Subversion Repositories or1k

/*

   BlueZ - Bluetooth protocol stack for Linux

   Copyright (C) 2000-2001 Qualcomm Incorporated

   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>

   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License version 2 as

   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.

   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY

   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES

   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,

   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS

   SOFTWARE IS DISCLAIMED.

*/

/*

 * BlueZ L2CAP core and sockets.

 *

 * $Id: l2cap.c,v 1.1.1.1 2004-04-15 01:17:03 phoenix Exp $

 */

#define VERSION "2.3"

#include <linux/config.h>

#include <linux/module.h>

#include <linux/types.h>

#include <linux/errno.h>

#include <linux/kernel.h>

#include <linux/major.h>

#include <linux/sched.h>

#include <linux/slab.h>

#include <linux/poll.h>

#include <linux/fcntl.h>

#include <linux/init.h>

#include <linux/skbuff.h>

#include <linux/interrupt.h>

#include <linux/socket.h>

#include <linux/skbuff.h>

#include <linux/proc_fs.h>

#include <linux/list.h>

#include <net/sock.h>

#include <asm/system.h>

#include <asm/uaccess.h>

#include <asm/unaligned.h>

#include <net/bluetooth/bluetooth.h>

#include <net/bluetooth/hci_core.h>

#include <net/bluetooth/l2cap.h>

#ifndef L2CAP_DEBUG

#undef  BT_DBG

#define BT_DBG( A... )

#endif

static struct proto_ops l2cap_sock_ops;

struct bluez_sock_list l2cap_sk_list = {

        lock: RW_LOCK_UNLOCKED

};

static int l2cap_conn_del(struct hci_conn *conn, int err);

static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);

static void l2cap_chan_del(struct sock *sk, int err);

static int  l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);

static void __l2cap_sock_close(struct sock *sk, int reason);

static void l2cap_sock_close(struct sock *sk);

static void l2cap_sock_kill(struct sock *sk);

static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);

static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);

/* ----- L2CAP timers ------ */

static void l2cap_sock_timeout(unsigned long arg)

{

        struct sock *sk = (struct sock *) arg;

        BT_DBG("sock %p state %d", sk, sk->state);

        bh_lock_sock(sk);

        __l2cap_sock_close(sk, ETIMEDOUT);

        bh_unlock_sock(sk);

        l2cap_sock_kill(sk);

        sock_put(sk);

}

static void l2cap_sock_set_timer(struct sock *sk, long timeout)

{

        BT_DBG("sk %p state %d timeout %ld", sk, sk->state, timeout);

        if (!mod_timer(&sk->timer, jiffies + timeout))

                sock_hold(sk);

}

static void l2cap_sock_clear_timer(struct sock *sk)

{

        BT_DBG("sock %p state %d", sk, sk->state);

        if (timer_pending(&sk->timer) && del_timer(&sk->timer))

                __sock_put(sk);

}

static void l2cap_sock_init_timer(struct sock *sk)

{

        init_timer(&sk->timer);

        sk->timer.function = l2cap_sock_timeout;

        sk->timer.data = (unsigned long)sk;

}

/* -------- L2CAP connections --------- */

static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, __u8 status)

{

        struct l2cap_conn *conn;

        if ((conn = hcon->l2cap_data))

                return conn;

        if (status)

                return conn;

        if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))

                return NULL;

        memset(conn, 0, sizeof(struct l2cap_conn));

        hcon->l2cap_data = conn;

        conn->hcon = hcon;

        conn->mtu = hcon->hdev->acl_mtu;

        conn->src = &hcon->hdev->bdaddr;

        conn->dst = &hcon->dst;

        spin_lock_init(&conn->lock);

        conn->chan_list.lock = RW_LOCK_UNLOCKED;

        BT_DBG("hcon %p conn %p", hcon, conn);

        MOD_INC_USE_COUNT;

        return conn;

}

static int l2cap_conn_del(struct hci_conn *hcon, int err)

{

        struct l2cap_conn *conn;

        struct sock *sk;

        if (!(conn = hcon->l2cap_data))

                return 0;

        BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);

        if (conn->rx_skb)

                kfree_skb(conn->rx_skb);

        /* Kill channels */

        while ((sk = conn->chan_list.head)) {

                bh_lock_sock(sk);

                l2cap_chan_del(sk, err);

                bh_unlock_sock(sk);

                l2cap_sock_kill(sk);

        }

        hcon->l2cap_data = NULL;

        kfree(conn);

        MOD_DEC_USE_COUNT;

        return 0;

}

/* -------- Socket interface ---------- */

static struct sock *__l2cap_get_sock_by_addr(__u16 psm, bdaddr_t *src)

{

        struct sock *sk;

        for (sk = l2cap_sk_list.head; sk; sk = sk->next) {

                if (sk->sport == psm && !bacmp(&bluez_pi(sk)->src, src))

                        break;

        }

        return sk;

}

/* Find socket with psm and source bdaddr.

 * Returns closest match.

 */

static struct sock *__l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)

{

        struct sock *sk, *sk1 = NULL;

        for (sk = l2cap_sk_list.head; sk; sk = sk->next) {

                if (state && sk->state != state)

                        continue;

                if (l2cap_pi(sk)->psm == psm) {

                        /* Exact match. */

                        if (!bacmp(&bluez_pi(sk)->src, src))

                                break;

                        /* Closest match */

                        if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))

                                sk1 = sk;

                }

        }

        return sk ? sk : sk1;

}

/* Find socket with given address (psm, src).

 * Returns locked socket */

static inline struct sock *l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)

{

        struct sock *s;

        read_lock(&l2cap_sk_list.lock);

        s = __l2cap_get_sock_by_psm(state, psm, src);

        if (s) bh_lock_sock(s);

        read_unlock(&l2cap_sk_list.lock);

        return s;

}

static void l2cap_sock_destruct(struct sock *sk)

{

        BT_DBG("sk %p", sk);

        skb_queue_purge(&sk->receive_queue);

        skb_queue_purge(&sk->write_queue);

        MOD_DEC_USE_COUNT;

}

static void l2cap_sock_cleanup_listen(struct sock *parent)

{

        struct sock *sk;

        BT_DBG("parent %p", parent);

        /* Close not yet accepted channels */

        while ((sk = bluez_accept_dequeue(parent, NULL)))

                l2cap_sock_close(sk);

        parent->state  = BT_CLOSED;

        parent->zapped = 1;

}

/* Kill socket (only if zapped and orphan)

 * Must be called on unlocked socket.

 */

static void l2cap_sock_kill(struct sock *sk)

{

        if (!sk->zapped || sk->socket)

                return;

        BT_DBG("sk %p state %d", sk, sk->state);

        /* Kill poor orphan */

        bluez_sock_unlink(&l2cap_sk_list, sk);

        sk->dead = 1;

        sock_put(sk);

}

/* Close socket.

 */

static void __l2cap_sock_close(struct sock *sk, int reason)

{

        BT_DBG("sk %p state %d socket %p", sk, sk->state, sk->socket);

        switch (sk->state) {

        case BT_LISTEN:

                l2cap_sock_cleanup_listen(sk);

                break;

        case BT_CONNECTED:

        case BT_CONFIG:

        case BT_CONNECT2:

                if (sk->type == SOCK_SEQPACKET) {

                        struct l2cap_conn *conn = l2cap_pi(sk)->conn;

                        l2cap_disconn_req req;

                        sk->state = BT_DISCONN;

                        l2cap_sock_set_timer(sk, sk->sndtimeo);

                        req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);

                        req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);

                        l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);

                } else {

                        l2cap_chan_del(sk, reason);

                }

                break;

        case BT_CONNECT:

        case BT_DISCONN:

                l2cap_chan_del(sk, reason);

                break;

        default:

                sk->zapped = 1;

                break;

        };

}

/* Must be called on unlocked socket. */

static void l2cap_sock_close(struct sock *sk)

{

        l2cap_sock_clear_timer(sk);

        lock_sock(sk);

        __l2cap_sock_close(sk, ECONNRESET);

        release_sock(sk);

        l2cap_sock_kill(sk);

