projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
powerpc/mm: Runtime allocation of mmu context maps for nohash CPUs
[deliverable/linux.git] / net / bluetooth / l2cap.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth L2CAP core and sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52
53 #ifndef CONFIG_BT_L2CAP_DEBUG
54 #undef BT_DBG
55 #define BT_DBG(D...)
56 #endif
57
58 #define VERSION "2.11"
59
60 static u32 l2cap_feat_mask = 0x0000;
61
62 static const struct proto_ops l2cap_sock_ops;
63
64 static struct bt_sock_list l2cap_sk_list = {
65 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66 };
67
68 static void __l2cap_sock_close(struct sock *sk, int reason);
69 static void l2cap_sock_close(struct sock *sk);
70 static void l2cap_sock_kill(struct sock *sk);
71
72 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
73 u8 code, u8 ident, u16 dlen, void *data);
74
75 /* ---- L2CAP timers ---- */
76 static void l2cap_sock_timeout(unsigned long arg)
77 {
78 struct sock *sk = (struct sock *) arg;
79 int reason;
80
81 BT_DBG("sock %p state %d", sk, sk->sk_state);
82
83 bh_lock_sock(sk);
84
85 if (sk->sk_state == BT_CONNECT &&
86 (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH |
87 L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)))
88 reason = ECONNREFUSED;
89 else
90 reason = ETIMEDOUT;
91
92 __l2cap_sock_close(sk, reason);
93
94 bh_unlock_sock(sk);
95
96 l2cap_sock_kill(sk);
97 sock_put(sk);
98 }
99
100 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101 {
102 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
103 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
104 }
105
106 static void l2cap_sock_clear_timer(struct sock *sk)
107 {
108 BT_DBG("sock %p state %d", sk, sk->sk_state);
109 sk_stop_timer(sk, &sk->sk_timer);
110 }
111
112 /* ---- L2CAP channels ---- */
113 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
114 {
115 struct sock *s;
116 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
117 if (l2cap_pi(s)->dcid == cid)
118 break;
119 }
120 return s;
121 }
122
123 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
124 {
125 struct sock *s;
126 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
127 if (l2cap_pi(s)->scid == cid)
128 break;
129 }
130 return s;
131 }
132
133 /* Find channel with given SCID.
134 * Returns locked socket */
135 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 {
137 struct sock *s;
138 read_lock(&l->lock);
139 s = __l2cap_get_chan_by_scid(l, cid);
140 if (s) bh_lock_sock(s);
141 read_unlock(&l->lock);
142 return s;
143 }
144
145 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
146 {
147 struct sock *s;
148 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
149 if (l2cap_pi(s)->ident == ident)
150 break;
151 }
152 return s;
153 }
154
155 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156 {
157 struct sock *s;
158 read_lock(&l->lock);
159 s = __l2cap_get_chan_by_ident(l, ident);
160 if (s) bh_lock_sock(s);
161 read_unlock(&l->lock);
162 return s;
163 }
164
165 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 {
167 u16 cid = 0x0040;
168
169 for (; cid < 0xffff; cid++) {
170 if(!__l2cap_get_chan_by_scid(l, cid))
171 return cid;
172 }
173
174 return 0;
175 }
176
177 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
178 {
179 sock_hold(sk);
180
181 if (l->head)
182 l2cap_pi(l->head)->prev_c = sk;
183
184 l2cap_pi(sk)->next_c = l->head;
185 l2cap_pi(sk)->prev_c = NULL;
186 l->head = sk;
187 }
188
189 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
190 {
191 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
192
193 write_lock_bh(&l->lock);
194 if (sk == l->head)
195 l->head = next;
196
197 if (next)
198 l2cap_pi(next)->prev_c = prev;
199 if (prev)
200 l2cap_pi(prev)->next_c = next;
201 write_unlock_bh(&l->lock);
202
203 __sock_put(sk);
204 }
205
206 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
207 {
208 struct l2cap_chan_list *l = &conn->chan_list;
209
210 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
211
212 l2cap_pi(sk)->conn = conn;
213
214 if (sk->sk_type == SOCK_SEQPACKET) {
215 /* Alloc CID for connection-oriented socket */
216 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
217 } else if (sk->sk_type == SOCK_DGRAM) {
218 /* Connectionless socket */
219 l2cap_pi(sk)->scid = 0x0002;
220 l2cap_pi(sk)->dcid = 0x0002;
221 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
222 } else {
223 /* Raw socket can send/recv signalling messages only */
224 l2cap_pi(sk)->scid = 0x0001;
225 l2cap_pi(sk)->dcid = 0x0001;
226 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
227 }
228
229 __l2cap_chan_link(l, sk);
230
231 if (parent)
232 bt_accept_enqueue(parent, sk);
233 }
234
235 /* Delete channel.
236 * Must be called on the locked socket. */
237 static void l2cap_chan_del(struct sock *sk, int err)
238 {
239 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
240 struct sock *parent = bt_sk(sk)->parent;
241
242 l2cap_sock_clear_timer(sk);
243
244 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
245
246 if (conn) {
247 /* Unlink from channel list */
248 l2cap_chan_unlink(&conn->chan_list, sk);
249 l2cap_pi(sk)->conn = NULL;
250 hci_conn_put(conn->hcon);
251 }
252
253 sk->sk_state = BT_CLOSED;
254 sock_set_flag(sk, SOCK_ZAPPED);
255
256 if (err)
257 sk->sk_err = err;
258
259 if (parent) {
260 bt_accept_unlink(sk);
261 parent->sk_data_ready(parent, 0);
262 } else
263 sk->sk_state_change(sk);
264 }
265
266 /* Service level security */
267 static inline int l2cap_check_link_mode(struct sock *sk)
268 {
269 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
270
271 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
272 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))
273 return hci_conn_encrypt(conn->hcon);
274
275 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)
276 return hci_conn_auth(conn->hcon);
277
278 return 1;
279 }
280
281 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
282 {
283 u8 id;
284
285 /* Get next available identificator.
286 * 1 - 128 are used by kernel.
287 * 129 - 199 are reserved.
288 * 200 - 254 are used by utilities like l2ping, etc.
289 */
290
291 spin_lock_bh(&conn->lock);
292
293 if (++conn->tx_ident > 128)
294 conn->tx_ident = 1;
295
296 id = conn->tx_ident;
297
298 spin_unlock_bh(&conn->lock);
299
300 return id;
301 }
302
303 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
304 {
305 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
306
307 BT_DBG("code 0x%2.2x", code);
308
309 if (!skb)
310 return -ENOMEM;
311
312 return hci_send_acl(conn->hcon, skb, 0);
313 }
314
315 static void l2cap_do_start(struct sock *sk)
316 {
317 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
318
319 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
320 if (l2cap_check_link_mode(sk)) {
321 struct l2cap_conn_req req;
322 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
323 req.psm = l2cap_pi(sk)->psm;
324
325 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
326
327 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
328 L2CAP_CONN_REQ, sizeof(req), &req);
329 }
330 } else {
331 struct l2cap_info_req req;
332 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
333
334 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
335 conn->info_ident = l2cap_get_ident(conn);
336
337 mod_timer(&conn->info_timer, jiffies +
338 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
339
340 l2cap_send_cmd(conn, conn->info_ident,
341 L2CAP_INFO_REQ, sizeof(req), &req);
342 }
343 }
344
345 /* ---- L2CAP connections ---- */
346 static void l2cap_conn_start(struct l2cap_conn *conn)
347 {
348 struct l2cap_chan_list *l = &conn->chan_list;
349 struct sock *sk;
350
351 BT_DBG("conn %p", conn);
352
353 read_lock(&l->lock);
354
355 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
356 bh_lock_sock(sk);
357
358 if (sk->sk_type != SOCK_SEQPACKET) {
359 bh_unlock_sock(sk);
360 continue;
361 }
362
363 if (sk->sk_state == BT_CONNECT) {
364 if (l2cap_check_link_mode(sk)) {
365 struct l2cap_conn_req req;
366 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
367 req.psm = l2cap_pi(sk)->psm;
368
369 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
370
371 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
372 L2CAP_CONN_REQ, sizeof(req), &req);
373 }
374 } else if (sk->sk_state == BT_CONNECT2) {
375 struct l2cap_conn_rsp rsp;
376 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
377 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
378
379 if (l2cap_check_link_mode(sk)) {
380 sk->sk_state = BT_CONFIG;
381 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
382 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
383 } else {
384 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
385 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
386 }
387
388 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
389 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
390 }
391
392 bh_unlock_sock(sk);
393 }
394
395 read_unlock(&l->lock);
396 }
397
398 static void l2cap_conn_ready(struct l2cap_conn *conn)
399 {
400 struct l2cap_chan_list *l = &conn->chan_list;
401 struct sock *sk;
402
403 BT_DBG("conn %p", conn);
404
405 read_lock(&l->lock);
406
407 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
408 bh_lock_sock(sk);
409
410 if (sk->sk_type != SOCK_SEQPACKET) {
411 l2cap_sock_clear_timer(sk);
412 sk->sk_state = BT_CONNECTED;
413 sk->sk_state_change(sk);
414 } else if (sk->sk_state == BT_CONNECT)
415 l2cap_do_start(sk);
416
417 bh_unlock_sock(sk);
418 }
419
420 read_unlock(&l->lock);
421 }
422
423 /* Notify sockets that we cannot guaranty reliability anymore */
424 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
425 {
426 struct l2cap_chan_list *l = &conn->chan_list;
427 struct sock *sk;
428
429 BT_DBG("conn %p", conn);
430
431 read_lock(&l->lock);
432
433 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
434 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
435 sk->sk_err = err;
436 }
437
438 read_unlock(&l->lock);
439 }
440
441 static void l2cap_info_timeout(unsigned long arg)
442 {
443 struct l2cap_conn *conn = (void *) arg;
444
445 conn->info_ident = 0;
446
447 l2cap_conn_start(conn);
448 }
449
450 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
451 {
452 struct l2cap_conn *conn = hcon->l2cap_data;
453
454 if (conn || status)
455 return conn;
456
457 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
458 if (!conn)
459 return NULL;
460
461 hcon->l2cap_data = conn;
462 conn->hcon = hcon;
463
464 BT_DBG("hcon %p conn %p", hcon, conn);
465
466 conn->mtu = hcon->hdev->acl_mtu;
467 conn->src = &hcon->hdev->bdaddr;
468 conn->dst = &hcon->dst;
469
470 conn->feat_mask = 0;
471
472 setup_timer(&conn->info_timer, l2cap_info_timeout,
473 (unsigned long) conn);
474
475 spin_lock_init(&conn->lock);
476 rwlock_init(&conn->chan_list.lock);
477
478 return conn;
479 }
480
481 static void l2cap_conn_del(struct hci_conn *hcon, int err)
482 {
483 struct l2cap_conn *conn = hcon->l2cap_data;
484 struct sock *sk;
485
486 if (!conn)
487 return;
488
489 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
490
491 if (conn->rx_skb)
492 kfree_skb(conn->rx_skb);
493
494 /* Kill channels */
495 while ((sk = conn->chan_list.head)) {
496 bh_lock_sock(sk);
497 l2cap_chan_del(sk, err);
498 bh_unlock_sock(sk);
499 l2cap_sock_kill(sk);
500 }
501
502 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
503 del_timer_sync(&conn->info_timer);
504
505 hcon->l2cap_data = NULL;
506 kfree(conn);
507 }
508
509 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
510 {
511 struct l2cap_chan_list *l = &conn->chan_list;
512 write_lock_bh(&l->lock);
513 __l2cap_chan_add(conn, sk, parent);
514 write_unlock_bh(&l->lock);
515 }
516
517 /* ---- Socket interface ---- */
518 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
519 {
520 struct sock *sk;
521 struct hlist_node *node;
522 sk_for_each(sk, node, &l2cap_sk_list.head)
523 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
524 goto found;
525 sk = NULL;
526 found:
527 return sk;
528 }
529
530 /* Find socket with psm and source bdaddr.
531 * Returns closest match.
532 */
533 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
534 {
535 struct sock *sk = NULL, *sk1 = NULL;
536 struct hlist_node *node;
537
538 sk_for_each(sk, node, &l2cap_sk_list.head) {
539 if (state && sk->sk_state != state)
540 continue;
541
542 if (l2cap_pi(sk)->psm == psm) {
543 /* Exact match. */
544 if (!bacmp(&bt_sk(sk)->src, src))
545 break;
546
547 /* Closest match */
548 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
549 sk1 = sk;
550 }
551 }
552 return node ? sk : sk1;
553 }
554
555 /* Find socket with given address (psm, src).
556 * Returns locked socket */
557 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
558 {
559 struct sock *s;
560 read_lock(&l2cap_sk_list.lock);
561 s = __l2cap_get_sock_by_psm(state, psm, src);
562 if (s) bh_lock_sock(s);
563 read_unlock(&l2cap_sk_list.lock);
564 return s;
565 }
566
567 static void l2cap_sock_destruct(struct sock *sk)
568 {
569 BT_DBG("sk %p", sk);
570
571 skb_queue_purge(&sk->sk_receive_queue);
572 skb_queue_purge(&sk->sk_write_queue);
573 }
574
575 static void l2cap_sock_cleanup_listen(struct sock *parent)
576 {
577 struct sock *sk;
578
579 BT_DBG("parent %p", parent);
580
581 /* Close not yet accepted channels */
582 while ((sk = bt_accept_dequeue(parent, NULL)))
583 l2cap_sock_close(sk);
584
585 parent->sk_state = BT_CLOSED;
586 sock_set_flag(parent, SOCK_ZAPPED);
587 }
588
589 /* Kill socket (only if zapped and orphan)
590 * Must be called on unlocked socket.
591 */
592 static void l2cap_sock_kill(struct sock *sk)
593 {
594 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
595 return;
596
597 BT_DBG("sk %p state %d", sk, sk->sk_state);
598
599 /* Kill poor orphan */
600 bt_sock_unlink(&l2cap_sk_list, sk);
601 sock_set_flag(sk, SOCK_DEAD);
602 sock_put(sk);
603 }
604
605 static void __l2cap_sock_close(struct sock *sk, int reason)
606 {
607 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
608
609 switch (sk->sk_state) {
610 case BT_LISTEN:
611 l2cap_sock_cleanup_listen(sk);
612 break;
613
614 case BT_CONNECTED:
615 case BT_CONFIG:
616 case BT_CONNECT2:
617 if (sk->sk_type == SOCK_SEQPACKET) {
618 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
619 struct l2cap_disconn_req req;
620
621 sk->sk_state = BT_DISCONN;
622 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
623
624 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
625 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
626 l2cap_send_cmd(conn, l2cap_get_ident(conn),
627 L2CAP_DISCONN_REQ, sizeof(req), &req);
628 } else
629 l2cap_chan_del(sk, reason);
630 break;
631
632 case BT_CONNECT:
633 case BT_DISCONN:
634 l2cap_chan_del(sk, reason);
635 break;
636
637 default:
638 sock_set_flag(sk, SOCK_ZAPPED);
639 break;
640 }
641 }
642
643 /* Must be called on unlocked socket. */
644 static void l2cap_sock_close(struct sock *sk)
645 {
646 l2cap_sock_clear_timer(sk);
647 lock_sock(sk);
648 __l2cap_sock_close(sk, ECONNRESET);
649 release_sock(sk);
650 l2cap_sock_kill(sk);
651 }
652
653 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
654 {
655 struct l2cap_pinfo *pi = l2cap_pi(sk);
656
657 BT_DBG("sk %p", sk);
658
659 if (parent) {
660 sk->sk_type = parent->sk_type;
661 pi->imtu = l2cap_pi(parent)->imtu;
662 pi->omtu = l2cap_pi(parent)->omtu;
663 pi->link_mode = l2cap_pi(parent)->link_mode;
664 } else {
665 pi->imtu = L2CAP_DEFAULT_MTU;
666 pi->omtu = 0;
667 pi->link_mode = 0;
668 }
669
670 /* Default config options */
671 pi->conf_len = 0;
672 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
673 }
674
675 static struct proto l2cap_proto = {
676 .name = "L2CAP",
677 .owner = THIS_MODULE,
678 .obj_size = sizeof(struct l2cap_pinfo)
679 };
680
681 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
682 {
683 struct sock *sk;
684
685 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
686 if (!sk)
687 return NULL;
688
689 sock_init_data(sock, sk);
690 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
691
692 sk->sk_destruct = l2cap_sock_destruct;
693 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
694
695 sock_reset_flag(sk, SOCK_ZAPPED);
696
697 sk->sk_protocol = proto;
698 sk->sk_state = BT_OPEN;
699
700 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
701
702 bt_sock_link(&l2cap_sk_list, sk);
703 return sk;
704 }
705
706 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
707 {
708 struct sock *sk;
709
710 BT_DBG("sock %p", sock);
711
712 sock->state = SS_UNCONNECTED;
713
714 if (sock->type != SOCK_SEQPACKET &&
715 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
716 return -ESOCKTNOSUPPORT;
717
718 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
719 return -EPERM;
720
721 sock->ops = &l2cap_sock_ops;
722
723 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
724 if (!sk)
725 return -ENOMEM;
726
727 l2cap_sock_init(sk, NULL);
728 return 0;
729 }
730
731 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
732 {
733 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
734 struct sock *sk = sock->sk;
735 int err = 0;
736
737 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
738
739 if (!addr || addr->sa_family != AF_BLUETOOTH)
740 return -EINVAL;
741
742 lock_sock(sk);
743
744 if (sk->sk_state != BT_OPEN) {
745 err = -EBADFD;
746 goto done;
747 }
748
749 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
750 !capable(CAP_NET_BIND_SERVICE)) {
751 err = -EACCES;
752 goto done;
753 }
754
755 write_lock_bh(&l2cap_sk_list.lock);
756
757 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
758 err = -EADDRINUSE;
759 } else {
760 /* Save source address */
761 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
762 l2cap_pi(sk)->psm = la->l2_psm;
763 l2cap_pi(sk)->sport = la->l2_psm;
764 sk->sk_state = BT_BOUND;
765 }
766
767 write_unlock_bh(&l2cap_sk_list.lock);
768
769 done:
770 release_sock(sk);
771 return err;
772 }
773
774 static int l2cap_do_connect(struct sock *sk)
775 {
776 bdaddr_t *src = &bt_sk(sk)->src;
777 bdaddr_t *dst = &bt_sk(sk)->dst;
778 struct l2cap_conn *conn;
779 struct hci_conn *hcon;
780 struct hci_dev *hdev;
781 __u8 auth_type;
782 int err = 0;
783
784 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
785
786 if (!(hdev = hci_get_route(dst, src)))
787 return -EHOSTUNREACH;
788
789 hci_dev_lock_bh(hdev);
790
791 err = -ENOMEM;
792
793 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH ||
794 l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT ||
795 l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
796 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
797 auth_type = HCI_AT_NO_BONDING_MITM;
798 else
799 auth_type = HCI_AT_GENERAL_BONDING_MITM;
800 } else {
801 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001))
802 auth_type = HCI_AT_NO_BONDING;
803 else
804 auth_type = HCI_AT_GENERAL_BONDING;
805 }
806
807 hcon = hci_connect(hdev, ACL_LINK, dst, auth_type);
808 if (!hcon)
809 goto done;
810
811 conn = l2cap_conn_add(hcon, 0);
812 if (!conn) {
813 hci_conn_put(hcon);
814 goto done;
815 }
816
817 err = 0;
818
819 /* Update source addr of the socket */
820 bacpy(src, conn->src);
821
822 l2cap_chan_add(conn, sk, NULL);
823
824 sk->sk_state = BT_CONNECT;
825 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
826
827 if (hcon->state == BT_CONNECTED) {
828 if (sk->sk_type != SOCK_SEQPACKET) {
829 l2cap_sock_clear_timer(sk);
830 sk->sk_state = BT_CONNECTED;
831 } else
832 l2cap_do_start(sk);
833 }
834
835 done:
836 hci_dev_unlock_bh(hdev);
837 hci_dev_put(hdev);
838 return err;
839 }
840
841 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
842 {
843 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
844 struct sock *sk = sock->sk;
845 int err = 0;
846
847 lock_sock(sk);
848
849 BT_DBG("sk %p", sk);
850
851 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
852 err = -EINVAL;
853 goto done;
854 }
855
856 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
857 err = -EINVAL;
858 goto done;
859 }
860
861 switch(sk->sk_state) {
862 case BT_CONNECT:
863 case BT_CONNECT2:
864 case BT_CONFIG:
865 /* Already connecting */
866 goto wait;
867
868 case BT_CONNECTED:
869 /* Already connected */
870 goto done;
871
872 case BT_OPEN:
873 case BT_BOUND:
874 /* Can connect */
875 break;
876
877 default:
878 err = -EBADFD;
879 goto done;
880 }
881
882 /* Set destination address and psm */
883 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
884 l2cap_pi(sk)->psm = la->l2_psm;
885
886 if ((err = l2cap_do_connect(sk)))
887 goto done;
888
889 wait:
890 err = bt_sock_wait_state(sk, BT_CONNECTED,
891 sock_sndtimeo(sk, flags & O_NONBLOCK));
892 done:
893 release_sock(sk);
894 return err;
895 }
896
897 static int l2cap_sock_listen(struct socket *sock, int backlog)
898 {
899 struct sock *sk = sock->sk;
900 int err = 0;
901
902 BT_DBG("sk %p backlog %d", sk, backlog);
903
904 lock_sock(sk);
905
906 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
907 err = -EBADFD;
908 goto done;
909 }
910
911 if (!l2cap_pi(sk)->psm) {
912 bdaddr_t *src = &bt_sk(sk)->src;
913 u16 psm;
914
915 err = -EINVAL;
916
917 write_lock_bh(&l2cap_sk_list.lock);
918
919 for (psm = 0x1001; psm < 0x1100; psm += 2)
920 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
921 l2cap_pi(sk)->psm = htobs(psm);
922 l2cap_pi(sk)->sport = htobs(psm);
923 err = 0;
924 break;
925 }
926
927 write_unlock_bh(&l2cap_sk_list.lock);
928
929 if (err < 0)
930 goto done;
931 }
932
933 sk->sk_max_ack_backlog = backlog;
934 sk->sk_ack_backlog = 0;
935 sk->sk_state = BT_LISTEN;
936
937 done:
938 release_sock(sk);
939 return err;
940 }
941
942 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
943 {
944 DECLARE_WAITQUEUE(wait, current);
945 struct sock *sk = sock->sk, *nsk;
946 long timeo;
947 int err = 0;
948
949 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
950
951 if (sk->sk_state != BT_LISTEN) {
952 err = -EBADFD;
953 goto done;
954 }
955
956 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
957
958 BT_DBG("sk %p timeo %ld", sk, timeo);
959
960 /* Wait for an incoming connection. (wake-one). */
961 add_wait_queue_exclusive(sk->sk_sleep, &wait);
962 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
963 set_current_state(TASK_INTERRUPTIBLE);
964 if (!timeo) {
965 err = -EAGAIN;
966 break;
967 }
968
969 release_sock(sk);
970 timeo = schedule_timeout(timeo);
971 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
972
973 if (sk->sk_state != BT_LISTEN) {
974 err = -EBADFD;
975 break;
976 }
977
978 if (signal_pending(current)) {
979 err = sock_intr_errno(timeo);
980 break;
981 }
982 }
983 set_current_state(TASK_RUNNING);
984 remove_wait_queue(sk->sk_sleep, &wait);
985
986 if (err)
987 goto done;
988
989 newsock->state = SS_CONNECTED;
990
991 BT_DBG("new socket %p", nsk);
992
993 done:
994 release_sock(sk);
995 return err;
996 }
997
998 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
999 {
1000 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1001 struct sock *sk = sock->sk;
1002
1003 BT_DBG("sock %p, sk %p", sock, sk);
1004
1005 addr->sa_family = AF_BLUETOOTH;
1006 *len = sizeof(struct sockaddr_l2);
1007
1008 if (peer)
1009 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1010 else
1011 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1012
1013 la->l2_psm = l2cap_pi(sk)->psm;
1014 return 0;
1015 }
1016
1017 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1018 {
1019 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1020 struct sk_buff *skb, **frag;
1021 int err, hlen, count, sent=0;
1022 struct l2cap_hdr *lh;
1023
1024 BT_DBG("sk %p len %d", sk, len);
1025
1026 /* First fragment (with L2CAP header) */
1027 if (sk->sk_type == SOCK_DGRAM)
1028 hlen = L2CAP_HDR_SIZE + 2;
1029 else
1030 hlen = L2CAP_HDR_SIZE;
1031
1032 count = min_t(unsigned int, (conn->mtu - hlen), len);
1033
1034 skb = bt_skb_send_alloc(sk, hlen + count,
1035 msg->msg_flags & MSG_DONTWAIT, &err);
1036 if (!skb)
1037 return err;
1038
1039 /* Create L2CAP header */
1040 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1041 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1042 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1043
1044 if (sk->sk_type == SOCK_DGRAM)
1045 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1046
1047 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1048 err = -EFAULT;
1049 goto fail;
1050 }
1051
1052 sent += count;
1053 len -= count;
1054
1055 /* Continuation fragments (no L2CAP header) */
1056 frag = &skb_shinfo(skb)->frag_list;
1057 while (len) {
1058 count = min_t(unsigned int, conn->mtu, len);
1059
1060 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1061 if (!*frag)
1062 goto fail;
1063
1064 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1065 err = -EFAULT;
1066 goto fail;
1067 }
1068
1069 sent += count;
1070 len -= count;
1071
1072 frag = &(*frag)->next;
1073 }
1074
1075 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1076 goto fail;
1077
1078 return sent;
1079
1080 fail:
1081 kfree_skb(skb);
1082 return err;
1083 }
1084
1085 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1086 {
1087 struct sock *sk = sock->sk;
1088 int err = 0;
1089
1090 BT_DBG("sock %p, sk %p", sock, sk);
1091
1092 err = sock_error(sk);
1093 if (err)
1094 return err;
1095
1096 if (msg->msg_flags & MSG_OOB)
1097 return -EOPNOTSUPP;
1098
1099 /* Check outgoing MTU */
1100 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1101 return -EINVAL;
1102
1103 lock_sock(sk);
1104
1105 if (sk->sk_state == BT_CONNECTED)
1106 err = l2cap_do_send(sk, msg, len);
1107 else
1108 err = -ENOTCONN;
1109
1110 release_sock(sk);
1111 return err;
1112 }
1113
1114 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1115 {
1116 struct sock *sk = sock->sk;
1117 struct l2cap_options opts;
1118 int err = 0, len;
1119 u32 opt;
1120
1121 BT_DBG("sk %p", sk);
1122
1123 lock_sock(sk);
1124
1125 switch (optname) {
1126 case L2CAP_OPTIONS:
1127 opts.imtu = l2cap_pi(sk)->imtu;
1128 opts.omtu = l2cap_pi(sk)->omtu;
1129 opts.flush_to = l2cap_pi(sk)->flush_to;
1130 opts.mode = L2CAP_MODE_BASIC;
1131
1132 len = min_t(unsigned int, sizeof(opts), optlen);
1133 if (copy_from_user((char *) &opts, optval, len)) {
1134 err = -EFAULT;
1135 break;
1136 }
1137
1138 l2cap_pi(sk)->imtu = opts.imtu;
1139 l2cap_pi(sk)->omtu = opts.omtu;
1140 break;
1141
1142 case L2CAP_LM:
1143 if (get_user(opt, (u32 __user *) optval)) {
1144 err = -EFAULT;
1145 break;
1146 }
1147
1148 l2cap_pi(sk)->link_mode = opt;
1149 break;
1150
1151 default:
1152 err = -ENOPROTOOPT;
1153 break;
1154 }
1155
1156 release_sock(sk);
1157 return err;
1158 }
1159
1160 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1161 {
1162 struct sock *sk = sock->sk;
1163 struct l2cap_options opts;
1164 struct l2cap_conninfo cinfo;
1165 int len, err = 0;
1166
1167 BT_DBG("sk %p", sk);
1168
1169 if (get_user(len, optlen))
1170 return -EFAULT;
1171
1172 lock_sock(sk);
1173
1174 switch (optname) {
1175 case L2CAP_OPTIONS:
1176 opts.imtu = l2cap_pi(sk)->imtu;
1177 opts.omtu = l2cap_pi(sk)->omtu;
1178 opts.flush_to = l2cap_pi(sk)->flush_to;
1179 opts.mode = L2CAP_MODE_BASIC;
1180
1181 len = min_t(unsigned int, len, sizeof(opts));
1182 if (copy_to_user(optval, (char *) &opts, len))
1183 err = -EFAULT;
1184
1185 break;
1186
1187 case L2CAP_LM:
1188 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
1189 err = -EFAULT;
1190 break;
1191
1192 case L2CAP_CONNINFO:
1193 if (sk->sk_state != BT_CONNECTED) {
1194 err = -ENOTCONN;
1195 break;
1196 }
1197
1198 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1199 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1200
1201 len = min_t(unsigned int, len, sizeof(cinfo));
1202 if (copy_to_user(optval, (char *) &cinfo, len))
1203 err = -EFAULT;
1204
1205 break;
1206
1207 default:
1208 err = -ENOPROTOOPT;
1209 break;
1210 }
1211
1212 release_sock(sk);
1213 return err;
1214 }
1215
1216 static int l2cap_sock_shutdown(struct socket *sock, int how)
1217 {
1218 struct sock *sk = sock->sk;
1219 int err = 0;
1220
1221 BT_DBG("sock %p, sk %p", sock, sk);
1222
1223 if (!sk)
1224 return 0;
1225
1226 lock_sock(sk);
1227 if (!sk->sk_shutdown) {
1228 sk->sk_shutdown = SHUTDOWN_MASK;
1229 l2cap_sock_clear_timer(sk);
1230 __l2cap_sock_close(sk, 0);
1231
1232 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1233 err = bt_sock_wait_state(sk, BT_CLOSED,
1234 sk->sk_lingertime);
1235 }
1236 release_sock(sk);
1237 return err;
1238 }
1239
1240 static int l2cap_sock_release(struct socket *sock)
1241 {
1242 struct sock *sk = sock->sk;
1243 int err;
1244
1245 BT_DBG("sock %p, sk %p", sock, sk);
1246
1247 if (!sk)
1248 return 0;
1249
1250 err = l2cap_sock_shutdown(sock, 2);
1251
1252 sock_orphan(sk);
1253 l2cap_sock_kill(sk);
1254 return err;
1255 }
1256
1257 static void l2cap_chan_ready(struct sock *sk)
1258 {
1259 struct sock *parent = bt_sk(sk)->parent;
1260
1261 BT_DBG("sk %p, parent %p", sk, parent);
1262
1263 l2cap_pi(sk)->conf_state = 0;
1264 l2cap_sock_clear_timer(sk);
1265
1266 if (!parent) {
1267 /* Outgoing channel.
1268 * Wake up socket sleeping on connect.
1269 */
1270 sk->sk_state = BT_CONNECTED;
1271 sk->sk_state_change(sk);
1272 } else {
1273 /* Incoming channel.
1274 * Wake up socket sleeping on accept.
1275 */
1276 parent->sk_data_ready(parent, 0);
1277 }
1278
1279 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
1280 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1281 hci_conn_change_link_key(conn->hcon);
1282 }
1283 }
1284
1285 /* Copy frame to all raw sockets on that connection */
1286 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1287 {
1288 struct l2cap_chan_list *l = &conn->chan_list;
1289 struct sk_buff *nskb;
1290 struct sock * sk;
1291
1292 BT_DBG("conn %p", conn);
1293
1294 read_lock(&l->lock);
1295 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1296 if (sk->sk_type != SOCK_RAW)
1297 continue;
1298
1299 /* Don't send frame to the socket it came from */
1300 if (skb->sk == sk)
1301 continue;
1302
1303 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1304 continue;
1305
1306 if (sock_queue_rcv_skb(sk, nskb))
1307 kfree_skb(nskb);
1308 }
1309 read_unlock(&l->lock);
1310 }
1311
1312 /* ---- L2CAP signalling commands ---- */
1313 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1314 u8 code, u8 ident, u16 dlen, void *data)
1315 {
1316 struct sk_buff *skb, **frag;
1317 struct l2cap_cmd_hdr *cmd;
1318 struct l2cap_hdr *lh;
1319 int len, count;
1320
1321 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1322
1323 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1324 count = min_t(unsigned int, conn->mtu, len);
1325
1326 skb = bt_skb_alloc(count, GFP_ATOMIC);
1327 if (!skb)
1328 return NULL;
1329
1330 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1331 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1332 lh->cid = cpu_to_le16(0x0001);
1333
1334 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1335 cmd->code = code;
1336 cmd->ident = ident;
1337 cmd->len = cpu_to_le16(dlen);
1338
1339 if (dlen) {
1340 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1341 memcpy(skb_put(skb, count), data, count);
1342 data += count;
1343 }
1344
1345 len -= skb->len;
1346
1347 /* Continuation fragments (no L2CAP header) */
1348 frag = &skb_shinfo(skb)->frag_list;
1349 while (len) {
1350 count = min_t(unsigned int, conn->mtu, len);
1351
1352 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1353 if (!*frag)
1354 goto fail;
1355
1356 memcpy(skb_put(*frag, count), data, count);
1357
1358 len -= count;
1359 data += count;
1360
1361 frag = &(*frag)->next;
1362 }
1363
1364 return skb;
1365
1366 fail:
1367 kfree_skb(skb);
1368 return NULL;
1369 }
1370
1371 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1372 {
1373 struct l2cap_conf_opt *opt = *ptr;
1374 int len;
1375
1376 len = L2CAP_CONF_OPT_SIZE + opt->len;
1377 *ptr += len;
1378
1379 *type = opt->type;
1380 *olen = opt->len;
1381
1382 switch (opt->len) {
1383 case 1:
1384 *val = *((u8 *) opt->val);
1385 break;
1386
1387 case 2:
1388 *val = __le16_to_cpu(*((__le16 *) opt->val));
1389 break;
1390
1391 case 4:
1392 *val = __le32_to_cpu(*((__le32 *) opt->val));
1393 break;
1394
1395 default:
1396 *val = (unsigned long) opt->val;
1397 break;
1398 }
1399
1400 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1401 return len;
1402 }
1403
1404 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1405 {
1406 struct l2cap_conf_opt *opt = *ptr;
1407
1408 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1409
1410 opt->type = type;
1411 opt->len = len;
1412
1413 switch (len) {
1414 case 1:
1415 *((u8 *) opt->val) = val;
1416 break;
1417
1418 case 2:
1419 *((__le16 *) opt->val) = cpu_to_le16(val);
1420 break;
1421
1422 case 4:
1423 *((__le32 *) opt->val) = cpu_to_le32(val);
1424 break;
1425
1426 default:
1427 memcpy(opt->val, (void *) val, len);
1428 break;
1429 }
1430
1431 *ptr += L2CAP_CONF_OPT_SIZE + len;
1432 }
1433
1434 static int l2cap_build_conf_req(struct sock *sk, void *data)
1435 {
1436 struct l2cap_pinfo *pi = l2cap_pi(sk);
1437 struct l2cap_conf_req *req = data;
1438 void *ptr = req->data;
1439
1440 BT_DBG("sk %p", sk);
1441
1442 if (pi->imtu != L2CAP_DEFAULT_MTU)
1443 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1444
1445 /* FIXME: Need actual value of the flush timeout */
1446 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1447 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1448
1449 req->dcid = cpu_to_le16(pi->dcid);
1450 req->flags = cpu_to_le16(0);
1451
1452 return ptr - data;
1453 }
1454
1455 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1456 {
1457 struct l2cap_pinfo *pi = l2cap_pi(sk);
1458 struct l2cap_conf_rsp *rsp = data;
1459 void *ptr = rsp->data;
1460 void *req = pi->conf_req;
1461 int len = pi->conf_len;
1462 int type, hint, olen;
1463 unsigned long val;
1464 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1465 u16 mtu = L2CAP_DEFAULT_MTU;
1466 u16 result = L2CAP_CONF_SUCCESS;
1467
1468 BT_DBG("sk %p", sk);
1469
1470 while (len >= L2CAP_CONF_OPT_SIZE) {
1471 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1472
1473 hint = type & 0x80;
1474 type &= 0x7f;
1475
1476 switch (type) {
1477 case L2CAP_CONF_MTU:
1478 mtu = val;
1479 break;
1480
1481 case L2CAP_CONF_FLUSH_TO:
1482 pi->flush_to = val;
1483 break;
1484
1485 case L2CAP_CONF_QOS:
1486 break;
1487
1488 case L2CAP_CONF_RFC:
1489 if (olen == sizeof(rfc))
1490 memcpy(&rfc, (void *) val, olen);
1491 break;
1492
1493 default:
1494 if (hint)
1495 break;
1496
1497 result = L2CAP_CONF_UNKNOWN;
1498 *((u8 *) ptr++) = type;
1499 break;
1500 }
1501 }
1502
1503 if (result == L2CAP_CONF_SUCCESS) {
1504 /* Configure output options and let the other side know
1505 * which ones we don't like. */
1506
1507 if (rfc.mode == L2CAP_MODE_BASIC) {
1508 if (mtu < pi->omtu)
1509 result = L2CAP_CONF_UNACCEPT;
1510 else {
1511 pi->omtu = mtu;
1512 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1513 }
1514
1515 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1516 } else {
1517 result = L2CAP_CONF_UNACCEPT;
1518
1519 memset(&rfc, 0, sizeof(rfc));
1520 rfc.mode = L2CAP_MODE_BASIC;
1521
1522 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1523 sizeof(rfc), (unsigned long) &rfc);
1524 }
1525 }
1526
1527 rsp->scid = cpu_to_le16(pi->dcid);
1528 rsp->result = cpu_to_le16(result);
1529 rsp->flags = cpu_to_le16(0x0000);
1530
1531 return ptr - data;
1532 }
1533
1534 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1535 {
1536 struct l2cap_conf_rsp *rsp = data;
1537 void *ptr = rsp->data;
1538
1539 BT_DBG("sk %p", sk);
1540
1541 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1542 rsp->result = cpu_to_le16(result);
1543 rsp->flags = cpu_to_le16(flags);
1544
1545 return ptr - data;
1546 }
1547
1548 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1549 {
1550 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1551
1552 if (rej->reason != 0x0000)
1553 return 0;
1554
1555 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1556 cmd->ident == conn->info_ident) {
1557 conn->info_ident = 0;
1558 del_timer(&conn->info_timer);
1559 l2cap_conn_start(conn);
1560 }
1561
1562 return 0;
1563 }
1564
1565 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1566 {
1567 struct l2cap_chan_list *list = &conn->chan_list;
1568 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1569 struct l2cap_conn_rsp rsp;
1570 struct sock *sk, *parent;
1571 int result, status = L2CAP_CS_NO_INFO;
1572
1573 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1574 __le16 psm = req->psm;
1575
1576 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1577
1578 /* Check if we have socket listening on psm */
1579 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1580 if (!parent) {
1581 result = L2CAP_CR_BAD_PSM;
1582 goto sendresp;
1583 }
1584
1585 /* Check if the ACL is secure enough (if not SDP) */
1586 if (psm != cpu_to_le16(0x0001) &&
1587 !hci_conn_check_link_mode(conn->hcon)) {
1588 result = L2CAP_CR_SEC_BLOCK;
1589 goto response;
1590 }
1591
1592 result = L2CAP_CR_NO_MEM;
1593
1594 /* Check for backlog size */
1595 if (sk_acceptq_is_full(parent)) {
1596 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1597 goto response;
1598 }
1599
1600 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1601 if (!sk)
1602 goto response;
1603
1604 write_lock_bh(&list->lock);
1605
1606 /* Check if we already have channel with that dcid */
1607 if (__l2cap_get_chan_by_dcid(list, scid)) {
1608 write_unlock_bh(&list->lock);
1609 sock_set_flag(sk, SOCK_ZAPPED);
1610 l2cap_sock_kill(sk);
1611 goto response;
1612 }
1613
1614 hci_conn_hold(conn->hcon);
1615
1616 l2cap_sock_init(sk, parent);
1617 bacpy(&bt_sk(sk)->src, conn->src);
1618 bacpy(&bt_sk(sk)->dst, conn->dst);
1619 l2cap_pi(sk)->psm = psm;
1620 l2cap_pi(sk)->dcid = scid;
1621
1622 __l2cap_chan_add(conn, sk, parent);
1623 dcid = l2cap_pi(sk)->scid;
1624
1625 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1626
1627 l2cap_pi(sk)->ident = cmd->ident;
1628
1629 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1630 if (l2cap_check_link_mode(sk)) {
1631 sk->sk_state = BT_CONFIG;
1632 result = L2CAP_CR_SUCCESS;
1633 status = L2CAP_CS_NO_INFO;
1634 } else {
1635 sk->sk_state = BT_CONNECT2;
1636 result = L2CAP_CR_PEND;
1637 status = L2CAP_CS_AUTHEN_PEND;
1638 }
1639 } else {
1640 sk->sk_state = BT_CONNECT2;
1641 result = L2CAP_CR_PEND;
1642 status = L2CAP_CS_NO_INFO;
1643 }
1644
1645 write_unlock_bh(&list->lock);
1646
1647 response:
1648 bh_unlock_sock(parent);
1649
1650 sendresp:
1651 rsp.scid = cpu_to_le16(scid);
1652 rsp.dcid = cpu_to_le16(dcid);
1653 rsp.result = cpu_to_le16(result);
1654 rsp.status = cpu_to_le16(status);
1655 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1656
1657 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1658 struct l2cap_info_req info;
1659 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1660
1661 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1662 conn->info_ident = l2cap_get_ident(conn);
1663
1664 mod_timer(&conn->info_timer, jiffies +
1665 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1666
1667 l2cap_send_cmd(conn, conn->info_ident,
1668 L2CAP_INFO_REQ, sizeof(info), &info);
1669 }
1670
1671 return 0;
1672 }
1673
1674 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1675 {
1676 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1677 u16 scid, dcid, result, status;
1678 struct sock *sk;
1679 u8 req[128];
1680
1681 scid = __le16_to_cpu(rsp->scid);
1682 dcid = __le16_to_cpu(rsp->dcid);
1683 result = __le16_to_cpu(rsp->result);
1684 status = __le16_to_cpu(rsp->status);
1685
1686 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1687
1688 if (scid) {
1689 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1690 return 0;
1691 } else {
1692 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1693 return 0;
1694 }
1695
1696 switch (result) {
1697 case L2CAP_CR_SUCCESS:
1698 sk->sk_state = BT_CONFIG;
1699 l2cap_pi(sk)->ident = 0;
1700 l2cap_pi(sk)->dcid = dcid;
1701 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1702
1703 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1704 l2cap_build_conf_req(sk, req), req);
1705 break;
1706
1707 case L2CAP_CR_PEND:
1708 break;
1709
1710 default:
1711 l2cap_chan_del(sk, ECONNREFUSED);
1712 break;
1713 }
1714
1715 bh_unlock_sock(sk);
1716 return 0;
1717 }
1718
1719 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1720 {
1721 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1722 u16 dcid, flags;
1723 u8 rsp[64];
1724 struct sock *sk;
1725 int len;
1726
1727 dcid = __le16_to_cpu(req->dcid);
1728 flags = __le16_to_cpu(req->flags);
1729
1730 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1731
1732 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1733 return -ENOENT;
1734
1735 if (sk->sk_state == BT_DISCONN)
1736 goto unlock;
1737
1738 /* Reject if config buffer is too small. */
1739 len = cmd_len - sizeof(*req);
1740 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1741 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1742 l2cap_build_conf_rsp(sk, rsp,
1743 L2CAP_CONF_REJECT, flags), rsp);
1744 goto unlock;
1745 }
1746
1747 /* Store config. */
1748 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1749 l2cap_pi(sk)->conf_len += len;
1750
1751 if (flags & 0x0001) {
1752 /* Incomplete config. Send empty response. */
1753 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1754 l2cap_build_conf_rsp(sk, rsp,
1755 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1756 goto unlock;
1757 }
1758
1759 /* Complete config. */
1760 len = l2cap_parse_conf_req(sk, rsp);
1761 if (len < 0)
1762 goto unlock;
1763
1764 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1765
1766 /* Reset config buffer. */
1767 l2cap_pi(sk)->conf_len = 0;
1768
1769 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1770 goto unlock;
1771
1772 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1773 sk->sk_state = BT_CONNECTED;
1774 l2cap_chan_ready(sk);
1775 goto unlock;
1776 }
1777
1778 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1779 u8 buf[64];
1780 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1781 l2cap_build_conf_req(sk, buf), buf);
1782 }
1783
1784 unlock:
1785 bh_unlock_sock(sk);
1786 return 0;
1787 }
1788
1789 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1790 {
1791 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1792 u16 scid, flags, result;
1793 struct sock *sk;
1794
1795 scid = __le16_to_cpu(rsp->scid);
1796 flags = __le16_to_cpu(rsp->flags);
1797 result = __le16_to_cpu(rsp->result);
1798
1799 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1800
1801 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1802 return 0;
1803
1804 switch (result) {
1805 case L2CAP_CONF_SUCCESS:
1806 break;
1807
1808 case L2CAP_CONF_UNACCEPT:
1809 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1810 char req[128];
1811 /* It does not make sense to adjust L2CAP parameters
1812 * that are currently defined in the spec. We simply
1813 * resend config request that we sent earlier. It is
1814 * stupid, but it helps qualification testing which
1815 * expects at least some response from us. */
1816 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1817 l2cap_build_conf_req(sk, req), req);
1818 goto done;
1819 }
1820
1821 default:
1822 sk->sk_state = BT_DISCONN;
1823 sk->sk_err = ECONNRESET;
1824 l2cap_sock_set_timer(sk, HZ * 5);
1825 {
1826 struct l2cap_disconn_req req;
1827 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
1828 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
1829 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1830 L2CAP_DISCONN_REQ, sizeof(req), &req);
1831 }
1832 goto done;
1833 }
1834
1835 if (flags & 0x01)
1836 goto done;
1837
1838 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1839
1840 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1841 sk->sk_state = BT_CONNECTED;
1842 l2cap_chan_ready(sk);
1843 }
1844
1845 done:
1846 bh_unlock_sock(sk);
1847 return 0;
1848 }
1849
1850 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1851 {
1852 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1853 struct l2cap_disconn_rsp rsp;
1854 u16 dcid, scid;
1855 struct sock *sk;
1856
1857 scid = __le16_to_cpu(req->scid);
1858 dcid = __le16_to_cpu(req->dcid);
1859
1860 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1861
1862 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1863 return 0;
1864
1865 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1866 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1867 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
1868
1869 sk->sk_shutdown = SHUTDOWN_MASK;
1870
1871 l2cap_chan_del(sk, ECONNRESET);
1872 bh_unlock_sock(sk);
1873
1874 l2cap_sock_kill(sk);
1875 return 0;
1876 }
1877
1878 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1879 {
1880 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
1881 u16 dcid, scid;
1882 struct sock *sk;
1883
1884 scid = __le16_to_cpu(rsp->scid);
1885 dcid = __le16_to_cpu(rsp->dcid);
1886
1887 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1888
1889 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1890 return 0;
1891
1892 l2cap_chan_del(sk, 0);
1893 bh_unlock_sock(sk);
1894
1895 l2cap_sock_kill(sk);
1896 return 0;
1897 }
1898
1899 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1900 {
1901 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1902 u16 type;
1903
1904 type = __le16_to_cpu(req->type);
1905
1906 BT_DBG("type 0x%4.4x", type);
1907
1908 if (type == L2CAP_IT_FEAT_MASK) {
1909 u8 buf[8];
1910 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
1911 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1912 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
1913 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
1914 l2cap_send_cmd(conn, cmd->ident,
1915 L2CAP_INFO_RSP, sizeof(buf), buf);
1916 } else {
1917 struct l2cap_info_rsp rsp;
1918 rsp.type = cpu_to_le16(type);
1919 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
1920 l2cap_send_cmd(conn, cmd->ident,
1921 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1922 }
1923
1924 return 0;
1925 }
1926
1927 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1928 {
1929 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
1930 u16 type, result;
1931
1932 type = __le16_to_cpu(rsp->type);
1933 result = __le16_to_cpu(rsp->result);
1934
1935 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1936
1937 conn->info_ident = 0;
1938
1939 del_timer(&conn->info_timer);
1940
1941 if (type == L2CAP_IT_FEAT_MASK)
1942 conn->feat_mask = get_unaligned_le32(rsp->data);
1943
1944 l2cap_conn_start(conn);
1945
1946 return 0;
1947 }
1948
1949 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1950 {
1951 u8 *data = skb->data;
1952 int len = skb->len;
1953 struct l2cap_cmd_hdr cmd;
1954 int err = 0;
1955
1956 l2cap_raw_recv(conn, skb);
1957
1958 while (len >= L2CAP_CMD_HDR_SIZE) {
1959 u16 cmd_len;
1960 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1961 data += L2CAP_CMD_HDR_SIZE;
1962 len -= L2CAP_CMD_HDR_SIZE;
1963
1964 cmd_len = le16_to_cpu(cmd.len);
1965
1966 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1967
1968 if (cmd_len > len || !cmd.ident) {
1969 BT_DBG("corrupted command");
1970 break;
1971 }
1972
1973 switch (cmd.code) {
1974 case L2CAP_COMMAND_REJ:
1975 l2cap_command_rej(conn, &cmd, data);
1976 break;
1977
1978 case L2CAP_CONN_REQ:
1979 err = l2cap_connect_req(conn, &cmd, data);
1980 break;
1981
1982 case L2CAP_CONN_RSP:
1983 err = l2cap_connect_rsp(conn, &cmd, data);
1984 break;
1985
1986 case L2CAP_CONF_REQ:
1987 err = l2cap_config_req(conn, &cmd, cmd_len, data);
1988 break;
1989
1990 case L2CAP_CONF_RSP:
1991 err = l2cap_config_rsp(conn, &cmd, data);
1992 break;
1993
1994 case L2CAP_DISCONN_REQ:
1995 err = l2cap_disconnect_req(conn, &cmd, data);
1996 break;
1997
1998 case L2CAP_DISCONN_RSP:
1999 err = l2cap_disconnect_rsp(conn, &cmd, data);
2000 break;
2001
2002 case L2CAP_ECHO_REQ:
2003 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2004 break;
2005
2006 case L2CAP_ECHO_RSP:
2007 break;
2008
2009 case L2CAP_INFO_REQ:
2010 err = l2cap_information_req(conn, &cmd, data);
2011 break;
2012
2013 case L2CAP_INFO_RSP:
2014 err = l2cap_information_rsp(conn, &cmd, data);
2015 break;
2016
2017 default:
2018 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2019 err = -EINVAL;
2020 break;
2021 }
2022
2023 if (err) {
2024 struct l2cap_cmd_rej rej;
2025 BT_DBG("error %d", err);
2026
2027 /* FIXME: Map err to a valid reason */
2028 rej.reason = cpu_to_le16(0);
2029 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2030 }
2031
2032 data += cmd_len;
2033 len -= cmd_len;
2034 }
2035
2036 kfree_skb(skb);
2037 }
2038
2039 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2040 {
2041 struct sock *sk;
2042
2043 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2044 if (!sk) {
2045 BT_DBG("unknown cid 0x%4.4x", cid);
2046 goto drop;
2047 }
2048
2049 BT_DBG("sk %p, len %d", sk, skb->len);
2050
2051 if (sk->sk_state != BT_CONNECTED)
2052 goto drop;
2053
2054 if (l2cap_pi(sk)->imtu < skb->len)
2055 goto drop;
2056
2057 /* If socket recv buffers overflows we drop data here
2058 * which is *bad* because L2CAP has to be reliable.
2059 * But we don't have any other choice. L2CAP doesn't
2060 * provide flow control mechanism. */
2061
2062 if (!sock_queue_rcv_skb(sk, skb))
2063 goto done;
2064
2065 drop:
2066 kfree_skb(skb);
2067
2068 done:
2069 if (sk)
2070 bh_unlock_sock(sk);
2071
2072 return 0;
2073 }
2074
2075 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2076 {
2077 struct sock *sk;
2078
2079 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2080 if (!sk)
2081 goto drop;
2082
2083 BT_DBG("sk %p, len %d", sk, skb->len);
2084
2085 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2086 goto drop;
2087
2088 if (l2cap_pi(sk)->imtu < skb->len)
2089 goto drop;
2090
2091 if (!sock_queue_rcv_skb(sk, skb))
2092 goto done;
2093
2094 drop:
2095 kfree_skb(skb);
2096
2097 done:
2098 if (sk) bh_unlock_sock(sk);
2099 return 0;
2100 }
2101
2102 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2103 {
2104 struct l2cap_hdr *lh = (void *) skb->data;
2105 u16 cid, len;
2106 __le16 psm;
2107
2108 skb_pull(skb, L2CAP_HDR_SIZE);
2109 cid = __le16_to_cpu(lh->cid);
2110 len = __le16_to_cpu(lh->len);
2111
2112 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2113
2114 switch (cid) {
2115 case 0x0001:
2116 l2cap_sig_channel(conn, skb);
2117 break;
2118
2119 case 0x0002:
2120 psm = get_unaligned((__le16 *) skb->data);
2121 skb_pull(skb, 2);
2122 l2cap_conless_channel(conn, psm, skb);
2123 break;
2124
2125 default:
2126 l2cap_data_channel(conn, cid, skb);
2127 break;
2128 }
2129 }
2130
2131 /* ---- L2CAP interface with lower layer (HCI) ---- */
2132
2133 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2134 {
2135 int exact = 0, lm1 = 0, lm2 = 0;
2136 register struct sock *sk;
2137 struct hlist_node *node;
2138
2139 if (type != ACL_LINK)
2140 return 0;
2141
2142 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2143
2144 /* Find listening sockets and check their link_mode */
2145 read_lock(&l2cap_sk_list.lock);
2146 sk_for_each(sk, node, &l2cap_sk_list.head) {
2147 if (sk->sk_state != BT_LISTEN)
2148 continue;
2149
2150 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2151 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2152 exact++;
2153 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
2154 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
2155 }
2156 read_unlock(&l2cap_sk_list.lock);
2157
2158 return exact ? lm1 : lm2;
2159 }
2160
2161 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2162 {
2163 struct l2cap_conn *conn;
2164
2165 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2166
2167 if (hcon->type != ACL_LINK)
2168 return 0;
2169
2170 if (!status) {
2171 conn = l2cap_conn_add(hcon, status);
2172 if (conn)
2173 l2cap_conn_ready(conn);
2174 } else
2175 l2cap_conn_del(hcon, bt_err(status));
2176
2177 return 0;
2178 }
2179
2180 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2181 {
2182 BT_DBG("hcon %p reason %d", hcon, reason);
2183
2184 if (hcon->type != ACL_LINK)
2185 return 0;
2186
2187 l2cap_conn_del(hcon, bt_err(reason));
2188
2189 return 0;
2190 }
2191
2192 static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2193 {
2194 struct l2cap_chan_list *l;
2195 struct l2cap_conn *conn = hcon->l2cap_data;
2196 struct sock *sk;
2197
2198 if (!conn)
2199 return 0;
2200
2201 l = &conn->chan_list;
2202
2203 BT_DBG("conn %p", conn);
2204
2205 read_lock(&l->lock);
2206
2207 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2208 struct l2cap_pinfo *pi = l2cap_pi(sk);
2209
2210 bh_lock_sock(sk);
2211
2212 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2213 !(hcon->link_mode & HCI_LM_ENCRYPT) &&
2214 !status) {
2215 bh_unlock_sock(sk);
2216 continue;
2217 }
2218
2219 if (sk->sk_state == BT_CONNECT) {
2220 if (!status) {
2221 struct l2cap_conn_req req;
2222 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2223 req.psm = l2cap_pi(sk)->psm;
2224
2225 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2226
2227 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2228 L2CAP_CONN_REQ, sizeof(req), &req);
2229 } else {
2230 l2cap_sock_clear_timer(sk);
2231 l2cap_sock_set_timer(sk, HZ / 10);
2232 }
2233 } else if (sk->sk_state == BT_CONNECT2) {
2234 struct l2cap_conn_rsp rsp;
2235 __u16 result;
2236
2237 if (!status) {
2238 sk->sk_state = BT_CONFIG;
2239 result = L2CAP_CR_SUCCESS;
2240 } else {
2241 sk->sk_state = BT_DISCONN;
2242 l2cap_sock_set_timer(sk, HZ / 10);
2243 result = L2CAP_CR_SEC_BLOCK;
2244 }
2245
2246 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2247 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2248 rsp.result = cpu_to_le16(result);
2249 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2250 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2251 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2252 }
2253
2254 bh_unlock_sock(sk);
2255 }
2256
2257 read_unlock(&l->lock);
2258
2259 return 0;
2260 }
2261
2262 static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2263 {
2264 struct l2cap_chan_list *l;
2265 struct l2cap_conn *conn = hcon->l2cap_data;
2266 struct sock *sk;
2267
2268 if (!conn)
2269 return 0;
2270
2271 l = &conn->chan_list;
2272
2273 BT_DBG("conn %p", conn);
2274
2275 read_lock(&l->lock);
2276
2277 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2278 struct l2cap_pinfo *pi = l2cap_pi(sk);
2279
2280 bh_lock_sock(sk);
2281
2282 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2283 (sk->sk_state == BT_CONNECTED ||
2284 sk->sk_state == BT_CONFIG) &&
2285 !status && encrypt == 0x00) {
2286 __l2cap_sock_close(sk, ECONNREFUSED);
2287 bh_unlock_sock(sk);
2288 continue;
2289 }
2290
2291 if (sk->sk_state == BT_CONNECT) {
2292 if (!status) {
2293 struct l2cap_conn_req req;
2294 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2295 req.psm = l2cap_pi(sk)->psm;
2296
2297 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2298
2299 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2300 L2CAP_CONN_REQ, sizeof(req), &req);
2301 } else {
2302 l2cap_sock_clear_timer(sk);
2303 l2cap_sock_set_timer(sk, HZ / 10);
2304 }
2305 } else if (sk->sk_state == BT_CONNECT2) {
2306 struct l2cap_conn_rsp rsp;
2307 __u16 result;
2308
2309 if (!status) {
2310 sk->sk_state = BT_CONFIG;
2311 result = L2CAP_CR_SUCCESS;
2312 } else {
2313 sk->sk_state = BT_DISCONN;
2314 l2cap_sock_set_timer(sk, HZ / 10);
2315 result = L2CAP_CR_SEC_BLOCK;
2316 }
2317
2318 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2319 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2320 rsp.result = cpu_to_le16(result);
2321 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2322 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2323 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2324 }
2325
2326 bh_unlock_sock(sk);
2327 }
2328
2329 read_unlock(&l->lock);
2330
2331 return 0;
2332 }
2333
2334 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2335 {
2336 struct l2cap_conn *conn = hcon->l2cap_data;
2337
2338 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2339 goto drop;
2340
2341 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2342
2343 if (flags & ACL_START) {
2344 struct l2cap_hdr *hdr;
2345 int len;
2346
2347 if (conn->rx_len) {
2348 BT_ERR("Unexpected start frame (len %d)", skb->len);
2349 kfree_skb(conn->rx_skb);
2350 conn->rx_skb = NULL;
2351 conn->rx_len = 0;
2352 l2cap_conn_unreliable(conn, ECOMM);
2353 }
2354
2355 if (skb->len < 2) {
2356 BT_ERR("Frame is too short (len %d)", skb->len);
2357 l2cap_conn_unreliable(conn, ECOMM);
2358 goto drop;
2359 }
2360
2361 hdr = (struct l2cap_hdr *) skb->data;
2362 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2363
2364 if (len == skb->len) {
2365 /* Complete frame received */
2366 l2cap_recv_frame(conn, skb);
2367 return 0;
2368 }
2369
2370 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2371
2372 if (skb->len > len) {
2373 BT_ERR("Frame is too long (len %d, expected len %d)",
2374 skb->len, len);
2375 l2cap_conn_unreliable(conn, ECOMM);
2376 goto drop;
2377 }
2378
2379 /* Allocate skb for the complete frame (with header) */
2380 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2381 goto drop;
2382
2383 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2384 skb->len);
2385 conn->rx_len = len - skb->len;
2386 } else {
2387 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2388
2389 if (!conn->rx_len) {
2390 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2391 l2cap_conn_unreliable(conn, ECOMM);
2392 goto drop;
2393 }
2394
2395 if (skb->len > conn->rx_len) {
2396 BT_ERR("Fragment is too long (len %d, expected %d)",
2397 skb->len, conn->rx_len);
2398 kfree_skb(conn->rx_skb);
2399 conn->rx_skb = NULL;
2400 conn->rx_len = 0;
2401 l2cap_conn_unreliable(conn, ECOMM);
2402 goto drop;
2403 }
2404
2405 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2406 skb->len);
2407 conn->rx_len -= skb->len;
2408
2409 if (!conn->rx_len) {
2410 /* Complete frame received */
2411 l2cap_recv_frame(conn, conn->rx_skb);
2412 conn->rx_skb = NULL;
2413 }
2414 }
2415
2416 drop:
2417 kfree_skb(skb);
2418 return 0;
2419 }
2420
2421 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2422 {
2423 struct sock *sk;
2424 struct hlist_node *node;
2425 char *str = buf;
2426
2427 read_lock_bh(&l2cap_sk_list.lock);
2428
2429 sk_for_each(sk, node, &l2cap_sk_list.head) {
2430 struct l2cap_pinfo *pi = l2cap_pi(sk);
2431
2432 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2433 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2434 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2435 pi->imtu, pi->omtu, pi->link_mode);
2436 }
2437
2438 read_unlock_bh(&l2cap_sk_list.lock);
2439
2440 return (str - buf);
2441 }
2442
2443 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2444
2445 static const struct proto_ops l2cap_sock_ops = {
2446 .family = PF_BLUETOOTH,
2447 .owner = THIS_MODULE,
2448 .release = l2cap_sock_release,
2449 .bind = l2cap_sock_bind,
2450 .connect = l2cap_sock_connect,
2451 .listen = l2cap_sock_listen,
2452 .accept = l2cap_sock_accept,
2453 .getname = l2cap_sock_getname,
2454 .sendmsg = l2cap_sock_sendmsg,
2455 .recvmsg = bt_sock_recvmsg,
2456 .poll = bt_sock_poll,
2457 .ioctl = bt_sock_ioctl,
2458 .mmap = sock_no_mmap,
2459 .socketpair = sock_no_socketpair,
2460 .shutdown = l2cap_sock_shutdown,
2461 .setsockopt = l2cap_sock_setsockopt,
2462 .getsockopt = l2cap_sock_getsockopt
2463 };
2464
2465 static struct net_proto_family l2cap_sock_family_ops = {
2466 .family = PF_BLUETOOTH,
2467 .owner = THIS_MODULE,
2468 .create = l2cap_sock_create,
2469 };
2470
2471 static struct hci_proto l2cap_hci_proto = {
2472 .name = "L2CAP",
2473 .id = HCI_PROTO_L2CAP,
2474 .connect_ind = l2cap_connect_ind,
2475 .connect_cfm = l2cap_connect_cfm,
2476 .disconn_ind = l2cap_disconn_ind,
2477 .auth_cfm = l2cap_auth_cfm,
2478 .encrypt_cfm = l2cap_encrypt_cfm,
2479 .recv_acldata = l2cap_recv_acldata
2480 };
2481
2482 static int __init l2cap_init(void)
2483 {
2484 int err;
2485
2486 err = proto_register(&l2cap_proto, 0);
2487 if (err < 0)
2488 return err;
2489
2490 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2491 if (err < 0) {
2492 BT_ERR("L2CAP socket registration failed");
2493 goto error;
2494 }
2495
2496 err = hci_register_proto(&l2cap_hci_proto);
2497 if (err < 0) {
2498 BT_ERR("L2CAP protocol registration failed");
2499 bt_sock_unregister(BTPROTO_L2CAP);
2500 goto error;
2501 }
2502
2503 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2504 BT_ERR("Failed to create L2CAP info file");
2505
2506 BT_INFO("L2CAP ver %s", VERSION);
2507 BT_INFO("L2CAP socket layer initialized");
2508
2509 return 0;
2510
2511 error:
2512 proto_unregister(&l2cap_proto);
2513 return err;
2514 }
2515
2516 static void __exit l2cap_exit(void)
2517 {
2518 class_remove_file(bt_class, &class_attr_l2cap);
2519
2520 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2521 BT_ERR("L2CAP socket unregistration failed");
2522
2523 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2524 BT_ERR("L2CAP protocol unregistration failed");
2525
2526 proto_unregister(&l2cap_proto);
2527 }
2528
2529 void l2cap_load(void)
2530 {
2531 /* Dummy function to trigger automatic L2CAP module loading by
2532 * other modules that use L2CAP sockets but don't use any other
2533 * symbols from it. */
2534 return;
2535 }
2536 EXPORT_SYMBOL(l2cap_load);
2537
2538 module_init(l2cap_init);
2539 module_exit(l2cap_exit);
2540
2541 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2542 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2543 MODULE_VERSION(VERSION);
2544 MODULE_LICENSE("GPL");
2545 MODULE_ALIAS("bt-proto-0");
Linux kernel - Deliverables
This page took 0.082218 seconds and 5 git commands to generate.