1001 &&
Marcel Holtmann847641d2007-01-22 22:00:45 +0100812 !capable(CAP_NET_BIND_SERVICE)) {
813 err = -EACCES;
814 goto done;
815 }
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900816
Linus Torvalds1da177e2005-04-16 15:20:36 -0700817 write_lock_bh(&l2cap_sk_list.lock);
818
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100819 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700820 err = -EADDRINUSE;
821 } else {
822 /* Save source address */
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100823 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
824 l2cap_pi(sk)->psm = la.l2_psm;
825 l2cap_pi(sk)->sport = la.l2_psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700826 sk->sk_state = BT_BOUND;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100827
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100828 if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003)
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100829 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700830 }
831
832 write_unlock_bh(&l2cap_sk_list.lock);
833
834done:
835 release_sock(sk);
836 return err;
837}
838
839static int l2cap_do_connect(struct sock *sk)
840{
841 bdaddr_t *src = &bt_sk(sk)->src;
842 bdaddr_t *dst = &bt_sk(sk)->dst;
843 struct l2cap_conn *conn;
844 struct hci_conn *hcon;
845 struct hci_dev *hdev;
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200846 __u8 auth_type;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700847 int err = 0;
848
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100849 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
850 l2cap_pi(sk)->psm);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700851
852 if (!(hdev = hci_get_route(dst, src)))
853 return -EHOSTUNREACH;
854
855 hci_dev_lock_bh(hdev);
856
857 err = -ENOMEM;
858
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100859 if (sk->sk_type == SOCK_RAW) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100860 switch (l2cap_pi(sk)->sec_level) {
861 case BT_SECURITY_HIGH:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100862 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100863 break;
864 case BT_SECURITY_MEDIUM:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100865 auth_type = HCI_AT_DEDICATED_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100866 break;
867 default:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100868 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100869 break;
870 }
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100871 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100872 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200873 auth_type = HCI_AT_NO_BONDING_MITM;
874 else
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200875 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann435fef22009-02-09 03:55:28 +0100876
877 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
878 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100879 } else {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100880 switch (l2cap_pi(sk)->sec_level) {
881 case BT_SECURITY_HIGH:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100882 auth_type = HCI_AT_GENERAL_BONDING_MITM;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100883 break;
884 case BT_SECURITY_MEDIUM:
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200885 auth_type = HCI_AT_GENERAL_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100886 break;
887 default:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100888 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100889 break;
890 }
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200891 }
892
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100893 hcon = hci_connect(hdev, ACL_LINK, dst,
894 l2cap_pi(sk)->sec_level, auth_type);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700895 if (!hcon)
896 goto done;
897
898 conn = l2cap_conn_add(hcon, 0);
899 if (!conn) {
900 hci_conn_put(hcon);
901 goto done;
902 }
903
904 err = 0;
905
906 /* Update source addr of the socket */
907 bacpy(src, conn->src);
908
909 l2cap_chan_add(conn, sk, NULL);
910
911 sk->sk_state = BT_CONNECT;
912 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
913
914 if (hcon->state == BT_CONNECTED) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200915 if (sk->sk_type != SOCK_SEQPACKET) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700916 l2cap_sock_clear_timer(sk);
917 sk->sk_state = BT_CONNECTED;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200918 } else
919 l2cap_do_start(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700920 }
921
922done:
923 hci_dev_unlock_bh(hdev);
924 hci_dev_put(hdev);
925 return err;
926}
927
928static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
929{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700930 struct sock *sk = sock->sk;
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100931 struct sockaddr_l2 la;
932 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700933
Linus Torvalds1da177e2005-04-16 15:20:36 -0700934 BT_DBG("sk %p", sk);
935
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100936 if (!addr || addr->sa_family != AF_BLUETOOTH)
937 return -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700938
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100939 memset(&la, 0, sizeof(la));
940 len = min_t(unsigned int, sizeof(la), alen);
941 memcpy(&la, addr, len);
942
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100943 if (la.l2_cid)
944 return -EINVAL;
945
946 lock_sock(sk);
947
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100948 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700949 err = -EINVAL;
950 goto done;
951 }
952
953 switch(sk->sk_state) {
954 case BT_CONNECT:
955 case BT_CONNECT2:
956 case BT_CONFIG:
957 /* Already connecting */
958 goto wait;
959
960 case BT_CONNECTED:
961 /* Already connected */
962 goto done;
963
964 case BT_OPEN:
965 case BT_BOUND:
966 /* Can connect */
967 break;
968
969 default:
970 err = -EBADFD;
971 goto done;
972 }
973
974 /* Set destination address and psm */
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100975 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
976 l2cap_pi(sk)->psm = la.l2_psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700977
978 if ((err = l2cap_do_connect(sk)))
979 goto done;
980
981wait:
982 err = bt_sock_wait_state(sk, BT_CONNECTED,
983 sock_sndtimeo(sk, flags & O_NONBLOCK));
984done:
985 release_sock(sk);
986 return err;
987}
988
989static int l2cap_sock_listen(struct socket *sock, int backlog)
990{
991 struct sock *sk = sock->sk;
992 int err = 0;
993
994 BT_DBG("sk %p backlog %d", sk, backlog);
995
996 lock_sock(sk);
997
998 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
999 err = -EBADFD;
1000 goto done;
1001 }
1002
1003 if (!l2cap_pi(sk)->psm) {
1004 bdaddr_t *src = &bt_sk(sk)->src;
1005 u16 psm;
1006
1007 err = -EINVAL;
1008
1009 write_lock_bh(&l2cap_sk_list.lock);
1010
1011 for (psm = 0x1001; psm < 0x1100; psm += 2)
Al Viro6dc0c202007-07-29 00:15:18 -07001012 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001013 l2cap_pi(sk)->psm = htobs(psm);
1014 l2cap_pi(sk)->sport = htobs(psm);
1015 err = 0;
1016 break;
1017 }
1018
1019 write_unlock_bh(&l2cap_sk_list.lock);
1020
1021 if (err < 0)
1022 goto done;
1023 }
1024
1025 sk->sk_max_ack_backlog = backlog;
1026 sk->sk_ack_backlog = 0;
1027 sk->sk_state = BT_LISTEN;
1028
1029done:
1030 release_sock(sk);
1031 return err;
1032}
1033
1034static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1035{
1036 DECLARE_WAITQUEUE(wait, current);
1037 struct sock *sk = sock->sk, *nsk;
1038 long timeo;
1039 int err = 0;
1040
Peter Zijlstrafcc70d52006-11-08 22:44:35 -08001041 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001042
1043 if (sk->sk_state != BT_LISTEN) {
1044 err = -EBADFD;
1045 goto done;
1046 }
1047
1048 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1049
1050 BT_DBG("sk %p timeo %ld", sk, timeo);
1051
1052 /* Wait for an incoming connection. (wake-one). */
1053 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1054 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1055 set_current_state(TASK_INTERRUPTIBLE);
1056 if (!timeo) {
1057 err = -EAGAIN;
1058 break;
1059 }
1060
1061 release_sock(sk);
1062 timeo = schedule_timeout(timeo);
Peter Zijlstrafcc70d52006-11-08 22:44:35 -08001063 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001064
1065 if (sk->sk_state != BT_LISTEN) {
1066 err = -EBADFD;
1067 break;
1068 }
1069
1070 if (signal_pending(current)) {
1071 err = sock_intr_errno(timeo);
1072 break;
1073 }
1074 }
1075 set_current_state(TASK_RUNNING);
1076 remove_wait_queue(sk->sk_sleep, &wait);
1077
1078 if (err)
1079 goto done;
1080
1081 newsock->state = SS_CONNECTED;
1082
1083 BT_DBG("new socket %p", nsk);
1084
1085done:
1086 release_sock(sk);
1087 return err;
1088}
1089
1090static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1091{
1092 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1093 struct sock *sk = sock->sk;
1094
1095 BT_DBG("sock %p, sk %p", sock, sk);
1096
1097 addr->sa_family = AF_BLUETOOTH;
1098 *len = sizeof(struct sockaddr_l2);
1099
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001100 if (peer) {
1101 la->l2_psm = l2cap_pi(sk)->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001102 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001103 la->l2_cid = htobs(l2cap_pi(sk)->dcid);
1104 } else {
1105 la->l2_psm = l2cap_pi(sk)->sport;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001106 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001107 la->l2_cid = htobs(l2cap_pi(sk)->scid);
1108 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001109
Linus Torvalds1da177e2005-04-16 15:20:36 -07001110 return 0;
1111}
1112
1113static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1114{
1115 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1116 struct sk_buff *skb, **frag;
1117 int err, hlen, count, sent=0;
1118 struct l2cap_hdr *lh;
1119
1120 BT_DBG("sk %p len %d", sk, len);
1121
1122 /* First fragment (with L2CAP header) */
1123 if (sk->sk_type == SOCK_DGRAM)
1124 hlen = L2CAP_HDR_SIZE + 2;
1125 else
1126 hlen = L2CAP_HDR_SIZE;
1127
1128 count = min_t(unsigned int, (conn->mtu - hlen), len);
1129
1130 skb = bt_skb_send_alloc(sk, hlen + count,
1131 msg->msg_flags & MSG_DONTWAIT, &err);
1132 if (!skb)
1133 return err;
1134
1135 /* Create L2CAP header */
1136 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001137 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1138 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001139
1140 if (sk->sk_type == SOCK_DGRAM)
Al Viro8e036fc2007-07-29 00:16:36 -07001141 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001142
1143 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1144 err = -EFAULT;
1145 goto fail;
1146 }
1147
1148 sent += count;
1149 len -= count;
1150
1151 /* Continuation fragments (no L2CAP header) */
1152 frag = &skb_shinfo(skb)->frag_list;
1153 while (len) {
1154 count = min_t(unsigned int, conn->mtu, len);
1155
1156 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1157 if (!*frag)
1158 goto fail;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001159
Linus Torvalds1da177e2005-04-16 15:20:36 -07001160 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1161 err = -EFAULT;
1162 goto fail;
1163 }
1164
1165 sent += count;
1166 len -= count;
1167
1168 frag = &(*frag)->next;
1169 }
1170
1171 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1172 goto fail;
1173
1174 return sent;
1175
1176fail:
1177 kfree_skb(skb);
1178 return err;
1179}
1180
1181static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1182{
1183 struct sock *sk = sock->sk;
1184 int err = 0;
1185
1186 BT_DBG("sock %p, sk %p", sock, sk);
1187
Benjamin LaHaisec1cbe4b2005-12-13 23:22:19 -08001188 err = sock_error(sk);
1189 if (err)
1190 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001191
1192 if (msg->msg_flags & MSG_OOB)
1193 return -EOPNOTSUPP;
1194
1195 /* Check outgoing MTU */
1196 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1197 return -EINVAL;
1198
1199 lock_sock(sk);
1200
1201 if (sk->sk_state == BT_CONNECTED)
1202 err = l2cap_do_send(sk, msg, len);
1203 else
1204 err = -ENOTCONN;
1205
1206 release_sock(sk);
1207 return err;
1208}
1209
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001210static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1211{
1212 struct sock *sk = sock->sk;
1213
1214 lock_sock(sk);
1215
1216 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1217 struct l2cap_conn_rsp rsp;
1218
1219 sk->sk_state = BT_CONFIG;
1220
1221 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1222 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1223 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1224 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1225 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1226 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1227
1228 release_sock(sk);
1229 return 0;
1230 }
1231
1232 release_sock(sk);
1233
1234 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1235}
1236
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001237static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001238{
1239 struct sock *sk = sock->sk;
1240 struct l2cap_options opts;
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001241 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001242 u32 opt;
1243
1244 BT_DBG("sk %p", sk);
1245
1246 lock_sock(sk);
1247
1248 switch (optname) {
1249 case L2CAP_OPTIONS:
Marcel Holtmann0878b662007-05-05 00:35:59 +02001250 opts.imtu = l2cap_pi(sk)->imtu;
1251 opts.omtu = l2cap_pi(sk)->omtu;
1252 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001253 opts.mode = L2CAP_MODE_BASIC;
Marcel Holtmann0878b662007-05-05 00:35:59 +02001254
Linus Torvalds1da177e2005-04-16 15:20:36 -07001255 len = min_t(unsigned int, sizeof(opts), optlen);
1256 if (copy_from_user((char *) &opts, optval, len)) {
1257 err = -EFAULT;
1258 break;
1259 }
Marcel Holtmann0878b662007-05-05 00:35:59 +02001260
Linus Torvalds1da177e2005-04-16 15:20:36 -07001261 l2cap_pi(sk)->imtu = opts.imtu;
1262 l2cap_pi(sk)->omtu = opts.omtu;
1263 break;
1264
1265 case L2CAP_LM:
1266 if (get_user(opt, (u32 __user *) optval)) {
1267 err = -EFAULT;
1268 break;
1269 }
1270
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001271 if (opt & L2CAP_LM_AUTH)
1272 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1273 if (opt & L2CAP_LM_ENCRYPT)
1274 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1275 if (opt & L2CAP_LM_SECURE)
1276 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1277
1278 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1279 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001280 break;
1281
1282 default:
1283 err = -ENOPROTOOPT;