}

static void l2cap_sock_init(struct sock *sk, struct sock *parent)

{

        struct l2cap_pinfo *pi = l2cap_pi(sk);

        BT_DBG("sk %p", sk);

        if (parent) {

                sk->type = parent->type;

                pi->imtu = l2cap_pi(parent)->imtu;

                pi->omtu = l2cap_pi(parent)->omtu;

                pi->link_mode = l2cap_pi(parent)->link_mode;

        } else {

                pi->imtu = L2CAP_DEFAULT_MTU;

                pi->omtu = 0;

                pi->link_mode = 0;

        }

        /* Default config options */

        pi->conf_mtu = L2CAP_DEFAULT_MTU;

        pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;

}

static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)

{

        struct sock *sk;

        if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))

                return NULL;

        bluez_sock_init(sock, sk);

        sk->zapped   = 0;

        sk->destruct = l2cap_sock_destruct;

        sk->sndtimeo = L2CAP_CONN_TIMEOUT;

        sk->protocol = proto;

        sk->state    = BT_OPEN;

        l2cap_sock_init_timer(sk);

        bluez_sock_link(&l2cap_sk_list, sk);

        MOD_INC_USE_COUNT;

        return sk;

}

static int l2cap_sock_create(struct socket *sock, int protocol)

{

        struct sock *sk;

        BT_DBG("sock %p", sock);

        sock->state = SS_UNCONNECTED;

        if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)

                return -ESOCKTNOSUPPORT;

        if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))

                return -EPERM;

        sock->ops = &l2cap_sock_ops;

        if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))

                return -ENOMEM;

        l2cap_sock_init(sk, NULL);

        return 0;

}

static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)

{

        struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;

        struct sock *sk = sock->sk;

        int err = 0;

        BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);

        if (!addr || addr->sa_family != AF_BLUETOOTH)

                return -EINVAL;

        lock_sock(sk);

        if (sk->state != BT_OPEN) {

                err = -EBADFD;

                goto done;

        }

        write_lock_bh(&l2cap_sk_list.lock);

        if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {

                err = -EADDRINUSE;

        } else {

                /* Save source address */

                bacpy(&bluez_pi(sk)->src, &la->l2_bdaddr);

                l2cap_pi(sk)->psm = la->l2_psm;

                sk->sport = la->l2_psm;

                sk->state = BT_BOUND;

        }

        write_unlock_bh(&l2cap_sk_list.lock);

done:

        release_sock(sk);

        return err;

}

static int l2cap_do_connect(struct sock *sk)

{

        bdaddr_t *src = &bluez_pi(sk)->src;

        bdaddr_t *dst = &bluez_pi(sk)->dst;

        struct l2cap_conn *conn;

        struct hci_conn   *hcon;

        struct hci_dev    *hdev;

        int err = 0;

        BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);

        if (!(hdev = hci_get_route(dst, src)))

                return -EHOSTUNREACH;

        hci_dev_lock_bh(hdev);

        err = -ENOMEM;

        hcon = hci_connect(hdev, ACL_LINK, dst);

        if (!hcon)

                goto done;

        conn = l2cap_conn_add(hcon, 0);

        if (!conn) {

                hci_conn_put(hcon);

                goto done;

        }

        err = 0;

        /* Update source addr of the socket */

        bacpy(src, conn->src);

        l2cap_chan_add(conn, sk, NULL);

        sk->state = BT_CONNECT;

        l2cap_sock_set_timer(sk, sk->sndtimeo);

        if (hcon->state == BT_CONNECTED) {

                if (sk->type == SOCK_SEQPACKET) {

                        l2cap_conn_req req;

                        req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);

                        req.psm  = l2cap_pi(sk)->psm;

                        l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);

                } else {

                        l2cap_sock_clear_timer(sk);

                        sk->state = BT_CONNECTED;

                }

        }

done:

        hci_dev_unlock_bh(hdev);

        hci_dev_put(hdev);

        return err;

}

static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)

{

        struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;

        struct sock *sk = sock->sk;

        int err = 0;

        lock_sock(sk);

        BT_DBG("sk %p", sk);

        if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {

                err = -EINVAL;

                goto done;

        }

        if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {

                err = -EINVAL;

                goto done;

        }

        switch(sk->state) {

        case BT_CONNECT:

        case BT_CONNECT2:

        case BT_CONFIG:

                /* Already connecting */

                goto wait;

        case BT_CONNECTED:

                /* Already connected */

                goto done;

        case BT_OPEN:

        case BT_BOUND:

                /* Can connect */

                break;

        default:

                err = -EBADFD;

                goto done;

        }

        /* Set destination address and psm */

        bacpy(&bluez_pi(sk)->dst, &la->l2_bdaddr);

        l2cap_pi(sk)->psm = la->l2_psm;

        if ((err = l2cap_do_connect(sk)))

                goto done;

wait:

        err = bluez_sock_wait_state(sk, BT_CONNECTED,

                        sock_sndtimeo(sk, flags & O_NONBLOCK));

done:

        release_sock(sk);

        return err;

}

int l2cap_sock_listen(struct socket *sock, int backlog)

{

        struct sock *sk = sock->sk;

        int err = 0;

        BT_DBG("sk %p backlog %d", sk, backlog);

        lock_sock(sk);

        if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {

                err = -EBADFD;

                goto done;

        }

        if (!l2cap_pi(sk)->psm) {

                err = -EINVAL;

                goto done;

        }

        sk->max_ack_backlog = backlog;

        sk->ack_backlog = 0;

        sk->state = BT_LISTEN;

done:

        release_sock(sk);

        return err;

}

int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)

{

        DECLARE_WAITQUEUE(wait, current);

        struct sock *sk = sock->sk, *nsk;

        long timeo;

        int err = 0;

        lock_sock(sk);

        if (sk->state != BT_LISTEN) {

                err = -EBADFD;

                goto done;

        }

        timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);

        BT_DBG("sk %p timeo %ld", sk, timeo);

        /* Wait for an incoming connection. (wake-one). */

        add_wait_queue_exclusive(sk->sleep, &wait);

        while (!(nsk = bluez_accept_dequeue(sk, newsock))) {

                set_current_state(TASK_INTERRUPTIBLE);

                if (!timeo) {

                        err = -EAGAIN;

                        break;

                }

                release_sock(sk);

                timeo = schedule_timeout(timeo);

                lock_sock(sk);

                if (sk->state != BT_LISTEN) {

                        err = -EBADFD;

                        break;

                }

                if (signal_pending(current)) {

                        err = sock_intr_errno(timeo);

                        break;

                }

        }

        set_current_state(TASK_RUNNING);

        remove_wait_queue(sk->sleep, &wait);

        if (err)

                goto done;

        newsock->state = SS_CONNECTED;

        BT_DBG("new socket %p", nsk);

done:

        release_sock(sk);

        return err;

}

static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)

{

        struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;

        struct sock *sk = sock->sk;

        BT_DBG("sock %p, sk %p", sock, sk);

        addr->sa_family = AF_BLUETOOTH;

        *len = sizeof(struct sockaddr_l2);

        if (peer)

                bacpy(&la->l2_bdaddr, &bluez_pi(sk)->dst);

        else

                bacpy(&la->l2_bdaddr, &bluez_pi(sk)->src);

        la->l2_psm = l2cap_pi(sk)->psm;

        return 0;

}

static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)

{

        struct sock *sk = sock->sk;

        int err = 0;

        BT_DBG("sock %p, sk %p", sock, sk);

        if (sk->err)

                return sock_error(sk);

        if (msg->msg_flags & MSG_OOB)

                return -EOPNOTSUPP;

        /* Check outgoing MTU */

        if (len > l2cap_pi(sk)->omtu)

                return -EINVAL;

        lock_sock(sk);

        if (sk->state == BT_CONNECTED)

                err = l2cap_chan_send(sk, msg, len);

        else

                err = -ENOTCONN;

        release_sock(sk);

        return err;

}

static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)

{

        struct sock *sk = sock->sk;

        struct l2cap_options opts;