2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/capability.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
53 #define VERSION "2.13"
55 static u32 l2cap_feat_mask = 0x0080;
56 static u8 l2cap_fixed_chan[8] = { 0x02, };
58 static const struct proto_ops l2cap_sock_ops;
60 static struct bt_sock_list l2cap_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
64 static void __l2cap_sock_close(struct sock *sk, int reason);
65 static void l2cap_sock_close(struct sock *sk);
66 static void l2cap_sock_kill(struct sock *sk);
68 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
71 /* ---- L2CAP timers ---- */
72 static void l2cap_sock_timeout(unsigned long arg)
74 struct sock *sk = (struct sock *) arg;
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
82 reason = ECONNREFUSED;
83 else if (sk->sk_state == BT_CONNECT &&
84 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
85 reason = ECONNREFUSED;
89 __l2cap_sock_close(sk, reason);
97 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
99 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
100 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
103 static void l2cap_sock_clear_timer(struct sock *sk)
105 BT_DBG("sock %p state %d", sk, sk->sk_state);
106 sk_stop_timer(sk, &sk->sk_timer);
109 /* ---- L2CAP channels ---- */
110 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
113 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
114 if (l2cap_pi(s)->dcid == cid)
120 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
123 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
124 if (l2cap_pi(s)->scid == cid)
130 /* Find channel with given SCID.
131 * Returns locked socket */
132 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
136 s = __l2cap_get_chan_by_scid(l, cid);
137 if (s) bh_lock_sock(s);
138 read_unlock(&l->lock);
142 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
145 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
146 if (l2cap_pi(s)->ident == ident)
152 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
156 s = __l2cap_get_chan_by_ident(l, ident);
157 if (s) bh_lock_sock(s);
158 read_unlock(&l->lock);
162 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
166 for (; cid < 0xffff; cid++) {
167 if(!__l2cap_get_chan_by_scid(l, cid))
174 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
179 l2cap_pi(l->head)->prev_c = sk;
181 l2cap_pi(sk)->next_c = l->head;
182 l2cap_pi(sk)->prev_c = NULL;
186 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
190 write_lock_bh(&l->lock);
195 l2cap_pi(next)->prev_c = prev;
197 l2cap_pi(prev)->next_c = next;
198 write_unlock_bh(&l->lock);
203 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
205 struct l2cap_chan_list *l = &conn->chan_list;
207 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
209 conn->disc_reason = 0x13;
211 l2cap_pi(sk)->conn = conn;
213 if (sk->sk_type == SOCK_SEQPACKET) {
214 /* Alloc CID for connection-oriented socket */
215 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
216 } else if (sk->sk_type == SOCK_DGRAM) {
217 /* Connectionless socket */
218 l2cap_pi(sk)->scid = 0x0002;
219 l2cap_pi(sk)->dcid = 0x0002;
220 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
222 /* Raw socket can send/recv signalling messages only */
223 l2cap_pi(sk)->scid = 0x0001;
224 l2cap_pi(sk)->dcid = 0x0001;
225 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
228 __l2cap_chan_link(l, sk);
231 bt_accept_enqueue(parent, sk);
235 * Must be called on the locked socket. */
236 static void l2cap_chan_del(struct sock *sk, int err)
238 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
239 struct sock *parent = bt_sk(sk)->parent;
241 l2cap_sock_clear_timer(sk);
243 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
246 /* Unlink from channel list */
247 l2cap_chan_unlink(&conn->chan_list, sk);
248 l2cap_pi(sk)->conn = NULL;
249 hci_conn_put(conn->hcon);
252 sk->sk_state = BT_CLOSED;
253 sock_set_flag(sk, SOCK_ZAPPED);
259 bt_accept_unlink(sk);
260 parent->sk_data_ready(parent, 0);
262 sk->sk_state_change(sk);
265 /* Service level security */
266 static inline int l2cap_check_security(struct sock *sk)
268 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
271 switch (l2cap_pi(sk)->sec_level) {
272 case BT_SECURITY_HIGH:
273 auth_type = HCI_AT_GENERAL_BONDING_MITM;
275 case BT_SECURITY_MEDIUM:
276 auth_type = HCI_AT_GENERAL_BONDING;
279 auth_type = HCI_AT_NO_BONDING;
283 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
287 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
291 /* Get next available identificator.
292 * 1 - 128 are used by kernel.
293 * 129 - 199 are reserved.
294 * 200 - 254 are used by utilities like l2ping, etc.
297 spin_lock_bh(&conn->lock);
299 if (++conn->tx_ident > 128)
304 spin_unlock_bh(&conn->lock);
309 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
311 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
313 BT_DBG("code 0x%2.2x", code);
318 return hci_send_acl(conn->hcon, skb, 0);
321 static void l2cap_do_start(struct sock *sk)
323 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
325 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
326 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
329 if (l2cap_check_security(sk)) {
330 struct l2cap_conn_req req;
331 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
332 req.psm = l2cap_pi(sk)->psm;
334 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
336 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
337 L2CAP_CONN_REQ, sizeof(req), &req);
340 struct l2cap_info_req req;
341 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
343 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
344 conn->info_ident = l2cap_get_ident(conn);
346 mod_timer(&conn->info_timer, jiffies +
347 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
349 l2cap_send_cmd(conn, conn->info_ident,
350 L2CAP_INFO_REQ, sizeof(req), &req);
354 /* ---- L2CAP connections ---- */
355 static void l2cap_conn_start(struct l2cap_conn *conn)
357 struct l2cap_chan_list *l = &conn->chan_list;
360 BT_DBG("conn %p", conn);
364 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
367 if (sk->sk_type != SOCK_SEQPACKET) {
372 if (sk->sk_state == BT_CONNECT) {
373 if (l2cap_check_security(sk)) {
374 struct l2cap_conn_req req;
375 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
376 req.psm = l2cap_pi(sk)->psm;
378 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
380 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
381 L2CAP_CONN_REQ, sizeof(req), &req);
383 } else if (sk->sk_state == BT_CONNECT2) {
