1 files changed, 144 insertions, 231 deletions
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 8248303f44e8..39082d4e77ce 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -29,54 +29,11 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
 #include <net/bluetooth/l2cap.h>
+#include <net/bluetooth/smp.h>
 static const struct proto_ops l2cap_sock_ops;
+static void l2cap_sock_init(struct sock *sk, struct sock *parent);
-/* ---- L2CAP timers ---- */
+static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
-static void l2cap_sock_timeout(unsigned long arg)
-{
-        struct sock *sk = (struct sock *) arg;
-        int reason;
-        BT_DBG("sock %p state %d", sk, sk->sk_state);
-        bh_lock_sock(sk);
-        if (sock_owned_by_user(sk)) {
-                /* sk is owned by user. Try again later */
-                l2cap_sock_set_timer(sk, HZ / 5);
-                bh_unlock_sock(sk);
-                sock_put(sk);
-                return;
-        }
-        if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
-                reason = ECONNREFUSED;
-        else if (sk->sk_state == BT_CONNECT &&
-                        l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
-                reason = ECONNREFUSED;
-        else
-                reason = ETIMEDOUT;
-        __l2cap_sock_close(sk, reason);
-        bh_unlock_sock(sk);
-        l2cap_sock_kill(sk);
-        sock_put(sk);
-}
-void l2cap_sock_set_timer(struct sock *sk, long timeout)
-{
-        BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
-        sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
-}
-void l2cap_sock_clear_timer(struct sock *sk)
-{
-        BT_DBG("sock %p state %d", sk, sk->sk_state);
-        sk_stop_timer(sk, &sk->sk_timer);
-}
 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 {
@@ -133,6 +90,8 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
                chan->sec_level = BT_SECURITY_SDP;
        bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
+        chan->state = BT_BOUND;
        sk->sk_state = BT_BOUND;
 done:
@@ -162,7 +121,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
        lock_sock(sk);
-        if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
+        if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
                        && !(la.l2_psm || la.l2_cid)) {
                err = -EINVAL;
                goto done;
@@ -204,8 +163,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
        }
        /* PSM must be odd and lsb of upper byte must be 0 */
-        if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
+        if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
-                                sk->sk_type != SOCK_RAW && !la.l2_cid) {
+                                        chan->chan_type != L2CAP_CHAN_RAW) {
                err = -EINVAL;
                goto done;
        }
@@ -258,6 +217,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
        sk->sk_max_ack_backlog = backlog;
        sk->sk_ack_backlog = 0;
+        chan->state = BT_LISTEN;
        sk->sk_state = BT_LISTEN;
 done:
@@ -437,6 +398,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
        struct sock *sk = sock->sk;
        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
        struct bt_security sec;
+        struct bt_power pwr;
        int len, err = 0;
        BT_DBG("sk %p", sk);
@@ -454,8 +416,8 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
        switch (optname) {
        case BT_SECURITY:
-                if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
+                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
-                                && sk->sk_type != SOCK_RAW) {
+                                        chan->chan_type != L2CAP_CHAN_RAW) {
                        err = -EINVAL;
                        break;
                }
@@ -485,6 +447,21 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
                break;
+        case BT_POWER:
+                if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
+                                && sk->sk_type != SOCK_RAW) {
+                        err = -EINVAL;
+                        break;
+                }
+                pwr.force_active = chan->force_active;
+                len = min_t(unsigned int, len, sizeof(pwr));
+                if (copy_to_user(optval, (char *) &pwr, len))
+                        err = -EFAULT;
+                break;
        default:
                err = -ENOPROTOOPT;
                break;
@@ -535,7 +512,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
                chan->mode = opts.mode;
                switch (chan->mode) {
                case L2CAP_MODE_BASIC:
-                        chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
+                        clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
                        break;
                case L2CAP_MODE_ERTM:
                case L2CAP_MODE_STREAMING:
@@ -585,6 +562,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
        struct sock *sk = sock->sk;
        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
        struct bt_security sec;
+        struct bt_power pwr;
+        struct l2cap_conn *conn;
        int len, err = 0;
        u32 opt;
@@ -600,8 +579,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
        switch (optname) {
        case BT_SECURITY:
-                if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
+                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
-                                && sk->sk_type != SOCK_RAW) {
+                                        chan->chan_type != L2CAP_CHAN_RAW) {
                        err = -EINVAL;
                        break;
                }
@@ -621,6 +600,20 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
                }
                chan->sec_level = sec.level;
+                conn = chan->conn;
+                if (conn && chan->scid == L2CAP_CID_LE_DATA) {
+                        if (!conn->hcon->out) {
+                                err = -EINVAL;
+                                break;
+                        }
+                        if (smp_conn_security(conn, sec.level))
+                                break;
+                        err = 0;
+                        sk->sk_state = BT_CONFIG;
+                }
                break;
        case BT_DEFER_SETUP:
@@ -661,6 +654,23 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
                chan->flushable = opt;
                break;
+        case BT_POWER:
+                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
+                                        chan->chan_type != L2CAP_CHAN_RAW) {
+                        err = -EINVAL;
+                        break;
+                }
+                pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
+                len = min_t(unsigned int, sizeof(pwr), optlen);
+                if (copy_from_user((char *) &pwr, optval, len)) {
+                        err = -EFAULT;
+                        break;
+                }
+                chan->force_active = pwr.force_active;
+                break;
        default:
                err = -ENOPROTOOPT;
                break;
@@ -674,8 +684,6 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
 {
        struct sock *sk = sock->sk;
        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
-        struct sk_buff *skb;
-        u16 control;
        int err;
        BT_DBG("sock %p, sk %p", sock, sk);
@@ -690,87 +698,12 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
        lock_sock(sk);
        if (sk->sk_state != BT_CONNECTED) {
-                err = -ENOTCONN;
+                release_sock(sk);
-                goto done;
+                return -ENOTCONN;
-        }
-        /* Connectionless channel */
-        if (sk->sk_type == SOCK_DGRAM) {
-                skb = l2cap_create_connless_pdu(chan, msg, len);
-                if (IS_ERR(skb)) {
-                        err = PTR_ERR(skb);
-                } else {
-                        l2cap_do_send(chan, skb);
-                        err = len;
-                }
-                goto done;
        }
-        switch (chan->mode) {
+        err = l2cap_chan_send(chan, msg, len);
-        case L2CAP_MODE_BASIC:
-                /* Check outgoing MTU */
-                if (len > chan->omtu) {
-                        err = -EMSGSIZE;
-                        goto done;
-                }
-                /* Create a basic PDU */
-                skb = l2cap_create_basic_pdu(chan, msg, len);
-                if (IS_ERR(skb)) {
-                        err = PTR_ERR(skb);
-                        goto done;
-                }
-                l2cap_do_send(chan, skb);
-                err = len;
-                break;
-        case L2CAP_MODE_ERTM:
-        case L2CAP_MODE_STREAMING:
-                /* Entire SDU fits into one PDU */
-                if (len <= chan->remote_mps) {
-                        control = L2CAP_SDU_UNSEGMENTED;
-                        skb = l2cap_create_iframe_pdu(chan, msg, len, control,
-                                                                        0);
-                        if (IS_ERR(skb)) {
-                                err = PTR_ERR(skb);
-                                goto done;
-                        }
-                        __skb_queue_tail(&chan->tx_q, skb);
-                        if (chan->tx_send_head == NULL)
-                                chan->tx_send_head = skb;
-                } else {
-                /* Segment SDU into multiples PDUs */
-                        err = l2cap_sar_segment_sdu(chan, msg, len);
-                        if (err < 0)
-                                goto done;
-                }
-                if (chan->mode == L2CAP_MODE_STREAMING) {
