blob: bd0a4c1bced048c97e61c106cc45b7c9dba8fac1 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090015 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090020 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070022 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
Linus Torvalds1da177e2005-04-16 15:20:36 -070027#include <linux/module.h>
28
29#include <linux/types.h>
Randy Dunlap4fc268d2006-01-11 12:17:47 -080030#include <linux/capability.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <linux/errno.h>
32#include <linux/kernel.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070033#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070041#include <linux/list.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -080042#include <linux/device.h>
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -030043#include <linux/uaccess.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070044#include <net/sock.h>
45
46#include <asm/system.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070047#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52
Marcel Holtmanne1027a72009-02-09 09:18:02 +010053#define VERSION "2.13"
Marcel Holtmannf0709e02007-10-20 13:38:51 +020054
Marcel Holtmann47ec1dcd2009-05-02 18:57:55 -070055static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
Marcel Holtmanne1027a72009-02-09 09:18:02 +010056static u8 l2cap_fixed_chan[8] = { 0x02, };
Linus Torvalds1da177e2005-04-16 15:20:36 -070057
Eric Dumazet90ddc4f2005-12-22 12:49:22 -080058static const struct proto_ops l2cap_sock_ops;
Linus Torvalds1da177e2005-04-16 15:20:36 -070059
60static struct bt_sock_list l2cap_sk_list = {
Robert P. J. Dayd5fb2962008-03-28 16:17:38 -070061 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
Linus Torvalds1da177e2005-04-16 15:20:36 -070062};
63
Linus Torvalds1da177e2005-04-16 15:20:36 -070064static void __l2cap_sock_close(struct sock *sk, int reason);
65static void l2cap_sock_close(struct sock *sk);
66static void l2cap_sock_kill(struct sock *sk);
67
68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
70
71/* ---- L2CAP timers ---- */
72static void l2cap_sock_timeout(unsigned long arg)
73{
74 struct sock *sk = (struct sock *) arg;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020075 int reason;
Linus Torvalds1da177e2005-04-16 15:20:36 -070076
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
78
79 bh_lock_sock(sk);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020080
Marcel Holtmannf62e4322009-01-15 21:58:44 +010081 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +010084 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
Marcel Holtmannb1235d7962008-07-14 20:13:54 +020085 reason = ECONNREFUSED;
86 else
87 reason = ETIMEDOUT;
88
89 __l2cap_sock_close(sk, reason);
90
Linus Torvalds1da177e2005-04-16 15:20:36 -070091 bh_unlock_sock(sk);
92
93 l2cap_sock_kill(sk);
94 sock_put(sk);
95}
96
97static void l2cap_sock_set_timer(struct sock *sk, long timeout)
98{
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
101}
102
103static void l2cap_sock_clear_timer(struct sock *sk)
104{
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
107}
108
Marcel Holtmann01394182006-07-03 10:02:46 +0200109/* ---- L2CAP channels ---- */
110static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
111{
112 struct sock *s;
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
115 break;
116 }
117 return s;
118}
119
120static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
121{
122 struct sock *s;
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
125 break;
126 }
127 return s;
128}
129
130/* Find channel with given SCID.
131 * Returns locked socket */
132static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
133{
134 struct sock *s;
135 read_lock(&l->lock);
136 s = __l2cap_get_chan_by_scid(l, cid);
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300137 if (s)
138 bh_lock_sock(s);
Marcel Holtmann01394182006-07-03 10:02:46 +0200139 read_unlock(&l->lock);
140 return s;
141}
142
143static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
144{
145 struct sock *s;
146 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
147 if (l2cap_pi(s)->ident == ident)
148 break;
149 }
150 return s;
151}
152
153static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
154{
155 struct sock *s;
156 read_lock(&l->lock);
157 s = __l2cap_get_chan_by_ident(l, ident);
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300158 if (s)
159 bh_lock_sock(s);
Marcel Holtmann01394182006-07-03 10:02:46 +0200160 read_unlock(&l->lock);
161 return s;
162}
163
164static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
165{
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300166 u16 cid = L2CAP_CID_DYN_START;
Marcel Holtmann01394182006-07-03 10:02:46 +0200167
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300168 for (; cid < L2CAP_CID_DYN_END; cid++) {
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300169 if (!__l2cap_get_chan_by_scid(l, cid))
Marcel Holtmann01394182006-07-03 10:02:46 +0200170 return cid;
171 }
172
173 return 0;
174}
175
176static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
177{
178 sock_hold(sk);
179
180 if (l->head)
181 l2cap_pi(l->head)->prev_c = sk;
182
183 l2cap_pi(sk)->next_c = l->head;
184 l2cap_pi(sk)->prev_c = NULL;
185 l->head = sk;
186}
187
188static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
189{
190 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
191
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200192 write_lock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200193 if (sk == l->head)
194 l->head = next;
195
196 if (next)
197 l2cap_pi(next)->prev_c = prev;
198 if (prev)
199 l2cap_pi(prev)->next_c = next;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200200 write_unlock_bh(&l->lock);
Marcel Holtmann01394182006-07-03 10:02:46 +0200201
202 __sock_put(sk);
203}
204
205static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
206{
207 struct l2cap_chan_list *l = &conn->chan_list;
208
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300209 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
210 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
Marcel Holtmann01394182006-07-03 10:02:46 +0200211
Marcel Holtmann2950f212009-02-12 14:02:50 +0100212 conn->disc_reason = 0x13;
213
Marcel Holtmann01394182006-07-03 10:02:46 +0200214 l2cap_pi(sk)->conn = conn;
215
216 if (sk->sk_type == SOCK_SEQPACKET) {
217 /* Alloc CID for connection-oriented socket */
218 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
219 } else if (sk->sk_type == SOCK_DGRAM) {
220 /* Connectionless socket */
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300221 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
222 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
Marcel Holtmann01394182006-07-03 10:02:46 +0200223 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
224 } else {
225 /* Raw socket can send/recv signalling messages only */
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -0300226 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
227 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
Marcel Holtmann01394182006-07-03 10:02:46 +0200228 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
229 }
230
231 __l2cap_chan_link(l, sk);
232
233 if (parent)
234 bt_accept_enqueue(parent, sk);
235}
236
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900237/* Delete channel.
Marcel Holtmann01394182006-07-03 10:02:46 +0200238 * Must be called on the locked socket. */
239static void l2cap_chan_del(struct sock *sk, int err)
240{
241 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
242 struct sock *parent = bt_sk(sk)->parent;
243
244 l2cap_sock_clear_timer(sk);
245
246 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
247
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900248 if (conn) {
Marcel Holtmann01394182006-07-03 10:02:46 +0200249 /* Unlink from channel list */
250 l2cap_chan_unlink(&conn->chan_list, sk);
251 l2cap_pi(sk)->conn = NULL;
252 hci_conn_put(conn->hcon);
253 }
254
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200255 sk->sk_state = BT_CLOSED;
Marcel Holtmann01394182006-07-03 10:02:46 +0200256 sock_set_flag(sk, SOCK_ZAPPED);
257
258 if (err)
259 sk->sk_err = err;
260
261 if (parent) {
262 bt_accept_unlink(sk);
263 parent->sk_data_ready(parent, 0);
264 } else
265 sk->sk_state_change(sk);
266}
267
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200268/* Service level security */
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100269static inline int l2cap_check_security(struct sock *sk)
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200270{
271 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100272 __u8 auth_type;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200273
Marcel Holtmann00ae4af2009-02-12 16:19:45 +0100274 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
275 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
276 auth_type = HCI_AT_NO_BONDING_MITM;
277 else
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300278 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann00ae4af2009-02-12 16:19:45 +0100279
280 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
281 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
282 } else {
283 switch (l2cap_pi(sk)->sec_level) {
284 case BT_SECURITY_HIGH:
285 auth_type = HCI_AT_GENERAL_BONDING_MITM;
286 break;
287 case BT_SECURITY_MEDIUM:
288 auth_type = HCI_AT_GENERAL_BONDING;
289 break;
290 default:
291 auth_type = HCI_AT_NO_BONDING;
292 break;
293 }
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100294 }
295
296 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
297 auth_type);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200298}
299
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200300static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
301{
302 u8 id;
303
304 /* Get next available identificator.
305 * 1 - 128 are used by kernel.
306 * 129 - 199 are reserved.
307 * 200 - 254 are used by utilities like l2ping, etc.
308 */
309
310 spin_lock_bh(&conn->lock);
311
312 if (++conn->tx_ident > 128)
313 conn->tx_ident = 1;
314
315 id = conn->tx_ident;
316
317 spin_unlock_bh(&conn->lock);
318
319 return id;
320}
321
322static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
323{
324 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
325
326 BT_DBG("code 0x%2.2x", code);
327
328 if (!skb)
329 return -ENOMEM;
330
331 return hci_send_acl(conn->hcon, skb, 0);
332}
333
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200334static void l2cap_do_start(struct sock *sk)
335{
336 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
337
338 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
Marcel Holtmann984947d2009-02-06 23:35:19 +0100339 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
340 return;
341
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100342 if (l2cap_check_security(sk)) {
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200343 struct l2cap_conn_req req;
344 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
345 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200346
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200347 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200348
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200349 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200350 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200351 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200352 } else {
353 struct l2cap_info_req req;
354 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
355
356 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
357 conn->info_ident = l2cap_get_ident(conn);
358
359 mod_timer(&conn->info_timer, jiffies +
360 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
361
362 l2cap_send_cmd(conn, conn->info_ident,
363 L2CAP_INFO_REQ, sizeof(req), &req);
364 }
365}
366
Linus Torvalds1da177e2005-04-16 15:20:36 -0700367/* ---- L2CAP connections ---- */
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200368static void l2cap_conn_start(struct l2cap_conn *conn)
369{
370 struct l2cap_chan_list *l = &conn->chan_list;
371 struct sock *sk;
372
373 BT_DBG("conn %p", conn);
374
375 read_lock(&l->lock);
376
377 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
378 bh_lock_sock(sk);
379
380 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200381 bh_unlock_sock(sk);
382 continue;
383 }
384
385 if (sk->sk_state == BT_CONNECT) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100386 if (l2cap_check_security(sk)) {
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200387 struct l2cap_conn_req req;
388 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
389 req.psm = l2cap_pi(sk)->psm;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200390
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200391 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200392
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200393 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200394 L2CAP_CONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200395 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200396 } else if (sk->sk_state == BT_CONNECT2) {
397 struct l2cap_conn_rsp rsp;
398 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
399 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
400
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100401 if (l2cap_check_security(sk)) {
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100402 if (bt_sk(sk)->defer_setup) {
403 struct sock *parent = bt_sk(sk)->parent;
404 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
405 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
406 parent->sk_data_ready(parent, 0);
407
408 } else {
409 sk->sk_state = BT_CONFIG;
410 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
411 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
412 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200413 } else {
414 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
415 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
416 }
417
418 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
419 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
420 }
421
422 bh_unlock_sock(sk);
423 }
424
425 read_unlock(&l->lock);
426}
427
428static void l2cap_conn_ready(struct l2cap_conn *conn)
429{
430 struct l2cap_chan_list *l = &conn->chan_list;
431 struct sock *sk;
432
433 BT_DBG("conn %p", conn);
434
435 read_lock(&l->lock);
436
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
438 bh_lock_sock(sk);
439
440 if (sk->sk_type != SOCK_SEQPACKET) {
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200441 l2cap_sock_clear_timer(sk);
442 sk->sk_state = BT_CONNECTED;
443 sk->sk_state_change(sk);
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200444 } else if (sk->sk_state == BT_CONNECT)
445 l2cap_do_start(sk);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200446
447 bh_unlock_sock(sk);
448 }
449
450 read_unlock(&l->lock);
451}
452
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200453/* Notify sockets that we cannot guaranty reliability anymore */
454static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
455{
456 struct l2cap_chan_list *l = &conn->chan_list;
457 struct sock *sk;
458
459 BT_DBG("conn %p", conn);
460
461 read_lock(&l->lock);
462
463 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100464 if (l2cap_pi(sk)->force_reliable)
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200465 sk->sk_err = err;
466 }
467
468 read_unlock(&l->lock);
469}
470
471static void l2cap_info_timeout(unsigned long arg)
472{
473 struct l2cap_conn *conn = (void *) arg;
474
Marcel Holtmann984947d2009-02-06 23:35:19 +0100475 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +0100476 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +0100477
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200478 l2cap_conn_start(conn);
479}
480
Linus Torvalds1da177e2005-04-16 15:20:36 -0700481static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
482{
Marcel Holtmann01394182006-07-03 10:02:46 +0200483 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700484
Marcel Holtmann01394182006-07-03 10:02:46 +0200485 if (conn || status)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700486 return conn;
487
Marcel Holtmann01394182006-07-03 10:02:46 +0200488 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
489 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700490 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700491
492 hcon->l2cap_data = conn;
493 conn->hcon = hcon;
494
Marcel Holtmann01394182006-07-03 10:02:46 +0200495 BT_DBG("hcon %p conn %p", hcon, conn);
496
Linus Torvalds1da177e2005-04-16 15:20:36 -0700497 conn->mtu = hcon->hdev->acl_mtu;
498 conn->src = &hcon->hdev->bdaddr;
499 conn->dst = &hcon->dst;
500
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200501 conn->feat_mask = 0;
502
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200503 setup_timer(&conn->info_timer, l2cap_info_timeout,
504 (unsigned long) conn);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200505
Linus Torvalds1da177e2005-04-16 15:20:36 -0700506 spin_lock_init(&conn->lock);
507 rwlock_init(&conn->chan_list.lock);
508
Marcel Holtmann2950f212009-02-12 14:02:50 +0100509 conn->disc_reason = 0x13;
510
Linus Torvalds1da177e2005-04-16 15:20:36 -0700511 return conn;
512}
513
Marcel Holtmann01394182006-07-03 10:02:46 +0200514static void l2cap_conn_del(struct hci_conn *hcon, int err)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700515{
Marcel Holtmann01394182006-07-03 10:02:46 +0200516 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700517 struct sock *sk;
518
Marcel Holtmann01394182006-07-03 10:02:46 +0200519 if (!conn)
520 return;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700521
522 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
523
Wei Yongjun7585b972009-02-25 18:29:52 +0800524 kfree_skb(conn->rx_skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700525
526 /* Kill channels */
527 while ((sk = conn->chan_list.head)) {
528 bh_lock_sock(sk);
529 l2cap_chan_del(sk, err);
530 bh_unlock_sock(sk);
531 l2cap_sock_kill(sk);
532 }
533
Dave Young8e8440f2008-03-03 12:18:55 -0800534 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
535 del_timer_sync(&conn->info_timer);
Thomas Gleixner3ab22732008-02-26 17:42:56 -0800536
Linus Torvalds1da177e2005-04-16 15:20:36 -0700537 hcon->l2cap_data = NULL;
538 kfree(conn);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700539}
540
541static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
542{
543 struct l2cap_chan_list *l = &conn->chan_list;
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200544 write_lock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700545 __l2cap_chan_add(conn, sk, parent);
Marcel Holtmannfd1278d2006-07-12 23:00:07 +0200546 write_unlock_bh(&l->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700547}
548
Linus Torvalds1da177e2005-04-16 15:20:36 -0700549/* ---- Socket interface ---- */
Al Viro8e036fc2007-07-29 00:16:36 -0700550static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700551{
552 struct sock *sk;
553 struct hlist_node *node;
554 sk_for_each(sk, node, &l2cap_sk_list.head)
555 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
556 goto found;
557 sk = NULL;
558found:
559 return sk;
560}
561
562/* Find socket with psm and source bdaddr.
563 * Returns closest match.
564 */
Al Viro8e036fc2007-07-29 00:16:36 -0700565static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700566{
567 struct sock *sk = NULL, *sk1 = NULL;
568 struct hlist_node *node;
569
570 sk_for_each(sk, node, &l2cap_sk_list.head) {
571 if (state && sk->sk_state != state)
572 continue;
573
574 if (l2cap_pi(sk)->psm == psm) {
575 /* Exact match. */
576 if (!bacmp(&bt_sk(sk)->src, src))
577 break;
578
579 /* Closest match */
580 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
581 sk1 = sk;
582 }
583 }
584 return node ? sk : sk1;
585}
586
587/* Find socket with given address (psm, src).
588 * Returns locked socket */
Al Viro8e036fc2007-07-29 00:16:36 -0700589static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700590{
591 struct sock *s;
592 read_lock(&l2cap_sk_list.lock);
593 s = __l2cap_get_sock_by_psm(state, psm, src);
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300594 if (s)
595 bh_lock_sock(s);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700596 read_unlock(&l2cap_sk_list.lock);
597 return s;
598}
599
600static void l2cap_sock_destruct(struct sock *sk)
601{
602 BT_DBG("sk %p", sk);
603
604 skb_queue_purge(&sk->sk_receive_queue);
605 skb_queue_purge(&sk->sk_write_queue);
606}
607
608static void l2cap_sock_cleanup_listen(struct sock *parent)
609{
610 struct sock *sk;
611
612 BT_DBG("parent %p", parent);
613
614 /* Close not yet accepted channels */
615 while ((sk = bt_accept_dequeue(parent, NULL)))
616 l2cap_sock_close(sk);
617
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200618 parent->sk_state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700619 sock_set_flag(parent, SOCK_ZAPPED);
620}
621
622/* Kill socket (only if zapped and orphan)
623 * Must be called on unlocked socket.
624 */
625static void l2cap_sock_kill(struct sock *sk)
626{
627 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
628 return;
629
630 BT_DBG("sk %p state %d", sk, sk->sk_state);
631
632 /* Kill poor orphan */
633 bt_sock_unlink(&l2cap_sk_list, sk);
634 sock_set_flag(sk, SOCK_DEAD);
635 sock_put(sk);
636}
637
638static void __l2cap_sock_close(struct sock *sk, int reason)
639{
640 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
641
642 switch (sk->sk_state) {
643 case BT_LISTEN:
644 l2cap_sock_cleanup_listen(sk);
645 break;
646
647 case BT_CONNECTED:
648 case BT_CONFIG:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700649 if (sk->sk_type == SOCK_SEQPACKET) {
650 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
651 struct l2cap_disconn_req req;
652
653 sk->sk_state = BT_DISCONN;
654 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
655
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -0700656 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
657 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700658 l2cap_send_cmd(conn, l2cap_get_ident(conn),
659 L2CAP_DISCONN_REQ, sizeof(req), &req);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200660 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700661 l2cap_chan_del(sk, reason);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700662 break;
663
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100664 case BT_CONNECT2:
665 if (sk->sk_type == SOCK_SEQPACKET) {
666 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
667 struct l2cap_conn_rsp rsp;
668 __u16 result;
669
670 if (bt_sk(sk)->defer_setup)
671 result = L2CAP_CR_SEC_BLOCK;
672 else
673 result = L2CAP_CR_BAD_PSM;
674
675 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
676 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
677 rsp.result = cpu_to_le16(result);
678 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
679 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
680 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
681 } else
682 l2cap_chan_del(sk, reason);
683 break;
684
Linus Torvalds1da177e2005-04-16 15:20:36 -0700685 case BT_CONNECT:
686 case BT_DISCONN:
687 l2cap_chan_del(sk, reason);
688 break;
689
690 default:
691 sock_set_flag(sk, SOCK_ZAPPED);
692 break;
693 }
694}
695
696/* Must be called on unlocked socket. */
697static void l2cap_sock_close(struct sock *sk)
698{
699 l2cap_sock_clear_timer(sk);
700 lock_sock(sk);
701 __l2cap_sock_close(sk, ECONNRESET);
702 release_sock(sk);
703 l2cap_sock_kill(sk);
704}
705
706static void l2cap_sock_init(struct sock *sk, struct sock *parent)
707{
708 struct l2cap_pinfo *pi = l2cap_pi(sk);
709
710 BT_DBG("sk %p", sk);
711
712 if (parent) {
713 sk->sk_type = parent->sk_type;
Marcel Holtmannf66dc812009-01-15 21:57:00 +0100714 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
715
Linus Torvalds1da177e2005-04-16 15:20:36 -0700716 pi->imtu = l2cap_pi(parent)->imtu;
717 pi->omtu = l2cap_pi(parent)->omtu;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100718 pi->sec_level = l2cap_pi(parent)->sec_level;
719 pi->role_switch = l2cap_pi(parent)->role_switch;
720 pi->force_reliable = l2cap_pi(parent)->force_reliable;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700721 } else {
722 pi->imtu = L2CAP_DEFAULT_MTU;
723 pi->omtu = 0;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100724 pi->sec_level = BT_SECURITY_LOW;
725 pi->role_switch = 0;
726 pi->force_reliable = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700727 }
728
729 /* Default config options */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +0200730 pi->conf_len = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700731 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
732}
733
734static struct proto l2cap_proto = {
735 .name = "L2CAP",
736 .owner = THIS_MODULE,
737 .obj_size = sizeof(struct l2cap_pinfo)
738};
739
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700740static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700741{
742 struct sock *sk;
743
Pavel Emelyanov6257ff22007-11-01 00:39:31 -0700744 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700745 if (!sk)
746 return NULL;
747
748 sock_init_data(sock, sk);
749 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
750
751 sk->sk_destruct = l2cap_sock_destruct;
Marcel Holtmann4e8402a2007-10-20 13:37:56 +0200752 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700753
754 sock_reset_flag(sk, SOCK_ZAPPED);
755
756 sk->sk_protocol = proto;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200757 sk->sk_state = BT_OPEN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700758
Marcel Holtmannb1235d7962008-07-14 20:13:54 +0200759 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700760
761 bt_sock_link(&l2cap_sk_list, sk);
762 return sk;
763}
764
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700765static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700766{
767 struct sock *sk;
768
769 BT_DBG("sock %p", sock);
770
771 sock->state = SS_UNCONNECTED;
772
773 if (sock->type != SOCK_SEQPACKET &&
774 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
775 return -ESOCKTNOSUPPORT;
776
777 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
778 return -EPERM;
779
780 sock->ops = &l2cap_sock_ops;
781
Eric W. Biederman1b8d7ae2007-10-08 23:24:22 -0700782 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700783 if (!sk)
784 return -ENOMEM;
785
786 l2cap_sock_init(sk, NULL);
787 return 0;
788}
789
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100790static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700791{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700792 struct sock *sk = sock->sk;
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100793 struct sockaddr_l2 la;
794 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700795
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100796 BT_DBG("sk %p", sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700797
798 if (!addr || addr->sa_family != AF_BLUETOOTH)
799 return -EINVAL;
800
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100801 memset(&la, 0, sizeof(la));
802 len = min_t(unsigned int, sizeof(la), alen);
803 memcpy(&la, addr, len);
804
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100805 if (la.l2_cid)
806 return -EINVAL;
807
Linus Torvalds1da177e2005-04-16 15:20:36 -0700808 lock_sock(sk);
809
810 if (sk->sk_state != BT_OPEN) {
811 err = -EBADFD;
812 goto done;
813 }
814
Marcel Holtmannb4324b52009-06-07 18:06:51 +0200815 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
Marcel Holtmann847641d2007-01-22 22:00:45 +0100816 !capable(CAP_NET_BIND_SERVICE)) {
817 err = -EACCES;
818 goto done;
819 }
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900820
Linus Torvalds1da177e2005-04-16 15:20:36 -0700821 write_lock_bh(&l2cap_sk_list.lock);
822
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100823 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700824 err = -EADDRINUSE;
825 } else {
826 /* Save source address */
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100827 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
828 l2cap_pi(sk)->psm = la.l2_psm;
829 l2cap_pi(sk)->sport = la.l2_psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700830 sk->sk_state = BT_BOUND;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100831
Marcel Holtmannb4324b52009-06-07 18:06:51 +0200832 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
833 __le16_to_cpu(la.l2_psm) == 0x0003)
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100834 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700835 }
836
837 write_unlock_bh(&l2cap_sk_list.lock);
838
839done:
840 release_sock(sk);
841 return err;
842}
843
844static int l2cap_do_connect(struct sock *sk)
845{
846 bdaddr_t *src = &bt_sk(sk)->src;
847 bdaddr_t *dst = &bt_sk(sk)->dst;
848 struct l2cap_conn *conn;
849 struct hci_conn *hcon;
850 struct hci_dev *hdev;
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200851 __u8 auth_type;
Marcel Holtmann44d0e482009-04-20 07:09:16 +0200852 int err;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700853
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100854 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
855 l2cap_pi(sk)->psm);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700856
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300857 hdev = hci_get_route(dst, src);
858 if (!hdev)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700859 return -EHOSTUNREACH;
860
861 hci_dev_lock_bh(hdev);
862
863 err = -ENOMEM;
864
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100865 if (sk->sk_type == SOCK_RAW) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100866 switch (l2cap_pi(sk)->sec_level) {
867 case BT_SECURITY_HIGH:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100868 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100869 break;
870 case BT_SECURITY_MEDIUM:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100871 auth_type = HCI_AT_DEDICATED_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100872 break;
873 default:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100874 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100875 break;
876 }
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100877 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100878 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200879 auth_type = HCI_AT_NO_BONDING_MITM;
880 else
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200881 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann435fef22009-02-09 03:55:28 +0100882
883 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
884 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100885 } else {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100886 switch (l2cap_pi(sk)->sec_level) {
887 case BT_SECURITY_HIGH:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100888 auth_type = HCI_AT_GENERAL_BONDING_MITM;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100889 break;
890 case BT_SECURITY_MEDIUM:
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200891 auth_type = HCI_AT_GENERAL_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100892 break;
893 default:
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100894 auth_type = HCI_AT_NO_BONDING;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100895 break;
896 }
Marcel Holtmann09ab6f42008-09-09 07:19:20 +0200897 }
898
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +0100899 hcon = hci_connect(hdev, ACL_LINK, dst,
900 l2cap_pi(sk)->sec_level, auth_type);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700901 if (!hcon)
902 goto done;
903
904 conn = l2cap_conn_add(hcon, 0);
905 if (!conn) {
906 hci_conn_put(hcon);
907 goto done;
908 }
909
910 err = 0;
911
912 /* Update source addr of the socket */
913 bacpy(src, conn->src);
914
915 l2cap_chan_add(conn, sk, NULL);
916
917 sk->sk_state = BT_CONNECT;
918 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
919
920 if (hcon->state == BT_CONNECTED) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200921 if (sk->sk_type != SOCK_SEQPACKET) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700922 l2cap_sock_clear_timer(sk);
923 sk->sk_state = BT_CONNECTED;
Marcel Holtmann79d554a2008-07-14 20:13:44 +0200924 } else
925 l2cap_do_start(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700926 }
927
928done:
929 hci_dev_unlock_bh(hdev);
930 hci_dev_put(hdev);
931 return err;
932}
933
934static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
935{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700936 struct sock *sk = sock->sk;
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100937 struct sockaddr_l2 la;
938 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700939
Linus Torvalds1da177e2005-04-16 15:20:36 -0700940 BT_DBG("sk %p", sk);
941
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100942 if (!addr || addr->sa_family != AF_BLUETOOTH)
943 return -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700944
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100945 memset(&la, 0, sizeof(la));
946 len = min_t(unsigned int, sizeof(la), alen);
947 memcpy(&la, addr, len);
948
Marcel Holtmann2a517ca2009-02-16 03:20:31 +0100949 if (la.l2_cid)
950 return -EINVAL;
951
952 lock_sock(sk);
953
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100954 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700955 err = -EINVAL;
956 goto done;
957 }
958
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300959 switch (sk->sk_state) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700960 case BT_CONNECT:
961 case BT_CONNECT2:
962 case BT_CONFIG:
963 /* Already connecting */
964 goto wait;
965
966 case BT_CONNECTED:
967 /* Already connected */
968 goto done;
969
970 case BT_OPEN:
971 case BT_BOUND:
972 /* Can connect */
973 break;
974
975 default:
976 err = -EBADFD;
977 goto done;
978 }
979
980 /* Set destination address and psm */
Marcel Holtmannf29972d2009-02-12 05:07:45 +0100981 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
982 l2cap_pi(sk)->psm = la.l2_psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700983
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -0300984 err = l2cap_do_connect(sk);
985 if (err)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700986 goto done;
987
988wait:
989 err = bt_sock_wait_state(sk, BT_CONNECTED,
990 sock_sndtimeo(sk, flags & O_NONBLOCK));
991done:
992 release_sock(sk);
993 return err;
994}
995
996static int l2cap_sock_listen(struct socket *sock, int backlog)
997{
998 struct sock *sk = sock->sk;
999 int err = 0;
1000
1001 BT_DBG("sk %p backlog %d", sk, backlog);
1002
1003 lock_sock(sk);
1004
1005 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1006 err = -EBADFD;
1007 goto done;
1008 }
1009
1010 if (!l2cap_pi(sk)->psm) {
1011 bdaddr_t *src = &bt_sk(sk)->src;
1012 u16 psm;
1013
1014 err = -EINVAL;
1015
1016 write_lock_bh(&l2cap_sk_list.lock);
1017
1018 for (psm = 0x1001; psm < 0x1100; psm += 2)
Marcel Holtmannb4324b52009-06-07 18:06:51 +02001019 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1020 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1021 l2cap_pi(sk)->sport = cpu_to_le16(psm);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001022 err = 0;
1023 break;
1024 }
1025
1026 write_unlock_bh(&l2cap_sk_list.lock);
1027
1028 if (err < 0)
1029 goto done;
1030 }
1031
1032 sk->sk_max_ack_backlog = backlog;
1033 sk->sk_ack_backlog = 0;
1034 sk->sk_state = BT_LISTEN;
1035
1036done:
1037 release_sock(sk);
1038 return err;
1039}
1040
1041static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1042{
1043 DECLARE_WAITQUEUE(wait, current);
1044 struct sock *sk = sock->sk, *nsk;
1045 long timeo;
1046 int err = 0;
1047
Peter Zijlstrafcc70d52006-11-08 22:44:35 -08001048 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001049
1050 if (sk->sk_state != BT_LISTEN) {
1051 err = -EBADFD;
1052 goto done;
1053 }
1054
1055 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1056
1057 BT_DBG("sk %p timeo %ld", sk, timeo);
1058
1059 /* Wait for an incoming connection. (wake-one). */
1060 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1061 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1062 set_current_state(TASK_INTERRUPTIBLE);
1063 if (!timeo) {
1064 err = -EAGAIN;
1065 break;
1066 }
1067
1068 release_sock(sk);
1069 timeo = schedule_timeout(timeo);
Peter Zijlstrafcc70d52006-11-08 22:44:35 -08001070 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001071
1072 if (sk->sk_state != BT_LISTEN) {
1073 err = -EBADFD;
1074 break;
1075 }
1076
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1079 break;
1080 }
1081 }
1082 set_current_state(TASK_RUNNING);
1083 remove_wait_queue(sk->sk_sleep, &wait);
1084
1085 if (err)
1086 goto done;
1087
1088 newsock->state = SS_CONNECTED;
1089
1090 BT_DBG("new socket %p", nsk);
1091
1092done:
1093 release_sock(sk);
1094 return err;
1095}
1096
1097static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1098{
1099 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1100 struct sock *sk = sock->sk;
1101
1102 BT_DBG("sock %p, sk %p", sock, sk);
1103
1104 addr->sa_family = AF_BLUETOOTH;
1105 *len = sizeof(struct sockaddr_l2);
1106
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001107 if (peer) {
1108 la->l2_psm = l2cap_pi(sk)->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001109 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
Marcel Holtmannb4324b52009-06-07 18:06:51 +02001110 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001111 } else {
1112 la->l2_psm = l2cap_pi(sk)->sport;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001113 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
Marcel Holtmannb4324b52009-06-07 18:06:51 +02001114 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001115 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001116
Linus Torvalds1da177e2005-04-16 15:20:36 -07001117 return 0;
1118}
1119
1120static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1121{
1122 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1123 struct sk_buff *skb, **frag;
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001124 int err, hlen, count, sent = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001125 struct l2cap_hdr *lh;
1126
1127 BT_DBG("sk %p len %d", sk, len);
1128
1129 /* First fragment (with L2CAP header) */
1130 if (sk->sk_type == SOCK_DGRAM)
1131 hlen = L2CAP_HDR_SIZE + 2;
1132 else
1133 hlen = L2CAP_HDR_SIZE;
1134
1135 count = min_t(unsigned int, (conn->mtu - hlen), len);
1136
1137 skb = bt_skb_send_alloc(sk, hlen + count,
1138 msg->msg_flags & MSG_DONTWAIT, &err);
1139 if (!skb)
1140 return err;
1141
1142 /* Create L2CAP header */
1143 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001144 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1145 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001146
1147 if (sk->sk_type == SOCK_DGRAM)
Al Viro8e036fc2007-07-29 00:16:36 -07001148 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001149
1150 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1151 err = -EFAULT;
1152 goto fail;
1153 }
1154
1155 sent += count;
1156 len -= count;
1157
1158 /* Continuation fragments (no L2CAP header) */
1159 frag = &skb_shinfo(skb)->frag_list;
1160 while (len) {
1161 count = min_t(unsigned int, conn->mtu, len);
1162
1163 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1164 if (!*frag)
1165 goto fail;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001166
Linus Torvalds1da177e2005-04-16 15:20:36 -07001167 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1168 err = -EFAULT;
1169 goto fail;
1170 }
1171
1172 sent += count;
1173 len -= count;
1174
1175 frag = &(*frag)->next;
1176 }
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001177 err = hci_send_acl(conn->hcon, skb, 0);
1178 if (err < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001179 goto fail;
1180
1181 return sent;
1182
1183fail:
1184 kfree_skb(skb);
1185 return err;
1186}
1187
1188static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1189{
1190 struct sock *sk = sock->sk;
1191 int err = 0;
1192
1193 BT_DBG("sock %p, sk %p", sock, sk);
1194
Benjamin LaHaisec1cbe4b2005-12-13 23:22:19 -08001195 err = sock_error(sk);
1196 if (err)
1197 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001198
1199 if (msg->msg_flags & MSG_OOB)
1200 return -EOPNOTSUPP;
1201
1202 /* Check outgoing MTU */
1203 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1204 return -EINVAL;
1205
1206 lock_sock(sk);
1207
1208 if (sk->sk_state == BT_CONNECTED)
1209 err = l2cap_do_send(sk, msg, len);
1210 else
1211 err = -ENOTCONN;
1212
1213 release_sock(sk);
1214 return err;
1215}
1216
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001217static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1218{
1219 struct sock *sk = sock->sk;
1220
1221 lock_sock(sk);
1222
1223 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1224 struct l2cap_conn_rsp rsp;
1225
1226 sk->sk_state = BT_CONFIG;
1227
1228 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1229 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1230 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1231 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1232 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1233 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1234
1235 release_sock(sk);
1236 return 0;
1237 }
1238
1239 release_sock(sk);
1240
1241 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1242}
1243
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001244static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001245{
1246 struct sock *sk = sock->sk;
1247 struct l2cap_options opts;
Marcel Holtmannf29972d2009-02-12 05:07:45 +01001248 int len, err = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001249 u32 opt;
1250
1251 BT_DBG("sk %p", sk);
1252
1253 lock_sock(sk);
1254
1255 switch (optname) {
1256 case L2CAP_OPTIONS:
Marcel Holtmann0878b662007-05-05 00:35:59 +02001257 opts.imtu = l2cap_pi(sk)->imtu;
1258 opts.omtu = l2cap_pi(sk)->omtu;
1259 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001260 opts.mode = L2CAP_MODE_BASIC;
Marcel Holtmann0878b662007-05-05 00:35:59 +02001261
Linus Torvalds1da177e2005-04-16 15:20:36 -07001262 len = min_t(unsigned int, sizeof(opts), optlen);
1263 if (copy_from_user((char *) &opts, optval, len)) {
1264 err = -EFAULT;
1265 break;
1266 }
Marcel Holtmann0878b662007-05-05 00:35:59 +02001267
Linus Torvalds1da177e2005-04-16 15:20:36 -07001268 l2cap_pi(sk)->imtu = opts.imtu;
1269 l2cap_pi(sk)->omtu = opts.omtu;
1270 break;
1271
1272 case L2CAP_LM:
1273 if (get_user(opt, (u32 __user *) optval)) {
1274 err = -EFAULT;
1275 break;
1276 }
1277
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001278 if (opt & L2CAP_LM_AUTH)
1279 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1280 if (opt & L2CAP_LM_ENCRYPT)
1281 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1282 if (opt & L2CAP_LM_SECURE)
1283 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1284
1285 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1286 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001287 break;
1288
1289 default:
1290 err = -ENOPROTOOPT;
1291 break;
1292 }
1293
1294 release_sock(sk);
1295 return err;
1296}
1297
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001298static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1299{
1300 struct sock *sk = sock->sk;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001301 struct bt_security sec;
1302 int len, err = 0;
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001303 u32 opt;
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001304
1305 BT_DBG("sk %p", sk);
1306
1307 if (level == SOL_L2CAP)
1308 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1309
Marcel Holtmann0588d942009-01-16 10:06:13 +01001310 if (level != SOL_BLUETOOTH)
1311 return -ENOPROTOOPT;
1312
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001313 lock_sock(sk);
1314
1315 switch (optname) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001316 case BT_SECURITY:
Marcel Holtmann2526d3d2009-02-20 20:54:06 +01001317 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
Marcel Holtmann0588d942009-01-16 10:06:13 +01001318 err = -EINVAL;
1319 break;
1320 }
1321
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001322 sec.level = BT_SECURITY_LOW;
1323
1324 len = min_t(unsigned int, sizeof(sec), optlen);
1325 if (copy_from_user((char *) &sec, optval, len)) {
1326 err = -EFAULT;
1327 break;
1328 }
1329
1330 if (sec.level < BT_SECURITY_LOW ||
1331 sec.level > BT_SECURITY_HIGH) {
1332 err = -EINVAL;
1333 break;
1334 }
1335
1336 l2cap_pi(sk)->sec_level = sec.level;
1337 break;
1338
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001339 case BT_DEFER_SETUP:
1340 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1341 err = -EINVAL;
1342 break;
1343 }
1344
1345 if (get_user(opt, (u32 __user *) optval)) {
1346 err = -EFAULT;
1347 break;
1348 }
1349
1350 bt_sk(sk)->defer_setup = opt;
1351 break;
1352
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001353 default:
1354 err = -ENOPROTOOPT;
1355 break;
1356 }
1357
1358 release_sock(sk);
1359 return err;
1360}
1361
1362static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001363{
1364 struct sock *sk = sock->sk;
1365 struct l2cap_options opts;
1366 struct l2cap_conninfo cinfo;
1367 int len, err = 0;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001368 u32 opt;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001369
1370 BT_DBG("sk %p", sk);
1371
1372 if (get_user(len, optlen))
1373 return -EFAULT;
1374
1375 lock_sock(sk);
1376
1377 switch (optname) {
1378 case L2CAP_OPTIONS:
1379 opts.imtu = l2cap_pi(sk)->imtu;
1380 opts.omtu = l2cap_pi(sk)->omtu;
1381 opts.flush_to = l2cap_pi(sk)->flush_to;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001382 opts.mode = L2CAP_MODE_BASIC;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001383
1384 len = min_t(unsigned int, len, sizeof(opts));
1385 if (copy_to_user(optval, (char *) &opts, len))
1386 err = -EFAULT;
1387
1388 break;
1389
1390 case L2CAP_LM:
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001391 switch (l2cap_pi(sk)->sec_level) {
1392 case BT_SECURITY_LOW:
1393 opt = L2CAP_LM_AUTH;
1394 break;
1395 case BT_SECURITY_MEDIUM:
1396 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1397 break;
1398 case BT_SECURITY_HIGH:
1399 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1400 L2CAP_LM_SECURE;
1401 break;
1402 default:
1403 opt = 0;
1404 break;
1405 }
1406
1407 if (l2cap_pi(sk)->role_switch)
1408 opt |= L2CAP_LM_MASTER;
1409
1410 if (l2cap_pi(sk)->force_reliable)
1411 opt |= L2CAP_LM_RELIABLE;
1412
1413 if (put_user(opt, (u32 __user *) optval))
Linus Torvalds1da177e2005-04-16 15:20:36 -07001414 err = -EFAULT;
1415 break;
1416
1417 case L2CAP_CONNINFO:
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001418 if (sk->sk_state != BT_CONNECTED &&
1419 !(sk->sk_state == BT_CONNECT2 &&
1420 bt_sk(sk)->defer_setup)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001421 err = -ENOTCONN;
1422 break;
1423 }
1424
1425 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1426 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1427
1428 len = min_t(unsigned int, len, sizeof(cinfo));
1429 if (copy_to_user(optval, (char *) &cinfo, len))
1430 err = -EFAULT;
1431
1432 break;
1433
1434 default:
1435 err = -ENOPROTOOPT;
1436 break;
1437 }
1438
1439 release_sock(sk);
1440 return err;
1441}
1442
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001443static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1444{
1445 struct sock *sk = sock->sk;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001446 struct bt_security sec;
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001447 int len, err = 0;
1448
1449 BT_DBG("sk %p", sk);
1450
1451 if (level == SOL_L2CAP)
1452 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1453
Marcel Holtmann0588d942009-01-16 10:06:13 +01001454 if (level != SOL_BLUETOOTH)
1455 return -ENOPROTOOPT;
1456
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001457 if (get_user(len, optlen))
1458 return -EFAULT;
1459
1460 lock_sock(sk);
1461
1462 switch (optname) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001463 case BT_SECURITY:
Marcel Holtmann2526d3d2009-02-20 20:54:06 +01001464 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
Marcel Holtmann0588d942009-01-16 10:06:13 +01001465 err = -EINVAL;
1466 break;
1467 }
1468
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001469 sec.level = l2cap_pi(sk)->sec_level;
1470
1471 len = min_t(unsigned int, len, sizeof(sec));
1472 if (copy_to_user(optval, (char *) &sec, len))
1473 err = -EFAULT;
1474
1475 break;
1476
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001477 case BT_DEFER_SETUP:
1478 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1479 err = -EINVAL;
1480 break;
1481 }
1482
1483 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1484 err = -EFAULT;
1485
1486 break;
1487
Marcel Holtmannd58daf42009-01-15 21:52:14 +01001488 default:
1489 err = -ENOPROTOOPT;
1490 break;
1491 }
1492
1493 release_sock(sk);
1494 return err;
1495}
1496
Linus Torvalds1da177e2005-04-16 15:20:36 -07001497static int l2cap_sock_shutdown(struct socket *sock, int how)
1498{
1499 struct sock *sk = sock->sk;
1500 int err = 0;
1501
1502 BT_DBG("sock %p, sk %p", sock, sk);
1503
1504 if (!sk)
1505 return 0;
1506
1507 lock_sock(sk);
1508 if (!sk->sk_shutdown) {
1509 sk->sk_shutdown = SHUTDOWN_MASK;
1510 l2cap_sock_clear_timer(sk);
1511 __l2cap_sock_close(sk, 0);
1512
1513 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02001514 err = bt_sock_wait_state(sk, BT_CLOSED,
1515 sk->sk_lingertime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001516 }
1517 release_sock(sk);
1518 return err;
1519}
1520
1521static int l2cap_sock_release(struct socket *sock)
1522{
1523 struct sock *sk = sock->sk;
1524 int err;
1525
1526 BT_DBG("sock %p, sk %p", sock, sk);
1527
1528 if (!sk)
1529 return 0;
1530
1531 err = l2cap_sock_shutdown(sock, 2);
1532
1533 sock_orphan(sk);
1534 l2cap_sock_kill(sk);
1535 return err;
1536}
1537
Linus Torvalds1da177e2005-04-16 15:20:36 -07001538static void l2cap_chan_ready(struct sock *sk)
1539{
1540 struct sock *parent = bt_sk(sk)->parent;
1541
1542 BT_DBG("sk %p, parent %p", sk, parent);
1543
1544 l2cap_pi(sk)->conf_state = 0;
1545 l2cap_sock_clear_timer(sk);
1546
1547 if (!parent) {
1548 /* Outgoing channel.
1549 * Wake up socket sleeping on connect.
1550 */
1551 sk->sk_state = BT_CONNECTED;
1552 sk->sk_state_change(sk);
1553 } else {
1554 /* Incoming channel.
1555 * Wake up socket sleeping on accept.
1556 */
1557 parent->sk_data_ready(parent, 0);
1558 }
1559}
1560
1561/* Copy frame to all raw sockets on that connection */
1562static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1563{
1564 struct l2cap_chan_list *l = &conn->chan_list;
1565 struct sk_buff *nskb;
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001566 struct sock *sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001567
1568 BT_DBG("conn %p", conn);
1569
1570 read_lock(&l->lock);
1571 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1572 if (sk->sk_type != SOCK_RAW)
1573 continue;
1574
1575 /* Don't send frame to the socket it came from */
1576 if (skb->sk == sk)
1577 continue;
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001578 nskb = skb_clone(skb, GFP_ATOMIC);
1579 if (!nskb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001580 continue;
1581
1582 if (sock_queue_rcv_skb(sk, nskb))
1583 kfree_skb(nskb);
1584 }
1585 read_unlock(&l->lock);
1586}
1587
1588/* ---- L2CAP signalling commands ---- */
1589static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1590 u8 code, u8 ident, u16 dlen, void *data)
1591{
1592 struct sk_buff *skb, **frag;
1593 struct l2cap_cmd_hdr *cmd;
1594 struct l2cap_hdr *lh;
1595 int len, count;
1596
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001597 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1598 conn, code, ident, dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001599
1600 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1601 count = min_t(unsigned int, conn->mtu, len);
1602
1603 skb = bt_skb_alloc(count, GFP_ATOMIC);
1604 if (!skb)
1605 return NULL;
1606
1607 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001608 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03001609 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001610
1611 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1612 cmd->code = code;
1613 cmd->ident = ident;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001614 cmd->len = cpu_to_le16(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001615
1616 if (dlen) {
1617 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1618 memcpy(skb_put(skb, count), data, count);
1619 data += count;
1620 }
1621
1622 len -= skb->len;
1623
1624 /* Continuation fragments (no L2CAP header) */
1625 frag = &skb_shinfo(skb)->frag_list;
1626 while (len) {
1627 count = min_t(unsigned int, conn->mtu, len);
1628
1629 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1630 if (!*frag)
1631 goto fail;
1632
1633 memcpy(skb_put(*frag, count), data, count);
1634
1635 len -= count;
1636 data += count;
1637
1638 frag = &(*frag)->next;
1639 }
1640
1641 return skb;
1642
1643fail:
1644 kfree_skb(skb);
1645 return NULL;
1646}
1647
1648static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1649{
1650 struct l2cap_conf_opt *opt = *ptr;
1651 int len;
1652
1653 len = L2CAP_CONF_OPT_SIZE + opt->len;
1654 *ptr += len;
1655
1656 *type = opt->type;
1657 *olen = opt->len;
1658
1659 switch (opt->len) {
1660 case 1:
1661 *val = *((u8 *) opt->val);
1662 break;
1663
1664 case 2:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001665 *val = __le16_to_cpu(*((__le16 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001666 break;
1667
1668 case 4:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001669 *val = __le32_to_cpu(*((__le32 *) opt->val));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001670 break;
1671
1672 default:
1673 *val = (unsigned long) opt->val;
1674 break;
1675 }
1676
1677 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1678 return len;
1679}
1680
Linus Torvalds1da177e2005-04-16 15:20:36 -07001681static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1682{
1683 struct l2cap_conf_opt *opt = *ptr;
1684
1685 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1686
1687 opt->type = type;
1688 opt->len = len;
1689
1690 switch (len) {
1691 case 1:
1692 *((u8 *) opt->val) = val;
1693 break;
1694
1695 case 2:
Al Viro8e036fc2007-07-29 00:16:36 -07001696 *((__le16 *) opt->val) = cpu_to_le16(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001697 break;
1698
1699 case 4:
Al Viro8e036fc2007-07-29 00:16:36 -07001700 *((__le32 *) opt->val) = cpu_to_le32(val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001701 break;
1702
1703 default:
1704 memcpy(opt->val, (void *) val, len);
1705 break;
1706 }
1707
1708 *ptr += L2CAP_CONF_OPT_SIZE + len;
1709}
1710
1711static int l2cap_build_conf_req(struct sock *sk, void *data)
1712{
1713 struct l2cap_pinfo *pi = l2cap_pi(sk);
1714 struct l2cap_conf_req *req = data;
1715 void *ptr = req->data;
1716
1717 BT_DBG("sk %p", sk);
1718
1719 if (pi->imtu != L2CAP_DEFAULT_MTU)
1720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1721
1722 /* FIXME: Need actual value of the flush timeout */
1723 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1724 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1725
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001726 req->dcid = cpu_to_le16(pi->dcid);
1727 req->flags = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001728
1729 return ptr - data;
1730}
1731
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001732static int l2cap_parse_conf_req(struct sock *sk, void *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001733{
1734 struct l2cap_pinfo *pi = l2cap_pi(sk);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001735 struct l2cap_conf_rsp *rsp = data;
1736 void *ptr = rsp->data;
1737 void *req = pi->conf_req;
1738 int len = pi->conf_len;
1739 int type, hint, olen;
1740 unsigned long val;
Marcel Holtmann6464f352007-10-20 13:39:51 +02001741 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
Marcel Holtmann861d6882007-10-20 13:37:06 +02001742 u16 mtu = L2CAP_DEFAULT_MTU;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001743 u16 result = L2CAP_CONF_SUCCESS;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001744
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001745 BT_DBG("sk %p", sk);
Marcel Holtmann820ae1b2006-11-18 22:15:00 +01001746
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001747 while (len >= L2CAP_CONF_OPT_SIZE) {
1748 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001749
Gustavo F. Padovan589d2742009-04-20 01:31:07 -03001750 hint = type & L2CAP_CONF_HINT;
Marcel Holtmann47ec1dcd2009-05-02 18:57:55 -07001751 type &= L2CAP_CONF_MASK;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001752
1753 switch (type) {
1754 case L2CAP_CONF_MTU:
Marcel Holtmann861d6882007-10-20 13:37:06 +02001755 mtu = val;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001756 break;
1757
1758 case L2CAP_CONF_FLUSH_TO:
1759 pi->flush_to = val;
1760 break;
1761
1762 case L2CAP_CONF_QOS:
1763 break;
1764
Marcel Holtmann6464f352007-10-20 13:39:51 +02001765 case L2CAP_CONF_RFC:
1766 if (olen == sizeof(rfc))
1767 memcpy(&rfc, (void *) val, olen);
1768 break;
1769
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001770 default:
1771 if (hint)
1772 break;
1773
1774 result = L2CAP_CONF_UNKNOWN;
1775 *((u8 *) ptr++) = type;
1776 break;
1777 }
1778 }
1779
1780 if (result == L2CAP_CONF_SUCCESS) {
1781 /* Configure output options and let the other side know
1782 * which ones we don't like. */
1783
Marcel Holtmann6464f352007-10-20 13:39:51 +02001784 if (rfc.mode == L2CAP_MODE_BASIC) {
1785 if (mtu < pi->omtu)
1786 result = L2CAP_CONF_UNACCEPT;
1787 else {
1788 pi->omtu = mtu;
1789 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1790 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001791
Marcel Holtmann6464f352007-10-20 13:39:51 +02001792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1793 } else {
1794 result = L2CAP_CONF_UNACCEPT;
1795
1796 memset(&rfc, 0, sizeof(rfc));
1797 rfc.mode = L2CAP_MODE_BASIC;
1798
1799 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1800 sizeof(rfc), (unsigned long) &rfc);
1801 }
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001802 }
1803
1804 rsp->scid = cpu_to_le16(pi->dcid);
1805 rsp->result = cpu_to_le16(result);
1806 rsp->flags = cpu_to_le16(0x0000);
1807
1808 return ptr - data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001809}
1810
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001811static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001812{
1813 struct l2cap_conf_rsp *rsp = data;
1814 void *ptr = rsp->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001815
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001816 BT_DBG("sk %p", sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001817
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001818 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02001819 rsp->result = cpu_to_le16(result);
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001820 rsp->flags = cpu_to_le16(flags);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001821
1822 return ptr - data;
1823}
1824
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001825static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1826{
1827 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1828
1829 if (rej->reason != 0x0000)
1830 return 0;
1831
1832 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1833 cmd->ident == conn->info_ident) {
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001834 del_timer(&conn->info_timer);
Marcel Holtmann984947d2009-02-06 23:35:19 +01001835
1836 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01001837 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01001838
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02001839 l2cap_conn_start(conn);
1840 }
1841
1842 return 0;
1843}
1844
Linus Torvalds1da177e2005-04-16 15:20:36 -07001845static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1846{
1847 struct l2cap_chan_list *list = &conn->chan_list;
1848 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1849 struct l2cap_conn_rsp rsp;
1850 struct sock *sk, *parent;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001851 int result, status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001852
1853 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001854 __le16 psm = req->psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001855
1856 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1857
1858 /* Check if we have socket listening on psm */
1859 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1860 if (!parent) {
1861 result = L2CAP_CR_BAD_PSM;
1862 goto sendresp;
1863 }
1864
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001865 /* Check if the ACL is secure enough (if not SDP) */
1866 if (psm != cpu_to_le16(0x0001) &&
1867 !hci_conn_check_link_mode(conn->hcon)) {
Marcel Holtmann2950f212009-02-12 14:02:50 +01001868 conn->disc_reason = 0x05;
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02001869 result = L2CAP_CR_SEC_BLOCK;
1870 goto response;
1871 }
1872
Linus Torvalds1da177e2005-04-16 15:20:36 -07001873 result = L2CAP_CR_NO_MEM;
1874
1875 /* Check for backlog size */
1876 if (sk_acceptq_is_full(parent)) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001877 BT_DBG("backlog full %d", parent->sk_ack_backlog);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001878 goto response;
1879 }
1880
YOSHIFUJI Hideaki3b1e0a62008-03-26 02:26:21 +09001881 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001882 if (!sk)
1883 goto response;
1884
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001885 write_lock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001886
1887 /* Check if we already have channel with that dcid */
1888 if (__l2cap_get_chan_by_dcid(list, scid)) {
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001889 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001890 sock_set_flag(sk, SOCK_ZAPPED);
1891 l2cap_sock_kill(sk);
1892 goto response;
1893 }
1894
1895 hci_conn_hold(conn->hcon);
1896
1897 l2cap_sock_init(sk, parent);
1898 bacpy(&bt_sk(sk)->src, conn->src);
1899 bacpy(&bt_sk(sk)->dst, conn->dst);
1900 l2cap_pi(sk)->psm = psm;
1901 l2cap_pi(sk)->dcid = scid;
1902
1903 __l2cap_chan_add(conn, sk, parent);
1904 dcid = l2cap_pi(sk)->scid;
1905
1906 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1907
Linus Torvalds1da177e2005-04-16 15:20:36 -07001908 l2cap_pi(sk)->ident = cmd->ident;
1909
Marcel Holtmann984947d2009-02-06 23:35:19 +01001910 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01001911 if (l2cap_check_security(sk)) {
Marcel Holtmannf66dc812009-01-15 21:57:00 +01001912 if (bt_sk(sk)->defer_setup) {
1913 sk->sk_state = BT_CONNECT2;
1914 result = L2CAP_CR_PEND;
1915 status = L2CAP_CS_AUTHOR_PEND;
1916 parent->sk_data_ready(parent, 0);
1917 } else {
1918 sk->sk_state = BT_CONFIG;
1919 result = L2CAP_CR_SUCCESS;
1920 status = L2CAP_CS_NO_INFO;
1921 }
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001922 } else {
1923 sk->sk_state = BT_CONNECT2;
1924 result = L2CAP_CR_PEND;
1925 status = L2CAP_CS_AUTHEN_PEND;
1926 }
1927 } else {
1928 sk->sk_state = BT_CONNECT2;
1929 result = L2CAP_CR_PEND;
1930 status = L2CAP_CS_NO_INFO;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001931 }
1932
Marcel Holtmannfd1278d2006-07-12 23:00:07 +02001933 write_unlock_bh(&list->lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001934
1935response:
1936 bh_unlock_sock(parent);
1937
1938sendresp:
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07001939 rsp.scid = cpu_to_le16(scid);
1940 rsp.dcid = cpu_to_le16(dcid);
1941 rsp.result = cpu_to_le16(result);
1942 rsp.status = cpu_to_le16(status);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001943 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Marcel Holtmann79d554a2008-07-14 20:13:44 +02001944
1945 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1946 struct l2cap_info_req info;
1947 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1948
1949 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1950 conn->info_ident = l2cap_get_ident(conn);
1951
1952 mod_timer(&conn->info_timer, jiffies +
1953 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1954
1955 l2cap_send_cmd(conn, conn->info_ident,
1956 L2CAP_INFO_REQ, sizeof(info), &info);
1957 }
1958
Linus Torvalds1da177e2005-04-16 15:20:36 -07001959 return 0;
1960}
1961
1962static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1963{
1964 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1965 u16 scid, dcid, result, status;
1966 struct sock *sk;
1967 u8 req[128];
1968
1969 scid = __le16_to_cpu(rsp->scid);
1970 dcid = __le16_to_cpu(rsp->dcid);
1971 result = __le16_to_cpu(rsp->result);
1972 status = __le16_to_cpu(rsp->status);
1973
1974 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1975
1976 if (scid) {
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001977 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
1978 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001979 return 0;
1980 } else {
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03001981 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
1982 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001983 return 0;
1984 }
1985
1986 switch (result) {
1987 case L2CAP_CR_SUCCESS:
1988 sk->sk_state = BT_CONFIG;
1989 l2cap_pi(sk)->ident = 0;
1990 l2cap_pi(sk)->dcid = dcid;
1991 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1992
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01001993 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1994
Linus Torvalds1da177e2005-04-16 15:20:36 -07001995 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1996 l2cap_build_conf_req(sk, req), req);
1997 break;
1998
1999 case L2CAP_CR_PEND:
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01002000 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002001 break;
2002
2003 default:
2004 l2cap_chan_del(sk, ECONNREFUSED);
2005 break;
2006 }
2007
2008 bh_unlock_sock(sk);
2009 return 0;
2010}
2011
Al Viro88219a02007-07-29 00:17:25 -07002012static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002013{
2014 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2015 u16 dcid, flags;
2016 u8 rsp[64];
2017 struct sock *sk;
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002018 int len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002019
2020 dcid = __le16_to_cpu(req->dcid);
2021 flags = __le16_to_cpu(req->flags);
2022
2023 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2024
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002025 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2026 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002027 return -ENOENT;
2028
Marcel Holtmann354f60a2006-11-18 22:15:20 +01002029 if (sk->sk_state == BT_DISCONN)
2030 goto unlock;
2031
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002032 /* Reject if config buffer is too small. */
Al Viro88219a02007-07-29 00:17:25 -07002033 len = cmd_len - sizeof(*req);
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002034 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2035 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2036 l2cap_build_conf_rsp(sk, rsp,
2037 L2CAP_CONF_REJECT, flags), rsp);
2038 goto unlock;
2039 }
2040
2041 /* Store config. */
2042 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2043 l2cap_pi(sk)->conf_len += len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002044
2045 if (flags & 0x0001) {
2046 /* Incomplete config. Send empty response. */
2047 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002048 l2cap_build_conf_rsp(sk, rsp,
2049 L2CAP_CONF_SUCCESS, 0x0001), rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002050 goto unlock;
2051 }
2052
2053 /* Complete config. */
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002054 len = l2cap_parse_conf_req(sk, rsp);
2055 if (len < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002056 goto unlock;
2057
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002058 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2059
Marcel Holtmann5dee9e72007-05-24 14:27:19 +02002060 /* Reset config buffer. */
2061 l2cap_pi(sk)->conf_len = 0;
2062
Marcel Holtmann876d9482007-10-20 13:35:42 +02002063 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2064 goto unlock;
2065
Linus Torvalds1da177e2005-04-16 15:20:36 -07002066 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2067 sk->sk_state = BT_CONNECTED;
2068 l2cap_chan_ready(sk);
Marcel Holtmann876d9482007-10-20 13:35:42 +02002069 goto unlock;
2070 }
2071
2072 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
Marcel Holtmann79d554a2008-07-14 20:13:44 +02002073 u8 buf[64];
Linus Torvalds1da177e2005-04-16 15:20:36 -07002074 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
Marcel Holtmann79d554a2008-07-14 20:13:44 +02002075 l2cap_build_conf_req(sk, buf), buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002076 }
2077
2078unlock:
2079 bh_unlock_sock(sk);
2080 return 0;
2081}
2082
2083static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2084{
2085 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2086 u16 scid, flags, result;
2087 struct sock *sk;
2088
2089 scid = __le16_to_cpu(rsp->scid);
2090 flags = __le16_to_cpu(rsp->flags);
2091 result = __le16_to_cpu(rsp->result);
2092
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002093 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2094 scid, flags, result);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002095
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002096 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2097 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002098 return 0;
2099
2100 switch (result) {
2101 case L2CAP_CONF_SUCCESS:
2102 break;
2103
2104 case L2CAP_CONF_UNACCEPT:
2105 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2106 char req[128];
2107 /* It does not make sense to adjust L2CAP parameters
2108 * that are currently defined in the spec. We simply
2109 * resend config request that we sent earlier. It is
2110 * stupid, but it helps qualification testing which
2111 * expects at least some response from us. */
2112 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2113 l2cap_build_conf_req(sk, req), req);
2114 goto done;
2115 }
2116
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09002117 default:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002118 sk->sk_state = BT_DISCONN;
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002119 sk->sk_err = ECONNRESET;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002120 l2cap_sock_set_timer(sk, HZ * 5);
2121 {
2122 struct l2cap_disconn_req req;
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002123 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2124 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002125 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2126 L2CAP_DISCONN_REQ, sizeof(req), &req);
2127 }
2128 goto done;
2129 }
2130
2131 if (flags & 0x01)
2132 goto done;
2133
Linus Torvalds1da177e2005-04-16 15:20:36 -07002134 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2135
2136 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2137 sk->sk_state = BT_CONNECTED;
2138 l2cap_chan_ready(sk);
2139 }
2140
2141done:
2142 bh_unlock_sock(sk);
2143 return 0;
2144}
2145
2146static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2147{
2148 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2149 struct l2cap_disconn_rsp rsp;
2150 u16 dcid, scid;
2151 struct sock *sk;
2152
2153 scid = __le16_to_cpu(req->scid);
2154 dcid = __le16_to_cpu(req->dcid);
2155
2156 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2157
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002158 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2159 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002160 return 0;
2161
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002162 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2163 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002164 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2165
2166 sk->sk_shutdown = SHUTDOWN_MASK;
2167
2168 l2cap_chan_del(sk, ECONNRESET);
2169 bh_unlock_sock(sk);
2170
2171 l2cap_sock_kill(sk);
2172 return 0;
2173}
2174
2175static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2176{
2177 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2178 u16 dcid, scid;
2179 struct sock *sk;
2180
2181 scid = __le16_to_cpu(rsp->scid);
2182 dcid = __le16_to_cpu(rsp->dcid);
2183
2184 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2185
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002186 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2187 if (!sk)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002188 return 0;
2189
2190 l2cap_chan_del(sk, 0);
2191 bh_unlock_sock(sk);
2192
2193 l2cap_sock_kill(sk);
2194 return 0;
2195}
2196
2197static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2198{
2199 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002200 u16 type;
2201
2202 type = __le16_to_cpu(req->type);
2203
2204 BT_DBG("type 0x%4.4x", type);
2205
Marcel Holtmannf0709e02007-10-20 13:38:51 +02002206 if (type == L2CAP_IT_FEAT_MASK) {
2207 u8 buf[8];
2208 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2209 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2210 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2211 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2212 l2cap_send_cmd(conn, cmd->ident,
2213 L2CAP_INFO_RSP, sizeof(buf), buf);
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002214 } else if (type == L2CAP_IT_FIXED_CHAN) {
2215 u8 buf[12];
2216 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2217 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2218 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2219 memcpy(buf + 4, l2cap_fixed_chan, 8);
2220 l2cap_send_cmd(conn, cmd->ident,
2221 L2CAP_INFO_RSP, sizeof(buf), buf);
Marcel Holtmannf0709e02007-10-20 13:38:51 +02002222 } else {
2223 struct l2cap_info_rsp rsp;
2224 rsp.type = cpu_to_le16(type);
2225 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2226 l2cap_send_cmd(conn, cmd->ident,
2227 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2228 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002229
2230 return 0;
2231}
2232
2233static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2234{
2235 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2236 u16 type, result;
2237
2238 type = __le16_to_cpu(rsp->type);
2239 result = __le16_to_cpu(rsp->result);
2240
2241 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2242
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002243 del_timer(&conn->info_timer);
2244
Marcel Holtmann984947d2009-02-06 23:35:19 +01002245 if (type == L2CAP_IT_FEAT_MASK) {
Harvey Harrison83985312008-05-02 16:25:46 -07002246 conn->feat_mask = get_unaligned_le32(rsp->data);
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002247
Marcel Holtmann47ec1dcd2009-05-02 18:57:55 -07002248 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002249 struct l2cap_info_req req;
2250 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2251
2252 conn->info_ident = l2cap_get_ident(conn);
2253
2254 l2cap_send_cmd(conn, conn->info_ident,
2255 L2CAP_INFO_REQ, sizeof(req), &req);
2256 } else {
2257 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2258 conn->info_ident = 0;
2259
2260 l2cap_conn_start(conn);
2261 }
2262 } else if (type == L2CAP_IT_FIXED_CHAN) {
Marcel Holtmann984947d2009-02-06 23:35:19 +01002263 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002264 conn->info_ident = 0;
Marcel Holtmann984947d2009-02-06 23:35:19 +01002265
2266 l2cap_conn_start(conn);
2267 }
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002268
Linus Torvalds1da177e2005-04-16 15:20:36 -07002269 return 0;
2270}
2271
2272static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2273{
2274 u8 *data = skb->data;
2275 int len = skb->len;
2276 struct l2cap_cmd_hdr cmd;
2277 int err = 0;
2278
2279 l2cap_raw_recv(conn, skb);
2280
2281 while (len >= L2CAP_CMD_HDR_SIZE) {
Al Viro88219a02007-07-29 00:17:25 -07002282 u16 cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002283 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2284 data += L2CAP_CMD_HDR_SIZE;
2285 len -= L2CAP_CMD_HDR_SIZE;
2286
Al Viro88219a02007-07-29 00:17:25 -07002287 cmd_len = le16_to_cpu(cmd.len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002288
Al Viro88219a02007-07-29 00:17:25 -07002289 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002290
Al Viro88219a02007-07-29 00:17:25 -07002291 if (cmd_len > len || !cmd.ident) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002292 BT_DBG("corrupted command");
2293 break;
2294 }
2295
2296 switch (cmd.code) {
2297 case L2CAP_COMMAND_REJ:
Marcel Holtmann4e8402a2007-10-20 13:37:56 +02002298 l2cap_command_rej(conn, &cmd, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002299 break;
2300
2301 case L2CAP_CONN_REQ:
2302 err = l2cap_connect_req(conn, &cmd, data);
2303 break;
2304
2305 case L2CAP_CONN_RSP:
2306 err = l2cap_connect_rsp(conn, &cmd, data);
2307 break;
2308
2309 case L2CAP_CONF_REQ:
Al Viro88219a02007-07-29 00:17:25 -07002310 err = l2cap_config_req(conn, &cmd, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002311 break;
2312
2313 case L2CAP_CONF_RSP:
2314 err = l2cap_config_rsp(conn, &cmd, data);
2315 break;
2316
2317 case L2CAP_DISCONN_REQ:
2318 err = l2cap_disconnect_req(conn, &cmd, data);
2319 break;
2320
2321 case L2CAP_DISCONN_RSP:
2322 err = l2cap_disconnect_rsp(conn, &cmd, data);
2323 break;
2324
2325 case L2CAP_ECHO_REQ:
Al Viro88219a02007-07-29 00:17:25 -07002326 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002327 break;
2328
2329 case L2CAP_ECHO_RSP:
2330 break;
2331
2332 case L2CAP_INFO_REQ:
2333 err = l2cap_information_req(conn, &cmd, data);
2334 break;
2335
2336 case L2CAP_INFO_RSP:
2337 err = l2cap_information_rsp(conn, &cmd, data);
2338 break;
2339
2340 default:
2341 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2342 err = -EINVAL;
2343 break;
2344 }
2345
2346 if (err) {
2347 struct l2cap_cmd_rej rej;
2348 BT_DBG("error %d", err);
2349
2350 /* FIXME: Map err to a valid reason */
YOSHIFUJI Hideakiaca31922007-03-25 20:12:50 -07002351 rej.reason = cpu_to_le16(0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002352 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2353 }
2354
Al Viro88219a02007-07-29 00:17:25 -07002355 data += cmd_len;
2356 len -= cmd_len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002357 }
2358
2359 kfree_skb(skb);
2360}
2361
2362static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2363{
2364 struct sock *sk;
2365
2366 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2367 if (!sk) {
2368 BT_DBG("unknown cid 0x%4.4x", cid);
2369 goto drop;
2370 }
2371
2372 BT_DBG("sk %p, len %d", sk, skb->len);
2373
2374 if (sk->sk_state != BT_CONNECTED)
2375 goto drop;
2376
2377 if (l2cap_pi(sk)->imtu < skb->len)
2378 goto drop;
2379
2380 /* If socket recv buffers overflows we drop data here
2381 * which is *bad* because L2CAP has to be reliable.
2382 * But we don't have any other choice. L2CAP doesn't
2383 * provide flow control mechanism. */
2384
2385 if (!sock_queue_rcv_skb(sk, skb))
2386 goto done;
2387
2388drop:
2389 kfree_skb(skb);
2390
2391done:
Marcel Holtmann01394182006-07-03 10:02:46 +02002392 if (sk)
2393 bh_unlock_sock(sk);
2394
Linus Torvalds1da177e2005-04-16 15:20:36 -07002395 return 0;
2396}
2397
Al Viro8e036fc2007-07-29 00:16:36 -07002398static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002399{
2400 struct sock *sk;
2401
2402 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2403 if (!sk)
2404 goto drop;
2405
2406 BT_DBG("sk %p, len %d", sk, skb->len);
2407
2408 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2409 goto drop;
2410
2411 if (l2cap_pi(sk)->imtu < skb->len)
2412 goto drop;
2413
2414 if (!sock_queue_rcv_skb(sk, skb))
2415 goto done;
2416
2417drop:
2418 kfree_skb(skb);
2419
2420done:
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002421 if (sk)
2422 bh_unlock_sock(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002423 return 0;
2424}
2425
2426static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2427{
2428 struct l2cap_hdr *lh = (void *) skb->data;
Al Viro8e036fc2007-07-29 00:16:36 -07002429 u16 cid, len;
2430 __le16 psm;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002431
2432 skb_pull(skb, L2CAP_HDR_SIZE);
2433 cid = __le16_to_cpu(lh->cid);
2434 len = __le16_to_cpu(lh->len);
2435
2436 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2437
2438 switch (cid) {
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03002439 case L2CAP_CID_SIGNALING:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002440 l2cap_sig_channel(conn, skb);
2441 break;
2442
Gustavo F. Padovan8db4dc42009-04-20 01:31:05 -03002443 case L2CAP_CID_CONN_LESS:
Al Viro8e036fc2007-07-29 00:16:36 -07002444 psm = get_unaligned((__le16 *) skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002445 skb_pull(skb, 2);
2446 l2cap_conless_channel(conn, psm, skb);
2447 break;
2448
2449 default:
2450 l2cap_data_channel(conn, cid, skb);
2451 break;
2452 }
2453}
2454
2455/* ---- L2CAP interface with lower layer (HCI) ---- */
2456
2457static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2458{
2459 int exact = 0, lm1 = 0, lm2 = 0;
2460 register struct sock *sk;
2461 struct hlist_node *node;
2462
2463 if (type != ACL_LINK)
2464 return 0;
2465
2466 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2467
2468 /* Find listening sockets and check their link_mode */
2469 read_lock(&l2cap_sk_list.lock);
2470 sk_for_each(sk, node, &l2cap_sk_list.head) {
2471 if (sk->sk_state != BT_LISTEN)
2472 continue;
2473
2474 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002475 lm1 |= HCI_LM_ACCEPT;
2476 if (l2cap_pi(sk)->role_switch)
2477 lm1 |= HCI_LM_MASTER;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002478 exact++;
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002479 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2480 lm2 |= HCI_LM_ACCEPT;
2481 if (l2cap_pi(sk)->role_switch)
2482 lm2 |= HCI_LM_MASTER;
2483 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002484 }
2485 read_unlock(&l2cap_sk_list.lock);
2486
2487 return exact ? lm1 : lm2;
2488}
2489
2490static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2491{
Marcel Holtmann01394182006-07-03 10:02:46 +02002492 struct l2cap_conn *conn;
2493
Linus Torvalds1da177e2005-04-16 15:20:36 -07002494 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2495
2496 if (hcon->type != ACL_LINK)
2497 return 0;
2498
2499 if (!status) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002500 conn = l2cap_conn_add(hcon, status);
2501 if (conn)
2502 l2cap_conn_ready(conn);
Marcel Holtmann01394182006-07-03 10:02:46 +02002503 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07002504 l2cap_conn_del(hcon, bt_err(status));
2505
2506 return 0;
2507}
2508
Marcel Holtmann2950f212009-02-12 14:02:50 +01002509static int l2cap_disconn_ind(struct hci_conn *hcon)
2510{
2511 struct l2cap_conn *conn = hcon->l2cap_data;
2512
2513 BT_DBG("hcon %p", hcon);
2514
2515 if (hcon->type != ACL_LINK || !conn)
2516 return 0x13;
2517
2518 return conn->disc_reason;
2519}
2520
2521static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002522{
2523 BT_DBG("hcon %p reason %d", hcon, reason);
2524
2525 if (hcon->type != ACL_LINK)
2526 return 0;
2527
2528 l2cap_conn_del(hcon, bt_err(reason));
Marcel Holtmann01394182006-07-03 10:02:46 +02002529
Linus Torvalds1da177e2005-04-16 15:20:36 -07002530 return 0;
2531}
2532
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002533static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2534{
Marcel Holtmann255c7602009-02-04 21:07:19 +01002535 if (sk->sk_type != SOCK_SEQPACKET)
2536 return;
2537
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002538 if (encrypt == 0x00) {
2539 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2540 l2cap_sock_clear_timer(sk);
2541 l2cap_sock_set_timer(sk, HZ * 5);
2542 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2543 __l2cap_sock_close(sk, ECONNREFUSED);
2544 } else {
2545 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2546 l2cap_sock_clear_timer(sk);
2547 }
2548}
2549
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002550static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002551{
2552 struct l2cap_chan_list *l;
Marcel Holtmann40be4922008-07-14 20:13:50 +02002553 struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002554 struct sock *sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002555
Marcel Holtmann01394182006-07-03 10:02:46 +02002556 if (!conn)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002557 return 0;
Marcel Holtmann01394182006-07-03 10:02:46 +02002558
Linus Torvalds1da177e2005-04-16 15:20:36 -07002559 l = &conn->chan_list;
2560
2561 BT_DBG("conn %p", conn);
2562
2563 read_lock(&l->lock);
2564
2565 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2566 bh_lock_sock(sk);
2567
Marcel Holtmann6a8d3012009-02-06 23:56:36 +01002568 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2569 bh_unlock_sock(sk);
2570 continue;
2571 }
2572
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002573 if (!status && (sk->sk_state == BT_CONNECTED ||
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002574 sk->sk_state == BT_CONFIG)) {
Marcel Holtmannf62e4322009-01-15 21:58:44 +01002575 l2cap_check_encryption(sk, encrypt);
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002576 bh_unlock_sock(sk);
2577 continue;
2578 }
2579
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002580 if (sk->sk_state == BT_CONNECT) {
2581 if (!status) {
2582 struct l2cap_conn_req req;
2583 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2584 req.psm = l2cap_pi(sk)->psm;
2585
2586 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2587
2588 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2589 L2CAP_CONN_REQ, sizeof(req), &req);
2590 } else {
2591 l2cap_sock_clear_timer(sk);
2592 l2cap_sock_set_timer(sk, HZ / 10);
2593 }
2594 } else if (sk->sk_state == BT_CONNECT2) {
2595 struct l2cap_conn_rsp rsp;
2596 __u16 result;
2597
2598 if (!status) {
2599 sk->sk_state = BT_CONFIG;
2600 result = L2CAP_CR_SUCCESS;
2601 } else {
2602 sk->sk_state = BT_DISCONN;
2603 l2cap_sock_set_timer(sk, HZ / 10);
2604 result = L2CAP_CR_SEC_BLOCK;
2605 }
2606
2607 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2608 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2609 rsp.result = cpu_to_le16(result);
Marcel Holtmanne7c29cb2008-09-09 07:19:20 +02002610 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002611 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2612 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002613 }
2614
Linus Torvalds1da177e2005-04-16 15:20:36 -07002615 bh_unlock_sock(sk);
2616 }
2617
2618 read_unlock(&l->lock);
Marcel Holtmannb1235d7962008-07-14 20:13:54 +02002619
Linus Torvalds1da177e2005-04-16 15:20:36 -07002620 return 0;
2621}
2622
2623static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2624{
2625 struct l2cap_conn *conn = hcon->l2cap_data;
2626
2627 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2628 goto drop;
2629
2630 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2631
2632 if (flags & ACL_START) {
2633 struct l2cap_hdr *hdr;
2634 int len;
2635
2636 if (conn->rx_len) {
2637 BT_ERR("Unexpected start frame (len %d)", skb->len);
2638 kfree_skb(conn->rx_skb);
2639 conn->rx_skb = NULL;
2640 conn->rx_len = 0;
2641 l2cap_conn_unreliable(conn, ECOMM);
2642 }
2643
2644 if (skb->len < 2) {
2645 BT_ERR("Frame is too short (len %d)", skb->len);
2646 l2cap_conn_unreliable(conn, ECOMM);
2647 goto drop;
2648 }
2649
2650 hdr = (struct l2cap_hdr *) skb->data;
2651 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2652
2653 if (len == skb->len) {
2654 /* Complete frame received */
2655 l2cap_recv_frame(conn, skb);
2656 return 0;
2657 }
2658
2659 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2660
2661 if (skb->len > len) {
2662 BT_ERR("Frame is too long (len %d, expected len %d)",
2663 skb->len, len);
2664 l2cap_conn_unreliable(conn, ECOMM);
2665 goto drop;
2666 }
2667
2668 /* Allocate skb for the complete frame (with header) */
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002669 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
2670 if (!conn->rx_skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002671 goto drop;
2672
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002673 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002674 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002675 conn->rx_len = len - skb->len;
2676 } else {
2677 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2678
2679 if (!conn->rx_len) {
2680 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2681 l2cap_conn_unreliable(conn, ECOMM);
2682 goto drop;
2683 }
2684
2685 if (skb->len > conn->rx_len) {
2686 BT_ERR("Fragment is too long (len %d, expected %d)",
2687 skb->len, conn->rx_len);
2688 kfree_skb(conn->rx_skb);
2689 conn->rx_skb = NULL;
2690 conn->rx_len = 0;
2691 l2cap_conn_unreliable(conn, ECOMM);
2692 goto drop;
2693 }
2694
Arnaldo Carvalho de Melod626f622007-03-27 18:55:52 -03002695 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
Marcel Holtmanne1027a72009-02-09 09:18:02 +01002696 skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002697 conn->rx_len -= skb->len;
2698
2699 if (!conn->rx_len) {
2700 /* Complete frame received */
2701 l2cap_recv_frame(conn, conn->rx_skb);
2702 conn->rx_skb = NULL;
2703 }
2704 }
2705
2706drop:
2707 kfree_skb(skb);
2708 return 0;
2709}
2710
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002711static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002712{
2713 struct sock *sk;
2714 struct hlist_node *node;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002715 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002716
2717 read_lock_bh(&l2cap_sk_list.lock);
2718
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002719 sk_for_each(sk, node, &l2cap_sk_list.head) {
2720 struct l2cap_pinfo *pi = l2cap_pi(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002721
Marcel Holtmann2af6b9d2009-01-15 21:58:38 +01002722 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002723 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
Marcel Holtmannb4324b52009-06-07 18:06:51 +02002724 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
2725 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002726 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002727
Linus Torvalds1da177e2005-04-16 15:20:36 -07002728 read_unlock_bh(&l2cap_sk_list.lock);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002729
Gustavo F. Padovanaf05b30b2009-04-20 01:31:08 -03002730 return str - buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002731}
2732
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002733static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002734
Eric Dumazet90ddc4f2005-12-22 12:49:22 -08002735static const struct proto_ops l2cap_sock_ops = {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002736 .family = PF_BLUETOOTH,
2737 .owner = THIS_MODULE,
2738 .release = l2cap_sock_release,
2739 .bind = l2cap_sock_bind,
2740 .connect = l2cap_sock_connect,
2741 .listen = l2cap_sock_listen,
2742 .accept = l2cap_sock_accept,
2743 .getname = l2cap_sock_getname,
2744 .sendmsg = l2cap_sock_sendmsg,
Marcel Holtmannf66dc812009-01-15 21:57:00 +01002745 .recvmsg = l2cap_sock_recvmsg,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002746 .poll = bt_sock_poll,
Marcel Holtmann3241ad82008-07-14 20:13:50 +02002747 .ioctl = bt_sock_ioctl,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002748 .mmap = sock_no_mmap,
2749 .socketpair = sock_no_socketpair,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002750 .shutdown = l2cap_sock_shutdown,
2751 .setsockopt = l2cap_sock_setsockopt,
2752 .getsockopt = l2cap_sock_getsockopt
2753};
2754
2755static struct net_proto_family l2cap_sock_family_ops = {
2756 .family = PF_BLUETOOTH,
2757 .owner = THIS_MODULE,
2758 .create = l2cap_sock_create,
2759};
2760
2761static struct hci_proto l2cap_hci_proto = {
2762 .name = "L2CAP",
2763 .id = HCI_PROTO_L2CAP,
2764 .connect_ind = l2cap_connect_ind,
2765 .connect_cfm = l2cap_connect_cfm,
2766 .disconn_ind = l2cap_disconn_ind,
Marcel Holtmann2950f212009-02-12 14:02:50 +01002767 .disconn_cfm = l2cap_disconn_cfm,
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002768 .security_cfm = l2cap_security_cfm,
Linus Torvalds1da177e2005-04-16 15:20:36 -07002769 .recv_acldata = l2cap_recv_acldata
2770};
2771
2772static int __init l2cap_init(void)
2773{
2774 int err;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002775
Linus Torvalds1da177e2005-04-16 15:20:36 -07002776 err = proto_register(&l2cap_proto, 0);
2777 if (err < 0)
2778 return err;
2779
2780 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2781 if (err < 0) {
2782 BT_ERR("L2CAP socket registration failed");
2783 goto error;
2784 }
2785
2786 err = hci_register_proto(&l2cap_hci_proto);
2787 if (err < 0) {
2788 BT_ERR("L2CAP protocol registration failed");
2789 bt_sock_unregister(BTPROTO_L2CAP);
2790 goto error;
2791 }
2792
Marcel Holtmanndf5c37e2006-10-15 17:30:45 +02002793 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2794 BT_ERR("Failed to create L2CAP info file");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002795
2796 BT_INFO("L2CAP ver %s", VERSION);
2797 BT_INFO("L2CAP socket layer initialized");
2798
2799 return 0;
2800
2801error:
2802 proto_unregister(&l2cap_proto);
2803 return err;
2804}
2805
2806static void __exit l2cap_exit(void)
2807{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +02002808 class_remove_file(bt_class, &class_attr_l2cap);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002809
2810 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2811 BT_ERR("L2CAP socket unregistration failed");
2812
2813 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2814 BT_ERR("L2CAP protocol unregistration failed");
2815
2816 proto_unregister(&l2cap_proto);
2817}
2818
2819void l2cap_load(void)
2820{
2821 /* Dummy function to trigger automatic L2CAP module loading by
2822 * other modules that use L2CAP sockets but don't use any other
2823 * symbols from it. */
2824 return;
2825}
2826EXPORT_SYMBOL(l2cap_load);
2827
2828module_init(l2cap_init);
2829module_exit(l2cap_exit);
2830
Marcel Holtmann63fbd242008-08-18 13:23:53 +02002831MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002832MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2833MODULE_VERSION(VERSION);
2834MODULE_LICENSE("GPL");
2835MODULE_ALIAS("bt-proto-0");