384 struct l2cap_conn_rsp rsp;
385 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
386 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
388 if (l2cap_check_security(sk)) {
389 if (bt_sk(sk)->defer_setup) {
390 struct sock *parent = bt_sk(sk)->parent;
391 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
392 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
393 parent->sk_data_ready(parent, 0);
396 sk->sk_state = BT_CONFIG;
397 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
398 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
401 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
402 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
405 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
406 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
412 read_unlock(&l->lock);
415 static void l2cap_conn_ready(struct l2cap_conn *conn)
417 struct l2cap_chan_list *l = &conn->chan_list;
420 BT_DBG("conn %p", conn);
424 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
427 if (sk->sk_type != SOCK_SEQPACKET) {
428 l2cap_sock_clear_timer(sk);
429 sk->sk_state = BT_CONNECTED;
430 sk->sk_state_change(sk);
431 } else if (sk->sk_state == BT_CONNECT)
437 read_unlock(&l->lock);
440 /* Notify sockets that we cannot guaranty reliability anymore */
441 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
443 struct l2cap_chan_list *l = &conn->chan_list;
446 BT_DBG("conn %p", conn);
450 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
451 if (l2cap_pi(sk)->force_reliable)
455 read_unlock(&l->lock);
458 static void l2cap_info_timeout(unsigned long arg)
460 struct l2cap_conn *conn = (void *) arg;
462 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
463 conn->info_ident = 0;
465 l2cap_conn_start(conn);
468 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
470 struct l2cap_conn *conn = hcon->l2cap_data;
475 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
479 hcon->l2cap_data = conn;
482 BT_DBG("hcon %p conn %p", hcon, conn);
484 conn->mtu = hcon->hdev->acl_mtu;
485 conn->src = &hcon->hdev->bdaddr;
486 conn->dst = &hcon->dst;
490 setup_timer(&conn->info_timer, l2cap_info_timeout,
491 (unsigned long) conn);
493 spin_lock_init(&conn->lock);
494 rwlock_init(&conn->chan_list.lock);
496 conn->disc_reason = 0x13;
501 static void l2cap_conn_del(struct hci_conn *hcon, int err)
503 struct l2cap_conn *conn = hcon->l2cap_data;
509 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
512 kfree_skb(conn->rx_skb);
515 while ((sk = conn->chan_list.head)) {
517 l2cap_chan_del(sk, err);
522 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
523 del_timer_sync(&conn->info_timer);
525 hcon->l2cap_data = NULL;
529 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
531 struct l2cap_chan_list *l = &conn->chan_list;
532 write_lock_bh(&l->lock);
533 __l2cap_chan_add(conn, sk, parent);
534 write_unlock_bh(&l->lock);
537 /* ---- Socket interface ---- */
538 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
541 struct hlist_node *node;
542 sk_for_each(sk, node, &l2cap_sk_list.head)
543 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
550 /* Find socket with psm and source bdaddr.
551 * Returns closest match.
553 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
555 struct sock *sk = NULL, *sk1 = NULL;
556 struct hlist_node *node;
558 sk_for_each(sk, node, &l2cap_sk_list.head) {
559 if (state && sk->sk_state != state)
562 if (l2cap_pi(sk)->psm == psm) {
564 if (!bacmp(&bt_sk(sk)->src, src))
568 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
572 return node ? sk : sk1;
575 /* Find socket with given address (psm, src).
576 * Returns locked socket */
577 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
580 read_lock(&l2cap_sk_list.lock);
581 s = __l2cap_get_sock_by_psm(state, psm, src);
582 if (s) bh_lock_sock(s);
583 read_unlock(&l2cap_sk_list.lock);
587 static void l2cap_sock_destruct(struct sock *sk)
591 skb_queue_purge(&sk->sk_receive_queue);
592 skb_queue_purge(&sk->sk_write_queue);
595 static void l2cap_sock_cleanup_listen(struct sock *parent)
599 BT_DBG("parent %p", parent);
601 /* Close not yet accepted channels */
602 while ((sk = bt_accept_dequeue(parent, NULL)))
603 l2cap_sock_close(sk);
605 parent->sk_state = BT_CLOSED;
606 sock_set_flag(parent, SOCK_ZAPPED);
609 /* Kill socket (only if zapped and orphan)
610 * Must be called on unlocked socket.
612 static void l2cap_sock_kill(struct sock *sk)
614 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
617 BT_DBG("sk %p state %d", sk, sk->sk_state);
619 /* Kill poor orphan */
620 bt_sock_unlink(&l2cap_sk_list, sk);
621 sock_set_flag(sk, SOCK_DEAD);
625 static void __l2cap_sock_close(struct sock *sk, int reason)
627 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
629 switch (sk->sk_state) {
631 l2cap_sock_cleanup_listen(sk);
636 if (sk->sk_type == SOCK_SEQPACKET) {
637 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
638 struct l2cap_disconn_req req;
640 sk->sk_state = BT_DISCONN;
641 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
643 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
644 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
645 l2cap_send_cmd(conn, l2cap_get_ident(conn),
646 L2CAP_DISCONN_REQ, sizeof(req), &req);
648 l2cap_chan_del(sk, reason);
652 if (sk->sk_type == SOCK_SEQPACKET) {
653 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
654 struct l2cap_conn_rsp rsp;
657 if (bt_sk(sk)->defer_setup)
658 result = L2CAP_CR_SEC_BLOCK;
660 result = L2CAP_CR_BAD_PSM;
662 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
663 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
664 rsp.result = cpu_to_le16(result);
665 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
666 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
667 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
669 l2cap_chan_del(sk, reason);
674 l2cap_chan_del(sk, reason);
678 sock_set_flag(sk, SOCK_ZAPPED);
683 /* Must be called on unlocked socket. */
684 static void l2cap_sock_close(struct sock *sk)
686 l2cap_sock_clear_timer(sk);
688 __l2cap_sock_close(sk, ECONNRESET);
693 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
695 struct l2cap_pinfo *pi = l2cap_pi(sk);
700 sk->sk_type = parent->sk_type;
701 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
703 pi->imtu = l2cap_pi(parent)->imtu;
704 pi->omtu = l2cap_pi(parent)->omtu;
705 pi->sec_level = l2cap_pi(parent)->sec_level;
706 pi->role_switch = l2cap_pi(parent)->role_switch;
707 pi->force_reliable = l2cap_pi(parent)->force_reliable;
