1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/capability.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
45#include <linux/uaccess.h>
46#include <linux/crc16.h>
47#include <net/sock.h>
48
49#include <asm/system.h>
50#include <asm/unaligned.h>
51
52#include <net/bluetooth/bluetooth.h>
53#include <net/bluetooth/hci_core.h>
54#include <net/bluetooth/l2cap.h>
55
56#define VERSION "2.14"
57
58static int enable_ertm = 0;
59static int max_transmit = L2CAP_DEFAULT_MAX_TX;
60
61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
62static u8 l2cap_fixed_chan[8] = { 0x02, };
63
64static const struct proto_ops l2cap_sock_ops;
65
66static struct bt_sock_list l2cap_sk_list = {
67 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
68};
69
70static void __l2cap_sock_close(struct sock *sk, int reason);
71static void l2cap_sock_close(struct sock *sk);
72static void l2cap_sock_kill(struct sock *sk);
73
74static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
75 u8 code, u8 ident, u16 dlen, void *data);
76
77
78static void l2cap_sock_timeout(unsigned long arg)
79{
80 struct sock *sk = (struct sock *) arg;
81 int reason;
82
83 BT_DBG("sock %p state %d", sk, sk->sk_state);
84
85 bh_lock_sock(sk);
86
87 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
88 reason = ECONNREFUSED;
89 else if (sk->sk_state == BT_CONNECT &&
90 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
91 reason = ECONNREFUSED;
92 else
93 reason = ETIMEDOUT;
94
95 __l2cap_sock_close(sk, reason);
96
97 bh_unlock_sock(sk);
98
99 l2cap_sock_kill(sk);
100 sock_put(sk);
101}
102
103static void l2cap_sock_set_timer(struct sock *sk, long timeout)
104{
105 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
106 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
107}
108
109static void l2cap_sock_clear_timer(struct sock *sk)
110{
111 BT_DBG("sock %p state %d", sk, sk->sk_state);
112 sk_stop_timer(sk, &sk->sk_timer);
113}
114
115
116static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
117{
118 struct sock *s;
119 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
120 if (l2cap_pi(s)->dcid == cid)
121 break;
122 }
123 return s;
124}
125
126static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
127{
128 struct sock *s;
129 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
130 if (l2cap_pi(s)->scid == cid)
131 break;
132 }
133 return s;
134}
135
136
137
138static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
139{
140 struct sock *s;
141 read_lock(&l->lock);
142 s = __l2cap_get_chan_by_scid(l, cid);
143 if (s)
144 bh_lock_sock(s);
145 read_unlock(&l->lock);
146 return s;
147}
148
149static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
150{
151 struct sock *s;
152 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
153 if (l2cap_pi(s)->ident == ident)
154 break;
155 }
156 return s;
157}
158
159static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
160{
161 struct sock *s;
162 read_lock(&l->lock);
163 s = __l2cap_get_chan_by_ident(l, ident);
164 if (s)
165 bh_lock_sock(s);
166 read_unlock(&l->lock);
167 return s;
168}
169
170static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
171{
172 u16 cid = L2CAP_CID_DYN_START;
173
174 for (; cid < L2CAP_CID_DYN_END; cid++) {
175 if (!__l2cap_get_chan_by_scid(l, cid))
176 return cid;
177 }
178
179 return 0;
180}
181
182static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
183{
184 sock_hold(sk);
185
186 if (l->head)
187 l2cap_pi(l->head)->prev_c = sk;
188
189 l2cap_pi(sk)->next_c = l->head;
190 l2cap_pi(sk)->prev_c = NULL;
191 l->head = sk;
192}
193
194static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
195{
196 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
197
198 write_lock_bh(&l->lock);
199 if (sk == l->head)
200 l->head = next;
201
202 if (next)
203 l2cap_pi(next)->prev_c = prev;
204 if (prev)
205 l2cap_pi(prev)->next_c = next;
206 write_unlock_bh(&l->lock);
207
208 __sock_put(sk);
209}
210
211static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
212{
213 struct l2cap_chan_list *l = &conn->chan_list;
214
215 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
216 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
217
218 conn->disc_reason = 0x13;
219
220 l2cap_pi(sk)->conn = conn;
221
222 if (sk->sk_type == SOCK_SEQPACKET) {
223
224 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
225 } else if (sk->sk_type == SOCK_DGRAM) {
226
227 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
228 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
229 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
230 } else {
231
232 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
233 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
234 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
235 }
236
237 __l2cap_chan_link(l, sk);
238
239 if (parent)
240 bt_accept_enqueue(parent, sk);
241}
242
243
244
245static void l2cap_chan_del(struct sock *sk, int err)
246{
247 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
248 struct sock *parent = bt_sk(sk)->parent;
249
250 l2cap_sock_clear_timer(sk);
251
252 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
253
254 if (conn) {
255
256 l2cap_chan_unlink(&conn->chan_list, sk);
257 l2cap_pi(sk)->conn = NULL;
258 hci_conn_put(conn->hcon);
259 }
260
261 sk->sk_state = BT_CLOSED;
262 sock_set_flag(sk, SOCK_ZAPPED);
263
264 if (err)
265 sk->sk_err = err;
266
267 if (parent) {
268 bt_accept_unlink(sk);
269 parent->sk_data_ready(parent, 0);
270 } else
271 sk->sk_state_change(sk);
272}
273
274
275static inline int l2cap_check_security(struct sock *sk)
276{
277 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
278 __u8 auth_type;
279
280 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
281 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
282 auth_type = HCI_AT_NO_BONDING_MITM;
283 else
284 auth_type = HCI_AT_NO_BONDING;
285
286 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
287 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
288 } else {
289 switch (l2cap_pi(sk)->sec_level) {
290 case BT_SECURITY_HIGH:
291 auth_type = HCI_AT_GENERAL_BONDING_MITM;
292 break;
293 case BT_SECURITY_MEDIUM:
294 auth_type = HCI_AT_GENERAL_BONDING;
295 break;
296 default:
297 auth_type = HCI_AT_NO_BONDING;
298 break;
299 }
300 }
301
302 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
303 auth_type);
304}
305
306static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
307{
308 u8 id;
309
310
311
312
313
314
315
316 spin_lock_bh(&conn->lock);
317
318 if (++conn->tx_ident > 128)
319 conn->tx_ident = 1;
320
321 id = conn->tx_ident;
322
323 spin_unlock_bh(&conn->lock);
324
325 return id;
326}
327
328static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
329{
330 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
331
332 BT_DBG("code 0x%2.2x", code);
333
334 if (!skb)
335 return -ENOMEM;
336
337 return hci_send_acl(conn->hcon, skb, 0);
338}
339
340static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
341{
342 struct sk_buff *skb;
343 struct l2cap_hdr *lh;
344 struct l2cap_conn *conn = pi->conn;
345 int count, hlen = L2CAP_HDR_SIZE + 2;
346
347 if (pi->fcs == L2CAP_FCS_CRC16)
348 hlen += 2;
349
350 BT_DBG("pi %p, control 0x%2.2x", pi, control);
351
352 count = min_t(unsigned int, conn->mtu, hlen);
353 control |= L2CAP_CTRL_FRAME_TYPE;
354
355 skb = bt_skb_alloc(count, GFP_ATOMIC);
356 if (!skb)
357 return -ENOMEM;
358
359 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
360 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
361 lh->cid = cpu_to_le16(pi->dcid);
362 put_unaligned_le16(control, skb_put(skb, 2));
363
364 if (pi->fcs == L2CAP_FCS_CRC16) {
365 u16 fcs = crc16(0, (u8 *)lh, count - 2);
366 put_unaligned_le16(fcs, skb_put(skb, 2));
367 }
368
369 return hci_send_acl(pi->conn->hcon, skb, 0);
370}
371
372static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
373{
374 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
375 control |= L2CAP_SUPER_RCV_NOT_READY;
376 else
377 control |= L2CAP_SUPER_RCV_READY;
378
379 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
380
381 return l2cap_send_sframe(pi, control);
382}
383
384static void l2cap_do_start(struct sock *sk)
385{
386 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
387
388 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
389 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
390 return;
391
392 if (l2cap_check_security(sk)) {
393 struct l2cap_conn_req req;
394 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
395 req.psm = l2cap_pi(sk)->psm;
396
397 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
398
399 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
400 L2CAP_CONN_REQ, sizeof(req), &req);
401 }
402 } else {
403 struct l2cap_info_req req;
404 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
405
406 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
407 conn->info_ident = l2cap_get_ident(conn);
408
409 mod_timer(&conn->info_timer, jiffies +
410 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
411
412 l2cap_send_cmd(conn, conn->info_ident,
413 L2CAP_INFO_REQ, sizeof(req), &req);
414 }
415}
416
417static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
418{
419 struct l2cap_disconn_req req;
420
421 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
422 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
423 l2cap_send_cmd(conn, l2cap_get_ident(conn),
424 L2CAP_DISCONN_REQ, sizeof(req), &req);
425}
426
427
428static void l2cap_conn_start(struct l2cap_conn *conn)
429{
430 struct l2cap_chan_list *l = &conn->chan_list;
431 struct sock *sk;
432
433 BT_DBG("conn %p", conn);
434
435 read_lock(&l->lock);
436
437 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
438 bh_lock_sock(sk);
439
440 if (sk->sk_type != SOCK_SEQPACKET) {
441 bh_unlock_sock(sk);
442 continue;
443 }
444
445 if (sk->sk_state == BT_CONNECT) {
446 if (l2cap_check_security(sk)) {
447 struct l2cap_conn_req req;
448 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
449 req.psm = l2cap_pi(sk)->psm;
450
451 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
452
453 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
454 L2CAP_CONN_REQ, sizeof(req), &req);
455 }
456 } else if (sk->sk_state == BT_CONNECT2) {
457 struct l2cap_conn_rsp rsp;
458 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
459 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
460
461 if (l2cap_check_security(sk)) {
462 if (bt_sk(sk)->defer_setup) {
463 struct sock *parent = bt_sk(sk)->parent;
464 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
465 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
466 parent->sk_data_ready(parent, 0);
467
468 } else {
469 sk->sk_state = BT_CONFIG;
470 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
471 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
472 }
473 } else {
474 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
475 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
476 }
477
478 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
479 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
480 }
481
482 bh_unlock_sock(sk);
483 }
484
485 read_unlock(&l->lock);
486}
487
488static void l2cap_conn_ready(struct l2cap_conn *conn)
489{
490 struct l2cap_chan_list *l = &conn->chan_list;
491 struct sock *sk;
492
493 BT_DBG("conn %p", conn);
494
495 read_lock(&l->lock);
496
497 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
498 bh_lock_sock(sk);
499
500 if (sk->sk_type != SOCK_SEQPACKET) {
501 l2cap_sock_clear_timer(sk);
502 sk->sk_state = BT_CONNECTED;
503 sk->sk_state_change(sk);
504 } else if (sk->sk_state == BT_CONNECT)
505 l2cap_do_start(sk);
506
507 bh_unlock_sock(sk);
508 }
509
510 read_unlock(&l->lock);
511}
512
513
514static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
515{
516 struct l2cap_chan_list *l = &conn->chan_list;
517 struct sock *sk;
518
519 BT_DBG("conn %p", conn);
520
521 read_lock(&l->lock);
522
523 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
524 if (l2cap_pi(sk)->force_reliable)
525 sk->sk_err = err;
526 }
527
528 read_unlock(&l->lock);
529}
530
531static void l2cap_info_timeout(unsigned long arg)
532{
533 struct l2cap_conn *conn = (void *) arg;
534
535 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
536 conn->info_ident = 0;
537
538 l2cap_conn_start(conn);
539}
540
541static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
542{
543 struct l2cap_conn *conn = hcon->l2cap_data;
544
545 if (conn || status)
546 return conn;
547
548 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
549 if (!conn)
550 return NULL;
551
552 hcon->l2cap_data = conn;
553 conn->hcon = hcon;
554
555 BT_DBG("hcon %p conn %p", hcon, conn);
556
557 conn->mtu = hcon->hdev->acl_mtu;
558 conn->src = &hcon->hdev->bdaddr;
559 conn->dst = &hcon->dst;
560
561 conn->feat_mask = 0;
562
563 spin_lock_init(&conn->lock);
564 rwlock_init(&conn->chan_list.lock);
565
566 setup_timer(&conn->info_timer, l2cap_info_timeout,
567 (unsigned long) conn);
568
569 conn->disc_reason = 0x13;
570
571 return conn;
572}
573
574static void l2cap_conn_del(struct hci_conn *hcon, int err)
575{
576 struct l2cap_conn *conn = hcon->l2cap_data;
577 struct sock *sk;
578
579 if (!conn)
580 return;
581
582 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
583
584 kfree_skb(conn->rx_skb);
585
586
587 while ((sk = conn->chan_list.head)) {
588 bh_lock_sock(sk);
589 l2cap_chan_del(sk, err);
590 bh_unlock_sock(sk);
591 l2cap_sock_kill(sk);
592 }
593
594 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
595 del_timer_sync(&conn->info_timer);
596
597 hcon->l2cap_data = NULL;
598 kfree(conn);
599}
600
601static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
602{
603 struct l2cap_chan_list *l = &conn->chan_list;
604 write_lock_bh(&l->lock);
605 __l2cap_chan_add(conn, sk, parent);
606 write_unlock_bh(&l->lock);
607}
608
609
610static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
611{
612 struct sock *sk;
613 struct hlist_node *node;
614 sk_for_each(sk, node, &l2cap_sk_list.head)
615 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
616 goto found;
617 sk = NULL;
618found:
619 return sk;
620}
621
622
623
624
625static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
626{
627 struct sock *sk = NULL, *sk1 = NULL;
628 struct hlist_node *node;
629
630 sk_for_each(sk, node, &l2cap_sk_list.head) {
631 if (state && sk->sk_state != state)
632 continue;
633
634 if (l2cap_pi(sk)->psm == psm) {
635
636 if (!bacmp(&bt_sk(sk)->src, src))
637 break;
638
639
640 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
641 sk1 = sk;
642 }
643 }
644 return node ? sk : sk1;
645}
646
647
648
649static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
650{
651 struct sock *s;
652 read_lock(&l2cap_sk_list.lock);
653 s = __l2cap_get_sock_by_psm(state, psm, src);
654 if (s)
655 bh_lock_sock(s);
656 read_unlock(&l2cap_sk_list.lock);
657 return s;
658}
659
660static void l2cap_sock_destruct(struct sock *sk)
661{
662 BT_DBG("sk %p", sk);
663
664 skb_queue_purge(&sk->sk_receive_queue);
665 skb_queue_purge(&sk->sk_write_queue);
666}
667
668static void l2cap_sock_cleanup_listen(struct sock *parent)
669{
670 struct sock *sk;
671
672 BT_DBG("parent %p", parent);
673
674
675 while ((sk = bt_accept_dequeue(parent, NULL)))
676 l2cap_sock_close(sk);
677
678 parent->sk_state = BT_CLOSED;
679 sock_set_flag(parent, SOCK_ZAPPED);
680}
681
682
683
684
685static void l2cap_sock_kill(struct sock *sk)
686{
687 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
688 return;
689
690 BT_DBG("sk %p state %d", sk, sk->sk_state);
691
692
693 bt_sock_unlink(&l2cap_sk_list, sk);
694 sock_set_flag(sk, SOCK_DEAD);
695 sock_put(sk);
696}
697
698static void __l2cap_sock_close(struct sock *sk, int reason)
699{
700 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
701
702 switch (sk->sk_state) {
703 case BT_LISTEN:
704 l2cap_sock_cleanup_listen(sk);
705 break;
706
707 case BT_CONNECTED:
708 case BT_CONFIG:
709 if (sk->sk_type == SOCK_SEQPACKET) {
710 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
711
712 sk->sk_state = BT_DISCONN;
713 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
714 l2cap_send_disconn_req(conn, sk);
715 } else
716 l2cap_chan_del(sk, reason);
717 break;
718
719 case BT_CONNECT2:
720 if (sk->sk_type == SOCK_SEQPACKET) {
721 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
722 struct l2cap_conn_rsp rsp;
723 __u16 result;
724
725 if (bt_sk(sk)->defer_setup)
726 result = L2CAP_CR_SEC_BLOCK;
727 else
728 result = L2CAP_CR_BAD_PSM;
729
730 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
731 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
732 rsp.result = cpu_to_le16(result);
733 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
734 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
735 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
736 } else
737 l2cap_chan_del(sk, reason);
738 break;
739
740 case BT_CONNECT:
741 case BT_DISCONN:
742 l2cap_chan_del(sk, reason);
743 break;
744
745 default:
746 sock_set_flag(sk, SOCK_ZAPPED);
747 break;
748 }
749}
750
751
752static void l2cap_sock_close(struct sock *sk)
753{
754 l2cap_sock_clear_timer(sk);
755 lock_sock(sk);
756 __l2cap_sock_close(sk, ECONNRESET);
757 release_sock(sk);
758 l2cap_sock_kill(sk);
759}
760
761static void l2cap_sock_init(struct sock *sk, struct sock *parent)
762{
763 struct l2cap_pinfo *pi = l2cap_pi(sk);
764
765 BT_DBG("sk %p", sk);
766
767 if (parent) {
768 sk->sk_type = parent->sk_type;
769 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
770
771 pi->imtu = l2cap_pi(parent)->imtu;
772 pi->omtu = l2cap_pi(parent)->omtu;
773 pi->mode = l2cap_pi(parent)->mode;
774 pi->fcs = l2cap_pi(parent)->fcs;
775 pi->sec_level = l2cap_pi(parent)->sec_level;
776 pi->role_switch = l2cap_pi(parent)->role_switch;
777 pi->force_reliable = l2cap_pi(parent)->force_reliable;
778 } else {
779 pi->imtu = L2CAP_DEFAULT_MTU;
780 pi->omtu = 0;
781 pi->mode = L2CAP_MODE_BASIC;
782 pi->fcs = L2CAP_FCS_CRC16;
783 pi->sec_level = BT_SECURITY_LOW;
784 pi->role_switch = 0;
785 pi->force_reliable = 0;
786 }
787
788
789 pi->conf_len = 0;
790 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
791 skb_queue_head_init(TX_QUEUE(sk));
792 skb_queue_head_init(SREJ_QUEUE(sk));
793 INIT_LIST_HEAD(SREJ_LIST(sk));
794}
795
796static struct proto l2cap_proto = {
797 .name = "L2CAP",
798 .owner = THIS_MODULE,
799 .obj_size = sizeof(struct l2cap_pinfo)
800};
801
802static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
803{
804 struct sock *sk;
805
806 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
807 if (!sk)
808 return NULL;
809
810 sock_init_data(sock, sk);
811 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
812
813 sk->sk_destruct = l2cap_sock_destruct;
814 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
815
816 sock_reset_flag(sk, SOCK_ZAPPED);
817
818 sk->sk_protocol = proto;
819 sk->sk_state = BT_OPEN;
820
821 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
822
823 bt_sock_link(&l2cap_sk_list, sk);
824 return sk;
825}
826
827static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
828 int kern)
829{
830 struct sock *sk;
831
832 BT_DBG("sock %p", sock);
833
834 sock->state = SS_UNCONNECTED;
835
836 if (sock->type != SOCK_SEQPACKET &&
837 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
838 return -ESOCKTNOSUPPORT;
839
840 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
841 return -EPERM;
842
843 sock->ops = &l2cap_sock_ops;
844
845 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
846 if (!sk)
847 return -ENOMEM;
848
849 l2cap_sock_init(sk, NULL);
850 return 0;
851}
852
853static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
854{
855 struct sock *sk = sock->sk;
856 struct sockaddr_l2 la;
857 int len, err = 0;
858
859 BT_DBG("sk %p", sk);
860
861 if (!addr || addr->sa_family != AF_BLUETOOTH)
862 return -EINVAL;
863
864 memset(&la, 0, sizeof(la));
865 len = min_t(unsigned int, sizeof(la), alen);
866 memcpy(&la, addr, len);
867
868 if (la.l2_cid)
869 return -EINVAL;
870
871 lock_sock(sk);
872
873 if (sk->sk_state != BT_OPEN) {
874 err = -EBADFD;
875 goto done;
876 }
877
878 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
879 !capable(CAP_NET_BIND_SERVICE)) {
880 err = -EACCES;
881 goto done;
882 }
883
884 write_lock_bh(&l2cap_sk_list.lock);
885
886 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
887 err = -EADDRINUSE;
888 } else {
889
890 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
891 l2cap_pi(sk)->psm = la.l2_psm;
892 l2cap_pi(sk)->sport = la.l2_psm;
893 sk->sk_state = BT_BOUND;
894
895 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
896 __le16_to_cpu(la.l2_psm) == 0x0003)
897 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
898 }
899
900 write_unlock_bh(&l2cap_sk_list.lock);
901
902done:
903 release_sock(sk);
904 return err;
905}
906
907static int l2cap_do_connect(struct sock *sk)
908{
909 bdaddr_t *src = &bt_sk(sk)->src;
910 bdaddr_t *dst = &bt_sk(sk)->dst;
911 struct l2cap_conn *conn;
912 struct hci_conn *hcon;
913 struct hci_dev *hdev;
914 __u8 auth_type;
915 int err;
916
917 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
918 l2cap_pi(sk)->psm);
919
920 hdev = hci_get_route(dst, src);
921 if (!hdev)
922 return -EHOSTUNREACH;
923
924 hci_dev_lock_bh(hdev);
925
926 err = -ENOMEM;
927
928 if (sk->sk_type == SOCK_RAW) {
929 switch (l2cap_pi(sk)->sec_level) {
930 case BT_SECURITY_HIGH:
931 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
932 break;
933 case BT_SECURITY_MEDIUM:
934 auth_type = HCI_AT_DEDICATED_BONDING;
935 break;
936 default:
937 auth_type = HCI_AT_NO_BONDING;
938 break;
939 }
940 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
941 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
942 auth_type = HCI_AT_NO_BONDING_MITM;
943 else
944 auth_type = HCI_AT_NO_BONDING;
945
946 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
947 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
948 } else {
949 switch (l2cap_pi(sk)->sec_level) {
950 case BT_SECURITY_HIGH:
951 auth_type = HCI_AT_GENERAL_BONDING_MITM;
952 break;
953 case BT_SECURITY_MEDIUM:
954 auth_type = HCI_AT_GENERAL_BONDING;
955 break;
956 default:
957 auth_type = HCI_AT_NO_BONDING;
958 break;
959 }
960 }
961
962 hcon = hci_connect(hdev, ACL_LINK, dst,
963 l2cap_pi(sk)->sec_level, auth_type);
964 if (!hcon)
965 goto done;
966
967 conn = l2cap_conn_add(hcon, 0);
968 if (!conn) {
969 hci_conn_put(hcon);
970 goto done;
971 }
972
973 err = 0;
974
975
976 bacpy(src, conn->src);
977
978 l2cap_chan_add(conn, sk, NULL);
979
980 sk->sk_state = BT_CONNECT;
981 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
982
983 if (hcon->state == BT_CONNECTED) {
984 if (sk->sk_type != SOCK_SEQPACKET) {
985 l2cap_sock_clear_timer(sk);
986 sk->sk_state = BT_CONNECTED;
987 } else
988 l2cap_do_start(sk);
989 }
990
991done:
992 hci_dev_unlock_bh(hdev);
993 hci_dev_put(hdev);
994 return err;
995}
996
997static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
998{
999 struct sock *sk = sock->sk;
1000 struct sockaddr_l2 la;
1001 int len, err = 0;
1002
1003 BT_DBG("sk %p", sk);
1004
1005 if (!addr || alen < sizeof(addr->sa_family) ||
1006 addr->sa_family != AF_BLUETOOTH)
1007 return -EINVAL;
1008
1009 memset(&la, 0, sizeof(la));
1010 len = min_t(unsigned int, sizeof(la), alen);
1011 memcpy(&la, addr, len);
1012
1013 if (la.l2_cid)
1014 return -EINVAL;
1015
1016 lock_sock(sk);
1017
1018 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
1019 err = -EINVAL;
1020 goto done;
1021 }
1022
1023 switch (l2cap_pi(sk)->mode) {
1024 case L2CAP_MODE_BASIC:
1025 break;
1026 case L2CAP_MODE_ERTM:
1027 case L2CAP_MODE_STREAMING:
1028 if (enable_ertm)
1029 break;
1030
1031 default:
1032 err = -ENOTSUPP;
1033 goto done;
1034 }
1035
1036 switch (sk->sk_state) {
1037 case BT_CONNECT:
1038 case BT_CONNECT2:
1039 case BT_CONFIG:
1040
1041 goto wait;
1042
1043 case BT_CONNECTED:
1044
1045 goto done;
1046
1047 case BT_OPEN:
1048 case BT_BOUND:
1049
1050 break;
1051
1052 default:
1053 err = -EBADFD;
1054 goto done;
1055 }
1056
1057
1058 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1059 l2cap_pi(sk)->psm = la.l2_psm;
1060
1061 err = l2cap_do_connect(sk);
1062 if (err)
1063 goto done;
1064
1065wait:
1066 err = bt_sock_wait_state(sk, BT_CONNECTED,
1067 sock_sndtimeo(sk, flags & O_NONBLOCK));
1068done:
1069 release_sock(sk);
1070 return err;
1071}
1072
1073static int l2cap_sock_listen(struct socket *sock, int backlog)
1074{
1075 struct sock *sk = sock->sk;
1076 int err = 0;
1077
1078 BT_DBG("sk %p backlog %d", sk, backlog);
1079
1080 lock_sock(sk);
1081
1082 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1083 err = -EBADFD;
1084 goto done;
1085 }
1086
1087 switch (l2cap_pi(sk)->mode) {
1088 case L2CAP_MODE_BASIC:
1089 break;
1090 case L2CAP_MODE_ERTM:
1091 case L2CAP_MODE_STREAMING:
1092 if (enable_ertm)
1093 break;
1094
1095 default:
1096 err = -ENOTSUPP;
1097 goto done;
1098 }
1099
1100 if (!l2cap_pi(sk)->psm) {
1101 bdaddr_t *src = &bt_sk(sk)->src;
1102 u16 psm;
1103
1104 err = -EINVAL;
1105
1106 write_lock_bh(&l2cap_sk_list.lock);
1107
1108 for (psm = 0x1001; psm < 0x1100; psm += 2)
1109 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1110 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1111 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1112 err = 0;
1113 break;
1114 }
1115
1116 write_unlock_bh(&l2cap_sk_list.lock);
1117
1118 if (err < 0)
1119 goto done;
1120 }
1121
1122 sk->sk_max_ack_backlog = backlog;
1123 sk->sk_ack_backlog = 0;
1124 sk->sk_state = BT_LISTEN;
1125
1126done:
1127 release_sock(sk);
1128 return err;
1129}
1130
1131static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1132{
1133 DECLARE_WAITQUEUE(wait, current);
1134 struct sock *sk = sock->sk, *nsk;
1135 long timeo;
1136 int err = 0;
1137
1138 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1139
1140 if (sk->sk_state != BT_LISTEN) {
1141 err = -EBADFD;
1142 goto done;
1143 }
1144
1145 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1146
1147 BT_DBG("sk %p timeo %ld", sk, timeo);
1148
1149
1150 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1151 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1152 set_current_state(TASK_INTERRUPTIBLE);
1153 if (!timeo) {
1154 err = -EAGAIN;
1155 break;
1156 }
1157
1158 release_sock(sk);
1159 timeo = schedule_timeout(timeo);
1160 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1161
1162 if (sk->sk_state != BT_LISTEN) {
1163 err = -EBADFD;
1164 break;
1165 }
1166
1167 if (signal_pending(current)) {
1168 err = sock_intr_errno(timeo);
1169 break;
1170 }
1171 }
1172 set_current_state(TASK_RUNNING);
1173 remove_wait_queue(sk->sk_sleep, &wait);
1174
1175 if (err)
1176 goto done;
1177
1178 newsock->state = SS_CONNECTED;
1179
1180 BT_DBG("new socket %p", nsk);
1181
1182done:
1183 release_sock(sk);
1184 return err;
1185}
1186
1187static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1188{
1189 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1190 struct sock *sk = sock->sk;
1191
1192 BT_DBG("sock %p, sk %p", sock, sk);
1193
1194 addr->sa_family = AF_BLUETOOTH;
1195 *len = sizeof(struct sockaddr_l2);
1196
1197 if (peer) {
1198 la->l2_psm = l2cap_pi(sk)->psm;
1199 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1200 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1201 } else {
1202 la->l2_psm = l2cap_pi(sk)->sport;
1203 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1204 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1205 }
1206
1207 return 0;
1208}
1209
1210static void l2cap_monitor_timeout(unsigned long arg)
1211{
1212 struct sock *sk = (void *) arg;
1213 u16 control;
1214
1215 bh_lock_sock(sk);
1216 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1217 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1218 bh_unlock_sock(sk);
1219 return;
1220 }
1221
1222 l2cap_pi(sk)->retry_count++;
1223 __mod_monitor_timer();
1224
1225 control = L2CAP_CTRL_POLL;
1226 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1227 bh_unlock_sock(sk);
1228}
1229
1230static void l2cap_retrans_timeout(unsigned long arg)
1231{
1232 struct sock *sk = (void *) arg;
1233 u16 control;
1234
1235 bh_lock_sock(sk);
1236 l2cap_pi(sk)->retry_count = 1;
1237 __mod_monitor_timer();
1238
1239 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1240
1241 control = L2CAP_CTRL_POLL;
1242 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1243 bh_unlock_sock(sk);
1244}
1245
1246static void l2cap_drop_acked_frames(struct sock *sk)
1247{
1248 struct sk_buff *skb;
1249
1250 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1251 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1252 break;
1253
1254 skb = skb_dequeue(TX_QUEUE(sk));
1255 kfree_skb(skb);
1256
1257 l2cap_pi(sk)->unacked_frames--;
1258 }
1259
1260 if (!l2cap_pi(sk)->unacked_frames)
1261 del_timer(&l2cap_pi(sk)->retrans_timer);
1262
1263 return;
1264}
1265
1266static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1267{
1268 struct l2cap_pinfo *pi = l2cap_pi(sk);
1269 int err;
1270
1271 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1272
1273 err = hci_send_acl(pi->conn->hcon, skb, 0);
1274 if (err < 0)
1275 kfree_skb(skb);
1276
1277 return err;
1278}
1279
1280static int l2cap_streaming_send(struct sock *sk)
1281{
1282 struct sk_buff *skb, *tx_skb;
1283 struct l2cap_pinfo *pi = l2cap_pi(sk);
1284 u16 control, fcs;
1285 int err;
1286
1287 while ((skb = sk->sk_send_head)) {
1288 tx_skb = skb_clone(skb, GFP_ATOMIC);
1289
1290 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1291 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1292 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1293
1294 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1295 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1296 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1297 }
1298
1299 err = l2cap_do_send(sk, tx_skb);
1300 if (err < 0) {
1301 l2cap_send_disconn_req(pi->conn, sk);
1302 return err;
1303 }
1304
1305 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1306
1307 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1308 sk->sk_send_head = NULL;
1309 else
1310 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1311
1312 skb = skb_dequeue(TX_QUEUE(sk));
1313 kfree_skb(skb);
1314 }
1315 return 0;
1316}
1317
1318static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1319{
1320 struct l2cap_pinfo *pi = l2cap_pi(sk);
1321 struct sk_buff *skb, *tx_skb;
1322 u16 control, fcs;
1323 int err;
1324
1325 skb = skb_peek(TX_QUEUE(sk));
1326 do {
1327 if (bt_cb(skb)->tx_seq != tx_seq) {
1328 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1329 break;
1330 skb = skb_queue_next(TX_QUEUE(sk), skb);
1331 continue;
1332 }
1333
1334 if (pi->remote_max_tx &&
1335 bt_cb(skb)->retries == pi->remote_max_tx) {
1336 l2cap_send_disconn_req(pi->conn, sk);
1337 break;
1338 }
1339
1340 tx_skb = skb_clone(skb, GFP_ATOMIC);
1341 bt_cb(skb)->retries++;
1342 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1343 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1344 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1345 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1346
1347 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1348 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1349 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1350 }
1351
1352 err = l2cap_do_send(sk, tx_skb);
1353 if (err < 0) {
1354 l2cap_send_disconn_req(pi->conn, sk);
1355 return err;
1356 }
1357 break;
1358 } while(1);
1359 return 0;
1360}
1361
1362static int l2cap_ertm_send(struct sock *sk)
1363{
1364 struct sk_buff *skb, *tx_skb;
1365 struct l2cap_pinfo *pi = l2cap_pi(sk);
1366 u16 control, fcs;
1367 int err;
1368
1369 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1370 return 0;
1371
1372 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1373 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1374
1375 if (pi->remote_max_tx &&
1376 bt_cb(skb)->retries == pi->remote_max_tx) {
1377 l2cap_send_disconn_req(pi->conn, sk);
1378 break;
1379 }
1380
1381 tx_skb = skb_clone(skb, GFP_ATOMIC);
1382
1383 bt_cb(skb)->retries++;
1384
1385 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1386 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1387 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1388 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1389
1390
1391 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1392 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1393 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1394 }
1395
1396 err = l2cap_do_send(sk, tx_skb);
1397 if (err < 0) {
1398 l2cap_send_disconn_req(pi->conn, sk);
1399 return err;
1400 }
1401 __mod_retrans_timer();
1402
1403 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1404 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1405
1406 pi->unacked_frames++;
1407
1408 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1409 sk->sk_send_head = NULL;
1410 else
1411 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1412 }
1413
1414 return 0;
1415}
1416
1417static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1418{
1419 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1420 struct sk_buff **frag;
1421 int err, sent = 0;
1422
1423 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1424 return -EFAULT;
1425 }
1426
1427 sent += count;
1428 len -= count;
1429
1430
1431 frag = &skb_shinfo(skb)->frag_list;
1432 while (len) {
1433 count = min_t(unsigned int, conn->mtu, len);
1434
1435 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1436 if (!*frag)
1437 return -EFAULT;
1438 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1439 return -EFAULT;
1440
1441 sent += count;
1442 len -= count;
1443
1444 frag = &(*frag)->next;
1445 }
1446
1447 return sent;
1448}
1449
1450static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1451{
1452 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1453 struct sk_buff *skb;
1454 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1455 struct l2cap_hdr *lh;
1456
1457 BT_DBG("sk %p len %d", sk, (int)len);
1458
1459 count = min_t(unsigned int, (conn->mtu - hlen), len);
1460 skb = bt_skb_send_alloc(sk, count + hlen,
1461 msg->msg_flags & MSG_DONTWAIT, &err);
1462 if (!skb)
1463 return ERR_PTR(-ENOMEM);
1464
1465
1466 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1467 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1468 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1469 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1470
1471 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1472 if (unlikely(err < 0)) {
1473 kfree_skb(skb);
1474 return ERR_PTR(err);
1475 }
1476 return skb;
1477}
1478
1479static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1480{
1481 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1482 struct sk_buff *skb;
1483 int err, count, hlen = L2CAP_HDR_SIZE;
1484 struct l2cap_hdr *lh;
1485
1486 BT_DBG("sk %p len %d", sk, (int)len);
1487
1488 count = min_t(unsigned int, (conn->mtu - hlen), len);
1489 skb = bt_skb_send_alloc(sk, count + hlen,
1490 msg->msg_flags & MSG_DONTWAIT, &err);
1491 if (!skb)
1492 return ERR_PTR(-ENOMEM);
1493
1494
1495 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1496 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1497 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1498
1499 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1500 if (unlikely(err < 0)) {
1501 kfree_skb(skb);
1502 return ERR_PTR(err);
1503 }
1504 return skb;
1505}
1506
1507static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1508{
1509 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1510 struct sk_buff *skb;
1511 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1512 struct l2cap_hdr *lh;
1513
1514 BT_DBG("sk %p len %d", sk, (int)len);
1515
1516 if (sdulen)
1517 hlen += 2;
1518
1519 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1520 hlen += 2;
1521
1522 count = min_t(unsigned int, (conn->mtu - hlen), len);
1523 skb = bt_skb_send_alloc(sk, count + hlen,
1524 msg->msg_flags & MSG_DONTWAIT, &err);
1525 if (!skb)
1526 return ERR_PTR(-ENOMEM);
1527
1528
1529 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1530 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1531 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1532 put_unaligned_le16(control, skb_put(skb, 2));
1533 if (sdulen)
1534 put_unaligned_le16(sdulen, skb_put(skb, 2));
1535
1536 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1537 if (unlikely(err < 0)) {
1538 kfree_skb(skb);
1539 return ERR_PTR(err);
1540 }
1541
1542 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1543 put_unaligned_le16(0, skb_put(skb, 2));
1544
1545 bt_cb(skb)->retries = 0;
1546 return skb;
1547}
1548
1549static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1550{
1551 struct l2cap_pinfo *pi = l2cap_pi(sk);
1552 struct sk_buff *skb;
1553 struct sk_buff_head sar_queue;
1554 u16 control;
1555 size_t size = 0;
1556
1557 __skb_queue_head_init(&sar_queue);
1558 control = L2CAP_SDU_START;
1559 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1560 if (IS_ERR(skb))
1561 return PTR_ERR(skb);
1562
1563 __skb_queue_tail(&sar_queue, skb);
1564 len -= pi->max_pdu_size;
1565 size +=pi->max_pdu_size;
1566 control = 0;
1567
1568 while (len > 0) {
1569 size_t buflen;
1570
1571 if (len > pi->max_pdu_size) {
1572 control |= L2CAP_SDU_CONTINUE;
1573 buflen = pi->max_pdu_size;
1574 } else {
1575 control |= L2CAP_SDU_END;
1576 buflen = len;
1577 }
1578
1579 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1580 if (IS_ERR(skb)) {
1581 skb_queue_purge(&sar_queue);
1582 return PTR_ERR(skb);
1583 }
1584
1585 __skb_queue_tail(&sar_queue, skb);
1586 len -= buflen;
1587 size += buflen;
1588 control = 0;
1589 }
1590 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1591 if (sk->sk_send_head == NULL)
1592 sk->sk_send_head = sar_queue.next;
1593
1594 return size;
1595}
1596
1597static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1598{
1599 struct sock *sk = sock->sk;
1600 struct l2cap_pinfo *pi = l2cap_pi(sk);
1601 struct sk_buff *skb;
1602 u16 control;
1603 int err;
1604
1605 BT_DBG("sock %p, sk %p", sock, sk);
1606
1607 err = sock_error(sk);
1608 if (err)
1609 return err;
1610
1611 if (msg->msg_flags & MSG_OOB)
1612 return -EOPNOTSUPP;
1613
1614
1615 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC &&
1616 len > pi->omtu)
1617 return -EINVAL;
1618
1619 lock_sock(sk);
1620
1621 if (sk->sk_state != BT_CONNECTED) {
1622 err = -ENOTCONN;
1623 goto done;
1624 }
1625
1626
1627 if (sk->sk_type == SOCK_DGRAM) {
1628 skb = l2cap_create_connless_pdu(sk, msg, len);
1629 if (IS_ERR(skb))
1630 err = PTR_ERR(skb);
1631 else
1632 err = l2cap_do_send(sk, skb);
1633 goto done;
1634 }
1635
1636 switch (pi->mode) {
1637 case L2CAP_MODE_BASIC:
1638
1639 skb = l2cap_create_basic_pdu(sk, msg, len);
1640 if (IS_ERR(skb)) {
1641 err = PTR_ERR(skb);
1642 goto done;
1643 }
1644
1645 err = l2cap_do_send(sk, skb);
1646 if (!err)
1647 err = len;
1648 break;
1649
1650 case L2CAP_MODE_ERTM:
1651 case L2CAP_MODE_STREAMING:
1652
1653 if (len <= pi->max_pdu_size) {
1654 control = L2CAP_SDU_UNSEGMENTED;
1655 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1656 if (IS_ERR(skb)) {
1657 err = PTR_ERR(skb);
1658 goto done;
1659 }
1660 __skb_queue_tail(TX_QUEUE(sk), skb);
1661 if (sk->sk_send_head == NULL)
1662 sk->sk_send_head = skb;
1663 } else {
1664
1665 err = l2cap_sar_segment_sdu(sk, msg, len);
1666 if (err < 0)
1667 goto done;
1668 }
1669
1670 if (pi->mode == L2CAP_MODE_STREAMING)
1671 err = l2cap_streaming_send(sk);
1672 else
1673 err = l2cap_ertm_send(sk);
1674
1675 if (!err)
1676 err = len;
1677 break;
1678
1679 default:
1680 BT_DBG("bad state %1.1x", pi->mode);
1681 err = -EINVAL;
1682 }
1683
1684done:
1685 release_sock(sk);
1686 return err;
1687}
1688
1689static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1690{
1691 struct sock *sk = sock->sk;
1692
1693 lock_sock(sk);
1694
1695 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1696 struct l2cap_conn_rsp rsp;
1697
1698 sk->sk_state = BT_CONFIG;
1699
1700 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1701 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1702 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1703 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1704 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1705 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1706
1707 release_sock(sk);
1708 return 0;
1709 }
1710
1711 release_sock(sk);
1712
1713 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1714}
1715
1716static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1717{
1718 struct sock *sk = sock->sk;
1719 struct l2cap_options opts;
1720 int len, err = 0;
1721 u32 opt;
1722
1723 BT_DBG("sk %p", sk);
1724
1725 lock_sock(sk);
1726
1727 switch (optname) {
1728 case L2CAP_OPTIONS:
1729 opts.imtu = l2cap_pi(sk)->imtu;
1730 opts.omtu = l2cap_pi(sk)->omtu;
1731 opts.flush_to = l2cap_pi(sk)->flush_to;
1732 opts.mode = l2cap_pi(sk)->mode;
1733 opts.fcs = l2cap_pi(sk)->fcs;
1734
1735 len = min_t(unsigned int, sizeof(opts), optlen);
1736 if (copy_from_user((char *) &opts, optval, len)) {
1737 err = -EFAULT;
1738 break;
1739 }
1740
1741 l2cap_pi(sk)->imtu = opts.imtu;
1742 l2cap_pi(sk)->omtu = opts.omtu;
1743 l2cap_pi(sk)->mode = opts.mode;
1744 l2cap_pi(sk)->fcs = opts.fcs;
1745 break;
1746
1747 case L2CAP_LM:
1748 if (get_user(opt, (u32 __user *) optval)) {
1749 err = -EFAULT;
1750 break;
1751 }
1752
1753 if (opt & L2CAP_LM_AUTH)
1754 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1755 if (opt & L2CAP_LM_ENCRYPT)
1756 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1757 if (opt & L2CAP_LM_SECURE)
1758 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1759
1760 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1761 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1762 break;
1763
1764 default:
1765 err = -ENOPROTOOPT;
1766 break;
1767 }
1768
1769 release_sock(sk);
1770 return err;
1771}
1772
1773static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
1774{
1775 struct sock *sk = sock->sk;
1776 struct bt_security sec;
1777 int len, err = 0;
1778 u32 opt;
1779
1780 BT_DBG("sk %p", sk);
1781
1782 if (level == SOL_L2CAP)
1783 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1784
1785 if (level != SOL_BLUETOOTH)
1786 return -ENOPROTOOPT;
1787
1788 lock_sock(sk);
1789
1790 switch (optname) {
1791 case BT_SECURITY:
1792 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1793 err = -EINVAL;
1794 break;
1795 }
1796
1797 sec.level = BT_SECURITY_LOW;
1798
1799 len = min_t(unsigned int, sizeof(sec), optlen);
1800 if (copy_from_user((char *) &sec, optval, len)) {
1801 err = -EFAULT;
1802 break;
1803 }
1804
1805 if (sec.level < BT_SECURITY_LOW ||
1806 sec.level > BT_SECURITY_HIGH) {
1807 err = -EINVAL;
1808 break;
1809 }
1810
1811 l2cap_pi(sk)->sec_level = sec.level;
1812 break;
1813
1814 case BT_DEFER_SETUP:
1815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1816 err = -EINVAL;
1817 break;
1818 }
1819
1820 if (get_user(opt, (u32 __user *) optval)) {
1821 err = -EFAULT;
1822 break;
1823 }
1824
1825 bt_sk(sk)->defer_setup = opt;
1826 break;
1827
1828 default:
1829 err = -ENOPROTOOPT;
1830 break;
1831 }
1832
1833 release_sock(sk);
1834 return err;
1835}
1836
1837static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1838{
1839 struct sock *sk = sock->sk;
1840 struct l2cap_options opts;
1841 struct l2cap_conninfo cinfo;
1842 int len, err = 0;
1843 u32 opt;
1844
1845 BT_DBG("sk %p", sk);
1846
1847 if (get_user(len, optlen))
1848 return -EFAULT;
1849
1850 lock_sock(sk);
1851
1852 switch (optname) {
1853 case L2CAP_OPTIONS:
1854 opts.imtu = l2cap_pi(sk)->imtu;
1855 opts.omtu = l2cap_pi(sk)->omtu;
1856 opts.flush_to = l2cap_pi(sk)->flush_to;
1857 opts.mode = l2cap_pi(sk)->mode;
1858 opts.fcs = l2cap_pi(sk)->fcs;
1859
1860 len = min_t(unsigned int, len, sizeof(opts));
1861 if (copy_to_user(optval, (char *) &opts, len))
1862 err = -EFAULT;
1863
1864 break;
1865
1866 case L2CAP_LM:
1867 switch (l2cap_pi(sk)->sec_level) {
1868 case BT_SECURITY_LOW:
1869 opt = L2CAP_LM_AUTH;
1870 break;
1871 case BT_SECURITY_MEDIUM:
1872 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1873 break;
1874 case BT_SECURITY_HIGH:
1875 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1876 L2CAP_LM_SECURE;
1877 break;
1878 default:
1879 opt = 0;
1880 break;
1881 }
1882
1883 if (l2cap_pi(sk)->role_switch)
1884 opt |= L2CAP_LM_MASTER;
1885
1886 if (l2cap_pi(sk)->force_reliable)
1887 opt |= L2CAP_LM_RELIABLE;
1888
1889 if (put_user(opt, (u32 __user *) optval))
1890 err = -EFAULT;
1891 break;
1892
1893 case L2CAP_CONNINFO:
1894 if (sk->sk_state != BT_CONNECTED &&
1895 !(sk->sk_state == BT_CONNECT2 &&
1896 bt_sk(sk)->defer_setup)) {
1897 err = -ENOTCONN;
1898 break;
1899 }
1900
1901 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1902 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1903
1904 len = min_t(unsigned int, len, sizeof(cinfo));
1905 if (copy_to_user(optval, (char *) &cinfo, len))
1906 err = -EFAULT;
1907
1908 break;
1909
1910 default:
1911 err = -ENOPROTOOPT;
1912 break;
1913 }
1914
1915 release_sock(sk);
1916 return err;
1917}
1918
1919static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1920{
1921 struct sock *sk = sock->sk;
1922 struct bt_security sec;
1923 int len, err = 0;
1924
1925 BT_DBG("sk %p", sk);
1926
1927 if (level == SOL_L2CAP)
1928 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1929
1930 if (level != SOL_BLUETOOTH)
1931 return -ENOPROTOOPT;
1932
1933 if (get_user(len, optlen))
1934 return -EFAULT;
1935
1936 lock_sock(sk);
1937
1938 switch (optname) {
1939 case BT_SECURITY:
1940 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1941 err = -EINVAL;
1942 break;
1943 }
1944
1945 sec.level = l2cap_pi(sk)->sec_level;
1946
1947 len = min_t(unsigned int, len, sizeof(sec));
1948 if (copy_to_user(optval, (char *) &sec, len))
1949 err = -EFAULT;
1950
1951 break;
1952
1953 case BT_DEFER_SETUP:
1954 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1955 err = -EINVAL;
1956 break;
1957 }
1958
1959 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1960 err = -EFAULT;
1961
1962 break;
1963
1964 default:
1965 err = -ENOPROTOOPT;
1966 break;
1967 }
1968
1969 release_sock(sk);
1970 return err;
1971}
1972
1973static int l2cap_sock_shutdown(struct socket *sock, int how)
1974{
1975 struct sock *sk = sock->sk;
1976 int err = 0;
1977
1978 BT_DBG("sock %p, sk %p", sock, sk);
1979
1980 if (!sk)
1981 return 0;
1982
1983 lock_sock(sk);
1984 if (!sk->sk_shutdown) {
1985 sk->sk_shutdown = SHUTDOWN_MASK;
1986 l2cap_sock_clear_timer(sk);
1987 __l2cap_sock_close(sk, 0);
1988
1989 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1990 err = bt_sock_wait_state(sk, BT_CLOSED,
1991 sk->sk_lingertime);
1992 }
1993 release_sock(sk);
1994 return err;
1995}
1996
1997static int l2cap_sock_release(struct socket *sock)
1998{
1999 struct sock *sk = sock->sk;
2000 int err;
2001
2002 BT_DBG("sock %p, sk %p", sock, sk);
2003
2004 if (!sk)
2005 return 0;
2006
2007 err = l2cap_sock_shutdown(sock, 2);
2008
2009 sock_orphan(sk);
2010 l2cap_sock_kill(sk);
2011 return err;
2012}
2013
2014static void l2cap_chan_ready(struct sock *sk)
2015{
2016 struct sock *parent = bt_sk(sk)->parent;
2017
2018 BT_DBG("sk %p, parent %p", sk, parent);
2019
2020 l2cap_pi(sk)->conf_state = 0;
2021 l2cap_sock_clear_timer(sk);
2022
2023 if (!parent) {
2024
2025
2026
2027 sk->sk_state = BT_CONNECTED;
2028 sk->sk_state_change(sk);
2029 } else {
2030
2031
2032
2033 parent->sk_data_ready(parent, 0);
2034 }
2035}
2036
2037
2038static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2039{
2040 struct l2cap_chan_list *l = &conn->chan_list;
2041 struct sk_buff *nskb;
2042 struct sock *sk;
2043
2044 BT_DBG("conn %p", conn);
2045
2046 read_lock(&l->lock);
2047 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2048 if (sk->sk_type != SOCK_RAW)
2049 continue;
2050
2051
2052 if (skb->sk == sk)
2053 continue;
2054 nskb = skb_clone(skb, GFP_ATOMIC);
2055 if (!nskb)
2056 continue;
2057
2058 if (sock_queue_rcv_skb(sk, nskb))
2059 kfree_skb(nskb);
2060 }
2061 read_unlock(&l->lock);
2062}
2063
2064
2065static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2066 u8 code, u8 ident, u16 dlen, void *data)
2067{
2068 struct sk_buff *skb, **frag;
2069 struct l2cap_cmd_hdr *cmd;
2070 struct l2cap_hdr *lh;
2071 int len, count;
2072
2073 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2074 conn, code, ident, dlen);
2075
2076 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2077 count = min_t(unsigned int, conn->mtu, len);
2078
2079 skb = bt_skb_alloc(count, GFP_ATOMIC);
2080 if (!skb)
2081 return NULL;
2082
2083 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2084 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2085 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2086
2087 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2088 cmd->code = code;
2089 cmd->ident = ident;
2090 cmd->len = cpu_to_le16(dlen);
2091
2092 if (dlen) {
2093 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2094 memcpy(skb_put(skb, count), data, count);
2095 data += count;
2096 }
2097
2098 len -= skb->len;
2099
2100
2101 frag = &skb_shinfo(skb)->frag_list;
2102 while (len) {
2103 count = min_t(unsigned int, conn->mtu, len);
2104
2105 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2106 if (!*frag)
2107 goto fail;
2108
2109 memcpy(skb_put(*frag, count), data, count);
2110
2111 len -= count;
2112 data += count;
2113
2114 frag = &(*frag)->next;
2115 }
2116
2117 return skb;
2118
2119fail:
2120 kfree_skb(skb);
2121 return NULL;
2122}
2123
2124static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2125{
2126 struct l2cap_conf_opt *opt = *ptr;
2127 int len;
2128
2129 len = L2CAP_CONF_OPT_SIZE + opt->len;
2130 *ptr += len;
2131
2132 *type = opt->type;
2133 *olen = opt->len;
2134
2135 switch (opt->len) {
2136 case 1:
2137 *val = *((u8 *) opt->val);
2138 break;
2139
2140 case 2:
2141 *val = __le16_to_cpu(*((__le16 *) opt->val));
2142 break;
2143
2144 case 4:
2145 *val = __le32_to_cpu(*((__le32 *) opt->val));
2146 break;
2147
2148 default:
2149 *val = (unsigned long) opt->val;
2150 break;
2151 }
2152
2153 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2154 return len;
2155}
2156
2157static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2158{
2159 struct l2cap_conf_opt *opt = *ptr;
2160
2161 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2162
2163 opt->type = type;
2164 opt->len = len;
2165
2166 switch (len) {
2167 case 1:
2168 *((u8 *) opt->val) = val;
2169 break;
2170
2171 case 2:
2172 *((__le16 *) opt->val) = cpu_to_le16(val);
2173 break;
2174
2175 case 4:
2176 *((__le32 *) opt->val) = cpu_to_le32(val);
2177 break;
2178
2179 default:
2180 memcpy(opt->val, (void *) val, len);
2181 break;
2182 }
2183
2184 *ptr += L2CAP_CONF_OPT_SIZE + len;
2185}
2186
2187static inline void l2cap_ertm_init(struct sock *sk)
2188{
2189 l2cap_pi(sk)->expected_ack_seq = 0;
2190 l2cap_pi(sk)->unacked_frames = 0;
2191 l2cap_pi(sk)->buffer_seq = 0;
2192 l2cap_pi(sk)->num_to_ack = 0;
2193
2194 setup_timer(&l2cap_pi(sk)->retrans_timer,
2195 l2cap_retrans_timeout, (unsigned long) sk);
2196 setup_timer(&l2cap_pi(sk)->monitor_timer,
2197 l2cap_monitor_timeout, (unsigned long) sk);
2198
2199 __skb_queue_head_init(SREJ_QUEUE(sk));
2200}
2201
2202static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2203{
2204 u32 local_feat_mask = l2cap_feat_mask;
2205 if (enable_ertm)
2206 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2207
2208 switch (mode) {
2209 case L2CAP_MODE_ERTM:
2210 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2211 case L2CAP_MODE_STREAMING:
2212 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2213 default:
2214 return 0x00;
2215 }
2216}
2217
2218static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2219{
2220 switch (mode) {
2221 case L2CAP_MODE_STREAMING:
2222 case L2CAP_MODE_ERTM:
2223 if (l2cap_mode_supported(mode, remote_feat_mask))
2224 return mode;
2225
2226 default:
2227 return L2CAP_MODE_BASIC;
2228 }
2229}
2230
2231static int l2cap_build_conf_req(struct sock *sk, void *data)
2232{
2233 struct l2cap_pinfo *pi = l2cap_pi(sk);
2234 struct l2cap_conf_req *req = data;
2235 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2236 void *ptr = req->data;
2237
2238 BT_DBG("sk %p", sk);
2239
2240 if (pi->num_conf_req || pi->num_conf_rsp)
2241 goto done;
2242
2243 switch (pi->mode) {
2244 case L2CAP_MODE_STREAMING:
2245 case L2CAP_MODE_ERTM:
2246 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2247 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2248 l2cap_send_disconn_req(pi->conn, sk);
2249 break;
2250 default:
2251 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2252 break;
2253 }
2254
2255done:
2256 switch (pi->mode) {
2257 case L2CAP_MODE_BASIC:
2258 if (pi->imtu != L2CAP_DEFAULT_MTU)
2259 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2260 break;
2261
2262 case L2CAP_MODE_ERTM:
2263 rfc.mode = L2CAP_MODE_ERTM;
2264 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2265 rfc.max_transmit = max_transmit;
2266 rfc.retrans_timeout = 0;
2267 rfc.monitor_timeout = 0;
2268 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2269
2270 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2271 sizeof(rfc), (unsigned long) &rfc);
2272
2273 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2274 break;
2275
2276 if (pi->fcs == L2CAP_FCS_NONE ||
2277 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2278 pi->fcs = L2CAP_FCS_NONE;
2279 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2280 }
2281 break;
2282
2283 case L2CAP_MODE_STREAMING:
2284 rfc.mode = L2CAP_MODE_STREAMING;
2285 rfc.txwin_size = 0;
2286 rfc.max_transmit = 0;
2287 rfc.retrans_timeout = 0;
2288 rfc.monitor_timeout = 0;
2289 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2290
2291 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2292 sizeof(rfc), (unsigned long) &rfc);
2293
2294 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2295 break;
2296
2297 if (pi->fcs == L2CAP_FCS_NONE ||
2298 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2299 pi->fcs = L2CAP_FCS_NONE;
2300 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2301 }
2302 break;
2303 }
2304
2305
2306
2307
2308
2309 req->dcid = cpu_to_le16(pi->dcid);
2310 req->flags = cpu_to_le16(0);
2311
2312 return ptr - data;
2313}
2314
2315static int l2cap_parse_conf_req(struct sock *sk, void *data)
2316{
2317 struct l2cap_pinfo *pi = l2cap_pi(sk);
2318 struct l2cap_conf_rsp *rsp = data;
2319 void *ptr = rsp->data;
2320 void *req = pi->conf_req;
2321 int len = pi->conf_len;
2322 int type, hint, olen;
2323 unsigned long val;
2324 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2325 u16 mtu = L2CAP_DEFAULT_MTU;
2326 u16 result = L2CAP_CONF_SUCCESS;
2327
2328 BT_DBG("sk %p", sk);
2329
2330 while (len >= L2CAP_CONF_OPT_SIZE) {
2331 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2332
2333 hint = type & L2CAP_CONF_HINT;
2334 type &= L2CAP_CONF_MASK;
2335
2336 switch (type) {
2337 case L2CAP_CONF_MTU:
2338 mtu = val;
2339 break;
2340
2341 case L2CAP_CONF_FLUSH_TO:
2342 pi->flush_to = val;
2343 break;
2344
2345 case L2CAP_CONF_QOS:
2346 break;
2347
2348 case L2CAP_CONF_RFC:
2349 if (olen == sizeof(rfc))
2350 memcpy(&rfc, (void *) val, olen);
2351 break;
2352
2353 case L2CAP_CONF_FCS:
2354 if (val == L2CAP_FCS_NONE)
2355 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2356
2357 break;
2358
2359 default:
2360 if (hint)
2361 break;
2362
2363 result = L2CAP_CONF_UNKNOWN;
2364 *((u8 *) ptr++) = type;
2365 break;
2366 }
2367 }
2368
2369 if (pi->num_conf_rsp || pi->num_conf_req)
2370 goto done;
2371
2372 switch (pi->mode) {
2373 case L2CAP_MODE_STREAMING:
2374 case L2CAP_MODE_ERTM:
2375 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2376 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2377 return -ECONNREFUSED;
2378 break;
2379 default:
2380 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2381 break;
2382 }
2383
2384done:
2385 if (pi->mode != rfc.mode) {
2386 result = L2CAP_CONF_UNACCEPT;
2387 rfc.mode = pi->mode;
2388
2389 if (pi->num_conf_rsp == 1)
2390 return -ECONNREFUSED;
2391
2392 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2393 sizeof(rfc), (unsigned long) &rfc);
2394 }
2395
2396
2397 if (result == L2CAP_CONF_SUCCESS) {
2398
2399
2400
2401 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2402 result = L2CAP_CONF_UNACCEPT;
2403 else {
2404 pi->omtu = mtu;
2405 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2406 }
2407 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2408
2409 switch (rfc.mode) {
2410 case L2CAP_MODE_BASIC:
2411 pi->fcs = L2CAP_FCS_NONE;
2412 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2413 break;
2414
2415 case L2CAP_MODE_ERTM:
2416 pi->remote_tx_win = rfc.txwin_size;
2417 pi->remote_max_tx = rfc.max_transmit;
2418 pi->max_pdu_size = rfc.max_pdu_size;
2419
2420 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2421 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2422
2423 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2424
2425 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2426 sizeof(rfc), (unsigned long) &rfc);
2427
2428 break;
2429
2430 case L2CAP_MODE_STREAMING:
2431 pi->remote_tx_win = rfc.txwin_size;
2432 pi->max_pdu_size = rfc.max_pdu_size;
2433
2434 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2435
2436 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2437 sizeof(rfc), (unsigned long) &rfc);
2438
2439 break;
2440
2441 default:
2442 result = L2CAP_CONF_UNACCEPT;
2443
2444 memset(&rfc, 0, sizeof(rfc));
2445 rfc.mode = pi->mode;
2446 }
2447
2448 if (result == L2CAP_CONF_SUCCESS)
2449 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2450 }
2451 rsp->scid = cpu_to_le16(pi->dcid);
2452 rsp->result = cpu_to_le16(result);
2453 rsp->flags = cpu_to_le16(0x0000);
2454
2455 return ptr - data;
2456}
2457
2458static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2459{
2460 struct l2cap_pinfo *pi = l2cap_pi(sk);
2461 struct l2cap_conf_req *req = data;
2462 void *ptr = req->data;
2463 int type, olen;
2464 unsigned long val;
2465 struct l2cap_conf_rfc rfc;
2466
2467 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2468
2469 while (len >= L2CAP_CONF_OPT_SIZE) {
2470 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2471
2472 switch (type) {
2473 case L2CAP_CONF_MTU:
2474 if (val < L2CAP_DEFAULT_MIN_MTU) {
2475 *result = L2CAP_CONF_UNACCEPT;
2476 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2477 } else
2478 pi->omtu = val;
2479 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2480 break;
2481
2482 case L2CAP_CONF_FLUSH_TO:
2483 pi->flush_to = val;
2484 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2485 2, pi->flush_to);
2486 break;
2487
2488 case L2CAP_CONF_RFC:
2489 if (olen == sizeof(rfc))
2490 memcpy(&rfc, (void *)val, olen);
2491
2492 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2493 rfc.mode != pi->mode)
2494 return -ECONNREFUSED;
2495
2496 pi->mode = rfc.mode;
2497 pi->fcs = 0;
2498
2499 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2500 sizeof(rfc), (unsigned long) &rfc);
2501 break;
2502 }
2503 }
2504
2505 if (*result == L2CAP_CONF_SUCCESS) {
2506 switch (rfc.mode) {
2507 case L2CAP_MODE_ERTM:
2508 pi->remote_tx_win = rfc.txwin_size;
2509 pi->retrans_timeout = rfc.retrans_timeout;
2510 pi->monitor_timeout = rfc.monitor_timeout;
2511 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2512 break;
2513 case L2CAP_MODE_STREAMING:
2514 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2515 break;
2516 }
2517 }
2518
2519 req->dcid = cpu_to_le16(pi->dcid);
2520 req->flags = cpu_to_le16(0x0000);
2521
2522 return ptr - data;
2523}
2524
2525static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2526{
2527 struct l2cap_conf_rsp *rsp = data;
2528 void *ptr = rsp->data;
2529
2530 BT_DBG("sk %p", sk);
2531
2532 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2533 rsp->result = cpu_to_le16(result);
2534 rsp->flags = cpu_to_le16(flags);
2535
2536 return ptr - data;
2537}
2538
2539static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2540{
2541 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2542
2543 if (rej->reason != 0x0000)
2544 return 0;
2545
2546 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2547 cmd->ident == conn->info_ident) {
2548 del_timer(&conn->info_timer);
2549
2550 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2551 conn->info_ident = 0;
2552
2553 l2cap_conn_start(conn);
2554 }
2555
2556 return 0;
2557}
2558
2559static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2560{
2561 struct l2cap_chan_list *list = &conn->chan_list;
2562 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2563 struct l2cap_conn_rsp rsp;
2564 struct sock *sk, *parent;
2565 int result, status = L2CAP_CS_NO_INFO;
2566
2567 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2568 __le16 psm = req->psm;
2569
2570 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2571
2572
2573 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2574 if (!parent) {
2575 result = L2CAP_CR_BAD_PSM;
2576 goto sendresp;
2577 }
2578
2579
2580 if (psm != cpu_to_le16(0x0001) &&
2581 !hci_conn_check_link_mode(conn->hcon)) {
2582 conn->disc_reason = 0x05;
2583 result = L2CAP_CR_SEC_BLOCK;
2584 goto response;
2585 }
2586
2587 result = L2CAP_CR_NO_MEM;
2588
2589
2590 if (sk_acceptq_is_full(parent)) {
2591 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2592 goto response;
2593 }
2594
2595 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2596 if (!sk)
2597 goto response;
2598
2599 write_lock_bh(&list->lock);
2600
2601
2602 if (__l2cap_get_chan_by_dcid(list, scid)) {
2603 write_unlock_bh(&list->lock);
2604 sock_set_flag(sk, SOCK_ZAPPED);
2605 l2cap_sock_kill(sk);
2606 goto response;
2607 }
2608
2609 hci_conn_hold(conn->hcon);
2610
2611 l2cap_sock_init(sk, parent);
2612 bacpy(&bt_sk(sk)->src, conn->src);
2613 bacpy(&bt_sk(sk)->dst, conn->dst);
2614 l2cap_pi(sk)->psm = psm;
2615 l2cap_pi(sk)->dcid = scid;
2616
2617 __l2cap_chan_add(conn, sk, parent);
2618 dcid = l2cap_pi(sk)->scid;
2619
2620 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2621
2622 l2cap_pi(sk)->ident = cmd->ident;
2623
2624 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2625 if (l2cap_check_security(sk)) {
2626 if (bt_sk(sk)->defer_setup) {
2627 sk->sk_state = BT_CONNECT2;
2628 result = L2CAP_CR_PEND;
2629 status = L2CAP_CS_AUTHOR_PEND;
2630 parent->sk_data_ready(parent, 0);
2631 } else {
2632 sk->sk_state = BT_CONFIG;
2633 result = L2CAP_CR_SUCCESS;
2634 status = L2CAP_CS_NO_INFO;
2635 }
2636 } else {
2637 sk->sk_state = BT_CONNECT2;
2638 result = L2CAP_CR_PEND;
2639 status = L2CAP_CS_AUTHEN_PEND;
2640 }
2641 } else {
2642 sk->sk_state = BT_CONNECT2;
2643 result = L2CAP_CR_PEND;
2644 status = L2CAP_CS_NO_INFO;
2645 }
2646
2647 write_unlock_bh(&list->lock);
2648
2649response:
2650 bh_unlock_sock(parent);
2651
2652sendresp:
2653 rsp.scid = cpu_to_le16(scid);
2654 rsp.dcid = cpu_to_le16(dcid);
2655 rsp.result = cpu_to_le16(result);
2656 rsp.status = cpu_to_le16(status);
2657 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2658
2659 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2660 struct l2cap_info_req info;
2661 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2662
2663 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2664 conn->info_ident = l2cap_get_ident(conn);
2665
2666 mod_timer(&conn->info_timer, jiffies +
2667 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2668
2669 l2cap_send_cmd(conn, conn->info_ident,
2670 L2CAP_INFO_REQ, sizeof(info), &info);
2671 }
2672
2673 return 0;
2674}
2675
2676static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2677{
2678 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2679 u16 scid, dcid, result, status;
2680 struct sock *sk;
2681 u8 req[128];
2682
2683 scid = __le16_to_cpu(rsp->scid);
2684 dcid = __le16_to_cpu(rsp->dcid);
2685 result = __le16_to_cpu(rsp->result);
2686 status = __le16_to_cpu(rsp->status);
2687
2688 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2689
2690 if (scid) {
2691 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2692 if (!sk)
2693 return 0;
2694 } else {
2695 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2696 if (!sk)
2697 return 0;
2698 }
2699
2700 switch (result) {
2701 case L2CAP_CR_SUCCESS:
2702 sk->sk_state = BT_CONFIG;
2703 l2cap_pi(sk)->ident = 0;
2704 l2cap_pi(sk)->dcid = dcid;
2705 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2706
2707 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2708
2709 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2710 l2cap_build_conf_req(sk, req), req);
2711 l2cap_pi(sk)->num_conf_req++;
2712 break;
2713
2714 case L2CAP_CR_PEND:
2715 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2716 break;
2717
2718 default:
2719 l2cap_chan_del(sk, ECONNREFUSED);
2720 break;
2721 }
2722
2723 bh_unlock_sock(sk);
2724 return 0;
2725}
2726
2727static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2728{
2729 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2730 u16 dcid, flags;
2731 u8 rsp[64];
2732 struct sock *sk;
2733 int len;
2734
2735 dcid = __le16_to_cpu(req->dcid);
2736 flags = __le16_to_cpu(req->flags);
2737
2738 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2739
2740 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2741 if (!sk)
2742 return -ENOENT;
2743
2744 if (sk->sk_state == BT_DISCONN)
2745 goto unlock;
2746
2747
2748 len = cmd_len - sizeof(*req);
2749 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2750 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2751 l2cap_build_conf_rsp(sk, rsp,
2752 L2CAP_CONF_REJECT, flags), rsp);
2753 goto unlock;
2754 }
2755
2756
2757 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2758 l2cap_pi(sk)->conf_len += len;
2759
2760 if (flags & 0x0001) {
2761
2762 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2763 l2cap_build_conf_rsp(sk, rsp,
2764 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2765 goto unlock;
2766 }
2767
2768
2769 len = l2cap_parse_conf_req(sk, rsp);
2770 if (len < 0) {
2771 l2cap_send_disconn_req(conn, sk);
2772 goto unlock;
2773 }
2774
2775 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2776 l2cap_pi(sk)->num_conf_rsp++;
2777
2778
2779 l2cap_pi(sk)->conf_len = 0;
2780
2781 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2782 goto unlock;
2783
2784 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2785 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2786 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2787 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2788
2789 sk->sk_state = BT_CONNECTED;
2790
2791 l2cap_pi(sk)->next_tx_seq = 0;
2792 l2cap_pi(sk)->expected_tx_seq = 0;
2793 __skb_queue_head_init(TX_QUEUE(sk));
2794 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2795 l2cap_ertm_init(sk);
2796
2797 l2cap_chan_ready(sk);
2798 goto unlock;
2799 }
2800
2801 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2802 u8 buf[64];
2803 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2804 l2cap_build_conf_req(sk, buf), buf);
2805 l2cap_pi(sk)->num_conf_req++;
2806 }
2807
2808unlock:
2809 bh_unlock_sock(sk);
2810 return 0;
2811}
2812
2813static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2814{
2815 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2816 u16 scid, flags, result;
2817 struct sock *sk;
2818
2819 scid = __le16_to_cpu(rsp->scid);
2820 flags = __le16_to_cpu(rsp->flags);
2821 result = __le16_to_cpu(rsp->result);
2822
2823 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2824 scid, flags, result);
2825
2826 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2827 if (!sk)
2828 return 0;
2829
2830 switch (result) {
2831 case L2CAP_CONF_SUCCESS:
2832 break;
2833
2834 case L2CAP_CONF_UNACCEPT:
2835 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2836 int len = cmd->len - sizeof(*rsp);
2837 char req[64];
2838
2839 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2840 l2cap_send_disconn_req(conn, sk);
2841 goto done;
2842 }
2843
2844
2845 result = L2CAP_CONF_SUCCESS;
2846 len = l2cap_parse_conf_rsp(sk, rsp->data,
2847 len, req, &result);
2848 if (len < 0) {
2849 l2cap_send_disconn_req(conn, sk);
2850 goto done;
2851 }
2852
2853 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2854 L2CAP_CONF_REQ, len, req);
2855 l2cap_pi(sk)->num_conf_req++;
2856 if (result != L2CAP_CONF_SUCCESS)
2857 goto done;
2858 break;
2859 }
2860
2861 default:
2862 sk->sk_state = BT_DISCONN;
2863 sk->sk_err = ECONNRESET;
2864 l2cap_sock_set_timer(sk, HZ * 5);
2865 l2cap_send_disconn_req(conn, sk);
2866 goto done;
2867 }
2868
2869 if (flags & 0x01)
2870 goto done;
2871
2872 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2873
2874 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2875 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2876 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2877 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2878
2879 sk->sk_state = BT_CONNECTED;
2880 l2cap_pi(sk)->next_tx_seq = 0;
2881 l2cap_pi(sk)->expected_tx_seq = 0;
2882 __skb_queue_head_init(TX_QUEUE(sk));
2883 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2884 l2cap_ertm_init(sk);
2885
2886 l2cap_chan_ready(sk);
2887 }
2888
2889done:
2890 bh_unlock_sock(sk);
2891 return 0;
2892}
2893
2894static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2895{
2896 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2897 struct l2cap_disconn_rsp rsp;
2898 u16 dcid, scid;
2899 struct sock *sk;
2900
2901 scid = __le16_to_cpu(req->scid);
2902 dcid = __le16_to_cpu(req->dcid);
2903
2904 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2905
2906 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2907 if (!sk)
2908 return 0;
2909
2910 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2911 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2912 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2913
2914 sk->sk_shutdown = SHUTDOWN_MASK;
2915
2916 skb_queue_purge(TX_QUEUE(sk));
2917
2918 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2919 skb_queue_purge(SREJ_QUEUE(sk));
2920 del_timer(&l2cap_pi(sk)->retrans_timer);
2921 del_timer(&l2cap_pi(sk)->monitor_timer);
2922 }
2923
2924 l2cap_chan_del(sk, ECONNRESET);
2925 bh_unlock_sock(sk);
2926
2927 l2cap_sock_kill(sk);
2928 return 0;
2929}
2930
2931static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2932{
2933 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2934 u16 dcid, scid;
2935 struct sock *sk;
2936
2937 scid = __le16_to_cpu(rsp->scid);
2938 dcid = __le16_to_cpu(rsp->dcid);
2939
2940 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2941
2942 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2943 if (!sk)
2944 return 0;
2945
2946 skb_queue_purge(TX_QUEUE(sk));
2947
2948 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2949 skb_queue_purge(SREJ_QUEUE(sk));
2950 del_timer(&l2cap_pi(sk)->retrans_timer);
2951 del_timer(&l2cap_pi(sk)->monitor_timer);
2952 }
2953
2954 l2cap_chan_del(sk, 0);
2955 bh_unlock_sock(sk);
2956
2957 l2cap_sock_kill(sk);
2958 return 0;
2959}
2960
2961static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2962{
2963 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2964 u16 type;
2965
2966 type = __le16_to_cpu(req->type);
2967
2968 BT_DBG("type 0x%4.4x", type);
2969
2970 if (type == L2CAP_IT_FEAT_MASK) {
2971 u8 buf[8];
2972 u32 feat_mask = l2cap_feat_mask;
2973 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2974 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2975 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2976 if (enable_ertm)
2977 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2978 | L2CAP_FEAT_FCS;
2979 put_unaligned_le32(feat_mask, rsp->data);
2980 l2cap_send_cmd(conn, cmd->ident,
2981 L2CAP_INFO_RSP, sizeof(buf), buf);
2982 } else if (type == L2CAP_IT_FIXED_CHAN) {
2983 u8 buf[12];
2984 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2985 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2986 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2987 memcpy(buf + 4, l2cap_fixed_chan, 8);
2988 l2cap_send_cmd(conn, cmd->ident,
2989 L2CAP_INFO_RSP, sizeof(buf), buf);
2990 } else {
2991 struct l2cap_info_rsp rsp;
2992 rsp.type = cpu_to_le16(type);
2993 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2994 l2cap_send_cmd(conn, cmd->ident,
2995 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2996 }
2997
2998 return 0;
2999}
3000
3001static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3002{
3003 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3004 u16 type, result;
3005
3006 type = __le16_to_cpu(rsp->type);
3007 result = __le16_to_cpu(rsp->result);
3008
3009 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3010
3011 del_timer(&conn->info_timer);
3012
3013 if (type == L2CAP_IT_FEAT_MASK) {
3014 conn->feat_mask = get_unaligned_le32(rsp->data);
3015
3016 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3017 struct l2cap_info_req req;
3018 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3019
3020 conn->info_ident = l2cap_get_ident(conn);
3021
3022 l2cap_send_cmd(conn, conn->info_ident,
3023 L2CAP_INFO_REQ, sizeof(req), &req);
3024 } else {
3025 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3026 conn->info_ident = 0;
3027
3028 l2cap_conn_start(conn);
3029 }
3030 } else if (type == L2CAP_IT_FIXED_CHAN) {
3031 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3032 conn->info_ident = 0;
3033
3034 l2cap_conn_start(conn);
3035 }
3036
3037 return 0;
3038}
3039
3040static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3041{
3042 u8 *data = skb->data;
3043 int len = skb->len;
3044 struct l2cap_cmd_hdr cmd;
3045 int err = 0;
3046
3047 l2cap_raw_recv(conn, skb);
3048
3049 while (len >= L2CAP_CMD_HDR_SIZE) {
3050 u16 cmd_len;
3051 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3052 data += L2CAP_CMD_HDR_SIZE;
3053 len -= L2CAP_CMD_HDR_SIZE;
3054
3055 cmd_len = le16_to_cpu(cmd.len);
3056
3057 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3058
3059 if (cmd_len > len || !cmd.ident) {
3060 BT_DBG("corrupted command");
3061 break;
3062 }
3063
3064 switch (cmd.code) {
3065 case L2CAP_COMMAND_REJ:
3066 l2cap_command_rej(conn, &cmd, data);
3067 break;
3068
3069 case L2CAP_CONN_REQ:
3070 err = l2cap_connect_req(conn, &cmd, data);
3071 break;
3072
3073 case L2CAP_CONN_RSP:
3074 err = l2cap_connect_rsp(conn, &cmd, data);
3075 break;
3076
3077 case L2CAP_CONF_REQ:
3078 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3079 break;
3080
3081 case L2CAP_CONF_RSP:
3082 err = l2cap_config_rsp(conn, &cmd, data);
3083 break;
3084
3085 case L2CAP_DISCONN_REQ:
3086 err = l2cap_disconnect_req(conn, &cmd, data);
3087 break;
3088
3089 case L2CAP_DISCONN_RSP:
3090 err = l2cap_disconnect_rsp(conn, &cmd, data);
3091 break;
3092
3093 case L2CAP_ECHO_REQ:
3094 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3095 break;
3096
3097 case L2CAP_ECHO_RSP:
3098 break;
3099
3100 case L2CAP_INFO_REQ:
3101 err = l2cap_information_req(conn, &cmd, data);
3102 break;
3103
3104 case L2CAP_INFO_RSP:
3105 err = l2cap_information_rsp(conn, &cmd, data);
3106 break;
3107
3108 default:
3109 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3110 err = -EINVAL;
3111 break;
3112 }
3113
3114 if (err) {
3115 struct l2cap_cmd_rej rej;
3116 BT_DBG("error %d", err);
3117
3118
3119 rej.reason = cpu_to_le16(0);
3120 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3121 }
3122
3123 data += cmd_len;
3124 len -= cmd_len;
3125 }
3126
3127 kfree_skb(skb);
3128}
3129
3130static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3131{
3132 u16 our_fcs, rcv_fcs;
3133 int hdr_size = L2CAP_HDR_SIZE + 2;
3134
3135 if (pi->fcs == L2CAP_FCS_CRC16) {
3136 skb_trim(skb, skb->len - 2);
3137 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3138 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3139
3140 if (our_fcs != rcv_fcs)
3141 return -EINVAL;
3142 }
3143 return 0;
3144}
3145
3146static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3147{
3148 struct sk_buff *next_skb;
3149
3150 bt_cb(skb)->tx_seq = tx_seq;
3151 bt_cb(skb)->sar = sar;
3152
3153 next_skb = skb_peek(SREJ_QUEUE(sk));
3154 if (!next_skb) {
3155 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3156 return;
3157 }
3158
3159 do {
3160 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3161 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3162 return;
3163 }
3164
3165 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3166 break;
3167
3168 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3169
3170 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3171}
3172
3173static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3174{
3175 struct l2cap_pinfo *pi = l2cap_pi(sk);
3176 struct sk_buff *_skb;
3177 int err = -EINVAL;
3178
3179 switch (control & L2CAP_CTRL_SAR) {
3180 case L2CAP_SDU_UNSEGMENTED:
3181 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3182 kfree_skb(pi->sdu);
3183 break;
3184 }
3185
3186 err = sock_queue_rcv_skb(sk, skb);
3187 if (!err)
3188 return 0;
3189
3190 break;
3191
3192 case L2CAP_SDU_START:
3193 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3194 kfree_skb(pi->sdu);
3195 break;
3196 }
3197
3198 pi->sdu_len = get_unaligned_le16(skb->data);
3199 skb_pull(skb, 2);
3200
3201 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3202 if (!pi->sdu) {
3203 err = -ENOMEM;
3204 break;
3205 }
3206
3207 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3208
3209 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3210 pi->partial_sdu_len = skb->len;
3211 err = 0;
3212 break;
3213
3214 case L2CAP_SDU_CONTINUE:
3215 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3216 break;
3217
3218 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3219
3220 pi->partial_sdu_len += skb->len;
3221 if (pi->partial_sdu_len > pi->sdu_len)
3222 kfree_skb(pi->sdu);
3223 else
3224 err = 0;
3225
3226 break;
3227
3228 case L2CAP_SDU_END:
3229 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3230 break;
3231
3232 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3233
3234 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3235 pi->partial_sdu_len += skb->len;
3236
3237 if (pi->partial_sdu_len == pi->sdu_len) {
3238 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3239 err = sock_queue_rcv_skb(sk, _skb);
3240 if (err < 0)
3241 kfree_skb(_skb);
3242 }
3243 kfree_skb(pi->sdu);
3244 err = 0;
3245
3246 break;
3247 }
3248
3249 kfree_skb(skb);
3250 return err;
3251}
3252
3253static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3254{
3255 struct sk_buff *skb;
3256 u16 control = 0;
3257
3258 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3259 if (bt_cb(skb)->tx_seq != tx_seq)
3260 break;
3261
3262 skb = skb_dequeue(SREJ_QUEUE(sk));
3263 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3264 l2cap_sar_reassembly_sdu(sk, skb, control);
3265 l2cap_pi(sk)->buffer_seq_srej =
3266 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3267 tx_seq++;
3268 }
3269}
3270
3271static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3272{
3273 struct l2cap_pinfo *pi = l2cap_pi(sk);
3274 struct srej_list *l, *tmp;
3275 u16 control;
3276
3277 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3278 if (l->tx_seq == tx_seq) {
3279 list_del(&l->list);
3280 kfree(l);
3281 return;
3282 }
3283 control = L2CAP_SUPER_SELECT_REJECT;
3284 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3285 l2cap_send_sframe(pi, control);
3286 list_del(&l->list);
3287 list_add_tail(&l->list, SREJ_LIST(sk));
3288 }
3289}
3290
3291static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3292{
3293 struct l2cap_pinfo *pi = l2cap_pi(sk);
3294 struct srej_list *new;
3295 u16 control;
3296
3297 while (tx_seq != pi->expected_tx_seq) {
3298 control = L2CAP_SUPER_SELECT_REJECT;
3299 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3300 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3301 control |= L2CAP_CTRL_POLL;
3302 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3303 }
3304 l2cap_send_sframe(pi, control);
3305
3306 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3307 new->tx_seq = pi->expected_tx_seq++;
3308 list_add_tail(&new->list, SREJ_LIST(sk));
3309 }
3310 pi->expected_tx_seq++;
3311}
3312
3313static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3314{
3315 struct l2cap_pinfo *pi = l2cap_pi(sk);
3316 u8 tx_seq = __get_txseq(rx_control);
3317 u8 req_seq = __get_reqseq(rx_control);
3318 u16 tx_control = 0;
3319 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3320 int err = 0;
3321
3322 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3323
3324 pi->expected_ack_seq = req_seq;
3325 l2cap_drop_acked_frames(sk);
3326
3327 if (tx_seq == pi->expected_tx_seq)
3328 goto expected;
3329
3330 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3331 struct srej_list *first;
3332
3333 first = list_first_entry(SREJ_LIST(sk),
3334 struct srej_list, list);
3335 if (tx_seq == first->tx_seq) {
3336 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3337 l2cap_check_srej_gap(sk, tx_seq);
3338
3339 list_del(&first->list);
3340 kfree(first);
3341
3342 if (list_empty(SREJ_LIST(sk))) {
3343 pi->buffer_seq = pi->buffer_seq_srej;
3344 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3345 }
3346 } else {
3347 struct srej_list *l;
3348 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3349
3350 list_for_each_entry(l, SREJ_LIST(sk), list) {
3351 if (l->tx_seq == tx_seq) {
3352 l2cap_resend_srejframe(sk, tx_seq);
3353 return 0;
3354 }
3355 }
3356 l2cap_send_srejframe(sk, tx_seq);
3357 }
3358 } else {
3359 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3360
3361 INIT_LIST_HEAD(SREJ_LIST(sk));
3362 pi->buffer_seq_srej = pi->buffer_seq;
3363
3364 __skb_queue_head_init(SREJ_QUEUE(sk));
3365 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3366
3367 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3368
3369 l2cap_send_srejframe(sk, tx_seq);
3370 }
3371 return 0;
3372
3373expected:
3374 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3375
3376 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3377 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3378 return 0;
3379 }
3380
3381 if (rx_control & L2CAP_CTRL_FINAL) {
3382 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3383 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3384 else {
3385 sk->sk_send_head = TX_QUEUE(sk)->next;
3386 pi->next_tx_seq = pi->expected_ack_seq;
3387 l2cap_ertm_send(sk);
3388 }
3389 }
3390
3391 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3392
3393 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3394 if (err < 0)
3395 return err;
3396
3397 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3398 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) {
3399 tx_control |= L2CAP_SUPER_RCV_READY;
3400 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3401 l2cap_send_sframe(pi, tx_control);
3402 }
3403 return 0;
3404}
3405
3406static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3407{
3408 struct l2cap_pinfo *pi = l2cap_pi(sk);
3409 u8 tx_seq = __get_reqseq(rx_control);
3410
3411 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3412
3413 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3414 case L2CAP_SUPER_RCV_READY:
3415 if (rx_control & L2CAP_CTRL_POLL) {
3416 u16 control = L2CAP_CTRL_FINAL;
3417 control |= L2CAP_SUPER_RCV_READY |
3418 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3419 l2cap_send_sframe(l2cap_pi(sk), control);
3420 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3421
3422 } else if (rx_control & L2CAP_CTRL_FINAL) {
3423 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3424 pi->expected_ack_seq = tx_seq;
3425 l2cap_drop_acked_frames(sk);
3426
3427 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3428 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3429 else {
3430 sk->sk_send_head = TX_QUEUE(sk)->next;
3431 pi->next_tx_seq = pi->expected_ack_seq;
3432 l2cap_ertm_send(sk);
3433 }
3434
3435 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3436 break;
3437
3438 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3439 del_timer(&pi->monitor_timer);
3440
3441 if (pi->unacked_frames > 0)
3442 __mod_retrans_timer();
3443 } else {
3444 pi->expected_ack_seq = tx_seq;
3445 l2cap_drop_acked_frames(sk);
3446
3447 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3448 (pi->unacked_frames > 0))
3449 __mod_retrans_timer();
3450
3451 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3452 l2cap_ertm_send(sk);
3453 }
3454 break;
3455
3456 case L2CAP_SUPER_REJECT:
3457 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3458
3459 pi->expected_ack_seq = __get_reqseq(rx_control);
3460 l2cap_drop_acked_frames(sk);
3461
3462 if (rx_control & L2CAP_CTRL_FINAL) {
3463 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3464 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3465 else {
3466 sk->sk_send_head = TX_QUEUE(sk)->next;
3467 pi->next_tx_seq = pi->expected_ack_seq;
3468 l2cap_ertm_send(sk);
3469 }
3470 } else {
3471 sk->sk_send_head = TX_QUEUE(sk)->next;
3472 pi->next_tx_seq = pi->expected_ack_seq;
3473 l2cap_ertm_send(sk);
3474
3475 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3476 pi->srej_save_reqseq = tx_seq;
3477 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3478 }
3479 }
3480
3481 break;
3482
3483 case L2CAP_SUPER_SELECT_REJECT:
3484 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3485
3486 if (rx_control & L2CAP_CTRL_POLL) {
3487 pi->expected_ack_seq = tx_seq;
3488 l2cap_drop_acked_frames(sk);
3489 l2cap_retransmit_frame(sk, tx_seq);
3490 l2cap_ertm_send(sk);
3491 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3492 pi->srej_save_reqseq = tx_seq;
3493 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3494 }
3495 } else if (rx_control & L2CAP_CTRL_FINAL) {
3496 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3497 pi->srej_save_reqseq == tx_seq)
3498 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3499 else
3500 l2cap_retransmit_frame(sk, tx_seq);
3501 }
3502 else {
3503 l2cap_retransmit_frame(sk, tx_seq);
3504 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3505 pi->srej_save_reqseq = tx_seq;
3506 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3507 }
3508 }
3509 break;
3510
3511 case L2CAP_SUPER_RCV_NOT_READY:
3512 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3513 pi->expected_ack_seq = tx_seq;
3514 l2cap_drop_acked_frames(sk);
3515
3516 del_timer(&l2cap_pi(sk)->retrans_timer);
3517 if (rx_control & L2CAP_CTRL_POLL) {
3518 u16 control = L2CAP_CTRL_FINAL;
3519 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3520 }
3521 break;
3522 }
3523
3524 return 0;
3525}
3526
3527static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3528{
3529 struct sock *sk;
3530 struct l2cap_pinfo *pi;
3531 u16 control, len;
3532 u8 tx_seq;
3533
3534 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3535 if (!sk) {
3536 BT_DBG("unknown cid 0x%4.4x", cid);
3537 goto drop;
3538 }
3539
3540 pi = l2cap_pi(sk);
3541
3542 BT_DBG("sk %p, len %d", sk, skb->len);
3543
3544 if (sk->sk_state != BT_CONNECTED)
3545 goto drop;
3546
3547 switch (pi->mode) {
3548 case L2CAP_MODE_BASIC:
3549
3550
3551
3552
3553
3554 if (pi->imtu < skb->len)
3555 goto drop;
3556
3557 if (!sock_queue_rcv_skb(sk, skb))
3558 goto done;
3559 break;
3560
3561 case L2CAP_MODE_ERTM:
3562 control = get_unaligned_le16(skb->data);
3563 skb_pull(skb, 2);
3564 len = skb->len;
3565
3566 if (__is_sar_start(control))
3567 len -= 2;
3568
3569 if (pi->fcs == L2CAP_FCS_CRC16)
3570 len -= 2;
3571
3572
3573
3574
3575
3576
3577 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3578 goto drop;
3579
3580 if (l2cap_check_fcs(pi, skb))
3581 goto drop;
3582
3583 if (__is_iframe(control))
3584 l2cap_data_channel_iframe(sk, control, skb);
3585 else
3586 l2cap_data_channel_sframe(sk, control, skb);
3587
3588 goto done;
3589
3590 case L2CAP_MODE_STREAMING:
3591 control = get_unaligned_le16(skb->data);
3592 skb_pull(skb, 2);
3593 len = skb->len;
3594
3595 if (__is_sar_start(control))
3596 len -= 2;
3597
3598 if (pi->fcs == L2CAP_FCS_CRC16)
3599 len -= 2;
3600
3601 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control))
3602 goto drop;
3603
3604 if (l2cap_check_fcs(pi, skb))
3605 goto drop;
3606
3607 tx_seq = __get_txseq(control);
3608
3609 if (pi->expected_tx_seq == tx_seq)
3610 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3611 else
3612 pi->expected_tx_seq = tx_seq + 1;
3613
3614 l2cap_sar_reassembly_sdu(sk, skb, control);
3615
3616 goto done;
3617
3618 default:
3619 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode);
3620 break;
3621 }
3622
3623drop:
3624 kfree_skb(skb);
3625
3626done:
3627 if (sk)
3628 bh_unlock_sock(sk);
3629
3630 return 0;
3631}
3632
3633static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3634{
3635 struct sock *sk;
3636
3637 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3638 if (!sk)
3639 goto drop;
3640
3641 BT_DBG("sk %p, len %d", sk, skb->len);
3642
3643 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3644 goto drop;
3645
3646 if (l2cap_pi(sk)->imtu < skb->len)
3647 goto drop;
3648
3649 if (!sock_queue_rcv_skb(sk, skb))
3650 goto done;
3651
3652drop:
3653 kfree_skb(skb);
3654
3655done:
3656 if (sk)
3657 bh_unlock_sock(sk);
3658 return 0;
3659}
3660
3661static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3662{
3663 struct l2cap_hdr *lh = (void *) skb->data;
3664 u16 cid, len;
3665 __le16 psm;
3666
3667 skb_pull(skb, L2CAP_HDR_SIZE);
3668 cid = __le16_to_cpu(lh->cid);
3669 len = __le16_to_cpu(lh->len);
3670
3671 if (len != skb->len) {
3672 kfree_skb(skb);
3673 return;
3674 }
3675
3676 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3677
3678 switch (cid) {
3679 case L2CAP_CID_SIGNALING:
3680 l2cap_sig_channel(conn, skb);
3681 break;
3682
3683 case L2CAP_CID_CONN_LESS:
3684 psm = get_unaligned_le16(skb->data);
3685 skb_pull(skb, 2);
3686 l2cap_conless_channel(conn, psm, skb);
3687 break;
3688
3689 default:
3690 l2cap_data_channel(conn, cid, skb);
3691 break;
3692 }
3693}
3694
3695
3696
3697static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3698{
3699 int exact = 0, lm1 = 0, lm2 = 0;
3700 register struct sock *sk;
3701 struct hlist_node *node;
3702
3703 if (type != ACL_LINK)
3704 return 0;
3705
3706 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3707
3708
3709 read_lock(&l2cap_sk_list.lock);
3710 sk_for_each(sk, node, &l2cap_sk_list.head) {
3711 if (sk->sk_state != BT_LISTEN)
3712 continue;
3713
3714 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3715 lm1 |= HCI_LM_ACCEPT;
3716 if (l2cap_pi(sk)->role_switch)
3717 lm1 |= HCI_LM_MASTER;
3718 exact++;
3719 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3720 lm2 |= HCI_LM_ACCEPT;
3721 if (l2cap_pi(sk)->role_switch)
3722 lm2 |= HCI_LM_MASTER;
3723 }
3724 }
3725 read_unlock(&l2cap_sk_list.lock);
3726
3727 return exact ? lm1 : lm2;
3728}
3729
3730static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3731{
3732 struct l2cap_conn *conn;
3733
3734 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3735
3736 if (hcon->type != ACL_LINK)
3737 return 0;
3738
3739 if (!status) {
3740 conn = l2cap_conn_add(hcon, status);
3741 if (conn)
3742 l2cap_conn_ready(conn);
3743 } else
3744 l2cap_conn_del(hcon, bt_err(status));
3745
3746 return 0;
3747}
3748
3749static int l2cap_disconn_ind(struct hci_conn *hcon)
3750{
3751 struct l2cap_conn *conn = hcon->l2cap_data;
3752
3753 BT_DBG("hcon %p", hcon);
3754
3755 if (hcon->type != ACL_LINK || !conn)
3756 return 0x13;
3757
3758 return conn->disc_reason;
3759}
3760
3761static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3762{
3763 BT_DBG("hcon %p reason %d", hcon, reason);
3764
3765 if (hcon->type != ACL_LINK)
3766 return 0;
3767
3768 l2cap_conn_del(hcon, bt_err(reason));
3769
3770 return 0;
3771}
3772
3773static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3774{
3775 if (sk->sk_type != SOCK_SEQPACKET)
3776 return;
3777
3778 if (encrypt == 0x00) {
3779 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3780 l2cap_sock_clear_timer(sk);
3781 l2cap_sock_set_timer(sk, HZ * 5);
3782 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3783 __l2cap_sock_close(sk, ECONNREFUSED);
3784 } else {
3785 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3786 l2cap_sock_clear_timer(sk);
3787 }
3788}
3789
3790static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3791{
3792 struct l2cap_chan_list *l;
3793 struct l2cap_conn *conn = hcon->l2cap_data;
3794 struct sock *sk;
3795
3796 if (!conn)
3797 return 0;
3798
3799 l = &conn->chan_list;
3800
3801 BT_DBG("conn %p", conn);
3802
3803 read_lock(&l->lock);
3804
3805 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3806 bh_lock_sock(sk);
3807
3808 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3809 bh_unlock_sock(sk);
3810 continue;
3811 }
3812
3813 if (!status && (sk->sk_state == BT_CONNECTED ||
3814 sk->sk_state == BT_CONFIG)) {
3815 l2cap_check_encryption(sk, encrypt);
3816 bh_unlock_sock(sk);
3817 continue;
3818 }
3819
3820 if (sk->sk_state == BT_CONNECT) {
3821 if (!status) {
3822 struct l2cap_conn_req req;
3823 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3824 req.psm = l2cap_pi(sk)->psm;
3825
3826 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
3827
3828 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3829 L2CAP_CONN_REQ, sizeof(req), &req);
3830 } else {
3831 l2cap_sock_clear_timer(sk);
3832 l2cap_sock_set_timer(sk, HZ / 10);
3833 }
3834 } else if (sk->sk_state == BT_CONNECT2) {
3835 struct l2cap_conn_rsp rsp;
3836 __u16 result;
3837
3838 if (!status) {
3839 sk->sk_state = BT_CONFIG;
3840 result = L2CAP_CR_SUCCESS;
3841 } else {
3842 sk->sk_state = BT_DISCONN;
3843 l2cap_sock_set_timer(sk, HZ / 10);
3844 result = L2CAP_CR_SEC_BLOCK;
3845 }
3846
3847 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3848 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3849 rsp.result = cpu_to_le16(result);
3850 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3851 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3852 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3853 }
3854
3855 bh_unlock_sock(sk);
3856 }
3857
3858 read_unlock(&l->lock);
3859
3860 return 0;
3861}
3862
3863static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3864{
3865 struct l2cap_conn *conn = hcon->l2cap_data;
3866
3867 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
3868 goto drop;
3869
3870 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3871
3872 if (flags & ACL_START) {
3873 struct l2cap_hdr *hdr;
3874 int len;
3875
3876 if (conn->rx_len) {
3877 BT_ERR("Unexpected start frame (len %d)", skb->len);
3878 kfree_skb(conn->rx_skb);
3879 conn->rx_skb = NULL;
3880 conn->rx_len = 0;
3881 l2cap_conn_unreliable(conn, ECOMM);
3882 }
3883
3884 if (skb->len < 2) {
3885 BT_ERR("Frame is too short (len %d)", skb->len);
3886 l2cap_conn_unreliable(conn, ECOMM);
3887 goto drop;
3888 }
3889
3890 hdr = (struct l2cap_hdr *) skb->data;
3891 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
3892
3893 if (len == skb->len) {
3894
3895 l2cap_recv_frame(conn, skb);
3896 return 0;
3897 }
3898
3899 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
3900
3901 if (skb->len > len) {
3902 BT_ERR("Frame is too long (len %d, expected len %d)",
3903 skb->len, len);
3904 l2cap_conn_unreliable(conn, ECOMM);
3905 goto drop;
3906 }
3907
3908
3909 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
3910 if (!conn->rx_skb)
3911 goto drop;
3912
3913 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3914 skb->len);
3915 conn->rx_len = len - skb->len;
3916 } else {
3917 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
3918
3919 if (!conn->rx_len) {
3920 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
3921 l2cap_conn_unreliable(conn, ECOMM);
3922 goto drop;
3923 }
3924
3925 if (skb->len > conn->rx_len) {
3926 BT_ERR("Fragment is too long (len %d, expected %d)",
3927 skb->len, conn->rx_len);
3928 kfree_skb(conn->rx_skb);
3929 conn->rx_skb = NULL;
3930 conn->rx_len = 0;
3931 l2cap_conn_unreliable(conn, ECOMM);
3932 goto drop;
3933 }
3934
3935 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3936 skb->len);
3937 conn->rx_len -= skb->len;
3938
3939 if (!conn->rx_len) {
3940
3941 l2cap_recv_frame(conn, conn->rx_skb);
3942 conn->rx_skb = NULL;
3943 }
3944 }
3945
3946drop:
3947 kfree_skb(skb);
3948 return 0;
3949}
3950
3951static int l2cap_debugfs_show(struct seq_file *f, void *p)
3952{
3953 struct sock *sk;
3954 struct hlist_node *node;
3955
3956 read_lock_bh(&l2cap_sk_list.lock);
3957
3958 sk_for_each(sk, node, &l2cap_sk_list.head) {
3959 struct l2cap_pinfo *pi = l2cap_pi(sk);
3960
3961 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
3962 batostr(&bt_sk(sk)->src),
3963 batostr(&bt_sk(sk)->dst),
3964 sk->sk_state, __le16_to_cpu(pi->psm),
3965 pi->scid, pi->dcid,
3966 pi->imtu, pi->omtu, pi->sec_level);
3967 }
3968
3969 read_unlock_bh(&l2cap_sk_list.lock);
3970
3971 return 0;
3972}
3973
3974static int l2cap_debugfs_open(struct inode *inode, struct file *file)
3975{
3976 return single_open(file, l2cap_debugfs_show, inode->i_private);
3977}
3978
3979static const struct file_operations l2cap_debugfs_fops = {
3980 .open = l2cap_debugfs_open,
3981 .read = seq_read,
3982 .llseek = seq_lseek,
3983 .release = single_release,
3984};
3985
3986static struct dentry *l2cap_debugfs;
3987
3988static const struct proto_ops l2cap_sock_ops = {
3989 .family = PF_BLUETOOTH,
3990 .owner = THIS_MODULE,
3991 .release = l2cap_sock_release,
3992 .bind = l2cap_sock_bind,
3993 .connect = l2cap_sock_connect,
3994 .listen = l2cap_sock_listen,
3995 .accept = l2cap_sock_accept,
3996 .getname = l2cap_sock_getname,
3997 .sendmsg = l2cap_sock_sendmsg,
3998 .recvmsg = l2cap_sock_recvmsg,
3999 .poll = bt_sock_poll,
4000 .ioctl = bt_sock_ioctl,
4001 .mmap = sock_no_mmap,
4002 .socketpair = sock_no_socketpair,
4003 .shutdown = l2cap_sock_shutdown,
4004 .setsockopt = l2cap_sock_setsockopt,
4005 .getsockopt = l2cap_sock_getsockopt
4006};
4007
4008static const struct net_proto_family l2cap_sock_family_ops = {
4009 .family = PF_BLUETOOTH,
4010 .owner = THIS_MODULE,
4011 .create = l2cap_sock_create,
4012};
4013
4014static struct hci_proto l2cap_hci_proto = {
4015 .name = "L2CAP",
4016 .id = HCI_PROTO_L2CAP,
4017 .connect_ind = l2cap_connect_ind,
4018 .connect_cfm = l2cap_connect_cfm,
4019 .disconn_ind = l2cap_disconn_ind,
4020 .disconn_cfm = l2cap_disconn_cfm,
4021 .security_cfm = l2cap_security_cfm,
4022 .recv_acldata = l2cap_recv_acldata
4023};
4024
4025static int __init l2cap_init(void)
4026{
4027 int err;
4028
4029 err = proto_register(&l2cap_proto, 0);
4030 if (err < 0)
4031 return err;
4032
4033 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4034 if (err < 0) {
4035 BT_ERR("L2CAP socket registration failed");
4036 goto error;
4037 }
4038
4039 err = hci_register_proto(&l2cap_hci_proto);
4040 if (err < 0) {
4041 BT_ERR("L2CAP protocol registration failed");
4042 bt_sock_unregister(BTPROTO_L2CAP);
4043 goto error;
4044 }
4045
4046 if (bt_debugfs) {
4047 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4048 bt_debugfs, NULL, &l2cap_debugfs_fops);
4049 if (!l2cap_debugfs)
4050 BT_ERR("Failed to create L2CAP debug file");
4051 }
4052
4053 BT_INFO("L2CAP ver %s", VERSION);
4054 BT_INFO("L2CAP socket layer initialized");
4055
4056 return 0;
4057
4058error:
4059 proto_unregister(&l2cap_proto);
4060 return err;
4061}
4062
4063static void __exit l2cap_exit(void)
4064{
4065 debugfs_remove(l2cap_debugfs);
4066
4067 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4068 BT_ERR("L2CAP socket unregistration failed");
4069
4070 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4071 BT_ERR("L2CAP protocol unregistration failed");
4072
4073 proto_unregister(&l2cap_proto);
4074}
4075
4076void l2cap_load(void)
4077{
4078
4079
4080
4081 return;
4082}
4083EXPORT_SYMBOL(l2cap_load);
4084
4085module_init(l2cap_init);
4086module_exit(l2cap_exit);
4087
4088module_param(enable_ertm, bool, 0644);
4089MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4090
4091module_param(max_transmit, uint, 0644);
4092MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4093
4094MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4095MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4096MODULE_VERSION(VERSION);
4097MODULE_LICENSE("GPL");
4098MODULE_ALIAS("bt-proto-0");
4099
