search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm: Fix authentication kernel crash
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / l2cap_sock.c
blob5c406d3136f74fc206380968a0a98c3c4b742474
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25 */
26
27 /* Bluetooth L2CAP sockets. */
28
29 #include <linux/security.h>
30 #include <linux/export.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 #include <net/bluetooth/smp.h>
36
37 static const struct proto_ops l2cap_sock_ops;
38 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
39 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
40
41 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
42 {
43 struct sock *sk = sock->sk;
44 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
45 struct sockaddr_l2 la;
46 int len, err = 0;
47
48 BT_DBG("sk %p", sk);
49
50 if (!addr || addr->sa_family != AF_BLUETOOTH)
51 return -EINVAL;
52
53 memset(&la, 0, sizeof(la));
54 len = min_t(unsigned int, sizeof(la), alen);
55 memcpy(&la, addr, len);
56
57 if (la.l2_cid && la.l2_psm)
58 return -EINVAL;
59
60 lock_sock(sk);
61
62 if (sk->sk_state != BT_OPEN) {
63 err = -EBADFD;
64 goto done;
65 }
66
67 if (la.l2_psm) {
68 __u16 psm = __le16_to_cpu(la.l2_psm);
69
70 /* PSM must be odd and lsb of upper byte must be 0 */
71 if ((psm & 0x0101) != 0x0001) {
72 err = -EINVAL;
73 goto done;
74 }
75
76 /* Restrict usage of well-known PSMs */
77 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
78 err = -EACCES;
79 goto done;
80 }
81 }
82
83 if (la.l2_cid)
84 err = l2cap_add_scid(chan, la.l2_cid);
85 else
86 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
87
88 if (err < 0)
89 goto done;
90
91 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
92 __le16_to_cpu(la.l2_psm) == 0x0003)
93 chan->sec_level = BT_SECURITY_SDP;
94
95 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
96
97 chan->state = BT_BOUND;
98 sk->sk_state = BT_BOUND;
99
100 done:
101 release_sock(sk);
102 return err;
103 }
104
105 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
106 {
107 struct sock *sk = sock->sk;
108 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
109 struct sockaddr_l2 la;
110 int len, err = 0;
111
112 BT_DBG("sk %p", sk);
113
114 if (!addr || alen < sizeof(addr->sa_family) ||
115 addr->sa_family != AF_BLUETOOTH)
116 return -EINVAL;
117
118 memset(&la, 0, sizeof(la));
119 len = min_t(unsigned int, sizeof(la), alen);
120 memcpy(&la, addr, len);
121
122 if (la.l2_cid && la.l2_psm)
123 return -EINVAL;
124
125 lock_sock(sk);
126
127 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
128 && !(la.l2_psm || la.l2_cid)) {
129 err = -EINVAL;
130 goto done;
131 }
132
133 switch (chan->mode) {
134 case L2CAP_MODE_BASIC:
135 break;
136 case L2CAP_MODE_ERTM:
137 case L2CAP_MODE_STREAMING:
138 if (!disable_ertm)
139 break;
140 /* fall through */
141 default:
142 err = -ENOTSUPP;
143 goto done;
144 }
145
146 switch (sk->sk_state) {
147 case BT_CONNECT:
148 case BT_CONNECT2:
149 case BT_CONFIG:
150 /* Already connecting */
151 goto wait;
152
153 case BT_CONNECTED:
154 /* Already connected */
155 err = -EISCONN;
156 goto done;
157
158 case BT_OPEN:
159 case BT_BOUND:
160 /* Can connect */
161 break;
162
163 default:
164 err = -EBADFD;
165 goto done;
166 }
167
168 /* PSM must be odd and lsb of upper byte must be 0 */
169 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
170 chan->chan_type != L2CAP_CHAN_RAW) {
171 err = -EINVAL;
172 goto done;
173 }
174
175 /* Set destination address and psm */
176 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
177 chan->psm = la.l2_psm;
178 chan->dcid = la.l2_cid;
179
180 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
181 if (err)
182 goto done;
183
184 wait:
185 err = bt_sock_wait_state(sk, BT_CONNECTED,
186 sock_sndtimeo(sk, flags & O_NONBLOCK));
187 done:
188 release_sock(sk);
189 return err;
190 }
191
192 static int l2cap_sock_listen(struct socket *sock, int backlog)
193 {
194 struct sock *sk = sock->sk;
195 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
196 int err = 0;
197
198 BT_DBG("sk %p backlog %d", sk, backlog);
199
200 lock_sock(sk);
201
202 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
203 || sk->sk_state != BT_BOUND) {
204 err = -EBADFD;
205 goto done;
206 }
207
208 switch (chan->mode) {
209 case L2CAP_MODE_BASIC:
210 break;
211 case L2CAP_MODE_ERTM:
212 case L2CAP_MODE_STREAMING:
213 if (!disable_ertm)
214 break;
215 /* fall through */
216 default:
217 err = -ENOTSUPP;
218 goto done;
219 }
220
221 sk->sk_max_ack_backlog = backlog;
222 sk->sk_ack_backlog = 0;
223
224 chan->state = BT_LISTEN;
225 sk->sk_state = BT_LISTEN;
226
227 done:
228 release_sock(sk);
229 return err;
230 }
231
232 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
233 {
234 DECLARE_WAITQUEUE(wait, current);
235 struct sock *sk = sock->sk, *nsk;
236 long timeo;
237 int err = 0;
238
239 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
240
241 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
242
243 BT_DBG("sk %p timeo %ld", sk, timeo);
244
245 /* Wait for an incoming connection. (wake-one). */
246 add_wait_queue_exclusive(sk_sleep(sk), &wait);
247 while (1) {
248 set_current_state(TASK_INTERRUPTIBLE);
249
250 if (sk->sk_state != BT_LISTEN) {
251 err = -EBADFD;
252 break;
253 }
254
255 nsk = bt_accept_dequeue(sk, newsock);
256 if (nsk)
257 break;
258
259 if (!timeo) {
260 err = -EAGAIN;
261 break;
262 }
263
264 if (signal_pending(current)) {
265 err = sock_intr_errno(timeo);
266 break;
267 }
268
269 release_sock(sk);
270 timeo = schedule_timeout(timeo);
271 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
272 }
273 __set_current_state(TASK_RUNNING);
274 remove_wait_queue(sk_sleep(sk), &wait);
275
276 if (err)
277 goto done;
278
279 newsock->state = SS_CONNECTED;
280
281 BT_DBG("new socket %p", nsk);
282
283 done:
284 release_sock(sk);
285 return err;
286 }
287
288 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
289 {
290 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
291 struct sock *sk = sock->sk;
292 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
293
294 BT_DBG("sock %p, sk %p", sock, sk);
295
296 addr->sa_family = AF_BLUETOOTH;
297 *len = sizeof(struct sockaddr_l2);
298
299 if (peer) {
300 la->l2_psm = chan->psm;
301 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
302 la->l2_cid = cpu_to_le16(chan->dcid);
303 } else {
304 la->l2_psm = chan->sport;
305 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
306 la->l2_cid = cpu_to_le16(chan->scid);
307 }
308
309 return 0;
310 }
311
312 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
313 {
314 struct sock *sk = sock->sk;
315 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
316 struct l2cap_options opts;
317 struct l2cap_conninfo cinfo;
318 int len, err = 0;
319 u32 opt;
320
321 BT_DBG("sk %p", sk);
322
323 if (get_user(len, optlen))
324 return -EFAULT;
325
326 lock_sock(sk);
327
328 switch (optname) {
329 case L2CAP_OPTIONS:
330 memset(&opts, 0, sizeof(opts));
331 opts.imtu = chan->imtu;
332 opts.omtu = chan->omtu;
333 opts.flush_to = chan->flush_to;
334 opts.mode = chan->mode;
335 opts.fcs = chan->fcs;
336 opts.max_tx = chan->max_tx;
337 opts.txwin_size = (__u16)chan->tx_win;
338
339 len = min_t(unsigned int, len, sizeof(opts));
340 if (copy_to_user(optval, (char *) &opts, len))
341 err = -EFAULT;
342
343 break;
344
345 case L2CAP_LM:
346 switch (chan->sec_level) {
347 case BT_SECURITY_LOW:
348 opt = L2CAP_LM_AUTH;
