search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bluetooth: l2cap: fix 1 byte infoleak to userspace
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / bluetooth / l2cap_sock.c
blob21f5385ca24db79b83edb9a5427c465fb3ec7bfb
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25 */
26
27 /* Bluetooth L2CAP sockets. */
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
32
33 /* ---- L2CAP timers ---- */
34 static void l2cap_sock_timeout(unsigned long arg)
35 {
36 struct sock *sk = (struct sock *) arg;
37 int reason;
38
39 BT_DBG("sock %p state %d", sk, sk->sk_state);
40
41 bh_lock_sock(sk);
42
43 if (sock_owned_by_user(sk)) {
44 /* sk is owned by user. Try again later */
45 l2cap_sock_set_timer(sk, HZ / 5);
46 bh_unlock_sock(sk);
47 sock_put(sk);
48 return;
49 }
50
51 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
52 reason = ECONNREFUSED;
53 else if (sk->sk_state == BT_CONNECT &&
54 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
55 reason = ECONNREFUSED;
56 else
57 reason = ETIMEDOUT;
58
59 __l2cap_sock_close(sk, reason);
60
61 bh_unlock_sock(sk);
62
63 l2cap_sock_kill(sk);
64 sock_put(sk);
65 }
66
67 void l2cap_sock_set_timer(struct sock *sk, long timeout)
68 {
69 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
70 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
71 }
72
73 void l2cap_sock_clear_timer(struct sock *sk)
74 {
75 BT_DBG("sock %p state %d", sk, sk->sk_state);
76 sk_stop_timer(sk, &sk->sk_timer);
77 }
78
79 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
80 {
81 struct sock *sk;
82 struct hlist_node *node;
83 sk_for_each(sk, node, &l2cap_sk_list.head)
84 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
85 goto found;
86 sk = NULL;
87 found:
88 return sk;
89 }
90
91 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
92 {
93 struct sock *sk = sock->sk;
94 struct sockaddr_l2 la;
95 int len, err = 0;
96
97 BT_DBG("sk %p", sk);
98
99 if (!addr || addr->sa_family != AF_BLUETOOTH)
100 return -EINVAL;
101
102 memset(&la, 0, sizeof(la));
103 len = min_t(unsigned int, sizeof(la), alen);
104 memcpy(&la, addr, len);
105
106 if (la.l2_cid)
107 return -EINVAL;
108
109 lock_sock(sk);
110
111 if (sk->sk_state != BT_OPEN) {
112 err = -EBADFD;
113 goto done;
114 }
115
116 if (la.l2_psm) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
118
119 /* PSM must be odd and lsb of upper byte must be 0 */
120 if ((psm & 0x0101) != 0x0001) {
121 err = -EINVAL;
122 goto done;
123 }
124
125 /* Restrict usage of well-known PSMs */
126 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
127 err = -EACCES;
128 goto done;
129 }
130 }
131
132 write_lock_bh(&l2cap_sk_list.lock);
133
134 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
135 err = -EADDRINUSE;
136 } else {
137 /* Save source address */
138 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
139 l2cap_pi(sk)->psm = la.l2_psm;
140 l2cap_pi(sk)->sport = la.l2_psm;
141 sk->sk_state = BT_BOUND;
142
143 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
144 __le16_to_cpu(la.l2_psm) == 0x0003)
145 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
146 }
147
148 write_unlock_bh(&l2cap_sk_list.lock);
149
150 done:
151 release_sock(sk);
152 return err;
153 }
154
155 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
156 {
157 struct sock *sk = sock->sk;
158 struct sockaddr_l2 la;
159 int len, err = 0;
160
161 BT_DBG("sk %p", sk);
162
163 if (!addr || alen < sizeof(addr->sa_family) ||
164 addr->sa_family != AF_BLUETOOTH)
165 return -EINVAL;
166
167 memset(&la, 0, sizeof(la));
168 len = min_t(unsigned int, sizeof(la), alen);
169 memcpy(&la, addr, len);
170
171 if (la.l2_cid)
172 return -EINVAL;
173
174 lock_sock(sk);
175
176 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
177 && !la.l2_psm) {
178 err = -EINVAL;
179 goto done;
180 }
181
182 switch (l2cap_pi(sk)->mode) {
183 case L2CAP_MODE_BASIC:
184 break;
185 case L2CAP_MODE_ERTM:
186 case L2CAP_MODE_STREAMING:
187 if (!disable_ertm)
188 break;
189 /* fall through */
190 default:
191 err = -ENOTSUPP;
192 goto done;
193 }
194
195 switch (sk->sk_state) {
196 case BT_CONNECT:
197 case BT_CONNECT2:
198 case BT_CONFIG:
199 /* Already connecting */
200 goto wait;
201
202 case BT_CONNECTED:
203 /* Already connected */
204 err = -EISCONN;
205 goto done;
206
207 case BT_OPEN:
208 case BT_BOUND:
209 /* Can connect */
210 break;
211
212 default:
213 err = -EBADFD;
214 goto done;
215 }
216
217 /* PSM must be odd and lsb of upper byte must be 0 */
218 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
219 sk->sk_type != SOCK_RAW) {
220 err = -EINVAL;
221 goto done;
222 }
223
224 /* Set destination address and psm */
225 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
226 l2cap_pi(sk)->psm = la.l2_psm;
227
228 err = l2cap_do_connect(sk);
229 if (err)
230 goto done;
231
232 wait:
233 err = bt_sock_wait_state(sk, BT_CONNECTED,
234 sock_sndtimeo(sk, flags & O_NONBLOCK));
235 done:
236 release_sock(sk);
237 return err;
238 }
239
240 static int l2cap_sock_listen(struct socket *sock, int backlog)
241 {
242 struct sock *sk = sock->sk;
243 int err = 0;
244
245 BT_DBG("sk %p backlog %d", sk, backlog);
246
247 lock_sock(sk);
248
249 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
250 || sk->sk_state != BT_BOUND) {
251 err = -EBADFD;
252 goto done;
253 }
254
255 switch (l2cap_pi(sk)->mode) {
256 case L2CAP_MODE_BASIC:
257 break;
258 case L2CAP_MODE_ERTM:
259 case L2CAP_MODE_STREAMING:
260 if (!disable_ertm)
261 break;
262 /* fall through */
263 default:
264 err = -ENOTSUPP;
265 goto done;
266 }
267
268 if (!l2cap_pi(sk)->psm) {
269 bdaddr_t *src = &bt_sk(sk)->src;
270 u16 psm;
271
272 err = -EINVAL;
273
274 write_lock_bh(&l2cap_sk_list.lock);
275
276 for (psm = 0x1001; psm < 0x1100; psm += 2)
277 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
278 l2cap_pi(sk)->psm = cpu_to_le16(psm);
279 l2cap_pi(sk)->sport = cpu_to_le16(psm);
280 err = 0;
281 break;
282 }
283
284 write_unlock_bh(&l2cap_sk_list.lock);
285
286 if (err < 0)
287 goto done;
288 }
289
290 sk->sk_max_ack_backlog = backlog;
291 sk->sk_ack_backlog = 0;
292 sk->sk_state = BT_LISTEN;
293
294 done:
295 release_sock(sk);
296 return err;
297 }
298
299 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
300 {
301 DECLARE_WAITQUEUE(wait, current);
302 struct sock *sk = sock->sk, *nsk;
303 long timeo;
304 int err = 0;
305
306 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
307
308 if (sk->sk_state != BT_LISTEN) {
309 err = -EBADFD;
310 goto done;
311 }
312
313 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
314
315 BT_DBG("sk %p timeo %ld", sk, timeo);
316
317 /* Wait for an incoming connection. (wake-one). */
318 add_wait_queue_exclusive(sk_sleep(sk), &wait);
319 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
320 set_current_state(TASK_INTERRUPTIBLE);
321 if (!timeo) {
322 err = -EAGAIN;
323 break;
324 }
325
326 release_sock(sk);
327 timeo = schedule_timeout(timeo);
328 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
329
330 if (sk->sk_state != BT_LISTEN) {
331 err = -EBADFD;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339 }
340 set_current_state(TASK_RUNNING);
341 remove_wait_queue(sk_sleep(sk), &wait);
342
343 if (err)
344 goto done;
345
346 newsock->state = SS_CONNECTED;
347
348 BT_DBG("new socket %p", nsk);
349
350 done:
351 release_sock(sk);
352 return err;
353 }
354
355 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
356 {
357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
358 struct sock *sk = sock->sk;
359
360 BT_DBG("sock %p, sk %p", sock, sk);
361
362 addr->sa_family = AF_BLUETOOTH;
363 *len = sizeof(struct sockaddr_l2);
364
365 if (peer) {
366 la->l2_psm = l2cap_pi(sk)->psm;
367 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
368 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
369 } else {
370 la->l2_psm = l2cap_pi(sk)->sport;
371 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
372 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
373 }
374
375 return 0;
376 }
377
378 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
379 {
380 struct sock *sk = sock->sk;
381 struct l2cap_options opts;
382 struct l2cap_conninfo cinfo;
383 int len, err = 0;
384 u32 opt;
385
386 BT_DBG("sk %p", sk);
387
388 if (get_user(len, optlen))
389 return -EFAULT;
390
391 lock_sock(sk);
392
393 switch (optname) {
394 case L2CAP_OPTIONS:
395 memset(&opts, 0, sizeof(opts));
396 opts.imtu = l2cap_pi(sk)->imtu;
397 opts.omtu = l2cap_pi(sk)->omtu;
398 opts.flush_to = l2cap_pi(sk)->flush_to;
399 opts.mode = l2cap_pi(sk)->mode;
400 opts.fcs = l2cap_pi(sk)->fcs;
401 opts.max_tx = l2cap_pi(sk)->max_tx;
402 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
403
404 len = min_t(unsigned int, len, sizeof(opts));
405 if (copy_to_user(optval, (char *) &opts, len))
406 err = -EFAULT;
407
408 break;
409
410 case L2CAP_LM:
411 switch (l2cap_pi(sk)->sec_level) {
412 case BT_SECURITY_LOW:
413 opt = L2CAP_LM_AUTH;
414 break;
415 case BT_SECURITY_MEDIUM:
416 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
417 break;
418 case BT_SECURITY_HIGH:
419 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
420 L2CAP_LM_SECURE;
421 break;
422 default:
423 opt = 0;
424 break;
425 }
426
427 if (l2cap_pi(sk)->role_switch)
428 opt |= L2CAP_LM_MASTER;
429
430 if (l2cap_pi(sk)->force_reliable)
431 opt |= L2CAP_LM_RELIABLE;
432
433 if (put_user(opt, (u32 __user *) optval))
434 err = -EFAULT;
435 break;
436
437 case L2CAP_CONNINFO:
438 if (sk->sk_state != BT_CONNECTED &&
439 !(sk->sk_state == BT_CONNECT2 &&
440 bt_sk(sk)->defer_setup)) {
441 err = -ENOTCONN;
442 break;
443 }
444
445 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
446 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
447
448 len = min_t(unsigned int, len, sizeof(cinfo));
449 if (copy_to_user(optval, (char *) &cinfo, len))
450 err = -EFAULT;
451
452 break;
453
454 default:
455 err = -ENOPROTOOPT;
456 break;
457 }
458
459 release_sock(sk);
460 return err;
461 }
462
463 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
464 {
465 struct sock *sk = sock->sk;
466 struct bt_security sec;
467 int len, err = 0;
468
469 BT_DBG("sk %p", sk);
470
471 if (level == SOL_L2CAP)
472 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
473
474 if (level != SOL_BLUETOOTH)
475 return -ENOPROTOOPT;
476
477 if (get_user(len, optlen))
478 return -EFAULT;
479
480 lock_sock(sk);
481
482 switch (optname) {
483 case BT_SECURITY:
484 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
485 && sk->sk_type != SOCK_RAW) {
486 err = -EINVAL;
487 break;
488 }
489
490 sec.level = l2cap_pi(sk)->sec_level;
491
492 len = min_t(unsigned int, len, sizeof(sec));
493 if (copy_to_user(optval, (char *) &sec, len))
494 err = -EFAULT;
495
496 break;
497
498 case BT_DEFER_SETUP:
499 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
500 err = -EINVAL;
501 break;
502 }
503
504 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
505 err = -EFAULT;
506
507 break;
508
509 case BT_FLUSHABLE:
510 if (put_user(l2cap_pi(sk)->flushable, (u32 __user *) optval))
511 err = -EFAULT;
512
513 break;
514
515 default:
516 err = -ENOPROTOOPT;
517 break;
518 }
519
520 release_sock(sk);
521 return err;
522 }
523
524 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
525 {
526 struct sock *sk = sock->sk;
527 struct l2cap_options opts;
528 int len, err = 0;
529 u32 opt;
530
531 BT_DBG("sk %p", sk);
532
533 lock_sock(sk);
534
535 switch (optname) {
536 case L2CAP_OPTIONS:
537 if (sk->sk_state == BT_CONNECTED) {
538 err = -EINVAL;
539 break;
540 }
541
542 opts.imtu = l2cap_pi(sk)->imtu;
543 opts.omtu = l2cap_pi(sk)->omtu;
544 opts.flush_to = l2cap_pi(sk)->flush_to;
545 opts.mode = l2cap_pi(sk)->mode;
546 opts.fcs = l2cap_pi(sk)->fcs;
547 opts.max_tx = l2cap_pi(sk)->max_tx;
548 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
549
550 len = min_t(unsigned int, sizeof(opts), optlen);
551 if (copy_from_user((char *) &opts, optval, len)) {
552 err = -EFAULT;
553 break;
554 }
555
556 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
557 err = -EINVAL;
558 break;
559 }
560
561 l2cap_pi(sk)->mode = opts.mode;
562 switch (l2cap_pi(sk)->mode) {
563 case L2CAP_MODE_BASIC:
564 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
565 break;
566 case L2CAP_MODE_ERTM:
567 case L2CAP_MODE_STREAMING:
568 if (!disable_ertm)
569 break;
570 /* fall through */
571 default:
572 err = -EINVAL;
573 break;
574 }
575
576 l2cap_pi(sk)->imtu = opts.imtu;
577 l2cap_pi(sk)->omtu = opts.omtu;
578 l2cap_pi(sk)->fcs = opts.fcs;
579 l2cap_pi(sk)->max_tx = opts.max_tx;
580 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
581 break;
582
583 case L2CAP_LM:
584 if (get_user(opt, (u32 __user *) optval)) {
585 err = -EFAULT;
586 break;
587 }
588
589 if (opt & L2CAP_LM_AUTH)
590 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
591 if (opt & L2CAP_LM_ENCRYPT)
592 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
593 if (opt & L2CAP_LM_SECURE)
594 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
595
596 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
597 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
598 break;
599
600 default:
601 err = -ENOPROTOOPT;
602 break;
603 }
604
605 release_sock(sk);
606 return err;
607 }
608
609 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
610 {
611 struct sock *sk = sock->sk;
612 struct bt_security sec;
613 int len, err = 0;
614 u32 opt;
615
616 BT_DBG("sk %p", sk);
617
618 if (level == SOL_L2CAP)
619 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
620
621 if (level != SOL_BLUETOOTH)
622 return -ENOPROTOOPT;
623
624 lock_sock(sk);
625
626 switch (optname) {
627 case BT_SECURITY:
628 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
629 && sk->sk_type != SOCK_RAW) {
630 err = -EINVAL;
631 break;
632 }
633
634 sec.level = BT_SECURITY_LOW;
635
636 len = min_t(unsigned int, sizeof(sec), optlen);
637 if (copy_from_user((char *) &sec, optval, len)) {
638 err = -EFAULT;
639 break;
640 }
641
642 if (sec.level < BT_SECURITY_LOW ||
643 sec.level > BT_SECURITY_HIGH) {
644 err = -EINVAL;
645 break;
646 }
647
648 l2cap_pi(sk)->sec_level = sec.level;
649 break;
650
651 case BT_DEFER_SETUP:
652 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
653 err = -EINVAL;
654 break;
655 }
656
657 if (get_user(opt, (u32 __user *) optval)) {
658 err = -EFAULT;
659 break;
660 }
661
662 bt_sk(sk)->defer_setup = opt;
663 break;
664
665 case BT_FLUSHABLE:
666 if (get_user(opt, (u32 __user *) optval)) {
667 err = -EFAULT;
668 break;
669 }
670
671 if (opt > BT_FLUSHABLE_ON) {
672 err = -EINVAL;
673 break;
674 }
675
676 if (opt == BT_FLUSHABLE_OFF) {
677 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
678 /* proceed futher only when we have l2cap_conn and
679 No Flush support in the LM */
680 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
681 err = -EINVAL;
682 break;
683 }
684 }
685
686 l2cap_pi(sk)->flushable = opt;
687 break;
688
689 default:
690 err = -ENOPROTOOPT;
691 break;
692 }
693
694 release_sock(sk);
695 return err;
696 }
697
698 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
699 {
700 struct sock *sk = sock->sk;
701 struct l2cap_pinfo *pi = l2cap_pi(sk);
702 struct sk_buff *skb;
703 u16 control;
704 int err;
705
706 BT_DBG("sock %p, sk %p", sock, sk);
707
708 err = sock_error(sk);
709 if (err)
710 return err;
711
712 if (msg->msg_flags & MSG_OOB)
713 return -EOPNOTSUPP;
714
715 lock_sock(sk);
716
717 if (sk->sk_state != BT_CONNECTED) {
718 err = -ENOTCONN;
719 goto done;
720 }
721
722 /* Connectionless channel */
723 if (sk->sk_type == SOCK_DGRAM) {
724 skb = l2cap_create_connless_pdu(sk, msg, len);
725 if (IS_ERR(skb)) {
726 err = PTR_ERR(skb);
727 } else {
728 l2cap_do_send(sk, skb);
729 err = len;
730 }
731 goto done;
732 }
733
734 switch (pi->mode) {
735 case L2CAP_MODE_BASIC:
736 /* Check outgoing MTU */
737 if (len > pi->omtu) {
738 err = -EMSGSIZE;
739 goto done;
740 }
741
742 /* Create a basic PDU */
743 skb = l2cap_create_basic_pdu(sk, msg, len);
744 if (IS_ERR(skb)) {
745 err = PTR_ERR(skb);
746 goto done;
747 }
748
749 l2cap_do_send(sk, skb);
750 err = len;
751 break;
752
753 case L2CAP_MODE_ERTM:
754 case L2CAP_MODE_STREAMING:
755 /* Entire SDU fits into one PDU */
756 if (len <= pi->remote_mps) {
757 control = L2CAP_SDU_UNSEGMENTED;
758 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
759 if (IS_ERR(skb)) {
760 err = PTR_ERR(skb);
761 goto done;
762 }
763 __skb_queue_tail(TX_QUEUE(sk), skb);
764
765 if (sk->sk_send_head == NULL)
766 sk->sk_send_head = skb;
767
768 } else {
769 /* Segment SDU into multiples PDUs */
770 err = l2cap_sar_segment_sdu(sk, msg, len);
771 if (err < 0)
772 goto done;
773 }
774
775 if (pi->mode == L2CAP_MODE_STREAMING) {
776 l2cap_streaming_send(sk);
777 } else {
778 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
779 (pi->conn_state & L2CAP_CONN_WAIT_F)) {
780 err = len;
781 break;
782 }
783 err = l2cap_ertm_send(sk);
784 }
785
786 if (err >= 0)
787 err = len;
788 break;
789
790 default:
791 BT_DBG("bad state %1.1x", pi->mode);
792 err = -EBADFD;
793 }
794
795 done:
796 release_sock(sk);
797 return err;
798 }
799
800 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
801 {
802 struct sock *sk = sock->sk;
803
804 lock_sock(sk);
805
806 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
807 struct l2cap_conn_rsp rsp;
808 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
809 u8 buf[128];
810
811 sk->sk_state = BT_CONFIG;
812
813 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
814 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
815 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
816 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
817 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
818 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
819
820 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
821 release_sock(sk);
822 return 0;
823 }
824
825 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
826 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
827 l2cap_build_conf_req(sk, buf), buf);
828 l2cap_pi(sk)->num_conf_req++;
829
830 release_sock(sk);
831 return 0;
832 }
833
834 release_sock(sk);
835
836 if (sock->type == SOCK_STREAM)
837 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
838
839 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
840 }
841
842 /* Kill socket (only if zapped and orphan)
843 * Must be called on unlocked socket.
844 */
845 void l2cap_sock_kill(struct sock *sk)
846 {
847 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
848 return;
849
850 BT_DBG("sk %p state %d", sk, sk->sk_state);
851
852 /* Kill poor orphan */
853 bt_sock_unlink(&l2cap_sk_list, sk);
854 sock_set_flag(sk, SOCK_DEAD);
855 sock_put(sk);
856 }
857
858 /* Must be called on unlocked socket. */
859 static void l2cap_sock_close(struct sock *sk)
860 {
861 l2cap_sock_clear_timer(sk);
862 lock_sock(sk);
863 __l2cap_sock_close(sk, ECONNRESET);
864 release_sock(sk);
865 l2cap_sock_kill(sk);
866 }
867
868 static void l2cap_sock_cleanup_listen(struct sock *parent)
869 {
870 struct sock *sk;
871
872 BT_DBG("parent %p", parent);
873
874 /* Close not yet accepted channels */
875 while ((sk = bt_accept_dequeue(parent, NULL)))
876 l2cap_sock_close(sk);
877
878 parent->sk_state = BT_CLOSED;
879 sock_set_flag(parent, SOCK_ZAPPED);
880 }
881
882 void __l2cap_sock_close(struct sock *sk, int reason)
883 {
884 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
885
886 switch (sk->sk_state) {
887 case BT_LISTEN:
888 l2cap_sock_cleanup_listen(sk);
889 break;
890
891 case BT_CONNECTED:
892 case BT_CONFIG:
893 if (sk->sk_type == SOCK_SEQPACKET ||
894 sk->sk_type == SOCK_STREAM) {
895 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
896
897 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
898 l2cap_send_disconn_req(conn, sk, reason);
899 } else
900 l2cap_chan_del(sk, reason);
901 break;
902
903 case BT_CONNECT2:
904 if (sk->sk_type == SOCK_SEQPACKET ||
905 sk->sk_type == SOCK_STREAM) {
906 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
907 struct l2cap_conn_rsp rsp;
908 __u16 result;
909
910 if (bt_sk(sk)->defer_setup)
911 result = L2CAP_CR_SEC_BLOCK;
912 else
913 result = L2CAP_CR_BAD_PSM;
914
915 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
916 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
917 rsp.result = cpu_to_le16(result);
918 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
919 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
920 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
921 } else
922 l2cap_chan_del(sk, reason);
923 break;
924
925 case BT_CONNECT:
926 case BT_DISCONN:
927 l2cap_chan_del(sk, reason);
928 break;
929
930 default:
931 sock_set_flag(sk, SOCK_ZAPPED);
932 break;
933 }
934 }
935
936 static int l2cap_sock_shutdown(struct socket *sock, int how)
937 {
938 struct sock *sk = sock->sk;
939 int err = 0;
940
941 BT_DBG("sock %p, sk %p", sock, sk);
942
943 if (!sk)
944 return 0;
945
946 lock_sock(sk);
947 if (!sk->sk_shutdown) {
948 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
949 err = __l2cap_wait_ack(sk);
950
951 sk->sk_shutdown = SHUTDOWN_MASK;
952 l2cap_sock_clear_timer(sk);
953 __l2cap_sock_close(sk, 0);
954
955 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
956 err = bt_sock_wait_state(sk, BT_CLOSED,
957 sk->sk_lingertime);
958 }
959
960 if (!err && sk->sk_err)
961 err = -sk->sk_err;
962
963 release_sock(sk);
964 return err;
965 }
966
967 static int l2cap_sock_release(struct socket *sock)
968 {
969 struct sock *sk = sock->sk;
970 int err;
971
972 BT_DBG("sock %p, sk %p", sock, sk);
973
974 if (!sk)
975 return 0;
976
977 err = l2cap_sock_shutdown(sock, 2);
978
979 sock_orphan(sk);
980 l2cap_sock_kill(sk);
981 return err;
982 }
983
984 static void l2cap_sock_destruct(struct sock *sk)
985 {
986 BT_DBG("sk %p", sk);
987
988 skb_queue_purge(&sk->sk_receive_queue);
989 skb_queue_purge(&sk->sk_write_queue);
990 }
991
992 void l2cap_sock_init(struct sock *sk, struct sock *parent)
993 {
994 struct l2cap_pinfo *pi = l2cap_pi(sk);
995
996 BT_DBG("sk %p", sk);
997
998 if (parent) {
999 sk->sk_type = parent->sk_type;
1000 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
1001
1002 pi->imtu = l2cap_pi(parent)->imtu;
1003 pi->omtu = l2cap_pi(parent)->omtu;
1004 pi->conf_state = l2cap_pi(parent)->conf_state;
1005 pi->mode = l2cap_pi(parent)->mode;
1006 pi->fcs = l2cap_pi(parent)->fcs;
1007 pi->max_tx = l2cap_pi(parent)->max_tx;
1008 pi->tx_win = l2cap_pi(parent)->tx_win;
1009 pi->sec_level = l2cap_pi(parent)->sec_level;
1010 pi->role_switch = l2cap_pi(parent)->role_switch;
1011 pi->force_reliable = l2cap_pi(parent)->force_reliable;
1012 pi->flushable = l2cap_pi(parent)->flushable;
1013 } else {
1014 pi->imtu = L2CAP_DEFAULT_MTU;
1015 pi->omtu = 0;
1016 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1017 pi->mode = L2CAP_MODE_ERTM;
1018 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1019 } else {
1020 pi->mode = L2CAP_MODE_BASIC;
1021 }
1022 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
1023 pi->fcs = L2CAP_FCS_CRC16;
1024 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
1025 pi->sec_level = BT_SECURITY_LOW;
1026 pi->role_switch = 0;
1027 pi->force_reliable = 0;
1028 pi->flushable = BT_FLUSHABLE_OFF;
1029 }
1030
1031 /* Default config options */
1032 pi->conf_len = 0;
1033 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1034 skb_queue_head_init(TX_QUEUE(sk));
1035 skb_queue_head_init(SREJ_QUEUE(sk));
1036 skb_queue_head_init(BUSY_QUEUE(sk));
1037 INIT_LIST_HEAD(SREJ_LIST(sk));
1038 }
1039
1040 static struct proto l2cap_proto = {
1041 .name = "L2CAP",
1042 .owner = THIS_MODULE,
1043 .obj_size = sizeof(struct l2cap_pinfo)
1044 };
1045
1046 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1047 {
1048 struct sock *sk;
1049
1050 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1051 if (!sk)
1052 return NULL;
1053
1054 sock_init_data(sock, sk);
1055 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1056
1057 sk->sk_destruct = l2cap_sock_destruct;
1058 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1059
1060 sock_reset_flag(sk, SOCK_ZAPPED);
1061
1062 sk->sk_protocol = proto;
1063 sk->sk_state = BT_OPEN;
1064
1065 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1066
1067 bt_sock_link(&l2cap_sk_list, sk);
1068 return sk;
1069 }
1070
1071 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1072 int kern)
1073 {
1074 struct sock *sk;
1075
1076 BT_DBG("sock %p", sock);
1077
1078 sock->state = SS_UNCONNECTED;
1079
1080 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1081 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1082 return -ESOCKTNOSUPPORT;
1083
1084 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1085 return -EPERM;
1086
1087 sock->ops = &l2cap_sock_ops;
1088
1089 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1090 if (!sk)
1091 return -ENOMEM;
1092
1093 l2cap_sock_init(sk, NULL);
1094 return 0;
1095 }
1096
1097 const struct proto_ops l2cap_sock_ops = {
1098 .family = PF_BLUETOOTH,
1099 .owner = THIS_MODULE,
1100 .release = l2cap_sock_release,
1101 .bind = l2cap_sock_bind,
1102 .connect = l2cap_sock_connect,
1103 .listen = l2cap_sock_listen,
1104 .accept = l2cap_sock_accept,
1105 .getname = l2cap_sock_getname,
1106 .sendmsg = l2cap_sock_sendmsg,
1107 .recvmsg = l2cap_sock_recvmsg,
1108 .poll = bt_sock_poll,
1109 .ioctl = bt_sock_ioctl,
1110 .mmap = sock_no_mmap,
1111 .socketpair = sock_no_socketpair,
1112 .shutdown = l2cap_sock_shutdown,
1113 .setsockopt = l2cap_sock_setsockopt,
1114 .getsockopt = l2cap_sock_getsockopt
1115 };
1116
1117 static const struct net_proto_family l2cap_sock_family_ops = {
1118 .family = PF_BLUETOOTH,
1119 .owner = THIS_MODULE,
1120 .create = l2cap_sock_create,
1121 };
1122
1123 int __init l2cap_init_sockets(void)
1124 {
1125 int err;
1126
1127 err = proto_register(&l2cap_proto, 0);
1128 if (err < 0)
1129 return err;
1130
1131 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1132 if (err < 0)
1133 goto error;
1134
1135 BT_INFO("L2CAP socket layer initialized");
1136
1137 return 0;
1138
1139 error:
1140 BT_ERR("L2CAP socket registration failed");
1141 proto_unregister(&l2cap_proto);
1142 return err;
1143 }
1144
1145 void l2cap_cleanup_sockets(void)
1146 {
1147 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1148 BT_ERR("L2CAP socket unregistration failed");
1149
1150 proto_unregister(&l2cap_proto);
1151 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree