Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 255c76014af74165428e7aa16414b857e2bdccf2

Authored by Marcel Holtmann
1 parent 43c2e57f94
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

Bluetooth: Don't check encryption for L2CAP raw sockets 

For L2CAP sockets with medium and high security requirement a missing
encryption will enforce the closing of the link. For the L2CAP raw
sockets this is not needed, so skip that check.

This fixes a crash when pairing Bluetooth 2.0 (and earlier) devices
since the L2CAP state machine got confused and then locked up the whole
system.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Showing 1 changed file with 3 additions and 0 deletions Inline Diff

net/bluetooth/l2cap.c
Diff comments   View file @ 255c760
1 /* 1 /*
2 BlueZ - Bluetooth protocol stack for Linux 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated 3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 6
7 This program is free software; you can redistribute it and/or modify 7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as 8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation; 9 published by the Free Software Foundation;
10 10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED. 22 SOFTWARE IS DISCLAIMED.
23 */ 23 */
24 24
25 /* Bluetooth L2CAP core and sockets. */ 25 /* Bluetooth L2CAP core and sockets. */
26 26
27 #include <linux/module.h> 27 #include <linux/module.h>
28 28
29 #include <linux/types.h> 29 #include <linux/types.h>
30 #include <linux/capability.h> 30 #include <linux/capability.h>
31 #include <linux/errno.h> 31 #include <linux/errno.h>
32 #include <linux/kernel.h> 32 #include <linux/kernel.h>
33 #include <linux/sched.h> 33 #include <linux/sched.h>
34 #include <linux/slab.h> 34 #include <linux/slab.h>
35 #include <linux/poll.h> 35 #include <linux/poll.h>
36 #include <linux/fcntl.h> 36 #include <linux/fcntl.h>
37 #include <linux/init.h> 37 #include <linux/init.h>
38 #include <linux/interrupt.h> 38 #include <linux/interrupt.h>
39 #include <linux/socket.h> 39 #include <linux/socket.h>
40 #include <linux/skbuff.h> 40 #include <linux/skbuff.h>
41 #include <linux/list.h> 41 #include <linux/list.h>
42 #include <linux/device.h> 42 #include <linux/device.h>
43 #include <net/sock.h> 43 #include <net/sock.h>
44 44
45 #include <asm/system.h> 45 #include <asm/system.h>
46 #include <asm/uaccess.h> 46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h> 47 #include <asm/unaligned.h>
48 48
49 #include <net/bluetooth/bluetooth.h> 49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h> 50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h> 51 #include <net/bluetooth/l2cap.h>
52 52
53 #define VERSION "2.12" 53 #define VERSION "2.12"
54 54
55 static u32 l2cap_feat_mask = 0x0000; 55 static u32 l2cap_feat_mask = 0x0000;
56 56
57 static const struct proto_ops l2cap_sock_ops; 57 static const struct proto_ops l2cap_sock_ops;
58 58
59 static struct bt_sock_list l2cap_sk_list = { 59 static struct bt_sock_list l2cap_sk_list = {
60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 60 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
61 }; 61 };
62 62
63 static void __l2cap_sock_close(struct sock *sk, int reason); 63 static void __l2cap_sock_close(struct sock *sk, int reason);
64 static void l2cap_sock_close(struct sock *sk); 64 static void l2cap_sock_close(struct sock *sk);
65 static void l2cap_sock_kill(struct sock *sk); 65 static void l2cap_sock_kill(struct sock *sk);
66 66
67 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 67 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data); 68 u8 code, u8 ident, u16 dlen, void *data);
69 69
70 /* ---- L2CAP timers ---- */ 70 /* ---- L2CAP timers ---- */
71 static void l2cap_sock_timeout(unsigned long arg) 71 static void l2cap_sock_timeout(unsigned long arg)
72 { 72 {
73 struct sock *sk = (struct sock *) arg; 73 struct sock *sk = (struct sock *) arg;
74 int reason; 74 int reason;
75 75
76 BT_DBG("sock %p state %d", sk, sk->sk_state); 76 BT_DBG("sock %p state %d", sk, sk->sk_state);
77 77
78 bh_lock_sock(sk); 78 bh_lock_sock(sk);
79 79
80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) 80 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
81 reason = ECONNREFUSED; 81 reason = ECONNREFUSED;
82 else if (sk->sk_state == BT_CONNECT && 82 else if (sk->sk_state == BT_CONNECT &&
83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP) 83 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
84 reason = ECONNREFUSED; 84 reason = ECONNREFUSED;
85 else 85 else
86 reason = ETIMEDOUT; 86 reason = ETIMEDOUT;
87 87
88 __l2cap_sock_close(sk, reason); 88 __l2cap_sock_close(sk, reason);
89 89
90 bh_unlock_sock(sk); 90 bh_unlock_sock(sk);
91 91
92 l2cap_sock_kill(sk); 92 l2cap_sock_kill(sk);
93 sock_put(sk); 93 sock_put(sk);
94 } 94 }
95 95
96 static void l2cap_sock_set_timer(struct sock *sk, long timeout) 96 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
97 { 97 {
98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); 98 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 99 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
100 } 100 }
101 101
102 static void l2cap_sock_clear_timer(struct sock *sk) 102 static void l2cap_sock_clear_timer(struct sock *sk)
103 { 103 {
104 BT_DBG("sock %p state %d", sk, sk->sk_state); 104 BT_DBG("sock %p state %d", sk, sk->sk_state);
105 sk_stop_timer(sk, &sk->sk_timer); 105 sk_stop_timer(sk, &sk->sk_timer);
106 } 106 }
107 107
108 /* ---- L2CAP channels ---- */ 108 /* ---- L2CAP channels ---- */
109 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 109 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
110 { 110 {
111 struct sock *s; 111 struct sock *s;
112 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 112 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
113 if (l2cap_pi(s)->dcid == cid) 113 if (l2cap_pi(s)->dcid == cid)
114 break; 114 break;
115 } 115 }
116 return s; 116 return s;
117 } 117 }
118 118
119 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 119 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
120 { 120 {
121 struct sock *s; 121 struct sock *s;
122 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 122 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
123 if (l2cap_pi(s)->scid == cid) 123 if (l2cap_pi(s)->scid == cid)
124 break; 124 break;
125 } 125 }
126 return s; 126 return s;
127 } 127 }
128 128
129 /* Find channel with given SCID. 129 /* Find channel with given SCID.
130 * Returns locked socket */ 130 * Returns locked socket */
131 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 131 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
132 { 132 {
133 struct sock *s; 133 struct sock *s;
134 read_lock(&l->lock); 134 read_lock(&l->lock);
135 s = __l2cap_get_chan_by_scid(l, cid); 135 s = __l2cap_get_chan_by_scid(l, cid);
136 if (s) bh_lock_sock(s); 136 if (s) bh_lock_sock(s);
137 read_unlock(&l->lock); 137 read_unlock(&l->lock);
138 return s; 138 return s;
139 } 139 }
140 140
141 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 141 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
142 { 142 {
143 struct sock *s; 143 struct sock *s;
144 for (s = l->head; s; s = l2cap_pi(s)->next_c) { 144 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
145 if (l2cap_pi(s)->ident == ident) 145 if (l2cap_pi(s)->ident == ident)
146 break; 146 break;
147 } 147 }
148 return s; 148 return s;
149 } 149 }
150 150
151 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 151 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
152 { 152 {
153 struct sock *s; 153 struct sock *s;
154 read_lock(&l->lock); 154 read_lock(&l->lock);
155 s = __l2cap_get_chan_by_ident(l, ident); 155 s = __l2cap_get_chan_by_ident(l, ident);
156 if (s) bh_lock_sock(s); 156 if (s) bh_lock_sock(s);
157 read_unlock(&l->lock); 157 read_unlock(&l->lock);
158 return s; 158 return s;
159 } 159 }
160 160
161 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 161 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
162 { 162 {
163 u16 cid = 0x0040; 163 u16 cid = 0x0040;
164 164
165 for (; cid < 0xffff; cid++) { 165 for (; cid < 0xffff; cid++) {
166 if(!__l2cap_get_chan_by_scid(l, cid)) 166 if(!__l2cap_get_chan_by_scid(l, cid))
167 return cid; 167 return cid;
168 } 168 }
169 169
170 return 0; 170 return 0;
171 } 171 }
172 172
173 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 173 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
174 { 174 {
175 sock_hold(sk); 175 sock_hold(sk);
176 176
177 if (l->head) 177 if (l->head)
178 l2cap_pi(l->head)->prev_c = sk; 178 l2cap_pi(l->head)->prev_c = sk;
179 179
180 l2cap_pi(sk)->next_c = l->head; 180 l2cap_pi(sk)->next_c = l->head;
181 l2cap_pi(sk)->prev_c = NULL; 181 l2cap_pi(sk)->prev_c = NULL;
182 l->head = sk; 182 l->head = sk;
183 } 183 }
184 184
185 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk) 185 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
186 { 186 {
187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c; 187 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
188 188
189 write_lock_bh(&l->lock); 189 write_lock_bh(&l->lock);
190 if (sk == l->head) 190 if (sk == l->head)
191 l->head = next; 191 l->head = next;
192 192
193 if (next) 193 if (next)
194 l2cap_pi(next)->prev_c = prev; 194 l2cap_pi(next)->prev_c = prev;
195 if (prev) 195 if (prev)
196 l2cap_pi(prev)->next_c = next; 196 l2cap_pi(prev)->next_c = next;
197 write_unlock_bh(&l->lock); 197 write_unlock_bh(&l->lock);
198 198
199 __sock_put(sk); 199 __sock_put(sk);
200 } 200 }
201 201
202 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent) 202 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
203 { 203 {
204 struct l2cap_chan_list *l = &conn->chan_list; 204 struct l2cap_chan_list *l = &conn->chan_list;
205 205
206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 206 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
207 207
208 l2cap_pi(sk)->conn = conn; 208 l2cap_pi(sk)->conn = conn;
209 209
210 if (sk->sk_type == SOCK_SEQPACKET) { 210 if (sk->sk_type == SOCK_SEQPACKET) {
211 /* Alloc CID for connection-oriented socket */ 211 /* Alloc CID for connection-oriented socket */
212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 212 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
213 } else if (sk->sk_type == SOCK_DGRAM) { 213 } else if (sk->sk_type == SOCK_DGRAM) {
214 /* Connectionless socket */ 214 /* Connectionless socket */
215 l2cap_pi(sk)->scid = 0x0002; 215 l2cap_pi(sk)->scid = 0x0002;
216 l2cap_pi(sk)->dcid = 0x0002; 216 l2cap_pi(sk)->dcid = 0x0002;
217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 217 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
218 } else { 218 } else {
219 /* Raw socket can send/recv signalling messages only */ 219 /* Raw socket can send/recv signalling messages only */
220 l2cap_pi(sk)->scid = 0x0001; 220 l2cap_pi(sk)->scid = 0x0001;
221 l2cap_pi(sk)->dcid = 0x0001; 221 l2cap_pi(sk)->dcid = 0x0001;
222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 222 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
223 } 223 }
224 224
225 __l2cap_chan_link(l, sk); 225 __l2cap_chan_link(l, sk);
226 226
227 if (parent) 227 if (parent)
228 bt_accept_enqueue(parent, sk); 228 bt_accept_enqueue(parent, sk);
229 } 229 }
230 230
231 /* Delete channel. 231 /* Delete channel.
232 * Must be called on the locked socket. */ 232 * Must be called on the locked socket. */
233 static void l2cap_chan_del(struct sock *sk, int err) 233 static void l2cap_chan_del(struct sock *sk, int err)
234 { 234 {
235 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 235 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
236 struct sock *parent = bt_sk(sk)->parent; 236 struct sock *parent = bt_sk(sk)->parent;
237 237
238 l2cap_sock_clear_timer(sk); 238 l2cap_sock_clear_timer(sk);
239 239
240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 240 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
241 241
242 if (conn) { 242 if (conn) {
243 /* Unlink from channel list */ 243 /* Unlink from channel list */
244 l2cap_chan_unlink(&conn->chan_list, sk); 244 l2cap_chan_unlink(&conn->chan_list, sk);
245 l2cap_pi(sk)->conn = NULL; 245 l2cap_pi(sk)->conn = NULL;
246 hci_conn_put(conn->hcon); 246 hci_conn_put(conn->hcon);
247 } 247 }
248 248
249 sk->sk_state = BT_CLOSED; 249 sk->sk_state = BT_CLOSED;
250 sock_set_flag(sk, SOCK_ZAPPED); 250 sock_set_flag(sk, SOCK_ZAPPED);
251 251
252 if (err) 252 if (err)
253 sk->sk_err = err; 253 sk->sk_err = err;
254 254
255 if (parent) { 255 if (parent) {
256 bt_accept_unlink(sk); 256 bt_accept_unlink(sk);
257 parent->sk_data_ready(parent, 0); 257 parent->sk_data_ready(parent, 0);
258 } else 258 } else
259 sk->sk_state_change(sk); 259 sk->sk_state_change(sk);
260 } 260 }
261 261
262 /* Service level security */ 262 /* Service level security */
263 static inline int l2cap_check_security(struct sock *sk) 263 static inline int l2cap_check_security(struct sock *sk)
264 { 264 {
265 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
266 266
267 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level); 267 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level);
268 } 268 }
269 269
270 static inline u8 l2cap_get_ident(struct l2cap_conn *conn) 270 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
271 { 271 {
272 u8 id; 272 u8 id;
273 273
274 /* Get next available identificator. 274 /* Get next available identificator.
275 * 1 - 128 are used by kernel. 275 * 1 - 128 are used by kernel.
276 * 129 - 199 are reserved. 276 * 129 - 199 are reserved.
277 * 200 - 254 are used by utilities like l2ping, etc. 277 * 200 - 254 are used by utilities like l2ping, etc.