349 break;
350 case BT_SECURITY_MEDIUM:
351 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
352 break;
353 case BT_SECURITY_HIGH:
354 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
355 L2CAP_LM_SECURE;
356 break;
357 default:
358 opt = 0;
359 break;
360 }
361
362 if (chan->role_switch)
363 opt |= L2CAP_LM_MASTER;
364
365 if (chan->force_reliable)
366 opt |= L2CAP_LM_RELIABLE;
367
368 if (put_user(opt, (u32 __user *) optval))
369 err = -EFAULT;
370 break;
371
372 case L2CAP_CONNINFO:
373 if (sk->sk_state != BT_CONNECTED &&
374 !(sk->sk_state == BT_CONNECT2 &&
375 bt_sk(sk)->defer_setup)) {
376 err = -ENOTCONN;
377 break;
378 }
379
380 memset(&cinfo, 0, sizeof(cinfo));
381 cinfo.hci_handle = chan->conn->hcon->handle;
382 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
383
384 len = min_t(unsigned int, len, sizeof(cinfo));
385 if (copy_to_user(optval, (char *) &cinfo, len))
386 err = -EFAULT;
387
388 break;
389
390 default:
391 err = -ENOPROTOOPT;
392 break;
393 }
394
395 release_sock(sk);
396 return err;
397 }
398
399 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
400 {
401 struct sock *sk = sock->sk;
402 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
403 struct bt_security sec;
404 struct bt_power pwr;
405 int len, err = 0;
406
407 BT_DBG("sk %p", sk);
408
409 if (level == SOL_L2CAP)
410 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
411
412 if (level != SOL_BLUETOOTH)
413 return -ENOPROTOOPT;
414
415 if (get_user(len, optlen))
416 return -EFAULT;
417
418 lock_sock(sk);
419
420 switch (optname) {
421 case BT_SECURITY:
422 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
423 chan->chan_type != L2CAP_CHAN_RAW) {
424 err = -EINVAL;
425 break;
426 }
427
428 memset(&sec, 0, sizeof(sec));
429 sec.level = chan->sec_level;
430
431 if (sk->sk_state == BT_CONNECTED)
432 sec.key_size = chan->conn->hcon->enc_key_size;
433
434 len = min_t(unsigned int, len, sizeof(sec));
435 if (copy_to_user(optval, (char *) &sec, len))
436 err = -EFAULT;
437
438 break;
439
440 case BT_DEFER_SETUP:
441 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
442 err = -EINVAL;
443 break;
444 }
445
446 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
447 err = -EFAULT;
448
449 break;
450
451 case BT_FLUSHABLE:
452 if (put_user(chan->flushable, (u32 __user *) optval))
453 err = -EFAULT;
454
455 break;
456
457 case BT_POWER:
458 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
459 && sk->sk_type != SOCK_RAW) {
460 err = -EINVAL;
461 break;
462 }
463
464 pwr.force_active = chan->force_active;
465
466 len = min_t(unsigned int, len, sizeof(pwr));
467 if (copy_to_user(optval, (char *) &pwr, len))
468 err = -EFAULT;
469
470 break;
471
472 default:
473 err = -ENOPROTOOPT;
474 break;
475 }
476
477 release_sock(sk);
478 return err;
479 }
480
481 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
482 {
483 struct sock *sk = sock->sk;
484 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
485 struct l2cap_options opts;
486 int len, err = 0;
487 u32 opt;
488
489 BT_DBG("sk %p", sk);
490
491 lock_sock(sk);
492
493 switch (optname) {
494 case L2CAP_OPTIONS:
495 if (sk->sk_state == BT_CONNECTED) {
496 err = -EINVAL;
497 break;
498 }
499
500 opts.imtu = chan->imtu;
501 opts.omtu = chan->omtu;
502 opts.flush_to = chan->flush_to;
503 opts.mode = chan->mode;
504 opts.fcs = chan->fcs;
505 opts.max_tx = chan->max_tx;
506 opts.txwin_size = (__u16)chan->tx_win;
507
508 len = min_t(unsigned int, sizeof(opts), optlen);
509 if (copy_from_user((char *) &opts, optval, len)) {
510 err = -EFAULT;
511 break;
512 }
513
514 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
515 err = -EINVAL;
516 break;
517 }
518
519 chan->mode = opts.mode;
