search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wl12xx: Check buffer bound when processing nvs data
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / l2cap_sock.c
blob8248303f44e892f66ba5af8841f094696e88f8cd
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25 */
26
27 /* Bluetooth L2CAP sockets. */
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
32
33 static const struct proto_ops l2cap_sock_ops;
34
35 /* ---- L2CAP timers ---- */
36 static void l2cap_sock_timeout(unsigned long arg)
37 {
38 struct sock *sk = (struct sock *) arg;
39 int reason;
40
41 BT_DBG("sock %p state %d", sk, sk->sk_state);
42
43 bh_lock_sock(sk);
44
45 if (sock_owned_by_user(sk)) {
46 /* sk is owned by user. Try again later */
47 l2cap_sock_set_timer(sk, HZ / 5);
48 bh_unlock_sock(sk);
49 sock_put(sk);
50 return;
51 }
52
53 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
54 reason = ECONNREFUSED;
55 else if (sk->sk_state == BT_CONNECT &&
56 l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
57 reason = ECONNREFUSED;
58 else
59 reason = ETIMEDOUT;
60
61 __l2cap_sock_close(sk, reason);
62
63 bh_unlock_sock(sk);
64
65 l2cap_sock_kill(sk);
66 sock_put(sk);
67 }
68
69 void l2cap_sock_set_timer(struct sock *sk, long timeout)
70 {
71 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
72 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
73 }
74
75 void l2cap_sock_clear_timer(struct sock *sk)
76 {
77 BT_DBG("sock %p state %d", sk, sk->sk_state);
78 sk_stop_timer(sk, &sk->sk_timer);
79 }
80
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 {
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || addr->sa_family != AF_BLUETOOTH)
91 return -EINVAL;
92
93 memset(&la, 0, sizeof(la));
94 len = min_t(unsigned int, sizeof(la), alen);
95 memcpy(&la, addr, len);
96
97 if (la.l2_cid && la.l2_psm)
98 return -EINVAL;
99
100 lock_sock(sk);
101
102 if (sk->sk_state != BT_OPEN) {
103 err = -EBADFD;
104 goto done;
105 }
106
107 if (la.l2_psm) {
108 __u16 psm = __le16_to_cpu(la.l2_psm);
109
110 /* PSM must be odd and lsb of upper byte must be 0 */
111 if ((psm & 0x0101) != 0x0001) {
112 err = -EINVAL;
113 goto done;
114 }
115
116 /* Restrict usage of well-known PSMs */
117 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
118 err = -EACCES;
119 goto done;
120 }
121 }
122
123 if (la.l2_cid)
124 err = l2cap_add_scid(chan, la.l2_cid);
125 else
126 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
127
128 if (err < 0)
129 goto done;
130
131 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
132 __le16_to_cpu(la.l2_psm) == 0x0003)
133 chan->sec_level = BT_SECURITY_SDP;
134
135 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
136 sk->sk_state = BT_BOUND;
137
138 done:
139 release_sock(sk);
140 return err;
141 }
142
143 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
144 {
145 struct sock *sk = sock->sk;
146 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
147 struct sockaddr_l2 la;
148 int len, err = 0;
149
150 BT_DBG("sk %p", sk);
151
152 if (!addr || alen < sizeof(addr->sa_family) ||
153 addr->sa_family != AF_BLUETOOTH)
154 return -EINVAL;
155
156 memset(&la, 0, sizeof(la));
157 len = min_t(unsigned int, sizeof(la), alen);
158 memcpy(&la, addr, len);
159
160 if (la.l2_cid && la.l2_psm)
161 return -EINVAL;
162
163 lock_sock(sk);
164
165 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
166 && !(la.l2_psm || la.l2_cid)) {