278 */ 278 */
279 279
280 spin_lock_bh(&conn->lock); 280 spin_lock_bh(&conn->lock);
281 281
282 if (++conn->tx_ident > 128) 282 if (++conn->tx_ident > 128)
283 conn->tx_ident = 1; 283 conn->tx_ident = 1;
284 284
285 id = conn->tx_ident; 285 id = conn->tx_ident;
286 286
287 spin_unlock_bh(&conn->lock); 287 spin_unlock_bh(&conn->lock);
288 288
289 return id; 289 return id;
290 } 290 }
291 291
292 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 292 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
293 { 293 {
294 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 294 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
295 295
296 BT_DBG("code 0x%2.2x", code); 296 BT_DBG("code 0x%2.2x", code);
297 297
298 if (!skb) 298 if (!skb)
299 return -ENOMEM; 299 return -ENOMEM;
300 300
301 return hci_send_acl(conn->hcon, skb, 0); 301 return hci_send_acl(conn->hcon, skb, 0);
302 } 302 }
303 303
304 static void l2cap_do_start(struct sock *sk) 304 static void l2cap_do_start(struct sock *sk)
305 { 305 {
306 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 306 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
307 307
308 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 308 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
309 if (l2cap_check_security(sk)) { 309 if (l2cap_check_security(sk)) {
310 struct l2cap_conn_req req; 310 struct l2cap_conn_req req;
311 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 311 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
312 req.psm = l2cap_pi(sk)->psm; 312 req.psm = l2cap_pi(sk)->psm;
313 313
314 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 314 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
315 315
316 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 316 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
317 L2CAP_CONN_REQ, sizeof(req), &req); 317 L2CAP_CONN_REQ, sizeof(req), &req);
318 } 318 }
319 } else { 319 } else {
320 struct l2cap_info_req req; 320 struct l2cap_info_req req;
321 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 321 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
322 322
323 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 323 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
324 conn->info_ident = l2cap_get_ident(conn); 324 conn->info_ident = l2cap_get_ident(conn);
325 325
326 mod_timer(&conn->info_timer, jiffies + 326 mod_timer(&conn->info_timer, jiffies +
327 msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 327 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
328 328
329 l2cap_send_cmd(conn, conn->info_ident, 329 l2cap_send_cmd(conn, conn->info_ident,
330 L2CAP_INFO_REQ, sizeof(req), &req); 330 L2CAP_INFO_REQ, sizeof(req), &req);
331 } 331 }
332 } 332 }
333 333
334 /* ---- L2CAP connections ---- */ 334 /* ---- L2CAP connections ---- */
335 static void l2cap_conn_start(struct l2cap_conn *conn) 335 static void l2cap_conn_start(struct l2cap_conn *conn)
336 { 336 {
337 struct l2cap_chan_list *l = &conn->chan_list; 337 struct l2cap_chan_list *l = &conn->chan_list;
338 struct sock *sk; 338 struct sock *sk;
339 339
340 BT_DBG("conn %p", conn); 340 BT_DBG("conn %p", conn);
341 341
342 read_lock(&l->lock); 342 read_lock(&l->lock);
343 343
344 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 344 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
345 bh_lock_sock(sk); 345 bh_lock_sock(sk);
346 346
347 if (sk->sk_type != SOCK_SEQPACKET) { 347 if (sk->sk_type != SOCK_SEQPACKET) {
348 bh_unlock_sock(sk); 348 bh_unlock_sock(sk);
349 continue; 349 continue;
350 } 350 }
351 351
352 if (sk->sk_state == BT_CONNECT) { 352 if (sk->sk_state == BT_CONNECT) {
353 if (l2cap_check_security(sk)) { 353 if (l2cap_check_security(sk)) {
354 struct l2cap_conn_req req; 354 struct l2cap_conn_req req;
355 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 355 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
356 req.psm = l2cap_pi(sk)->psm; 356 req.psm = l2cap_pi(sk)->psm;
357 357
358 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 358 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
359 359
360 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 360 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
361 L2CAP_CONN_REQ, sizeof(req), &req); 361 L2CAP_CONN_REQ, sizeof(req), &req);
362 } 362 }
363 } else if (sk->sk_state == BT_CONNECT2) { 363 } else if (sk->sk_state == BT_CONNECT2) {
364 struct l2cap_conn_rsp rsp; 364 struct l2cap_conn_rsp rsp;
365 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 365 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
366 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 366 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
367 367
368 if (l2cap_check_security(sk)) { 368 if (l2cap_check_security(sk)) {
369 if (bt_sk(sk)->defer_setup) { 369 if (bt_sk(sk)->defer_setup) {
370 struct sock *parent = bt_sk(sk)->parent; 370 struct sock *parent = bt_sk(sk)->parent;
371 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 371 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
372 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND); 372 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
373 parent->sk_data_ready(parent, 0); 373 parent->sk_data_ready(parent, 0);
374 374
375 } else { 375 } else {
376 sk->sk_state = BT_CONFIG; 376 sk->sk_state = BT_CONFIG;
377 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 377 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
378 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 378 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
379 } 379 }
380 } else { 380 } else {
381 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 381 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
382 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); 382 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
383 } 383 }
384 384
385 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 385 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
386 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 386 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
387 } 387 }
388 388
389 bh_unlock_sock(sk); 389 bh_unlock_sock(sk);
390 } 390 }
391 391
392 read_unlock(&l->lock); 392 read_unlock(&l->lock);
393 } 393 }
394 394
395 static void l2cap_conn_ready(struct l2cap_conn *conn) 395 static void l2cap_conn_ready(struct l2cap_conn *conn)
396 { 396 {
397 struct l2cap_chan_list *l = &conn->chan_list; 397 struct l2cap_chan_list *l = &conn->chan_list;
398 struct sock *sk; 398 struct sock *sk;
399 399
400 BT_DBG("conn %p", conn); 400 BT_DBG("conn %p", conn);
401 401
402 read_lock(&l->lock); 402 read_lock(&l->lock);
403 403
404 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 404 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
405 bh_lock_sock(sk); 405 bh_lock_sock(sk);
406 406
407 if (sk->sk_type != SOCK_SEQPACKET) { 407 if (sk->sk_type != SOCK_SEQPACKET) {
408 l2cap_sock_clear_timer(sk); 408 l2cap_sock_clear_timer(sk);
409 sk->sk_state = BT_CONNECTED; 409 sk->sk_state = BT_CONNECTED;
410 sk->sk_state_change(sk); 410 sk->sk_state_change(sk);
411 } else if (sk->sk_state == BT_CONNECT) 411 } else if (sk->sk_state == BT_CONNECT)
412 l2cap_do_start(sk); 412 l2cap_do_start(sk);
413 413
414 bh_unlock_sock(sk); 414 bh_unlock_sock(sk);
415 } 415 }
416 416
417 read_unlock(&l->lock); 417 read_unlock(&l->lock);
418 } 418 }
419 419
420 /* Notify sockets that we cannot guaranty reliability anymore */ 420 /* Notify sockets that we cannot guaranty reliability anymore */
421 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err) 421 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
422 { 422 {
423 struct l2cap_chan_list *l = &conn->chan_list; 423 struct l2cap_chan_list *l = &conn->chan_list;
424 struct sock *sk; 424 struct sock *sk;
425 425
426 BT_DBG("conn %p", conn); 426 BT_DBG("conn %p", conn);
427 427
428 read_lock(&l->lock); 428 read_lock(&l->lock);
429 429
430 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 430 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
431 if (l2cap_pi(sk)->force_reliable) 431 if (l2cap_pi(sk)->force_reliable)
432 sk->sk_err = err; 432 sk->sk_err = err;
433 } 433 }
434 434
435 read_unlock(&l->lock); 435 read_unlock(&l->lock);
436 } 436 }
437 437
438 static void l2cap_info_timeout(unsigned long arg) 438 static void l2cap_info_timeout(unsigned long arg)
439 { 439 {
440 struct l2cap_conn *conn = (void *) arg; 440 struct l2cap_conn *conn = (void *) arg;
441 441
442 conn->info_ident = 0; 442 conn->info_ident = 0;
443 443
444 l2cap_conn_start(conn); 444 l2cap_conn_start(conn);
445 } 445 }
446 446
447 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) 447 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
448 { 448 {
449 struct l2cap_conn *conn = hcon->l2cap_data; 449 struct l2cap_conn *conn = hcon->l2cap_data;
450 450
451 if (conn || status) 451 if (conn || status)
452 return conn; 452 return conn;
453 453
454 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC); 454 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
455 if (!conn) 455 if (!conn)
456 return NULL; 456 return NULL;
457 457
458 hcon->l2cap_data = conn; 458 hcon->l2cap_data = conn;
459 conn->hcon = hcon; 459 conn->hcon = hcon;
460 460
461 BT_DBG("hcon %p conn %p", hcon, conn); 461 BT_DBG("hcon %p conn %p", hcon, conn);
462 462
463 conn->mtu = hcon->hdev->acl_mtu; 463 conn->mtu = hcon->hdev->acl_mtu;
464 conn->src = &hcon->hdev->bdaddr; 464 conn->src = &hcon->hdev->bdaddr;
465 conn->dst = &hcon->dst; 465 conn->dst = &hcon->dst;
466 466
467 conn->feat_mask = 0; 467 conn->feat_mask = 0;
468 468
469 setup_timer(&conn->info_timer, l2cap_info_timeout, 469 setup_timer(&conn->info_timer, l2cap_info_timeout,
470 (unsigned long) conn); 470 (unsigned long) conn);
471 471
472 spin_lock_init(&conn->lock); 472 spin_lock_init(&conn->lock);
473 rwlock_init(&conn->chan_list.lock); 473 rwlock_init(&conn->chan_list.lock);
474 474
475 return conn; 475 return conn;
476 } 476 }
477 477
478 static void l2cap_conn_del(struct hci_conn *hcon, int err) 478 static void l2cap_conn_del(struct hci_conn *hcon, int err)
479 { 479 {
480 struct l2cap_conn *conn = hcon->l2cap_data; 480 struct l2cap_conn *conn = hcon->l2cap_data;
481 struct sock *sk; 481 struct sock *sk;
482 482
483 if (!conn) 483 if (!conn)
484 return; 484 return;
485 485
486 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 486 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
487 487
488 if (conn->rx_skb) 488 if (conn->rx_skb)
489 kfree_skb(conn->rx_skb); 489 kfree_skb(conn->rx_skb);
490 490
491 /* Kill channels */ 491 /* Kill channels */
492 while ((sk = conn->chan_list.head)) { 492 while ((sk = conn->chan_list.head)) {
493 bh_lock_sock(sk); 493 bh_lock_sock(sk);
494 l2cap_chan_del(sk, err); 494 l2cap_chan_del(sk, err);
495 bh_unlock_sock(sk); 495 bh_unlock_sock(sk);
496 l2cap_sock_kill(sk); 496 l2cap_sock_kill(sk);
497 } 497 }
498 498
499 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) 499 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
500 del_timer_sync(&conn->info_timer); 500 del_timer_sync(&conn->info_timer);
501 501
502 hcon->l2cap_data = NULL; 502 hcon->l2cap_data = NULL;
503 kfree(conn); 503 kfree(conn);
504 } 504 }
505 505
506 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent) 506 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
507 { 507 {
508 struct l2cap_chan_list *l = &conn->chan_list; 508 struct l2cap_chan_list *l = &conn->chan_list;
509 write_lock_bh(&l->lock); 509 write_lock_bh(&l->lock);
510 __l2cap_chan_add(conn, sk, parent); 510 __l2cap_chan_add(conn, sk, parent);
511 write_unlock_bh(&l->lock); 511 write_unlock_bh(&l->lock);
512 } 512 }
513 513
514 /* ---- Socket interface ---- */ 514 /* ---- Socket interface ---- */
515 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src) 515 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
516 { 516 {
517 struct sock *sk; 517 struct sock *sk;
518 struct hlist_node *node; 518 struct hlist_node *node;
519 sk_for_each(sk, node, &l2cap_sk_list.head) 519 sk_for_each(sk, node, &l2cap_sk_list.head)
520 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src)) 520 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
521 goto found; 521 goto found;
522 sk = NULL; 522 sk = NULL;
523 found: 523 found:
524 return sk; 524 return sk;
525 } 525 }
526 526
527 /* Find socket with psm and source bdaddr. 527 /* Find socket with psm and source bdaddr.
528 * Returns closest match. 528 * Returns closest match.
529 */ 529 */
530 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src) 530 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
531 { 531 {
532 struct sock *sk = NULL, *sk1 = NULL; 532 struct sock *sk = NULL, *sk1 = NULL;
533 struct hlist_node *node; 533 struct hlist_node *node;
534 534
535 sk_for_each(sk, node, &l2cap_sk_list.head) { 535 sk_for_each(sk, node, &l2cap_sk_list.head) {
536 if (state && sk->sk_state != state) 536 if (state && sk->sk_state != state)
537 continue; 537 continue;
538 538
539 if (l2cap_pi(sk)->psm == psm) { 539 if (l2cap_pi(sk)->psm == psm) {
540 /* Exact match. */ 540 /* Exact match. */
541 if (!bacmp(&bt_sk(sk)->src, src)) 541 if (!bacmp(&bt_sk(sk)->src, src))
542 break; 542 break;
543 543
544 /* Closest match */ 544 /* Closest match */
545 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 545 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
546 sk1 = sk; 546 sk1 = sk;
547 } 547 }
548 } 548 }
549 return node ? sk : sk1; 549 return node ? sk : sk1;
550 } 550 }
551 551
552 /* Find socket with given address (psm, src). 552 /* Find socket with given address (psm, src).
553 * Returns locked socket */ 553 * Returns locked socket */
554 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src) 554 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
555 { 555 {
556 struct sock *s; 556 struct sock *s;
557 read_lock(&l2cap_sk_list.lock); 557 read_lock(&l2cap_sk_list.lock);
558 s = __l2cap_get_sock_by_psm(state, psm, src); 558 s = __l2cap_get_sock_by_psm(state, psm, src);
559 if (s) bh_lock_sock(s); 559 if (s) bh_lock_sock(s);
560 read_unlock(&l2cap_sk_list.lock); 560 read_unlock(&l2cap_sk_list.lock);
561 return s; 561 return s;
562 } 562 }
563 563
564 static void l2cap_sock_destruct(struct sock *sk) 564 static void l2cap_sock_destruct(struct sock *sk)
565 { 565 {
566 BT_DBG("sk %p", sk); 566 BT_DBG("sk %p", sk);
567 567
568 skb_queue_purge(&sk->sk_receive_queue); 568 skb_queue_purge(&sk->sk_receive_queue);
569 skb_queue_purge(&sk->sk_write_queue); 569 skb_queue_purge(&sk->sk_write_queue);
570 } 570 }
571 571
572 static void l2cap_sock_cleanup_listen(struct sock *parent) 572 static void l2cap_sock_cleanup_listen(struct sock *parent)
573 { 573 {
574 struct sock *sk; 574 struct sock *sk;
575 575
576 BT_DBG("parent %p", parent); 576 BT_DBG("parent %p", parent);
577 577
578 /* Close not yet accepted channels */ 578 /* Close not yet accepted channels */
579 while ((sk = bt_accept_dequeue(parent, NULL))) 579 while ((sk = bt_accept_dequeue(parent, NULL)))
580 l2cap_sock_close(sk); 580 l2cap_sock_close(sk);
581 581
582 parent->sk_state = BT_CLOSED; 582 parent->sk_state = BT_CLOSED;
583 sock_set_flag(parent, SOCK_ZAPPED); 583 sock_set_flag(parent, SOCK_ZAPPED);
584 } 584 }
585 585
586 /* Kill socket (only if zapped and orphan) 586 /* Kill socket (only if zapped and orphan)
587 * Must be called on unlocked socket. 587 * Must be called on unlocked socket.
588 */ 588 */
589 static void l2cap_sock_kill(struct sock *sk) 589 static void l2cap_sock_kill(struct sock *sk)
590 { 590 {
591 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 591 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
592 return; 592 return;
593 593
594 BT_DBG("sk %p state %d", sk, sk->sk_state); 594 BT_DBG("sk %p state %d", sk, sk->sk_state);
595 595
596 /* Kill poor orphan */ 596 /* Kill poor orphan */
597 bt_sock_unlink(&l2cap_sk_list, sk); 597 bt_sock_unlink(&l2cap_sk_list, sk);
598 sock_set_flag(sk, SOCK_DEAD); 598 sock_set_flag(sk, SOCK_DEAD);
599 sock_put(sk); 599 sock_put(sk);
600 } 600 }
601 601
602 static void __l2cap_sock_close(struct sock *sk, int reason) 602 static void __l2cap_sock_close(struct sock *sk, int reason)
603 { 603 {
604 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 604 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
605 605
606 switch (sk->sk_state) { 606 switch (sk->sk_state) {
607 case BT_LISTEN: 607 case BT_LISTEN:
608 l2cap_sock_cleanup_listen(sk); 608 l2cap_sock_cleanup_listen(sk);
609 break; 609 break;
610 610
611 case BT_CONNECTED: 611 case BT_CONNECTED:
612 case BT_CONFIG: 612 case BT_CONFIG:
613 if (sk->sk_type == SOCK_SEQPACKET) { 613 if (sk->sk_type == SOCK_SEQPACKET) {
614 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 614 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
615 struct l2cap_disconn_req req; 615 struct l2cap_disconn_req req;
616 616
617 sk->sk_state = BT_DISCONN; 617 sk->sk_state = BT_DISCONN;
618 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 618 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
619 619
620 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 620 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
621 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 621 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
622 l2cap_send_cmd(conn, l2cap_get_ident(conn), 622 l2cap_send_cmd(conn, l2cap_get_ident(conn),
623 L2CAP_DISCONN_REQ, sizeof(req), &req); 623 L2CAP_DISCONN_REQ, sizeof(req), &req);
624 } else 624 } else
625 l2cap_chan_del(sk, reason); 625 l2cap_chan_del(sk, reason);
626 break; 626 break;
627 627
628 case BT_CONNECT2: 628 case BT_CONNECT2:
629 if (sk->sk_type == SOCK_SEQPACKET) { 629 if (sk->sk_type == SOCK_SEQPACKET) {
630 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 630 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
631 struct l2cap_conn_rsp rsp; 631 struct l2cap_conn_rsp rsp;
632 __u16 result; 632 __u16 result;
633 633
634 if (bt_sk(sk)->defer_setup) 634 if (bt_sk(sk)->defer_setup)
635 result = L2CAP_CR_SEC_BLOCK; 635 result = L2CAP_CR_SEC_BLOCK;
636 else 636 else
637 result = L2CAP_CR_BAD_PSM; 637 result = L2CAP_CR_BAD_PSM;
638 638
639 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 639 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
640 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 640 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
641 rsp.result = cpu_to_le16(result); 641 rsp.result = cpu_to_le16(result);
642 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 642 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
643 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 643 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
644 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 644 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
645 } else 645 } else
646 l2cap_chan_del(sk, reason); 646 l2cap_chan_del(sk, reason);
647 break; 647 break;
648 648
649 case BT_CONNECT: 649 case BT_CONNECT:
650 case BT_DISCONN: 650 case BT_DISCONN:
651 l2cap_chan_del(sk, reason); 651 l2cap_chan_del(sk, reason);
652 break; 652 break;
653 653
654 default: 654 default:
655 sock_set_flag(sk, SOCK_ZAPPED); 655 sock_set_flag(sk, SOCK_ZAPPED);
656 break; 656 break;
657 } 657 }
658 } 658 }
659 659
660 /* Must be called on unlocked socket. */ 660 /* Must be called on unlocked socket. */
661 static void l2cap_sock_close(struct sock *sk) 661 static void l2cap_sock_close(struct sock *sk)
662 { 662 {
663 l2cap_sock_clear_timer(sk); 663 l2cap_sock_clear_timer(sk);
664 lock_sock(sk); 664 lock_sock(sk);
665 __l2cap_sock_close(sk, ECONNRESET); 665 __l2cap_sock_close(sk, ECONNRESET);
666 release_sock(sk); 666 release_sock(sk);
667 l2cap_sock_kill(sk); 667 l2cap_sock_kill(sk);
668 } 668 }
669 669
670 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 670 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
671 { 671 {
672 struct l2cap_pinfo *pi = l2cap_pi(sk); 672 struct l2cap_pinfo *pi = l2cap_pi(sk);
673 673
674 BT_DBG("sk %p", sk); 674 BT_DBG("sk %p", sk);
675 675
676 if (parent) { 676 if (parent) {
677 sk->sk_type = parent->sk_type; 677 sk->sk_type = parent->sk_type;
678 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; 678 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
679 679
680 pi->imtu = l2cap_pi(parent)->imtu; 680 pi->imtu = l2cap_pi(parent)->imtu;
681 pi->omtu = l2cap_pi(parent)->omtu; 681 pi->omtu = l2cap_pi(parent)->omtu;
682 pi->sec_level = l2cap_pi(parent)->sec_level; 682 pi->sec_level = l2cap_pi(parent)->sec_level;
683 pi->role_switch = l2cap_pi(parent)->role_switch; 683 pi->role_switch = l2cap_pi(parent)->role_switch;
684 pi->force_reliable = l2cap_pi(parent)->force_reliable; 684 pi->force_reliable = l2cap_pi(parent)->force_reliable;
685 } else { 685 } else {
686 pi->imtu = L2CAP_DEFAULT_MTU; 686 pi->imtu = L2CAP_DEFAULT_MTU;
687 pi->omtu = 0; 687 pi->omtu = 0;
688 pi->sec_level = BT_SECURITY_LOW; 688 pi->sec_level = BT_SECURITY_LOW;
689 pi->role_switch = 0; 689 pi->role_switch = 0;
690 pi->force_reliable = 0; 690 pi->force_reliable = 0;
691 } 691 }
692 692
693 /* Default config options */ 693 /* Default config options */
694 pi->conf_len = 0; 694 pi->conf_len = 0;
695 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO; 695 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
696 } 696 }
697 697
698 static struct proto l2cap_proto = { 698 static struct proto l2cap_proto = {
699 .name = "L2CAP", 699 .name = "L2CAP",
700 .owner = THIS_MODULE, 700 .owner = THIS_MODULE,
701 .obj_size = sizeof(struct l2cap_pinfo) 701 .obj_size = sizeof(struct l2cap_pinfo)
702 }; 702 };
703 703
704 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 704 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
705 { 705 {
706 struct sock *sk; 706 struct sock *sk;
707 707
708 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 708 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
709 if (!sk) 709 if (!sk)
710 return NULL; 710 return NULL;
711 711
712 sock_init_data(sock, sk); 712 sock_init_data(sock, sk);
713 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 713 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
714 714
715 sk->sk_destruct = l2cap_sock_destruct; 715 sk->sk_destruct = l2cap_sock_destruct;
716 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 716 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
717 717
718 sock_reset_flag(sk, SOCK_ZAPPED); 718 sock_reset_flag(sk, SOCK_ZAPPED);
719 719
720 sk->sk_protocol = proto; 720 sk->sk_protocol = proto;
721 sk->sk_state = BT_OPEN; 721 sk->sk_state = BT_OPEN;
722 722
723 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); 723 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
724 724
725 bt_sock_link(&l2cap_sk_list, sk); 725 bt_sock_link(&l2cap_sk_list, sk);
726 return sk; 726 return sk;
727 } 727 }
728 728
729 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) 729 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
730 { 730 {
731 struct sock *sk; 731 struct sock *sk;
732 732
733 BT_DBG("sock %p", sock); 733 BT_DBG("sock %p", sock);
734 734
735 sock->state = SS_UNCONNECTED; 735 sock->state = SS_UNCONNECTED;
736 736
737 if (sock->type != SOCK_SEQPACKET && 737 if (sock->type != SOCK_SEQPACKET &&
738 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 738 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
739 return -ESOCKTNOSUPPORT; 739 return -ESOCKTNOSUPPORT;
740 740
741 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW)) 741 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
742 return -EPERM; 742 return -EPERM;
743 743
744 sock->ops = &l2cap_sock_ops; 744 sock->ops = &l2cap_sock_ops;
745 745
746 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 746 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
747 if (!sk) 747 if (!sk)
748 return -ENOMEM; 748 return -ENOMEM;
749 749
750 l2cap_sock_init(sk, NULL); 750 l2cap_sock_init(sk, NULL);
751 return 0; 751 return 0;
752 } 752 }
753 753
754 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 754 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
755 { 755 {
756 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 756 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
757 struct sock *sk = sock->sk; 757 struct sock *sk = sock->sk;
758 int err = 0; 758 int err = 0;
759 759
760 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm); 760 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
761 761
762 if (!addr || addr->sa_family != AF_BLUETOOTH) 762 if (!addr || addr->sa_family != AF_BLUETOOTH)
763 return -EINVAL; 763 return -EINVAL;
764 764
765 lock_sock(sk); 765 lock_sock(sk);
766 766
767 if (sk->sk_state != BT_OPEN) { 767 if (sk->sk_state != BT_OPEN) {
768 err = -EBADFD; 768 err = -EBADFD;
769 goto done; 769 goto done;
770 } 770 }
771 771
772 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 && 772 if (la->l2_psm && btohs(la->l2_psm) < 0x1001 &&
773 !capable(CAP_NET_BIND_SERVICE)) { 773 !capable(CAP_NET_BIND_SERVICE)) {
774 err = -EACCES; 774 err = -EACCES;
775 goto done; 775 goto done;
776 } 776 }
777 777
778 write_lock_bh(&l2cap_sk_list.lock); 778 write_lock_bh(&l2cap_sk_list.lock);
779 779
780 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) { 780 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
781 err = -EADDRINUSE; 781 err = -EADDRINUSE;
782 } else { 782 } else {
783 /* Save source address */ 783 /* Save source address */
784 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr); 784 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
785 l2cap_pi(sk)->psm = la->l2_psm; 785 l2cap_pi(sk)->psm = la->l2_psm;
786 l2cap_pi(sk)->sport = la->l2_psm; 786 l2cap_pi(sk)->sport = la->l2_psm;
787 sk->sk_state = BT_BOUND; 787 sk->sk_state = BT_BOUND;
788 788
789 if (btohs(la->l2_psm) == 0x0001) 789 if (btohs(la->l2_psm) == 0x0001)
790 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; 790 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
791 } 791 }
792 792
793 write_unlock_bh(&l2cap_sk_list.lock); 793 write_unlock_bh(&l2cap_sk_list.lock);
794 794
795 done: 795 done:
796 release_sock(sk); 796 release_sock(sk);
797 return err; 797 return err;
798 } 798 }
799 799
800 static int l2cap_do_connect(struct sock *sk) 800 static int l2cap_do_connect(struct sock *sk)
801 { 801 {
802 bdaddr_t *src = &bt_sk(sk)->src; 802 bdaddr_t *src = &bt_sk(sk)->src;
803 bdaddr_t *dst = &bt_sk(sk)->dst; 803 bdaddr_t *dst = &bt_sk(sk)->dst;
804 struct l2cap_conn *conn; 804 struct l2cap_conn *conn;
805 struct hci_conn *hcon; 805 struct hci_conn *hcon;
806 struct hci_dev *hdev; 806 struct hci_dev *hdev;
807 __u8 auth_type; 807 __u8 auth_type;
808 int err = 0; 808 int err = 0;
809 809
810 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm); 810 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
811 811
812 if (!(hdev = hci_get_route(dst, src))) 812 if (!(hdev = hci_get_route(dst, src)))
813 return -EHOSTUNREACH; 813 return -EHOSTUNREACH;
814 814
815 hci_dev_lock_bh(hdev); 815 hci_dev_lock_bh(hdev);
816 816
817 err = -ENOMEM; 817 err = -ENOMEM;
818 818
819 if (sk->sk_type == SOCK_RAW) { 819 if (sk->sk_type == SOCK_RAW) {
820 switch (l2cap_pi(sk)->sec_level) { 820 switch (l2cap_pi(sk)->sec_level) {
821 case BT_SECURITY_HIGH: 821 case BT_SECURITY_HIGH:
822 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 822 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
823 break; 823 break;
824 case BT_SECURITY_MEDIUM: 824 case BT_SECURITY_MEDIUM:
825 auth_type = HCI_AT_DEDICATED_BONDING; 825 auth_type = HCI_AT_DEDICATED_BONDING;
826 break; 826 break;
827 default: 827 default:
828 auth_type = HCI_AT_NO_BONDING; 828 auth_type = HCI_AT_NO_BONDING;
829 break; 829 break;
830 } 830 }
831 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { 831 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
832 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 832 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
833 auth_type = HCI_AT_NO_BONDING_MITM; 833 auth_type = HCI_AT_NO_BONDING_MITM;
834 else 834 else
835 auth_type = HCI_AT_NO_BONDING; 835 auth_type = HCI_AT_NO_BONDING;
836 } else { 836 } else {
837 switch (l2cap_pi(sk)->sec_level) { 837 switch (l2cap_pi(sk)->sec_level) {
838 case BT_SECURITY_HIGH: 838 case BT_SECURITY_HIGH:
839 auth_type = HCI_AT_GENERAL_BONDING_MITM; 839 auth_type = HCI_AT_GENERAL_BONDING_MITM;
840 break; 840 break;
841 case BT_SECURITY_MEDIUM: 841 case BT_SECURITY_MEDIUM:
842 auth_type = HCI_AT_GENERAL_BONDING; 842 auth_type = HCI_AT_GENERAL_BONDING;
843 break; 843 break;
844 default: 844 default:
845 auth_type = HCI_AT_NO_BONDING; 845 auth_type = HCI_AT_NO_BONDING;
846 break; 846 break;
847 } 847 }
848 } 848 }
849 849
850 hcon = hci_connect(hdev, ACL_LINK, dst, 850 hcon = hci_connect(hdev, ACL_LINK, dst,
851 l2cap_pi(sk)->sec_level, auth_type); 851 l2cap_pi(sk)->sec_level, auth_type);
852 if (!hcon) 852 if (!hcon)
853 goto done; 853 goto done;
854 854
855 conn = l2cap_conn_add(hcon, 0); 855 conn = l2cap_conn_add(hcon, 0);
856 if (!conn) { 856 if (!conn) {
857 hci_conn_put(hcon); 857 hci_conn_put(hcon);
858 goto done; 858 goto done;
859 } 859 }
860 860
861 err = 0; 861 err = 0;
862 862
863 /* Update source addr of the socket */ 863 /* Update source addr of the socket */
864 bacpy(src, conn->src); 864 bacpy(src, conn->src);
865 865
866 l2cap_chan_add(conn, sk, NULL); 866 l2cap_chan_add(conn, sk, NULL);
867 867
868 sk->sk_state = BT_CONNECT; 868 sk->sk_state = BT_CONNECT;
869 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 869 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
870 870
871 if (hcon->state == BT_CONNECTED) { 871 if (hcon->state == BT_CONNECTED) {
872 if (sk->sk_type != SOCK_SEQPACKET) { 872 if (sk->sk_type != SOCK_SEQPACKET) {
873 l2cap_sock_clear_timer(sk); 873 l2cap_sock_clear_timer(sk);
874 sk->sk_state = BT_CONNECTED; 874 sk->sk_state = BT_CONNECTED;
875 } else 875 } else
876 l2cap_do_start(sk); 876 l2cap_do_start(sk);
877 } 877 }
878 878
879 done: 879 done:
880 hci_dev_unlock_bh(hdev); 880 hci_dev_unlock_bh(hdev);
881 hci_dev_put(hdev); 881 hci_dev_put(hdev);
882 return err; 882 return err;
883 } 883 }
884 884
885 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 885 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
886 { 886 {
887 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 887 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
888 struct sock *sk = sock->sk; 888 struct sock *sk = sock->sk;
889 int err = 0; 889 int err = 0;
890 890
891 lock_sock(sk); 891 lock_sock(sk);
892 892
893 BT_DBG("sk %p", sk); 893 BT_DBG("sk %p", sk);
894 894
895 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) { 895 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
896 err = -EINVAL; 896 err = -EINVAL;
897 goto done; 897 goto done;
898 } 898 }
899 899
900 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) { 900 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
901 err = -EINVAL; 901 err = -EINVAL;
902 goto done; 902 goto done;
903 } 903 }
904 904
905 switch(sk->sk_state) { 905 switch(sk->sk_state) {
906 case BT_CONNECT: 906 case BT_CONNECT:
907 case BT_CONNECT2: 907 case BT_CONNECT2:
908 case BT_CONFIG: 908 case BT_CONFIG:
909 /* Already connecting */ 909 /* Already connecting */
910 goto wait; 910 goto wait;
911 911
912 case BT_CONNECTED: 912 case BT_CONNECTED:
913 /* Already connected */ 913 /* Already connected */
914 goto done; 914 goto done;
915 915
916 case BT_OPEN: 916 case BT_OPEN:
917 case BT_BOUND: 917 case BT_BOUND:
918 /* Can connect */ 918 /* Can connect */
919 break; 919 break;
920 920
921 default: 921 default:
922 err = -EBADFD; 922 err = -EBADFD;
923 goto done; 923 goto done;
924 } 924 }
925 925
926 /* Set destination address and psm */ 926 /* Set destination address and psm */
927 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr); 927 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
928 l2cap_pi(sk)->psm = la->l2_psm; 928 l2cap_pi(sk)->psm = la->l2_psm;
929 929
930 if ((err = l2cap_do_connect(sk))) 930 if ((err = l2cap_do_connect(sk)))
931 goto done; 931 goto done;
932 932
933 wait: 933 wait:
934 err = bt_sock_wait_state(sk, BT_CONNECTED, 934 err = bt_sock_wait_state(sk, BT_CONNECTED,
935 sock_sndtimeo(sk, flags & O_NONBLOCK)); 935 sock_sndtimeo(sk, flags & O_NONBLOCK));
936 done: 936 done:
937 release_sock(sk); 937 release_sock(sk);
938 return err; 938 return err;
939 } 939 }
940 940
941 static int l2cap_sock_listen(struct socket *sock, int backlog) 941 static int l2cap_sock_listen(struct socket *sock, int backlog)
942 { 942 {
943 struct sock *sk = sock->sk; 943 struct sock *sk = sock->sk;
944 int err = 0; 944 int err = 0;
945 945
946 BT_DBG("sk %p backlog %d", sk, backlog); 946 BT_DBG("sk %p backlog %d", sk, backlog);
947 947
948 lock_sock(sk); 948 lock_sock(sk);
949 949
950 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 950 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
951 err = -EBADFD; 951 err = -EBADFD;
952 goto done; 952 goto done;
953 } 953 }
954 954
955 if (!l2cap_pi(sk)->psm) { 955 if (!l2cap_pi(sk)->psm) {
956 bdaddr_t *src = &bt_sk(sk)->src; 956 bdaddr_t *src = &bt_sk(sk)->src;
957 u16 psm; 957 u16 psm;
958 958
959 err = -EINVAL; 959 err = -EINVAL;
960 960
961 write_lock_bh(&l2cap_sk_list.lock); 961 write_lock_bh(&l2cap_sk_list.lock);
962 962
963 for (psm = 0x1001; psm < 0x1100; psm += 2) 963 for (psm = 0x1001; psm < 0x1100; psm += 2)
964 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) { 964 if (!__l2cap_get_sock_by_addr(htobs(psm), src)) {
965 l2cap_pi(sk)->psm = htobs(psm); 965 l2cap_pi(sk)->psm = htobs(psm);
966 l2cap_pi(sk)->sport = htobs(psm); 966 l2cap_pi(sk)->sport = htobs(psm);
967 err = 0; 967 err = 0;
968 break; 968 break;
969 } 969 }
970 970
971 write_unlock_bh(&l2cap_sk_list.lock); 971 write_unlock_bh(&l2cap_sk_list.lock);
972 972
973 if (err < 0) 973 if (err < 0)
974 goto done; 974 goto done;
975 } 975 }
976 976
977 sk->sk_max_ack_backlog = backlog; 977 sk->sk_max_ack_backlog = backlog;
978 sk->sk_ack_backlog = 0; 978 sk->sk_ack_backlog = 0;
979 sk->sk_state = BT_LISTEN; 979 sk->sk_state = BT_LISTEN;
980 980
981 done: 981 done:
982 release_sock(sk); 982 release_sock(sk);
983 return err; 983 return err;
984 } 984 }
985 985
986 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 986 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
987 { 987 {
988 DECLARE_WAITQUEUE(wait, current); 988 DECLARE_WAITQUEUE(wait, current);
989 struct sock *sk = sock->sk, *nsk; 989 struct sock *sk = sock->sk, *nsk;
990 long timeo; 990 long timeo;
991 int err = 0; 991 int err = 0;
992 992
993 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 993 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
994 994
995 if (sk->sk_state != BT_LISTEN) { 995 if (sk->sk_state != BT_LISTEN) {
996 err = -EBADFD; 996 err = -EBADFD;
997 goto done; 997 goto done;
998 } 998 }
999 999
1000 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1000 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1001 1001
1002 BT_DBG("sk %p timeo %ld", sk, timeo); 1002 BT_DBG("sk %p timeo %ld", sk, timeo);
1003 1003
1004 /* Wait for an incoming connection. (wake-one). */ 1004 /* Wait for an incoming connection. (wake-one). */
1005 add_wait_queue_exclusive(sk->sk_sleep, &wait); 1005 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1006 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 1006 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1007 set_current_state(TASK_INTERRUPTIBLE); 1007 set_current_state(TASK_INTERRUPTIBLE);
1008 if (!timeo) { 1008 if (!timeo) {
1009 err = -EAGAIN; 1009 err = -EAGAIN;
1010 break; 1010 break;
1011 } 1011 }
1012 1012
1013 release_sock(sk); 1013 release_sock(sk);
1014 timeo = schedule_timeout(timeo); 1014 timeo = schedule_timeout(timeo);
1015 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 1015 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1016 1016
1017 if (sk->sk_state != BT_LISTEN) { 1017 if (sk->sk_state != BT_LISTEN) {
1018 err = -EBADFD; 1018 err = -EBADFD;
1019 break; 1019 break;
1020 } 1020 }
1021 1021
1022 if (signal_pending(current)) { 1022 if (signal_pending(current)) {
1023 err = sock_intr_errno(timeo); 1023 err = sock_intr_errno(timeo);
1024 break; 1024 break;
1025 } 1025 }
1026 } 1026 }
1027 set_current_state(TASK_RUNNING); 1027 set_current_state(TASK_RUNNING);
1028 remove_wait_queue(sk->sk_sleep, &wait); 1028 remove_wait_queue(sk->sk_sleep, &wait);
1029 1029
1030 if (err) 1030 if (err)
1031 goto done; 1031 goto done;
1032 1032
1033 newsock->state = SS_CONNECTED; 1033 newsock->state = SS_CONNECTED;
1034 1034
1035 BT_DBG("new socket %p", nsk); 1035 BT_DBG("new socket %p", nsk);
1036 1036
1037 done: 1037 done:
1038 release_sock(sk); 1038 release_sock(sk);
1039 return err; 1039 return err;
1040 } 1040 }
1041 1041
1042 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 1042 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1043 { 1043 {
1044 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 1044 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1045 struct sock *sk = sock->sk; 1045 struct sock *sk = sock->sk;
1046 1046
1047 BT_DBG("sock %p, sk %p", sock, sk); 1047 BT_DBG("sock %p, sk %p", sock, sk);
1048 1048
1049 addr->sa_family = AF_BLUETOOTH; 1049 addr->sa_family = AF_BLUETOOTH;
1050 *len = sizeof(struct sockaddr_l2); 1050 *len = sizeof(struct sockaddr_l2);
1051 1051
1052 if (peer) 1052 if (peer)
1053 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 1053 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1054 else 1054 else
1055 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 1055 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1056 1056
1057 la->l2_psm = l2cap_pi(sk)->psm; 1057 la->l2_psm = l2cap_pi(sk)->psm;
1058 return 0; 1058 return 0;
1059 } 1059 }
1060 1060
1061 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len) 1061 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1062 { 1062 {
1063 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1063 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1064 struct sk_buff *skb, **frag; 1064 struct sk_buff *skb, **frag;
1065 int err, hlen, count, sent=0; 1065 int err, hlen, count, sent=0;
1066 struct l2cap_hdr *lh; 1066 struct l2cap_hdr *lh;
1067 1067
1068 BT_DBG("sk %p len %d", sk, len); 1068 BT_DBG("sk %p len %d", sk, len);
1069 1069
1070 /* First fragment (with L2CAP header) */ 1070 /* First fragment (with L2CAP header) */
1071 if (sk->sk_type == SOCK_DGRAM) 1071 if (sk->sk_type == SOCK_DGRAM)
1072 hlen = L2CAP_HDR_SIZE + 2; 1072 hlen = L2CAP_HDR_SIZE + 2;
1073 else 1073 else
1074 hlen = L2CAP_HDR_SIZE; 1074 hlen = L2CAP_HDR_SIZE;
1075 1075
1076 count = min_t(unsigned int, (conn->mtu - hlen), len); 1076 count = min_t(unsigned int, (conn->mtu - hlen), len);
1077 1077
1078 skb = bt_skb_send_alloc(sk, hlen + count, 1078 skb = bt_skb_send_alloc(sk, hlen + count,
1079 msg->msg_flags & MSG_DONTWAIT, &err); 1079 msg->msg_flags & MSG_DONTWAIT, &err);
1080 if (!skb) 1080 if (!skb)
1081 return err; 1081 return err;
1082 1082
1083 /* Create L2CAP header */ 1083 /* Create L2CAP header */
1084 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1084 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1085 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1085 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1086 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1086 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1087 1087
1088 if (sk->sk_type == SOCK_DGRAM) 1088 if (sk->sk_type == SOCK_DGRAM)
1089 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2)); 1089 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2));
1090 1090
1091 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 1091 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1092 err = -EFAULT; 1092 err = -EFAULT;
1093 goto fail; 1093 goto fail;
1094 } 1094 }
1095 1095
1096 sent += count; 1096 sent += count;
1097 len -= count; 1097 len -= count;
1098 1098
1099 /* Continuation fragments (no L2CAP header) */ 1099 /* Continuation fragments (no L2CAP header) */
1100 frag = &skb_shinfo(skb)->frag_list; 1100 frag = &skb_shinfo(skb)->frag_list;
1101 while (len) { 1101 while (len) {
1102 count = min_t(unsigned int, conn->mtu, len); 1102 count = min_t(unsigned int, conn->mtu, len);
1103 1103
1104 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err); 1104 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1105 if (!*frag) 1105 if (!*frag)
1106 goto fail; 1106 goto fail;
1107 1107
1108 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) { 1108 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1109 err = -EFAULT; 1109 err = -EFAULT;
1110 goto fail; 1110 goto fail;
1111 } 1111 }
1112 1112
1113 sent += count; 1113 sent += count;
1114 len -= count; 1114 len -= count;
1115 1115
1116 frag = &(*frag)->next; 1116 frag = &(*frag)->next;
1117 } 1117 }
1118 1118
1119 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0) 1119 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1120 goto fail; 1120 goto fail;
1121 1121
1122 return sent; 1122 return sent;
1123 1123
1124 fail: 1124 fail:
1125 kfree_skb(skb); 1125 kfree_skb(skb);
1126 return err; 1126 return err;
1127 } 1127 }
1128 1128
1129 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 1129 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1130 { 1130 {
1131 struct sock *sk = sock->sk; 1131 struct sock *sk = sock->sk;
1132 int err = 0; 1132 int err = 0;
1133 1133
1134 BT_DBG("sock %p, sk %p", sock, sk); 1134 BT_DBG("sock %p, sk %p", sock, sk);
1135 1135
1136 err = sock_error(sk); 1136 err = sock_error(sk);
1137 if (err) 1137 if (err)
1138 return err; 1138 return err;
1139 1139
1140 if (msg->msg_flags & MSG_OOB) 1140 if (msg->msg_flags & MSG_OOB)
1141 return -EOPNOTSUPP; 1141 return -EOPNOTSUPP;
1142 1142
1143 /* Check outgoing MTU */ 1143 /* Check outgoing MTU */
1144 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu) 1144 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
1145 return -EINVAL; 1145 return -EINVAL;
1146 1146
1147 lock_sock(sk); 1147 lock_sock(sk);
1148 1148
1149 if (sk->sk_state == BT_CONNECTED) 1149 if (sk->sk_state == BT_CONNECTED)
1150 err = l2cap_do_send(sk, msg, len); 1150 err = l2cap_do_send(sk, msg, len);
1151 else 1151 else
1152 err = -ENOTCONN; 1152 err = -ENOTCONN;
1153 1153
1154 release_sock(sk); 1154 release_sock(sk);
1155 return err; 1155 return err;
1156 } 1156 }
1157 1157
1158 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 1158 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1159 { 1159 {
1160 struct sock *sk = sock->sk; 1160 struct sock *sk = sock->sk;
1161 1161
1162 lock_sock(sk); 1162 lock_sock(sk);
1163 1163
1164 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { 1164 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1165 struct l2cap_conn_rsp rsp; 1165 struct l2cap_conn_rsp rsp;
1166 1166
1167 sk->sk_state = BT_CONFIG; 1167 sk->sk_state = BT_CONFIG;
1168 1168
1169 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 1169 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1170 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 1170 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1171 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 1171 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1172 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 1172 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1173 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident, 1173 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1174 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1174 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1175 1175
1176 release_sock(sk); 1176 release_sock(sk);
1177 return 0; 1177 return 0;
1178 } 1178 }
1179 1179
1180 release_sock(sk); 1180 release_sock(sk);
1181 1181
1182 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 1182 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1183 } 1183 }
1184 1184
1185 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen) 1185 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1186 { 1186 {
1187 struct sock *sk = sock->sk; 1187 struct sock *sk = sock->sk;
1188 struct l2cap_options opts; 1188 struct l2cap_options opts;
1189 int err = 0, len; 1189 int err = 0, len;
1190 u32 opt; 1190 u32 opt;
1191 1191
1192 BT_DBG("sk %p", sk); 1192 BT_DBG("sk %p", sk);
1193 1193
1194 lock_sock(sk); 1194 lock_sock(sk);
1195 1195
1196 switch (optname) { 1196 switch (optname) {
1197 case L2CAP_OPTIONS: 1197 case L2CAP_OPTIONS:
1198 opts.imtu = l2cap_pi(sk)->imtu; 1198 opts.imtu = l2cap_pi(sk)->imtu;
1199 opts.omtu = l2cap_pi(sk)->omtu; 1199 opts.omtu = l2cap_pi(sk)->omtu;
1200 opts.flush_to = l2cap_pi(sk)->flush_to; 1200 opts.flush_to = l2cap_pi(sk)->flush_to;
1201 opts.mode = L2CAP_MODE_BASIC; 1201 opts.mode = L2CAP_MODE_BASIC;
1202 1202
1203 len = min_t(unsigned int, sizeof(opts), optlen); 1203 len = min_t(unsigned int, sizeof(opts), optlen);
1204 if (copy_from_user((char *) &opts, optval, len)) { 1204 if (copy_from_user((char *) &opts, optval, len)) {
1205 err = -EFAULT; 1205 err = -EFAULT;
1206 break; 1206 break;
1207 } 1207 }
1208 1208
1209 l2cap_pi(sk)->imtu = opts.imtu; 1209 l2cap_pi(sk)->imtu = opts.imtu;
1210 l2cap_pi(sk)->omtu = opts.omtu; 1210 l2cap_pi(sk)->omtu = opts.omtu;
1211 break; 1211 break;
1212 1212
1213 case L2CAP_LM: 1213 case L2CAP_LM:
1214 if (get_user(opt, (u32 __user *) optval)) { 1214 if (get_user(opt, (u32 __user *) optval)) {
1215 err = -EFAULT; 1215 err = -EFAULT;
1216 break; 1216 break;
1217 } 1217 }
1218 1218
1219 if (opt & L2CAP_LM_AUTH) 1219 if (opt & L2CAP_LM_AUTH)
1220 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW; 1220 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1221 if (opt & L2CAP_LM_ENCRYPT) 1221 if (opt & L2CAP_LM_ENCRYPT)
1222 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM; 1222 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1223 if (opt & L2CAP_LM_SECURE) 1223 if (opt & L2CAP_LM_SECURE)
1224 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH; 1224 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1225 1225
1226 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER); 1226 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1227 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE); 1227 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1228 break; 1228 break;
1229 1229
1230 default: 1230 default:
1231 err = -ENOPROTOOPT; 1231 err = -ENOPROTOOPT;
1232 break; 1232 break;
1233 } 1233 }
1234 1234
1235 release_sock(sk); 1235 release_sock(sk);
1236 return err; 1236 return err;
1237 } 1237 }
1238 1238
1239 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 1239 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1240 { 1240 {
1241 struct sock *sk = sock->sk; 1241 struct sock *sk = sock->sk;
1242 struct bt_security sec; 1242 struct bt_security sec;
1243 int len, err = 0; 1243 int len, err = 0;
1244 u32 opt; 1244 u32 opt;
1245 1245
1246 BT_DBG("sk %p", sk); 1246 BT_DBG("sk %p", sk);
1247 1247
1248 if (level == SOL_L2CAP) 1248 if (level == SOL_L2CAP)
1249 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 1249 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1250 1250
1251 if (level != SOL_BLUETOOTH) 1251 if (level != SOL_BLUETOOTH)
1252 return -ENOPROTOOPT; 1252 return -ENOPROTOOPT;
1253 1253
1254 lock_sock(sk); 1254 lock_sock(sk);
1255 1255
1256 switch (optname) { 1256 switch (optname) {
1257 case BT_SECURITY: 1257 case BT_SECURITY:
1258 if (sk->sk_type != SOCK_SEQPACKET) { 1258 if (sk->sk_type != SOCK_SEQPACKET) {
1259 err = -EINVAL; 1259 err = -EINVAL;
1260 break; 1260 break;
1261 } 1261 }
1262 1262
1263 sec.level = BT_SECURITY_LOW; 1263 sec.level = BT_SECURITY_LOW;
1264 1264
1265 len = min_t(unsigned int, sizeof(sec), optlen); 1265 len = min_t(unsigned int, sizeof(sec), optlen);
1266 if (copy_from_user((char *) &sec, optval, len)) { 1266 if (copy_from_user((char *) &sec, optval, len)) {
1267 err = -EFAULT; 1267 err = -EFAULT;
1268 break; 1268 break;
1269 } 1269 }
1270 1270
1271 if (sec.level < BT_SECURITY_LOW || 1271 if (sec.level < BT_SECURITY_LOW ||
1272 sec.level > BT_SECURITY_HIGH) { 1272 sec.level > BT_SECURITY_HIGH) {
1273 err = -EINVAL; 1273 err = -EINVAL;
1274 break; 1274 break;
1275 } 1275 }
1276 1276
1277 l2cap_pi(sk)->sec_level = sec.level; 1277 l2cap_pi(sk)->sec_level = sec.level;
1278 break; 1278 break;
1279 1279
1280 case BT_DEFER_SETUP: 1280 case BT_DEFER_SETUP:
1281 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1281 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1282 err = -EINVAL; 1282 err = -EINVAL;
1283 break; 1283 break;
1284 } 1284 }
1285 1285
1286 if (get_user(opt, (u32 __user *) optval)) { 1286 if (get_user(opt, (u32 __user *) optval)) {
1287 err = -EFAULT; 1287 err = -EFAULT;
1288 break; 1288 break;
1289 } 1289 }
1290 1290
1291 bt_sk(sk)->defer_setup = opt; 1291 bt_sk(sk)->defer_setup = opt;
1292 break; 1292 break;
1293 1293
1294 default: 1294 default:
1295 err = -ENOPROTOOPT; 1295 err = -ENOPROTOOPT;
1296 break; 1296 break;
1297 } 1297 }
1298 1298
1299 release_sock(sk); 1299 release_sock(sk);
1300 return err; 1300 return err;
1301 } 1301 }
1302 1302
1303 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 1303 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1304 { 1304 {
1305 struct sock *sk = sock->sk; 1305 struct sock *sk = sock->sk;
1306 struct l2cap_options opts; 1306 struct l2cap_options opts;
1307 struct l2cap_conninfo cinfo; 1307 struct l2cap_conninfo cinfo;
1308 int len, err = 0; 1308 int len, err = 0;
1309 u32 opt; 1309 u32 opt;
1310 1310
1311 BT_DBG("sk %p", sk); 1311 BT_DBG("sk %p", sk);
1312 1312
1313 if (get_user(len, optlen)) 1313 if (get_user(len, optlen))
1314 return -EFAULT; 1314 return -EFAULT;
1315 1315
1316 lock_sock(sk); 1316 lock_sock(sk);
1317 1317
1318 switch (optname) { 1318 switch (optname) {
1319 case L2CAP_OPTIONS: 1319 case L2CAP_OPTIONS:
1320 opts.imtu = l2cap_pi(sk)->imtu; 1320 opts.imtu = l2cap_pi(sk)->imtu;
1321 opts.omtu = l2cap_pi(sk)->omtu; 1321 opts.omtu = l2cap_pi(sk)->omtu;
1322 opts.flush_to = l2cap_pi(sk)->flush_to; 1322 opts.flush_to = l2cap_pi(sk)->flush_to;
1323 opts.mode = L2CAP_MODE_BASIC; 1323 opts.mode = L2CAP_MODE_BASIC;
1324 1324
1325 len = min_t(unsigned int, len, sizeof(opts)); 1325 len = min_t(unsigned int, len, sizeof(opts));
1326 if (copy_to_user(optval, (char *) &opts, len)) 1326 if (copy_to_user(optval, (char *) &opts, len))
1327 err = -EFAULT; 1327 err = -EFAULT;
1328 1328
1329 break; 1329 break;
1330 1330
1331 case L2CAP_LM: 1331 case L2CAP_LM:
1332 switch (l2cap_pi(sk)->sec_level) { 1332 switch (l2cap_pi(sk)->sec_level) {
1333 case BT_SECURITY_LOW: 1333 case BT_SECURITY_LOW:
1334 opt = L2CAP_LM_AUTH; 1334 opt = L2CAP_LM_AUTH;
1335 break; 1335 break;
1336 case BT_SECURITY_MEDIUM: 1336 case BT_SECURITY_MEDIUM:
1337 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 1337 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1338 break; 1338 break;
1339 case BT_SECURITY_HIGH: 1339 case BT_SECURITY_HIGH:
1340 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 1340 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1341 L2CAP_LM_SECURE; 1341 L2CAP_LM_SECURE;
1342 break; 1342 break;
1343 default: 1343 default:
1344 opt = 0; 1344 opt = 0;
1345 break; 1345 break;
1346 } 1346 }
1347 1347
1348 if (l2cap_pi(sk)->role_switch) 1348 if (l2cap_pi(sk)->role_switch)
1349 opt |= L2CAP_LM_MASTER; 1349 opt |= L2CAP_LM_MASTER;
1350 1350
1351 if (l2cap_pi(sk)->force_reliable) 1351 if (l2cap_pi(sk)->force_reliable)
1352 opt |= L2CAP_LM_RELIABLE; 1352 opt |= L2CAP_LM_RELIABLE;
1353 1353
1354 if (put_user(opt, (u32 __user *) optval)) 1354 if (put_user(opt, (u32 __user *) optval))
1355 err = -EFAULT; 1355 err = -EFAULT;
1356 break; 1356 break;
1357 1357
1358 case L2CAP_CONNINFO: 1358 case L2CAP_CONNINFO:
1359 if (sk->sk_state != BT_CONNECTED && 1359 if (sk->sk_state != BT_CONNECTED &&
1360 !(sk->sk_state == BT_CONNECT2 && 1360 !(sk->sk_state == BT_CONNECT2 &&
1361 bt_sk(sk)->defer_setup)) { 1361 bt_sk(sk)->defer_setup)) {
1362 err = -ENOTCONN; 1362 err = -ENOTCONN;
1363 break; 1363 break;
1364 } 1364 }
1365 1365
1366 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle; 1366 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1367 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3); 1367 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1368 1368
1369 len = min_t(unsigned int, len, sizeof(cinfo)); 1369 len = min_t(unsigned int, len, sizeof(cinfo));
1370 if (copy_to_user(optval, (char *) &cinfo, len)) 1370 if (copy_to_user(optval, (char *) &cinfo, len))
1371 err = -EFAULT; 1371 err = -EFAULT;
1372 1372
1373 break; 1373 break;
1374 1374
1375 default: 1375 default:
1376 err = -ENOPROTOOPT; 1376 err = -ENOPROTOOPT;
1377 break; 1377 break;
1378 } 1378 }
1379 1379
1380 release_sock(sk); 1380 release_sock(sk);
1381 return err; 1381 return err;
1382 } 1382 }
1383 1383
1384 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 1384 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1385 { 1385 {
1386 struct sock *sk = sock->sk; 1386 struct sock *sk = sock->sk;
1387 struct bt_security sec; 1387 struct bt_security sec;
1388 int len, err = 0; 1388 int len, err = 0;
1389 1389
1390 BT_DBG("sk %p", sk); 1390 BT_DBG("sk %p", sk);
1391 1391
1392 if (level == SOL_L2CAP) 1392 if (level == SOL_L2CAP)
1393 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 1393 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1394 1394
1395 if (level != SOL_BLUETOOTH) 1395 if (level != SOL_BLUETOOTH)
1396 return -ENOPROTOOPT; 1396 return -ENOPROTOOPT;
1397 1397
1398 if (get_user(len, optlen)) 1398 if (get_user(len, optlen))
1399 return -EFAULT; 1399 return -EFAULT;
1400 1400
1401 lock_sock(sk); 1401 lock_sock(sk);
1402 1402
1403 switch (optname) { 1403 switch (optname) {
1404 case BT_SECURITY: 1404 case BT_SECURITY:
1405 if (sk->sk_type != SOCK_SEQPACKET) { 1405 if (sk->sk_type != SOCK_SEQPACKET) {
1406 err = -EINVAL; 1406 err = -EINVAL;
1407 break; 1407 break;
1408 } 1408 }
1409 1409
1410 sec.level = l2cap_pi(sk)->sec_level; 1410 sec.level = l2cap_pi(sk)->sec_level;
1411 1411
1412 len = min_t(unsigned int, len, sizeof(sec)); 1412 len = min_t(unsigned int, len, sizeof(sec));
1413 if (copy_to_user(optval, (char *) &sec, len)) 1413 if (copy_to_user(optval, (char *) &sec, len))
1414 err = -EFAULT; 1414 err = -EFAULT;
1415 1415
1416 break; 1416 break;
1417 1417
1418 case BT_DEFER_SETUP: 1418 case BT_DEFER_SETUP:
1419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1419 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1420 err = -EINVAL; 1420 err = -EINVAL;
1421 break; 1421 break;
1422 } 1422 }
1423 1423
1424 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) 1424 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1425 err = -EFAULT; 1425 err = -EFAULT;
1426 1426
1427 break; 1427 break;
1428 1428
1429 default: 1429 default:
1430 err = -ENOPROTOOPT; 1430 err = -ENOPROTOOPT;
1431 break; 1431 break;
1432 } 1432 }
1433 1433
1434 release_sock(sk); 1434 release_sock(sk);
1435 return err; 1435 return err;
1436 } 1436 }
1437 1437
1438 static int l2cap_sock_shutdown(struct socket *sock, int how) 1438 static int l2cap_sock_shutdown(struct socket *sock, int how)
1439 { 1439 {
1440 struct sock *sk = sock->sk; 1440 struct sock *sk = sock->sk;
1441 int err = 0; 1441 int err = 0;
1442 1442
1443 BT_DBG("sock %p, sk %p", sock, sk); 1443 BT_DBG("sock %p, sk %p", sock, sk);
1444 1444
1445 if (!sk) 1445 if (!sk)
1446 return 0; 1446 return 0;
1447 1447
1448 lock_sock(sk); 1448 lock_sock(sk);
1449 if (!sk->sk_shutdown) { 1449 if (!sk->sk_shutdown) {
1450 sk->sk_shutdown = SHUTDOWN_MASK; 1450 sk->sk_shutdown = SHUTDOWN_MASK;
1451 l2cap_sock_clear_timer(sk); 1451 l2cap_sock_clear_timer(sk);
1452 __l2cap_sock_close(sk, 0); 1452 __l2cap_sock_close(sk, 0);
1453 1453
1454 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1454 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1455 err = bt_sock_wait_state(sk, BT_CLOSED, 1455 err = bt_sock_wait_state(sk, BT_CLOSED,
1456 sk->sk_lingertime); 1456 sk->sk_lingertime);
1457 } 1457 }
1458 release_sock(sk); 1458 release_sock(sk);
1459 return err; 1459 return err;
1460 } 1460 }
1461 1461
1462 static int l2cap_sock_release(struct socket *sock) 1462 static int l2cap_sock_release(struct socket *sock)
1463 { 1463 {
1464 struct sock *sk = sock->sk; 1464 struct sock *sk = sock->sk;
1465 int err; 1465 int err;
1466 1466
1467 BT_DBG("sock %p, sk %p", sock, sk); 1467 BT_DBG("sock %p, sk %p", sock, sk);
1468 1468
1469 if (!sk) 1469 if (!sk)
1470 return 0; 1470 return 0;
1471 1471
1472 err = l2cap_sock_shutdown(sock, 2); 1472 err = l2cap_sock_shutdown(sock, 2);
1473 1473
1474 sock_orphan(sk); 1474 sock_orphan(sk);
1475 l2cap_sock_kill(sk); 1475 l2cap_sock_kill(sk);
1476 return err; 1476 return err;
1477 } 1477 }
1478 1478
1479 static void l2cap_chan_ready(struct sock *sk) 1479 static void l2cap_chan_ready(struct sock *sk)
1480 { 1480 {
1481 struct sock *parent = bt_sk(sk)->parent; 1481 struct sock *parent = bt_sk(sk)->parent;
1482 1482
1483 BT_DBG("sk %p, parent %p", sk, parent); 1483 BT_DBG("sk %p, parent %p", sk, parent);
1484 1484
1485 l2cap_pi(sk)->conf_state = 0; 1485 l2cap_pi(sk)->conf_state = 0;
1486 l2cap_sock_clear_timer(sk); 1486 l2cap_sock_clear_timer(sk);
1487 1487
1488 if (!parent) { 1488 if (!parent) {
1489 /* Outgoing channel. 1489 /* Outgoing channel.