520 switch (chan->mode) {
521 case L2CAP_MODE_BASIC:
522 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
523 break;
524 case L2CAP_MODE_ERTM:
525 case L2CAP_MODE_STREAMING:
526 if (!disable_ertm)
527 break;
528 /* fall through */
529 default:
530 err = -EINVAL;
531 break;
532 }
533
534 chan->imtu = opts.imtu;
535 chan->omtu = opts.omtu;
536 chan->fcs = opts.fcs;
537 chan->max_tx = opts.max_tx;
538 chan->tx_win = (__u8)opts.txwin_size;
539 break;
540
541 case L2CAP_LM:
542 if (get_user(opt, (u32 __user *) optval)) {
543 err = -EFAULT;
544 break;
545 }
546
547 if (opt & L2CAP_LM_AUTH)
548 chan->sec_level = BT_SECURITY_LOW;
549 if (opt & L2CAP_LM_ENCRYPT)
550 chan->sec_level = BT_SECURITY_MEDIUM;
551 if (opt & L2CAP_LM_SECURE)
552 chan->sec_level = BT_SECURITY_HIGH;
553
554 chan->role_switch = (opt & L2CAP_LM_MASTER);
555 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
556 break;
557
558 default:
559 err = -ENOPROTOOPT;
560 break;
561 }
562
563 release_sock(sk);
564 return err;
565 }
566
567 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
568 {
569 struct sock *sk = sock->sk;
570 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
571 struct bt_security sec;
572 struct bt_power pwr;
573 struct l2cap_conn *conn;
574 int len, err = 0;
575 u32 opt;
576
577 BT_DBG("sk %p", sk);
578
579 if (level == SOL_L2CAP)
580 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
581
582 if (level != SOL_BLUETOOTH)
583 return -ENOPROTOOPT;
584
585 lock_sock(sk);
586
587 switch (optname) {
588 case BT_SECURITY:
589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590 chan->chan_type != L2CAP_CHAN_RAW) {
591 err = -EINVAL;
592 break;
593 }
594
595 sec.level = BT_SECURITY_LOW;
596
597 len = min_t(unsigned int, sizeof(sec), optlen);
598 if (copy_from_user((char *) &sec, optval, len)) {
599 err = -EFAULT;
600 break;
601 }
602
603 if (sec.level < BT_SECURITY_LOW ||
604 sec.level > BT_SECURITY_HIGH) {
605 err = -EINVAL;
606 break;
607 }
608
609 chan->sec_level = sec.level;
610
611 conn = chan->conn;
612 if (conn && chan->scid == L2CAP_CID_LE_DATA) {
613 if (!conn->hcon->out) {
614 err = -EINVAL;
615 break;
616 }
617
618 if (smp_conn_security(conn, sec.level))
619 break;
620
621 err = 0;
622 sk->sk_state = BT_CONFIG;
623 }
624 break;
625
626 case BT_DEFER_SETUP:
627 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
628 err = -EINVAL;
629 break;
630 }
631
632 if (get_user(opt, (u32 __user *) optval)) {
633 err = -EFAULT;
634 break;
635 }
636
637 bt_sk(sk)->defer_setup = opt;
638 break;
639
640 case BT_FLUSHABLE:
641 if (get_user(opt, (u32 __user *) optval)) {
642 err = -EFAULT;
643 break;
644 }
645
646 if (opt > BT_FLUSHABLE_ON) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (opt == BT_FLUSHABLE_OFF) {
652 struct l2cap_conn *conn = chan->conn;
653 /* proceed further only when we have l2cap_conn and
654 No Flush support in the LM */
655 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
656 err = -EINVAL;
657 break;
658 }
659 }
660
661 chan->flushable = opt;
662 break;
663
664 case BT_POWER:
665 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
666 chan->chan_type != L2CAP_CHAN_RAW) {
667 err = -EINVAL;
668 break;
669 }
670
671 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
672
673 len = min_t(unsigned int, sizeof(pwr), optlen);
674 if (copy_from_user((char *) &pwr, optval, len)) {
675 err = -EFAULT;
676 break;
677 }
678 chan->force_active = pwr.force_active;
679 break;
680
681 default:
682 err = -ENOPROTOOPT;
683 break;
684 }
685
686 release_sock(sk);
687 return err;
688 }
689
690 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
691 {
692 struct sock *sk = sock->sk;
693 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
694 int err;
695
696 BT_DBG("sock %p, sk %p", sock, sk);
697
698 err = sock_error(sk);
699 if (err)
700 return err;
701
702 if (msg->msg_flags & MSG_OOB)
703 return -EOPNOTSUPP;
704
705 lock_sock(sk);
706
707 if (sk->sk_state != BT_CONNECTED) {
708 release_sock(sk);
709 return -ENOTCONN;
710 }
711
712 err = l2cap_chan_send(chan, msg, len);
713
714 release_sock(sk);
715 return err;
716 }
717
718 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
719 {
720 struct sock *sk = sock->sk;
721 struct l2cap_pinfo *pi = l2cap_pi(sk);
722 int err;
723
724 lock_sock(sk);
725
726 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
727 sk->sk_state = BT_CONFIG;
728
729 __l2cap_connect_rsp_defer(pi->chan);
730 release_sock(sk);
731 return 0;
732 }
733
734 release_sock(sk);
735
736 if (sock->type == SOCK_STREAM)
737 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
738 else
739 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
740
741 if (pi->chan->mode != L2CAP_MODE_ERTM)
742 return err;
743
744 /* Attempt to put pending rx data in the socket buffer */
745
746 lock_sock(sk);
747
748 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
749 goto done;
750
751 if (pi->rx_busy_skb) {
752 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
753 pi->rx_busy_skb = NULL;
754 else
755 goto done;
756 }
757
758 /* Restore data flow when half of the receive buffer is
759 * available. This avoids resending large numbers of
760 * frames.
761 */
762 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
763 l2cap_chan_busy(pi->chan, 0);
764
765 done:
766 release_sock(sk);
767 return err;
768 }
769
770 /* Kill socket (only if zapped and orphan)
771 * Must be called on unlocked socket.
772 */
773 static void l2cap_sock_kill(struct sock *sk)
774 {
775 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
776 return;
777
778 BT_DBG("sk %p state %d", sk, sk->sk_state);
779
780 /* Kill poor orphan */
781
782 l2cap_chan_destroy(l2cap_pi(sk)->chan);
783 sock_set_flag(sk, SOCK_DEAD);
784 sock_put(sk);
785 }
786
787 static int l2cap_sock_shutdown(struct socket *sock, int how)
788 {
789 struct sock *sk = sock->sk;
790 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
791 int err = 0;
792
793 BT_DBG("sock %p, sk %p", sock, sk);
794
795 if (!sk)
796 return 0;
797
798 lock_sock(sk);
799 if (!sk->sk_shutdown) {
800 if (chan->mode == L2CAP_MODE_ERTM)
801 err = __l2cap_wait_ack(sk);
802
803 sk->sk_shutdown = SHUTDOWN_MASK;
804 l2cap_chan_close(chan, 0);
805
806 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
807 err = bt_sock_wait_state(sk, BT_CLOSED,
808 sk->sk_lingertime);
809 }
810
811 if (!err && sk->sk_err)
812 err = -sk->sk_err;
813
814 release_sock(sk);
815 return err;
816 }
817
818 static int l2cap_sock_release(struct socket *sock)
819 {
820 struct sock *sk = sock->sk;
821 int err;
822
823 BT_DBG("sock %p, sk %p", sock, sk);
824
825 if (!sk)
826 return 0;
827
828 err = l2cap_sock_shutdown(sock, 2);
829
830 sock_orphan(sk);
831 l2cap_sock_kill(sk);
832 return err;
833 }
834
835 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
836 {
837 struct sock *sk, *parent = data;
838
839 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
840 GFP_ATOMIC);
841 if (!sk)
842 return NULL;
843
844 l2cap_sock_init(sk, parent);
845
846 return l2cap_pi(sk)->chan;
847 }
848
849 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
850 {
851 int err;
852 struct sock *sk = data;
853 struct l2cap_pinfo *pi = l2cap_pi(sk);
854
855 if (pi->rx_busy_skb)
856 return -ENOMEM;
857
858 err = sock_queue_rcv_skb(sk, skb);
859
860 /* For ERTM, handle one skb that doesn't fit into the recv
861 * buffer. This is important to do because the data frames
862 * have already been acked, so the skb cannot be discarded.
