l2cap.c 47.2 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
/* 
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
   SOFTWARE IS DISCLAIMED.
*/

25
/* Bluetooth L2CAP core and sockets. */
Linus Torvalds's avatar
Linus Torvalds committed
26 27 28 29 30 31 32 33 34

#include <linux/config.h>
#include <linux/module.h>

#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/major.h>
#include <linux/sched.h>
Linus Torvalds's avatar
Linus Torvalds committed
35
#include <linux/slab.h>
Linus Torvalds's avatar
Linus Torvalds committed
36 37 38 39 40 41 42
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/interrupt.h>
#include <linux/socket.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
43
#include <linux/seq_file.h>
Linus Torvalds's avatar
Linus Torvalds committed
44 45 46 47 48
#include <linux/list.h>
#include <net/sock.h>

#include <asm/system.h>
#include <asm/uaccess.h>
49
#include <asm/unaligned.h>
Linus Torvalds's avatar
Linus Torvalds committed
50 51 52 53 54

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>

55
#ifndef CONFIG_BT_L2CAP_DEBUG
56
#undef  BT_DBG
57
#define BT_DBG(D...)
Linus Torvalds's avatar
Linus Torvalds committed
58 59
#endif

60
#define VERSION "2.2"
61

62
static struct proto_ops l2cap_sock_ops;
Linus Torvalds's avatar
Linus Torvalds committed
63

64
struct bt_sock_list l2cap_sk_list = {
65
	.lock = RW_LOCK_UNLOCKED
Linus Torvalds's avatar
Linus Torvalds committed
66 67
};

68
static int l2cap_conn_del(struct hci_conn *conn, int err);
Linus Torvalds's avatar
Linus Torvalds committed
69

70
static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
Linus Torvalds's avatar
Linus Torvalds committed
71 72
static void l2cap_chan_del(struct sock *sk, int err);

73
static void __l2cap_sock_close(struct sock *sk, int reason);
Linus Torvalds's avatar
Linus Torvalds committed
74 75 76
static void l2cap_sock_close(struct sock *sk);
static void l2cap_sock_kill(struct sock *sk);

77 78
static int l2cap_send_req(struct l2cap_conn *conn, u8 code, u16 len, void *data);
static int l2cap_send_rsp(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data);
Linus Torvalds's avatar
Linus Torvalds committed
79

80
/* ---- L2CAP timers ---- */
Linus Torvalds's avatar
Linus Torvalds committed
81
static void l2cap_sock_timeout(unsigned long arg)
Linus Torvalds's avatar
Linus Torvalds committed
82 83 84
{
	struct sock *sk = (struct sock *) arg;

85
	BT_DBG("sock %p state %d", sk, sk->sk_state);
Linus Torvalds's avatar
Linus Torvalds committed
86 87

	bh_lock_sock(sk);
88
	__l2cap_sock_close(sk, ETIMEDOUT);
Linus Torvalds's avatar
Linus Torvalds committed
89 90 91 92 93 94
	bh_unlock_sock(sk);

	l2cap_sock_kill(sk);
	sock_put(sk);
}

Linus Torvalds's avatar
Linus Torvalds committed
95
static void l2cap_sock_set_timer(struct sock *sk, long timeout)
Linus Torvalds's avatar
Linus Torvalds committed
96
{
97
	BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
Linus Torvalds's avatar
Linus Torvalds committed
98

99
	if (!mod_timer(&sk->sk_timer, jiffies + timeout))
Linus Torvalds's avatar
Linus Torvalds committed
100 101 102
		sock_hold(sk);
}

Linus Torvalds's avatar
Linus Torvalds committed
103
static void l2cap_sock_clear_timer(struct sock *sk)
Linus Torvalds's avatar
Linus Torvalds committed
104
{
105
	BT_DBG("sock %p state %d", sk, sk->sk_state);
Linus Torvalds's avatar
Linus Torvalds committed
106

107
	if (timer_pending(&sk->sk_timer) && del_timer(&sk->sk_timer))
Linus Torvalds's avatar
Linus Torvalds committed
108 109 110
		__sock_put(sk);
}

Linus Torvalds's avatar
Linus Torvalds committed
111
static void l2cap_sock_init_timer(struct sock *sk)
Linus Torvalds's avatar
Linus Torvalds committed
112
{
113 114 115
	init_timer(&sk->sk_timer);
	sk->sk_timer.function = l2cap_sock_timeout;
	sk->sk_timer.data = (unsigned long)sk;
Linus Torvalds's avatar
Linus Torvalds committed
116 117
}

118 119
/* ---- L2CAP connections ---- */
static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
Linus Torvalds's avatar
Linus Torvalds committed
120 121 122
{
	struct l2cap_conn *conn;

123 124
	if ((conn = hcon->l2cap_data))
		return conn;
Linus Torvalds's avatar
Linus Torvalds committed
125

126 127
	if (status)
		return conn;
Linus Torvalds's avatar
Linus Torvalds committed
128

129 130 131
	if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
		return NULL;
	memset(conn, 0, sizeof(struct l2cap_conn));
Linus Torvalds's avatar
Linus Torvalds committed
132

133 134
	hcon->l2cap_data = conn;
	conn->hcon = hcon;
135

136 137 138
	conn->mtu = hcon->hdev->acl_mtu;
	conn->src = &hcon->hdev->bdaddr;
	conn->dst = &hcon->dst;
139

Linus Torvalds's avatar
Linus Torvalds committed
140 141 142
	spin_lock_init(&conn->lock);
	conn->chan_list.lock = RW_LOCK_UNLOCKED;

143
	BT_DBG("hcon %p conn %p", hcon, conn);
Linus Torvalds's avatar
Linus Torvalds committed
144 145 146
	return conn;
}

147
static int l2cap_conn_del(struct hci_conn *hcon, int err)
Linus Torvalds's avatar
Linus Torvalds committed
148
{
149
	struct l2cap_conn *conn;
Linus Torvalds's avatar
Linus Torvalds committed
150 151
	struct sock *sk;

152 153
	if (!(conn = hcon->l2cap_data)) 
		return 0;
Linus Torvalds's avatar
Linus Torvalds committed
154

155
	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
Linus Torvalds's avatar
Linus Torvalds committed
156 157

	if (conn->rx_skb)
Linus Torvalds's avatar
Linus Torvalds committed
158
		kfree_skb(conn->rx_skb);
Linus Torvalds's avatar
Linus Torvalds committed
159 160 161 162 163 164 165 166 167

	/* Kill channels */
	while ((sk = conn->chan_list.head)) {
		bh_lock_sock(sk);
		l2cap_chan_del(sk, err);
		bh_unlock_sock(sk);
		l2cap_sock_kill(sk);
	}

168
	hcon->l2cap_data = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
169 170 171 172
	kfree(conn);
	return 0;
}

173 174 175 176 177 178 179 180
static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
{
	struct l2cap_chan_list *l = &conn->chan_list;
	write_lock(&l->lock);
	__l2cap_chan_add(conn, sk, parent);
	write_unlock(&l->lock);
}

181 182
/* ---- Socket interface ---- */
static struct sock *__l2cap_get_sock_by_addr(u16 psm, bdaddr_t *src)
Linus Torvalds's avatar
Linus Torvalds committed
183 184
{
	struct sock *sk;
185 186
	struct hlist_node *node;
	sk_for_each(sk, node, &l2cap_sk_list.head)
187
		if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
188 189 190
			goto found;
	sk = NULL;
found:
Linus Torvalds's avatar
Linus Torvalds committed
191 192 193
	return sk;
}

194
/* Find socket with psm and source bdaddr.
Linus Torvalds's avatar
Linus Torvalds committed
195 196
 * Returns closest match.
 */
197
static struct sock *__l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
Linus Torvalds's avatar
Linus Torvalds committed
198
{
199
	struct sock *sk = NULL, *sk1 = NULL;
200
	struct hlist_node *node;
Linus Torvalds's avatar
Linus Torvalds committed
201

202
	sk_for_each(sk, node, &l2cap_sk_list.head) {
203
		if (state && sk->sk_state != state)
Linus Torvalds's avatar
Linus Torvalds committed
204 205
			continue;

206
		if (l2cap_pi(sk)->psm == psm) {
Linus Torvalds's avatar
Linus Torvalds committed
207
			/* Exact match. */
208
			if (!bacmp(&bt_sk(sk)->src, src))
Linus Torvalds's avatar
Linus Torvalds committed
209 210 211
				break;

			/* Closest match */
212
			if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
Linus Torvalds's avatar
Linus Torvalds committed
213 214 215
				sk1 = sk;
		}
	}
216
	return node ? sk : sk1;
217
}
Linus Torvalds's avatar
Linus Torvalds committed
218

219 220
/* Find socket with given address (psm, src).
 * Returns locked socket */
221
static inline struct sock *l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
222 223 224 225 226
{
	struct sock *s;
	read_lock(&l2cap_sk_list.lock);
	s = __l2cap_get_sock_by_psm(state, psm, src);
	if (s) bh_lock_sock(s);
Linus Torvalds's avatar
Linus Torvalds committed
227
	read_unlock(&l2cap_sk_list.lock);
228
	return s;
Linus Torvalds's avatar
Linus Torvalds committed
229 230 231 232
}

static void l2cap_sock_destruct(struct sock *sk)
{
233
	BT_DBG("sk %p", sk);
Linus Torvalds's avatar
Linus Torvalds committed
234

235 236
	skb_queue_purge(&sk->sk_receive_queue);
	skb_queue_purge(&sk->sk_write_queue);
237

238 239
	if (sk->sk_protinfo)
		kfree(sk->sk_protinfo);
Linus Torvalds's avatar
Linus Torvalds committed
240 241 242 243 244 245
}

static void l2cap_sock_cleanup_listen(struct sock *parent)
{
	struct sock *sk;

246
	BT_DBG("parent %p", parent);
Linus Torvalds's avatar
Linus Torvalds committed
247 248

	/* Close not yet accepted channels */
249
	while ((sk = bt_accept_dequeue(parent, NULL)))
Linus Torvalds's avatar
Linus Torvalds committed
250 251
		l2cap_sock_close(sk);

252 253
	parent->sk_state  = BT_CLOSED;
	parent->sk_zapped = 1;
Linus Torvalds's avatar
Linus Torvalds committed
254 255 256 257 258 259 260
}

/* Kill socket (only if zapped and orphan)
 * Must be called on unlocked socket.
 */
static void l2cap_sock_kill(struct sock *sk)
{
261
	if (!sk->sk_zapped || sk->sk_socket)
Linus Torvalds's avatar
Linus Torvalds committed
262 263
		return;

264
	BT_DBG("sk %p state %d", sk, sk->sk_state);
Linus Torvalds's avatar
Linus Torvalds committed
265 266

	/* Kill poor orphan */
267
	bt_sock_unlink(&l2cap_sk_list, sk);
268
	sock_set_flag(sk, SOCK_DEAD);
Linus Torvalds's avatar
Linus Torvalds committed
269 270 271
	sock_put(sk);
}

272
static void __l2cap_sock_close(struct sock *sk, int reason)
Linus Torvalds's avatar
Linus Torvalds committed
273
{
274
	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
Linus Torvalds's avatar
Linus Torvalds committed
275

276
	switch (sk->sk_state) {
Linus Torvalds's avatar
Linus Torvalds committed
277 278 279 280 281 282
	case BT_LISTEN:
		l2cap_sock_cleanup_listen(sk);
		break;

	case BT_CONNECTED:
	case BT_CONFIG:
283
	case BT_CONNECT2:
284
		if (sk->sk_type == SOCK_SEQPACKET) {
285
			struct l2cap_conn *conn = l2cap_pi(sk)->conn;
286
			struct l2cap_disconn_req req;
Linus Torvalds's avatar
Linus Torvalds committed
287

288
			sk->sk_state = BT_DISCONN;
289
			l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
Linus Torvalds's avatar
Linus Torvalds committed
290 291 292

			req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
			req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
293
			l2cap_send_req(conn, L2CAP_DISCONN_REQ, sizeof(req), &req);
Linus Torvalds's avatar
Linus Torvalds committed
294
		} else {
295
			l2cap_chan_del(sk, reason);
Linus Torvalds's avatar
Linus Torvalds committed
296 297 298 299 300
		}
		break;

	case BT_CONNECT:
	case BT_DISCONN:
301
		l2cap_chan_del(sk, reason);
Linus Torvalds's avatar
Linus Torvalds committed
302 303 304
		break;

	default:
305
		sk->sk_zapped = 1;
Linus Torvalds's avatar
Linus Torvalds committed
306
		break;
307
	}
308 309 310 311 312 313 314 315
}

/* Must be called on unlocked socket. */
static void l2cap_sock_close(struct sock *sk)
{
	l2cap_sock_clear_timer(sk);
	lock_sock(sk);
	__l2cap_sock_close(sk, ECONNRESET);
Linus Torvalds's avatar
Linus Torvalds committed
316 317 318 319 320 321 322 323
	release_sock(sk);
	l2cap_sock_kill(sk);
}

static void l2cap_sock_init(struct sock *sk, struct sock *parent)
{
	struct l2cap_pinfo *pi = l2cap_pi(sk);

324
	BT_DBG("sk %p", sk);
Linus Torvalds's avatar
Linus Torvalds committed
325 326

	if (parent) {
327
		sk->sk_type = parent->sk_type;
Linus Torvalds's avatar
Linus Torvalds committed
328 329
		pi->imtu = l2cap_pi(parent)->imtu;
		pi->omtu = l2cap_pi(parent)->omtu;
330
		pi->link_mode = l2cap_pi(parent)->link_mode;
Linus Torvalds's avatar
Linus Torvalds committed
331 332 333
	} else {
		pi->imtu = L2CAP_DEFAULT_MTU;
		pi->omtu = 0;
334
		pi->link_mode = 0;
Linus Torvalds's avatar
Linus Torvalds committed
335 336 337 338 339 340 341 342 343 344 345
	}

	/* Default config options */
	pi->conf_mtu = L2CAP_DEFAULT_MTU;
	pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
}

static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
{
	struct sock *sk;

346
	sk = bt_sock_alloc(sock, proto, sizeof(struct l2cap_pinfo), prio);
347
	if (!sk)
Linus Torvalds's avatar
Linus Torvalds committed
348 349
		return NULL;

350 351
	sk_set_owner(sk, THIS_MODULE);

352 353
	sk->sk_destruct = l2cap_sock_destruct;
	sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
354

355 356
	sk->sk_protocol = proto;
	sk->sk_state    = BT_OPEN;
Linus Torvalds's avatar
Linus Torvalds committed
357

Linus Torvalds's avatar
Linus Torvalds committed
358
	l2cap_sock_init_timer(sk);
Linus Torvalds's avatar
Linus Torvalds committed
359

360
	bt_sock_link(&l2cap_sk_list, sk);
Linus Torvalds's avatar
Linus Torvalds committed
361 362 363 364 365 366 367
	return sk;
}

static int l2cap_sock_create(struct socket *sock, int protocol)
{
	struct sock *sk;

368
	BT_DBG("sock %p", sock);
Linus Torvalds's avatar
Linus Torvalds committed
369

370 371 372
	sock->state = SS_UNCONNECTED;

	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
Linus Torvalds's avatar
Linus Torvalds committed
373
		return -ESOCKTNOSUPPORT;
374

375 376
	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
		return -EPERM;
377

378
	sock->ops = &l2cap_sock_ops;
Linus Torvalds's avatar
Linus Torvalds committed
379

380 381
	sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL);
	if (!sk)
Linus Torvalds's avatar
Linus Torvalds committed
382 383 384 385 386 387 388 389 390 391 392 393
		return -ENOMEM;

	l2cap_sock_init(sk, NULL);
	return 0;
}

static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
	struct sock *sk = sock->sk;
	int err = 0;

394
	BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
Linus Torvalds's avatar
Linus Torvalds committed
395 396 397 398 399 400

	if (!addr || addr->sa_family != AF_BLUETOOTH)
		return -EINVAL;

	lock_sock(sk);

401
	if (sk->sk_state != BT_OPEN) {
Linus Torvalds's avatar
Linus Torvalds committed
402 403 404 405
		err = -EBADFD;
		goto done;
	}

406
	write_lock_bh(&l2cap_sk_list.lock);
407

408
	if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
Linus Torvalds's avatar
Linus Torvalds committed
409
		err = -EADDRINUSE;
410 411
	} else {
		/* Save source address */
412
		bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
413 414
		l2cap_pi(sk)->psm   = la->l2_psm;
		l2cap_pi(sk)->sport = la->l2_psm;
415
		sk->sk_state = BT_BOUND;
Linus Torvalds's avatar
Linus Torvalds committed
416
	}
417

418
	write_unlock_bh(&l2cap_sk_list.lock);
Linus Torvalds's avatar
Linus Torvalds committed
419 420 421 422 423 424

done:
	release_sock(sk);
	return err;
}

425 426 427 428 429
static int l2cap_do_connect(struct sock *sk)
{
	bdaddr_t *src = &bt_sk(sk)->src;
	bdaddr_t *dst = &bt_sk(sk)->dst;
	struct l2cap_conn *conn;
430 431
	struct hci_conn *hcon;
	struct hci_dev *hdev;
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459
	int err = 0;

	BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);

	if (!(hdev = hci_get_route(dst, src)))
		return -EHOSTUNREACH;

	hci_dev_lock_bh(hdev);

	err = -ENOMEM;

	hcon = hci_connect(hdev, ACL_LINK, dst);
	if (!hcon)
		goto done;

	conn = l2cap_conn_add(hcon, 0);
	if (!conn) {
		hci_conn_put(hcon);
		goto done;
	}

	err = 0;

	/* Update source addr of the socket */
	bacpy(src, conn->src);

	l2cap_chan_add(conn, sk, NULL);

460 461
	sk->sk_state = BT_CONNECT;
	l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
462 463

	if (hcon->state == BT_CONNECTED) {
464
		if (sk->sk_type == SOCK_SEQPACKET) {
465 466 467 468 469 470
			struct l2cap_conn_req req;
			req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
			req.psm  = l2cap_pi(sk)->psm;
			l2cap_send_req(conn, L2CAP_CONN_REQ, sizeof(req), &req);
		} else {
			l2cap_sock_clear_timer(sk);
471
			sk->sk_state = BT_CONNECTED;
472 473 474 475 476 477 478 479 480
		}
	}

done:
	hci_dev_unlock_bh(hdev);
	hci_dev_put(hdev);
	return err;
}

Linus Torvalds's avatar
Linus Torvalds committed
481 482 483 484 485 486 487 488
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
	struct sock *sk = sock->sk;
	int err = 0;

	lock_sock(sk);

489
	BT_DBG("sk %p", sk);
Linus Torvalds's avatar
Linus Torvalds committed
490 491 492 493 494 495

	if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
		err = -EINVAL;
		goto done;
	}

496
	if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
497
		err = -EINVAL;
Linus Torvalds's avatar
Linus Torvalds committed
498 499 500
		goto done;
	}

501
	switch(sk->sk_state) {
502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518
	case BT_CONNECT:
	case BT_CONNECT2:
	case BT_CONFIG:
		/* Already connecting */
		goto wait;

	case BT_CONNECTED:
		/* Already connected */
		goto done;

	case BT_OPEN:
	case BT_BOUND:
		/* Can connect */
		break;

	default:
		err = -EBADFD;
Linus Torvalds's avatar
Linus Torvalds committed
519 520 521 522
		goto done;
	}

	/* Set destination address and psm */
523
	bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
Linus Torvalds's avatar
Linus Torvalds committed
524 525
	l2cap_pi(sk)->psm = la->l2_psm;

526
	if ((err = l2cap_do_connect(sk)))
Linus Torvalds's avatar
Linus Torvalds committed
527 528
		goto done;

529
wait:
530 531
	err = bt_sock_wait_state(sk, BT_CONNECTED,
			sock_sndtimeo(sk, flags & O_NONBLOCK));
Linus Torvalds's avatar
Linus Torvalds committed
532 533 534 535 536
done:
	release_sock(sk);
	return err;
}

537
static int l2cap_sock_listen(struct socket *sock, int backlog)
Linus Torvalds's avatar
Linus Torvalds committed
538 539 540 541
{
	struct sock *sk = sock->sk;
	int err = 0;

542
	BT_DBG("sk %p backlog %d", sk, backlog);
Linus Torvalds's avatar
Linus Torvalds committed
543 544 545

	lock_sock(sk);

546
	if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
Linus Torvalds's avatar
Linus Torvalds committed
547 548 549 550 551
		err = -EBADFD;
		goto done;
	}

	if (!l2cap_pi(sk)->psm) {
552 553 554
		bdaddr_t *src = &bt_sk(sk)->src;
		u16 psm;

Linus Torvalds's avatar
Linus Torvalds committed
555
		err = -EINVAL;
556 557 558 559 560 561 562 563 564 565 566 567 568 569 570

		write_lock_bh(&l2cap_sk_list.lock);

		for (psm = 0x1001; psm < 0x1100; psm += 2)
			if (!__l2cap_get_sock_by_addr(psm, src)) {
				l2cap_pi(sk)->psm   = htobs(psm);
				l2cap_pi(sk)->sport = htobs(psm);
				err = 0;
				break;
			}

		write_unlock_bh(&l2cap_sk_list.lock);

		if (err < 0)
			goto done;
Linus Torvalds's avatar
Linus Torvalds committed
571 572
	}

573 574 575
	sk->sk_max_ack_backlog = backlog;
	sk->sk_ack_backlog = 0;
	sk->sk_state = BT_LISTEN;
Linus Torvalds's avatar
Linus Torvalds committed
576 577 578 579 580 581

done:
	release_sock(sk);
	return err;
}

582
static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
Linus Torvalds's avatar
Linus Torvalds committed
583 584
{
	DECLARE_WAITQUEUE(wait, current);
585
	struct sock *sk = sock->sk, *nsk;
Linus Torvalds's avatar
Linus Torvalds committed
586 587 588 589 590
	long timeo;
	int err = 0;

	lock_sock(sk);

591
	if (sk->sk_state != BT_LISTEN) {
Linus Torvalds's avatar
Linus Torvalds committed
592 593 594 595 596 597
		err = -EBADFD;
		goto done;
	}

	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);

598
	BT_DBG("sk %p timeo %ld", sk, timeo);
Linus Torvalds's avatar
Linus Torvalds committed
599 600

	/* Wait for an incoming connection. (wake-one). */
601
	add_wait_queue_exclusive(sk->sk_sleep, &wait);
602
	while (!(nsk = bt_accept_dequeue(sk, newsock))) {
603
		set_current_state(TASK_INTERRUPTIBLE);
Linus Torvalds's avatar
Linus Torvalds committed
604 605 606 607 608 609 610 611 612
		if (!timeo) {
			err = -EAGAIN;
			break;
		}

		release_sock(sk);
		timeo = schedule_timeout(timeo);
		lock_sock(sk);

613
		if (sk->sk_state != BT_LISTEN) {
Linus Torvalds's avatar
Linus Torvalds committed
614 615 616 617 618 619 620 621 622
			err = -EBADFD;
			break;
		}

		if (signal_pending(current)) {
			err = sock_intr_errno(timeo);
			break;
		}
	}
623
	set_current_state(TASK_RUNNING);
624
	remove_wait_queue(sk->sk_sleep, &wait);
Linus Torvalds's avatar
Linus Torvalds committed
625 626 627 628 629 630

	if (err)
		goto done;

	newsock->state = SS_CONNECTED;

631
	BT_DBG("new socket %p", nsk);
Linus Torvalds's avatar
Linus Torvalds committed
632 633 634 635 636 637 638 639 640 641 642

done:
	release_sock(sk);
	return err;
}

static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
{
	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
	struct sock *sk = sock->sk;

643
	BT_DBG("sock %p, sk %p", sock, sk);
Linus Torvalds's avatar
Linus Torvalds committed
644 645 646 647 648

	addr->sa_family = AF_BLUETOOTH;
	*len = sizeof(struct sockaddr_l2);

	if (peer)
649
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
Linus Torvalds's avatar
Linus Torvalds committed
650
	else
651
		bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
Linus Torvalds's avatar
Linus Torvalds committed
652 653 654 655 656

	la->l2_psm = l2cap_pi(sk)->psm;
	return 0;
}

657 658 659 660 661 662 663 664 665 666
static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
{
	struct l2cap_conn *conn = l2cap_pi(sk)->conn;
	struct sk_buff *skb, **frag;
	int err, hlen, count, sent=0;
	struct l2cap_hdr *lh;

	BT_DBG("sk %p len %d", sk, len);

	/* First fragment (with L2CAP header) */
667
	if (sk->sk_type == SOCK_DGRAM)
668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683
		hlen = L2CAP_HDR_SIZE + 2;
	else
		hlen = L2CAP_HDR_SIZE;

	count = min_t(unsigned int, (conn->mtu - hlen), len);

	skb = bt_skb_send_alloc(sk, hlen + count,
			msg->msg_flags & MSG_DONTWAIT, &err);
	if (!skb)
		return err;

	/* Create L2CAP header */
	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
	lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
	lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));

684
	if (sk->sk_type == SOCK_DGRAM)
685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724
		put_unaligned(l2cap_pi(sk)->psm, (u16 *) skb_put(skb, 2));

	if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
		err = -EFAULT;
		goto fail;
	}

	sent += count;
	len  -= count;

	/* Continuation fragments (no L2CAP header) */
	frag = &skb_shinfo(skb)->frag_list;
	while (len) {
		count = min_t(unsigned int, conn->mtu, len);

		*frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
		if (!*frag)
			goto fail;
		
		if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
			err = -EFAULT;
			goto fail;
		}

		sent += count;
		len  -= count;

		frag = &(*frag)->next;
	}

	if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
		goto fail;

	return sent;

fail:
	kfree_skb(skb);
	return err;
}

725 726
static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 
			      struct msghdr *msg, size_t len)
Linus Torvalds's avatar
Linus Torvalds committed
727 728 729 730
{
	struct sock *sk = sock->sk;
	int err = 0;

731
	BT_DBG("sock %p, sk %p", sock, sk);
Linus Torvalds's avatar
Linus Torvalds committed
732

733
	if (sk->sk_err)
Linus Torvalds's avatar
Linus Torvalds committed
734 735 736 737 738
		return sock_error(sk);

	if (msg->msg_flags & MSG_OOB)
		return -EOPNOTSUPP;

739 740 741 742
	/* Check outgoing MTU */
	if (len > l2cap_pi(sk)->omtu)
		return -EINVAL;

Linus Torvalds's avatar
Linus Torvalds committed
743 744
	lock_sock(sk);

745
	if (sk->sk_state == BT_CONNECTED)
746
		err = l2cap_do_send(sk, msg, len);
Linus Torvalds's avatar
Linus Torvalds committed
747 748 749 750 751 752 753
	else
		err = -ENOTCONN;

	release_sock(sk);
	return err;
}

754
static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
Linus Torvalds's avatar
Linus Torvalds committed
755 756 757
{
	struct sock *sk = sock->sk;
	struct l2cap_options opts;
758
	int err = 0, len;
759
	u32 opt;
Linus Torvalds's avatar
Linus Torvalds committed
760

761
	BT_DBG("sk %p", sk);
Linus Torvalds's avatar
Linus Torvalds committed
762 763 764 765 766

	lock_sock(sk);

	switch (optname) {
	case L2CAP_OPTIONS:
767
		len = min_t(unsigned int, sizeof(opts), optlen);
768
		if (copy_from_user((char *)&opts, optval, len)) {
Linus Torvalds's avatar
Linus Torvalds committed
769 770 771
			err = -EFAULT;
			break;
		}
772 773 774 775 776
		l2cap_pi(sk)->imtu  = opts.imtu;
		l2cap_pi(sk)->omtu  = opts.omtu;
		break;

	case L2CAP_LM:
777
		if (get_user(opt, (u32 *)optval)) {
778 779 780 781 782
			err = -EFAULT;
			break;
		}

		l2cap_pi(sk)->link_mode = opt;
Linus Torvalds's avatar
Linus Torvalds committed
783 784 785 786 787
		break;

	default:
		err = -ENOPROTOOPT;
		break;
788
	}
Linus Torvalds's avatar
Linus Torvalds committed
789 790 791 792 793

	release_sock(sk);
	return err;
}

794
static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
Linus Torvalds's avatar
Linus Torvalds committed
795 796 797
{
	struct sock *sk = sock->sk;
	struct l2cap_options opts;
Linus Torvalds's avatar
Linus Torvalds committed
798 799
	struct l2cap_conninfo cinfo;
	int len, err = 0; 
Linus Torvalds's avatar
Linus Torvalds committed
800 801 802 803

	if (get_user(len, optlen))
		return -EFAULT;

Linus Torvalds's avatar
Linus Torvalds committed
804 805
	lock_sock(sk);

Linus Torvalds's avatar
Linus Torvalds committed
806 807 808 809 810 811
	switch (optname) {
	case L2CAP_OPTIONS:
		opts.imtu     = l2cap_pi(sk)->imtu;
		opts.omtu     = l2cap_pi(sk)->omtu;
		opts.flush_to = l2cap_pi(sk)->flush_to;

812
		len = min_t(unsigned int, len, sizeof(opts));
Linus Torvalds's avatar
Linus Torvalds committed
813
		if (copy_to_user(optval, (char *)&opts, len))
Linus Torvalds's avatar
Linus Torvalds committed
814 815 816 817
			err = -EFAULT;

		break;

818
	case L2CAP_LM:
819
		if (put_user(l2cap_pi(sk)->link_mode, (u32 *)optval))
820 821 822
			err = -EFAULT;
		break;

Linus Torvalds's avatar
Linus Torvalds committed
823
	case L2CAP_CONNINFO:
824
		if (sk->sk_state != BT_CONNECTED) {
Linus Torvalds's avatar
Linus Torvalds committed
825 826 827 828
			err = -ENOTCONN;
			break;
		}

829
		cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
Linus Torvalds's avatar
Linus Torvalds committed
830

831
		len = min_t(unsigned int, len, sizeof(cinfo));
Linus Torvalds's avatar
Linus Torvalds committed
832 833
		if (copy_to_user(optval, (char *)&cinfo, len))
			err = -EFAULT;
Linus Torvalds's avatar
Linus Torvalds committed
834 835 836 837

		break;

	default:
Linus Torvalds's avatar
Linus Torvalds committed
838
		err = -ENOPROTOOPT;
Linus Torvalds's avatar
Linus Torvalds committed
839
		break;
840
	}
Linus Torvalds's avatar
Linus Torvalds committed
841

842 843
	release_sock(sk);
	return err;
Linus Torvalds's avatar
Linus Torvalds committed
844 845
}

846 847 848
static int l2cap_sock_shutdown(struct socket *sock, int how)
{
	struct sock *sk = sock->sk;
849
	int err = 0;
850 851 852

	BT_DBG("sock %p, sk %p", sock, sk);

853 854
	if (!sk)
		return 0;
855 856

	lock_sock(sk);
857 858 859 860
	if (!sk->sk_shutdown) {
		sk->sk_shutdown = SHUTDOWN_MASK;
		l2cap_sock_clear_timer(sk);
		__l2cap_sock_close(sk, 0);
861

862 863 864 865 866
		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
			err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
	}
	release_sock(sk);
	return err;
867 868
}

Linus Torvalds's avatar
Linus Torvalds committed
869 870 871
static int l2cap_sock_release(struct socket *sock)
{
	struct sock *sk = sock->sk;
872
	int err;
Linus Torvalds's avatar
Linus Torvalds committed
873

874
	BT_DBG("sock %p, sk %p", sock, sk);
Linus Torvalds's avatar
Linus Torvalds committed
875

876 877
	if (!sk)
		return 0;
Linus Torvalds's avatar
Linus Torvalds committed
878

879 880
	err = l2cap_sock_shutdown(sock, 2);

Linus Torvalds's avatar
Linus Torvalds committed
881
	sock_orphan(sk);
882 883
	l2cap_sock_kill(sk);
	return err;
Linus Torvalds's avatar
Linus Torvalds committed
884 885
}

886 887
/* ---- L2CAP channels ---- */
static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
Linus Torvalds's avatar
Linus Torvalds committed
888 889 890 891 892 893 894 895 896
{
	struct sock *s;
	for (s = l->head; s; s = l2cap_pi(s)->next_c) {
		if (l2cap_pi(s)->dcid == cid)
			break;
	}
	return s;
}

897
static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
Linus Torvalds's avatar
Linus Torvalds committed
898 899 900 901 902 903 904 905
{
	struct sock *s;
	for (s = l->head; s; s = l2cap_pi(s)->next_c) {
		if (l2cap_pi(s)->scid == cid)
			break;
	}
	return s;
}
906 907 908

/* Find channel with given SCID.
 * Returns locked socket */
909
static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
Linus Torvalds's avatar
Linus Torvalds committed
910 911 912 913
{
	struct sock *s;
	read_lock(&l->lock);
	s = __l2cap_get_chan_by_scid(l, cid);
914
	if (s) bh_lock_sock(s);
Linus Torvalds's avatar
Linus Torvalds committed
915 916 917 918
	read_unlock(&l->lock);
	return s;
}

919
static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
Linus Torvalds's avatar
Linus Torvalds committed
920
{
921
	u16 cid = 0x0040;
Linus Torvalds's avatar
Linus Torvalds committed
922 923 924 925 926 927 928 929 930

	for (; cid < 0xffff; cid++) {
		if(!__l2cap_get_chan_by_scid(l, cid))
			return cid;
	}

	return 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
931
static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
Linus Torvalds's avatar
Linus Torvalds committed
932 933 934 935 936 937 938 939 940 941 942
{
	sock_hold(sk);

	if (l->head)
		l2cap_pi(l->head)->prev_c = sk;

	l2cap_pi(sk)->next_c = l->head;
	l2cap_pi(sk)->prev_c = NULL;
	l->head = sk;
}

Linus Torvalds's avatar
Linus Torvalds committed
943
static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
Linus Torvalds's avatar
Linus Torvalds committed
944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963
{
	struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;

	write_lock(&l->lock);
	if (sk == l->head)
		l->head = next;

	if (next)
		l2cap_pi(next)->prev_c = prev;
	if (prev)
		l2cap_pi(prev)->next_c = next;
	write_unlock(&l->lock);

	__sock_put(sk);
}

static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
{
	struct l2cap_chan_list *l = &conn->chan_list;

964
	BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
Linus Torvalds's avatar
Linus Torvalds committed
965 966 967

	l2cap_pi(sk)->conn = conn;

968
	if (sk->sk_type == SOCK_SEQPACKET) {
969
		/* Alloc CID for connection-oriented socket */
Linus Torvalds's avatar
Linus Torvalds committed
970
		l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
971
	} else if (sk->sk_type == SOCK_DGRAM) {
972 973 974 975
		/* Connectionless socket */
		l2cap_pi(sk)->scid = 0x0002;
		l2cap_pi(sk)->dcid = 0x0002;
		l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
Linus Torvalds's avatar
Linus Torvalds committed
976
	} else {
977
		/* Raw socket can send/recv signalling messages only */
Linus Torvalds's avatar
Linus Torvalds committed
978 979 980 981 982 983 984 985
		l2cap_pi(sk)->scid = 0x0001;
		l2cap_pi(sk)->dcid = 0x0001;
		l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
	}

	__l2cap_chan_link(l, sk);

	if (parent)
986
		bt_accept_enqueue(parent, sk);
Linus Torvalds's avatar
Linus Torvalds committed
987 988
}

Linus Torvalds's avatar
Linus Torvalds committed
989 990
/* Delete channel. 
 * Must be called on the locked socket. */
Linus Torvalds's avatar
Linus Torvalds committed
991 992
static void l2cap_chan_del(struct sock *sk, int err)
{
993
	struct l2cap_conn *conn = l2cap_pi(sk)->conn;
994
	struct sock *parent = bt_sk(sk)->parent;
Linus Torvalds's avatar
Linus Torvalds committed
995

996
	l2cap_sock_clear_timer(sk);
Linus Torvalds's avatar
Linus Torvalds committed
997

998
	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
Linus Torvalds's avatar
Linus Torvalds committed
999

Linus Torvalds's avatar
Linus Torvalds committed
1000
	if (conn) { 
Linus Torvalds's avatar
Linus Torvalds committed
1001 1002 1003
		/* Unlink from channel list */
		l2cap_chan_unlink(&conn->chan_list, sk);
		l2cap_pi(sk)->conn = NULL;
1004
		hci_conn_put(conn->hcon);
Linus Torvalds's avatar
Linus Torvalds committed
1005 1006
	}

1007
	sk->sk_state  = BT_CLOSED;
1008
	sk->sk_zapped = 1;
1009

1010 1011
	if (err)
		sk->sk_err = err;
1012 1013

	if (parent)
1014
		parent->sk_data_ready(parent, 0);
1015
	else
1016
		sk->sk_state_change(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1017 1018 1019 1020 1021 1022 1023
}

static void l2cap_conn_ready(struct l2cap_conn *conn)
{
	struct l2cap_chan_list *l = &conn->chan_list;
	struct sock *sk;

1024
	BT_DBG("conn %p", conn);
Linus Torvalds's avatar
Linus Torvalds committed
1025 1026 1027 1028 1029 1030

	read_lock(&l->lock);

	for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
		bh_lock_sock(sk);

1031
		if (sk->sk_type != SOCK_SEQPACKET) {
1032
			l2cap_sock_clear_timer(sk);
1033 1034 1035
			sk->sk_state = BT_CONNECTED;
			sk->sk_state_change(sk);
		} else if (sk->sk_state == BT_CONNECT) {
1036
			struct l2cap_conn_req req;
Linus Torvalds's avatar
Linus Torvalds committed
1037 1038
			req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
			req.psm  = l2cap_pi(sk)->psm;
1039
			l2cap_send_req(conn, L2CAP_CONN_REQ, sizeof(req), &req);
Linus Torvalds's avatar
Linus Torvalds committed
1040 1041 1042 1043 1044 1045 1046 1047 1048 1049
		}

		bh_unlock_sock(sk);
	}

	read_unlock(&l->lock);
}

static void l2cap_chan_ready(struct sock *sk)
{
1050
	struct sock *parent = bt_sk(sk)->parent;
Linus Torvalds's avatar
Linus Torvalds committed
1051

1052
	BT_DBG("sk %p, parent %p", sk, parent);
Linus Torvalds's avatar
Linus Torvalds committed
1053 1054

	l2cap_pi(sk)->conf_state = 0;
Linus Torvalds's avatar
Linus Torvalds committed
1055
	l2cap_sock_clear_timer(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1056 1057 1058 1059 1060

	if (!parent) {
		/* Outgoing channel.
		 * Wake up socket sleeping on connect.
		 */
1061 1062
		sk->sk_state = BT_CONNECTED;
		sk->sk_state_change(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1063
	} else {
Steven Cole's avatar
Steven Cole committed
1064
		/* Incoming channel.
Linus Torvalds's avatar
Linus Torvalds committed
1065 1066
		 * Wake up socket sleeping on accept.
		 */
1067
		parent->sk_data_ready(parent, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1068 1069 1070 1071
	}
}

/* Copy frame to all raw sockets on that connection */
1072
static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
Linus Torvalds's avatar
Linus Torvalds committed
1073 1074 1075 1076 1077
{
	struct l2cap_chan_list *l = &conn->chan_list;
	struct sk_buff *nskb;
	struct sock * sk;

1078
	BT_DBG("conn %p", conn);
Linus Torvalds's avatar
Linus Torvalds committed
1079 1080 1081

	read_lock(&l->lock);
	for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1082
		if (sk->sk_type != SOCK_RAW)
Linus Torvalds's avatar
Linus Torvalds committed
1083 1084 1085 1086 1087 1088
			continue;

		/* Don't send frame to the socket it came from */
		if (skb->sk == sk)
			continue;

Linus Torvalds's avatar
Linus Torvalds committed
1089
		if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
Linus Torvalds's avatar
Linus Torvalds committed
1090 1091
			continue;

1092 1093
		if (sock_queue_rcv_skb(sk, nskb))
			kfree_skb(nskb);
Linus Torvalds's avatar
Linus Torvalds committed
1094 1095 1096 1097
	}
	read_unlock(&l->lock);
}

1098 1099
/* ---- L2CAP signalling commands ---- */
static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
Linus Torvalds's avatar
Linus Torvalds committed
1100
{
1101
	u8 id;
Linus Torvalds's avatar
Linus Torvalds committed
1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119

	/* Get next available identificator.
	 *    1 - 199 are used by kernel.
	 *  200 - 254 are used by utilities like l2ping, etc 
	 */

	spin_lock(&conn->lock);

	if (++conn->tx_ident > 199)
		conn->tx_ident = 1;

	id = conn->tx_ident;

	spin_unlock(&conn->lock);

	return id;
}

1120
static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1121
				u8 code, u8 ident, u16 dlen, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
1122
{
1123
	struct sk_buff *skb, **frag;
1124 1125
	struct l2cap_cmd_hdr *cmd;
	struct l2cap_hdr *lh;
1126
	int len, count;
Linus Torvalds's avatar
Linus Torvalds committed
1127

1128
	BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
Linus Torvalds's avatar
Linus Torvalds committed
1129

1130
	len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1131
	count = min_t(unsigned int, conn->mtu, len);
1132

1133
	skb = bt_skb_alloc(count, GFP_ATOMIC);
1134
	if (!skb)
Linus Torvalds's avatar
Linus Torvalds committed
1135 1136
		return NULL;

1137
	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1138
	lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
Linus Torvalds's avatar
Linus Torvalds committed
1139 1140
	lh->cid = __cpu_to_le16(0x0001);

1141
	cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
Linus Torvalds's avatar
Linus Torvalds committed
1142 1143
	cmd->code  = code;
	cmd->ident = ident;
1144 1145 1146 1147 1148 1149 1150 1151 1152
	cmd->len   = __cpu_to_le16(dlen);

	if (dlen) {
		count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
		memcpy(skb_put(skb, count), data, count);
		data += count;
	}

	len -= skb->len;
1153

1154 1155 1156
	/* Continuation fragments (no L2CAP header) */
	frag = &skb_shinfo(skb)->frag_list;
	while (len) {
1157
		count = min_t(unsigned int, conn->mtu, len);
1158

1159
		*frag = bt_skb_alloc(count, GFP_ATOMIC);
1160 1161
		if (!*frag)
			goto fail;
1162

1163
		memcpy(skb_put(*frag, count), data, count);
Linus Torvalds's avatar
Linus Torvalds committed
1164

1165 1166
		len  -= count;
		data += count;
1167

1168 1169
		frag = &(*frag)->next;
	}
Linus Torvalds's avatar
Linus Torvalds committed
1170 1171

	return skb;
1172 1173 1174 1175

fail:
	kfree_skb(skb);
	return NULL;
Linus Torvalds's avatar
Linus Torvalds committed
1176 1177
}

1178
static int l2cap_send_req(struct l2cap_conn *conn, u8 code, u16 len, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
1179
{
1180
	u8 ident = l2cap_get_ident(conn);
1181
	struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
Linus Torvalds's avatar
Linus Torvalds committed
1182

1183
	BT_DBG("code 0x%2.2x", code);
Linus Torvalds's avatar
Linus Torvalds committed
1184

1185
	if (!skb)
Linus Torvalds's avatar
Linus Torvalds committed
1186
		return -ENOMEM;
1187
	return hci_send_acl(conn->hcon, skb, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1188 1189
}

1190
static int l2cap_send_rsp(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
1191
{
1192
	struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
Linus Torvalds's avatar
Linus Torvalds committed
1193

1194
	BT_DBG("code 0x%2.2x", code);
Linus Torvalds's avatar
Linus Torvalds committed
1195

1196
	if (!skb)
Linus Torvalds's avatar
Linus Torvalds committed
1197
		return -ENOMEM;
1198
	return hci_send_acl(conn->hcon, skb, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1199 1200
}

1201
static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
Linus Torvalds's avatar
Linus Torvalds committed
1202
{
1203
	struct l2cap_conf_opt *opt = *ptr;
Linus Torvalds's avatar
Linus Torvalds committed
1204 1205
	int len;

1206 1207 1208
	len = L2CAP_CONF_OPT_SIZE + opt->len;
	*ptr += len;

Linus Torvalds's avatar
Linus Torvalds committed
1209
	*type = opt->type;
1210 1211
	*olen = opt->len;

Linus Torvalds's avatar
Linus Torvalds committed
1212 1213
	switch (opt->len) {
	case 1:
1214
		*val = *((u8 *) opt->val);
Linus Torvalds's avatar
Linus Torvalds committed
1215 1216 1217
		break;

	case 2:
1218
		*val = __le16_to_cpu(*((u16 *)opt->val));
Linus Torvalds's avatar
Linus Torvalds committed
1219 1220 1221
		break;

	case 4:
1222
		*val = __le32_to_cpu(*((u32 *)opt->val));
Linus Torvalds's avatar
Linus Torvalds committed
1223 1224 1225
		break;

	default:
1226
		*val = (unsigned long) opt->val;
Linus Torvalds's avatar
Linus Torvalds committed
1227
		break;
1228
	}
Linus Torvalds's avatar
Linus Torvalds committed
1229

1230
	BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
Linus Torvalds's avatar
Linus Torvalds committed
1231 1232 1233
	return len;
}

1234
static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
Linus Torvalds's avatar
Linus Torvalds committed
1235
{
1236 1237 1238
	int type, hint, olen; 
	unsigned long val;
	void *ptr = data;
Linus Torvalds's avatar
Linus Torvalds committed
1239

1240
	BT_DBG("sk %p len %d", sk, len);
Linus Torvalds's avatar
Linus Torvalds committed
1241 1242

	while (len >= L2CAP_CONF_OPT_SIZE) {
1243
		len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
Linus Torvalds's avatar
Linus Torvalds committed
1244

Linus Torvalds's avatar
Linus Torvalds committed
1245 1246 1247
		hint  = type & 0x80;
		type &= 0x7f;

Linus Torvalds's avatar
Linus Torvalds committed
1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258
		switch (type) {
		case L2CAP_CONF_MTU:
			l2cap_pi(sk)->conf_mtu = val;
			break;

		case L2CAP_CONF_FLUSH_TO:
			l2cap_pi(sk)->flush_to = val;
			break;

		case L2CAP_CONF_QOS:
			break;
1259

Linus Torvalds's avatar
Linus Torvalds committed
1260 1261 1262 1263
		default:
			if (hint)
				break;

1264
			/* FIXME: Reject unknown option */
Linus Torvalds's avatar
Linus Torvalds committed
1265
			break;
1266
		}
Linus Torvalds's avatar
Linus Torvalds committed
1267 1268 1269
	}
}

1270
static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
Linus Torvalds's avatar
Linus Torvalds committed
1271
{
1272
	struct l2cap_conf_opt *opt = *ptr;
Linus Torvalds's avatar
Linus Torvalds committed
1273

1274
	BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
Linus Torvalds's avatar
Linus Torvalds committed
1275 1276 1277

	opt->type = type;
	opt->len  = len;
1278

Linus Torvalds's avatar
Linus Torvalds committed
1279 1280
	switch (len) {
	case 1:
1281
		*((u8 *) opt->val)  = val;
Linus Torvalds's avatar
Linus Torvalds committed
1282 1283 1284
		break;

	case 2:
1285
		*((u16 *) opt->val) = __cpu_to_le16(val);
Linus Torvalds's avatar
Linus Torvalds committed
1286 1287 1288
		break;

	case 4:
1289
		*((u32 *) opt->val) = __cpu_to_le32(val);
Linus Torvalds's avatar
Linus Torvalds committed
1290
		break;
1291 1292 1293 1294

	default:
		memcpy(opt->val, (void *) val, len);
		break;
1295
	}
Linus Torvalds's avatar
Linus Torvalds committed
1296 1297 1298 1299

	*ptr += L2CAP_CONF_OPT_SIZE + len;
}

1300
static int l2cap_build_conf_req(struct sock *sk, void *data)
Linus Torvalds's avatar
Linus Torvalds committed
1301 1302
{
	struct l2cap_pinfo *pi = l2cap_pi(sk);
1303
	struct l2cap_conf_req *req = data;
1304
	void *ptr = req->data;
Linus Torvalds's avatar
Linus Torvalds committed
1305

1306
	BT_DBG("sk %p", sk);
Linus Torvalds's avatar
Linus Torvalds committed
1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320

	if (pi->imtu != L2CAP_DEFAULT_MTU)
		l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);

	/* FIXME. Need actual value of the flush timeout */
	//if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
	//   l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);

	req->dcid  = __cpu_to_le16(pi->dcid);
	req->flags = __cpu_to_le16(0);

	return ptr - data;
}

1321
static inline int l2cap_conf_output(struct sock *sk, void **ptr)
Linus Torvalds's avatar
Linus Torvalds committed
1322 1323 1324 1325
{
	struct l2cap_pinfo *pi = l2cap_pi(sk);
	int result = 0;

1326
	/* Configure output options and let the other side know
1327
	 * which ones we don't like. */
Linus Torvalds's avatar
Linus Torvalds committed
1328
	if (pi->conf_mtu < pi->omtu) {
1329
		l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
Linus Torvalds's avatar
Linus Torvalds committed
1330 1331 1332 1333 1334
		result = L2CAP_CONF_UNACCEPT;
	} else {
		pi->omtu = pi->conf_mtu;
	}

1335
	BT_DBG("sk %p result %d", sk, result);
Linus Torvalds's avatar
Linus Torvalds committed
1336 1337 1338
	return result;
}

1339
static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
Linus Torvalds's avatar
Linus Torvalds committed
1340
{
1341
	struct l2cap_conf_rsp *rsp = data;
1342
	void *ptr = rsp->data;
1343
	u16 flags = 0;
Linus Torvalds's avatar
Linus Torvalds committed
1344

1345
	BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
Linus Torvalds's avatar
Linus Torvalds committed
1346 1347 1348

	if (result)
		*result = l2cap_conf_output(sk, &ptr);
1349 1350
	else
		flags = 0x0001;
Linus Torvalds's avatar
Linus Torvalds committed
1351 1352 1353

	rsp->scid   = __cpu_to_le16(l2cap_pi(sk)->dcid);
	rsp->result = __cpu_to_le16(result ? *result : 0);
1354
	rsp->flags  = __cpu_to_le16(flags);
Linus Torvalds's avatar
Linus Torvalds committed
1355 1356 1357 1358

	return ptr - data;
}

1359
static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1360 1361
{
	struct l2cap_chan_list *list = &conn->chan_list;
1362 1363
	struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
	struct l2cap_conn_rsp rsp;
Linus Torvalds's avatar
Linus Torvalds committed
1364
	struct sock *sk, *parent;
1365
	int result = 0, status = 0;
Linus Torvalds's avatar
Linus Torvalds committed
1366

1367 1368
	u16 dcid = 0, scid = __le16_to_cpu(req->scid);
	u16 psm  = req->psm;
Linus Torvalds's avatar
Linus Torvalds committed
1369

1370
	BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
Linus Torvalds's avatar
Linus Torvalds committed
1371 1372

	/* Check if we have socket listening on psm */
1373 1374
	parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
	if (!parent) {
1375
		result = L2CAP_CR_BAD_PSM;
1376
		goto sendresp;
1377
	}
Linus Torvalds's avatar
Linus Torvalds committed
1378

1379
	result = L2CAP_CR_NO_MEM;
Linus Torvalds's avatar
Linus Torvalds committed
1380 1381

	/* Check for backlog size */
1382 1383
	if (parent->sk_ack_backlog > parent->sk_max_ack_backlog) {
		BT_DBG("backlog full %d", parent->sk_ack_backlog); 
1384
		goto response;
1385
	}
Linus Torvalds's avatar
Linus Torvalds committed
1386

1387 1388 1389
	sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
	if (!sk)
		goto response;
Linus Torvalds's avatar
Linus Torvalds committed
1390

1391 1392 1393 1394 1395
	write_lock(&list->lock);

	/* Check if we already have channel with that dcid */
	if (__l2cap_get_chan_by_dcid(list, scid)) {
		write_unlock(&list->lock);
1396
		sk->sk_zapped = 1;
1397 1398 1399
		l2cap_sock_kill(sk);
		goto response;
	}
Linus Torvalds's avatar
Linus Torvalds committed
1400

1401 1402 1403
	hci_conn_hold(conn->hcon);

	l2cap_sock_init(sk, parent);
1404 1405
	bacpy(&bt_sk(sk)->src, conn->src);
	bacpy(&bt_sk(sk)->dst, conn->dst);
Linus Torvalds's avatar
Linus Torvalds committed
1406 1407 1408 1409
	l2cap_pi(sk)->psm  = psm;
	l2cap_pi(sk)->dcid = scid;

	__l2cap_chan_add(conn, sk, parent);
1410
	dcid = l2cap_pi(sk)->scid;
Linus Torvalds's avatar
Linus Torvalds committed
1411

1412
	l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
Linus Torvalds's avatar
Linus Torvalds committed
1413

1414 1415 1416
	/* Service level security */
	result = L2CAP_CR_PEND;
	status = L2CAP_CS_AUTHEN_PEND;
1417
	sk->sk_state = BT_CONNECT2;
1418 1419 1420 1421
	l2cap_pi(sk)->ident = cmd->ident;
	
	if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) {
		if (!hci_conn_encrypt(conn->hcon))
1422
			goto done;
1423 1424
	} else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
		if (!hci_conn_auth(conn->hcon))
1425
			goto done;
1426
	}
Linus Torvalds's avatar
Linus Torvalds committed
1427

1428
	sk->sk_state = BT_CONFIG;
1429
	result = status = 0;
Linus Torvalds's avatar
Linus Torvalds committed
1430

1431
done:
1432
	write_unlock(&list->lock);
Linus Torvalds's avatar
Linus Torvalds committed
1433

1434 1435 1436 1437
response:
	bh_unlock_sock(parent);

sendresp:
Linus Torvalds's avatar
Linus Torvalds committed
1438
	rsp.scid   = __cpu_to_le16(scid);
1439 1440 1441
	rsp.dcid   = __cpu_to_le16(dcid);
	rsp.result = __cpu_to_le16(result);
	rsp.status = __cpu_to_le16(status);
1442
	l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds's avatar
Linus Torvalds committed
1443 1444 1445
	return 0;
}

1446
static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1447
{
1448 1449
	struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
	u16 scid, dcid, result, status;
Linus Torvalds's avatar
Linus Torvalds committed
1450
	struct sock *sk;
1451
	char req[128];
Linus Torvalds's avatar
Linus Torvalds committed
1452 1453 1454 1455 1456 1457

	scid   = __le16_to_cpu(rsp->scid);
	dcid   = __le16_to_cpu(rsp->dcid);
	result = __le16_to_cpu(rsp->result);
	status = __le16_to_cpu(rsp->status);

1458
	BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
Linus Torvalds's avatar
Linus Torvalds committed
1459 1460 1461 1462

	if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
		return -ENOENT;

1463 1464
	switch (result) {
	case L2CAP_CR_SUCCESS:
1465
		sk->sk_state = BT_CONFIG;
Linus Torvalds's avatar
Linus Torvalds committed
1466
		l2cap_pi(sk)->dcid = dcid;
1467
		l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
Linus Torvalds's avatar
Linus Torvalds committed
1468 1469

		l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1470 1471 1472 1473 1474 1475
		break;

	case L2CAP_CR_PEND:
		break;

	default:
Linus Torvalds's avatar
Linus Torvalds committed
1476
		l2cap_chan_del(sk, ECONNREFUSED);
1477
		break;
Linus Torvalds's avatar
Linus Torvalds committed
1478 1479 1480 1481 1482 1483
	}

	bh_unlock_sock(sk);
	return 0;
}

1484
static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1485
{
1486 1487 1488
	struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
	u16 dcid, flags;
	u8  rsp[64];
Linus Torvalds's avatar
Linus Torvalds committed
1489 1490 1491 1492 1493 1494
	struct sock *sk;
	int result;

	dcid  = __le16_to_cpu(req->dcid);
	flags = __le16_to_cpu(req->flags);

1495
	BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
Linus Torvalds's avatar
Linus Torvalds committed
1496 1497 1498 1499

	if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
		return -ENOENT;

1500
	l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req));
Linus Torvalds's avatar
Linus Torvalds committed
1501

1502
	if (flags & 0x0001) {
Linus Torvalds's avatar
Linus Torvalds committed
1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514
		/* Incomplete config. Send empty response. */
		l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
		goto unlock;
	}

	/* Complete config. */
	l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);

	if (result)
		goto unlock;

	/* Output config done */
1515
	l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE;
Linus Torvalds's avatar
Linus Torvalds committed
1516

1517
	if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1518
		sk->sk_state = BT_CONNECTED;
Linus Torvalds's avatar
Linus Torvalds committed
1519
		l2cap_chan_ready(sk);
1520
	} else if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1521
		u8 req[64];
Linus Torvalds's avatar
Linus Torvalds committed
1522 1523 1524 1525 1526 1527 1528 1529
		l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
	}

unlock:
	bh_unlock_sock(sk);
	return 0;
}

1530
static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1531
{
1532 1533
	struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
	u16 scid, flags, result;
Linus Torvalds's avatar
Linus Torvalds committed
1534 1535 1536 1537 1538 1539 1540
	struct sock *sk;
	int err = 0;

	scid   = __le16_to_cpu(rsp->scid);
	flags  = __le16_to_cpu(rsp->flags);
	result = __le16_to_cpu(rsp->result);

1541
	BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
Linus Torvalds's avatar
Linus Torvalds committed
1542 1543 1544 1545

	if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
		return -ENOENT;

1546 1547 1548
	switch (result) {
	case L2CAP_CONF_SUCCESS:
		break;
Linus Torvalds's avatar
Linus Torvalds committed
1549

1550 1551 1552
	case L2CAP_CONF_UNACCEPT:
		if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
			char req[128];
1553 1554 1555 1556 1557
			/* It does not make sense to adjust L2CAP parameters
			 * that are currently defined in the spec. We simply
			 * resend config request that we sent earlier. It is
			 * stupid, but it helps qualification testing which
			 * expects at least some response from us. */
1558 1559 1560 1561 1562 1563
			l2cap_send_req(conn, L2CAP_CONF_REQ,
				l2cap_build_conf_req(sk, req), req);
			goto done;
		}

	default: 
1564
		sk->sk_state = BT_DISCONN;
1565
		sk->sk_err   = ECONNRESET;
1566
		l2cap_sock_set_timer(sk, HZ * 5);
1567 1568 1569 1570 1571 1572
		{
			struct l2cap_disconn_req req;
			req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
			req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
			l2cap_send_req(conn, L2CAP_DISCONN_REQ, sizeof(req), &req);
		}
Linus Torvalds's avatar
Linus Torvalds committed
1573 1574 1575 1576 1577 1578 1579
		goto done;
	}

	if (flags & 0x01)
		goto done;

	/* Input config done */
1580
	l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
Linus Torvalds's avatar
Linus Torvalds committed
1581

1582
	if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1583
		sk->sk_state = BT_CONNECTED;
Linus Torvalds's avatar
Linus Torvalds committed
1584 1585 1586 1587 1588 1589 1590 1591
		l2cap_chan_ready(sk);
	}

done:
	bh_unlock_sock(sk);
	return err;
}

1592
static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1593
{
1594 1595 1596
	struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
	struct l2cap_disconn_rsp rsp;
	u16 dcid, scid;
Linus Torvalds's avatar
Linus Torvalds committed
1597 1598 1599 1600 1601
	struct sock *sk;

	scid = __le16_to_cpu(req->scid);
	dcid = __le16_to_cpu(req->dcid);

1602
	BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
Linus Torvalds's avatar
Linus Torvalds committed
1603 1604 1605 1606 1607 1608

	if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
		return 0;

	rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
	rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1609
	l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds's avatar
Linus Torvalds committed
1610

1611
	sk->sk_shutdown = SHUTDOWN_MASK;
1612

Linus Torvalds's avatar
Linus Torvalds committed
1613 1614 1615 1616 1617 1618 1619
	l2cap_chan_del(sk, ECONNRESET);
	bh_unlock_sock(sk);

	l2cap_sock_kill(sk);
	return 0;
}

1620
static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
Linus Torvalds's avatar
Linus Torvalds committed
1621
{
1622 1623
	struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
	u16 dcid, scid;
Linus Torvalds's avatar
Linus Torvalds committed
1624 1625 1626 1627 1628
	struct sock *sk;

	scid = __le16_to_cpu(rsp->scid);
	dcid = __le16_to_cpu(rsp->dcid);

1629
	BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
Linus Torvalds's avatar
Linus Torvalds committed
1630 1631

	if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1632
		return 0;
1633
	l2cap_chan_del(sk, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1634 1635 1636 1637 1638 1639
	bh_unlock_sock(sk);

	l2cap_sock_kill(sk);
	return 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
1640
static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
Linus Torvalds's avatar
Linus Torvalds committed
1641
{
1642
	u8 *data = skb->data;
Linus Torvalds's avatar
Linus Torvalds committed
1643
	int len = skb->len;
1644
	struct l2cap_cmd_hdr cmd;
Linus Torvalds's avatar
Linus Torvalds committed
1645 1646
	int err = 0;

1647 1648
	l2cap_raw_recv(conn, skb);

Linus Torvalds's avatar
Linus Torvalds committed
1649 1650 1651 1652 1653
	while (len >= L2CAP_CMD_HDR_SIZE) {
		memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
		data += L2CAP_CMD_HDR_SIZE;
		len  -= L2CAP_CMD_HDR_SIZE;

Linus Torvalds's avatar
Linus Torvalds committed
1654
		cmd.len = __le16_to_cpu(cmd.len);
Linus Torvalds's avatar
Linus Torvalds committed
1655

1656
		BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
Linus Torvalds's avatar
Linus Torvalds committed
1657 1658

		if (cmd.len > len || !cmd.ident) {
1659
			BT_DBG("corrupted command");
Linus Torvalds's avatar
Linus Torvalds committed
1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701
			break;
		}

		switch (cmd.code) {
		case L2CAP_CONN_REQ:
			err = l2cap_connect_req(conn, &cmd, data);
			break;

		case L2CAP_CONN_RSP:
			err = l2cap_connect_rsp(conn, &cmd, data);
			break;

		case L2CAP_CONF_REQ:
			err = l2cap_config_req(conn, &cmd, data);
			break;

		case L2CAP_CONF_RSP:
			err = l2cap_config_rsp(conn, &cmd, data);
			break;

		case L2CAP_DISCONN_REQ:
			err = l2cap_disconnect_req(conn, &cmd, data);
			break;

		case L2CAP_DISCONN_RSP:
			err = l2cap_disconnect_rsp(conn, &cmd, data);
			break;

		case L2CAP_COMMAND_REJ:
			/* FIXME: We should process this */
			break;

		case L2CAP_ECHO_REQ:
			l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
			break;

		case L2CAP_ECHO_RSP:
		case L2CAP_INFO_REQ:
		case L2CAP_INFO_RSP:
			break;

		default:
1702
			BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
Linus Torvalds's avatar
Linus Torvalds committed
1703 1704
			err = -EINVAL;
			break;
1705
		}
Linus Torvalds's avatar
Linus Torvalds committed
1706 1707

		if (err) {
1708
			struct l2cap_cmd_rej rej;
1709
			BT_DBG("error %d", err);
Linus Torvalds's avatar
Linus Torvalds committed
1710 1711

			/* FIXME: Map err to a valid reason. */
Linus Torvalds's avatar
Linus Torvalds committed
1712
			rej.reason = __cpu_to_le16(0);
1713
			l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
Linus Torvalds's avatar
Linus Torvalds committed
1714 1715 1716 1717 1718 1719
		}

		data += cmd.len;
		len  -= cmd.len;
	}

Linus Torvalds's avatar
Linus Torvalds committed
1720
	kfree_skb(skb);
Linus Torvalds's avatar
Linus Torvalds committed
1721 1722
}

1723
static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
Linus Torvalds's avatar
Linus Torvalds committed
1724 1725 1726
{
	struct sock *sk;

1727 1728 1729
	sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
	if (!sk) {
		BT_DBG("unknown cid 0x%4.4x", cid);
Linus Torvalds's avatar
Linus Torvalds committed
1730 1731 1732
		goto drop;
	}

1733
	BT_DBG("sk %p, len %d", sk, skb->len);
Linus Torvalds's avatar
Linus Torvalds committed
1734

1735
	if (sk->sk_state != BT_CONNECTED)
Linus Torvalds's avatar
Linus Torvalds committed
1736 1737 1738 1739 1740
		goto drop;

	if (l2cap_pi(sk)->imtu < skb->len)
		goto drop;

1741 1742 1743 1744 1745
	/* If socket recv buffers overflows we drop data here
	 * which is *bad* because L2CAP has to be reliable.
	 * But we don't have any other choice. L2CAP doesn't
	 * provide flow control mechanism */

1746 1747
	if (!sock_queue_rcv_skb(sk, skb))
		goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1748 1749

drop:
Linus Torvalds's avatar
Linus Torvalds committed
1750
	kfree_skb(skb);
Linus Torvalds's avatar
Linus Torvalds committed
1751

1752 1753
done:
	if (sk) bh_unlock_sock(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1754 1755 1756
	return 0;
}

1757
static inline int l2cap_conless_channel(struct l2cap_conn *conn, u16 psm, struct sk_buff *skb)
1758 1759 1760 1761 1762 1763 1764 1765 1766
{
	struct sock *sk;

	sk = l2cap_get_sock_by_psm(0, psm, conn->src);
	if (!sk)
		goto drop;

	BT_DBG("sk %p, len %d", sk, skb->len);

1767
	if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783
		goto drop;

	if (l2cap_pi(sk)->imtu < skb->len)
		goto drop;

	if (!sock_queue_rcv_skb(sk, skb))
		goto done;

drop:
	kfree_skb(skb);

done:
	if (sk) bh_unlock_sock(sk);
	return 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
1784 1785
static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
{
1786 1787
	struct l2cap_hdr *lh = (void *) skb->data;
	u16 cid, psm, len;
Linus Torvalds's avatar
Linus Torvalds committed
1788 1789

	skb_pull(skb, L2CAP_HDR_SIZE);
Linus Torvalds's avatar
Linus Torvalds committed
1790 1791
	cid = __le16_to_cpu(lh->cid);
	len = __le16_to_cpu(lh->len);
Linus Torvalds's avatar
Linus Torvalds committed
1792

1793
	BT_DBG("len %d, cid 0x%4.4x", len, cid);
Linus Torvalds's avatar
Linus Torvalds committed
1794

1795 1796
	switch (cid) {
	case 0x0001:
Linus Torvalds's avatar
Linus Torvalds committed
1797
		l2cap_sig_channel(conn, skb);
1798 1799 1800
		break;

	case 0x0002:
1801
		psm = get_unaligned((u16 *) skb->data);
1802 1803 1804
		skb_pull(skb, 2);
		l2cap_conless_channel(conn, psm, skb);
		break;
1805

1806
	default:
Linus Torvalds's avatar
Linus Torvalds committed
1807
		l2cap_data_channel(conn, cid, skb);
1808 1809
		break;
	}
Linus Torvalds's avatar
Linus Torvalds committed
1810 1811
}

1812
/* ---- L2CAP interface with lower layer (HCI) ---- */
Linus Torvalds's avatar
Linus Torvalds committed
1813

1814
static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1815 1816 1817
{
	int exact = 0, lm1 = 0, lm2 = 0;
	register struct sock *sk;
1818
	struct hlist_node *node;
Linus Torvalds's avatar
Linus Torvalds committed
1819

1820 1821
	if (type != ACL_LINK)
		return 0;
Linus Torvalds's avatar
Linus Torvalds committed
1822

1823
	BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
Linus Torvalds's avatar
Linus Torvalds committed
1824

1825 1826
	/* Find listening sockets and check their link_mode */
	read_lock(&l2cap_sk_list.lock);
1827
	sk_for_each(sk, node, &l2cap_sk_list.head) {
1828
		if (sk->sk_state != BT_LISTEN)
1829
			continue;
Linus Torvalds's avatar
Linus Torvalds committed
1830

1831
		if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
1832 1833
			lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
			exact++;
1834
		} else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
1835 1836 1837
			lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
	}
	read_unlock(&l2cap_sk_list.lock);
Linus Torvalds's avatar
Linus Torvalds committed
1838

1839
	return exact ? lm1 : lm2;
Linus Torvalds's avatar
Linus Torvalds committed
1840 1841
}

1842
static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
Linus Torvalds's avatar
Linus Torvalds committed
1843
{
1844
	BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
Linus Torvalds's avatar
Linus Torvalds committed
1845

1846
	if (hcon->type != ACL_LINK)
Linus Torvalds's avatar
Linus Torvalds committed
1847 1848
		return 0;

1849 1850 1851 1852 1853 1854 1855
	if (!status) {
		struct l2cap_conn *conn;

		conn = l2cap_conn_add(hcon, status);
		if (conn)
			l2cap_conn_ready(conn);
	} else 
1856
		l2cap_conn_del(hcon, bt_err(status));
1857

1858
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
1859 1860
}

1861
static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
Linus Torvalds's avatar
Linus Torvalds committed
1862
{
1863
	BT_DBG("hcon %p reason %d", hcon, reason);
Linus Torvalds's avatar
Linus Torvalds committed
1864

1865
	if (hcon->type != ACL_LINK)
Linus Torvalds's avatar
Linus Torvalds committed
1866 1867
		return 0;

1868
	l2cap_conn_del(hcon, bt_err(reason));
1869 1870
	return 0;
}
Linus Torvalds's avatar
Linus Torvalds committed
1871

1872
static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
1873 1874 1875
{
	struct l2cap_chan_list *l;
	struct l2cap_conn *conn;
1876
	struct l2cap_conn_rsp rsp;
1877 1878
	struct sock *sk;
	int result;
1879

1880 1881 1882
	if (!(conn = hcon->l2cap_data))
		return 0;
	l = &conn->chan_list;
Linus Torvalds's avatar
Linus Torvalds committed
1883

1884
	BT_DBG("conn %p", conn);
Linus Torvalds's avatar
Linus Torvalds committed
1885

1886
	read_lock(&l->lock);
Linus Torvalds's avatar
Linus Torvalds committed
1887

1888 1889
	for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
		bh_lock_sock(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1890

1891
		if (sk->sk_state != BT_CONNECT2 ||
1892 1893 1894
				(l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)) {
			bh_unlock_sock(sk);
			continue;
Linus Torvalds's avatar
Linus Torvalds committed
1895 1896
		}

1897
		if (!status) {
1898
			sk->sk_state = BT_CONFIG;
1899 1900
			result = 0;
		} else {
1901
			sk->sk_state = BT_DISCONN;
1902 1903
			l2cap_sock_set_timer(sk, HZ/10);
			result = L2CAP_CR_SEC_BLOCK;
Linus Torvalds's avatar
Linus Torvalds committed
1904 1905
		}

1906 1907 1908 1909
		rsp.scid   = __cpu_to_le16(l2cap_pi(sk)->dcid);
		rsp.dcid   = __cpu_to_le16(l2cap_pi(sk)->scid);
		rsp.result = __cpu_to_le16(result);
		rsp.status = __cpu_to_le16(0);
1910
		l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds's avatar
Linus Torvalds committed
1911

1912
		bh_unlock_sock(sk);
Linus Torvalds's avatar
Linus Torvalds committed
1913 1914
	}

1915 1916
	read_unlock(&l->lock);
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
1917 1918
}

1919
static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
Linus Torvalds's avatar
Linus Torvalds committed
1920
{
1921 1922
	struct l2cap_chan_list *l;
	struct l2cap_conn *conn;
1923
	struct l2cap_conn_rsp rsp;
1924 1925
	struct sock *sk;
	int result;
1926

1927 1928 1929
	if (!(conn = hcon->l2cap_data))
		return 0;
	l = &conn->chan_list;
Linus Torvalds's avatar
Linus Torvalds committed
1930

1931
	BT_DBG("conn %p", conn);
Linus Torvalds's avatar
Linus Torvalds committed
1932

1933 1934 1935 1936 1937
	read_lock(&l->lock);

	for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
		bh_lock_sock(sk);

1938
		if (sk->sk_state != BT_CONNECT2) {
1939 1940 1941 1942 1943
			bh_unlock_sock(sk);
			continue;
		}

		if (!status) {
1944
			sk->sk_state = BT_CONFIG;
1945 1946
			result = 0;
		} else {
1947
			sk->sk_state = BT_DISCONN;
1948 1949 1950 1951 1952 1953 1954 1955
			l2cap_sock_set_timer(sk, HZ/10);
			result = L2CAP_CR_SEC_BLOCK;
		}

		rsp.scid   = __cpu_to_le16(l2cap_pi(sk)->dcid);
		rsp.dcid   = __cpu_to_le16(l2cap_pi(sk)->scid);
		rsp.result = __cpu_to_le16(result);
		rsp.status = __cpu_to_le16(0);
1956
		l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
Linus Torvalds's avatar
Linus Torvalds committed
1957

1958 1959
		bh_unlock_sock(sk);
	}
Linus Torvalds's avatar
Linus Torvalds committed
1960

1961
	read_unlock(&l->lock);
Linus Torvalds's avatar
Linus Torvalds committed
1962 1963 1964
	return 0;
}

1965
static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
Linus Torvalds's avatar
Linus Torvalds committed
1966
{
1967
	struct l2cap_conn *conn = hcon->l2cap_data;
Linus Torvalds's avatar
Linus Torvalds committed
1968

1969
	if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
Linus Torvalds's avatar
Linus Torvalds committed
1970 1971
		goto drop;

1972
	BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
Linus Torvalds's avatar
Linus Torvalds committed
1973 1974

	if (flags & ACL_START) {
1975
		struct l2cap_hdr *hdr;
1976
		int len;
Linus Torvalds's avatar
Linus Torvalds committed
1977

Linus Torvalds's avatar
Linus Torvalds committed
1978
		if (conn->rx_len) {
1979 1980 1981
			BT_ERR("Unexpected start frame (len %d)", skb->len);
			kfree_skb(conn->rx_skb);
			conn->rx_skb = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
1982 1983 1984
			conn->rx_len = 0;
		}

1985
		if (skb->len < 2) {
1986
			BT_ERR("Frame is too short (len %d)", skb->len);
Linus Torvalds's avatar
Linus Torvalds committed
1987 1988 1989
			goto drop;
		}

1990
		hdr = (struct l2cap_hdr *) skb->data;
1991
		len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
Linus Torvalds's avatar
Linus Torvalds committed
1992

1993
		if (len == skb->len) {
Linus Torvalds's avatar
Linus Torvalds committed
1994 1995 1996 1997 1998
			/* Complete frame received */
			l2cap_recv_frame(conn, skb);
			return 0;
		}

1999 2000 2001 2002 2003 2004 2005 2006
		BT_DBG("Start: total len %d, frag len %d", len, skb->len);

		if (skb->len > len) {
			BT_ERR("Frame is too long (len %d, expected len %d)",
				skb->len, len);
			goto drop;
		}

Linus Torvalds's avatar
Linus Torvalds committed
2007
		/* Allocate skb for the complete frame (with header) */
2008
		if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
Linus Torvalds's avatar
Linus Torvalds committed
2009 2010 2011
			goto drop;

		memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2012
		conn->rx_len = len - skb->len;
Linus Torvalds's avatar
Linus Torvalds committed
2013
	} else {
2014
		BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
Linus Torvalds's avatar
Linus Torvalds committed
2015

Linus Torvalds's avatar
Linus Torvalds committed
2016
		if (!conn->rx_len) {
2017
			BT_ERR("Unexpected continuation frame (len %d)", skb->len);
Linus Torvalds's avatar
Linus Torvalds committed
2018 2019 2020
			goto drop;
		}

Linus Torvalds's avatar
Linus Torvalds committed
2021
		if (skb->len > conn->rx_len) {
2022
			BT_ERR("Fragment is too long (len %d, expected %d)",
2023 2024 2025 2026
					skb->len, conn->rx_len);
			kfree_skb(conn->rx_skb);
			conn->rx_skb = NULL;
			conn->rx_len = 0;
Linus Torvalds's avatar
Linus Torvalds committed
2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040
			goto drop;
		}

		memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
		conn->rx_len -= skb->len;

		if (!conn->rx_len) {
			/* Complete frame received */
			l2cap_recv_frame(conn, conn->rx_skb);
			conn->rx_skb = NULL;
		}
	}

drop:
Linus Torvalds's avatar
Linus Torvalds committed
2041
	kfree_skb(skb);
Linus Torvalds's avatar
Linus Torvalds committed
2042 2043 2044
	return 0;
}

2045
/* ---- Proc fs support ---- */
2046 2047
#ifdef CONFIG_PROC_FS
static void *l2cap_seq_start(struct seq_file *seq, loff_t *pos)
2048 2049
{
	struct sock *sk;
2050
	struct hlist_node *node;
2051
	loff_t l = *pos;
2052

2053
	read_lock_bh(&l2cap_sk_list.lock);
2054

2055
	sk_for_each(sk, node, &l2cap_sk_list.head)
2056
		if (!l--)
2057 2058 2059 2060
			goto found;
	sk = NULL;
found:
	return sk;
2061
}
2062

2063 2064 2065
static void *l2cap_seq_next(struct seq_file *seq, void *e, loff_t *pos)
{
	(*pos)++;
2066
	return sk_next(e);
2067
}
2068

2069 2070 2071
static void l2cap_seq_stop(struct seq_file *seq, void *e)
{
	read_unlock_bh(&l2cap_sk_list.lock);
2072 2073
}

2074
static int  l2cap_seq_show(struct seq_file *seq, void *e)
2075
{
2076 2077 2078 2079 2080
	struct sock *sk = e;
	struct l2cap_pinfo *pi = l2cap_pi(sk);

	seq_printf(seq, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
			batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 
2081 2082
			sk->sk_state, pi->psm, pi->scid, pi->dcid, pi->imtu,
			pi->omtu, pi->link_mode);
2083 2084 2085 2086
	return 0;
}

static struct seq_operations l2cap_seq_ops = {
2087 2088 2089 2090
	.start	= l2cap_seq_start,
	.next	= l2cap_seq_next,
	.stop	= l2cap_seq_stop,
	.show	= l2cap_seq_show 
2091
};
2092

2093 2094 2095 2096
static int l2cap_seq_open(struct inode *inode, struct file *file)
{
	return seq_open(file, &l2cap_seq_ops);
}
2097

2098
static struct file_operations l2cap_seq_fops = {
2099 2100 2101 2102 2103
	.owner		= THIS_MODULE,
	.open		= l2cap_seq_open,
	.read		= seq_read,
	.llseek		= seq_lseek,
	.release	= seq_release,
2104
};
2105

2106
static int __init l2cap_proc_init(void)
2107
{
2108 2109 2110
	struct proc_dir_entry *p = create_proc_entry("l2cap", S_IRUGO, proc_bt);
	if (!p)
		return -ENOMEM;
Maksim Krasnyanskiy's avatar
Maksim Krasnyanskiy committed
2111
	p->owner     = THIS_MODULE;
2112 2113
	p->proc_fops = &l2cap_seq_fops;
	return 0;
2114
}
2115

Maksim Krasnyanskiy's avatar
Maksim Krasnyanskiy committed
2116
static void __exit l2cap_proc_cleanup(void)
2117
{
2118
	remove_proc_entry("l2cap", proc_bt);
2119
}
2120

2121
#else /* CONFIG_PROC_FS */
2122

2123
static int __init l2cap_proc_init(void)
2124
{
2125
	return 0;
2126 2127
}

Maksim Krasnyanskiy's avatar
Maksim Krasnyanskiy committed
2128
static void __exit l2cap_proc_cleanup(void)
2129
{
2130
	return;
2131
}
2132
#endif /* CONFIG_PROC_FS */
2133 2134

static struct proto_ops l2cap_sock_ops = {
2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151
	.family		= PF_BLUETOOTH,
	.owner		= THIS_MODULE,
	.release	= l2cap_sock_release,
	.bind		= l2cap_sock_bind,
	.connect	= l2cap_sock_connect,
	.listen		= l2cap_sock_listen,
	.accept		= l2cap_sock_accept,
	.getname	= l2cap_sock_getname,
	.sendmsg	= l2cap_sock_sendmsg,
	.recvmsg	= bt_sock_recvmsg,
	.poll		= bt_sock_poll,
	.mmap		= sock_no_mmap,
	.socketpair	= sock_no_socketpair,
	.ioctl		= sock_no_ioctl,
	.shutdown	= l2cap_sock_shutdown,
	.setsockopt	= l2cap_sock_setsockopt,
	.getsockopt	= l2cap_sock_getsockopt
Linus Torvalds's avatar
Linus Torvalds committed
2152 2153
};

2154
static struct net_proto_family l2cap_sock_family_ops = {
2155 2156 2157
	.family	= PF_BLUETOOTH,
	.owner	= THIS_MODULE,
	.create	= l2cap_sock_create,
Linus Torvalds's avatar
Linus Torvalds committed
2158 2159
};

2160
static struct hci_proto l2cap_hci_proto = {
2161 2162 2163 2164 2165 2166 2167 2168
	.name		= "L2CAP",
	.id		= HCI_PROTO_L2CAP,
	.connect_ind	= l2cap_connect_ind,
	.connect_cfm	= l2cap_connect_cfm,
	.disconn_ind	= l2cap_disconn_ind,
	.auth_cfm	= l2cap_auth_cfm,
	.encrypt_cfm	= l2cap_encrypt_cfm,
	.recv_acldata	= l2cap_recv_acldata
Linus Torvalds's avatar
Linus Torvalds committed
2169 2170
};

2171
static int __init l2cap_init(void)
Linus Torvalds's avatar
Linus Torvalds committed
2172
{
2173
	int err;
Linus Torvalds's avatar
Linus Torvalds committed
2174

2175
	if ((err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops))) {
2176
		BT_ERR("L2CAP socket registration failed");
2177
		return err;
Linus Torvalds's avatar
Linus Torvalds committed
2178 2179
	}

2180
	if ((err = hci_register_proto(&l2cap_hci_proto))) {
2181
		BT_ERR("L2CAP protocol registration failed");
2182
		return err;
Linus Torvalds's avatar
Linus Torvalds committed
2183 2184
	}

2185
	l2cap_proc_init();
2186

2187 2188 2189
	BT_INFO("L2CAP ver %s", VERSION);
	BT_INFO("L2CAP socket layer initialized");

Linus Torvalds's avatar
Linus Torvalds committed
2190 2191 2192
	return 0;
}

2193
static void __exit l2cap_exit(void)
Linus Torvalds's avatar
Linus Torvalds committed
2194
{
2195
	l2cap_proc_cleanup();
Linus Torvalds's avatar
Linus Torvalds committed
2196

2197
	/* Unregister socket and protocol */
2198
	if (bt_sock_unregister(BTPROTO_L2CAP))
2199
		BT_ERR("L2CAP socket unregistration failed");
Linus Torvalds's avatar
Linus Torvalds committed
2200

2201
	if (hci_unregister_proto(&l2cap_hci_proto))
2202
		BT_ERR("L2CAP protocol unregistration failed");
Linus Torvalds's avatar
Linus Torvalds committed
2203 2204
}

2205 2206
void l2cap_load(void)
{
2207 2208 2209
	/* Dummy function to trigger automatic L2CAP module loading by
	 * other modules that use L2CAP sockets but don not use any othe
	 * symbols from it. */
2210 2211 2212 2213
	return;
}
EXPORT_SYMBOL(l2cap_load);

Linus Torvalds's avatar
Linus Torvalds committed
2214
module_init(l2cap_init);
2215
module_exit(l2cap_exit);
Linus Torvalds's avatar
Linus Torvalds committed
2216 2217

MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
2218
MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2219
MODULE_VERSION(VERSION);
Linus Torvalds's avatar
Linus Torvalds committed
2220
MODULE_LICENSE("GPL");
2221
MODULE_ALIAS("bt-proto-0");