1490 * Wake up socket sleeping on connect. 1490 * Wake up socket sleeping on connect.
1491 */ 1491 */
1492 sk->sk_state = BT_CONNECTED; 1492 sk->sk_state = BT_CONNECTED;
1493 sk->sk_state_change(sk); 1493 sk->sk_state_change(sk);
1494 } else { 1494 } else {
1495 /* Incoming channel. 1495 /* Incoming channel.
1496 * Wake up socket sleeping on accept. 1496 * Wake up socket sleeping on accept.
1497 */ 1497 */
1498 parent->sk_data_ready(parent, 0); 1498 parent->sk_data_ready(parent, 0);
1499 } 1499 }
1500 } 1500 }
1501 1501
1502 /* Copy frame to all raw sockets on that connection */ 1502 /* Copy frame to all raw sockets on that connection */
1503 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) 1503 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1504 { 1504 {
1505 struct l2cap_chan_list *l = &conn->chan_list; 1505 struct l2cap_chan_list *l = &conn->chan_list;
1506 struct sk_buff *nskb; 1506 struct sk_buff *nskb;
1507 struct sock * sk; 1507 struct sock * sk;
1508 1508
1509 BT_DBG("conn %p", conn); 1509 BT_DBG("conn %p", conn);
1510 1510
1511 read_lock(&l->lock); 1511 read_lock(&l->lock);
1512 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 1512 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1513 if (sk->sk_type != SOCK_RAW) 1513 if (sk->sk_type != SOCK_RAW)
1514 continue; 1514 continue;
1515 1515
1516 /* Don't send frame to the socket it came from */ 1516 /* Don't send frame to the socket it came from */
1517 if (skb->sk == sk) 1517 if (skb->sk == sk)
1518 continue; 1518 continue;
1519 1519
1520 if (!(nskb = skb_clone(skb, GFP_ATOMIC))) 1520 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1521 continue; 1521 continue;
1522 1522
1523 if (sock_queue_rcv_skb(sk, nskb)) 1523 if (sock_queue_rcv_skb(sk, nskb))
1524 kfree_skb(nskb); 1524 kfree_skb(nskb);
1525 } 1525 }
1526 read_unlock(&l->lock); 1526 read_unlock(&l->lock);
1527 } 1527 }
1528 1528
1529 /* ---- L2CAP signalling commands ---- */ 1529 /* ---- L2CAP signalling commands ---- */
1530 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 1530 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1531 u8 code, u8 ident, u16 dlen, void *data) 1531 u8 code, u8 ident, u16 dlen, void *data)
1532 { 1532 {
1533 struct sk_buff *skb, **frag; 1533 struct sk_buff *skb, **frag;
1534 struct l2cap_cmd_hdr *cmd; 1534 struct l2cap_cmd_hdr *cmd;
1535 struct l2cap_hdr *lh; 1535 struct l2cap_hdr *lh;
1536 int len, count; 1536 int len, count;
1537 1537
1538 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen); 1538 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1539 1539
1540 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 1540 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1541 count = min_t(unsigned int, conn->mtu, len); 1541 count = min_t(unsigned int, conn->mtu, len);
1542 1542
1543 skb = bt_skb_alloc(count, GFP_ATOMIC); 1543 skb = bt_skb_alloc(count, GFP_ATOMIC);
1544 if (!skb) 1544 if (!skb)
1545 return NULL; 1545 return NULL;
1546 1546
1547 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1547 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1548 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen); 1548 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1549 lh->cid = cpu_to_le16(0x0001); 1549 lh->cid = cpu_to_le16(0x0001);
1550 1550
1551 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE); 1551 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1552 cmd->code = code; 1552 cmd->code = code;
1553 cmd->ident = ident; 1553 cmd->ident = ident;
1554 cmd->len = cpu_to_le16(dlen); 1554 cmd->len = cpu_to_le16(dlen);
1555 1555
1556 if (dlen) { 1556 if (dlen) {
1557 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE; 1557 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1558 memcpy(skb_put(skb, count), data, count); 1558 memcpy(skb_put(skb, count), data, count);
1559 data += count; 1559 data += count;
1560 } 1560 }
1561 1561
1562 len -= skb->len; 1562 len -= skb->len;
1563 1563
1564 /* Continuation fragments (no L2CAP header) */ 1564 /* Continuation fragments (no L2CAP header) */
1565 frag = &skb_shinfo(skb)->frag_list; 1565 frag = &skb_shinfo(skb)->frag_list;
1566 while (len) { 1566 while (len) {
1567 count = min_t(unsigned int, conn->mtu, len); 1567 count = min_t(unsigned int, conn->mtu, len);
1568 1568
1569 *frag = bt_skb_alloc(count, GFP_ATOMIC); 1569 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1570 if (!*frag) 1570 if (!*frag)
1571 goto fail; 1571 goto fail;
1572 1572
1573 memcpy(skb_put(*frag, count), data, count); 1573 memcpy(skb_put(*frag, count), data, count);
1574 1574
1575 len -= count; 1575 len -= count;
1576 data += count; 1576 data += count;
1577 1577
1578 frag = &(*frag)->next; 1578 frag = &(*frag)->next;
1579 } 1579 }
1580 1580
1581 return skb; 1581 return skb;
1582 1582
1583 fail: 1583 fail:
1584 kfree_skb(skb); 1584 kfree_skb(skb);
1585 return NULL; 1585 return NULL;
1586 } 1586 }
1587 1587
1588 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val) 1588 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1589 { 1589 {
1590 struct l2cap_conf_opt *opt = *ptr; 1590 struct l2cap_conf_opt *opt = *ptr;
1591 int len; 1591 int len;
1592 1592
1593 len = L2CAP_CONF_OPT_SIZE + opt->len; 1593 len = L2CAP_CONF_OPT_SIZE + opt->len;
1594 *ptr += len; 1594 *ptr += len;
1595 1595
1596 *type = opt->type; 1596 *type = opt->type;
1597 *olen = opt->len; 1597 *olen = opt->len;
1598 1598
1599 switch (opt->len) { 1599 switch (opt->len) {
1600 case 1: 1600 case 1:
1601 *val = *((u8 *) opt->val); 1601 *val = *((u8 *) opt->val);
1602 break; 1602 break;
1603 1603
1604 case 2: 1604 case 2:
1605 *val = __le16_to_cpu(*((__le16 *) opt->val)); 1605 *val = __le16_to_cpu(*((__le16 *) opt->val));
1606 break; 1606 break;
1607 1607
1608 case 4: 1608 case 4:
1609 *val = __le32_to_cpu(*((__le32 *) opt->val)); 1609 *val = __le32_to_cpu(*((__le32 *) opt->val));
1610 break; 1610 break;
1611 1611
1612 default: 1612 default:
1613 *val = (unsigned long) opt->val; 1613 *val = (unsigned long) opt->val;
1614 break; 1614 break;
1615 } 1615 }
1616 1616
1617 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val); 1617 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1618 return len; 1618 return len;
1619 } 1619 }
1620 1620
1621 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) 1621 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1622 { 1622 {
1623 struct l2cap_conf_opt *opt = *ptr; 1623 struct l2cap_conf_opt *opt = *ptr;
1624 1624
1625 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val); 1625 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1626 1626
1627 opt->type = type; 1627 opt->type = type;
1628 opt->len = len; 1628 opt->len = len;
1629 1629
1630 switch (len) { 1630 switch (len) {
1631 case 1: 1631 case 1:
1632 *((u8 *) opt->val) = val; 1632 *((u8 *) opt->val) = val;
1633 break; 1633 break;
1634 1634
1635 case 2: 1635 case 2:
1636 *((__le16 *) opt->val) = cpu_to_le16(val); 1636 *((__le16 *) opt->val) = cpu_to_le16(val);
1637 break; 1637 break;
1638 1638
1639 case 4: 1639 case 4:
1640 *((__le32 *) opt->val) = cpu_to_le32(val); 1640 *((__le32 *) opt->val) = cpu_to_le32(val);
1641 break; 1641 break;
1642 1642
1643 default: 1643 default:
1644 memcpy(opt->val, (void *) val, len); 1644 memcpy(opt->val, (void *) val, len);
1645 break; 1645 break;
1646 } 1646 }
1647 1647
1648 *ptr += L2CAP_CONF_OPT_SIZE + len; 1648 *ptr += L2CAP_CONF_OPT_SIZE + len;
1649 } 1649 }
1650 1650
1651 static int l2cap_build_conf_req(struct sock *sk, void *data) 1651 static int l2cap_build_conf_req(struct sock *sk, void *data)
1652 { 1652 {
1653 struct l2cap_pinfo *pi = l2cap_pi(sk); 1653 struct l2cap_pinfo *pi = l2cap_pi(sk);
1654 struct l2cap_conf_req *req = data; 1654 struct l2cap_conf_req *req = data;
1655 void *ptr = req->data; 1655 void *ptr = req->data;
1656 1656
1657 BT_DBG("sk %p", sk); 1657 BT_DBG("sk %p", sk);
1658 1658
1659 if (pi->imtu != L2CAP_DEFAULT_MTU) 1659 if (pi->imtu != L2CAP_DEFAULT_MTU)
1660 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 1660 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1661 1661
1662 /* FIXME: Need actual value of the flush timeout */ 1662 /* FIXME: Need actual value of the flush timeout */
1663 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO) 1663 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1664 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to); 1664 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1665 1665
1666 req->dcid = cpu_to_le16(pi->dcid); 1666 req->dcid = cpu_to_le16(pi->dcid);
1667 req->flags = cpu_to_le16(0); 1667 req->flags = cpu_to_le16(0);
1668 1668
1669 return ptr - data; 1669 return ptr - data;
1670 } 1670 }
1671 1671
1672 static int l2cap_parse_conf_req(struct sock *sk, void *data) 1672 static int l2cap_parse_conf_req(struct sock *sk, void *data)
1673 { 1673 {
1674 struct l2cap_pinfo *pi = l2cap_pi(sk); 1674 struct l2cap_pinfo *pi = l2cap_pi(sk);
1675 struct l2cap_conf_rsp *rsp = data; 1675 struct l2cap_conf_rsp *rsp = data;
1676 void *ptr = rsp->data; 1676 void *ptr = rsp->data;
1677 void *req = pi->conf_req; 1677 void *req = pi->conf_req;
1678 int len = pi->conf_len; 1678 int len = pi->conf_len;
1679 int type, hint, olen; 1679 int type, hint, olen;
1680 unsigned long val; 1680 unsigned long val;
1681 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; 1681 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
1682 u16 mtu = L2CAP_DEFAULT_MTU; 1682 u16 mtu = L2CAP_DEFAULT_MTU;
1683 u16 result = L2CAP_CONF_SUCCESS; 1683 u16 result = L2CAP_CONF_SUCCESS;
1684 1684
1685 BT_DBG("sk %p", sk); 1685 BT_DBG("sk %p", sk);
1686 1686
1687 while (len >= L2CAP_CONF_OPT_SIZE) { 1687 while (len >= L2CAP_CONF_OPT_SIZE) {
1688 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); 1688 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1689 1689
1690 hint = type & 0x80; 1690 hint = type & 0x80;
1691 type &= 0x7f; 1691 type &= 0x7f;
1692 1692
1693 switch (type) { 1693 switch (type) {
1694 case L2CAP_CONF_MTU: 1694 case L2CAP_CONF_MTU:
1695 mtu = val; 1695 mtu = val;
1696 break; 1696 break;
1697 1697
1698 case L2CAP_CONF_FLUSH_TO: 1698 case L2CAP_CONF_FLUSH_TO:
1699 pi->flush_to = val; 1699 pi->flush_to = val;
1700 break; 1700 break;
1701 1701
1702 case L2CAP_CONF_QOS: 1702 case L2CAP_CONF_QOS:
1703 break; 1703 break;
1704 1704
1705 case L2CAP_CONF_RFC: 1705 case L2CAP_CONF_RFC:
1706 if (olen == sizeof(rfc)) 1706 if (olen == sizeof(rfc))
1707 memcpy(&rfc, (void *) val, olen); 1707 memcpy(&rfc, (void *) val, olen);
1708 break; 1708 break;
1709 1709
1710 default: 1710 default:
1711 if (hint) 1711 if (hint)
1712 break; 1712 break;
1713 1713
1714 result = L2CAP_CONF_UNKNOWN; 1714 result = L2CAP_CONF_UNKNOWN;
1715 *((u8 *) ptr++) = type; 1715 *((u8 *) ptr++) = type;
1716 break; 1716 break;
1717 } 1717 }
1718 } 1718 }
1719 1719
1720 if (result == L2CAP_CONF_SUCCESS) { 1720 if (result == L2CAP_CONF_SUCCESS) {
1721 /* Configure output options and let the other side know 1721 /* Configure output options and let the other side know
1722 * which ones we don't like. */ 1722 * which ones we don't like. */
1723 1723
1724 if (rfc.mode == L2CAP_MODE_BASIC) { 1724 if (rfc.mode == L2CAP_MODE_BASIC) {
1725 if (mtu < pi->omtu) 1725 if (mtu < pi->omtu)
1726 result = L2CAP_CONF_UNACCEPT; 1726 result = L2CAP_CONF_UNACCEPT;
1727 else { 1727 else {
1728 pi->omtu = mtu; 1728 pi->omtu = mtu;
1729 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; 1729 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1730 } 1730 }
1731 1731
1732 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); 1732 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1733 } else { 1733 } else {
1734 result = L2CAP_CONF_UNACCEPT; 1734 result = L2CAP_CONF_UNACCEPT;
1735 1735
1736 memset(&rfc, 0, sizeof(rfc)); 1736 memset(&rfc, 0, sizeof(rfc));
1737 rfc.mode = L2CAP_MODE_BASIC; 1737 rfc.mode = L2CAP_MODE_BASIC;
1738 1738
1739 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 1739 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1740 sizeof(rfc), (unsigned long) &rfc); 1740 sizeof(rfc), (unsigned long) &rfc);
1741 } 1741 }
1742 } 1742 }
1743 1743
1744 rsp->scid = cpu_to_le16(pi->dcid); 1744 rsp->scid = cpu_to_le16(pi->dcid);
1745 rsp->result = cpu_to_le16(result); 1745 rsp->result = cpu_to_le16(result);
1746 rsp->flags = cpu_to_le16(0x0000); 1746 rsp->flags = cpu_to_le16(0x0000);
1747 1747
1748 return ptr - data; 1748 return ptr - data;
1749 } 1749 }
1750 1750
1751 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) 1751 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1752 { 1752 {
1753 struct l2cap_conf_rsp *rsp = data; 1753 struct l2cap_conf_rsp *rsp = data;
1754 void *ptr = rsp->data; 1754 void *ptr = rsp->data;
1755 1755
1756 BT_DBG("sk %p", sk); 1756 BT_DBG("sk %p", sk);
1757 1757
1758 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid); 1758 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1759 rsp->result = cpu_to_le16(result); 1759 rsp->result = cpu_to_le16(result);
1760 rsp->flags = cpu_to_le16(flags); 1760 rsp->flags = cpu_to_le16(flags);
1761 1761
1762 return ptr - data; 1762 return ptr - data;
1763 } 1763 }
1764 1764
1765 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 1765 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1766 { 1766 {
1767 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data; 1767 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
1768 1768
1769 if (rej->reason != 0x0000) 1769 if (rej->reason != 0x0000)
1770 return 0; 1770 return 0;
1771 1771
1772 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && 1772 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
1773 cmd->ident == conn->info_ident) { 1773 cmd->ident == conn->info_ident) {
1774 conn->info_ident = 0; 1774 conn->info_ident = 0;
1775 del_timer(&conn->info_timer); 1775 del_timer(&conn->info_timer);
1776 l2cap_conn_start(conn); 1776 l2cap_conn_start(conn);
1777 } 1777 }
1778 1778
1779 return 0; 1779 return 0;
1780 } 1780 }
1781 1781
1782 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 1782 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1783 { 1783 {
1784 struct l2cap_chan_list *list = &conn->chan_list; 1784 struct l2cap_chan_list *list = &conn->chan_list;
1785 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 1785 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1786 struct l2cap_conn_rsp rsp; 1786 struct l2cap_conn_rsp rsp;
1787 struct sock *sk, *parent; 1787 struct sock *sk, *parent;
1788 int result, status = L2CAP_CS_NO_INFO; 1788 int result, status = L2CAP_CS_NO_INFO;
1789 1789
1790 u16 dcid = 0, scid = __le16_to_cpu(req->scid); 1790 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1791 __le16 psm = req->psm; 1791 __le16 psm = req->psm;
1792 1792
1793 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid); 1793 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1794 1794
1795 /* Check if we have socket listening on psm */ 1795 /* Check if we have socket listening on psm */
1796 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src); 1796 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1797 if (!parent) { 1797 if (!parent) {
1798 result = L2CAP_CR_BAD_PSM; 1798 result = L2CAP_CR_BAD_PSM;
1799 goto sendresp; 1799 goto sendresp;
1800 } 1800 }
1801 1801
1802 /* Check if the ACL is secure enough (if not SDP) */ 1802 /* Check if the ACL is secure enough (if not SDP) */
1803 if (psm != cpu_to_le16(0x0001) && 1803 if (psm != cpu_to_le16(0x0001) &&
1804 !hci_conn_check_link_mode(conn->hcon)) { 1804 !hci_conn_check_link_mode(conn->hcon)) {
1805 result = L2CAP_CR_SEC_BLOCK; 1805 result = L2CAP_CR_SEC_BLOCK;
1806 goto response; 1806 goto response;
1807 } 1807 }
1808 1808
1809 result = L2CAP_CR_NO_MEM; 1809 result = L2CAP_CR_NO_MEM;
1810 1810
1811 /* Check for backlog size */ 1811 /* Check for backlog size */
1812 if (sk_acceptq_is_full(parent)) { 1812 if (sk_acceptq_is_full(parent)) {
1813 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1813 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1814 goto response; 1814 goto response;
1815 } 1815 }
1816 1816
1817 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC); 1817 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1818 if (!sk) 1818 if (!sk)
1819 goto response; 1819 goto response;
1820 1820
1821 write_lock_bh(&list->lock); 1821 write_lock_bh(&list->lock);
1822 1822
1823 /* Check if we already have channel with that dcid */ 1823 /* Check if we already have channel with that dcid */
1824 if (__l2cap_get_chan_by_dcid(list, scid)) { 1824 if (__l2cap_get_chan_by_dcid(list, scid)) {
1825 write_unlock_bh(&list->lock); 1825 write_unlock_bh(&list->lock);
1826 sock_set_flag(sk, SOCK_ZAPPED); 1826 sock_set_flag(sk, SOCK_ZAPPED);
1827 l2cap_sock_kill(sk); 1827 l2cap_sock_kill(sk);
1828 goto response; 1828 goto response;
1829 } 1829 }
1830 1830
1831 hci_conn_hold(conn->hcon); 1831 hci_conn_hold(conn->hcon);
1832 1832
1833 l2cap_sock_init(sk, parent); 1833 l2cap_sock_init(sk, parent);
1834 bacpy(&bt_sk(sk)->src, conn->src); 1834 bacpy(&bt_sk(sk)->src, conn->src);
1835 bacpy(&bt_sk(sk)->dst, conn->dst); 1835 bacpy(&bt_sk(sk)->dst, conn->dst);
1836 l2cap_pi(sk)->psm = psm; 1836 l2cap_pi(sk)->psm = psm;
1837 l2cap_pi(sk)->dcid = scid; 1837 l2cap_pi(sk)->dcid = scid;
1838 1838
1839 __l2cap_chan_add(conn, sk, parent); 1839 __l2cap_chan_add(conn, sk, parent);
1840 dcid = l2cap_pi(sk)->scid; 1840 dcid = l2cap_pi(sk)->scid;
1841 1841
1842 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 1842 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1843 1843
1844 l2cap_pi(sk)->ident = cmd->ident; 1844 l2cap_pi(sk)->ident = cmd->ident;
1845 1845
1846 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { 1846 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1847 if (l2cap_check_security(sk)) { 1847 if (l2cap_check_security(sk)) {
1848 if (bt_sk(sk)->defer_setup) { 1848 if (bt_sk(sk)->defer_setup) {
1849 sk->sk_state = BT_CONNECT2; 1849 sk->sk_state = BT_CONNECT2;
1850 result = L2CAP_CR_PEND; 1850 result = L2CAP_CR_PEND;
1851 status = L2CAP_CS_AUTHOR_PEND; 1851 status = L2CAP_CS_AUTHOR_PEND;
1852 parent->sk_data_ready(parent, 0); 1852 parent->sk_data_ready(parent, 0);
1853 } else { 1853 } else {
1854 sk->sk_state = BT_CONFIG; 1854 sk->sk_state = BT_CONFIG;
1855 result = L2CAP_CR_SUCCESS; 1855 result = L2CAP_CR_SUCCESS;
1856 status = L2CAP_CS_NO_INFO; 1856 status = L2CAP_CS_NO_INFO;
1857 } 1857 }
1858 } else { 1858 } else {
1859 sk->sk_state = BT_CONNECT2; 1859 sk->sk_state = BT_CONNECT2;
1860 result = L2CAP_CR_PEND; 1860 result = L2CAP_CR_PEND;
1861 status = L2CAP_CS_AUTHEN_PEND; 1861 status = L2CAP_CS_AUTHEN_PEND;
1862 } 1862 }
1863 } else { 1863 } else {
1864 sk->sk_state = BT_CONNECT2; 1864 sk->sk_state = BT_CONNECT2;
1865 result = L2CAP_CR_PEND; 1865 result = L2CAP_CR_PEND;
1866 status = L2CAP_CS_NO_INFO; 1866 status = L2CAP_CS_NO_INFO;
1867 } 1867 }
1868 1868
1869 write_unlock_bh(&list->lock); 1869 write_unlock_bh(&list->lock);
1870 1870
1871 response: 1871 response:
1872 bh_unlock_sock(parent); 1872 bh_unlock_sock(parent);
1873 1873
1874 sendresp: 1874 sendresp:
1875 rsp.scid = cpu_to_le16(scid); 1875 rsp.scid = cpu_to_le16(scid);
1876 rsp.dcid = cpu_to_le16(dcid); 1876 rsp.dcid = cpu_to_le16(dcid);
1877 rsp.result = cpu_to_le16(result); 1877 rsp.result = cpu_to_le16(result);
1878 rsp.status = cpu_to_le16(status); 1878 rsp.status = cpu_to_le16(status);
1879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1880 1880
1881 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { 1881 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1882 struct l2cap_info_req info; 1882 struct l2cap_info_req info;
1883 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 1883 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1884 1884
1885 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 1885 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1886 conn->info_ident = l2cap_get_ident(conn); 1886 conn->info_ident = l2cap_get_ident(conn);
1887 1887
1888 mod_timer(&conn->info_timer, jiffies + 1888 mod_timer(&conn->info_timer, jiffies +
1889 msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 1889 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1890 1890
1891 l2cap_send_cmd(conn, conn->info_ident, 1891 l2cap_send_cmd(conn, conn->info_ident,
1892 L2CAP_INFO_REQ, sizeof(info), &info); 1892 L2CAP_INFO_REQ, sizeof(info), &info);
1893 } 1893 }
1894 1894
1895 return 0; 1895 return 0;
1896 } 1896 }
1897 1897
1898 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 1898 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1899 { 1899 {
1900 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 1900 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1901 u16 scid, dcid, result, status; 1901 u16 scid, dcid, result, status;
1902 struct sock *sk; 1902 struct sock *sk;
1903 u8 req[128]; 1903 u8 req[128];
1904 1904
1905 scid = __le16_to_cpu(rsp->scid); 1905 scid = __le16_to_cpu(rsp->scid);
1906 dcid = __le16_to_cpu(rsp->dcid); 1906 dcid = __le16_to_cpu(rsp->dcid);
1907 result = __le16_to_cpu(rsp->result); 1907 result = __le16_to_cpu(rsp->result);
1908 status = __le16_to_cpu(rsp->status); 1908 status = __le16_to_cpu(rsp->status);
1909 1909
1910 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status); 1910 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1911 1911
1912 if (scid) { 1912 if (scid) {
1913 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid))) 1913 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1914 return 0; 1914 return 0;
1915 } else { 1915 } else {
1916 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident))) 1916 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1917 return 0; 1917 return 0;
1918 } 1918 }
1919 1919
1920 switch (result) { 1920 switch (result) {
1921 case L2CAP_CR_SUCCESS: 1921 case L2CAP_CR_SUCCESS:
1922 sk->sk_state = BT_CONFIG; 1922 sk->sk_state = BT_CONFIG;
1923 l2cap_pi(sk)->ident = 0; 1923 l2cap_pi(sk)->ident = 0;
1924 l2cap_pi(sk)->dcid = dcid; 1924 l2cap_pi(sk)->dcid = dcid;
1925 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; 1925 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1926 1926
1927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1928 l2cap_build_conf_req(sk, req), req); 1928 l2cap_build_conf_req(sk, req), req);
1929 break; 1929 break;
1930 1930
1931 case L2CAP_CR_PEND: 1931 case L2CAP_CR_PEND:
1932 break; 1932 break;
1933 1933
1934 default: 1934 default:
1935 l2cap_chan_del(sk, ECONNREFUSED); 1935 l2cap_chan_del(sk, ECONNREFUSED);
1936 break; 1936 break;
1937 } 1937 }
1938 1938
1939 bh_unlock_sock(sk); 1939 bh_unlock_sock(sk);
1940 return 0; 1940 return 0;
1941 } 1941 }
1942 1942
1943 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 1943 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1944 { 1944 {
1945 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 1945 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1946 u16 dcid, flags; 1946 u16 dcid, flags;
1947 u8 rsp[64]; 1947 u8 rsp[64];
1948 struct sock *sk; 1948 struct sock *sk;
1949 int len; 1949 int len;
1950 1950
1951 dcid = __le16_to_cpu(req->dcid); 1951 dcid = __le16_to_cpu(req->dcid);
1952 flags = __le16_to_cpu(req->flags); 1952 flags = __le16_to_cpu(req->flags);
1953 1953
1954 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags); 1954 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1955 1955
1956 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid))) 1956 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1957 return -ENOENT; 1957 return -ENOENT;
1958 1958
1959 if (sk->sk_state == BT_DISCONN) 1959 if (sk->sk_state == BT_DISCONN)
1960 goto unlock; 1960 goto unlock;
1961 1961
1962 /* Reject if config buffer is too small. */ 1962 /* Reject if config buffer is too small. */
1963 len = cmd_len - sizeof(*req); 1963 len = cmd_len - sizeof(*req);
1964 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { 1964 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
1965 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 1965 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1966 l2cap_build_conf_rsp(sk, rsp, 1966 l2cap_build_conf_rsp(sk, rsp,
1967 L2CAP_CONF_REJECT, flags), rsp); 1967 L2CAP_CONF_REJECT, flags), rsp);
1968 goto unlock; 1968 goto unlock;
1969 } 1969 }
1970 1970
1971 /* Store config. */ 1971 /* Store config. */
1972 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); 1972 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
1973 l2cap_pi(sk)->conf_len += len; 1973 l2cap_pi(sk)->conf_len += len;
1974 1974
1975 if (flags & 0x0001) { 1975 if (flags & 0x0001) {
1976 /* Incomplete config. Send empty response. */ 1976 /* Incomplete config. Send empty response. */
1977 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 1977 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1978 l2cap_build_conf_rsp(sk, rsp, 1978 l2cap_build_conf_rsp(sk, rsp,
1979 L2CAP_CONF_SUCCESS, 0x0001), rsp); 1979 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1980 goto unlock; 1980 goto unlock;
1981 } 1981 }
1982 1982
1983 /* Complete config. */ 1983 /* Complete config. */
1984 len = l2cap_parse_conf_req(sk, rsp); 1984 len = l2cap_parse_conf_req(sk, rsp);
1985 if (len < 0) 1985 if (len < 0)
1986 goto unlock; 1986 goto unlock;
1987 1987
1988 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 1988 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
1989 1989
1990 /* Reset config buffer. */ 1990 /* Reset config buffer. */
1991 l2cap_pi(sk)->conf_len = 0; 1991 l2cap_pi(sk)->conf_len = 0;
1992 1992
1993 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) 1993 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
1994 goto unlock; 1994 goto unlock;
1995 1995
1996 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 1996 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1997 sk->sk_state = BT_CONNECTED; 1997 sk->sk_state = BT_CONNECTED;
1998 l2cap_chan_ready(sk); 1998 l2cap_chan_ready(sk);
1999 goto unlock; 1999 goto unlock;
2000 } 2000 }
2001 2001
2002 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { 2002 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2003 u8 buf[64]; 2003 u8 buf[64];
2004 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2004 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2005 l2cap_build_conf_req(sk, buf), buf); 2005 l2cap_build_conf_req(sk, buf), buf);
2006 } 2006 }
2007 2007
2008 unlock: 2008 unlock:
2009 bh_unlock_sock(sk); 2009 bh_unlock_sock(sk);
2010 return 0; 2010 return 0;
2011 } 2011 }
2012 2012
2013 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2013 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2014 { 2014 {
2015 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 2015 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2016 u16 scid, flags, result; 2016 u16 scid, flags, result;
2017 struct sock *sk; 2017 struct sock *sk;
2018 2018
2019 scid = __le16_to_cpu(rsp->scid); 2019 scid = __le16_to_cpu(rsp->scid);
2020 flags = __le16_to_cpu(rsp->flags); 2020 flags = __le16_to_cpu(rsp->flags);
2021 result = __le16_to_cpu(rsp->result); 2021 result = __le16_to_cpu(rsp->result);
2022 2022
2023 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result); 2023 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
2024 2024
2025 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid))) 2025 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2026 return 0; 2026 return 0;
2027 2027
2028 switch (result) { 2028 switch (result) {
2029 case L2CAP_CONF_SUCCESS: 2029 case L2CAP_CONF_SUCCESS:
2030 break; 2030 break;
2031 2031
2032 case L2CAP_CONF_UNACCEPT: 2032 case L2CAP_CONF_UNACCEPT:
2033 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) { 2033 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
2034 char req[128]; 2034 char req[128];
2035 /* It does not make sense to adjust L2CAP parameters 2035 /* It does not make sense to adjust L2CAP parameters
2036 * that are currently defined in the spec. We simply 2036 * that are currently defined in the spec. We simply
2037 * resend config request that we sent earlier. It is 2037 * resend config request that we sent earlier. It is
2038 * stupid, but it helps qualification testing which 2038 * stupid, but it helps qualification testing which
2039 * expects at least some response from us. */ 2039 * expects at least some response from us. */
2040 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2040 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2041 l2cap_build_conf_req(sk, req), req); 2041 l2cap_build_conf_req(sk, req), req);
2042 goto done; 2042 goto done;
2043 } 2043 }
2044 2044
2045 default: 2045 default:
2046 sk->sk_state = BT_DISCONN; 2046 sk->sk_state = BT_DISCONN;
2047 sk->sk_err = ECONNRESET; 2047 sk->sk_err = ECONNRESET;
2048 l2cap_sock_set_timer(sk, HZ * 5); 2048 l2cap_sock_set_timer(sk, HZ * 5);
2049 { 2049 {
2050 struct l2cap_disconn_req req; 2050 struct l2cap_disconn_req req;
2051 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); 2051 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2052 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 2052 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2053 l2cap_send_cmd(conn, l2cap_get_ident(conn), 2053 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2054 L2CAP_DISCONN_REQ, sizeof(req), &req); 2054 L2CAP_DISCONN_REQ, sizeof(req), &req);
2055 } 2055 }
2056 goto done; 2056 goto done;
2057 } 2057 }
2058 2058
2059 if (flags & 0x01) 2059 if (flags & 0x01)
2060 goto done; 2060 goto done;
2061 2061
2062 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2062 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2063 2063
2064 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2064 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2065 sk->sk_state = BT_CONNECTED; 2065 sk->sk_state = BT_CONNECTED;
2066 l2cap_chan_ready(sk); 2066 l2cap_chan_ready(sk);
2067 } 2067 }
2068 2068
2069 done: 2069 done:
2070 bh_unlock_sock(sk); 2070 bh_unlock_sock(sk);
2071 return 0; 2071 return 0;
2072 } 2072 }
2073 2073
2074 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2074 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2075 { 2075 {
2076 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 2076 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2077 struct l2cap_disconn_rsp rsp; 2077 struct l2cap_disconn_rsp rsp;
2078 u16 dcid, scid; 2078 u16 dcid, scid;
2079 struct sock *sk; 2079 struct sock *sk;
2080 2080
2081 scid = __le16_to_cpu(req->scid); 2081 scid = __le16_to_cpu(req->scid);
2082 dcid = __le16_to_cpu(req->dcid); 2082 dcid = __le16_to_cpu(req->dcid);
2083 2083
2084 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid); 2084 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2085 2085
2086 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid))) 2086 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
2087 return 0; 2087 return 0;
2088 2088
2089 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2089 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2090 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2090 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2091 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 2091 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2092 2092
2093 sk->sk_shutdown = SHUTDOWN_MASK; 2093 sk->sk_shutdown = SHUTDOWN_MASK;
2094 2094
2095 l2cap_chan_del(sk, ECONNRESET); 2095 l2cap_chan_del(sk, ECONNRESET);
2096 bh_unlock_sock(sk); 2096 bh_unlock_sock(sk);
2097 2097
2098 l2cap_sock_kill(sk); 2098 l2cap_sock_kill(sk);
2099 return 0; 2099 return 0;
2100 } 2100 }
2101 2101
2102 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2102 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2103 { 2103 {
2104 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 2104 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2105 u16 dcid, scid; 2105 u16 dcid, scid;
2106 struct sock *sk; 2106 struct sock *sk;
2107 2107
2108 scid = __le16_to_cpu(rsp->scid); 2108 scid = __le16_to_cpu(rsp->scid);
2109 dcid = __le16_to_cpu(rsp->dcid); 2109 dcid = __le16_to_cpu(rsp->dcid);
2110 2110
2111 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid); 2111 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2112 2112
2113 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid))) 2113 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
2114 return 0; 2114 return 0;
2115 2115
2116 l2cap_chan_del(sk, 0); 2116 l2cap_chan_del(sk, 0);
2117 bh_unlock_sock(sk); 2117 bh_unlock_sock(sk);
2118 2118
2119 l2cap_sock_kill(sk); 2119 l2cap_sock_kill(sk);
2120 return 0; 2120 return 0;
2121 } 2121 }
2122 2122
2123 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2123 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2124 { 2124 {
2125 struct l2cap_info_req *req = (struct l2cap_info_req *) data; 2125 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2126 u16 type; 2126 u16 type;
2127 2127
2128 type = __le16_to_cpu(req->type); 2128 type = __le16_to_cpu(req->type);
2129 2129
2130 BT_DBG("type 0x%4.4x", type); 2130 BT_DBG("type 0x%4.4x", type);
2131 2131
2132 if (type == L2CAP_IT_FEAT_MASK) { 2132 if (type == L2CAP_IT_FEAT_MASK) {
2133 u8 buf[8]; 2133 u8 buf[8];
2134 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 2134 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2135 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 2135 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2136 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); 2136 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2137 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data); 2137 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data);
2138 l2cap_send_cmd(conn, cmd->ident, 2138 l2cap_send_cmd(conn, cmd->ident,
2139 L2CAP_INFO_RSP, sizeof(buf), buf); 2139 L2CAP_INFO_RSP, sizeof(buf), buf);
2140 } else { 2140 } else {
2141 struct l2cap_info_rsp rsp; 2141 struct l2cap_info_rsp rsp;
2142 rsp.type = cpu_to_le16(type); 2142 rsp.type = cpu_to_le16(type);
2143 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP); 2143 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2144 l2cap_send_cmd(conn, cmd->ident, 2144 l2cap_send_cmd(conn, cmd->ident,
2145 L2CAP_INFO_RSP, sizeof(rsp), &rsp); 2145 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2146 } 2146 }
2147 2147
2148 return 0; 2148 return 0;
2149 } 2149 }
2150 2150
2151 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 2151 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2152 { 2152 {
2153 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; 2153 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2154 u16 type, result; 2154 u16 type, result;
2155 2155
2156 type = __le16_to_cpu(rsp->type); 2156 type = __le16_to_cpu(rsp->type);
2157 result = __le16_to_cpu(rsp->result); 2157 result = __le16_to_cpu(rsp->result);
2158 2158
2159 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result); 2159 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2160 2160
2161 conn->info_ident = 0; 2161 conn->info_ident = 0;
2162 2162
2163 del_timer(&conn->info_timer); 2163 del_timer(&conn->info_timer);
2164 2164
2165 if (type == L2CAP_IT_FEAT_MASK) 2165 if (type == L2CAP_IT_FEAT_MASK)
2166 conn->feat_mask = get_unaligned_le32(rsp->data); 2166 conn->feat_mask = get_unaligned_le32(rsp->data);
2167 2167
2168 l2cap_conn_start(conn); 2168 l2cap_conn_start(conn);
2169 2169
2170 return 0; 2170 return 0;
2171 } 2171 }
2172 2172
2173 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) 2173 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
2174 { 2174 {
2175 u8 *data = skb->data; 2175 u8 *data = skb->data;
2176 int len = skb->len; 2176 int len = skb->len;
2177 struct l2cap_cmd_hdr cmd; 2177 struct l2cap_cmd_hdr cmd;
2178 int err = 0; 2178 int err = 0;
2179 2179
2180 l2cap_raw_recv(conn, skb); 2180 l2cap_raw_recv(conn, skb);
2181 2181
2182 while (len >= L2CAP_CMD_HDR_SIZE) { 2182 while (len >= L2CAP_CMD_HDR_SIZE) {
2183 u16 cmd_len; 2183 u16 cmd_len;
2184 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE); 2184 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2185 data += L2CAP_CMD_HDR_SIZE; 2185 data += L2CAP_CMD_HDR_SIZE;
2186 len -= L2CAP_CMD_HDR_SIZE; 2186 len -= L2CAP_CMD_HDR_SIZE;
2187 2187
2188 cmd_len = le16_to_cpu(cmd.len); 2188 cmd_len = le16_to_cpu(cmd.len);
2189 2189
2190 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident); 2190 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
2191 2191
2192 if (cmd_len > len || !cmd.ident) { 2192 if (cmd_len > len || !cmd.ident) {
2193 BT_DBG("corrupted command"); 2193 BT_DBG("corrupted command");
2194 break; 2194 break;
2195 } 2195 }
2196 2196
2197 switch (cmd.code) { 2197 switch (cmd.code) {
2198 case L2CAP_COMMAND_REJ: 2198 case L2CAP_COMMAND_REJ:
2199 l2cap_command_rej(conn, &cmd, data); 2199 l2cap_command_rej(conn, &cmd, data);
2200 break; 2200 break;
2201 2201
2202 case L2CAP_CONN_REQ: 2202 case L2CAP_CONN_REQ:
2203 err = l2cap_connect_req(conn, &cmd, data); 2203 err = l2cap_connect_req(conn, &cmd, data);
2204 break; 2204 break;
2205 2205
2206 case L2CAP_CONN_RSP: 2206 case L2CAP_CONN_RSP:
2207 err = l2cap_connect_rsp(conn, &cmd, data); 2207 err = l2cap_connect_rsp(conn, &cmd, data);
2208 break; 2208 break;
2209 2209
2210 case L2CAP_CONF_REQ: 2210 case L2CAP_CONF_REQ:
2211 err = l2cap_config_req(conn, &cmd, cmd_len, data); 2211 err = l2cap_config_req(conn, &cmd, cmd_len, data);
2212 break; 2212 break;
2213 2213
2214 case L2CAP_CONF_RSP: 2214 case L2CAP_CONF_RSP:
2215 err = l2cap_config_rsp(conn, &cmd, data); 2215 err = l2cap_config_rsp(conn, &cmd, data);
2216 break; 2216 break;
2217 2217
2218 case L2CAP_DISCONN_REQ: 2218 case L2CAP_DISCONN_REQ:
2219 err = l2cap_disconnect_req(conn, &cmd, data); 2219 err = l2cap_disconnect_req(conn, &cmd, data);
2220 break; 2220 break;
2221 2221
2222 case L2CAP_DISCONN_RSP: 2222 case L2CAP_DISCONN_RSP:
2223 err = l2cap_disconnect_rsp(conn, &cmd, data); 2223 err = l2cap_disconnect_rsp(conn, &cmd, data);
2224 break; 2224 break;
2225 2225
2226 case L2CAP_ECHO_REQ: 2226 case L2CAP_ECHO_REQ:
2227 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data); 2227 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
2228 break; 2228 break;
2229 2229
2230 case L2CAP_ECHO_RSP: 2230 case L2CAP_ECHO_RSP:
2231 break; 2231 break;
2232 2232
2233 case L2CAP_INFO_REQ: 2233 case L2CAP_INFO_REQ:
2234 err = l2cap_information_req(conn, &cmd, data); 2234 err = l2cap_information_req(conn, &cmd, data);
2235 break; 2235 break;
2236 2236
2237 case L2CAP_INFO_RSP: 2237 case L2CAP_INFO_RSP:
2238 err = l2cap_information_rsp(conn, &cmd, data); 2238 err = l2cap_information_rsp(conn, &cmd, data);
2239 break; 2239 break;
2240 2240
2241 default: 2241 default:
2242 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code); 2242 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
2243 err = -EINVAL; 2243 err = -EINVAL;
2244 break; 2244 break;
2245 } 2245 }
2246 2246
2247 if (err) { 2247 if (err) {
2248 struct l2cap_cmd_rej rej; 2248 struct l2cap_cmd_rej rej;
2249 BT_DBG("error %d", err); 2249 BT_DBG("error %d", err);
2250 2250
2251 /* FIXME: Map err to a valid reason */ 2251 /* FIXME: Map err to a valid reason */
2252 rej.reason = cpu_to_le16(0); 2252 rej.reason = cpu_to_le16(0);
2253 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); 2253 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2254 } 2254 }
2255 2255
2256 data += cmd_len; 2256 data += cmd_len;
2257 len -= cmd_len; 2257 len -= cmd_len;
2258 } 2258 }
2259 2259
2260 kfree_skb(skb); 2260 kfree_skb(skb);
2261 } 2261 }
2262 2262
2263 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 2263 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2264 { 2264 {
2265 struct sock *sk; 2265 struct sock *sk;
2266 2266
2267 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 2267 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2268 if (!sk) { 2268 if (!sk) {
2269 BT_DBG("unknown cid 0x%4.4x", cid); 2269 BT_DBG("unknown cid 0x%4.4x", cid);
2270 goto drop; 2270 goto drop;
2271 } 2271 }
2272 2272
2273 BT_DBG("sk %p, len %d", sk, skb->len); 2273 BT_DBG("sk %p, len %d", sk, skb->len);
2274 2274
2275 if (sk->sk_state != BT_CONNECTED) 2275 if (sk->sk_state != BT_CONNECTED)
2276 goto drop; 2276 goto drop;
2277 2277
2278 if (l2cap_pi(sk)->imtu < skb->len) 2278 if (l2cap_pi(sk)->imtu < skb->len)
2279 goto drop; 2279 goto drop;
2280 2280
2281 /* If socket recv buffers overflows we drop data here 2281 /* If socket recv buffers overflows we drop data here
2282 * which is *bad* because L2CAP has to be reliable. 2282 * which is *bad* because L2CAP has to be reliable.
2283 * But we don't have any other choice. L2CAP doesn't 2283 * But we don't have any other choice. L2CAP doesn't
2284 * provide flow control mechanism. */ 2284 * provide flow control mechanism. */
2285 2285
2286 if (!sock_queue_rcv_skb(sk, skb)) 2286 if (!sock_queue_rcv_skb(sk, skb))
2287 goto done; 2287 goto done;
2288 2288
2289 drop: 2289 drop:
2290 kfree_skb(skb); 2290 kfree_skb(skb);
2291 2291
2292 done: 2292 done:
2293 if (sk) 2293 if (sk)
2294 bh_unlock_sock(sk); 2294 bh_unlock_sock(sk);
2295 2295
2296 return 0; 2296 return 0;
2297 } 2297 }
2298 2298
2299 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb) 2299 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
2300 { 2300 {
2301 struct sock *sk; 2301 struct sock *sk;
2302 2302
2303 sk = l2cap_get_sock_by_psm(0, psm, conn->src); 2303 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
2304 if (!sk) 2304 if (!sk)
2305 goto drop; 2305 goto drop;
2306 2306
2307 BT_DBG("sk %p, len %d", sk, skb->len); 2307 BT_DBG("sk %p, len %d", sk, skb->len);
2308 2308
2309 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) 2309 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
2310 goto drop; 2310 goto drop;
2311 2311
2312 if (l2cap_pi(sk)->imtu < skb->len) 2312 if (l2cap_pi(sk)->imtu < skb->len)
2313 goto drop; 2313 goto drop;
2314 2314
2315 if (!sock_queue_rcv_skb(sk, skb)) 2315 if (!sock_queue_rcv_skb(sk, skb))
2316 goto done; 2316 goto done;
2317 2317
2318 drop: 2318 drop:
2319 kfree_skb(skb); 2319 kfree_skb(skb);
2320 2320
2321 done: 2321 done:
2322 if (sk) bh_unlock_sock(sk); 2322 if (sk) bh_unlock_sock(sk);
2323 return 0; 2323 return 0;
2324 } 2324 }
2325 2325
2326 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) 2326 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2327 { 2327 {
2328 struct l2cap_hdr *lh = (void *) skb->data; 2328 struct l2cap_hdr *lh = (void *) skb->data;
2329 u16 cid, len; 2329 u16 cid, len;
2330 __le16 psm; 2330 __le16 psm;
2331 2331
2332 skb_pull(skb, L2CAP_HDR_SIZE); 2332 skb_pull(skb, L2CAP_HDR_SIZE);
2333 cid = __le16_to_cpu(lh->cid); 2333 cid = __le16_to_cpu(lh->cid);
2334 len = __le16_to_cpu(lh->len); 2334 len = __le16_to_cpu(lh->len);
2335 2335
2336 BT_DBG("len %d, cid 0x%4.4x", len, cid); 2336 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2337 2337
2338 switch (cid) { 2338 switch (cid) {
2339 case 0x0001: 2339 case 0x0001:
2340 l2cap_sig_channel(conn, skb); 2340 l2cap_sig_channel(conn, skb);
2341 break; 2341 break;
2342 2342
2343 case 0x0002: 2343 case 0x0002:
2344 psm = get_unaligned((__le16 *) skb->data); 2344 psm = get_unaligned((__le16 *) skb->data);
2345 skb_pull(skb, 2); 2345 skb_pull(skb, 2);
2346 l2cap_conless_channel(conn, psm, skb); 2346 l2cap_conless_channel(conn, psm, skb);
2347 break; 2347 break;
2348 2348
2349 default: 2349 default:
2350 l2cap_data_channel(conn, cid, skb); 2350 l2cap_data_channel(conn, cid, skb);
2351 break; 2351 break;
2352 } 2352 }
2353 } 2353 }
2354 2354
2355 /* ---- L2CAP interface with lower layer (HCI) ---- */ 2355 /* ---- L2CAP interface with lower layer (HCI) ---- */
2356 2356
2357 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 2357 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2358 { 2358 {
2359 int exact = 0, lm1 = 0, lm2 = 0; 2359 int exact = 0, lm1 = 0, lm2 = 0;
2360 register struct sock *sk; 2360 register struct sock *sk;
2361 struct hlist_node *node; 2361 struct hlist_node *node;
2362 2362
2363 if (type != ACL_LINK) 2363 if (type != ACL_LINK)
2364 return 0; 2364 return 0;
2365 2365
2366 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 2366 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2367 2367
2368 /* Find listening sockets and check their link_mode */ 2368 /* Find listening sockets and check their link_mode */
2369 read_lock(&l2cap_sk_list.lock); 2369 read_lock(&l2cap_sk_list.lock);
2370 sk_for_each(sk, node, &l2cap_sk_list.head) { 2370 sk_for_each(sk, node, &l2cap_sk_list.head) {
2371 if (sk->sk_state != BT_LISTEN) 2371 if (sk->sk_state != BT_LISTEN)
2372 continue; 2372 continue;
2373 2373
2374 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { 2374 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2375 lm1 |= HCI_LM_ACCEPT; 2375 lm1 |= HCI_LM_ACCEPT;
2376 if (l2cap_pi(sk)->role_switch) 2376 if (l2cap_pi(sk)->role_switch)
2377 lm1 |= HCI_LM_MASTER; 2377 lm1 |= HCI_LM_MASTER;
2378 exact++; 2378 exact++;
2379 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 2379 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
2380 lm2 |= HCI_LM_ACCEPT; 2380 lm2 |= HCI_LM_ACCEPT;
2381 if (l2cap_pi(sk)->role_switch) 2381 if (l2cap_pi(sk)->role_switch)
2382 lm2 |= HCI_LM_MASTER; 2382 lm2 |= HCI_LM_MASTER;
2383 } 2383 }
2384 } 2384 }
2385 read_unlock(&l2cap_sk_list.lock); 2385 read_unlock(&l2cap_sk_list.lock);
2386 2386
2387 return exact ? lm1 : lm2; 2387 return exact ? lm1 : lm2;
2388 } 2388 }
2389 2389
2390 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status) 2390 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
2391 { 2391 {
2392 struct l2cap_conn *conn; 2392 struct l2cap_conn *conn;
2393 2393
2394 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 2394 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
2395 2395
2396 if (hcon->type != ACL_LINK) 2396 if (hcon->type != ACL_LINK)
2397 return 0; 2397 return 0;
2398 2398
2399 if (!status) { 2399 if (!status) {
2400 conn = l2cap_conn_add(hcon, status); 2400 conn = l2cap_conn_add(hcon, status);
2401 if (conn) 2401 if (conn)
2402 l2cap_conn_ready(conn); 2402 l2cap_conn_ready(conn);
2403 } else 2403 } else
2404 l2cap_conn_del(hcon, bt_err(status)); 2404 l2cap_conn_del(hcon, bt_err(status));
2405 2405
2406 return 0; 2406 return 0;
2407 } 2407 }
2408 2408
2409 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason) 2409 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2410 { 2410 {
2411 BT_DBG("hcon %p reason %d", hcon, reason); 2411 BT_DBG("hcon %p reason %d", hcon, reason);
2412 2412
2413 if (hcon->type != ACL_LINK) 2413 if (hcon->type != ACL_LINK)
2414 return 0; 2414 return 0;
2415 2415
2416 l2cap_conn_del(hcon, bt_err(reason)); 2416 l2cap_conn_del(hcon, bt_err(reason));
2417 2417
2418 return 0; 2418 return 0;
2419 } 2419 }
2420 2420
2421 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) 2421 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
2422 { 2422 {
2423 if (sk->sk_type != SOCK_SEQPACKET)
2424 return;
2425
2423 if (encrypt == 0x00) { 2426 if (encrypt == 0x00) {
2424 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) { 2427 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
2425 l2cap_sock_clear_timer(sk); 2428 l2cap_sock_clear_timer(sk);
2426 l2cap_sock_set_timer(sk, HZ * 5); 2429 l2cap_sock_set_timer(sk, HZ * 5);
2427 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 2430 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
2428 __l2cap_sock_close(sk, ECONNREFUSED); 2431 __l2cap_sock_close(sk, ECONNREFUSED);
2429 } else { 2432 } else {
2430 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) 2433 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
2431 l2cap_sock_clear_timer(sk); 2434 l2cap_sock_clear_timer(sk);
2432 } 2435 }
2433 } 2436 }
2434 2437
2435 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) 2438 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2436 { 2439 {
2437 struct l2cap_chan_list *l; 2440 struct l2cap_chan_list *l;
2438 struct l2cap_conn *conn = hcon->l2cap_data; 2441 struct l2cap_conn *conn = hcon->l2cap_data;
2439 struct sock *sk; 2442 struct sock *sk;
2440 2443
2441 if (!conn) 2444 if (!conn)
2442 return 0; 2445 return 0;
2443 2446
2444 l = &conn->chan_list; 2447 l = &conn->chan_list;
2445 2448
2446 BT_DBG("conn %p", conn); 2449 BT_DBG("conn %p", conn);
2447 2450
2448 read_lock(&l->lock); 2451 read_lock(&l->lock);
2449 2452
2450 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 2453 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2451 bh_lock_sock(sk); 2454 bh_lock_sock(sk);
2452 2455
2453 if (!status && (sk->sk_state == BT_CONNECTED || 2456 if (!status && (sk->sk_state == BT_CONNECTED ||
2454 sk->sk_state == BT_CONFIG)) { 2457 sk->sk_state == BT_CONFIG)) {
2455 l2cap_check_encryption(sk, encrypt); 2458 l2cap_check_encryption(sk, encrypt);
2456 bh_unlock_sock(sk); 2459 bh_unlock_sock(sk);
2457 continue; 2460 continue;
2458 } 2461 }
2459 2462
2460 if (sk->sk_state == BT_CONNECT) { 2463 if (sk->sk_state == BT_CONNECT) {
2461 if (!status) { 2464 if (!status) {
2462 struct l2cap_conn_req req; 2465 struct l2cap_conn_req req;
2463 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 2466 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2464 req.psm = l2cap_pi(sk)->psm; 2467 req.psm = l2cap_pi(sk)->psm;
2465 2468
2466 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 2469 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2467 2470
2468 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2471 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2469 L2CAP_CONN_REQ, sizeof(req), &req); 2472 L2CAP_CONN_REQ, sizeof(req), &req);
2470 } else { 2473 } else {
2471 l2cap_sock_clear_timer(sk); 2474 l2cap_sock_clear_timer(sk);
2472 l2cap_sock_set_timer(sk, HZ / 10); 2475 l2cap_sock_set_timer(sk, HZ / 10);
2473 } 2476 }
2474 } else if (sk->sk_state == BT_CONNECT2) { 2477 } else if (sk->sk_state == BT_CONNECT2) {
2475 struct l2cap_conn_rsp rsp; 2478 struct l2cap_conn_rsp rsp;
2476 __u16 result; 2479 __u16 result;
2477 2480
2478 if (!status) { 2481 if (!status) {
2479 sk->sk_state = BT_CONFIG; 2482 sk->sk_state = BT_CONFIG;
2480 result = L2CAP_CR_SUCCESS; 2483 result = L2CAP_CR_SUCCESS;
2481 } else { 2484 } else {
2482 sk->sk_state = BT_DISCONN; 2485 sk->sk_state = BT_DISCONN;
2483 l2cap_sock_set_timer(sk, HZ / 10); 2486 l2cap_sock_set_timer(sk, HZ / 10);
2484 result = L2CAP_CR_SEC_BLOCK; 2487 result = L2CAP_CR_SEC_BLOCK;
2485 } 2488 }
2486 2489
2487 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2490 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2488 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2491 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2489 rsp.result = cpu_to_le16(result); 2492 rsp.result = cpu_to_le16(result);
2490 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 2493 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2491 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2494 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2492 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2495 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2493 } 2496 }
2494 2497
2495 bh_unlock_sock(sk); 2498 bh_unlock_sock(sk);
2496 } 2499 }
2497 2500
2498 read_unlock(&l->lock); 2501 read_unlock(&l->lock);
2499 2502
2500 return 0; 2503 return 0;
2501 } 2504 }
2502 2505
2503 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 2506 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2504 { 2507 {
2505 struct l2cap_conn *conn = hcon->l2cap_data; 2508 struct l2cap_conn *conn = hcon->l2cap_data;
2506 2509
2507 if (!conn && !(conn = l2cap_conn_add(hcon, 0))) 2510 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2508 goto drop; 2511 goto drop;
2509 2512
2510 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags); 2513 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2511 2514
2512 if (flags & ACL_START) { 2515 if (flags & ACL_START) {
2513 struct l2cap_hdr *hdr; 2516 struct l2cap_hdr *hdr;
2514 int len; 2517 int len;
2515 2518
2516 if (conn->rx_len) { 2519 if (conn->rx_len) {
2517 BT_ERR("Unexpected start frame (len %d)", skb->len); 2520 BT_ERR("Unexpected start frame (len %d)", skb->len);
2518 kfree_skb(conn->rx_skb); 2521 kfree_skb(conn->rx_skb);
2519 conn->rx_skb = NULL; 2522 conn->rx_skb = NULL;
2520 conn->rx_len = 0; 2523 conn->rx_len = 0;
2521 l2cap_conn_unreliable(conn, ECOMM); 2524 l2cap_conn_unreliable(conn, ECOMM);
2522 } 2525 }
2523 2526
2524 if (skb->len < 2) { 2527 if (skb->len < 2) {
2525 BT_ERR("Frame is too short (len %d)", skb->len); 2528 BT_ERR("Frame is too short (len %d)", skb->len);
2526 l2cap_conn_unreliable(conn, ECOMM); 2529 l2cap_conn_unreliable(conn, ECOMM);
2527 goto drop; 2530 goto drop;
2528 } 2531 }
2529 2532
2530 hdr = (struct l2cap_hdr *) skb->data; 2533 hdr = (struct l2cap_hdr *) skb->data;
2531 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE; 2534 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2532 2535
2533 if (len == skb->len) { 2536 if (len == skb->len) {
2534 /* Complete frame received */ 2537 /* Complete frame received */
2535 l2cap_recv_frame(conn, skb); 2538 l2cap_recv_frame(conn, skb);
2536 return 0; 2539 return 0;
2537 } 2540 }
2538 2541
2539 BT_DBG("Start: total len %d, frag len %d", len, skb->len); 2542 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2540 2543
2541 if (skb->len > len) { 2544 if (skb->len > len) {
2542 BT_ERR("Frame is too long (len %d, expected len %d)", 2545 BT_ERR("Frame is too long (len %d, expected len %d)",
2543 skb->len, len); 2546 skb->len, len);
2544 l2cap_conn_unreliable(conn, ECOMM); 2547 l2cap_conn_unreliable(conn, ECOMM);
2545 goto drop; 2548 goto drop;
2546 } 2549 }
2547 2550
2548 /* Allocate skb for the complete frame (with header) */ 2551 /* Allocate skb for the complete frame (with header) */
2549 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC))) 2552 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2550 goto drop; 2553 goto drop;
2551 2554
2552 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2555 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2553 skb->len); 2556 skb->len);
2554 conn->rx_len = len - skb->len; 2557 conn->rx_len = len - skb->len;
2555 } else { 2558 } else {
2556 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); 2559 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2557 2560
2558 if (!conn->rx_len) { 2561 if (!conn->rx_len) {
2559 BT_ERR("Unexpected continuation frame (len %d)", skb->len); 2562 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2560 l2cap_conn_unreliable(conn, ECOMM); 2563 l2cap_conn_unreliable(conn, ECOMM);
2561 goto drop; 2564 goto drop;
2562 } 2565 }
2563 2566
2564 if (skb->len > conn->rx_len) { 2567 if (skb->len > conn->rx_len) {
2565 BT_ERR("Fragment is too long (len %d, expected %d)", 2568 BT_ERR("Fragment is too long (len %d, expected %d)",
2566 skb->len, conn->rx_len); 2569 skb->len, conn->rx_len);
2567 kfree_skb(conn->rx_skb); 2570 kfree_skb(conn->rx_skb);
2568 conn->rx_skb = NULL; 2571 conn->rx_skb = NULL;
2569 conn->rx_len = 0; 2572 conn->rx_len = 0;
2570 l2cap_conn_unreliable(conn, ECOMM); 2573 l2cap_conn_unreliable(conn, ECOMM);
2571 goto drop; 2574 goto drop;
2572 } 2575 }
2573 2576
2574 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2577 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2575 skb->len); 2578 skb->len);
2576 conn->rx_len -= skb->len; 2579 conn->rx_len -= skb->len;
2577 2580
2578 if (!conn->rx_len) { 2581 if (!conn->rx_len) {
2579 /* Complete frame received */ 2582 /* Complete frame received */
2580 l2cap_recv_frame(conn, conn->rx_skb); 2583 l2cap_recv_frame(conn, conn->rx_skb);
2581 conn->rx_skb = NULL; 2584 conn->rx_skb = NULL;
2582 } 2585 }
2583 } 2586 }
2584 2587
2585 drop: 2588 drop:
2586 kfree_skb(skb); 2589 kfree_skb(skb);
2587 return 0; 2590 return 0;
2588 } 2591 }
2589 2592
2590 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf) 2593 static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
2591 { 2594 {
2592 struct sock *sk; 2595 struct sock *sk;
2593 struct hlist_node *node; 2596 struct hlist_node *node;
2594 char *str = buf; 2597 char *str = buf;
2595 2598
2596 read_lock_bh(&l2cap_sk_list.lock); 2599 read_lock_bh(&l2cap_sk_list.lock);
2597 2600
2598 sk_for_each(sk, node, &l2cap_sk_list.head) { 2601 sk_for_each(sk, node, &l2cap_sk_list.head) {
2599 struct l2cap_pinfo *pi = l2cap_pi(sk); 2602 struct l2cap_pinfo *pi = l2cap_pi(sk);
2600 2603
2601 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n", 2604 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
2602 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2605 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2603 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid, 2606 sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid,
2604 pi->imtu, pi->omtu, pi->sec_level); 2607 pi->imtu, pi->omtu, pi->sec_level);
2605 } 2608 }
2606 2609
2607 read_unlock_bh(&l2cap_sk_list.lock); 2610 read_unlock_bh(&l2cap_sk_list.lock);
2608 2611
2609 return (str - buf); 2612 return (str - buf);
2610 } 2613 }
2611 2614
2612 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL); 2615 static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
2613 2616
2614 static const struct proto_ops l2cap_sock_ops = { 2617 static const struct proto_ops l2cap_sock_ops = {
2615 .family = PF_BLUETOOTH, 2618 .family = PF_BLUETOOTH,
2616 .owner = THIS_MODULE, 2619 .owner = THIS_MODULE,
2617 .release = l2cap_sock_release, 2620 .release = l2cap_sock_release,
2618 .bind = l2cap_sock_bind, 2621 .bind = l2cap_sock_bind,
2619 .connect = l2cap_sock_connect, 2622 .connect = l2cap_sock_connect,
2620 .listen = l2cap_sock_listen, 2623 .listen = l2cap_sock_listen,
2621 .accept = l2cap_sock_accept, 2624 .accept = l2cap_sock_accept,
2622 .getname = l2cap_sock_getname, 2625 .getname = l2cap_sock_getname,
2623 .sendmsg = l2cap_sock_sendmsg, 2626 .sendmsg = l2cap_sock_sendmsg,
2624 .recvmsg = l2cap_sock_recvmsg, 2627 .recvmsg = l2cap_sock_recvmsg,
2625 .poll = bt_sock_poll, 2628 .poll = bt_sock_poll,
2626 .ioctl = bt_sock_ioctl, 2629 .ioctl = bt_sock_ioctl,
2627 .mmap = sock_no_mmap, 2630 .mmap = sock_no_mmap,
2628 .socketpair = sock_no_socketpair, 2631 .socketpair = sock_no_socketpair,
2629 .shutdown = l2cap_sock_shutdown, 2632 .shutdown = l2cap_sock_shutdown,
2630 .setsockopt = l2cap_sock_setsockopt, 2633 .setsockopt = l2cap_sock_setsockopt,
2631 .getsockopt = l2cap_sock_getsockopt 2634 .getsockopt = l2cap_sock_getsockopt
2632 }; 2635 };
2633 2636
2634 static struct net_proto_family l2cap_sock_family_ops = { 2637 static struct net_proto_family l2cap_sock_family_ops = {
2635 .family = PF_BLUETOOTH, 2638 .family = PF_BLUETOOTH,
2636 .owner = THIS_MODULE, 2639 .owner = THIS_MODULE,
2637 .create = l2cap_sock_create, 2640 .create = l2cap_sock_create,
2638 }; 2641 };
2639 2642
2640 static struct hci_proto l2cap_hci_proto = { 2643 static struct hci_proto l2cap_hci_proto = {
2641 .name = "L2CAP", 2644 .name = "L2CAP",
2642 .id = HCI_PROTO_L2CAP, 2645 .id = HCI_PROTO_L2CAP,
2643 .connect_ind = l2cap_connect_ind, 2646 .connect_ind = l2cap_connect_ind,
2644 .connect_cfm = l2cap_connect_cfm, 2647 .connect_cfm = l2cap_connect_cfm,
2645 .disconn_ind = l2cap_disconn_ind, 2648 .disconn_ind = l2cap_disconn_ind,
2646 .security_cfm = l2cap_security_cfm, 2649 .security_cfm = l2cap_security_cfm,
2647 .recv_acldata = l2cap_recv_acldata 2650 .recv_acldata = l2cap_recv_acldata
2648 }; 2651 };
2649 2652
2650 static int __init l2cap_init(void) 2653 static int __init l2cap_init(void)
2651 { 2654 {
2652 int err; 2655 int err;
2653 2656
2654 err = proto_register(&l2cap_proto, 0); 2657 err = proto_register(&l2cap_proto, 0);
2655 if (err < 0) 2658 if (err < 0)
2656 return err; 2659 return err;
2657 2660
2658 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 2661 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2659 if (err < 0) { 2662 if (err < 0) {
2660 BT_ERR("L2CAP socket registration failed"); 2663 BT_ERR("L2CAP socket registration failed");
2661 goto error; 2664 goto error;
2662 } 2665 }
2663 2666
2664 err = hci_register_proto(&l2cap_hci_proto); 2667 err = hci_register_proto(&l2cap_hci_proto);
2665 if (err < 0) { 2668 if (err < 0) {
2666 BT_ERR("L2CAP protocol registration failed"); 2669 BT_ERR("L2CAP protocol registration failed");
2667 bt_sock_unregister(BTPROTO_L2CAP); 2670 bt_sock_unregister(BTPROTO_L2CAP);
2668 goto error; 2671 goto error;
2669 } 2672 }
2670 2673
2671 if (class_create_file(bt_class, &class_attr_l2cap) < 0) 2674 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2672 BT_ERR("Failed to create L2CAP info file"); 2675 BT_ERR("Failed to create L2CAP info file");
2673 2676
2674 BT_INFO("L2CAP ver %s", VERSION); 2677 BT_INFO("L2CAP ver %s", VERSION);
2675 BT_INFO("L2CAP socket layer initialized"); 2678 BT_INFO("L2CAP socket layer initialized");
2676 2679
2677 return 0; 2680 return 0;
2678 2681
2679 error: 2682 error:
2680 proto_unregister(&l2cap_proto); 2683 proto_unregister(&l2cap_proto);
2681 return err; 2684 return err;
2682 } 2685 }
2683 2686
2684 static void __exit l2cap_exit(void) 2687 static void __exit l2cap_exit(void)
2685 { 2688 {
2686 class_remove_file(bt_class, &class_attr_l2cap); 2689 class_remove_file(bt_class, &class_attr_l2cap);
2687 2690
2688 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 2691 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2689 BT_ERR("L2CAP socket unregistration failed"); 2692 BT_ERR("L2CAP socket unregistration failed");
2690 2693
2691 if (hci_unregister_proto(&l2cap_hci_proto) < 0) 2694 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2692 BT_ERR("L2CAP protocol unregistration failed"); 2695 BT_ERR("L2CAP protocol unregistration failed");
2693 2696
2694 proto_unregister(&l2cap_proto); 2697 proto_unregister(&l2cap_proto);
2695 } 2698 }
2696 2699
2697 void l2cap_load(void) 2700 void l2cap_load(void)
2698 { 2701 {
2699 /* Dummy function to trigger automatic L2CAP module loading by 2702 /* Dummy function to trigger automatic L2CAP module loading by
2700 * other modules that use L2CAP sockets but don't use any other 2703 * other modules that use L2CAP sockets but don't use any other
2701 * symbols from it. */ 2704 * symbols from it. */
2702 return; 2705 return;
2703 } 2706 }
2704 EXPORT_SYMBOL(l2cap_load); 2707 EXPORT_SYMBOL(l2cap_load);
2705 2708
2706 module_init(l2cap_init); 2709 module_init(l2cap_init);
2707 module_exit(l2cap_exit); 2710 module_exit(l2cap_exit);
2708 2711
2709 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2712 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2710 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 2713 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2711 MODULE_VERSION(VERSION); 2714 MODULE_VERSION(VERSION);
2712 MODULE_LICENSE("GPL"); 2715 MODULE_LICENSE("GPL");
2713 MODULE_ALIAS("bt-proto-0"); 2716 MODULE_ALIAS("bt-proto-0");
2714 2717