167 err = -EINVAL;
168 goto done;
169 }
170
171 switch (chan->mode) {
172 case L2CAP_MODE_BASIC:
173 break;
174 case L2CAP_MODE_ERTM:
175 case L2CAP_MODE_STREAMING:
176 if (!disable_ertm)
177 break;
178 /* fall through */
179 default:
180 err = -ENOTSUPP;
181 goto done;
182 }
183
184 switch (sk->sk_state) {
185 case BT_CONNECT:
186 case BT_CONNECT2:
187 case BT_CONFIG:
188 /* Already connecting */
189 goto wait;
190
191 case BT_CONNECTED:
192 /* Already connected */
193 err = -EISCONN;
194 goto done;
195
196 case BT_OPEN:
197 case BT_BOUND:
198 /* Can connect */
199 break;
200
201 default:
202 err = -EBADFD;
203 goto done;
204 }
205
206 /* PSM must be odd and lsb of upper byte must be 0 */
207 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
208 sk->sk_type != SOCK_RAW && !la.l2_cid) {
209 err = -EINVAL;
210 goto done;
211 }
212
213 /* Set destination address and psm */
214 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
215 chan->psm = la.l2_psm;
216 chan->dcid = la.l2_cid;
217
218 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
219 if (err)
220 goto done;
221
222 wait:
223 err = bt_sock_wait_state(sk, BT_CONNECTED,
224 sock_sndtimeo(sk, flags & O_NONBLOCK));
225 done:
226 release_sock(sk);
227 return err;
228 }
229
230 static int l2cap_sock_listen(struct socket *sock, int backlog)
231 {
232 struct sock *sk = sock->sk;
233 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
234 int err = 0;
235
236 BT_DBG("sk %p backlog %d", sk, backlog);
237
238 lock_sock(sk);
239
240 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
241 || sk->sk_state != BT_BOUND) {
242 err = -EBADFD;
243 goto done;
244 }
245
246 switch (chan->mode) {
247 case L2CAP_MODE_BASIC:
248 break;
249 case L2CAP_MODE_ERTM:
250 case L2CAP_MODE_STREAMING:
251 if (!disable_ertm)
252 break;
253 /* fall through */
254 default:
255 err = -ENOTSUPP;
256 goto done;
257 }
258
259 sk->sk_max_ack_backlog = backlog;
260 sk->sk_ack_backlog = 0;
261 sk->sk_state = BT_LISTEN;
262
263 done:
264 release_sock(sk);
265 return err;
266 }
267
268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
269 {
270 DECLARE_WAITQUEUE(wait, current);
271 struct sock *sk = sock->sk, *nsk;
272 long timeo;
273 int err = 0;
274
275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
276
277 if (sk->sk_state != BT_LISTEN) {
278 err = -EBADFD;
279 goto done;
280 }
281
282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
283
284 BT_DBG("sk %p timeo %ld", sk, timeo);
285
286 /* Wait for an incoming connection. (wake-one). */
287 add_wait_queue_exclusive(sk_sleep(sk), &wait);
288 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
289 set_current_state(TASK_INTERRUPTIBLE);
290 if (!timeo) {
291 err = -EAGAIN;
292 break;
293 }
294
295 release_sock(sk);
296 timeo = schedule_timeout(timeo);
297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
298
299 if (sk->sk_state != BT_LISTEN) {
300 err = -EBADFD;
301 break;
302 }
303
304 if (signal_pending(current)) {
305 err = sock_intr_errno(timeo);
306 break;
307 }
308 }
309 set_current_state(TASK_RUNNING);
310 remove_wait_queue(sk_sleep(sk), &wait);
311
312 if (err)
313 goto done;
314
315 newsock->state = SS_CONNECTED;
316
317 BT_DBG("new socket %p", nsk);
318
319 done:
320 release_sock(sk);
321 return err;
322 }
323
324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
325 {
326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
327 struct sock *sk = sock->sk;
328 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
329
330 BT_DBG("sock %p, sk %p", sock, sk);
331
332 addr->sa_family = AF_BLUETOOTH;
333 *len = sizeof(struct sockaddr_l2);
334
335 if (peer) {
336 la->l2_psm = chan->psm;
337 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
338 la->l2_cid = cpu_to_le16(chan->dcid);
339 } else {
340 la->l2_psm = chan->sport;
341 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
342 la->l2_cid = cpu_to_le16(chan->scid);
343 }
344
345 return 0;
346 }
347
348 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
349 {
350 struct sock *sk = sock->sk;
351 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
352 struct l2cap_options opts;
353 struct l2cap_conninfo cinfo;
354 int len, err = 0;
355 u32 opt;
356
357 BT_DBG("sk %p", sk);
358
359 if (get_user(len, optlen))
360 return -EFAULT;
361
362 lock_sock(sk);
363
364 switch (optname) {
365 case L2CAP_OPTIONS:
366 memset(&opts, 0, sizeof(opts));
367 opts.imtu = chan->imtu;
368 opts.omtu = chan->omtu;
369 opts.flush_to = chan->flush_to;
370 opts.mode = chan->mode;
371 opts.fcs = chan->fcs;
372 opts.max_tx = chan->max_tx;
373 opts.txwin_size = (__u16)chan->tx_win;
374
375 len = min_t(unsigned int, len, sizeof(opts));
376 if (copy_to_user(optval, (char *) &opts, len))
377 err = -EFAULT;
378
379 break;
380
381 case L2CAP_LM:
382 switch (chan->sec_level) {
383 case BT_SECURITY_LOW:
384 opt = L2CAP_LM_AUTH;
385 break;
386 case BT_SECURITY_MEDIUM:
387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
388 break;
389 case BT_SECURITY_HIGH:
390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
391 L2CAP_LM_SECURE;
392 break;
393 default:
394 opt = 0;
395 break;
396 }
397
398 if (chan->role_switch)
399 opt |= L2CAP_LM_MASTER;
400
401 if (chan->force_reliable)
402 opt |= L2CAP_LM_RELIABLE;
403
404 if (put_user(opt, (u32 __user *) optval))
405 err = -EFAULT;
406 break;
407
408 case L2CAP_CONNINFO:
409 if (sk->sk_state != BT_CONNECTED &&
410 !(sk->sk_state == BT_CONNECT2 &&
411 bt_sk(sk)->defer_setup)) {
412 err = -ENOTCONN;
413 break;
414 }
415
416 memset(&cinfo, 0, sizeof(cinfo));
417 cinfo.hci_handle = chan->conn->hcon->handle;
418 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
419
420 len = min_t(unsigned int, len, sizeof(cinfo));
421 if (copy_to_user(optval, (char *) &cinfo, len))
422 err = -EFAULT;
423
424 break;
425
426 default:
427 err = -ENOPROTOOPT;
428 break;
429 }
430
431 release_sock(sk);
432 return err;
433 }
434
435 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
436 {
437 struct sock *sk = sock->sk;
438 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
439 struct bt_security sec;
440 int len, err = 0;
441
442 BT_DBG("sk %p", sk);
443
444 if (level == SOL_L2CAP)
445 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
446
447 if (level != SOL_BLUETOOTH)
448 return -ENOPROTOOPT;
449
450 if (get_user(len, optlen))
451 return -EFAULT;
452
453 lock_sock(sk);
454
455 switch (optname) {
456 case BT_SECURITY:
457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458 && sk->sk_type != SOCK_RAW) {
459 err = -EINVAL;
460 break;
461 }
462
463 sec.level = chan->sec_level;
464
465 len = min_t(unsigned int, len, sizeof(sec));
466 if (copy_to_user(optval, (char *) &sec, len))
467 err = -EFAULT;
468
469 break;
470
471 case BT_DEFER_SETUP:
472 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
473 err = -EINVAL;
474 break;
475 }
476
477 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
478 err = -EFAULT;
479
480 break;
481
482 case BT_FLUSHABLE:
483 if (put_user(chan->flushable, (u32 __user *) optval))
484 err = -EFAULT;
485
486 break;
487
488 default:
489 err = -ENOPROTOOPT;
490 break;
491 }
492
493 release_sock(sk);
494 return err;
495 }
496
497 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
498 {
499 struct sock *sk = sock->sk;
500 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501 struct l2cap_options opts;
502 int len, err = 0;
503 u32 opt;
504
505 BT_DBG("sk %p", sk);
506
507 lock_sock(sk);
508
509 switch (optname) {
510 case L2CAP_OPTIONS:
511 if (sk->sk_state == BT_CONNECTED) {
512 err = -EINVAL;
513 break;
514 }
515
516 opts.imtu = chan->imtu;
517 opts.omtu = chan->omtu;
518 opts.flush_to = chan->flush_to;
519 opts.mode = chan->mode;
520 opts.fcs = chan->fcs;
521 opts.max_tx = chan->max_tx;
522 opts.txwin_size = (__u16)chan->tx_win;
523
524 len = min_t(unsigned int, sizeof(opts), optlen);
525 if (copy_from_user((char *) &opts, optval, len)) {
526 err = -EFAULT;
527 break;
528 }
529
530 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
531 err = -EINVAL;
532 break;
533 }
534
535 chan->mode = opts.mode;
536 switch (chan->mode) {
537 case L2CAP_MODE_BASIC:
538 chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
539 break;
540 case L2CAP_MODE_ERTM:
541 case L2CAP_MODE_STREAMING:
542 if (!disable_ertm)
543 break;
544 /* fall through */
545 default:
546 err = -EINVAL;
547 break;
548 }
549
550 chan->imtu = opts.imtu;
551 chan->omtu = opts.omtu;
552 chan->fcs = opts.fcs;
553 chan->max_tx = opts.max_tx;
554 chan->tx_win = (__u8)opts.txwin_size;
555 break;
556
557 case L2CAP_LM:
558 if (get_user(opt, (u32 __user *) optval)) {
559 err = -EFAULT;
560 break;
561 }
562
563 if (opt & L2CAP_LM_AUTH)
564 chan->sec_level = BT_SECURITY_LOW;
565 if (opt & L2CAP_LM_ENCRYPT)
566 chan->sec_level = BT_SECURITY_MEDIUM;
567 if (opt & L2CAP_LM_SECURE)
568 chan->sec_level = BT_SECURITY_HIGH;
569
570 chan->role_switch = (opt & L2CAP_LM_MASTER);
571 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
572 break;
573
574 default:
575 err = -ENOPROTOOPT;
576 break;
577 }
578
579 release_sock(sk);
580 return err;
581 }
582
583 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
584 {
585 struct sock *sk = sock->sk;
586 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
587 struct bt_security sec;
588 int len, err = 0;
589 u32 opt;
590
591 BT_DBG("sk %p", sk);
592
593 if (level == SOL_L2CAP)
594 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
595
596 if (level != SOL_BLUETOOTH)
597 return -ENOPROTOOPT;
598
599 lock_sock(sk);
600
601 switch (optname) {
602 case BT_SECURITY:
603 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
604 && sk->sk_type != SOCK_RAW) {
605 err = -EINVAL;
606 break;
607 }
608
609 sec.level = BT_SECURITY_LOW;
610
611 len = min_t(unsigned int, sizeof(sec), optlen);
612 if (copy_from_user((char *) &sec, optval, len)) {
613 err = -EFAULT;
614 break;
615 }
616
617 if (sec.level < BT_SECURITY_LOW ||
618 sec.level > BT_SECURITY_HIGH) {
619 err = -EINVAL;
620 break;
621 }
622
623 chan->sec_level = sec.level;
624 break;
625
626 case BT_DEFER_SETUP:
627 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
628 err = -EINVAL;
629 break;
630 }
631
632 if (get_user(opt, (u32 __user *) optval)) {
633 err = -EFAULT;
634 break;
635 }
636
637 bt_sk(sk)->defer_setup = opt;
638 break;
639
640 case BT_FLUSHABLE:
641 if (get_user(opt, (u32 __user *) optval)) {
642 err = -EFAULT;
643 break;
644 }
645
646 if (opt > BT_FLUSHABLE_ON) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (opt == BT_FLUSHABLE_OFF) {
652 struct l2cap_conn *conn = chan->conn;
653 /* proceed further only when we have l2cap_conn and
654 No Flush support in the LM */
655 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
656 err = -EINVAL;
657 break;
658 }
659 }
660
661 chan->flushable = opt;
662 break;
663
664 default:
665 err = -ENOPROTOOPT;
666 break;
667 }
668
669 release_sock(sk);
670 return err;
671 }
672
673 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
674 {
675 struct sock *sk = sock->sk;
676 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
677 struct sk_buff *skb;
678 u16 control;
679 int err;
680
681 BT_DBG("sock %p, sk %p", sock, sk);
682
683 err = sock_error(sk);
684 if (err)
685 return err;
686
687 if (msg->msg_flags & MSG_OOB)
688 return -EOPNOTSUPP;
689
690 lock_sock(sk);
691
692 if (sk->sk_state != BT_CONNECTED) {
693 err = -ENOTCONN;
694 goto done;
695 }
696
697 /* Connectionless channel */
698 if (sk->sk_type == SOCK_DGRAM) {
699 skb = l2cap_create_connless_pdu(chan, msg, len);
700 if (IS_ERR(skb)) {
701 err = PTR_ERR(skb);
702 } else {
703 l2cap_do_send(chan, skb);
704 err = len;
705 }
706 goto done;
707 }
708
709 switch (chan->mode) {
710 case L2CAP_MODE_BASIC:
711 /* Check outgoing MTU */
712 if (len > chan->omtu) {
713 err = -EMSGSIZE;
714 goto done;
715 }
716
717 /* Create a basic PDU */
718 skb = l2cap_create_basic_pdu(chan, msg, len);
719 if (IS_ERR(skb)) {
720 err = PTR_ERR(skb);
721 goto done;
722 }
723
724 l2cap_do_send(chan, skb);
725 err = len;
726 break;
727
728 case L2CAP_MODE_ERTM:
729 case L2CAP_MODE_STREAMING:
730 /* Entire SDU fits into one PDU */
731 if (len <= chan->remote_mps) {
732 control = L2CAP_SDU_UNSEGMENTED;
733 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
734 0);
735 if (IS_ERR(skb)) {
736 err = PTR_ERR(skb);
737 goto done;
738 }
739 __skb_queue_tail(&chan->tx_q, skb);
740
741 if (chan->tx_send_head == NULL)
742 chan->tx_send_head = skb;
743
744 } else {
745 /* Segment SDU into multiples PDUs */
746 err = l2cap_sar_segment_sdu(chan, msg, len);
747 if (err < 0)
748 goto done;
749 }
750
751 if (chan->mode == L2CAP_MODE_STREAMING) {
752 l2cap_streaming_send(chan);
753 err = len;
754 break;
755 }
756
757 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
758 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
759 err = len;
760 break;
761 }
762 err = l2cap_ertm_send(chan);
763
764 if (err >= 0)
765 err = len;
766 break;
767
768 default:
769 BT_DBG("bad state %1.1x", chan->mode);
770 err = -EBADFD;
771 }
772
773 done:
774 release_sock(sk);
775 return err;
776 }
777
778 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
779 {
780 struct sock *sk = sock->sk;
781
782 lock_sock(sk);
783
784 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
785 sk->sk_state = BT_CONFIG;
786
787 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
788 release_sock(sk);
789 return 0;
790 }
791
792 release_sock(sk);
793
794 if (sock->type == SOCK_STREAM)
795 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
796
797 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
798 }
799
800 /* Kill socket (only if zapped and orphan)
801 * Must be called on unlocked socket.
802 */
803 void l2cap_sock_kill(struct sock *sk)
804 {
805 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
806 return;
807
808 BT_DBG("sk %p state %d", sk, sk->sk_state);
809
810 /* Kill poor orphan */
811
812 l2cap_chan_destroy(l2cap_pi(sk)->chan);
813 sock_set_flag(sk, SOCK_DEAD);
814 sock_put(sk);
815 }
816
817 /* Must be called on unlocked socket. */
818 static void l2cap_sock_close(struct sock *sk)
819 {
820 l2cap_sock_clear_timer(sk);
821 lock_sock(sk);
822 __l2cap_sock_close(sk, ECONNRESET);
823 release_sock(sk);
824 l2cap_sock_kill(sk);
825 }
826
827 static void l2cap_sock_cleanup_listen(struct sock *parent)
828 {
829 struct sock *sk;
830
831 BT_DBG("parent %p", parent);
832
833 /* Close not yet accepted channels */
834 while ((sk = bt_accept_dequeue(parent, NULL)))
835 l2cap_sock_close(sk);
836
837 parent->sk_state = BT_CLOSED;
838 sock_set_flag(parent, SOCK_ZAPPED);
839 }
840
841 void __l2cap_sock_close(struct sock *sk, int reason)
842 {
843 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
844 struct l2cap_conn *conn = chan->conn;
845
846 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
847
848 switch (sk->sk_state) {
849 case BT_LISTEN:
850 l2cap_sock_cleanup_listen(sk);
851 break;
852
853 case BT_CONNECTED:
854 case BT_CONFIG:
855 if ((sk->sk_type == SOCK_SEQPACKET ||
856 sk->sk_type == SOCK_STREAM) &&
857 conn->hcon->type == ACL_LINK) {
858 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
859 l2cap_send_disconn_req(conn, chan, reason);
860 } else
861 l2cap_chan_del(chan, reason);
862 break;
863
864 case BT_CONNECT2:
865 if ((sk->sk_type == SOCK_SEQPACKET ||
866 sk->sk_type == SOCK_STREAM) &&
867 conn->hcon->type == ACL_LINK) {
868 struct l2cap_conn_rsp rsp;
869 __u16 result;
870
871 if (bt_sk(sk)->defer_setup)
872 result = L2CAP_CR_SEC_BLOCK;
873 else
874 result = L2CAP_CR_BAD_PSM;
875
876 rsp.scid = cpu_to_le16(chan->dcid);
877 rsp.dcid = cpu_to_le16(chan->scid);
878 rsp.result = cpu_to_le16(result);
879 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
880 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
881 sizeof(rsp), &rsp);
882 }
883
884 l2cap_chan_del(chan, reason);
885 break;
886
887 case BT_CONNECT:
888 case BT_DISCONN:
889 l2cap_chan_del(chan, reason);
890 break;
891
892 default:
893 sock_set_flag(sk, SOCK_ZAPPED);
894 break;
895 }
896 }
897
898 static int l2cap_sock_shutdown(struct socket *sock, int how)
899 {
900 struct sock *sk = sock->sk;
901 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
902 int err = 0;
903
904 BT_DBG("sock %p, sk %p", sock, sk);
905
906 if (!sk)
907 return 0;
908
909 lock_sock(sk);
910 if (!sk->sk_shutdown) {
911 if (chan->mode == L2CAP_MODE_ERTM)
912 err = __l2cap_wait_ack(sk);
913
914 sk->sk_shutdown = SHUTDOWN_MASK;
915 l2cap_sock_clear_timer(sk);
916 __l2cap_sock_close(sk, 0);
917
918 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
919 err = bt_sock_wait_state(sk, BT_CLOSED,
920 sk->sk_lingertime);
921 }
922
923 if (!err && sk->sk_err)
924 err = -sk->sk_err;
925
926 release_sock(sk);
927 return err;
928 }
929
930 static int l2cap_sock_release(struct socket *sock)
931 {
932 struct sock *sk = sock->sk;
933 int err;
934
935 BT_DBG("sock %p, sk %p", sock, sk);
936
937 if (!sk)
938 return 0;
939
940 err = l2cap_sock_shutdown(sock, 2);
941
942 sock_orphan(sk);
943 l2cap_sock_kill(sk);
944 return err;
945 }
946
947 static void l2cap_sock_destruct(struct sock *sk)
948 {
949 BT_DBG("sk %p", sk);
950
951 skb_queue_purge(&sk->sk_receive_queue);
952 skb_queue_purge(&sk->sk_write_queue);
953 }
954
955 void l2cap_sock_init(struct sock *sk, struct sock *parent)
956 {
957 struct l2cap_pinfo *pi = l2cap_pi(sk);
958 struct l2cap_chan *chan = pi->chan;
959
960 BT_DBG("sk %p", sk);
961
962 if (parent) {
963 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
964
965 sk->sk_type = parent->sk_type;
966 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
967
968 chan->imtu = pchan->imtu;
969 chan->omtu = pchan->omtu;
970 chan->conf_state = pchan->conf_state;