1284 break;
1285 }
1286
1287 release_sock(sk);
1288 return err;
1289}
1290
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001291static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1292{
1293 struct sock *sk = sock->sk;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001294 struct bt_security sec;
1295 int len, err = 0;
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001296 u32 opt;
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001297
1298 BT_DBG("sk %p", sk);
1299
1300 if (level == SOL_L2CAP)
1301 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1302
Marcel Holtmann0588d942009-01-16 10:06:13 +01001303 if (level != SOL_BLUETOOTH)
1304 return -ENOPROTOOPT;
1305
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001306 lock_sock(sk);
1307
1308 switch (optname) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001309 case BT_SECURITY:
Marcel Holtmann2526d3d2009-02-20 20:54:06 +01001310 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
Marcel Holtmann0588d942009-01-16 10:06:13 +01001311 err = -EINVAL;
1312 break;
1313 }
1314
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001315 sec.level = BT_SECURITY_LOW;
1316
1317 len = min_t(unsigned int, sizeof(sec), optlen);
1318 if (copy_from_user((char *) &sec, optval, len)) {
1319 err = -EFAULT;
1320 break;
1321 }
1322
1323 if (sec.level < BT_SECURITY_LOW ||
1324 sec.level > BT_SECURITY_HIGH) {
1325 err = -EINVAL;
1326 break;
1327 }
1328
1329 l2cap_pi(sk)->sec_level = sec.level;
1330 break;
1331
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001332 case BT_DEFER_SETUP:
1333 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1334 err = -EINVAL;
1335 break;
1336 }
1337
1338 if (get_user(opt, (u32 __user *) optval)) {
1339 err = -EFAULT;
1340 break;
1341 }
1342
1343 bt_sk(sk)->defer_setup = opt;
1344 break;
1345
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001346 default:
1347 err = -ENOPROTOOPT;
1348 break;
1349 }
1350
1351 release_sock(sk);
1352 return err;
1353}
1354
1355static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001356{
1357 struct sock *sk = sock->sk;
1358 struct l2cap_options opts;
1359 struct l2cap_conninfo cinfo;
1360 int len, err = 0;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001361 u32 opt;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001362
1363 BT_DBG("sk %p", sk);
1364
1365 if (get_user(len, optlen))
1366 return -EFAULT;
1367
1368 lock_sock(sk);
1369
1370 switch (optname) {
1371 case L2CAP_OPTIONS:
1372 opts.imtu = l2cap_pi(sk)->imtu;
1373 opts.omtu = l2cap_pi(sk)->omtu;
1374 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001375 opts.mode = L2CAP_MODE_BASIC;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001376
1377 len = min_t(unsigned int, len, sizeof(opts));
1378 if (copy_to_user(optval, (char *) &opts, len))
1379 err = -EFAULT;
1380
1381 break;
1382
1383 case L2CAP_LM:
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001384 switch (l2cap_pi(sk)->sec_level) {
1385 case BT_SECURITY_LOW:
1386 opt = L2CAP_LM_AUTH;
1387 break;
1388 case BT_SECURITY_MEDIUM:
1389 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1390 break;
1391 case BT_SECURITY_HIGH:
1392 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1393 L2CAP_LM_SECURE;
1394 break;
1395 default:
1396 opt = 0;
1397 break;
1398 }
1399
1400 if (l2cap_pi(sk)->role_switch)
1401 opt |= L2CAP_LM_MASTER;
1402
1403 if (l2cap_pi(sk)->force_reliable)
1404 opt |= L2CAP_LM_RELIABLE;
1405
1406 if (put_user(opt, (u32 __user *) optval))
Linus Torvalds1da177e2005-04-16 15:20:36 -07001407 err = -EFAULT;
1408 break;
1409
1410 case L2CAP_CONNINFO:
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001411 if (sk->sk_state != BT_CONNECTED &&
1412 !(sk->sk_state == BT_CONNECT2 &&
1413 bt_sk(sk)->defer_setup)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001414 err = -ENOTCONN;
1415 break;
1416 }
1417
1418 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1419 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1420
1421 len = min_t(unsigned int, len, sizeof(cinfo));
1422 if (copy_to_user(optval, (char *) &cinfo, len))
1423 err = -EFAULT;
1424
1425 break;
1426
1427 default:
1428 err = -ENOPROTOOPT;
1429 break;
1430 }
1431
1432 release_sock(sk);
1433 return err;
1434}
1435
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001436static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1437{
1438 struct sock *sk = sock->sk;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001439 struct bt_security sec;
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001440 int len, err = 0;
1441
1442 BT_DBG("sk %p", sk);
1443
1444 if (level == SOL_L2CAP)
1445 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1446
Marcel Holtmann0588d942009-01-16 10:06:13 +01001447 if (level != SOL_BLUETOOTH)
1448 return -ENOPROTOOPT;
1449
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001450 if (get_user(len, optlen))
1451 return -EFAULT;
1452
1453 lock_sock(sk);
1454
1455 switch (optname) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001456 case BT_SECURITY:
Marcel Holtmann2526d3d2009-02-20 20:54:06 +01001457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
Marcel Holtmann0588d942009-01-16 10:06:13 +01001458 err = -EINVAL;
1459 break;
1460 }
1461
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001462 sec.level = l2cap_pi(sk)->sec_level;
1463
1464 len = min_t(unsigned int, len, sizeof(sec));
1465 if (copy_to_user(optval, (char *) &sec, len))
1466 err = -EFAULT;
1467
1468 break;
1469
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001470 case BT_DEFER_SETUP:
1471 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1472 err = -EINVAL;
1473 break;
1474 }
1475
1476 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1477 err = -EFAULT;
1478
1479 break;
1480
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001481 default:
1482 err = -ENOPROTOOPT;
1483 break;
1484 }
1485
1486 release_sock(sk);
1487 return err;
1488}
1489
Linus Torvalds1da177e2005-04-16 15:20:36 -07001490static int l2cap_sock_shutdown(struct socket *sock, int how)
1491{
1492 struct sock *sk = sock->sk;
1493 int err = 0;
1494
1495 BT_DBG("sock %p, sk %p", sock, sk);
1496
1497 if (!sk)
1498 return 0;
1499
1500 lock_sock(sk);
1501 if (!sk->sk_shutdown) {
1502 sk->sk_shutdown = SHUTDOWN_MASK;
1503 l2cap_sock_clear_timer(sk);
1504 __l2cap_sock_close(sk, 0);
1505
1506 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02001507 err = bt_sock_wait_state(sk, BT_CLOSED,
1508 sk->sk_lingertime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001509 }
1510 release_sock(sk);
1511 return err;
1512}
1513
1514static int l2cap_sock_release(struct socket *sock)
1515{
1516 struct sock *sk = sock->sk;
1517 int err;
1518
1519 BT_DBG("sock %p, sk %p", sock, sk);
1520
1521 if (!sk)
1522 return 0;
1523
1524 err = l2cap_sock_shutdown(sock, 2);
1525
1526 sock_orphan(sk);
1527 l2cap_sock_kill(sk);
1528 return err;
1529}
1530
Linus Torvalds1da177e2005-04-16 15:20:36 -07001531static void l2cap_chan_ready(struct sock *sk)
1532{
1533 struct sock *parent = bt_sk(sk)->parent;
1534
1535 BT_DBG("sk %p, parent %p", sk, parent);
1536
1537 l2cap_pi(sk)->conf_state = 0;
1538 l2cap_sock_clear_timer(sk);
1539
1540 if (!parent) {
1541 /* Outgoing channel.
1542 * Wake up socket sleeping on connect.
1543 */
1544 sk->sk_state = BT_CONNECTED;
1545 sk->sk_state_change(sk);
1546 } else {
1547 /* Incoming channel.
1548 * Wake up socket sleeping on accept.
1549 */
1550 parent->sk_data_ready(parent, 0);
1551 }
1552}
1553
1554/* Copy frame to all raw sockets on that connection */
1555static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1556{
1557 struct l2cap_chan_list *l = &conn->chan_list;
1558 struct sk_buff *nskb;
1559 struct sock * sk;
1560
1561 BT_DBG("conn %p", conn);
1562
1563 read_lock(&l->lock);
1564 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1565 if (sk->sk_type != SOCK_RAW)
1566 continue;
1567
1568 /* Don't send frame to the socket it came from */
1569 if (skb->sk == sk)
1570 continue;
1571
1572 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1573 continue;
1574
1575 if (sock_queue_rcv_skb(sk, nskb))
1576 kfree_skb(nskb);
1577 }
1578 read_unlock(&l->lock);
1579}
1580
1581/* ---- L2CAP signalling commands ---- */
1582static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1583 u8 code, u8 ident, u16 dlen, void *data)
1584{
1585 struct sk_buff *skb, **frag;
1586 struct l2cap_cmd_hdr *cmd;
1587 struct l2cap_hdr *lh;
1588 int len, count;
1589
1590 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1591
1592 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1593 count = min_t(unsigned int, conn->mtu, len);
1594
1595 skb = bt_skb_alloc(count, GFP_ATOMIC);
1596 if (!skb)
1597 return NULL;
1598
1599 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001600 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03001601 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001602
1603 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1604 cmd->code = code;
1605 cmd->ident = ident;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001606 cmd->len = cpu_to_le16(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001607
1608 if (dlen) {
1609 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1610 memcpy(skb_put(skb, count), data, count);
1611 data += count;
1612 }
1613
1614 len -= skb->len;
1615
1616 /* Continuation fragments (no L2CAP header) */
1617 frag = &skb_shinfo(skb)->frag_list;
1618 while (len) {
1619 count = min_t(unsigned int, conn->mtu, len);
1620
1621 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1622 if (!*frag)
1623 goto fail;
1624
1625 memcpy(skb_put(*frag, count), data, count);
1626
1627 len -= count;
1628 data += count;
1629
1630 frag = &(*frag)->next;
1631 }
1632
1633 return skb;
1634
1635fail:
1636 kfree_skb(skb);
1637 return NULL;
1638}
1639
1640static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1641{
1642 struct l2cap_conf_opt *opt = *ptr;
1643 int len;
1644
1645 len = L2CAP_CONF_OPT_SIZE + opt->len;
1646 *ptr += len;
1647
1648 *type = opt->type;
1649 *olen = opt->len;
1650
1651 switch (opt->len) {
1652 case 1:
1653 *val = *((u8 *) opt->val);
1654 break;
1655
1656 case 2:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001657 *val = __le16_to_cpu(*((__le16 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001658 break;
1659
1660 case 4:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001661 *val = __le32_to_cpu(*((__le32 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001662 break;
1663
1664 default:
1665 *val = (unsigned long) opt->val;
1666 break;
1667 }
1668
1669 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1670 return len;
1671}
1672
Linus Torvalds1da177e2005-04-16 15:20:36 -07001673static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1674{
1675 struct l2cap_conf_opt *opt = *ptr;
1676
1677 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1678
1679 opt->type = type;
1680 opt->len = len;
1681
1682 switch (len) {
1683 case 1:
1684 *((u8 *) opt->val) = val;
1685 break;
1686
1687 case 2:
Al Viro8e036fc2007-07-29 00:16:36 -07001688 *((__le16 *) opt->val) = cpu_to_le16(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001689 break;
1690
1691 case 4:
Al Viro8e036fc2007-07-29 00:16:36 -07001692 *((__le32 *) opt->val) = cpu_to_le32(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001693 break;
1694
1695 default:
1696 memcpy(opt->val, (void *) val, len);
1697 break;
1698 }
1699
1700 *ptr += L2CAP_CONF_OPT_SIZE + len;
1701}
1702
1703static int l2cap_build_conf_req(struct sock *sk, void *data)
1704{
1705 struct l2cap_pinfo *pi = l2cap_pi(sk);
1706 struct l2cap_conf_req *req = data;
1707 void *ptr = req->data;
1708
1709 BT_DBG("sk %p", sk);
1710
1711 if (pi->imtu != L2CAP_DEFAULT_MTU)
1712 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1713
1714 /* FIXME: Need actual value of the flush timeout */
1715 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1716 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1717
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001718 req->dcid = cpu_to_le16(pi->dcid);
1719 req->flags = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001720
1721 return ptr - data;
1722}
1723
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001724static int l2cap_parse_conf_req(struct sock *sk, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001725{
1726 struct l2cap_pinfo *pi = l2cap_pi(sk);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001727 struct l2cap_conf_rsp *rsp = data;
1728 void *ptr = rsp->data;
1729 void *req = pi->conf_req;
1730 int len = pi->conf_len;
1731 int type, hint, olen;
1732 unsigned long val;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001733 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
Marcel Holtmann861d6882007-10-20 13:37:06 +02001734 u16 mtu = L2CAP_DEFAULT_MTU;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001735 u16 result = L2CAP_CONF_SUCCESS;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001736
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001737 BT_DBG("sk %p", sk);
Marcel Holtmann820ae1b2006-11-18 22:15:00 +01001738
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001739 while (len >= L2CAP_CONF_OPT_SIZE) {
1740 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001741
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001742 hint = type & 0x80;
1743 type &= 0x7f;
1744
1745 switch (type) {
1746 case L2CAP_CONF_MTU:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001747 mtu = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001748 break;
1749
1750 case L2CAP_CONF_FLUSH_TO:
1751 pi->flush_to = val;
1752 break;
1753
1754 case L2CAP_CONF_QOS:
1755 break;
1756
Marcel Holtmann6464f352007-10-20 13:39:51 +02001757 case L2CAP_CONF_RFC:
1758 if (olen == sizeof(rfc))
1759 memcpy(&rfc, (void *) val, olen);
1760 break;
1761
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001762 default:
1763 if (hint)
1764 break;
1765
1766 result = L2CAP_CONF_UNKNOWN;
1767 *((u8 *) ptr++) = type;
1768 break;
1769 }
1770 }
1771
1772 if (result == L2CAP_CONF_SUCCESS) {
1773 /* Configure output options and let the other side know
1774 * which ones we don't like. */
1775
Marcel Holtmann6464f352007-10-20 13:39:51 +02001776 if (rfc.mode == L2CAP_MODE_BASIC) {
1777 if (mtu < pi->omtu)
1778 result = L2CAP_CONF_UNACCEPT;
1779 else {
1780 pi->omtu = mtu;
1781 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1782 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001783
Marcel Holtmann6464f352007-10-20 13:39:51 +02001784 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1785 } else {
1786 result = L2CAP_CONF_UNACCEPT;
1787
1788 memset(&rfc, 0, sizeof(rfc));
1789 rfc.mode = L2CAP_MODE_BASIC;
1790
1791 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1792 sizeof(rfc), (unsigned long) &rfc);
1793 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001794 }
1795
1796 rsp->scid = cpu_to_le16(pi->dcid);
1797 rsp->result = cpu_to_le16(result);
1798 rsp->flags = cpu_to_le16(0x0000);
1799
1800 return ptr - data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001801}
1802
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001803static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001804{
1805 struct l2cap_conf_rsp *rsp = data;
1806 void *ptr = rsp->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001807
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001808 BT_DBG("sk %p", sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001809
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001810 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001811 rsp->result = cpu_to_le16(result);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001812 rsp->flags = cpu_to_le16(flags);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001813
1814 return ptr - data;
1815}
1816
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001817static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1818{
1819 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1820
1821 if (rej->reason != 0x0000)
1822 return 0;
1823
1824 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1825 cmd->ident == conn->info_ident) {
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001826 del_timer(&conn->info_timer);
Marcel Holtmann984947d2009-02-06 23:35:19 +01001827
1828 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01001829 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01001830
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001831 l2cap_conn_start(conn);
1832 }
1833
1834 return 0;
1835}
1836
Linus Torvalds1da177e2005-04-16 15:20:36 -07001837static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1838{
1839 struct l2cap_chan_list *list = &conn->chan_list;
1840 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1841 struct l2cap_conn_rsp rsp;
1842 struct sock *sk, *parent;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001843 int result, status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001844
1845 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001846 __le16 psm = req->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001847
1848 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1849
1850 /* Check if we have socket listening on psm */
1851 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1852 if (!parent) {
1853 result = L2CAP_CR_BAD_PSM;
1854 goto sendresp;
1855 }
1856
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001857 /* Check if the ACL is secure enough (if not SDP) */
1858 if (psm != cpu_to_le16(0x0001) &&
1859 !hci_conn_check_link_mode(conn->hcon)) {
Marcel Holtmann2950f212009-02-12 14:02:50 +01001860 conn->disc_reason = 0x05;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001861 result = L2CAP_CR_SEC_BLOCK;
1862 goto response;
1863 }
1864
Linus Torvalds1da177e2005-04-16 15:20:36 -07001865 result = L2CAP_CR_NO_MEM;
1866
1867 /* Check for backlog size */
1868 if (sk_acceptq_is_full(parent)) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001869 BT_DBG("backlog full %d", parent->sk_ack_backlog);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001870 goto response;
1871 }
1872
YOSHIFUJI Hideaki3b1e0a62008-03-26 02:26:21 +09001873 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001874 if (!sk)
1875 goto response;
1876
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001877 write_lock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001878
1879 /* Check if we already have channel with that dcid */
1880 if (__l2cap_get_chan_by_dcid(list, scid)) {
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001881 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001882 sock_set_flag(sk, SOCK_ZAPPED);
1883 l2cap_sock_kill(sk);
1884 goto response;
1885 }
1886
1887 hci_conn_hold(conn->hcon);
1888
1889 l2cap_sock_init(sk, parent);
1890 bacpy(&bt_sk(sk)->src, conn->src);
1891 bacpy(&bt_sk(sk)->dst, conn->dst);
1892 l2cap_pi(sk)->psm = psm;
1893 l2cap_pi(sk)->dcid = scid;
1894
1895 __l2cap_chan_add(conn, sk, parent);
1896 dcid = l2cap_pi(sk)->scid;
1897
1898 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1899
Linus Torvalds1da177e2005-04-16 15:20:36 -07001900 l2cap_pi(sk)->ident = cmd->ident;
1901
Marcel Holtmann984947d2009-02-06 23:35:19 +01001902 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001903 if (l2cap_check_security(sk)) {
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001904 if (bt_sk(sk)->defer_setup) {
1905 sk->sk_state = BT_CONNECT2;
1906 result = L2CAP_CR_PEND;
1907 status = L2CAP_CS_AUTHOR_PEND;
1908 parent->sk_data_ready(parent, 0);
1909 } else {
1910 sk->sk_state = BT_CONFIG;
1911 result = L2CAP_CR_SUCCESS;
1912 status = L2CAP_CS_NO_INFO;
1913 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001914 } else {
1915 sk->sk_state = BT_CONNECT2;
1916 result = L2CAP_CR_PEND;
1917 status = L2CAP_CS_AUTHEN_PEND;
1918 }
1919 } else {
1920 sk->sk_state = BT_CONNECT2;
1921 result = L2CAP_CR_PEND;
1922 status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001923 }
1924
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001925 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001926
1927response:
1928 bh_unlock_sock(parent);
1929
1930sendresp:
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001931 rsp.scid = cpu_to_le16(scid);
1932 rsp.dcid = cpu_to_le16(dcid);
1933 rsp.result = cpu_to_le16(result);
1934 rsp.status = cpu_to_le16(status);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001935 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001936
1937 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1938 struct l2cap_info_req info;
1939 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1940
1941 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1942 conn->info_ident = l2cap_get_ident(conn);
1943
1944 mod_timer(&conn->info_timer, jiffies +
1945 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1946
1947 l2cap_send_cmd(conn, conn->info_ident,
1948 L2CAP_INFO_REQ, sizeof(info), &info);
1949 }
1950
Linus Torvalds1da177e2005-04-16 15:20:36 -07001951 return 0;
1952}
1953
1954static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1955{
1956 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1957 u16 scid, dcid, result, status;
1958 struct sock *sk;
1959 u8 req[128];
1960
1961 scid = __le16_to_cpu(rsp->scid);
1962 dcid = __le16_to_cpu(rsp->dcid);
1963 result = __le16_to_cpu(rsp->result);
1964 status = __le16_to_cpu(rsp->status);
1965
1966 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1967
1968 if (scid) {
1969 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1970 return 0;
1971 } else {
1972 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1973 return 0;
1974 }
1975
1976 switch (result) {
1977 case L2CAP_CR_SUCCESS:
1978 sk->sk_state = BT_CONFIG;
1979 l2cap_pi(sk)->ident = 0;
1980 l2cap_pi(sk)->dcid = dcid;
1981 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1982
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01001983 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1984
Linus Torvalds1da177e2005-04-16 15:20:36 -07001985 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1986 l2cap_build_conf_req(sk, req), req);
1987 break;
1988
1989 case L2CAP_CR_PEND:
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01001990 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001991 break;
1992
1993 default:
1994 l2cap_chan_del(sk, ECONNREFUSED);
1995 break;
1996 }
1997
1998 bh_unlock_sock(sk);
1999 return 0;
2000}
2001
Al Viro88219a02007-07-29 00:17:25 -07002002static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002003{
2004 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2005 u16 dcid, flags;
2006 u8 rsp[64];
2007 struct sock *sk;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002008 int len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002009
2010 dcid = __le16_to_cpu(req->dcid);
2011 flags = __le16_to_cpu(req->flags);
2012
2013 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2014
2015 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2016 return -ENOENT;
2017
Marcel Holtmann354f60a2006-11-18 22:15:20 +01002018 if (sk->sk_state == BT_DISCONN)
2019 goto unlock;
2020
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002021 /* Reject if config buffer is too small. */
Al Viro88219a02007-07-29 00:17:25 -07002022 len = cmd_len - sizeof(*req);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002023 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2024 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2025 l2cap_build_conf_rsp(sk, rsp,
2026 L2CAP_CONF_REJECT, flags), rsp);
2027 goto unlock;
2028 }
2029
2030 /* Store config. */
2031 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2032 l2cap_pi(sk)->conf_len += len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002033
2034 if (flags & 0x0001) {
2035 /* Incomplete config. Send empty response. */
2036 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002037 l2cap_build_conf_rsp(sk, rsp,
2038 L2CAP_CONF_SUCCESS, 0x0001), rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002039 goto unlock;
2040 }
2041
2042 /* Complete config. */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002043 len = l2cap_parse_conf_req(sk, rsp);
2044 if (len < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002045 goto unlock;
2046
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002047 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2048
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002049 /* Reset config buffer. */
2050 l2cap_pi(sk)->conf_len = 0;
2051
Marcel Holtmann876d9482007-10-20 13:35:42 +02002052 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2053 goto unlock;
2054
Linus Torvalds1da177e2005-04-16 15:20:36 -07002055 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2056 sk->sk_state = BT_CONNECTED;
2057 l2cap_chan_ready(sk);
Marcel Holtmann876d9482007-10-20 13:35:42 +02002058 goto unlock;
2059 }
2060
2061 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +02002062 u8 buf[64];
Linus Torvalds1da177e2005-04-16 15:20:36 -07002063 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Marcel Holtmann79d554a2008-07-14 20:13:44 +02002064 l2cap_build_conf_req(sk, buf), buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002065 }
2066
2067unlock:
2068 bh_unlock_sock(sk);
2069 return 0;
2070}
2071
2072static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2073{
2074 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2075 u16 scid, flags, result;
2076 struct sock *sk;
2077
2078 scid = __le16_to_cpu(rsp->scid);
2079 flags = __le16_to_cpu(rsp->flags);
2080 result = __le16_to_cpu(rsp->result);
2081
2082 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2083
2084 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2085 return 0;
2086
2087 switch (result) {
2088 case L2CAP_CONF_SUCCESS:
2089 break;
2090
2091 case L2CAP_CONF_UNACCEPT:
2092 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2093 char req[128];
2094 /* It does not make sense to adjust L2CAP parameters
2095 * that are currently defined in the spec. We simply
2096 * resend config request that we sent earlier. It is
2097 * stupid, but it helps qualification testing which
2098 * expects at least some response from us. */
2099 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2100 l2cap_build_conf_req(sk, req), req);
2101 goto done;
2102 }
2103
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09002104 default:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002105 sk->sk_state = BT_DISCONN;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002106 sk->sk_err = ECONNRESET;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002107 l2cap_sock_set_timer(sk, HZ * 5);
2108 {
2109 struct l2cap_disconn_req req;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002110 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2111 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002112 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2113 L2CAP_DISCONN_REQ, sizeof(req), &req);
2114 }
2115 goto done;
2116 }
2117
2118 if (flags & 0x01)
2119 goto done;
2120
Linus Torvalds1da177e2005-04-16 15:20:36 -07002121 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2122
2123 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2124 sk->sk_state = BT_CONNECTED;
2125 l2cap_chan_ready(sk);
2126 }
2127
2128done:
2129 bh_unlock_sock(sk);
2130 return 0;
2131}
2132
2133static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2134{
2135 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2136 struct l2cap_disconn_rsp rsp;
2137 u16 dcid, scid;
2138 struct sock *sk;
2139
2140 scid = __le16_to_cpu(req->scid);
2141 dcid = __le16_to_cpu(req->dcid);
2142
2143 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2144
2145 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2146 return 0;
2147
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002148 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2149 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002150 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2151
2152 sk->sk_shutdown = SHUTDOWN_MASK;
2153
2154 l2cap_chan_del(sk, ECONNRESET);
2155 bh_unlock_sock(sk);
2156
2157 l2cap_sock_kill(sk);
2158 return 0;
2159}
2160
2161static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2162{
2163 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2164 u16 dcid, scid;
2165 struct sock *sk;
2166
2167 scid = __le16_to_cpu(rsp->scid);
2168 dcid = __le16_to_cpu(rsp->dcid);
2169
2170 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2171
2172 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2173 return 0;
2174
2175 l2cap_chan_del(sk, 0);
2176 bh_unlock_sock(sk);
2177
2178 l2cap_sock_kill(sk);
2179 return 0;
2180}
2181
2182static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2183{
2184 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002185 u16 type;
2186
2187 type = __le16_to_cpu(req->type);
2188
2189 BT_DBG("type 0x%4.4x", type);
2190
Marcel Holtmannf0709e02007-10-20 13:38:51 +02002191 if (type == L2CAP_IT_FEAT_MASK) {
2192 u8 buf[8];
2193 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2194 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2195 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2196 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2197 l2cap_send_cmd(conn, cmd->ident,
2198 L2CAP_INFO_RSP, sizeof(buf), buf);
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002199 } else if (type == L2CAP_IT_FIXED_CHAN) {
2200 u8 buf[12];
2201 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2202 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2203 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2204 memcpy(buf + 4, l2cap_fixed_chan, 8);
2205 l2cap_send_cmd(conn, cmd->ident,
2206 L2CAP_INFO_RSP, sizeof(buf), buf);
Marcel Holtmannf0709e02007-10-20 13:38:51 +02002207 } else {
2208 struct l2cap_info_rsp rsp;
2209 rsp.type = cpu_to_le16(type);
2210 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2211 l2cap_send_cmd(conn, cmd->ident,
2212 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2213 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002214
2215 return 0;
2216}
2217
2218static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2219{
2220 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2221 u16 type, result;
2222
2223 type = __le16_to_cpu(rsp->type);
2224 result = __le16_to_cpu(rsp->result);
2225
2226 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2227
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002228 del_timer(&conn->info_timer);
2229
Marcel Holtmann984947d2009-02-06 23:35:19 +01002230 if (type == L2CAP_IT_FEAT_MASK) {
Harvey Harrison83985312008-05-02 16:25:46 -07002231 conn->feat_mask = get_unaligned_le32(rsp->data);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002232
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002233 if (conn->feat_mask & 0x0080) {
2234 struct l2cap_info_req req;
2235 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2236
2237 conn->info_ident = l2cap_get_ident(conn);
2238
2239 l2cap_send_cmd(conn, conn->info_ident,
2240 L2CAP_INFO_REQ, sizeof(req), &req);
2241 } else {
2242 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2243 conn->info_ident = 0;
2244
2245 l2cap_conn_start(conn);
2246 }
2247 } else if (type == L2CAP_IT_FIXED_CHAN) {
Marcel Holtmann984947d2009-02-06 23:35:19 +01002248 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002249 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01002250
2251 l2cap_conn_start(conn);
2252 }
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002253
Linus Torvalds1da177e2005-04-16 15:20:36 -07002254 return 0;
2255}
2256
2257static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2258{
2259 u8 *data = skb->data;
2260 int len = skb->len;
2261 struct l2cap_cmd_hdr cmd;
2262 int err = 0;
2263
2264 l2cap_raw_recv(conn, skb);
2265
2266 while (len >= L2CAP_CMD_HDR_SIZE) {
Al Viro88219a02007-07-29 00:17:25 -07002267 u16 cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002268 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2269 data += L2CAP_CMD_HDR_SIZE;
2270 len -= L2CAP_CMD_HDR_SIZE;
2271
Al Viro88219a02007-07-29 00:17:25 -07002272 cmd_len = le16_to_cpu(cmd.len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002273
Al Viro88219a02007-07-29 00:17:25 -07002274 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002275
Al Viro88219a02007-07-29 00:17:25 -07002276 if (cmd_len > len || !cmd.ident) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002277 BT_DBG("corrupted command");
2278 break;
2279 }
2280
2281 switch (cmd.code) {
2282 case L2CAP_COMMAND_REJ:
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002283 l2cap_command_rej(conn, &cmd, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002284 break;
2285
2286 case L2CAP_CONN_REQ:
2287 err = l2cap_connect_req(conn, &cmd, data);
2288 break;
2289
2290 case L2CAP_CONN_RSP:
2291 err = l2cap_connect_rsp(conn, &cmd, data);
2292 break;
2293
2294 case L2CAP_CONF_REQ:
Al Viro88219a02007-07-29 00:17:25 -07002295 err = l2cap_config_req(conn, &cmd, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002296 break;
2297
2298 case L2CAP_CONF_RSP:
2299 err = l2cap_config_rsp(conn, &cmd, data);
2300 break;
2301
2302 case L2CAP_DISCONN_REQ:
2303 err = l2cap_disconnect_req(conn, &cmd, data);
2304 break;
2305
2306 case L2CAP_DISCONN_RSP:
2307 err = l2cap_disconnect_rsp(conn, &cmd, data);
2308 break;
2309
2310 case L2CAP_ECHO_REQ:
Al Viro88219a02007-07-29 00:17:25 -07002311 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002312 break;
2313
2314 case L2CAP_ECHO_RSP:
2315 break;
2316
2317 case L2CAP_INFO_REQ:
2318 err = l2cap_information_req(conn, &cmd, data);
2319 break;
2320
2321 case L2CAP_INFO_RSP:
2322 err = l2cap_information_rsp(conn, &cmd, data);
2323 break;
2324
2325 default:
2326 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2327 err = -EINVAL;
2328 break;
2329 }
2330
2331 if (err) {
2332 struct l2cap_cmd_rej rej;
2333 BT_DBG("error %d", err);
2334
2335 /* FIXME: Map err to a valid reason */
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002336 rej.reason = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002337 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2338 }
2339
Al Viro88219a02007-07-29 00:17:25 -07002340 data += cmd_len;
2341 len -= cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002342 }
2343
2344 kfree_skb(skb);
2345}
2346
2347static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2348{
2349 struct sock *sk;
2350
2351 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2352 if (!sk) {
2353 BT_DBG("unknown cid 0x%4.4x", cid);
2354 goto drop;
2355 }
2356
2357 BT_DBG("sk %p, len %d", sk, skb->len);
2358
2359 if (sk->sk_state != BT_CONNECTED)
2360 goto drop;
2361
2362 if (l2cap_pi(sk)->imtu < skb->len)
2363 goto drop;
2364
2365 /* If socket recv buffers overflows we drop data here
2366 * which is *bad* because L2CAP has to be reliable.
2367 * But we don't have any other choice. L2CAP doesn't
2368 * provide flow control mechanism. */
2369
2370 if (!sock_queue_rcv_skb(sk, skb))
2371 goto done;
2372
2373drop:
2374 kfree_skb(skb);
2375
2376done:
Marcel Holtmann01394182006-07-03 10:02:46 +02002377 if (sk)
2378 bh_unlock_sock(sk);
2379
Linus Torvalds1da177e2005-04-16 15:20:36 -07002380 return 0;
2381}
2382
Al Viro8e036fc2007-07-29 00:16:36 -07002383static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002384{
2385 struct sock *sk;
2386
2387 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2388 if (!sk)
2389 goto drop;
2390
2391 BT_DBG("sk %p, len %d", sk, skb->len);
2392
2393 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2394 goto drop;
2395
2396 if (l2cap_pi(sk)->imtu < skb->len)
2397 goto drop;
2398
2399 if (!sock_queue_rcv_skb(sk, skb))
2400 goto done;
2401
2402drop:
2403 kfree_skb(skb);
2404
2405done:
2406 if (sk) bh_unlock_sock(sk);
2407 return 0;
2408}
2409
2410static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2411{
2412 struct l2cap_hdr *lh = (void *) skb->data;
Al Viro8e036fc2007-07-29 00:16:36 -07002413 u16 cid, len;
2414 __le16 psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002415
2416 skb_pull(skb, L2CAP_HDR_SIZE);
2417 cid = __le16_to_cpu(lh->cid);
2418 len = __le16_to_cpu(lh->len);
2419
2420 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2421
2422 switch (cid) {
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03002423 case L2CAP_CID_SIGNALING:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002424 l2cap_sig_channel(conn, skb);
2425 break;
2426
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03002427 case L2CAP_CID_CONN_LESS:
Al Viro8e036fc2007-07-29 00:16:36 -07002428 psm = get_unaligned((__le16 *) skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002429 skb_pull(skb, 2);
2430 l2cap_conless_channel(conn, psm, skb);
2431 break;
2432
2433 default:
2434 l2cap_data_channel(conn, cid, skb);
2435 break;
2436 }
2437}
2438
2439/* ---- L2CAP interface with lower layer (HCI) ---- */
2440
2441static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2442{
2443 int exact = 0, lm1 = 0, lm2 = 0;
2444 register struct sock *sk;
2445 struct hlist_node *node;
2446
2447 if (type != ACL_LINK)
2448 return 0;
2449
2450 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2451
2452 /* Find listening sockets and check their link_mode */
2453 read_lock(&l2cap_sk_list.lock);
2454 sk_for_each(sk, node, &l2cap_sk_list.head) {
2455 if (sk->sk_state != BT_LISTEN)
2456 continue;
2457
2458 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002459 lm1 |= HCI_LM_ACCEPT;
2460 if (l2cap_pi(sk)->role_switch)
2461 lm1 |= HCI_LM_MASTER;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002462 exact++;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002463 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2464 lm2 |= HCI_LM_ACCEPT;
2465 if (l2cap_pi(sk)->role_switch)
2466 lm2 |= HCI_LM_MASTER;
2467 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002468 }
2469 read_unlock(&l2cap_sk_list.lock);
2470
2471 return exact ? lm1 : lm2;
2472}
2473
2474static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2475{
Marcel Holtmann01394182006-07-03 10:02:46 +02002476 struct l2cap_conn *conn;
2477
Linus Torvalds1da177e2005-04-16 15:20:36 -07002478 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2479
2480 if (hcon->type != ACL_LINK)
2481 return 0;
2482
2483 if (!status) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002484 conn = l2cap_conn_add(hcon, status);
2485 if (conn)
2486 l2cap_conn_ready(conn);
Marcel Holtmann01394182006-07-03 10:02:46 +02002487 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07002488 l2cap_conn_del(hcon, bt_err(status));
2489
2490 return 0;
2491}
2492
Marcel Holtmann2950f212009-02-12 14:02:50 +01002493static int l2cap_disconn_ind(struct hci_conn *hcon)
2494{
2495 struct l2cap_conn *conn = hcon->l2cap_data;
2496
2497 BT_DBG("hcon %p", hcon);
2498
2499 if (hcon->type != ACL_LINK || !conn)
2500 return 0x13;
2501
2502 return conn->disc_reason;
2503}
2504
2505static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002506{
2507 BT_DBG("hcon %p reason %d", hcon, reason);
2508
2509 if (hcon->type != ACL_LINK)
2510 return 0;
2511
2512 l2cap_conn_del(hcon, bt_err(reason));
Marcel Holtmann01394182006-07-03 10:02:46 +02002513
Linus Torvalds1da177e2005-04-16 15:20:36 -07002514 return 0;
2515}
2516
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002517static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2518{
Marcel Holtmann255c7602009-02-04 21:07:19 +01002519 if (sk->sk_type != SOCK_SEQPACKET)
2520 return;
2521
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002522 if (encrypt == 0x00) {
2523 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2524 l2cap_sock_clear_timer(sk);
2525 l2cap_sock_set_timer(sk, HZ * 5);
2526 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2527 __l2cap_sock_close(sk, ECONNREFUSED);
2528 } else {
2529 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2530 l2cap_sock_clear_timer(sk);
2531 }
2532}
2533
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002534static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002535{
2536 struct l2cap_chan_list *l;
Marcel Holtmann40be4922008-07-14 20:13:50 +02002537 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002538 struct sock *sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002539
Marcel Holtmann01394182006-07-03 10:02:46 +02002540 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002541 return 0;
Marcel Holtmann01394182006-07-03 10:02:46 +02002542
Linus Torvalds1da177e2005-04-16 15:20:36 -07002543 l = &conn->chan_list;
2544
2545 BT_DBG("conn %p", conn);
2546
2547 read_lock(&l->lock);
2548
2549 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2550 bh_lock_sock(sk);
2551
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01002552 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2553 bh_unlock_sock(sk);
2554 continue;
2555 }
2556
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002557 if (!status && (sk->sk_state == BT_CONNECTED ||
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002558 sk->sk_state == BT_CONFIG)) {
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002559 l2cap_check_encryption(sk, encrypt);
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002560 bh_unlock_sock(sk);
2561 continue;
2562 }
2563
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002564 if (sk->sk_state == BT_CONNECT) {
2565 if (!status) {
2566 struct l2cap_conn_req req;
2567 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2568 req.psm = l2cap_pi(sk)->psm;
2569
2570 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2571
2572 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2573 L2CAP_CONN_REQ, sizeof(req), &req);
2574 } else {
2575 l2cap_sock_clear_timer(sk);
2576 l2cap_sock_set_timer(sk, HZ / 10);
2577 }
2578 } else if (sk->sk_state == BT_CONNECT2) {
2579 struct l2cap_conn_rsp rsp;
2580 __u16 result;
2581
2582 if (!status) {
2583 sk->sk_state = BT_CONFIG;
2584 result = L2CAP_CR_SUCCESS;
2585 } else {
2586 sk->sk_state = BT_DISCONN;
2587 l2cap_sock_set_timer(sk, HZ / 10);
2588 result = L2CAP_CR_SEC_BLOCK;
2589 }
2590
2591 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2592 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2593 rsp.result = cpu_to_le16(result);
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02002594 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002595 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2596 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002597 }
2598
Linus Torvalds1da177e2005-04-16 15:20:36 -07002599 bh_unlock_sock(sk);
2600 }
2601
2602 read_unlock(&l->lock);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002603
Linus Torvalds1da177e2005-04-16 15:20:36 -07002604 return 0;
2605}
2606
2607static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2608{
2609 struct l2cap_conn *conn = hcon->l2cap_data;
2610
2611 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2612 goto drop;
2613
2614 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2615
2616 if (flags & ACL_START) {
2617 struct l2cap_hdr *hdr;
2618 int len;
2619
2620 if (conn->rx_len) {
2621 BT_ERR("Unexpected start frame (len %d)", skb->len);
2622 kfree_skb(conn->rx_skb);
2623 conn->rx_skb = NULL;
2624 conn->rx_len = 0;
2625 l2cap_conn_unreliable(conn, ECOMM);
2626 }
2627
2628 if (skb->len < 2) {
2629 BT_ERR("Frame is too short (len %d)", skb->len);
2630 l2cap_conn_unreliable(conn, ECOMM);
2631 goto drop;
2632 }
2633
2634 hdr = (struct l2cap_hdr *) skb->data;
2635 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2636
2637 if (len == skb->len) {
2638 /* Complete frame received */
2639 l2cap_recv_frame(conn, skb);
2640 return 0;
2641 }
2642
2643 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2644
2645 if (skb->len > len) {
2646 BT_ERR("Frame is too long (len %d, expected len %d)",
2647 skb->len, len);
2648 l2cap_conn_unreliable(conn, ECOMM);
2649 goto drop;
2650 }
2651
2652 /* Allocate skb for the complete frame (with header) */
2653 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2654 goto drop;
2655
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002656 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002657 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002658 conn->rx_len = len - skb->len;
2659 } else {
2660 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2661
2662 if (!conn->rx_len) {
2663 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2664 l2cap_conn_unreliable(conn, ECOMM);
2665 goto drop;
2666 }
2667
2668 if (skb->len > conn->rx_len) {
2669 BT_ERR("Fragment is too long (len %d, expected %d)",
2670 skb->len, conn->rx_len);
2671 kfree_skb(conn->rx_skb);
2672 conn->rx_skb = NULL;
2673 conn->rx_len = 0;
2674 l2cap_conn_unreliable(conn, ECOMM);
2675 goto drop;
2676 }
2677
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002678 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002679 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002680 conn->rx_len -= skb->len;
2681
2682 if (!conn->rx_len) {
2683 /* Complete frame received */
2684 l2cap_recv_frame(conn, conn->rx_skb);
2685 conn->rx_skb = NULL;
2686 }
2687 }
2688
2689drop:
2690 kfree_skb(skb);
2691 return 0;
2692}
2693
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002694static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002695{
2696 struct sock *sk;
2697 struct hlist_node *node;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002698 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002699
2700 read_lock_bh(&l2cap_sk_list.lock);
2701
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002702 sk_for_each(sk, node, &l2cap_sk_list.head) {
2703 struct l2cap_pinfo *pi = l2cap_pi(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002704
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002705 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002706 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
Marcel Holtmann73863972007-01-22 22:00:40 +01002707 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002708 pi->imtu, pi->omtu, pi->sec_level);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002709 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002710
Linus Torvalds1da177e2005-04-16 15:20:36 -07002711 read_unlock_bh(&l2cap_sk_list.lock);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002712
2713 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002714}
2715
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002716static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002717
Eric Dumazet90ddc4f2005-12-22 12:49:22 -08002718static const struct proto_ops l2cap_sock_ops = {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002719 .family = PF_BLUETOOTH,
2720 .owner = THIS_MODULE,
2721 .release = l2cap_sock_release,
2722 .bind = l2cap_sock_bind,
2723 .connect = l2cap_sock_connect,
2724 .listen = l2cap_sock_listen,
2725 .accept = l2cap_sock_accept,
2726 .getname = l2cap_sock_getname,
2727 .sendmsg = l2cap_sock_sendmsg,
Marcel Holtmannf66dc812009-01-15 21:57:00 +01002728 .recvmsg = l2cap_sock_recvmsg,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002729 .poll = bt_sock_poll,
Marcel Holtmann3241ad82008-07-14 20:13:50 +02002730 .ioctl = bt_sock_ioctl,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002731 .mmap = sock_no_mmap,
2732 .socketpair = sock_no_socketpair,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002733 .shutdown = l2cap_sock_shutdown,
2734 .setsockopt = l2cap_sock_setsockopt,
2735 .getsockopt = l2cap_sock_getsockopt
2736};
2737
2738static struct net_proto_family l2cap_sock_family_ops = {
2739 .family = PF_BLUETOOTH,
2740 .owner = THIS_MODULE,
2741 .create = l2cap_sock_create,
2742};
2743
2744static struct hci_proto l2cap_hci_proto = {
2745 .name = "L2CAP",
2746 .id = HCI_PROTO_L2CAP,
2747 .connect_ind = l2cap_connect_ind,
2748 .connect_cfm = l2cap_connect_cfm,
2749 .disconn_ind = l2cap_disconn_ind,
Marcel Holtmann2950f212009-02-12 14:02:50 +01002750 .disconn_cfm = l2cap_disconn_cfm,
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002751 .security_cfm = l2cap_security_cfm,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002752 .recv_acldata = l2cap_recv_acldata
2753};
2754
2755static int __init l2cap_init(void)
2756{
2757 int err;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002758
Linus Torvalds1da177e2005-04-16 15:20:36 -07002759 err = proto_register(&l2cap_proto, 0);
2760 if (err < 0)
2761 return err;
2762
2763 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2764 if (err < 0) {
2765 BT_ERR("L2CAP socket registration failed");
2766 goto error;
2767 }
2768
2769 err = hci_register_proto(&l2cap_hci_proto);
2770 if (err < 0) {
2771 BT_ERR("L2CAP protocol registration failed");
2772 bt_sock_unregister(BTPROTO_L2CAP);
2773 goto error;
2774 }
2775
Marcel Holtmanndf5c37e2006-10-15 17:30:45 +02002776 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2777 BT_ERR("Failed to create L2CAP info file");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002778
2779 BT_INFO("L2CAP ver %s", VERSION);
2780 BT_INFO("L2CAP socket layer initialized");
2781
2782 return 0;
2783
2784error:
2785 proto_unregister(&l2cap_proto);
2786 return err;
2787}
2788
2789static void __exit l2cap_exit(void)
2790{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +02002791 class_remove_file(bt_class, &class_attr_l2cap);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002792
2793 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2794 BT_ERR("L2CAP socket unregistration failed");
2795
2796 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2797 BT_ERR("L2CAP protocol unregistration failed");
2798
2799 proto_unregister(&l2cap_proto);
2800}
2801
2802void l2cap_load(void)
2803{
2804 /* Dummy function to trigger automatic L2CAP module loading by
2805 * other modules that use L2CAP sockets but don't use any other
2806 * symbols from it. */
2807 return;
2808}
2809EXPORT_SYMBOL(l2cap_load);
2810
2811module_init(l2cap_init);
2812module_exit(l2cap_exit);
2813
Marcel Holtmann63fbd242008-08-18 13:23:53 +02002814MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002815MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2816MODULE_VERSION(VERSION);
2817MODULE_LICENSE("GPL");
2818MODULE_ALIAS("bt-proto-0");