709 pi->imtu = L2CAP_DEFAULT_MTU;
711 pi->sec_level = BT_SECURITY_LOW;
713 pi->force_reliable = 0;
716 /* Default config options */
718 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
721 static struct proto l2cap_proto = {
723 .owner = THIS_MODULE,
724 .obj_size = sizeof(struct l2cap_pinfo)
727 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
731 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
735 sock_init_data(sock, sk);
736 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
738 sk->sk_destruct = l2cap_sock_destruct;
739 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
741 sock_reset_flag(sk, SOCK_ZAPPED);
743 sk->sk_protocol = proto;
744 sk->sk_state = BT_OPEN;
746 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
748 bt_sock_link(&l2cap_sk_list, sk);
752 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
756 BT_DBG("sock %p", sock);
758 sock->state = SS_UNCONNECTED;
760 if (sock->type != SOCK_SEQPACKET &&
761 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
762 return -ESOCKTNOSUPPORT;
764 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
767 sock->ops = &l2cap_sock_ops;
769 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
773 l2cap_sock_init(sk, NULL);
777 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
779 struct sock *sk = sock->sk;
780 struct sockaddr_l2 la;
785 if (!addr || addr->sa_family != AF_BLUETOOTH)
788 memset(&la, 0, sizeof(la));
789 len = min_t(unsigned int, sizeof(la), alen);
790 memcpy(&la, addr, len);
794 if (sk->sk_state != BT_OPEN) {
799 if (la.l2_psm && btohs(la.l2_psm) < 0x1001 &&
800 !capable(CAP_NET_BIND_SERVICE)) {
805 write_lock_bh(&l2cap_sk_list.lock);
807 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
810 /* Save source address */
811 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
812 l2cap_pi(sk)->psm = la.l2_psm;
813 l2cap_pi(sk)->sport = la.l2_psm;
814 sk->sk_state = BT_BOUND;
816 if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003)
817 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
820 write_unlock_bh(&l2cap_sk_list.lock);
827 static int l2cap_do_connect(struct sock *sk)
829 bdaddr_t *src = &bt_sk(sk)->src;
830 bdaddr_t *dst = &bt_sk(sk)->dst;
831 struct l2cap_conn *conn;
832 struct hci_conn *hcon;
833 struct hci_dev *hdev;
837 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
840 if (!(hdev = hci_get_route(dst, src)))
841 return -EHOSTUNREACH;
843 hci_dev_lock_bh(hdev);
847 if (sk->sk_type == SOCK_RAW) {
848 switch (l2cap_pi(sk)->sec_level) {
849 case BT_SECURITY_HIGH:
850 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
852 case BT_SECURITY_MEDIUM:
853 auth_type = HCI_AT_DEDICATED_BONDING;
856 auth_type = HCI_AT_NO_BONDING;
859 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
860 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
861 auth_type = HCI_AT_NO_BONDING_MITM;
863 auth_type = HCI_AT_NO_BONDING;
865 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
866 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
868 switch (l2cap_pi(sk)->sec_level) {
869 case BT_SECURITY_HIGH:
870 auth_type = HCI_AT_GENERAL_BONDING_MITM;
872 case BT_SECURITY_MEDIUM:
873 auth_type = HCI_AT_GENERAL_BONDING;
876 auth_type = HCI_AT_NO_BONDING;
881 hcon = hci_connect(hdev, ACL_LINK, dst,
882 l2cap_pi(sk)->sec_level, auth_type);
886 conn = l2cap_conn_add(hcon, 0);
894 /* Update source addr of the socket */
895 bacpy(src, conn->src);
897 l2cap_chan_add(conn, sk, NULL);
899 sk->sk_state = BT_CONNECT;
900 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
902 if (hcon->state == BT_CONNECTED) {
903 if (sk->sk_type != SOCK_SEQPACKET) {
904 l2cap_sock_clear_timer(sk);
905 sk->sk_state = BT_CONNECTED;
911 hci_dev_unlock_bh(hdev);
916 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
918 struct sock *sk = sock->sk;
919 struct sockaddr_l2 la;
926 if (!addr || addr->sa_family != AF_BLUETOOTH) {
931 memset(&la, 0, sizeof(la));
932 len = min_t(unsigned int, sizeof(la), alen);
933 memcpy(&la, addr, len);
935 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
940 switch(sk->sk_state) {
944 /* Already connecting */
948 /* Already connected */
961 /* Set destination address and psm */
962 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
963 l2cap_pi(sk)->psm = la.l2_psm;
965 if ((err = l2cap_do_connect(sk)))
969 err = bt_sock_wait_state(sk, BT_CONNECTED,
970 sock_sndtimeo(sk, flags & O_NONBLOCK));
976 static int l2cap_sock_listen(struct socket *sock, int backlog)
978 struct sock *sk = sock->sk;
981 BT_DBG("sk %p backlog %d", sk, backlog);
985 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
990 if (!l2cap_pi(sk)->psm) {
991 bdaddr_t *src = &bt_sk(sk)->src;
996 write_lock_bh(&l2cap_sk_list.lock);
998 for (psm = 0x1001; psm < 0x1100; psm += 2)
999 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
1000 l2cap_pi(sk)->psm = htobs(psm);
1001 l2cap_pi(sk)->sport = htobs(psm);
1006 write_unlock_bh(&l2cap_sk_list.lock);
1012 sk->sk_max_ack_backlog = backlog;
1013 sk->sk_ack_backlog = 0;
1014 sk->sk_state = BT_LISTEN;
1021 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1023 DECLARE_WAITQUEUE(wait, current);
1024 struct sock *sk = sock->sk, *nsk;
1028 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1030 if (sk->sk_state != BT_LISTEN) {
1035 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1037 BT_DBG("sk %p timeo %ld", sk, timeo);
1039 /* Wait for an incoming connection. (wake-one). */
1040 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1041 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1042 set_current_state(TASK_INTERRUPTIBLE);
1049 timeo = schedule_timeout(timeo);
1050 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1052 if (sk->sk_state != BT_LISTEN) {
1057 if (signal_pending(current)) {
1058 err = sock_intr_errno(timeo);
1062 set_current_state(TASK_RUNNING);
1063 remove_wait_queue(sk->sk_sleep, &wait);
1068 newsock->state = SS_CONNECTED;
1070 BT_DBG("new socket %p", nsk);
1077 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1079 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1080 struct sock *sk = sock->sk;
1082 BT_DBG("sock %p, sk %p", sock, sk);
1084 addr->sa_family = AF_BLUETOOTH;
1085 *len = sizeof(struct sockaddr_l2);
1088 la->l2_psm = l2cap_pi(sk)->psm;
1089 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1090 la->l2_cid = htobs(l2cap_pi(sk)->dcid);
1092 la->l2_psm = l2cap_pi(sk)->sport;
1093 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1094 la->l2_cid = htobs(l2cap_pi(sk)->scid);
1100 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1102 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1103 struct sk_buff *skb, **frag;
1104 int err, hlen, count, sent=0;
1105 struct l2cap_hdr *lh;
1107 BT_DBG("sk %p len %d", sk, len);
1109 /* First fragment (with L2CAP header) */
1110 if (sk->sk_type == SOCK_DGRAM)
1111 hlen = L2CAP_HDR_SIZE + 2;
1113 hlen = L2CAP_HDR_SIZE;
1115 count = min_t(unsigned int, (conn->mtu - hlen), len);
1117 skb = bt_skb_send_alloc(sk, hlen + count,
1118 msg->msg_flags & MSG_DONTWAIT, &err);
1122 /* Create L2CAP header */
1123 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1124 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1125 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1127 if (sk->sk_type == SOCK_DGRAM)
1128 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1130 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1138 /* Continuation fragments (no L2CAP header) */
1139 frag = &skb_shinfo(skb)->frag_list;
1141 count = min_t(unsigned int, conn->mtu, len);
1143 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1147 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1155 frag = &(*frag)->next;
1158 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1168 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1170 struct sock *sk = sock->sk;
1173 BT_DBG("sock %p, sk %p", sock, sk);
1175 err = sock_error(sk);
1179 if (msg->msg_flags & MSG_OOB)
1182 /* Check outgoing MTU */
1183 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1188 if (sk->sk_state == BT_CONNECTED)
1189 err = l2cap_do_send(sk, msg, len);
1197 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1199 struct sock *sk = sock->sk;
1203 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1204 struct l2cap_conn_rsp rsp;
1206 sk->sk_state = BT_CONFIG;
1208 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1209 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1210 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1211 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1212 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1213 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1221 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1224 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1226 struct sock *sk = sock->sk;
1227 struct l2cap_options opts;
1231 BT_DBG("sk %p", sk);
1237 opts.imtu = l2cap_pi(sk)->imtu;
1238 opts.omtu = l2cap_pi(sk)->omtu;
1239 opts.flush_to = l2cap_pi(sk)->flush_to;
1240 opts.mode = L2CAP_MODE_BASIC;
1242 len = min_t(unsigned int, sizeof(opts), optlen);
1243 if (copy_from_user((char *) &opts, optval, len)) {
1248 l2cap_pi(sk)->imtu = opts.imtu;
1249 l2cap_pi(sk)->omtu = opts.omtu;
1253 if (get_user(opt, (u32 __user *) optval)) {
1258 if (opt & L2CAP_LM_AUTH)
1259 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1260 if (opt & L2CAP_LM_ENCRYPT)
1261 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1262 if (opt & L2CAP_LM_SECURE)
1263 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1265 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1266 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1278 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1280 struct sock *sk = sock->sk;
1281 struct bt_security sec;
1285 BT_DBG("sk %p", sk);
1287 if (level == SOL_L2CAP)
1288 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1290 if (level != SOL_BLUETOOTH)
1291 return -ENOPROTOOPT;
1297 if (sk->sk_type != SOCK_SEQPACKET) {
1302 sec.level = BT_SECURITY_LOW;
1304 len = min_t(unsigned int, sizeof(sec), optlen);
1305 if (copy_from_user((char *) &sec, optval, len)) {
1310 if (sec.level < BT_SECURITY_LOW ||
1311 sec.level > BT_SECURITY_HIGH) {
1316 l2cap_pi(sk)->sec_level = sec.level;
1319 case BT_DEFER_SETUP:
1320 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1325 if (get_user(opt, (u32 __user *) optval)) {
1330 bt_sk(sk)->defer_setup = opt;
1342 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1344 struct sock *sk = sock->sk;
1345 struct l2cap_options opts;
1346 struct l2cap_conninfo cinfo;
1350 BT_DBG("sk %p", sk);
1352 if (get_user(len, optlen))
1359 opts.imtu = l2cap_pi(sk)->imtu;
1360 opts.omtu = l2cap_pi(sk)->omtu;
1361 opts.flush_to = l2cap_pi(sk)->flush_to;
1362 opts.mode = L2CAP_MODE_BASIC;
1364 len = min_t(unsigned int, len, sizeof(opts));
1365 if (copy_to_user(optval, (char *) &opts, len))
1371 switch (l2cap_pi(sk)->sec_level) {
1372 case BT_SECURITY_LOW:
1373 opt = L2CAP_LM_AUTH;
1375 case BT_SECURITY_MEDIUM:
1376 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1378 case BT_SECURITY_HIGH:
1379 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1387 if (l2cap_pi(sk)->role_switch)
1388 opt |= L2CAP_LM_MASTER;
1390 if (l2cap_pi(sk)->force_reliable)
1391 opt |= L2CAP_LM_RELIABLE;
1393 if (put_user(opt, (u32 __user *) optval))
1397 case L2CAP_CONNINFO:
1398 if (sk->sk_state != BT_CONNECTED &&
1399 !(sk->sk_state == BT_CONNECT2 &&
1400 bt_sk(sk)->defer_setup)) {
1405 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1406 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1408 len = min_t(unsigned int, len, sizeof(cinfo));
1409 if (copy_to_user(optval, (char *) &cinfo, len))
1423 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1425 struct sock *sk = sock->sk;
1426 struct bt_security sec;
1429 BT_DBG("sk %p", sk);
1431 if (level == SOL_L2CAP)
1432 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1434 if (level != SOL_BLUETOOTH)
1435 return -ENOPROTOOPT;
1437 if (get_user(len, optlen))
1444 if (sk->sk_type != SOCK_SEQPACKET) {
1449 sec.level = l2cap_pi(sk)->sec_level;
1451 len = min_t(unsigned int, len, sizeof(sec));
1452 if (copy_to_user(optval, (char *) &sec, len))
1457 case BT_DEFER_SETUP:
1458 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1463 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1477 static int l2cap_sock_shutdown(struct socket *sock, int how)
1479 struct sock *sk = sock->sk;
1482 BT_DBG("sock %p, sk %p", sock, sk);
1488 if (!sk->sk_shutdown) {
1489 sk->sk_shutdown = SHUTDOWN_MASK;
1490 l2cap_sock_clear_timer(sk);
1491 __l2cap_sock_close(sk, 0);
1493 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1494 err = bt_sock_wait_state(sk, BT_CLOSED,
1501 static int l2cap_sock_release(struct socket *sock)
1503 struct sock *sk = sock->sk;
1506 BT_DBG("sock %p, sk %p", sock, sk);
1511 err = l2cap_sock_shutdown(sock, 2);
1514 l2cap_sock_kill(sk);
1518 static void l2cap_chan_ready(struct sock *sk)
1520 struct sock *parent = bt_sk(sk)->parent;
1522 BT_DBG("sk %p, parent %p", sk, parent);
1524 l2cap_pi(sk)->conf_state = 0;
1525 l2cap_sock_clear_timer(sk);
1528 /* Outgoing channel.
1529 * Wake up socket sleeping on connect.
1531 sk->sk_state = BT_CONNECTED;
1532 sk->sk_state_change(sk);
1534 /* Incoming channel.
1535 * Wake up socket sleeping on accept.
1537 parent->sk_data_ready(parent, 0);
1541 /* Copy frame to all raw sockets on that connection */
1542 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1544 struct l2cap_chan_list *l = &conn->chan_list;
1545 struct sk_buff *nskb;
1548 BT_DBG("conn %p", conn);
1550 read_lock(&l->lock);
1551 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1552 if (sk->sk_type != SOCK_RAW)
1555 /* Don't send frame to the socket it came from */
1559 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1562 if (sock_queue_rcv_skb(sk, nskb))
1565 read_unlock(&l->lock);
1568 /* ---- L2CAP signalling commands ---- */
1569 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1570 u8 code, u8 ident, u16 dlen, void *data)
1572 struct sk_buff *skb, **frag;
1573 struct l2cap_cmd_hdr *cmd;
1574 struct l2cap_hdr *lh;
1577 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1579 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1580 count = min_t(unsigned int, conn->mtu, len);
1582 skb = bt_skb_alloc(count, GFP_ATOMIC);
1586 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1587 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1588 lh->cid = cpu_to_le16(0x0001);
1590 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1593 cmd->len = cpu_to_le16(dlen);
1596 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1597 memcpy(skb_put(skb, count), data, count);
1603 /* Continuation fragments (no L2CAP header) */
1604 frag = &skb_shinfo(skb)->frag_list;
1606 count = min_t(unsigned int, conn->mtu, len);
1608 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1612 memcpy(skb_put(*frag, count), data, count);
1617 frag = &(*frag)->next;
1627 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1629 struct l2cap_conf_opt *opt = *ptr;
1632 len = L2CAP_CONF_OPT_SIZE + opt->len;
1640 *val = *((u8 *) opt->val);
1644 *val = __le16_to_cpu(*((__le16 *) opt->val));
1648 *val = __le32_to_cpu(*((__le32 *) opt->val));
1652 *val = (unsigned long) opt->val;
1656 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1660 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1662 struct l2cap_conf_opt *opt = *ptr;
1664 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1671 *((u8 *) opt->val) = val;
1675 *((__le16 *) opt->val) = cpu_to_le16(val);
1679 *((__le32 *) opt->val) = cpu_to_le32(val);
1683 memcpy(opt->val, (void *) val, len);
1687 *ptr += L2CAP_CONF_OPT_SIZE + len;
1690 static int l2cap_build_conf_req(struct sock *sk, void *data)
1692 struct l2cap_pinfo *pi = l2cap_pi(sk);
1693 struct l2cap_conf_req *req = data;
1694 void *ptr = req->data;
1696 BT_DBG("sk %p", sk);
1698 if (pi->imtu != L2CAP_DEFAULT_MTU)
1699 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1701 /* FIXME: Need actual value of the flush timeout */
1702 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1703 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1705 req->dcid = cpu_to_le16(pi->dcid);
1706 req->flags = cpu_to_le16(0);
1711 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1713 struct l2cap_pinfo *pi = l2cap_pi(sk);
1714 struct l2cap_conf_rsp *rsp = data;
1715 void *ptr = rsp->data;
1716 void *req = pi->conf_req;
1717 int len = pi->conf_len;
1718 int type, hint, olen;
1720 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1721 u16 mtu = L2CAP_DEFAULT_MTU;
1722 u16 result = L2CAP_CONF_SUCCESS;
1724 BT_DBG("sk %p", sk);
1726 while (len >= L2CAP_CONF_OPT_SIZE) {
1727 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1733 case L2CAP_CONF_MTU:
1737 case L2CAP_CONF_FLUSH_TO:
1741 case L2CAP_CONF_QOS:
1744 case L2CAP_CONF_RFC:
1745 if (olen == sizeof(rfc))
1746 memcpy(&rfc, (void *) val, olen);
1753 result = L2CAP_CONF_UNKNOWN;
1754 *((u8 *) ptr++) = type;
1759 if (result == L2CAP_CONF_SUCCESS) {
1760 /* Configure output options and let the other side know
1761 * which ones we don't like. */
1763 if (rfc.mode == L2CAP_MODE_BASIC) {
1765 result = L2CAP_CONF_UNACCEPT;
1768 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1771 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1773 result = L2CAP_CONF_UNACCEPT;
1775 memset(&rfc, 0, sizeof(rfc));
1776 rfc.mode = L2CAP_MODE_BASIC;
1778 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1779 sizeof(rfc), (unsigned long) &rfc);
1783 rsp->scid = cpu_to_le16(pi->dcid);
1784 rsp->result = cpu_to_le16(result);
1785 rsp->flags = cpu_to_le16(0x0000);
1790 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1792 struct l2cap_conf_rsp *rsp = data;
1793 void *ptr = rsp->data;
1795 BT_DBG("sk %p", sk);
1797 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1798 rsp->result = cpu_to_le16(result);
1799 rsp->flags = cpu_to_le16(flags);
1804 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1806 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1808 if (rej->reason != 0x0000)
1811 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1812 cmd->ident == conn->info_ident) {
1813 del_timer(&conn->info_timer);
1815 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1816 conn->info_ident = 0;
1818 l2cap_conn_start(conn);
1824 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1826 struct l2cap_chan_list *list = &conn->chan_list;
1827 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1828 struct l2cap_conn_rsp rsp;
1829 struct sock *sk, *parent;
1830 int result, status = L2CAP_CS_NO_INFO;
1832 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1833 __le16 psm = req->psm;
1835 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1837 /* Check if we have socket listening on psm */
1838 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1840 result = L2CAP_CR_BAD_PSM;
1844 /* Check if the ACL is secure enough (if not SDP) */
1845 if (psm != cpu_to_le16(0x0001) &&
1846 !hci_conn_check_link_mode(conn->hcon)) {
1847 conn->disc_reason = 0x05;
1848 result = L2CAP_CR_SEC_BLOCK;
1852 result = L2CAP_CR_NO_MEM;
1854 /* Check for backlog size */
1855 if (sk_acceptq_is_full(parent)) {
1856 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1860 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1864 write_lock_bh(&list->lock);
1866 /* Check if we already have channel with that dcid */
1867 if (__l2cap_get_chan_by_dcid(list, scid)) {
1868 write_unlock_bh(&list->lock);
1869 sock_set_flag(sk, SOCK_ZAPPED);
1870 l2cap_sock_kill(sk);
1874 hci_conn_hold(conn->hcon);
1876 l2cap_sock_init(sk, parent);
1877 bacpy(&bt_sk(sk)->src, conn->src);
1878 bacpy(&bt_sk(sk)->dst, conn->dst);
1879 l2cap_pi(sk)->psm = psm;
1880 l2cap_pi(sk)->dcid = scid;
1882 __l2cap_chan_add(conn, sk, parent);
1883 dcid = l2cap_pi(sk)->scid;
1885 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1887 l2cap_pi(sk)->ident = cmd->ident;
1889 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
1890 if (l2cap_check_security(sk)) {
1891 if (bt_sk(sk)->defer_setup) {
1892 sk->sk_state = BT_CONNECT2;
1893 result = L2CAP_CR_PEND;
1894 status = L2CAP_CS_AUTHOR_PEND;
1895 parent->sk_data_ready(parent, 0);
1897 sk->sk_state = BT_CONFIG;
1898 result = L2CAP_CR_SUCCESS;
1899 status = L2CAP_CS_NO_INFO;
1902 sk->sk_state = BT_CONNECT2;
1903 result = L2CAP_CR_PEND;
1904 status = L2CAP_CS_AUTHEN_PEND;
1907 sk->sk_state = BT_CONNECT2;
1908 result = L2CAP_CR_PEND;
1909 status = L2CAP_CS_NO_INFO;
1912 write_unlock_bh(&list->lock);
1915 bh_unlock_sock(parent);
1918 rsp.scid = cpu_to_le16(scid);
1919 rsp.dcid = cpu_to_le16(dcid);
1920 rsp.result = cpu_to_le16(result);
1921 rsp.status = cpu_to_le16(status);
1922 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1924 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1925 struct l2cap_info_req info;
1926 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1928 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1929 conn->info_ident = l2cap_get_ident(conn);
1931 mod_timer(&conn->info_timer, jiffies +
1932 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1934 l2cap_send_cmd(conn, conn->info_ident,
1935 L2CAP_INFO_REQ, sizeof(info), &info);
1941 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1943 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1944 u16 scid, dcid, result, status;
1948 scid = __le16_to_cpu(rsp->scid);
1949 dcid = __le16_to_cpu(rsp->dcid);
1950 result = __le16_to_cpu(rsp->result);
1951 status = __le16_to_cpu(rsp->status);
1953 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1956 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1959 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1964 case L2CAP_CR_SUCCESS:
1965 sk->sk_state = BT_CONFIG;
1966 l2cap_pi(sk)->ident = 0;
1967 l2cap_pi(sk)->dcid = dcid;
1968 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1970 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
1972 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1973 l2cap_build_conf_req(sk, req), req);
1977 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
1981 l2cap_chan_del(sk, ECONNREFUSED);
1989 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1991 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1997 dcid = __le16_to_cpu(req->dcid);
1998 flags = __le16_to_cpu(req->flags);
2000 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2002 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2005 if (sk->sk_state == BT_DISCONN)
2008 /* Reject if config buffer is too small. */
2009 len = cmd_len - sizeof(*req);
2010 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2011 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2012 l2cap_build_conf_rsp(sk, rsp,
2013 L2CAP_CONF_REJECT, flags), rsp);
2018 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2019 l2cap_pi(sk)->conf_len += len;
2021 if (flags & 0x0001) {
2022 /* Incomplete config. Send empty response. */
2023 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2024 l2cap_build_conf_rsp(sk, rsp,
2025 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2029 /* Complete config. */
2030 len = l2cap_parse_conf_req(sk, rsp);
2034 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2036 /* Reset config buffer. */
2037 l2cap_pi(sk)->conf_len = 0;
2039 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2042 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2043 sk->sk_state = BT_CONNECTED;
2044 l2cap_chan_ready(sk);
2048 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2050 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2051 l2cap_build_conf_req(sk, buf), buf);
2059 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2061 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2062 u16 scid, flags, result;
2065 scid = __le16_to_cpu(rsp->scid);
2066 flags = __le16_to_cpu(rsp->flags);
2067 result = __le16_to_cpu(rsp->result);
2069 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2071 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2075 case L2CAP_CONF_SUCCESS:
2078 case L2CAP_CONF_UNACCEPT:
2079 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2081 /* It does not make sense to adjust L2CAP parameters
2082 * that are currently defined in the spec. We simply
2083 * resend config request that we sent earlier. It is
2084 * stupid, but it helps qualification testing which
2085 * expects at least some response from us. */
2086 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2087 l2cap_build_conf_req(sk, req), req);
2092 sk->sk_state = BT_DISCONN;
2093 sk->sk_err = ECONNRESET;
2094 l2cap_sock_set_timer(sk, HZ * 5);
2096 struct l2cap_disconn_req req;
2097 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2098 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2099 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2100 L2CAP_DISCONN_REQ, sizeof(req), &req);
2108 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2110 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2111 sk->sk_state = BT_CONNECTED;
2112 l2cap_chan_ready(sk);
2120 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2122 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2123 struct l2cap_disconn_rsp rsp;
2127 scid = __le16_to_cpu(req->scid);
2128 dcid = __le16_to_cpu(req->dcid);
2130 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2132 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2135 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2136 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2137 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2139 sk->sk_shutdown = SHUTDOWN_MASK;
2141 l2cap_chan_del(sk, ECONNRESET);
2144 l2cap_sock_kill(sk);
2148 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2150 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2154 scid = __le16_to_cpu(rsp->scid);
2155 dcid = __le16_to_cpu(rsp->dcid);
2157 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2159 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2162 l2cap_chan_del(sk, 0);
2165 l2cap_sock_kill(sk);
2169 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2171 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2174 type = __le16_to_cpu(req->type);
2176 BT_DBG("type 0x%4.4x", type);
2178 if (type == L2CAP_IT_FEAT_MASK) {
2180 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2181 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2182 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2183 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2184 l2cap_send_cmd(conn, cmd->ident,
2185 L2CAP_INFO_RSP, sizeof(buf), buf);
2186 } else if (type == L2CAP_IT_FIXED_CHAN) {
2188 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2189 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2190 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2191 memcpy(buf + 4, l2cap_fixed_chan, 8);
2192 l2cap_send_cmd(conn, cmd->ident,
2193 L2CAP_INFO_RSP, sizeof(buf), buf);
2195 struct l2cap_info_rsp rsp;
2196 rsp.type = cpu_to_le16(type);
2197 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2198 l2cap_send_cmd(conn, cmd->ident,
2199 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2205 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2207 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2210 type = __le16_to_cpu(rsp->type);
2211 result = __le16_to_cpu(rsp->result);
2213 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2215 del_timer(&conn->info_timer);
2217 if (type == L2CAP_IT_FEAT_MASK) {
2218 conn->feat_mask = get_unaligned_le32(rsp->data);
2220 if (conn->feat_mask & 0x0080) {
2221 struct l2cap_info_req req;
2222 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2224 conn->info_ident = l2cap_get_ident(conn);
2226 l2cap_send_cmd(conn, conn->info_ident,
2227 L2CAP_INFO_REQ, sizeof(req), &req);
2229 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2230 conn->info_ident = 0;
2232 l2cap_conn_start(conn);
2234 } else if (type == L2CAP_IT_FIXED_CHAN) {
2235 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2236 conn->info_ident = 0;
2238 l2cap_conn_start(conn);
2244 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2246 u8 *data = skb->data;
2248 struct l2cap_cmd_hdr cmd;
2251 l2cap_raw_recv(conn, skb);
2253 while (len >= L2CAP_CMD_HDR_SIZE) {
2255 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2256 data += L2CAP_CMD_HDR_SIZE;
2257 len -= L2CAP_CMD_HDR_SIZE;
2259 cmd_len = le16_to_cpu(cmd.len);
2261 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2263 if (cmd_len > len || !cmd.ident) {
2264 BT_DBG("corrupted command");
2269 case L2CAP_COMMAND_REJ:
2270 l2cap_command_rej(conn, &cmd, data);
2273 case L2CAP_CONN_REQ:
2274 err = l2cap_connect_req(conn, &cmd, data);
2277 case L2CAP_CONN_RSP:
2278 err = l2cap_connect_rsp(conn, &cmd, data);
2281 case L2CAP_CONF_REQ:
2282 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2285 case L2CAP_CONF_RSP:
2286 err = l2cap_config_rsp(conn, &cmd, data);
2289 case L2CAP_DISCONN_REQ:
2290 err = l2cap_disconnect_req(conn, &cmd, data);
2293 case L2CAP_DISCONN_RSP:
2294 err = l2cap_disconnect_rsp(conn, &cmd, data);
2297 case L2CAP_ECHO_REQ:
2298 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2301 case L2CAP_ECHO_RSP:
2304 case L2CAP_INFO_REQ:
2305 err = l2cap_information_req(conn, &cmd, data);
2308 case L2CAP_INFO_RSP:
2309 err = l2cap_information_rsp(conn, &cmd, data);
2313 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2319 struct l2cap_cmd_rej rej;
2320 BT_DBG("error %d", err);
2322 /* FIXME: Map err to a valid reason */
2323 rej.reason = cpu_to_le16(0);
2324 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2334 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2338 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2340 BT_DBG("unknown cid 0x%4.4x", cid);
2344 BT_DBG("sk %p, len %d", sk, skb->len);
2346 if (sk->sk_state != BT_CONNECTED)
2349 if (l2cap_pi(sk)->imtu < skb->len)
2352 /* If socket recv buffers overflows we drop data here
2353 * which is *bad* because L2CAP has to be reliable.
2354 * But we don't have any other choice. L2CAP doesn't
2355 * provide flow control mechanism. */
2357 if (!sock_queue_rcv_skb(sk, skb))
2370 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2374 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2378 BT_DBG("sk %p, len %d", sk, skb->len);
2380 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2383 if (l2cap_pi(sk)->imtu < skb->len)
2386 if (!sock_queue_rcv_skb(sk, skb))
2393 if (sk) bh_unlock_sock(sk);
2397 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2399 struct l2cap_hdr *lh = (void *) skb->data;
2403 skb_pull(skb, L2CAP_HDR_SIZE);
2404 cid = __le16_to_cpu(lh->cid);
2405 len = __le16_to_cpu(lh->len);
2407 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2411 l2cap_sig_channel(conn, skb);
2415 psm = get_unaligned((__le16 *) skb->data);
2417 l2cap_conless_channel(conn, psm, skb);
2421 l2cap_data_channel(conn, cid, skb);
2426 /* ---- L2CAP interface with lower layer (HCI) ---- */
2428 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2430 int exact = 0, lm1 = 0, lm2 = 0;
2431 register struct sock *sk;
2432 struct hlist_node *node;
2434 if (type != ACL_LINK)
2437 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2439 /* Find listening sockets and check their link_mode */
2440 read_lock(&l2cap_sk_list.lock);
2441 sk_for_each(sk, node, &l2cap_sk_list.head) {
2442 if (sk->sk_state != BT_LISTEN)
2445 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2446 lm1 |= HCI_LM_ACCEPT;
2447 if (l2cap_pi(sk)->role_switch)
2448 lm1 |= HCI_LM_MASTER;
2450 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2451 lm2 |= HCI_LM_ACCEPT;
2452 if (l2cap_pi(sk)->role_switch)
2453 lm2 |= HCI_LM_MASTER;
2456 read_unlock(&l2cap_sk_list.lock);
2458 return exact ? lm1 : lm2;
2461 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2463 struct l2cap_conn *conn;
2465 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2467 if (hcon->type != ACL_LINK)
2471 conn = l2cap_conn_add(hcon, status);
2473 l2cap_conn_ready(conn);
2475 l2cap_conn_del(hcon, bt_err(status));
2480 static int l2cap_disconn_ind(struct hci_conn *hcon)
2482 struct l2cap_conn *conn = hcon->l2cap_data;
2484 BT_DBG("hcon %p", hcon);
2486 if (hcon->type != ACL_LINK || !conn)
2489 return conn->disc_reason;
2492 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
2494 BT_DBG("hcon %p reason %d", hcon, reason);
2496 if (hcon->type != ACL_LINK)
2499 l2cap_conn_del(hcon, bt_err(reason));
2504 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2506 if (sk->sk_type != SOCK_SEQPACKET)
2509 if (encrypt == 0x00) {
2510 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2511 l2cap_sock_clear_timer(sk);
2512 l2cap_sock_set_timer(sk, HZ * 5);
2513 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2514 __l2cap_sock_close(sk, ECONNREFUSED);
2516 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2517 l2cap_sock_clear_timer(sk);
2521 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2523 struct l2cap_chan_list *l;
2524 struct l2cap_conn *conn = hcon->l2cap_data;
2530 l = &conn->chan_list;
2532 BT_DBG("conn %p", conn);
2534 read_lock(&l->lock);
2536 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2539 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
2544 if (!status && (sk->sk_state == BT_CONNECTED ||
2545 sk->sk_state == BT_CONFIG)) {
2546 l2cap_check_encryption(sk, encrypt);
2551 if (sk->sk_state == BT_CONNECT) {
2553 struct l2cap_conn_req req;
2554 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2555 req.psm = l2cap_pi(sk)->psm;
2557 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2559 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2560 L2CAP_CONN_REQ, sizeof(req), &req);
2562 l2cap_sock_clear_timer(sk);
2563 l2cap_sock_set_timer(sk, HZ / 10);
2565 } else if (sk->sk_state == BT_CONNECT2) {
2566 struct l2cap_conn_rsp rsp;
2570 sk->sk_state = BT_CONFIG;
2571 result = L2CAP_CR_SUCCESS;
2573 sk->sk_state = BT_DISCONN;
2574 l2cap_sock_set_timer(sk, HZ / 10);
2575 result = L2CAP_CR_SEC_BLOCK;
2578 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2579 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2580 rsp.result = cpu_to_le16(result);
2581 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2582 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2583 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2589 read_unlock(&l->lock);
2594 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2596 struct l2cap_conn *conn = hcon->l2cap_data;
2598 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2601 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2603 if (flags & ACL_START) {
2604 struct l2cap_hdr *hdr;
2608 BT_ERR("Unexpected start frame (len %d)", skb->len);
2609 kfree_skb(conn->rx_skb);
2610 conn->rx_skb = NULL;
2612 l2cap_conn_unreliable(conn, ECOMM);
2616 BT_ERR("Frame is too short (len %d)", skb->len);
2617 l2cap_conn_unreliable(conn, ECOMM);
2621 hdr = (struct l2cap_hdr *) skb->data;
2622 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2624 if (len == skb->len) {
2625 /* Complete frame received */
2626 l2cap_recv_frame(conn, skb);
2630 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2632 if (skb->len > len) {
2633 BT_ERR("Frame is too long (len %d, expected len %d)",
2635 l2cap_conn_unreliable(conn, ECOMM);
2639 /* Allocate skb for the complete frame (with header) */
2640 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2643 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2645 conn->rx_len = len - skb->len;
2647 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2649 if (!conn->rx_len) {
2650 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2651 l2cap_conn_unreliable(conn, ECOMM);
2655 if (skb->len > conn->rx_len) {
2656 BT_ERR("Fragment is too long (len %d, expected %d)",
2657 skb->len, conn->rx_len);
2658 kfree_skb(conn->rx_skb);
2659 conn->rx_skb = NULL;
2661 l2cap_conn_unreliable(conn, ECOMM);
2665 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2667 conn->rx_len -= skb->len;
2669 if (!conn->rx_len) {
2670 /* Complete frame received */
2671 l2cap_recv_frame(conn, conn->rx_skb);
2672 conn->rx_skb = NULL;
2681 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2684 struct hlist_node *node;
2687 read_lock_bh(&l2cap_sk_list.lock);
2689 sk_for_each(sk, node, &l2cap_sk_list.head) {
2690 struct l2cap_pinfo *pi = l2cap_pi(sk);
2692 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2693 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2694 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2695 pi->imtu, pi->omtu, pi->sec_level);
2698 read_unlock_bh(&l2cap_sk_list.lock);
2703 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2705 static const struct proto_ops l2cap_sock_ops = {
2706 .family = PF_BLUETOOTH,
2707 .owner = THIS_MODULE,
2708 .release = l2cap_sock_release,
2709 .bind = l2cap_sock_bind,
2710 .connect = l2cap_sock_connect,
2711 .listen = l2cap_sock_listen,
2712 .accept = l2cap_sock_accept,
2713 .getname = l2cap_sock_getname,
2714 .sendmsg = l2cap_sock_sendmsg,
2715 .recvmsg = l2cap_sock_recvmsg,
2716 .poll = bt_sock_poll,
2717 .ioctl = bt_sock_ioctl,
2718 .mmap = sock_no_mmap,
2719 .socketpair = sock_no_socketpair,
2720 .shutdown = l2cap_sock_shutdown,
2721 .setsockopt = l2cap_sock_setsockopt,
2722 .getsockopt = l2cap_sock_getsockopt
2725 static struct net_proto_family l2cap_sock_family_ops = {
2726 .family = PF_BLUETOOTH,
2727 .owner = THIS_MODULE,
2728 .create = l2cap_sock_create,
2731 static struct hci_proto l2cap_hci_proto = {
2733 .id = HCI_PROTO_L2CAP,
2734 .connect_ind = l2cap_connect_ind,
2735 .connect_cfm = l2cap_connect_cfm,
2736 .disconn_ind = l2cap_disconn_ind,
2737 .disconn_cfm = l2cap_disconn_cfm,
2738 .security_cfm = l2cap_security_cfm,
2739 .recv_acldata = l2cap_recv_acldata
2742 static int __init l2cap_init(void)
2746 err = proto_register(&l2cap_proto, 0);
2750 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2752 BT_ERR("L2CAP socket registration failed");
2756 err = hci_register_proto(&l2cap_hci_proto);
2758 BT_ERR("L2CAP protocol registration failed");
2759 bt_sock_unregister(BTPROTO_L2CAP);
2763 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2764 BT_ERR("Failed to create L2CAP info file");
2766 BT_INFO("L2CAP ver %s", VERSION);
2767 BT_INFO("L2CAP socket layer initialized");
2772 proto_unregister(&l2cap_proto);
2776 static void __exit l2cap_exit(void)
2778 class_remove_file(bt_class, &class_attr_l2cap);
2780 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2781 BT_ERR("L2CAP socket unregistration failed");
2783 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2784 BT_ERR("L2CAP protocol unregistration failed");
2786 proto_unregister(&l2cap_proto);
2789 void l2cap_load(void)
2791 /* Dummy function to trigger automatic L2CAP module loading by
2792 * other modules that use L2CAP sockets but don't use any other
2793 * symbols from it. */
2796 EXPORT_SYMBOL(l2cap_load);
2798 module_init(l2cap_init);
2799 module_exit(l2cap_exit);
2801 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2802 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2803 MODULE_VERSION(VERSION);
2804 MODULE_LICENSE("GPL");
2805 MODULE_ALIAS("bt-proto-0");