863 *
864 * Notify the l2cap core that the buffer is full, so the
865 * LOCAL_BUSY state is entered and no more frames are
866 * acked and reassembled until there is buffer space
867 * available.
868 */
869 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
870 pi->rx_busy_skb = skb;
871 l2cap_chan_busy(pi->chan, 1);
872 err = 0;
873 }
874
875 return err;
876 }
877
878 static void l2cap_sock_close_cb(void *data)
879 {
880 struct sock *sk = data;
881
882 l2cap_sock_kill(sk);
883 }
884
885 static void l2cap_sock_state_change_cb(void *data, int state)
886 {
887 struct sock *sk = data;
888
889 sk->sk_state = state;
890 }
891
892 static struct l2cap_ops l2cap_chan_ops = {
893 .name = "L2CAP Socket Interface",
894 .new_connection = l2cap_sock_new_connection_cb,
895 .recv = l2cap_sock_recv_cb,
896 .close = l2cap_sock_close_cb,
897 .state_change = l2cap_sock_state_change_cb,
898 };
899
900 static void l2cap_sock_destruct(struct sock *sk)
901 {
902 BT_DBG("sk %p", sk);
903
904 if (l2cap_pi(sk)->rx_busy_skb) {
905 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
906 l2cap_pi(sk)->rx_busy_skb = NULL;
907 }
908
909 skb_queue_purge(&sk->sk_receive_queue);
910 skb_queue_purge(&sk->sk_write_queue);
911 }
912
913 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
914 {
915 struct l2cap_pinfo *pi = l2cap_pi(sk);
916 struct l2cap_chan *chan = pi->chan;
917
918 BT_DBG("sk %p", sk);
919
920 if (parent) {
921 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
922
923 sk->sk_type = parent->sk_type;
924 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
925
926 chan->chan_type = pchan->chan_type;
927 chan->imtu = pchan->imtu;
928 chan->omtu = pchan->omtu;
929 chan->conf_state = pchan->conf_state;
930 chan->mode = pchan->mode;
931 chan->fcs = pchan->fcs;
932 chan->max_tx = pchan->max_tx;
933 chan->tx_win = pchan->tx_win;
934 chan->sec_level = pchan->sec_level;
935 chan->role_switch = pchan->role_switch;
936 chan->force_reliable = pchan->force_reliable;
937 chan->flushable = pchan->flushable;
938 chan->force_active = pchan->force_active;
939
940 security_sk_clone(parent, sk);
941 } else {
942
943 switch (sk->sk_type) {
944 case SOCK_RAW:
945 chan->chan_type = L2CAP_CHAN_RAW;
946 break;
947 case SOCK_DGRAM:
948 chan->chan_type = L2CAP_CHAN_CONN_LESS;
949 break;
950 case SOCK_SEQPACKET:
951 case SOCK_STREAM:
952 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
953 break;
954 }
955
956 chan->imtu = L2CAP_DEFAULT_MTU;
957 chan->omtu = 0;
958 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
959 chan->mode = L2CAP_MODE_ERTM;
960 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
961 } else {
962 chan->mode = L2CAP_MODE_BASIC;
963 }
964 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
965 chan->fcs = L2CAP_FCS_CRC16;
966 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
967 chan->sec_level = BT_SECURITY_LOW;
968 chan->role_switch = 0;
969 chan->force_reliable = 0;
970 chan->flushable = BT_FLUSHABLE_OFF;
971 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
972
973 }
974
975 /* Default config options */
976 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
977
978 chan->data = sk;
979 chan->ops = &l2cap_chan_ops;
980 }
981
982 static struct proto l2cap_proto = {
983 .name = "L2CAP",
984 .owner = THIS_MODULE,
985 .obj_size = sizeof(struct l2cap_pinfo)
986 };
987
988 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
989 {
990 struct sock *sk;
991 struct l2cap_chan *chan;
992
993 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
994 if (!sk)
995 return NULL;
996
997 sock_init_data(sock, sk);
998 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
999
1000 sk->sk_destruct = l2cap_sock_destruct;
1001 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1002
1003 sock_reset_flag(sk, SOCK_ZAPPED);
1004
1005 sk->sk_protocol = proto;
1006 sk->sk_state = BT_OPEN;
1007
1008 chan = l2cap_chan_create(sk);
1009 if (!chan) {
1010 l2cap_sock_kill(sk);
1011 return NULL;
1012 }
1013
1014 l2cap_pi(sk)->chan = chan;
1015
1016 return sk;
1017 }
1018
1019 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1020 int kern)
1021 {
1022 struct sock *sk;
1023
1024 BT_DBG("sock %p", sock);
1025
1026 sock->state = SS_UNCONNECTED;
1027
1028 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1029 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1030 return -ESOCKTNOSUPPORT;
1031
1032 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1033 return -EPERM;
1034
1035 sock->ops = &l2cap_sock_ops;
1036
1037 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1038 if (!sk)
1039 return -ENOMEM;
1040
1041 l2cap_sock_init(sk, NULL);
1042 return 0;
1043 }
1044
1045 static const struct proto_ops l2cap_sock_ops = {
1046 .family = PF_BLUETOOTH,
1047 .owner = THIS_MODULE,
1048 .release = l2cap_sock_release,
1049 .bind = l2cap_sock_bind,
1050 .connect = l2cap_sock_connect,
1051 .listen = l2cap_sock_listen,
1052 .accept = l2cap_sock_accept,
1053 .getname = l2cap_sock_getname,
1054 .sendmsg = l2cap_sock_sendmsg,
1055 .recvmsg = l2cap_sock_recvmsg,
1056 .poll = bt_sock_poll,
1057 .ioctl = bt_sock_ioctl,
1058 .mmap = sock_no_mmap,
1059 .socketpair = sock_no_socketpair,
1060 .shutdown = l2cap_sock_shutdown,
1061 .setsockopt = l2cap_sock_setsockopt,
1062 .getsockopt = l2cap_sock_getsockopt
1063 };
1064
1065 static const struct net_proto_family l2cap_sock_family_ops = {
1066 .family = PF_BLUETOOTH,
1067 .owner = THIS_MODULE,
1068 .create = l2cap_sock_create,
1069 };
1070
1071 int __init l2cap_init_sockets(void)
1072 {
1073 int err;
1074
1075 err = proto_register(&l2cap_proto, 0);
1076 if (err < 0)
1077 return err;
1078
1079 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1080 if (err < 0)
1081 goto error;
1082
1083 BT_INFO("L2CAP socket layer initialized");
1084
1085 return 0;
1086
1087 error:
1088 BT_ERR("L2CAP socket registration failed");
1089 proto_unregister(&l2cap_proto);
1090 return err;
1091 }
1092
1093 void l2cap_cleanup_sockets(void)
1094 {
1095 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1096 BT_ERR("L2CAP socket unregistration failed");
1097
1098 proto_unregister(&l2cap_proto);
1099 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree