projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix double L2CAP connection request
[deliverable/linux.git] / net / bluetooth / l2cap.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth L2CAP core and sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52
53 #define VERSION "2.12"
54
55 static u32 l2cap_feat_mask = 0x0000;
56
57 static const struct proto_ops l2cap_sock_ops;
58
59 static struct bt_sock_list l2cap_sk_list = {
60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
61 };
62
63 static void __l2cap_sock_close(struct sock *sk, int reason);
64 static void l2cap_sock_close(struct sock *sk);
65 static void l2cap_sock_kill(struct sock *sk);
66
67 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
69
70 /* ---- L2CAP timers ---- */
71 static void l2cap_sock_timeout(unsigned long arg)
72 {
73 struct sock *sk = (struct sock *) arg;
74 int reason;
75
76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77
78 bh_lock_sock(sk);
79
80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
81 reason = ECONNREFUSED;
82 else if (sk->sk_state == BT_CONNECT &&
83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
84 reason = ECONNREFUSED;
85 else
86 reason = ETIMEDOUT;
87
88 __l2cap_sock_close(sk, reason);
89
90 bh_unlock_sock(sk);
91
92 l2cap_sock_kill(sk);
93 sock_put(sk);
94 }
95
96 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
97 {
98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
100 }
101
102 static void l2cap_sock_clear_timer(struct sock *sk)
103 {
104 BT_DBG("sock %p state %d", sk, sk->sk_state);
105 sk_stop_timer(sk, &sk->sk_timer);
106 }
107
108 /* ---- L2CAP channels ---- */
109 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
110 {
111 struct sock *s;
112 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
113 if (l2cap_pi(s)->dcid == cid)
114 break;
115 }
116 return s;
117 }
118
119 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
120 {
121 struct sock *s;
122 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
123 if (l2cap_pi(s)->scid == cid)
124 break;
125 }
126 return s;
127 }
128
129 /* Find channel with given SCID.
130 * Returns locked socket */
131 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
132 {
133 struct sock *s;
134 read_lock(&l->lock);
135 s = __l2cap_get_chan_by_scid(l, cid);
136 if (s) bh_lock_sock(s);
137 read_unlock(&l->lock);
138 return s;
139 }
140
141 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
142 {
143 struct sock *s;
144 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
145 if (l2cap_pi(s)->ident == ident)
146 break;
147 }
148 return s;
149 }
150
151 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152 {
153 struct sock *s;
154 read_lock(&l->lock);
155 s = __l2cap_get_chan_by_ident(l, ident);
156 if (s) bh_lock_sock(s);
157 read_unlock(&l->lock);
158 return s;
159 }
160
161 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
162 {
163 u16 cid = 0x0040;
164
165 for (; cid < 0xffff; cid++) {
166 if(!__l2cap_get_chan_by_scid(l, cid))
167 return cid;
168 }
169
170 return 0;
171 }
172
173 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
174 {
175 sock_hold(sk);
176
177 if (l->head)
178 l2cap_pi(l->head)->prev_c = sk;
179
180 l2cap_pi(sk)->next_c = l->head;
181 l2cap_pi(sk)->prev_c = NULL;
182 l->head = sk;
183 }
184
185 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
186 {
187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
188
189 write_lock_bh(&l->lock);
190 if (sk == l->head)
191 l->head = next;
192
193 if (next)
194 l2cap_pi(next)->prev_c = prev;
195 if (prev)
196 l2cap_pi(prev)->next_c = next;
197 write_unlock_bh(&l->lock);
198
199 __sock_put(sk);
200 }
201
202 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
203 {
204 struct l2cap_chan_list *l = &conn->chan_list;
205
206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
207
208 l2cap_pi(sk)->conn = conn;
209
210 if (sk->sk_type == SOCK_SEQPACKET) {
211 /* Alloc CID for connection-oriented socket */
212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
213 } else if (sk->sk_type == SOCK_DGRAM) {
214 /* Connectionless socket */
215 l2cap_pi(sk)->scid = 0x0002;
216 l2cap_pi(sk)->dcid = 0x0002;
217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
218 } else {
219 /* Raw socket can send/recv signalling messages only */
220 l2cap_pi(sk)->scid = 0x0001;
221 l2cap_pi(sk)->dcid = 0x0001;
222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
223 }
224
225 __l2cap_chan_link(l, sk);
226
227 if (parent)
228 bt_accept_enqueue(parent, sk);
229 }
230
231 /* Delete channel.
232 * Must be called on the locked socket. */
233 static void l2cap_chan_del(struct sock *sk, int err)
234 {
235 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
236 struct sock *parent = bt_sk(sk)->parent;
237
238 l2cap_sock_clear_timer(sk);
239
240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
241
242 if (conn) {
243 /* Unlink from channel list */
244 l2cap_chan_unlink(&conn->chan_list, sk);
245 l2cap_pi(sk)->conn = NULL;
246 hci_conn_put(conn->hcon);
247 }
248
249 sk->sk_state = BT_CLOSED;
250 sock_set_flag(sk, SOCK_ZAPPED);
251
252 if (err)
253 sk->sk_err = err;
254
255 if (parent) {
256 bt_accept_unlink(sk);
257 parent->sk_data_ready(parent, 0);
258 } else
259 sk->sk_state_change(sk);
260 }
261
262 /* Service level security */
263 static inline int l2cap_check_security(struct sock *sk)
264 {
265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
266 __u8 auth_type;
267
268 switch (l2cap_pi(sk)->sec_level) {
269 case BT_SECURITY_HIGH:
270 auth_type = HCI_AT_GENERAL_BONDING_MITM;
271 break;
272 case BT_SECURITY_MEDIUM:
273 auth_type = HCI_AT_GENERAL_BONDING;
274 break;
275 default:
276 auth_type = HCI_AT_NO_BONDING;
277 break;
278 }
279
280 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
281 auth_type);
282 }
283
284 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
285 {
286 u8 id;
287
288 /* Get next available identificator.
289 * 1 - 128 are used by kernel.
290 * 129 - 199 are reserved.
291 * 200 - 254 are used by utilities like l2ping, etc.
292 */
293
294 spin_lock_bh(&conn->lock);
295
296 if (++conn->tx_ident > 128)
297 conn->tx_ident = 1;
298
299 id = conn->tx_ident;
300
301 spin_unlock_bh(&conn->lock);
302
303 return id;
304 }
305
306 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
307 {
308 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
309
310 BT_DBG("code 0x%2.2x", code);
311
312 if (!skb)
313 return -ENOMEM;
314
315 return hci_send_acl(conn->hcon, skb, 0);
316 }
317
318 static void l2cap_do_start(struct sock *sk)
319 {
320 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
321
322 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
323 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
324 return;
325
326 if (l2cap_check_security(sk)) {
327 struct l2cap_conn_req req;
328 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
329 req.psm = l2cap_pi(sk)->psm;
330
331 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
332
333 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
334 L2CAP_CONN_REQ, sizeof(req), &req);
335 }
336 } else {
337 struct l2cap_info_req req;
338 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
339
340 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
341 conn->info_ident = l2cap_get_ident(conn);
342
343 mod_timer(&conn->info_timer, jiffies +
344 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
345
346 l2cap_send_cmd(conn, conn->info_ident,
347 L2CAP_INFO_REQ, sizeof(req), &req);
348 }
349 }
350
351 /* ---- L2CAP connections ---- */
352 static void l2cap_conn_start(struct l2cap_conn *conn)
353 {
354 struct l2cap_chan_list *l = &conn->chan_list;
355 struct sock *sk;
356
357 BT_DBG("conn %p", conn);
358
359 read_lock(&l->lock);
360
361 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
362 bh_lock_sock(sk);
363
364 if (sk->sk_type != SOCK_SEQPACKET) {
365 bh_unlock_sock(sk);
366 continue;
367 }
368
369 if (sk->sk_state == BT_CONNECT) {
370 if (l2cap_check_security(sk)) {
371 struct l2cap_conn_req req;
372 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
373 req.psm = l2cap_pi(sk)->psm;
374
375 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
376
377 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
378 L2CAP_CONN_REQ, sizeof(req), &req);
379 }
380 } else if (sk->sk_state == BT_CONNECT2) {
381 struct l2cap_conn_rsp rsp;
382 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
383 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
384
385 if (l2cap_check_security(sk)) {
386 if (bt_sk(sk)->defer_setup) {
387 struct sock *parent = bt_sk(sk)->parent;
388 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
389 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
390 parent->sk_data_ready(parent, 0);
391
392 } else {
393 sk->sk_state = BT_CONFIG;
394 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
395 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
396 }
397 } else {
398 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
399 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
400 }
401
402 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
403 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
404 }
405
406 bh_unlock_sock(sk);
407 }
408
409 read_unlock(&l->lock);
410 }
411
412 static void l2cap_conn_ready(struct l2cap_conn *conn)
413 {
414 struct l2cap_chan_list *l = &conn->chan_list;
415 struct sock *sk;
416
417 BT_DBG("conn %p", conn);
418
419 read_lock(&l->lock);
420
421 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
422 bh_lock_sock(sk);
423
424 if (sk->sk_type != SOCK_SEQPACKET) {
425 l2cap_sock_clear_timer(sk);
426 sk->sk_state = BT_CONNECTED;
427 sk->sk_state_change(sk);
428 } else if (sk->sk_state == BT_CONNECT)
429 l2cap_do_start(sk);
430
431 bh_unlock_sock(sk);
432 }
433
434 read_unlock(&l->lock);
435 }
436
437 /* Notify sockets that we cannot guaranty reliability anymore */
438 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
439 {
440 struct l2cap_chan_list *l = &conn->chan_list;
441 struct sock *sk;
442
443 BT_DBG("conn %p", conn);
444
445 read_lock(&l->lock);
446
447 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
448 if (l2cap_pi(sk)->force_reliable)
449 sk->sk_err = err;
450 }
451
452 read_unlock(&l->lock);
453 }
454
455 static void l2cap_info_timeout(unsigned long arg)
456 {
457 struct l2cap_conn *conn = (void *) arg;
458
459 conn->info_ident = 0;
460
461 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
462
463 l2cap_conn_start(conn);
464 }
465
466 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
467 {
468 struct l2cap_conn *conn = hcon->l2cap_data;
469
470 if (conn || status)
471 return conn;
472
473 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
474 if (!conn)
475 return NULL;
476
477 hcon->l2cap_data = conn;
478 conn->hcon = hcon;
479
480 BT_DBG("hcon %p conn %p", hcon, conn);
481
482 conn->mtu = hcon->hdev->acl_mtu;
483 conn->src = &hcon->hdev->bdaddr;
484 conn->dst = &hcon->dst;
485
486 conn->feat_mask = 0;
487
488 setup_timer(&conn->info_timer, l2cap_info_timeout,
489 (unsigned long) conn);
490
491 spin_lock_init(&conn->lock);
492 rwlock_init(&conn->chan_list.lock);
493
494 return conn;
495 }
496
497 static void l2cap_conn_del(struct hci_conn *hcon, int err)
498 {
499 struct l2cap_conn *conn = hcon->l2cap_data;
500 struct sock *sk;
501
502 if (!conn)
503 return;
504
505 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
506
507 if (conn->rx_skb)
508 kfree_skb(conn->rx_skb);
509
510 /* Kill channels */
511 while ((sk = conn->chan_list.head)) {
512 bh_lock_sock(sk);
513 l2cap_chan_del(sk, err);
514 bh_unlock_sock(sk);
515 l2cap_sock_kill(sk);
516 }
517
518 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
519 del_timer_sync(&conn->info_timer);
520
521 hcon->l2cap_data = NULL;
522 kfree(conn);
523 }
524
525 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
526 {
527 struct l2cap_chan_list *l = &conn->chan_list;
528 write_lock_bh(&l->lock);
529 __l2cap_chan_add(conn, sk, parent);
530 write_unlock_bh(&l->lock);
531 }
532
533 /* ---- Socket interface ---- */
534 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
535 {
536 struct sock *sk;
537 struct hlist_node *node;
538 sk_for_each(sk, node, &l2cap_sk_list.head)
539 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
540 goto found;
541 sk = NULL;
542 found:
543 return sk;
544 }
545
546 /* Find socket with psm and source bdaddr.
547 * Returns closest match.
548 */
549 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
550 {
551 struct sock *sk = NULL, *sk1 = NULL;
552 struct hlist_node *node;
553
554 sk_for_each(sk, node, &l2cap_sk_list.head) {
555 if (state && sk->sk_state != state)
556 continue;
557
558 if (l2cap_pi(sk)->psm == psm) {
559 /* Exact match. */
560 if (!bacmp(&bt_sk(sk)->src, src))
561 break;
562
563 /* Closest match */
564 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
565 sk1 = sk;
566 }
567 }
568 return node ? sk : sk1;
569 }
570
571 /* Find socket with given address (psm, src).
572 * Returns locked socket */
573 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
574 {
575 struct sock *s;
576 read_lock(&l2cap_sk_list.lock);
577 s = __l2cap_get_sock_by_psm(state, psm, src);
578 if (s) bh_lock_sock(s);
579 read_unlock(&l2cap_sk_list.lock);
580 return s;
581 }
582
583 static void l2cap_sock_destruct(struct sock *sk)
584 {
585 BT_DBG("sk %p", sk);
586
587 skb_queue_purge(&sk->sk_receive_queue);
588 skb_queue_purge(&sk->sk_write_queue);
589 }
590
591 static void l2cap_sock_cleanup_listen(struct sock *parent)
592 {
593 struct sock *sk;
594
595 BT_DBG("parent %p", parent);
596
597 /* Close not yet accepted channels */
598 while ((sk = bt_accept_dequeue(parent, NULL)))
599 l2cap_sock_close(sk);
600
601 parent->sk_state = BT_CLOSED;
602 sock_set_flag(parent, SOCK_ZAPPED);
603 }
604
605 /* Kill socket (only if zapped and orphan)
606 * Must be called on unlocked socket.
607 */
608 static void l2cap_sock_kill(struct sock *sk)
609 {
610 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
611 return;
612
613 BT_DBG("sk %p state %d", sk, sk->sk_state);
614
615 /* Kill poor orphan */
616 bt_sock_unlink(&l2cap_sk_list, sk);
617 sock_set_flag(sk, SOCK_DEAD);
618 sock_put(sk);
619 }
620
621 static void __l2cap_sock_close(struct sock *sk, int reason)
622 {
623 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
624
625 switch (sk->sk_state) {
626 case BT_LISTEN:
627 l2cap_sock_cleanup_listen(sk);
628 break;
629
630 case BT_CONNECTED:
631 case BT_CONFIG:
632 if (sk->sk_type == SOCK_SEQPACKET) {
633 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
634 struct l2cap_disconn_req req;
635
636 sk->sk_state = BT_DISCONN;
637 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
638
639 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
640 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
641 l2cap_send_cmd(conn, l2cap_get_ident(conn),
642 L2CAP_DISCONN_REQ, sizeof(req), &req);
643 } else
644 l2cap_chan_del(sk, reason);
645 break;
646
647 case BT_CONNECT2:
648 if (sk->sk_type == SOCK_SEQPACKET) {
649 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
650 struct l2cap_conn_rsp rsp;
651 __u16 result;
652
653 if (bt_sk(sk)->defer_setup)
654 result = L2CAP_CR_SEC_BLOCK;
655 else
656 result = L2CAP_CR_BAD_PSM;
657
658 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
659 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
660 rsp.result = cpu_to_le16(result);
661 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
662 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
663 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
664 } else
665 l2cap_chan_del(sk, reason);
666 break;
667
668 case BT_CONNECT:
669 case BT_DISCONN:
670 l2cap_chan_del(sk, reason);
671 break;
672
673 default:
674 sock_set_flag(sk, SOCK_ZAPPED);
675 break;
676 }
677 }
678
679 /* Must be called on unlocked socket. */
680 static void l2cap_sock_close(struct sock *sk)
681 {
682 l2cap_sock_clear_timer(sk);
683 lock_sock(sk);
684 __l2cap_sock_close(sk, ECONNRESET);
685 release_sock(sk);
686 l2cap_sock_kill(sk);
687 }
688
689 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
690 {
691 struct l2cap_pinfo *pi = l2cap_pi(sk);
692
693 BT_DBG("sk %p", sk);
694
695 if (parent) {
696 sk->sk_type = parent->sk_type;
697 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
698
699 pi->imtu = l2cap_pi(parent)->imtu;
700 pi->omtu = l2cap_pi(parent)->omtu;
701 pi->sec_level = l2cap_pi(parent)->sec_level;
702 pi->role_switch = l2cap_pi(parent)->role_switch;
703 pi->force_reliable = l2cap_pi(parent)->force_reliable;
704 } else {
705 pi->imtu = L2CAP_DEFAULT_MTU;
706 pi->omtu = 0;
707 pi->sec_level = BT_SECURITY_LOW;
708 pi->role_switch = 0;
709 pi->force_reliable = 0;
710 }
711
712 /* Default config options */
713 pi->conf_len = 0;
714 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
715 }
716
717 static struct proto l2cap_proto = {
718 .name = "L2CAP",
719 .owner = THIS_MODULE,
720 .obj_size = sizeof(struct l2cap_pinfo)
721 };
722
723 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
724 {
725 struct sock *sk;
726
727 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
728 if (!sk)
729 return NULL;
730
731 sock_init_data(sock, sk);
732 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
733
734 sk->sk_destruct = l2cap_sock_destruct;
735 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
736
737 sock_reset_flag(sk, SOCK_ZAPPED);
738
739 sk->sk_protocol = proto;
740 sk->sk_state = BT_OPEN;
741
742 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
743
744 bt_sock_link(&l2cap_sk_list, sk);
745 return sk;
746 }
747
748 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
749 {
750 struct sock *sk;
751
752 BT_DBG("sock %p", sock);
753
754 sock->state = SS_UNCONNECTED;
755
756 if (sock->type != SOCK_SEQPACKET &&
757 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
758 return -ESOCKTNOSUPPORT;
759
760 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
761 return -EPERM;
762
763 sock->ops = &l2cap_sock_ops;
764
765 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
766 if (!sk)
767 return -ENOMEM;
768
769 l2cap_sock_init(sk, NULL);
770 return 0;
771 }
772
773 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
774 {
775 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
776 struct sock *sk = sock->sk;
777 int err = 0;
778
779 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
780
781 if (!addr || addr->sa_family != AF_BLUETOOTH)
782 return -EINVAL;
783
784 lock_sock(sk);
785
786 if (sk->sk_state != BT_OPEN) {
787 err = -EBADFD;
788 goto done;
789 }
790
791 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
792 !capable(CAP_NET_BIND_SERVICE)) {
793 err = -EACCES;
794 goto done;
795 }
796
797 write_lock_bh(&l2cap_sk_list.lock);
798
799 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
800 err = -EADDRINUSE;
801 } else {
802 /* Save source address */
803 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
804 l2cap_pi(sk)->psm = la->l2_psm;
805 l2cap_pi(sk)->sport = la->l2_psm;
806 sk->sk_state = BT_BOUND;
807
808 if (btohs(la->l2_psm) == 0x0001)
809 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
810 }
811
812 write_unlock_bh(&l2cap_sk_list.lock);
813
814 done:
815 release_sock(sk);
816 return err;
817 }
818
819 static int l2cap_do_connect(struct sock *sk)
820 {
821 bdaddr_t *src = &bt_sk(sk)->src;
822 bdaddr_t *dst = &bt_sk(sk)->dst;
823 struct l2cap_conn *conn;
824 struct hci_conn *hcon;
825 struct hci_dev *hdev;
826 __u8 auth_type;
827 int err = 0;
828
829 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
830
831 if (!(hdev = hci_get_route(dst, src)))
832 return -EHOSTUNREACH;
833
834 hci_dev_lock_bh(hdev);
835
836 err = -ENOMEM;
837
838 if (sk->sk_type == SOCK_RAW) {
839 switch (l2cap_pi(sk)->sec_level) {
840 case BT_SECURITY_HIGH:
841 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
842 break;
843 case BT_SECURITY_MEDIUM:
844 auth_type = HCI_AT_DEDICATED_BONDING;
845 break;
846 default:
847 auth_type = HCI_AT_NO_BONDING;
848 break;
849 }
850 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
851 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
852 auth_type = HCI_AT_NO_BONDING_MITM;
853 else
854 auth_type = HCI_AT_NO_BONDING;
855 } else {
856 switch (l2cap_pi(sk)->sec_level) {
857 case BT_SECURITY_HIGH:
858 auth_type = HCI_AT_GENERAL_BONDING_MITM;
859 break;
860 case BT_SECURITY_MEDIUM:
861 auth_type = HCI_AT_GENERAL_BONDING;
862 break;
863 default:
864 auth_type = HCI_AT_NO_BONDING;
865 break;
866 }
867 }
868
869 hcon = hci_connect(hdev, ACL_LINK, dst,
870 l2cap_pi(sk)->sec_level, auth_type);
871 if (!hcon)
872 goto done;
873
874 conn = l2cap_conn_add(hcon, 0);
875 if (!conn) {
876 hci_conn_put(hcon);
877 goto done;
878 }
879
880 err = 0;
881
882 /* Update source addr of the socket */
883 bacpy(src, conn->src);
884
885 l2cap_chan_add(conn, sk, NULL);
886
887 sk->sk_state = BT_CONNECT;
888 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
889
890 if (hcon->state == BT_CONNECTED) {
891 if (sk->sk_type != SOCK_SEQPACKET) {
892 l2cap_sock_clear_timer(sk);
893 sk->sk_state = BT_CONNECTED;
894 } else
895 l2cap_do_start(sk);
896 }
897
898 done:
899 hci_dev_unlock_bh(hdev);
900 hci_dev_put(hdev);
901 return err;
902 }
903
904 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
905 {
906 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
907 struct sock *sk = sock->sk;
908 int err = 0;
909
910 lock_sock(sk);
911
912 BT_DBG("sk %p", sk);
913
914 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
915 err = -EINVAL;
916 goto done;
917 }
918
919 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
920 err = -EINVAL;
921 goto done;
922 }
923
924 switch(sk->sk_state) {
925 case BT_CONNECT:
926 case BT_CONNECT2:
927 case BT_CONFIG:
928 /* Already connecting */
929 goto wait;
930
931 case BT_CONNECTED:
932 /* Already connected */
933 goto done;
934
935 case BT_OPEN:
936 case BT_BOUND:
937 /* Can connect */
938 break;
939
940 default:
941 err = -EBADFD;
942 goto done;
943 }
944
945 /* Set destination address and psm */
946 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
947 l2cap_pi(sk)->psm = la->l2_psm;
948
949 if ((err = l2cap_do_connect(sk)))
950 goto done;
951
952 wait:
953 err = bt_sock_wait_state(sk, BT_CONNECTED,
954 sock_sndtimeo(sk, flags & O_NONBLOCK));
955 done:
956 release_sock(sk);
957 return err;
958 }
959
960 static int l2cap_sock_listen(struct socket *sock, int backlog)
961 {
962 struct sock *sk = sock->sk;
963 int err = 0;
964
965 BT_DBG("sk %p backlog %d", sk, backlog);
966
967 lock_sock(sk);
968
969 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
970 err = -EBADFD;
971 goto done;
972 }
973
974 if (!l2cap_pi(sk)->psm) {
975 bdaddr_t *src = &bt_sk(sk)->src;
976 u16 psm;
977
978 err = -EINVAL;
979
980 write_lock_bh(&l2cap_sk_list.lock);
981
982 for (psm = 0x1001; psm < 0x1100; psm += 2)
983 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
984 l2cap_pi(sk)->psm = htobs(psm);
985 l2cap_pi(sk)->sport = htobs(psm);
986 err = 0;
987 break;
988 }
989
990 write_unlock_bh(&l2cap_sk_list.lock);
991
992 if (err < 0)
993 goto done;
994 }
995
996 sk->sk_max_ack_backlog = backlog;
997 sk->sk_ack_backlog = 0;
998 sk->sk_state = BT_LISTEN;
999
1000 done:
1001 release_sock(sk);
1002 return err;
1003 }
1004
1005 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1006 {
1007 DECLARE_WAITQUEUE(wait, current);
1008 struct sock *sk = sock->sk, *nsk;
1009 long timeo;
1010 int err = 0;
1011
1012 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1013
1014 if (sk->sk_state != BT_LISTEN) {
1015 err = -EBADFD;
1016 goto done;
1017 }
1018
1019 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1020
1021 BT_DBG("sk %p timeo %ld", sk, timeo);
1022
1023 /* Wait for an incoming connection. (wake-one). */
1024 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1025 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1026 set_current_state(TASK_INTERRUPTIBLE);
1027 if (!timeo) {
1028 err = -EAGAIN;
1029 break;
1030 }
1031
1032 release_sock(sk);
1033 timeo = schedule_timeout(timeo);
1034 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1035
1036 if (sk->sk_state != BT_LISTEN) {
1037 err = -EBADFD;
1038 break;
1039 }
1040
1041 if (signal_pending(current)) {
1042 err = sock_intr_errno(timeo);
1043 break;
1044 }
1045 }
1046 set_current_state(TASK_RUNNING);
1047 remove_wait_queue(sk->sk_sleep, &wait);
1048
1049 if (err)
1050 goto done;
1051
1052 newsock->state = SS_CONNECTED;
1053
1054 BT_DBG("new socket %p", nsk);
1055
1056 done:
1057 release_sock(sk);
1058 return err;
1059 }
1060
1061 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1062 {
1063 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1064 struct sock *sk = sock->sk;
1065
1066 BT_DBG("sock %p, sk %p", sock, sk);
1067
1068 addr->sa_family = AF_BLUETOOTH;
1069 *len = sizeof(struct sockaddr_l2);
1070
1071 if (peer)
1072 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1073 else
1074 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1075
1076 la->l2_psm = l2cap_pi(sk)->psm;
1077 return 0;
1078 }
1079
1080 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1081 {
1082 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1083 struct sk_buff *skb, **frag;
1084 int err, hlen, count, sent=0;
1085 struct l2cap_hdr *lh;
1086
1087 BT_DBG("sk %p len %d", sk, len);
1088
1089 /* First fragment (with L2CAP header) */
1090 if (sk->sk_type == SOCK_DGRAM)
1091 hlen = L2CAP_HDR_SIZE + 2;
1092 else
1093 hlen = L2CAP_HDR_SIZE;
1094
1095 count = min_t(unsigned int, (conn->mtu - hlen), len);
1096
1097 skb = bt_skb_send_alloc(sk, hlen + count,
1098 msg->msg_flags & MSG_DONTWAIT, &err);
1099 if (!skb)
1100 return err;
1101
1102 /* Create L2CAP header */
1103 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1104 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1105 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1106
1107 if (sk->sk_type == SOCK_DGRAM)
1108 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1109
1110 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1111 err = -EFAULT;
1112 goto fail;
1113 }
1114
1115 sent += count;
1116 len -= count;
1117
1118 /* Continuation fragments (no L2CAP header) */
1119 frag = &skb_shinfo(skb)->frag_list;
1120 while (len) {
1121 count = min_t(unsigned int, conn->mtu, len);
1122
1123 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1124 if (!*frag)
1125 goto fail;
1126
1127 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1128 err = -EFAULT;
1129 goto fail;
1130 }
1131
1132 sent += count;
1133 len -= count;
1134
1135 frag = &(*frag)->next;
1136 }
1137
1138 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1139 goto fail;
1140
1141 return sent;
1142
1143 fail:
1144 kfree_skb(skb);
1145 return err;
1146 }
1147
1148 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1149 {
1150 struct sock *sk = sock->sk;
1151 int err = 0;
1152
1153 BT_DBG("sock %p, sk %p", sock, sk);
1154
1155 err = sock_error(sk);
1156 if (err)
1157 return err;
1158
1159 if (msg->msg_flags & MSG_OOB)
1160 return -EOPNOTSUPP;
1161
1162 /* Check outgoing MTU */
1163 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1164 return -EINVAL;
1165
1166 lock_sock(sk);
1167
1168 if (sk->sk_state == BT_CONNECTED)
1169 err = l2cap_do_send(sk, msg, len);
1170 else
1171 err = -ENOTCONN;
1172
1173 release_sock(sk);
1174 return err;
1175 }
1176
1177 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1178 {
1179 struct sock *sk = sock->sk;
1180
1181 lock_sock(sk);
1182
1183 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1184 struct l2cap_conn_rsp rsp;
1185
1186 sk->sk_state = BT_CONFIG;
1187
1188 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1189 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1190 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1191 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1192 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1193 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1194
1195 release_sock(sk);
1196 return 0;
1197 }
1198
1199 release_sock(sk);
1200
1201 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1202 }
1203
1204 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1205 {
1206 struct sock *sk = sock->sk;
1207 struct l2cap_options opts;
1208 int err = 0, len;
1209 u32 opt;
1210
1211 BT_DBG("sk %p", sk);
1212
1213 lock_sock(sk);
1214
1215 switch (optname) {
1216 case L2CAP_OPTIONS:
1217 opts.imtu = l2cap_pi(sk)->imtu;
1218 opts.omtu = l2cap_pi(sk)->omtu;
1219 opts.flush_to = l2cap_pi(sk)->flush_to;
1220 opts.mode = L2CAP_MODE_BASIC;
1221
1222 len = min_t(unsigned int, sizeof(opts), optlen);
1223 if (copy_from_user((char *) &opts, optval, len)) {
1224 err = -EFAULT;
1225 break;
1226 }
1227
1228 l2cap_pi(sk)->imtu = opts.imtu;
1229 l2cap_pi(sk)->omtu = opts.omtu;
1230 break;
1231
1232 case L2CAP_LM:
1233 if (get_user(opt, (u32 __user *) optval)) {
1234 err = -EFAULT;
1235 break;
1236 }
1237
1238 if (opt & L2CAP_LM_AUTH)
1239 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1240 if (opt & L2CAP_LM_ENCRYPT)
1241 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1242 if (opt & L2CAP_LM_SECURE)
1243 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1244
1245 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1246 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1247 break;
1248
1249 default:
1250 err = -ENOPROTOOPT;
1251 break;
1252 }
1253
1254 release_sock(sk);
1255 return err;
1256 }
1257
1258 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1259 {
1260 struct sock *sk = sock->sk;
1261 struct bt_security sec;
1262 int len, err = 0;
1263 u32 opt;
1264
1265 BT_DBG("sk %p", sk);
1266
1267 if (level == SOL_L2CAP)
1268 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1269
1270 if (level != SOL_BLUETOOTH)
1271 return -ENOPROTOOPT;
1272
1273 lock_sock(sk);
1274
1275 switch (optname) {
1276 case BT_SECURITY:
1277 if (sk->sk_type != SOCK_SEQPACKET) {
1278 err = -EINVAL;
1279 break;
1280 }
1281
1282 sec.level = BT_SECURITY_LOW;
1283
1284 len = min_t(unsigned int, sizeof(sec), optlen);
1285 if (copy_from_user((char *) &sec, optval, len)) {
1286 err = -EFAULT;
1287 break;
1288 }
1289
1290 if (sec.level < BT_SECURITY_LOW ||
1291 sec.level > BT_SECURITY_HIGH) {
1292 err = -EINVAL;
1293 break;
1294 }
1295
1296 l2cap_pi(sk)->sec_level = sec.level;
1297 break;
1298
1299 case BT_DEFER_SETUP:
1300 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1301 err = -EINVAL;
1302 break;
1303 }
1304
1305 if (get_user(opt, (u32 __user *) optval)) {
1306 err = -EFAULT;
1307 break;
1308 }
1309
1310 bt_sk(sk)->defer_setup = opt;
1311 break;
1312
1313 default:
1314 err = -ENOPROTOOPT;
1315 break;
1316 }
1317
1318 release_sock(sk);
1319 return err;
1320 }
1321
1322 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1323 {
1324 struct sock *sk = sock->sk;
1325 struct l2cap_options opts;
1326 struct l2cap_conninfo cinfo;
1327 int len, err = 0;
1328 u32 opt;
1329
1330 BT_DBG("sk %p", sk);
1331
1332 if (get_user(len, optlen))
1333 return -EFAULT;
1334
1335 lock_sock(sk);
1336
1337 switch (optname) {
1338 case L2CAP_OPTIONS:
1339 opts.imtu = l2cap_pi(sk)->imtu;
1340 opts.omtu = l2cap_pi(sk)->omtu;
1341 opts.flush_to = l2cap_pi(sk)->flush_to;
1342 opts.mode = L2CAP_MODE_BASIC;
1343
1344 len = min_t(unsigned int, len, sizeof(opts));
1345 if (copy_to_user(optval, (char *) &opts, len))
1346 err = -EFAULT;
1347
1348 break;
1349
1350 case L2CAP_LM:
1351 switch (l2cap_pi(sk)->sec_level) {
1352 case BT_SECURITY_LOW:
1353 opt = L2CAP_LM_AUTH;
1354 break;
1355 case BT_SECURITY_MEDIUM:
1356 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1357 break;
1358 case BT_SECURITY_HIGH:
1359 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1360 L2CAP_LM_SECURE;
1361 break;
1362 default:
1363 opt = 0;
1364 break;
1365 }
1366
1367 if (l2cap_pi(sk)->role_switch)
1368 opt |= L2CAP_LM_MASTER;
1369
1370 if (l2cap_pi(sk)->force_reliable)
1371 opt |= L2CAP_LM_RELIABLE;
1372
1373 if (put_user(opt, (u32 __user *) optval))
1374 err = -EFAULT;
1375 break;
1376
1377 case L2CAP_CONNINFO:
1378 if (sk->sk_state != BT_CONNECTED &&
1379 !(sk->sk_state == BT_CONNECT2 &&
1380 bt_sk(sk)->defer_setup)) {
1381 err = -ENOTCONN;
1382 break;
1383 }
1384
1385 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1386 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1387
1388 len = min_t(unsigned int, len, sizeof(cinfo));
1389 if (copy_to_user(optval, (char *) &cinfo, len))
1390 err = -EFAULT;
1391
1392 break;
1393
1394 default:
1395 err = -ENOPROTOOPT;
1396 break;
1397 }
1398
1399 release_sock(sk);
1400 return err;
1401 }
1402
1403 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1404 {
1405 struct sock *sk = sock->sk;
1406 struct bt_security sec;
1407 int len, err = 0;
1408
1409 BT_DBG("sk %p", sk);
1410
1411 if (level == SOL_L2CAP)
1412 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1413
1414 if (level != SOL_BLUETOOTH)
1415 return -ENOPROTOOPT;
1416
1417 if (get_user(len, optlen))
1418 return -EFAULT;
1419
1420 lock_sock(sk);
1421
1422 switch (optname) {
1423 case BT_SECURITY:
1424 if (sk->sk_type != SOCK_SEQPACKET) {
1425 err = -EINVAL;
1426 break;
1427 }
1428
1429 sec.level = l2cap_pi(sk)->sec_level;
1430
1431 len = min_t(unsigned int, len, sizeof(sec));
1432 if (copy_to_user(optval, (char *) &sec, len))
1433 err = -EFAULT;
1434
1435 break;
1436
1437 case BT_DEFER_SETUP:
1438 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1439 err = -EINVAL;
1440 break;
1441 }
1442
1443 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1444 err = -EFAULT;
1445
1446 break;
1447
1448 default:
1449 err = -ENOPROTOOPT;
1450 break;
1451 }
1452
1453 release_sock(sk);
1454 return err;
1455 }
1456
1457 static int l2cap_sock_shutdown(struct socket *sock, int how)
1458 {
1459 struct sock *sk = sock->sk;
1460 int err = 0;
1461
1462 BT_DBG("sock %p, sk %p", sock, sk);
1463
1464 if (!sk)
1465 return 0;
1466
1467 lock_sock(sk);
1468 if (!sk->sk_shutdown) {
1469 sk->sk_shutdown = SHUTDOWN_MASK;
1470 l2cap_sock_clear_timer(sk);
1471 __l2cap_sock_close(sk, 0);
1472
1473 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1474 err = bt_sock_wait_state(sk, BT_CLOSED,
1475 sk->sk_lingertime);
1476 }
1477 release_sock(sk);
1478 return err;
1479 }
1480
1481 static int l2cap_sock_release(struct socket *sock)
1482 {
1483 struct sock *sk = sock->sk;
1484 int err;
1485
1486 BT_DBG("sock %p, sk %p", sock, sk);
1487
1488 if (!sk)
1489 return 0;
1490
1491 err = l2cap_sock_shutdown(sock, 2);
1492
1493 sock_orphan(sk);
1494 l2cap_sock_kill(sk);
1495 return err;
1496 }
1497
1498 static void l2cap_chan_ready(struct sock *sk)
1499 {
1500 struct sock *parent = bt_sk(sk)->parent;
1501
1502 BT_DBG("sk %p, parent %p", sk, parent);
1503
1504 l2cap_pi(sk)->conf_state = 0;
1505 l2cap_sock_clear_timer(sk);
1506
1507 if (!parent) {
1508 /* Outgoing channel.
1509 * Wake up socket sleeping on connect.
1510 */
1511 sk->sk_state = BT_CONNECTED;
1512 sk->sk_state_change(sk);
1513 } else {
1514 /* Incoming channel.
1515 * Wake up socket sleeping on accept.
1516 */
1517 parent->sk_data_ready(parent, 0);
1518 }
1519 }
1520
1521 /* Copy frame to all raw sockets on that connection */
1522 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1523 {
1524 struct l2cap_chan_list *l = &conn->chan_list;
1525 struct sk_buff *nskb;
1526 struct sock * sk;
1527
1528 BT_DBG("conn %p", conn);
1529
1530 read_lock(&l->lock);
1531 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1532 if (sk->sk_type != SOCK_RAW)
1533 continue;
1534
1535 /* Don't send frame to the socket it came from */
1536 if (skb->sk == sk)
1537 continue;
1538
1539 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1540 continue;
1541
1542 if (sock_queue_rcv_skb(sk, nskb))
1543 kfree_skb(nskb);
1544 }
1545 read_unlock(&l->lock);
1546 }
1547
1548 /* ---- L2CAP signalling commands ---- */
1549 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1550 u8 code, u8 ident, u16 dlen, void *data)
1551 {
1552 struct sk_buff *skb, **frag;
1553 struct l2cap_cmd_hdr *cmd;
1554 struct l2cap_hdr *lh;
1555 int len, count;
1556
1557 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1558
1559 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1560 count = min_t(unsigned int, conn->mtu, len);
1561
1562 skb = bt_skb_alloc(count, GFP_ATOMIC);
1563 if (!skb)
1564 return NULL;
1565
1566 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1567 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1568 lh->cid = cpu_to_le16(0x0001);
1569
1570 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1571 cmd->code = code;
1572 cmd->ident = ident;
1573 cmd->len = cpu_to_le16(dlen);
1574
1575 if (dlen) {
1576 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1577 memcpy(skb_put(skb, count), data, count);
1578 data += count;
1579 }
1580
1581 len -= skb->len;
1582
1583 /* Continuation fragments (no L2CAP header) */
1584 frag = &skb_shinfo(skb)->frag_list;
1585 while (len) {
1586 count = min_t(unsigned int, conn->mtu, len);
1587
1588 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1589 if (!*frag)
1590 goto fail;
1591
1592 memcpy(skb_put(*frag, count), data, count);
1593
1594 len -= count;
1595 data += count;
1596
1597 frag = &(*frag)->next;
1598 }
1599
1600 return skb;
1601
1602 fail:
1603 kfree_skb(skb);
1604 return NULL;
1605 }
1606
1607 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1608 {
1609 struct l2cap_conf_opt *opt = *ptr;
1610 int len;
1611
1612 len = L2CAP_CONF_OPT_SIZE + opt->len;
1613 *ptr += len;
1614
1615 *type = opt->type;
1616 *olen = opt->len;
1617
1618 switch (opt->len) {
1619 case 1:
1620 *val = *((u8 *) opt->val);
1621 break;
1622
1623 case 2:
1624 *val = __le16_to_cpu(*((__le16 *) opt->val));
1625 break;
1626
1627 case 4:
1628 *val = __le32_to_cpu(*((__le32 *) opt->val));
1629 break;
1630
1631 default:
1632 *val = (unsigned long) opt->val;
1633 break;
1634 }
1635
1636 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1637 return len;
1638 }
1639
1640 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1641 {
1642 struct l2cap_conf_opt *opt = *ptr;
1643
1644 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1645
1646 opt->type = type;
1647 opt->len = len;
1648
1649 switch (len) {
1650 case 1:
1651 *((u8 *) opt->val) = val;
1652 break;
1653
1654 case 2:
1655 *((__le16 *) opt->val) = cpu_to_le16(val);
1656 break;
1657
1658 case 4:
1659 *((__le32 *) opt->val) = cpu_to_le32(val);
1660 break;
1661
1662 default:
1663 memcpy(opt->val, (void *) val, len);
1664 break;
1665 }
1666
1667 *ptr += L2CAP_CONF_OPT_SIZE + len;
1668 }
1669
1670 static int l2cap_build_conf_req(struct sock *sk, void *data)
1671 {
1672 struct l2cap_pinfo *pi = l2cap_pi(sk);
1673 struct l2cap_conf_req *req = data;
1674 void *ptr = req->data;
1675
1676 BT_DBG("sk %p", sk);
1677
1678 if (pi->imtu != L2CAP_DEFAULT_MTU)
1679 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1680
1681 /* FIXME: Need actual value of the flush timeout */
1682 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1683 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1684
1685 req->dcid = cpu_to_le16(pi->dcid);
1686 req->flags = cpu_to_le16(0);
1687
1688 return ptr - data;
1689 }
1690
1691 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1692 {
1693 struct l2cap_pinfo *pi = l2cap_pi(sk);
1694 struct l2cap_conf_rsp *rsp = data;
1695 void *ptr = rsp->data;
1696 void *req = pi->conf_req;
1697 int len = pi->conf_len;
1698 int type, hint, olen;
1699 unsigned long val;
1700 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1701 u16 mtu = L2CAP_DEFAULT_MTU;
1702 u16 result = L2CAP_CONF_SUCCESS;
1703
1704 BT_DBG("sk %p", sk);
1705
1706 while (len >= L2CAP_CONF_OPT_SIZE) {
1707 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1708
1709 hint = type & 0x80;
1710 type &= 0x7f;
1711
1712 switch (type) {
1713 case L2CAP_CONF_MTU:
1714 mtu = val;
1715 break;
1716
1717 case L2CAP_CONF_FLUSH_TO:
1718 pi->flush_to = val;
1719 break;
1720
1721 case L2CAP_CONF_QOS:
1722 break;
1723
1724 case L2CAP_CONF_RFC:
1725 if (olen == sizeof(rfc))
1726 memcpy(&rfc, (void *) val, olen);
1727 break;
1728
1729 default:
1730 if (hint)
1731 break;
1732
1733 result = L2CAP_CONF_UNKNOWN;
1734 *((u8 *) ptr++) = type;
1735 break;
1736 }
1737 }
1738
1739 if (result == L2CAP_CONF_SUCCESS) {
1740 /* Configure output options and let the other side know
1741 * which ones we don't like. */
1742
1743 if (rfc.mode == L2CAP_MODE_BASIC) {
1744 if (mtu < pi->omtu)
1745 result = L2CAP_CONF_UNACCEPT;
1746 else {
1747 pi->omtu = mtu;
1748 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1749 }
1750
1751 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1752 } else {
1753 result = L2CAP_CONF_UNACCEPT;
1754
1755 memset(&rfc, 0, sizeof(rfc));
1756 rfc.mode = L2CAP_MODE_BASIC;
1757
1758 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1759 sizeof(rfc), (unsigned long) &rfc);
1760 }
1761 }
1762
1763 rsp->scid = cpu_to_le16(pi->dcid);
1764 rsp->result = cpu_to_le16(result);
1765 rsp->flags = cpu_to_le16(0x0000);
1766
1767 return ptr - data;
1768 }
1769
1770 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1771 {
1772 struct l2cap_conf_rsp *rsp = data;
1773 void *ptr = rsp->data;
1774
1775 BT_DBG("sk %p", sk);
1776
1777 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1778 rsp->result = cpu_to_le16(result);
1779 rsp->flags = cpu_to_le16(flags);
1780
1781 return ptr - data;
1782 }
1783
1784 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1785 {
1786 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1787
1788 if (rej->reason != 0x0000)
1789 return 0;
1790
1791 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1792 cmd->ident == conn->info_ident) {
1793 conn->info_ident = 0;
1794 del_timer(&conn->info_timer);
1795
1796 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1797
1798 l2cap_conn_start(conn);
1799 }
1800
1801 return 0;
1802 }
1803
1804 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1805 {
1806 struct l2cap_chan_list *list = &conn->chan_list;
1807 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1808 struct l2cap_conn_rsp rsp;
1809 struct sock *sk, *parent;
1810 int result, status = L2CAP_CS_NO_INFO;
1811
1812 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1813 __le16 psm = req->psm;
1814
1815 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1816
1817 /* Check if we have socket listening on psm */
1818 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1819 if (!parent) {
1820 result = L2CAP_CR_BAD_PSM;
1821 goto sendresp;
1822 }
1823
1824 /* Check if the ACL is secure enough (if not SDP) */
1825 if (psm != cpu_to_le16(0x0001) &&
1826 !hci_conn_check_link_mode(conn->hcon)) {
1827 result = L2CAP_CR_SEC_BLOCK;
1828 goto response;
1829 }
1830
1831 result = L2CAP_CR_NO_MEM;
1832
1833 /* Check for backlog size */
1834 if (sk_acceptq_is_full(parent)) {
1835 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1836 goto response;
1837 }
1838
1839 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1840 if (!sk)
1841 goto response;
1842
1843 write_lock_bh(&list->lock);
1844
1845 /* Check if we already have channel with that dcid */
1846 if (__l2cap_get_chan_by_dcid(list, scid)) {
1847 write_unlock_bh(&list->lock);
1848 sock_set_flag(sk, SOCK_ZAPPED);
1849 l2cap_sock_kill(sk);
1850 goto response;
1851 }
1852
1853 hci_conn_hold(conn->hcon);
1854
1855 l2cap_sock_init(sk, parent);
1856 bacpy(&bt_sk(sk)->src, conn->src);
1857 bacpy(&bt_sk(sk)->dst, conn->dst);
1858 l2cap_pi(sk)->psm = psm;
1859 l2cap_pi(sk)->dcid = scid;
1860
1861 __l2cap_chan_add(conn, sk, parent);
1862 dcid = l2cap_pi(sk)->scid;
1863
1864 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1865
1866 l2cap_pi(sk)->ident = cmd->ident;
1867
1868 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1869 if (l2cap_check_security(sk)) {
1870 if (bt_sk(sk)->defer_setup) {
1871 sk->sk_state = BT_CONNECT2;
1872 result = L2CAP_CR_PEND;
1873 status = L2CAP_CS_AUTHOR_PEND;
1874 parent->sk_data_ready(parent, 0);
1875 } else {
1876 sk->sk_state = BT_CONFIG;
1877 result = L2CAP_CR_SUCCESS;
1878 status = L2CAP_CS_NO_INFO;
1879 }
1880 } else {
1881 sk->sk_state = BT_CONNECT2;
1882 result = L2CAP_CR_PEND;
1883 status = L2CAP_CS_AUTHEN_PEND;
1884 }
1885 } else {
1886 sk->sk_state = BT_CONNECT2;
1887 result = L2CAP_CR_PEND;
1888 status = L2CAP_CS_NO_INFO;
1889 }
1890
1891 write_unlock_bh(&list->lock);
1892
1893 response:
1894 bh_unlock_sock(parent);
1895
1896 sendresp:
1897 rsp.scid = cpu_to_le16(scid);
1898 rsp.dcid = cpu_to_le16(dcid);
1899 rsp.result = cpu_to_le16(result);
1900 rsp.status = cpu_to_le16(status);
1901 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1902
1903 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1904 struct l2cap_info_req info;
1905 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1906
1907 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1908 conn->info_ident = l2cap_get_ident(conn);
1909
1910 mod_timer(&conn->info_timer, jiffies +
1911 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1912
1913 l2cap_send_cmd(conn, conn->info_ident,
1914 L2CAP_INFO_REQ, sizeof(info), &info);
1915 }
1916
1917 return 0;
1918 }
1919
1920 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1921 {
1922 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1923 u16 scid, dcid, result, status;
1924 struct sock *sk;
1925 u8 req[128];
1926
1927 scid = __le16_to_cpu(rsp->scid);
1928 dcid = __le16_to_cpu(rsp->dcid);
1929 result = __le16_to_cpu(rsp->result);
1930 status = __le16_to_cpu(rsp->status);
1931
1932 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1933
1934 if (scid) {
1935 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1936 return 0;
1937 } else {
1938 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1939 return 0;
1940 }
1941
1942 switch (result) {
1943 case L2CAP_CR_SUCCESS:
1944 sk->sk_state = BT_CONFIG;
1945 l2cap_pi(sk)->ident = 0;
1946 l2cap_pi(sk)->dcid = dcid;
1947 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1948
1949 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1950
1951 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1952 l2cap_build_conf_req(sk, req), req);
1953 break;
1954
1955 case L2CAP_CR_PEND:
1956 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1957 break;
1958
1959 default:
1960 l2cap_chan_del(sk, ECONNREFUSED);
1961 break;
1962 }
1963
1964 bh_unlock_sock(sk);
1965 return 0;
1966 }
1967
1968 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1969 {
1970 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1971 u16 dcid, flags;
1972 u8 rsp[64];
1973 struct sock *sk;
1974 int len;
1975
1976 dcid = __le16_to_cpu(req->dcid);
1977 flags = __le16_to_cpu(req->flags);
1978
1979 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1980
1981 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1982 return -ENOENT;
1983
1984 if (sk->sk_state == BT_DISCONN)
1985 goto unlock;
1986
1987 /* Reject if config buffer is too small. */
1988 len = cmd_len - sizeof(*req);
1989 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1990 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1991 l2cap_build_conf_rsp(sk, rsp,
1992 L2CAP_CONF_REJECT, flags), rsp);
1993 goto unlock;
1994 }
1995
1996 /* Store config. */
1997 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1998 l2cap_pi(sk)->conf_len += len;
1999
2000 if (flags & 0x0001) {
2001 /* Incomplete config. Send empty response. */
2002 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2003 l2cap_build_conf_rsp(sk, rsp,
2004 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2005 goto unlock;
2006 }
2007
2008 /* Complete config. */
2009 len = l2cap_parse_conf_req(sk, rsp);
2010 if (len < 0)
2011 goto unlock;
2012
2013 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2014
2015 /* Reset config buffer. */
2016 l2cap_pi(sk)->conf_len = 0;
2017
2018 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2019 goto unlock;
2020
2021 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2022 sk->sk_state = BT_CONNECTED;
2023 l2cap_chan_ready(sk);
2024 goto unlock;
2025 }
2026
2027 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2028 u8 buf[64];
2029 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2030 l2cap_build_conf_req(sk, buf), buf);
2031 }
2032
2033 unlock:
2034 bh_unlock_sock(sk);
2035 return 0;
2036 }
2037
2038 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2039 {
2040 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2041 u16 scid, flags, result;
2042 struct sock *sk;
2043
2044 scid = __le16_to_cpu(rsp->scid);
2045 flags = __le16_to_cpu(rsp->flags);
2046 result = __le16_to_cpu(rsp->result);
2047
2048 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2049
2050 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2051 return 0;
2052
2053 switch (result) {
2054 case L2CAP_CONF_SUCCESS:
2055 break;
2056
2057 case L2CAP_CONF_UNACCEPT:
2058 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2059 char req[128];
2060 /* It does not make sense to adjust L2CAP parameters
2061 * that are currently defined in the spec. We simply
2062 * resend config request that we sent earlier. It is
2063 * stupid, but it helps qualification testing which
2064 * expects at least some response from us. */
2065 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2066 l2cap_build_conf_req(sk, req), req);
2067 goto done;
2068 }
2069
2070 default:
2071 sk->sk_state = BT_DISCONN;
2072 sk->sk_err = ECONNRESET;
2073 l2cap_sock_set_timer(sk, HZ * 5);
2074 {
2075 struct l2cap_disconn_req req;
2076 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2077 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2078 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2079 L2CAP_DISCONN_REQ, sizeof(req), &req);
2080 }
2081 goto done;
2082 }
2083
2084 if (flags & 0x01)
2085 goto done;
2086
2087 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2088
2089 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2090 sk->sk_state = BT_CONNECTED;
2091 l2cap_chan_ready(sk);
2092 }
2093
2094 done:
2095 bh_unlock_sock(sk);
2096 return 0;
2097 }
2098
2099 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2100 {
2101 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2102 struct l2cap_disconn_rsp rsp;
2103 u16 dcid, scid;
2104 struct sock *sk;
2105
2106 scid = __le16_to_cpu(req->scid);
2107 dcid = __le16_to_cpu(req->dcid);
2108
2109 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2110
2111 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2112 return 0;
2113
2114 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2115 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2116 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2117
2118 sk->sk_shutdown = SHUTDOWN_MASK;
2119
2120 l2cap_chan_del(sk, ECONNRESET);
2121 bh_unlock_sock(sk);
2122
2123 l2cap_sock_kill(sk);
2124 return 0;
2125 }
2126
2127 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2128 {
2129 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2130 u16 dcid, scid;
2131 struct sock *sk;
2132
2133 scid = __le16_to_cpu(rsp->scid);
2134 dcid = __le16_to_cpu(rsp->dcid);
2135
2136 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2137
2138 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2139 return 0;
2140
2141 l2cap_chan_del(sk, 0);
2142 bh_unlock_sock(sk);
2143
2144 l2cap_sock_kill(sk);
2145 return 0;
2146 }
2147
2148 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2149 {
2150 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2151 u16 type;
2152
2153 type = __le16_to_cpu(req->type);
2154
2155 BT_DBG("type 0x%4.4x", type);
2156
2157 if (type == L2CAP_IT_FEAT_MASK) {
2158 u8 buf[8];
2159 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2160 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2161 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2162 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2163 l2cap_send_cmd(conn, cmd->ident,
2164 L2CAP_INFO_RSP, sizeof(buf), buf);
2165 } else {
2166 struct l2cap_info_rsp rsp;
2167 rsp.type = cpu_to_le16(type);
2168 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2169 l2cap_send_cmd(conn, cmd->ident,
2170 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2171 }
2172
2173 return 0;
2174 }
2175
2176 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2177 {
2178 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2179 u16 type, result;
2180
2181 type = __le16_to_cpu(rsp->type);
2182 result = __le16_to_cpu(rsp->result);
2183
2184 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2185
2186 conn->info_ident = 0;
2187
2188 del_timer(&conn->info_timer);
2189
2190 if (type == L2CAP_IT_FEAT_MASK) {
2191 conn->feat_mask = get_unaligned_le32(rsp->data);
2192
2193 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2194
2195 l2cap_conn_start(conn);
2196 }
2197
2198 return 0;
2199 }
2200
2201 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2202 {
2203 u8 *data = skb->data;
2204 int len = skb->len;
2205 struct l2cap_cmd_hdr cmd;
2206 int err = 0;
2207
2208 l2cap_raw_recv(conn, skb);
2209
2210 while (len >= L2CAP_CMD_HDR_SIZE) {
2211 u16 cmd_len;
2212 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2213 data += L2CAP_CMD_HDR_SIZE;
2214 len -= L2CAP_CMD_HDR_SIZE;
2215
2216 cmd_len = le16_to_cpu(cmd.len);
2217
2218 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2219
2220 if (cmd_len > len || !cmd.ident) {
2221 BT_DBG("corrupted command");
2222 break;
2223 }
2224
2225 switch (cmd.code) {
2226 case L2CAP_COMMAND_REJ:
2227 l2cap_command_rej(conn, &cmd, data);
2228 break;
2229
2230 case L2CAP_CONN_REQ:
2231 err = l2cap_connect_req(conn, &cmd, data);
2232 break;
2233
2234 case L2CAP_CONN_RSP:
2235 err = l2cap_connect_rsp(conn, &cmd, data);
2236 break;
2237
2238 case L2CAP_CONF_REQ:
2239 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2240 break;
2241
2242 case L2CAP_CONF_RSP:
2243 err = l2cap_config_rsp(conn, &cmd, data);
2244 break;
2245
2246 case L2CAP_DISCONN_REQ:
2247 err = l2cap_disconnect_req(conn, &cmd, data);
2248 break;
2249
2250 case L2CAP_DISCONN_RSP:
2251 err = l2cap_disconnect_rsp(conn, &cmd, data);
2252 break;
2253
2254 case L2CAP_ECHO_REQ:
2255 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2256 break;
2257
2258 case L2CAP_ECHO_RSP:
2259 break;
2260
2261 case L2CAP_INFO_REQ:
2262 err = l2cap_information_req(conn, &cmd, data);
2263 break;
2264
2265 case L2CAP_INFO_RSP:
2266 err = l2cap_information_rsp(conn, &cmd, data);
2267 break;
2268
2269 default:
2270 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2271 err = -EINVAL;
2272 break;
2273 }
2274
2275 if (err) {
2276 struct l2cap_cmd_rej rej;
2277 BT_DBG("error %d", err);
2278
2279 /* FIXME: Map err to a valid reason */
2280 rej.reason = cpu_to_le16(0);
2281 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2282 }
2283
2284 data += cmd_len;
2285 len -= cmd_len;
2286 }
2287
2288 kfree_skb(skb);
2289 }
2290
2291 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2292 {
2293 struct sock *sk;
2294
2295 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2296 if (!sk) {
2297 BT_DBG("unknown cid 0x%4.4x", cid);
2298 goto drop;
2299 }
2300
2301 BT_DBG("sk %p, len %d", sk, skb->len);
2302
2303 if (sk->sk_state != BT_CONNECTED)
2304 goto drop;
2305
2306 if (l2cap_pi(sk)->imtu < skb->len)
2307 goto drop;
2308
2309 /* If socket recv buffers overflows we drop data here
2310 * which is *bad* because L2CAP has to be reliable.
2311 * But we don't have any other choice. L2CAP doesn't
2312 * provide flow control mechanism. */
2313
2314 if (!sock_queue_rcv_skb(sk, skb))
2315 goto done;
2316
2317 drop:
2318 kfree_skb(skb);
2319
2320 done:
2321 if (sk)
2322 bh_unlock_sock(sk);
2323
2324 return 0;
2325 }
2326
2327 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2328 {
2329 struct sock *sk;
2330
2331 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2332 if (!sk)
2333 goto drop;
2334
2335 BT_DBG("sk %p, len %d", sk, skb->len);
2336
2337 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2338 goto drop;
2339
2340 if (l2cap_pi(sk)->imtu < skb->len)
2341 goto drop;
2342
2343 if (!sock_queue_rcv_skb(sk, skb))
2344 goto done;
2345
2346 drop:
2347 kfree_skb(skb);
2348
2349 done:
2350 if (sk) bh_unlock_sock(sk);
2351 return 0;
2352 }
2353
2354 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2355 {
2356 struct l2cap_hdr *lh = (void *) skb->data;
2357 u16 cid, len;
2358 __le16 psm;
2359
2360 skb_pull(skb, L2CAP_HDR_SIZE);
2361 cid = __le16_to_cpu(lh->cid);
2362 len = __le16_to_cpu(lh->len);
2363
2364 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2365
2366 switch (cid) {
2367 case 0x0001:
2368 l2cap_sig_channel(conn, skb);
2369 break;
2370
2371 case 0x0002:
2372 psm = get_unaligned((__le16 *) skb->data);
2373 skb_pull(skb, 2);
2374 l2cap_conless_channel(conn, psm, skb);
2375 break;
2376
2377 default:
2378 l2cap_data_channel(conn, cid, skb);
2379 break;
2380 }
2381 }
2382
2383 /* ---- L2CAP interface with lower layer (HCI) ---- */
2384
2385 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2386 {
2387 int exact = 0, lm1 = 0, lm2 = 0;
2388 register struct sock *sk;
2389 struct hlist_node *node;
2390
2391 if (type != ACL_LINK)
2392 return 0;
2393
2394 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2395
2396 /* Find listening sockets and check their link_mode */
2397 read_lock(&l2cap_sk_list.lock);
2398 sk_for_each(sk, node, &l2cap_sk_list.head) {
2399 if (sk->sk_state != BT_LISTEN)
2400 continue;
2401
2402 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2403 lm1 |= HCI_LM_ACCEPT;
2404 if (l2cap_pi(sk)->role_switch)
2405 lm1 |= HCI_LM_MASTER;
2406 exact++;
2407 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2408 lm2 |= HCI_LM_ACCEPT;
2409 if (l2cap_pi(sk)->role_switch)
2410 lm2 |= HCI_LM_MASTER;
2411 }
2412 }
2413 read_unlock(&l2cap_sk_list.lock);
2414
2415 return exact ? lm1 : lm2;
2416 }
2417
2418 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2419 {
2420 struct l2cap_conn *conn;
2421
2422 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2423
2424 if (hcon->type != ACL_LINK)
2425 return 0;
2426
2427 if (!status) {
2428 conn = l2cap_conn_add(hcon, status);
2429 if (conn)
2430 l2cap_conn_ready(conn);
2431 } else
2432 l2cap_conn_del(hcon, bt_err(status));
2433
2434 return 0;
2435 }
2436
2437 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2438 {
2439 BT_DBG("hcon %p reason %d", hcon, reason);
2440
2441 if (hcon->type != ACL_LINK)
2442 return 0;
2443
2444 l2cap_conn_del(hcon, bt_err(reason));
2445
2446 return 0;
2447 }
2448
2449 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2450 {
2451 if (sk->sk_type != SOCK_SEQPACKET)
2452 return;
2453
2454 if (encrypt == 0x00) {
2455 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2456 l2cap_sock_clear_timer(sk);
2457 l2cap_sock_set_timer(sk, HZ * 5);
2458 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2459 __l2cap_sock_close(sk, ECONNREFUSED);
2460 } else {
2461 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2462 l2cap_sock_clear_timer(sk);
2463 }
2464 }
2465
2466 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2467 {
2468 struct l2cap_chan_list *l;
2469 struct l2cap_conn *conn = hcon->l2cap_data;
2470 struct sock *sk;
2471
2472 if (!conn)
2473 return 0;
2474
2475 l = &conn->chan_list;
2476
2477 BT_DBG("conn %p", conn);
2478
2479 read_lock(&l->lock);
2480
2481 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2482 bh_lock_sock(sk);
2483
2484 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2485 bh_unlock_sock(sk);
2486 continue;
2487 }
2488
2489 if (!status && (sk->sk_state == BT_CONNECTED ||
2490 sk->sk_state == BT_CONFIG)) {
2491 l2cap_check_encryption(sk, encrypt);
2492 bh_unlock_sock(sk);
2493 continue;
2494 }
2495
2496 if (sk->sk_state == BT_CONNECT) {
2497 if (!status) {
2498 struct l2cap_conn_req req;
2499 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2500 req.psm = l2cap_pi(sk)->psm;
2501
2502 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2503
2504 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2505 L2CAP_CONN_REQ, sizeof(req), &req);
2506 } else {
2507 l2cap_sock_clear_timer(sk);
2508 l2cap_sock_set_timer(sk, HZ / 10);
2509 }
2510 } else if (sk->sk_state == BT_CONNECT2) {
2511 struct l2cap_conn_rsp rsp;
2512 __u16 result;
2513
2514 if (!status) {
2515 sk->sk_state = BT_CONFIG;
2516 result = L2CAP_CR_SUCCESS;
2517 } else {
2518 sk->sk_state = BT_DISCONN;
2519 l2cap_sock_set_timer(sk, HZ / 10);
2520 result = L2CAP_CR_SEC_BLOCK;
2521 }
2522
2523 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2524 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2525 rsp.result = cpu_to_le16(result);
2526 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2527 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2528 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2529 }
2530
2531 bh_unlock_sock(sk);
2532 }
2533
2534 read_unlock(&l->lock);
2535
2536 return 0;
2537 }
2538
2539 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2540 {
2541 struct l2cap_conn *conn = hcon->l2cap_data;
2542
2543 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2544 goto drop;
2545
2546 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2547
2548 if (flags & ACL_START) {
2549 struct l2cap_hdr *hdr;
2550 int len;
2551
2552 if (conn->rx_len) {
2553 BT_ERR("Unexpected start frame (len %d)", skb->len);
2554 kfree_skb(conn->rx_skb);
2555 conn->rx_skb = NULL;
2556 conn->rx_len = 0;
2557 l2cap_conn_unreliable(conn, ECOMM);
2558 }
2559
2560 if (skb->len < 2) {
2561 BT_ERR("Frame is too short (len %d)", skb->len);
2562 l2cap_conn_unreliable(conn, ECOMM);
2563 goto drop;
2564 }
2565
2566 hdr = (struct l2cap_hdr *) skb->data;
2567 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2568
2569 if (len == skb->len) {
2570 /* Complete frame received */
2571 l2cap_recv_frame(conn, skb);
2572 return 0;
2573 }
2574
2575 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2576
2577 if (skb->len > len) {
2578 BT_ERR("Frame is too long (len %d, expected len %d)",
2579 skb->len, len);
2580 l2cap_conn_unreliable(conn, ECOMM);
2581 goto drop;
2582 }
2583
2584 /* Allocate skb for the complete frame (with header) */
2585 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2586 goto drop;
2587
2588 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2589 skb->len);
2590 conn->rx_len = len - skb->len;
2591 } else {
2592 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2593
2594 if (!conn->rx_len) {
2595 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2596 l2cap_conn_unreliable(conn, ECOMM);
2597 goto drop;
2598 }
2599
2600 if (skb->len > conn->rx_len) {
2601 BT_ERR("Fragment is too long (len %d, expected %d)",
2602 skb->len, conn->rx_len);
2603 kfree_skb(conn->rx_skb);
2604 conn->rx_skb = NULL;
2605 conn->rx_len = 0;
2606 l2cap_conn_unreliable(conn, ECOMM);
2607 goto drop;
2608 }
2609
2610 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2611 skb->len);
2612 conn->rx_len -= skb->len;
2613
2614 if (!conn->rx_len) {
2615 /* Complete frame received */
2616 l2cap_recv_frame(conn, conn->rx_skb);
2617 conn->rx_skb = NULL;
2618 }
2619 }
2620
2621 drop:
2622 kfree_skb(skb);
2623 return 0;
2624 }
2625
2626 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2627 {
2628 struct sock *sk;
2629 struct hlist_node *node;
2630 char *str = buf;
2631
2632 read_lock_bh(&l2cap_sk_list.lock);
2633
2634 sk_for_each(sk, node, &l2cap_sk_list.head) {
2635 struct l2cap_pinfo *pi = l2cap_pi(sk);
2636
2637 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2638 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2639 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2640 pi->imtu, pi->omtu, pi->sec_level);
2641 }
2642
2643 read_unlock_bh(&l2cap_sk_list.lock);
2644
2645 return (str - buf);
2646 }
2647
2648 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2649
2650 static const struct proto_ops l2cap_sock_ops = {
2651 .family = PF_BLUETOOTH,
2652 .owner = THIS_MODULE,
2653 .release = l2cap_sock_release,
2654 .bind = l2cap_sock_bind,
2655 .connect = l2cap_sock_connect,
2656 .listen = l2cap_sock_listen,
2657 .accept = l2cap_sock_accept,
2658 .getname = l2cap_sock_getname,
2659 .sendmsg = l2cap_sock_sendmsg,
2660 .recvmsg = l2cap_sock_recvmsg,
2661 .poll = bt_sock_poll,
2662 .ioctl = bt_sock_ioctl,
2663 .mmap = sock_no_mmap,
2664 .socketpair = sock_no_socketpair,
2665 .shutdown = l2cap_sock_shutdown,
2666 .setsockopt = l2cap_sock_setsockopt,
2667 .getsockopt = l2cap_sock_getsockopt
2668 };
2669
2670 static struct net_proto_family l2cap_sock_family_ops = {
2671 .family = PF_BLUETOOTH,
2672 .owner = THIS_MODULE,
2673 .create = l2cap_sock_create,
2674 };
2675
2676 static struct hci_proto l2cap_hci_proto = {
2677 .name = "L2CAP",
2678 .id = HCI_PROTO_L2CAP,
2679 .connect_ind = l2cap_connect_ind,
2680 .connect_cfm = l2cap_connect_cfm,
2681 .disconn_ind = l2cap_disconn_ind,
2682 .security_cfm = l2cap_security_cfm,
2683 .recv_acldata = l2cap_recv_acldata
2684 };
2685
2686 static int __init l2cap_init(void)
2687 {
2688 int err;
2689
2690 err = proto_register(&l2cap_proto, 0);
2691 if (err < 0)
2692 return err;
2693
2694 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2695 if (err < 0) {
2696 BT_ERR("L2CAP socket registration failed");
2697 goto error;
2698 }
2699
2700 err = hci_register_proto(&l2cap_hci_proto);
2701 if (err < 0) {
2702 BT_ERR("L2CAP protocol registration failed");
2703 bt_sock_unregister(BTPROTO_L2CAP);
2704 goto error;
2705 }
2706
2707 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2708 BT_ERR("Failed to create L2CAP info file");
2709
2710 BT_INFO("L2CAP ver %s", VERSION);
2711 BT_INFO("L2CAP socket layer initialized");
2712
2713 return 0;
2714
2715 error:
2716 proto_unregister(&l2cap_proto);
2717 return err;
2718 }
2719
2720 static void __exit l2cap_exit(void)
2721 {
2722 class_remove_file(bt_class, &class_attr_l2cap);
2723
2724 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2725 BT_ERR("L2CAP socket unregistration failed");
2726
2727 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2728 BT_ERR("L2CAP protocol unregistration failed");
2729
2730 proto_unregister(&l2cap_proto);
2731 }
2732
2733 void l2cap_load(void)
2734 {
2735 /* Dummy function to trigger automatic L2CAP module loading by
2736 * other modules that use L2CAP sockets but don't use any other
2737 * symbols from it. */
2738 return;
2739 }
2740 EXPORT_SYMBOL(l2cap_load);
2741
2742 module_init(l2cap_init);
2743 module_exit(l2cap_exit);
2744
2745 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2746 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2747 MODULE_VERSION(VERSION);
2748 MODULE_LICENSE("GPL");
2749 MODULE_ALIAS("bt-proto-0");
Linux kernel - Deliverables
This page took 0.106417 seconds and 5 git commands to generate.