-                        l2cap_streaming_send(chan);
-                        err = len;
-                        break;
-                }
-                if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
-                                (chan->conn_state & L2CAP_CONN_WAIT_F)) {
-                        err = len;
-                        break;
-                }
-                err = l2cap_ertm_send(chan);
-                if (err >= 0)
-                        err = len;
-                break;
-        default:
-                BT_DBG("bad state %1.1x", chan->mode);
-                err = -EBADFD;
-        }
-done:
        release_sock(sk);
        return err;
 }
@@ -800,7 +733,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
 /* Kill socket (only if zapped and orphan)
 * Must be called on unlocked socket.
 */
-void l2cap_sock_kill(struct sock *sk)
+static void l2cap_sock_kill(struct sock *sk)
 {
        if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
                return;
@@ -814,87 +747,6 @@ void l2cap_sock_kill(struct sock *sk)
        sock_put(sk);
 }
-/* Must be called on unlocked socket. */
-static void l2cap_sock_close(struct sock *sk)
-{
-        l2cap_sock_clear_timer(sk);
-        lock_sock(sk);
-        __l2cap_sock_close(sk, ECONNRESET);
-        release_sock(sk);
-        l2cap_sock_kill(sk);
-}
-static void l2cap_sock_cleanup_listen(struct sock *parent)
-{
-        struct sock *sk;
-        BT_DBG("parent %p", parent);
-        /* Close not yet accepted channels */
-        while ((sk = bt_accept_dequeue(parent, NULL)))
-                l2cap_sock_close(sk);
-        parent->sk_state = BT_CLOSED;
-        sock_set_flag(parent, SOCK_ZAPPED);
-}
-void __l2cap_sock_close(struct sock *sk, int reason)
-{
-        struct l2cap_chan *chan = l2cap_pi(sk)->chan;
-        struct l2cap_conn *conn = chan->conn;
-        BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
-        switch (sk->sk_state) {
-        case BT_LISTEN:
-                l2cap_sock_cleanup_listen(sk);
-                break;
-        case BT_CONNECTED:
-        case BT_CONFIG:
-                if ((sk->sk_type == SOCK_SEQPACKET ||
-                                        sk->sk_type == SOCK_STREAM) &&
-                                        conn->hcon->type == ACL_LINK) {
-                        l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
-                        l2cap_send_disconn_req(conn, chan, reason);
-                } else
-                        l2cap_chan_del(chan, reason);
-                break;
-        case BT_CONNECT2:
-                if ((sk->sk_type == SOCK_SEQPACKET ||
-                                        sk->sk_type == SOCK_STREAM) &&
-                                        conn->hcon->type == ACL_LINK) {
-                        struct l2cap_conn_rsp rsp;
-                        __u16 result;
-                        if (bt_sk(sk)->defer_setup)
-                                result = L2CAP_CR_SEC_BLOCK;
-                        else
-                                result = L2CAP_CR_BAD_PSM;
-                        rsp.scid   = cpu_to_le16(chan->dcid);
-                        rsp.dcid   = cpu_to_le16(chan->scid);
-                        rsp.result = cpu_to_le16(result);
-                        rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
-                        l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
-                                                        sizeof(rsp), &rsp);
-                }
-                l2cap_chan_del(chan, reason);
-                break;
-        case BT_CONNECT:
-        case BT_DISCONN:
-                l2cap_chan_del(chan, reason);
-                break;
-        default:
-                sock_set_flag(sk, SOCK_ZAPPED);
-                break;
-        }
-}
 static int l2cap_sock_shutdown(struct socket *sock, int how)
 {
        struct sock *sk = sock->sk;
@@ -912,8 +764,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
                        err = __l2cap_wait_ack(sk);
                sk->sk_shutdown = SHUTDOWN_MASK;
-                l2cap_sock_clear_timer(sk);
+                l2cap_chan_close(chan, 0);
-                __l2cap_sock_close(sk, 0);
                if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
                        err = bt_sock_wait_state(sk, BT_CLOSED,
@@ -944,6 +795,49 @@ static int l2cap_sock_release(struct socket *sock)
        return err;
 }
+static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
+{
+        struct sock *sk, *parent = data;
+        sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
+                                                                GFP_ATOMIC);
+        if (!sk)
+                return NULL;
+        l2cap_sock_init(sk, parent);
+        return l2cap_pi(sk)->chan;
+}
+static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
+{
+        struct sock *sk = data;
+        return sock_queue_rcv_skb(sk, skb);
+}
+static void l2cap_sock_close_cb(void *data)
+{
+        struct sock *sk = data;
+        l2cap_sock_kill(sk);
+}
+static void l2cap_sock_state_change_cb(void *data, int state)
+{
+        struct sock *sk = data;
+        sk->sk_state = state;
+}
+static struct l2cap_ops l2cap_chan_ops = {
+        .name           = "L2CAP Socket Interface",
+        .new_connection = l2cap_sock_new_connection_cb,
+        .recv           = l2cap_sock_recv_cb,
+        .close          = l2cap_sock_close_cb,
+        .state_change   = l2cap_sock_state_change_cb,
+};
 static void l2cap_sock_destruct(struct sock *sk)
 {
        BT_DBG("sk %p", sk);
@@ -952,7 +846,7 @@ static void l2cap_sock_destruct(struct sock *sk)
        skb_queue_purge(&sk->sk_write_queue);
 }
-void l2cap_sock_init(struct sock *sk, struct sock *parent)
+static void l2cap_sock_init(struct sock *sk, struct sock *parent)
 {
        struct l2cap_pinfo *pi = l2cap_pi(sk);
        struct l2cap_chan *chan = pi->chan;
@@ -965,6 +859,7 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
                sk->sk_type = parent->sk_type;
                bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
+                chan->chan_type = pchan->chan_type;
                chan->imtu = pchan->imtu;
                chan->omtu = pchan->omtu;
                chan->conf_state = pchan->conf_state;
@@ -976,12 +871,27 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
                chan->role_switch = pchan->role_switch;
                chan->force_reliable = pchan->force_reliable;
                chan->flushable = pchan->flushable;
+                chan->force_active = pchan->force_active;
        } else {
+                switch (sk->sk_type) {
+                case SOCK_RAW:
+                        chan->chan_type = L2CAP_CHAN_RAW;
+                        break;
+                case SOCK_DGRAM:
+                        chan->chan_type = L2CAP_CHAN_CONN_LESS;
+                        break;
+                case SOCK_SEQPACKET:
+                case SOCK_STREAM:
+                        chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
+                        break;
+                }
                chan->imtu = L2CAP_DEFAULT_MTU;
                chan->omtu = 0;
                if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
                        chan->mode = L2CAP_MODE_ERTM;
-                        chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
+                        set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
                } else {
                        chan->mode = L2CAP_MODE_BASIC;
                }
@@ -992,10 +902,15 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent)
                chan->role_switch = 0;
                chan->force_reliable = 0;
                chan->flushable = BT_FLUSHABLE_OFF;
+                chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
        }
        /* Default config options */
        chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
+        chan->data = sk;
+        chan->ops = &l2cap_chan_ops;
 }
 static struct proto l2cap_proto = {
@@ -1004,9 +919,10 @@ static struct proto l2cap_proto = {
        .obj_size       = sizeof(struct l2cap_pinfo)
 };
-struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
+static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
 {
        struct sock *sk;
+        struct l2cap_chan *chan;
        sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
        if (!sk)
@@ -1023,7 +939,13 @@ struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, g
        sk->sk_protocol = proto;
        sk->sk_state = BT_OPEN;
-        setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
+        chan = l2cap_chan_create(sk);
+        if (!chan) {
+                l2cap_sock_kill(sk);
+                return NULL;
+        }
+        l2cap_pi(sk)->chan = chan;
        return sk;
 }
@@ -1032,7 +954,6 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
                             int kern)
 {
        struct sock *sk;
-        struct l2cap_chan *chan;
        BT_DBG("sock %p", sock);
@@ -1051,14 +972,6 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
        if (!sk)
                return -ENOMEM;
-        chan = l2cap_chan_create(sk);
-        if (!chan) {
-                l2cap_sock_kill(sk);
-                return -ENOMEM;
-        }
-        l2cap_pi(sk)->chan = chan;
        l2cap_sock_init(sk, NULL);
        return 0;
 }

diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 8248303f44e8..39082d4e77ce 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c
@@ -29,54 +29,11 @@
29	#include <net/bluetooth/bluetooth.h>	29	#include <net/bluetooth/bluetooth.h>
30	#include <net/bluetooth/hci_core.h>	30	#include <net/bluetooth/hci_core.h>
31	#include <net/bluetooth/l2cap.h>	31	#include <net/bluetooth/l2cap.h>
		32	#include <net/bluetooth/smp.h>
32		33
33	static const struct proto_ops l2cap_sock_ops;	34	static const struct proto_ops l2cap_sock_ops;
34		35	static void l2cap_sock_init(struct sock sk, struct sock parent);
35	/* ---- L2CAP timers ---- */	36	static struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int proto, gfp_t prio);
36	static void l2cap_sock_timeout(unsigned long arg)
37	{
38	struct sock sk = (struct sock ) arg;
39	int reason;
40
41	BT_DBG("sock %p state %d", sk, sk->sk_state);
42
43	bh_lock_sock(sk);
44
45	if (sock_owned_by_user(sk)) {
46	/* sk is owned by user. Try again later */
47	l2cap_sock_set_timer(sk, HZ / 5);
48	bh_unlock_sock(sk);
49	sock_put(sk);
50	return;
51	}
52
53	if (sk->sk_state == BT_CONNECTED \|\| sk->sk_state == BT_CONFIG)
54	reason = ECONNREFUSED;
55	else if (sk->sk_state == BT_CONNECT &&
56	l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
57	reason = ECONNREFUSED;
58	else
59	reason = ETIMEDOUT;
60
61	__l2cap_sock_close(sk, reason);
62
63	bh_unlock_sock(sk);
64
65	l2cap_sock_kill(sk);
66	sock_put(sk);
67	}
68
69	void l2cap_sock_set_timer(struct sock *sk, long timeout)
70	{
71	BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
72	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
73	}
74
75	void l2cap_sock_clear_timer(struct sock *sk)
76	{
77	BT_DBG("sock %p state %d", sk, sk->sk_state);
78	sk_stop_timer(sk, &sk->sk_timer);
79	}
80		37
81	static int l2cap_sock_bind(struct socket sock, struct sockaddr addr, int alen)	38	static int l2cap_sock_bind(struct socket sock, struct sockaddr addr, int alen)
82	{	39	{
@@ -133,6 +90,8 @@ static int l2cap_sock_bind(struct socket sock, struct sockaddr addr, int alen)
133	chan->sec_level = BT_SECURITY_SDP;	90	chan->sec_level = BT_SECURITY_SDP;
134		91
135	bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);	92	bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
		93
		94	chan->state = BT_BOUND;
136	sk->sk_state = BT_BOUND;	95	sk->sk_state = BT_BOUND;
137		96
138	done:	97	done:
@@ -162,7 +121,7 @@ static int l2cap_sock_connect(struct socket sock, struct sockaddr addr, int al
162		121
163	lock_sock(sk);	122	lock_sock(sk);
164		123
165	if ((sk->sk_type == SOCK_SEQPACKET \|\| sk->sk_type == SOCK_STREAM)	124	if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
166	&& !(la.l2_psm \|\| la.l2_cid)) {	125	&& !(la.l2_psm \|\| la.l2_cid)) {
167	err = -EINVAL;	126	err = -EINVAL;
168	goto done;	127	goto done;
@@ -204,8 +163,8 @@ static int l2cap_sock_connect(struct socket sock, struct sockaddr addr, int al
204	}	163	}
205		164
206	/* PSM must be odd and lsb of upper byte must be 0 */	165	/* PSM must be odd and lsb of upper byte must be 0 */
207	if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&	166	if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
208	sk->sk_type != SOCK_RAW && !la.l2_cid) {	167	chan->chan_type != L2CAP_CHAN_RAW) {
209	err = -EINVAL;	168	err = -EINVAL;
210	goto done;	169	goto done;
211	}	170	}
@@ -258,6 +217,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
258		217
259	sk->sk_max_ack_backlog = backlog;	218	sk->sk_max_ack_backlog = backlog;
260	sk->sk_ack_backlog = 0;	219	sk->sk_ack_backlog = 0;
		220
		221	chan->state = BT_LISTEN;
261	sk->sk_state = BT_LISTEN;	222	sk->sk_state = BT_LISTEN;
262		223
263	done:	224	done:
@@ -437,6 +398,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
437	struct sock *sk = sock->sk;	398	struct sock *sk = sock->sk;
438	struct l2cap_chan *chan = l2cap_pi(sk)->chan;	399	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
439	struct bt_security sec;	400	struct bt_security sec;
		401	struct bt_power pwr;
440	int len, err = 0;	402	int len, err = 0;
441		403
442	BT_DBG("sk %p", sk);	404	BT_DBG("sk %p", sk);
@@ -454,8 +416,8 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
454		416
455	switch (optname) {	417	switch (optname) {
456	case BT_SECURITY:	418	case BT_SECURITY:
457	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM	419	if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
458	&& sk->sk_type != SOCK_RAW) {	420	chan->chan_type != L2CAP_CHAN_RAW) {
459	err = -EINVAL;	421	err = -EINVAL;
460	break;	422	break;
461	}	423	}
@@ -485,6 +447,21 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
485		447
486	break;	448	break;
487		449
		450	case BT_POWER:
		451	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
		452	&& sk->sk_type != SOCK_RAW) {
		453	err = -EINVAL;
		454	break;
		455	}
		456
		457	pwr.force_active = chan->force_active;
		458
		459	len = min_t(unsigned int, len, sizeof(pwr));
		460	if (copy_to_user(optval, (char *) &pwr, len))
		461	err = -EFAULT;
		462
		463	break;
		464
488	default:	465	default:
489	err = -ENOPROTOOPT;	466	err = -ENOPROTOOPT;
490	break;	467	break;
@@ -535,7 +512,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
535	chan->mode = opts.mode;	512	chan->mode = opts.mode;
536	switch (chan->mode) {	513	switch (chan->mode) {
537	case L2CAP_MODE_BASIC:	514	case L2CAP_MODE_BASIC:
538	chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;	515	clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
539	break;	516	break;
540	case L2CAP_MODE_ERTM:	517	case L2CAP_MODE_ERTM:
541	case L2CAP_MODE_STREAMING:	518	case L2CAP_MODE_STREAMING:
@@ -585,6 +562,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
585	struct sock *sk = sock->sk;	562	struct sock *sk = sock->sk;
586	struct l2cap_chan *chan = l2cap_pi(sk)->chan;	563	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
587	struct bt_security sec;	564	struct bt_security sec;
		565	struct bt_power pwr;
		566	struct l2cap_conn *conn;
588	int len, err = 0;	567	int len, err = 0;
589	u32 opt;	568	u32 opt;
590		569
@@ -600,8 +579,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
600		579
601	switch (optname) {	580	switch (optname) {
602	case BT_SECURITY:	581	case BT_SECURITY:
603	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM	582	if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
604	&& sk->sk_type != SOCK_RAW) {	583	chan->chan_type != L2CAP_CHAN_RAW) {
605	err = -EINVAL;	584	err = -EINVAL;
606	break;	585	break;
607	}	586	}
@@ -621,6 +600,20 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
621	}	600	}
622		601
623	chan->sec_level = sec.level;	602	chan->sec_level = sec.level;
		603
		604	conn = chan->conn;
		605	if (conn && chan->scid == L2CAP_CID_LE_DATA) {
		606	if (!conn->hcon->out) {
		607	err = -EINVAL;
		608	break;
		609	}
		610
		611	if (smp_conn_security(conn, sec.level))
		612	break;
		613
		614	err = 0;
		615	sk->sk_state = BT_CONFIG;
		616	}
624	break;	617	break;
625		618
626	case BT_DEFER_SETUP:	619	case BT_DEFER_SETUP:
@@ -661,6 +654,23 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
661	chan->flushable = opt;	654	chan->flushable = opt;
662	break;	655	break;
663		656
		657	case BT_POWER:
		658	if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
		659	chan->chan_type != L2CAP_CHAN_RAW) {
		660	err = -EINVAL;
		661	break;
		662	}
		663
		664	pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
		665
		666	len = min_t(unsigned int, sizeof(pwr), optlen);
		667	if (copy_from_user((char *) &pwr, optval, len)) {
		668	err = -EFAULT;
		669	break;
		670	}
		671	chan->force_active = pwr.force_active;
		672	break;
		673
664	default:	674	default:
665	err = -ENOPROTOOPT;	675	err = -ENOPROTOOPT;
666	break;	676	break;
@@ -674,8 +684,6 @@ static int l2cap_sock_sendmsg(struct kiocb iocb, struct socket sock, struct ms
674	{	684	{
675	struct sock *sk = sock->sk;	685	struct sock *sk = sock->sk;
676	struct l2cap_chan *chan = l2cap_pi(sk)->chan;	686	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
677	struct sk_buff *skb;
678	u16 control;
679	int err;	687	int err;
680		688
681	BT_DBG("sock %p, sk %p", sock, sk);	689	BT_DBG("sock %p, sk %p", sock, sk);
@@ -690,87 +698,12 @@ static int l2cap_sock_sendmsg(struct kiocb iocb, struct socket sock, struct ms
690	lock_sock(sk);	698	lock_sock(sk);
691		699
692	if (sk->sk_state != BT_CONNECTED) {	700	if (sk->sk_state != BT_CONNECTED) {
693	err = -ENOTCONN;	701	release_sock(sk);
694	goto done;	702	return -ENOTCONN;
695	}
696
697	/* Connectionless channel */
698	if (sk->sk_type == SOCK_DGRAM) {
699	skb = l2cap_create_connless_pdu(chan, msg, len);
700	if (IS_ERR(skb)) {
701	err = PTR_ERR(skb);
702	} else {
703	l2cap_do_send(chan, skb);
704	err = len;
705	}
706	goto done;
707	}	703	}
708		704
709	switch (chan->mode) {	705	err = l2cap_chan_send(chan, msg, len);
710	case L2CAP_MODE_BASIC:
711	/* Check outgoing MTU */
712	if (len > chan->omtu) {
713	err = -EMSGSIZE;
714	goto done;
715	}
716
717	/* Create a basic PDU */
718	skb = l2cap_create_basic_pdu(chan, msg, len);
719	if (IS_ERR(skb)) {
720	err = PTR_ERR(skb);
721	goto done;
722	}
723
724	l2cap_do_send(chan, skb);
725	err = len;
726	break;
727
728	case L2CAP_MODE_ERTM:
729	case L2CAP_MODE_STREAMING:
730	/* Entire SDU fits into one PDU */
731	if (len <= chan->remote_mps) {
732	control = L2CAP_SDU_UNSEGMENTED;
733	skb = l2cap_create_iframe_pdu(chan, msg, len, control,
734	0);
735	if (IS_ERR(skb)) {
736	err = PTR_ERR(skb);
737	goto done;
738	}
739	__skb_queue_tail(&chan->tx_q, skb);
740
741	if (chan->tx_send_head == NULL)
742	chan->tx_send_head = skb;
743
744	} else {
745	/* Segment SDU into multiples PDUs */
746	err = l2cap_sar_segment_sdu(chan, msg, len);
747	if (err < 0)
748	goto done;
749	}
750
751	if (chan->mode == L2CAP_MODE_STREAMING) {
752	l2cap_streaming_send(chan);
753	err = len;
754	break;
755	}
756
757	if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
758	(chan->conn_state & L2CAP_CONN_WAIT_F)) {
759	err = len;
760	break;
761	}
762	err = l2cap_ertm_send(chan);
763
764	if (err >= 0)
765	err = len;
766	break;
767
768	default:
769	BT_DBG("bad state %1.1x", chan->mode);
770	err = -EBADFD;
771	}
772		706
773	done:
774	release_sock(sk);	707	release_sock(sk);
775	return err;	708	return err;
776	}	709	}
@@ -800,7 +733,7 @@ static int l2cap_sock_recvmsg(struct kiocb iocb, struct socket sock, struct ms
800	/* Kill socket (only if zapped and orphan)	733	/* Kill socket (only if zapped and orphan)
801	* Must be called on unlocked socket.	734	* Must be called on unlocked socket.
802	*/	735	*/
803	void l2cap_sock_kill(struct sock *sk)	736	static void l2cap_sock_kill(struct sock *sk)
804	{	737	{
805	if (!sock_flag(sk, SOCK_ZAPPED) \|\| sk->sk_socket)	738	if (!sock_flag(sk, SOCK_ZAPPED) \|\| sk->sk_socket)
806	return;	739	return;
@@ -814,87 +747,6 @@ void l2cap_sock_kill(struct sock *sk)
814	sock_put(sk);	747	sock_put(sk);
815	}	748	}
816		749
817	/* Must be called on unlocked socket. */
818	static void l2cap_sock_close(struct sock *sk)
819	{
820	l2cap_sock_clear_timer(sk);
821	lock_sock(sk);
822	__l2cap_sock_close(sk, ECONNRESET);
823	release_sock(sk);
824	l2cap_sock_kill(sk);
825	}
826
827	static void l2cap_sock_cleanup_listen(struct sock *parent)
828	{
829	struct sock *sk;
830
831	BT_DBG("parent %p", parent);
832
833	/* Close not yet accepted channels */
834	while ((sk = bt_accept_dequeue(parent, NULL)))
835	l2cap_sock_close(sk);
836
837	parent->sk_state = BT_CLOSED;
838	sock_set_flag(parent, SOCK_ZAPPED);
839	}
840
841	void __l2cap_sock_close(struct sock *sk, int reason)
842	{
843	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
844	struct l2cap_conn *conn = chan->conn;
845
846	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
847
848	switch (sk->sk_state) {
849	case BT_LISTEN:
850	l2cap_sock_cleanup_listen(sk);
851	break;
852
853	case BT_CONNECTED:
854	case BT_CONFIG:
855	if ((sk->sk_type == SOCK_SEQPACKET \|\|
856	sk->sk_type == SOCK_STREAM) &&
857	conn->hcon->type == ACL_LINK) {
858	l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
859	l2cap_send_disconn_req(conn, chan, reason);
860	} else
861	l2cap_chan_del(chan, reason);
862	break;
863
864	case BT_CONNECT2:
865	if ((sk->sk_type == SOCK_SEQPACKET \|\|
866	sk->sk_type == SOCK_STREAM) &&
867	conn->hcon->type == ACL_LINK) {
868	struct l2cap_conn_rsp rsp;
869	__u16 result;
870
871	if (bt_sk(sk)->defer_setup)
872	result = L2CAP_CR_SEC_BLOCK;
873	else
874	result = L2CAP_CR_BAD_PSM;
875
876	rsp.scid = cpu_to_le16(chan->dcid);
877	rsp.dcid = cpu_to_le16(chan->scid);
878	rsp.result = cpu_to_le16(result);
879	rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
880	l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
881	sizeof(rsp), &rsp);
882	}
883
884	l2cap_chan_del(chan, reason);
885	break;
886
887	case BT_CONNECT:
888	case BT_DISCONN:
889	l2cap_chan_del(chan, reason);
890	break;
891
892	default:
893	sock_set_flag(sk, SOCK_ZAPPED);
894	break;
895	}
896	}
897
898	static int l2cap_sock_shutdown(struct socket *sock, int how)	750	static int l2cap_sock_shutdown(struct socket *sock, int how)
899	{	751	{
900	struct sock *sk = sock->sk;	752	struct sock *sk = sock->sk;
@@ -912,8 +764,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
912	err = __l2cap_wait_ack(sk);	764	err = __l2cap_wait_ack(sk);
913		765
914	sk->sk_shutdown = SHUTDOWN_MASK;	766	sk->sk_shutdown = SHUTDOWN_MASK;
915	l2cap_sock_clear_timer(sk);	767	l2cap_chan_close(chan, 0);
916	__l2cap_sock_close(sk, 0);
917		768
918	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)	769	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
919	err = bt_sock_wait_state(sk, BT_CLOSED,	770	err = bt_sock_wait_state(sk, BT_CLOSED,
@@ -944,6 +795,49 @@ static int l2cap_sock_release(struct socket *sock)
944	return err;	795	return err;
945	}	796	}
946		797
		798	static struct l2cap_chan l2cap_sock_new_connection_cb(void data)
		799	{
		800	struct sock sk, parent = data;
		801
		802	sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
		803	GFP_ATOMIC);
		804	if (!sk)
		805	return NULL;
		806
		807	l2cap_sock_init(sk, parent);
		808
		809	return l2cap_pi(sk)->chan;
		810	}
		811
		812	static int l2cap_sock_recv_cb(void data, struct sk_buff skb)
		813	{
		814	struct sock *sk = data;
		815
		816	return sock_queue_rcv_skb(sk, skb);
		817	}
		818
		819	static void l2cap_sock_close_cb(void *data)
		820	{
		821	struct sock *sk = data;
		822
		823	l2cap_sock_kill(sk);
		824	}
		825
		826	static void l2cap_sock_state_change_cb(void *data, int state)
		827	{
		828	struct sock *sk = data;
		829
		830	sk->sk_state = state;
		831	}
		832
		833	static struct l2cap_ops l2cap_chan_ops = {
		834	.name = "L2CAP Socket Interface",
		835	.new_connection = l2cap_sock_new_connection_cb,
		836	.recv = l2cap_sock_recv_cb,
		837	.close = l2cap_sock_close_cb,
		838	.state_change = l2cap_sock_state_change_cb,
		839	};
		840
947	static void l2cap_sock_destruct(struct sock *sk)	841	static void l2cap_sock_destruct(struct sock *sk)
948	{	842	{
949	BT_DBG("sk %p", sk);	843	BT_DBG("sk %p", sk);
@@ -952,7 +846,7 @@ static void l2cap_sock_destruct(struct sock *sk)
952	skb_queue_purge(&sk->sk_write_queue);	846	skb_queue_purge(&sk->sk_write_queue);
953	}	847	}
954		848
955	void l2cap_sock_init(struct sock sk, struct sock parent)	849	static void l2cap_sock_init(struct sock sk, struct sock parent)
956	{	850	{
957	struct l2cap_pinfo *pi = l2cap_pi(sk);	851	struct l2cap_pinfo *pi = l2cap_pi(sk);
958	struct l2cap_chan *chan = pi->chan;	852	struct l2cap_chan *chan = pi->chan;
@@ -965,6 +859,7 @@ void l2cap_sock_init(struct sock sk, struct sock parent)
965	sk->sk_type = parent->sk_type;	859	sk->sk_type = parent->sk_type;
966	bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;	860	bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
967		861
		862	chan->chan_type = pchan->chan_type;
968	chan->imtu = pchan->imtu;	863	chan->imtu = pchan->imtu;
969	chan->omtu = pchan->omtu;	864	chan->omtu = pchan->omtu;
970	chan->conf_state = pchan->conf_state;	865	chan->conf_state = pchan->conf_state;
@@ -976,12 +871,27 @@ void l2cap_sock_init(struct sock sk, struct sock parent)
976	chan->role_switch = pchan->role_switch;	871	chan->role_switch = pchan->role_switch;
977	chan->force_reliable = pchan->force_reliable;	872	chan->force_reliable = pchan->force_reliable;
978	chan->flushable = pchan->flushable;	873	chan->flushable = pchan->flushable;
		874	chan->force_active = pchan->force_active;
979	} else {	875	} else {
		876
		877	switch (sk->sk_type) {
		878	case SOCK_RAW:
		879	chan->chan_type = L2CAP_CHAN_RAW;
		880	break;
		881	case SOCK_DGRAM:
		882	chan->chan_type = L2CAP_CHAN_CONN_LESS;
		883	break;
		884	case SOCK_SEQPACKET:
		885	case SOCK_STREAM:
		886	chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
		887	break;
		888	}
		889
980	chan->imtu = L2CAP_DEFAULT_MTU;	890	chan->imtu = L2CAP_DEFAULT_MTU;
981	chan->omtu = 0;	891	chan->omtu = 0;
982	if (!disable_ertm && sk->sk_type == SOCK_STREAM) {	892	if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
983	chan->mode = L2CAP_MODE_ERTM;	893	chan->mode = L2CAP_MODE_ERTM;
984	chan->conf_state \|= L2CAP_CONF_STATE2_DEVICE;	894	set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
985	} else {	895	} else {
986	chan->mode = L2CAP_MODE_BASIC;	896	chan->mode = L2CAP_MODE_BASIC;
987	}	897	}
@@ -992,10 +902,15 @@ void l2cap_sock_init(struct sock sk, struct sock parent)
992	chan->role_switch = 0;	902	chan->role_switch = 0;
993	chan->force_reliable = 0;	903	chan->force_reliable = 0;
994	chan->flushable = BT_FLUSHABLE_OFF;	904	chan->flushable = BT_FLUSHABLE_OFF;
		905	chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
		906
995	}	907	}
996		908
997	/* Default config options */	909	/* Default config options */
998	chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;	910	chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
		911
		912	chan->data = sk;
		913	chan->ops = &l2cap_chan_ops;
999	}	914	}
1000		915
1001	static struct proto l2cap_proto = {	916	static struct proto l2cap_proto = {
@@ -1004,9 +919,10 @@ static struct proto l2cap_proto = {
1004	.obj_size = sizeof(struct l2cap_pinfo)	919	.obj_size = sizeof(struct l2cap_pinfo)
1005	};	920	};
1006		921
1007	struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int proto, gfp_t prio)	922	static struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int proto, gfp_t prio)
1008	{	923	{
1009	struct sock *sk;	924	struct sock *sk;
		925	struct l2cap_chan *chan;
1010		926
1011	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);	927	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1012	if (!sk)	928	if (!sk)
@@ -1023,7 +939,13 @@ struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int proto, g
1023	sk->sk_protocol = proto;	939	sk->sk_protocol = proto;
1024	sk->sk_state = BT_OPEN;	940	sk->sk_state = BT_OPEN;
1025		941
1026	setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);	942	chan = l2cap_chan_create(sk);
		943	if (!chan) {
		944	l2cap_sock_kill(sk);
		945	return NULL;
		946	}
		947
		948	l2cap_pi(sk)->chan = chan;
1027		949
1028	return sk;	950	return sk;
1029	}	951	}
@@ -1032,7 +954,6 @@ static int l2cap_sock_create(struct net net, struct socket sock, int protocol,
1032	int kern)	954	int kern)
1033	{	955	{
1034	struct sock *sk;	956	struct sock *sk;
1035	struct l2cap_chan *chan;
1036		957
1037	BT_DBG("sock %p", sock);	958	BT_DBG("sock %p", sock);
1038		959
@@ -1051,14 +972,6 @@ static int l2cap_sock_create(struct net net, struct socket sock, int protocol,
1051	if (!sk)	972	if (!sk)
1052	return -ENOMEM;	973	return -ENOMEM;
1053		974
1054	chan = l2cap_chan_create(sk);
1055	if (!chan) {
1056	l2cap_sock_kill(sk);
1057	return -ENOMEM;
1058	}
1059
1060	l2cap_pi(sk)->chan = chan;
1061
1062	l2cap_sock_init(sk, NULL);	975	l2cap_sock_init(sk, NULL);
1063	return 0;	976	return 0;
1064	}	977	}