971 chan->mode = pchan->mode;
972 chan->fcs = pchan->fcs;
973 chan->max_tx = pchan->max_tx;
974 chan->tx_win = pchan->tx_win;
975 chan->sec_level = pchan->sec_level;
976 chan->role_switch = pchan->role_switch;
977 chan->force_reliable = pchan->force_reliable;
978 chan->flushable = pchan->flushable;
979 } else {
980 chan->imtu = L2CAP_DEFAULT_MTU;
981 chan->omtu = 0;
982 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
983 chan->mode = L2CAP_MODE_ERTM;
984 chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
985 } else {
986 chan->mode = L2CAP_MODE_BASIC;
987 }
988 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
989 chan->fcs = L2CAP_FCS_CRC16;
990 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
991 chan->sec_level = BT_SECURITY_LOW;
992 chan->role_switch = 0;
993 chan->force_reliable = 0;
994 chan->flushable = BT_FLUSHABLE_OFF;
995 }
996
997 /* Default config options */
998 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
999 }
1000
1001 static struct proto l2cap_proto = {
1002 .name = "L2CAP",
1003 .owner = THIS_MODULE,
1004 .obj_size = sizeof(struct l2cap_pinfo)
1005 };
1006
1007 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1008 {
1009 struct sock *sk;
1010
1011 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1012 if (!sk)
1013 return NULL;
1014
1015 sock_init_data(sock, sk);
1016 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1017
1018 sk->sk_destruct = l2cap_sock_destruct;
1019 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1020
1021 sock_reset_flag(sk, SOCK_ZAPPED);
1022
1023 sk->sk_protocol = proto;
1024 sk->sk_state = BT_OPEN;
1025
1026 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1027
1028 return sk;
1029 }
1030
1031 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1032 int kern)
1033 {
1034 struct sock *sk;
1035 struct l2cap_chan *chan;
1036
1037 BT_DBG("sock %p", sock);
1038
1039 sock->state = SS_UNCONNECTED;
1040
1041 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1042 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1043 return -ESOCKTNOSUPPORT;
1044
1045 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1046 return -EPERM;
1047
1048 sock->ops = &l2cap_sock_ops;
1049
1050 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1051 if (!sk)
1052 return -ENOMEM;
1053
1054 chan = l2cap_chan_create(sk);
1055 if (!chan) {
1056 l2cap_sock_kill(sk);
1057 return -ENOMEM;
1058 }
1059
1060 l2cap_pi(sk)->chan = chan;
1061
1062 l2cap_sock_init(sk, NULL);
1063 return 0;
1064 }
1065
1066 static const struct proto_ops l2cap_sock_ops = {
1067 .family = PF_BLUETOOTH,
1068 .owner = THIS_MODULE,
1069 .release = l2cap_sock_release,
1070 .bind = l2cap_sock_bind,
1071 .connect = l2cap_sock_connect,
1072 .listen = l2cap_sock_listen,
1073 .accept = l2cap_sock_accept,
1074 .getname = l2cap_sock_getname,
1075 .sendmsg = l2cap_sock_sendmsg,
1076 .recvmsg = l2cap_sock_recvmsg,
1077 .poll = bt_sock_poll,
1078 .ioctl = bt_sock_ioctl,
1079 .mmap = sock_no_mmap,
1080 .socketpair = sock_no_socketpair,
1081 .shutdown = l2cap_sock_shutdown,
1082 .setsockopt = l2cap_sock_setsockopt,
1083 .getsockopt = l2cap_sock_getsockopt
1084 };
1085
1086 static const struct net_proto_family l2cap_sock_family_ops = {
1087 .family = PF_BLUETOOTH,
1088 .owner = THIS_MODULE,
1089 .create = l2cap_sock_create,
1090 };
1091
1092 int __init l2cap_init_sockets(void)
1093 {
1094 int err;
1095
1096 err = proto_register(&l2cap_proto, 0);
1097 if (err < 0)
1098 return err;
1099
1100 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1101 if (err < 0)
1102 goto error;
1103
1104 BT_INFO("L2CAP socket layer initialized");
1105
1106 return 0;
1107
1108 error:
1109 BT_ERR("L2CAP socket registration failed");
1110 proto_unregister(&l2cap_proto);
1111 return err;
1112 }
1113
1114 void l2cap_cleanup_sockets(void)
1115 {
1116 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1117 BT_ERR("L2CAP socket unregistration failed");
1118
1119 proto_unregister(&l2cap_proto);
1120 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree