Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
[linux-2.6.git] / net / bluetooth / l2cap_sock.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5    Copyright (C) 2010 Google Inc.
6
7    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License version 2 as
11    published by the Free Software Foundation;
12
13    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24    SOFTWARE IS DISCLAIMED.
25 */
26
27 /* Bluetooth L2CAP sockets. */
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/l2cap.h>
32
33 static const struct proto_ops l2cap_sock_ops;
34
35 /* ---- L2CAP timers ---- */
36 static void l2cap_sock_timeout(unsigned long arg)
37 {
38         struct sock *sk = (struct sock *) arg;
39         int reason;
40
41         BT_DBG("sock %p state %d", sk, sk->sk_state);
42
43         bh_lock_sock(sk);
44
45         if (sock_owned_by_user(sk)) {
46                 /* sk is owned by user. Try again later */
47                 l2cap_sock_set_timer(sk, HZ / 5);
48                 bh_unlock_sock(sk);
49                 sock_put(sk);
50                 return;
51         }
52
53         if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
54                 reason = ECONNREFUSED;
55         else if (sk->sk_state == BT_CONNECT &&
56                         l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP)
57                 reason = ECONNREFUSED;
58         else
59                 reason = ETIMEDOUT;
60
61         __l2cap_sock_close(sk, reason);
62
63         bh_unlock_sock(sk);
64
65         l2cap_sock_kill(sk);
66         sock_put(sk);
67 }
68
69 void l2cap_sock_set_timer(struct sock *sk, long timeout)
70 {
71         BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
72         sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
73 }
74
75 void l2cap_sock_clear_timer(struct sock *sk)
76 {
77         BT_DBG("sock %p state %d", sk, sk->sk_state);
78         sk_stop_timer(sk, &sk->sk_timer);
79 }
80
81 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
82 {
83         struct sock *sk;
84         struct hlist_node *node;
85         sk_for_each(sk, node, &l2cap_sk_list.head) {
86                 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
87
88                 if (chan->sport == psm && !bacmp(&bt_sk(sk)->src, src))
89                         goto found;
90         }
91
92         sk = NULL;
93 found:
94         return sk;
95 }
96
97 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
98 {
99         struct sock *sk = sock->sk;
100         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
101         struct sockaddr_l2 la;
102         int len, err = 0;
103
104         BT_DBG("sk %p", sk);
105
106         if (!addr || addr->sa_family != AF_BLUETOOTH)
107                 return -EINVAL;
108
109         memset(&la, 0, sizeof(la));
110         len = min_t(unsigned int, sizeof(la), alen);
111         memcpy(&la, addr, len);
112
113         if (la.l2_cid && la.l2_psm)
114                 return -EINVAL;
115
116         lock_sock(sk);
117
118         if (sk->sk_state != BT_OPEN) {
119                 err = -EBADFD;
120                 goto done;
121         }
122
123         if (la.l2_psm) {
124                 __u16 psm = __le16_to_cpu(la.l2_psm);
125
126                 /* PSM must be odd and lsb of upper byte must be 0 */
127                 if ((psm & 0x0101) != 0x0001) {
128                         err = -EINVAL;
129                         goto done;
130                 }
131
132                 /* Restrict usage of well-known PSMs */
133                 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
134                         err = -EACCES;
135                         goto done;
136                 }
137         }
138
139         write_lock_bh(&l2cap_sk_list.lock);
140
141         if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
142                 err = -EADDRINUSE;
143         } else {
144                 /* Save source address */
145                 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
146                 chan->psm   = la.l2_psm;
147                 chan->sport = la.l2_psm;
148                 sk->sk_state = BT_BOUND;
149
150                 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
151                                         __le16_to_cpu(la.l2_psm) == 0x0003)
152                         chan->sec_level = BT_SECURITY_SDP;
153         }
154
155         if (la.l2_cid)
156                 chan->scid = la.l2_cid;
157
158         write_unlock_bh(&l2cap_sk_list.lock);
159
160 done:
161         release_sock(sk);
162         return err;
163 }
164
165 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
166 {
167         struct sock *sk = sock->sk;
168         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
169         struct sockaddr_l2 la;
170         int len, err = 0;
171
172         BT_DBG("sk %p", sk);
173
174         if (!addr || alen < sizeof(addr->sa_family) ||
175             addr->sa_family != AF_BLUETOOTH)
176                 return -EINVAL;
177
178         memset(&la, 0, sizeof(la));
179         len = min_t(unsigned int, sizeof(la), alen);
180         memcpy(&la, addr, len);
181
182         if (la.l2_cid && la.l2_psm)
183                 return -EINVAL;
184
185         lock_sock(sk);
186
187         if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
188                         && !(la.l2_psm || la.l2_cid)) {
189                 err = -EINVAL;
190                 goto done;
191         }
192
193         switch (chan->mode) {
194         case L2CAP_MODE_BASIC:
195                 break;
196         case L2CAP_MODE_ERTM:
197         case L2CAP_MODE_STREAMING:
198                 if (!disable_ertm)
199                         break;
200                 /* fall through */
201         default:
202                 err = -ENOTSUPP;
203                 goto done;
204         }
205
206         switch (sk->sk_state) {
207         case BT_CONNECT:
208         case BT_CONNECT2:
209         case BT_CONFIG:
210                 /* Already connecting */
211                 goto wait;
212
213         case BT_CONNECTED:
214                 /* Already connected */
215                 err = -EISCONN;
216                 goto done;
217
218         case BT_OPEN:
219         case BT_BOUND:
220                 /* Can connect */
221                 break;
222
223         default:
224                 err = -EBADFD;
225                 goto done;
226         }
227
228         /* PSM must be odd and lsb of upper byte must be 0 */
229         if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 &&
230                                 sk->sk_type != SOCK_RAW && !la.l2_cid) {
231                 err = -EINVAL;
232                 goto done;
233         }
234
235         /* Set destination address and psm */
236         bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
237         chan->psm = la.l2_psm;
238         chan->dcid = la.l2_cid;
239
240         err = l2cap_chan_connect(l2cap_pi(sk)->chan);
241         if (err)
242                 goto done;
243
244 wait:
245         err = bt_sock_wait_state(sk, BT_CONNECTED,
246                         sock_sndtimeo(sk, flags & O_NONBLOCK));
247 done:
248         release_sock(sk);
249         return err;
250 }
251
252 static int l2cap_sock_listen(struct socket *sock, int backlog)
253 {
254         struct sock *sk = sock->sk;
255         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
256         int err = 0;
257
258         BT_DBG("sk %p backlog %d", sk, backlog);
259
260         lock_sock(sk);
261
262         if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
263                         || sk->sk_state != BT_BOUND) {
264                 err = -EBADFD;
265                 goto done;
266         }
267
268         switch (chan->mode) {
269         case L2CAP_MODE_BASIC:
270                 break;
271         case L2CAP_MODE_ERTM:
272         case L2CAP_MODE_STREAMING:
273                 if (!disable_ertm)
274                         break;
275                 /* fall through */
276         default:
277                 err = -ENOTSUPP;
278                 goto done;
279         }
280
281         if (!chan->psm && !chan->scid) {
282                 bdaddr_t *src = &bt_sk(sk)->src;
283                 u16 psm;
284
285                 err = -EINVAL;
286
287                 write_lock_bh(&l2cap_sk_list.lock);
288
289                 for (psm = 0x1001; psm < 0x1100; psm += 2)
290                         if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
291                                 chan->psm   = cpu_to_le16(psm);
292                                 chan->sport = cpu_to_le16(psm);
293                                 err = 0;
294                                 break;
295                         }
296
297                 write_unlock_bh(&l2cap_sk_list.lock);
298
299                 if (err < 0)
300                         goto done;
301         }
302
303         sk->sk_max_ack_backlog = backlog;
304         sk->sk_ack_backlog = 0;
305         sk->sk_state = BT_LISTEN;
306
307 done:
308         release_sock(sk);
309         return err;
310 }
311
312 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
313 {
314         DECLARE_WAITQUEUE(wait, current);
315         struct sock *sk = sock->sk, *nsk;
316         long timeo;
317         int err = 0;
318
319         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
320
321         if (sk->sk_state != BT_LISTEN) {
322                 err = -EBADFD;
323                 goto done;
324         }
325
326         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
327
328         BT_DBG("sk %p timeo %ld", sk, timeo);
329
330         /* Wait for an incoming connection. (wake-one). */
331         add_wait_queue_exclusive(sk_sleep(sk), &wait);
332         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
333                 set_current_state(TASK_INTERRUPTIBLE);
334                 if (!timeo) {
335                         err = -EAGAIN;
336                         break;
337                 }
338
339                 release_sock(sk);
340                 timeo = schedule_timeout(timeo);
341                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
342
343                 if (sk->sk_state != BT_LISTEN) {
344                         err = -EBADFD;
345                         break;
346                 }
347
348                 if (signal_pending(current)) {
349                         err = sock_intr_errno(timeo);
350                         break;
351                 }
352         }
353         set_current_state(TASK_RUNNING);
354         remove_wait_queue(sk_sleep(sk), &wait);
355
356         if (err)
357                 goto done;
358
359         newsock->state = SS_CONNECTED;
360
361         BT_DBG("new socket %p", nsk);
362
363 done:
364         release_sock(sk);
365         return err;
366 }
367
368 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
369 {
370         struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
371         struct sock *sk = sock->sk;
372         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
373
374         BT_DBG("sock %p, sk %p", sock, sk);
375
376         addr->sa_family = AF_BLUETOOTH;
377         *len = sizeof(struct sockaddr_l2);
378
379         if (peer) {
380                 la->l2_psm = chan->psm;
381                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
382                 la->l2_cid = cpu_to_le16(chan->dcid);
383         } else {
384                 la->l2_psm = chan->sport;
385                 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
386                 la->l2_cid = cpu_to_le16(chan->scid);
387         }
388
389         return 0;
390 }
391
392 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
393 {
394         struct sock *sk = sock->sk;
395         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
396         struct l2cap_options opts;
397         struct l2cap_conninfo cinfo;
398         int len, err = 0;
399         u32 opt;
400
401         BT_DBG("sk %p", sk);
402
403         if (get_user(len, optlen))
404                 return -EFAULT;
405
406         lock_sock(sk);
407
408         switch (optname) {
409         case L2CAP_OPTIONS:
410                 memset(&opts, 0, sizeof(opts));
411                 opts.imtu     = chan->imtu;
412                 opts.omtu     = chan->omtu;
413                 opts.flush_to = chan->flush_to;
414                 opts.mode     = chan->mode;
415                 opts.fcs      = chan->fcs;
416                 opts.max_tx   = chan->max_tx;
417                 opts.txwin_size = (__u16)chan->tx_win;
418
419                 len = min_t(unsigned int, len, sizeof(opts));
420                 if (copy_to_user(optval, (char *) &opts, len))
421                         err = -EFAULT;
422
423                 break;
424
425         case L2CAP_LM:
426                 switch (chan->sec_level) {
427                 case BT_SECURITY_LOW:
428                         opt = L2CAP_LM_AUTH;
429                         break;
430                 case BT_SECURITY_MEDIUM:
431                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
432                         break;
433                 case BT_SECURITY_HIGH:
434                         opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
435                                                         L2CAP_LM_SECURE;
436                         break;
437                 default:
438                         opt = 0;
439                         break;
440                 }
441
442                 if (chan->role_switch)
443                         opt |= L2CAP_LM_MASTER;
444
445                 if (chan->force_reliable)
446                         opt |= L2CAP_LM_RELIABLE;
447
448                 if (put_user(opt, (u32 __user *) optval))
449                         err = -EFAULT;
450                 break;
451
452         case L2CAP_CONNINFO:
453                 if (sk->sk_state != BT_CONNECTED &&
454                                         !(sk->sk_state == BT_CONNECT2 &&
455                                                 bt_sk(sk)->defer_setup)) {
456                         err = -ENOTCONN;
457                         break;
458                 }
459
460                 cinfo.hci_handle = chan->conn->hcon->handle;
461                 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
462
463                 len = min_t(unsigned int, len, sizeof(cinfo));
464                 if (copy_to_user(optval, (char *) &cinfo, len))
465                         err = -EFAULT;
466
467                 break;
468
469         default:
470                 err = -ENOPROTOOPT;
471                 break;
472         }
473
474         release_sock(sk);
475         return err;
476 }
477
478 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
479 {
480         struct sock *sk = sock->sk;
481         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
482         struct bt_security sec;
483         int len, err = 0;
484
485         BT_DBG("sk %p", sk);
486
487         if (level == SOL_L2CAP)
488                 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
489
490         if (level != SOL_BLUETOOTH)
491                 return -ENOPROTOOPT;
492
493         if (get_user(len, optlen))
494                 return -EFAULT;
495
496         lock_sock(sk);
497
498         switch (optname) {
499         case BT_SECURITY:
500                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
501                                 && sk->sk_type != SOCK_RAW) {
502                         err = -EINVAL;
503                         break;
504                 }
505
506                 sec.level = chan->sec_level;
507
508                 len = min_t(unsigned int, len, sizeof(sec));
509                 if (copy_to_user(optval, (char *) &sec, len))
510                         err = -EFAULT;
511
512                 break;
513
514         case BT_DEFER_SETUP:
515                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
516                         err = -EINVAL;
517                         break;
518                 }
519
520                 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
521                         err = -EFAULT;
522
523                 break;
524
525         case BT_FLUSHABLE:
526                 if (put_user(chan->flushable, (u32 __user *) optval))
527                         err = -EFAULT;
528
529                 break;
530
531         default:
532                 err = -ENOPROTOOPT;
533                 break;
534         }
535
536         release_sock(sk);
537         return err;
538 }
539
540 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
541 {
542         struct sock *sk = sock->sk;
543         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
544         struct l2cap_options opts;
545         int len, err = 0;
546         u32 opt;
547
548         BT_DBG("sk %p", sk);
549
550         lock_sock(sk);
551
552         switch (optname) {
553         case L2CAP_OPTIONS:
554                 if (sk->sk_state == BT_CONNECTED) {
555                         err = -EINVAL;
556                         break;
557                 }
558
559                 opts.imtu     = chan->imtu;
560                 opts.omtu     = chan->omtu;
561                 opts.flush_to = chan->flush_to;
562                 opts.mode     = chan->mode;
563                 opts.fcs      = chan->fcs;
564                 opts.max_tx   = chan->max_tx;
565                 opts.txwin_size = (__u16)chan->tx_win;
566
567                 len = min_t(unsigned int, sizeof(opts), optlen);
568                 if (copy_from_user((char *) &opts, optval, len)) {
569                         err = -EFAULT;
570                         break;
571                 }
572
573                 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
574                         err = -EINVAL;
575                         break;
576                 }
577
578                 chan->mode = opts.mode;
579                 switch (chan->mode) {
580                 case L2CAP_MODE_BASIC:
581                         chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
582                         break;
583                 case L2CAP_MODE_ERTM:
584                 case L2CAP_MODE_STREAMING:
585                         if (!disable_ertm)
586                                 break;
587                         /* fall through */
588                 default:
589                         err = -EINVAL;
590                         break;
591                 }
592
593                 chan->imtu = opts.imtu;
594                 chan->omtu = opts.omtu;
595                 chan->fcs  = opts.fcs;
596                 chan->max_tx = opts.max_tx;
597                 chan->tx_win = (__u8)opts.txwin_size;
598                 break;
599
600         case L2CAP_LM:
601                 if (get_user(opt, (u32 __user *) optval)) {
602                         err = -EFAULT;
603                         break;
604                 }
605
606                 if (opt & L2CAP_LM_AUTH)
607                         chan->sec_level = BT_SECURITY_LOW;
608                 if (opt & L2CAP_LM_ENCRYPT)
609                         chan->sec_level = BT_SECURITY_MEDIUM;
610                 if (opt & L2CAP_LM_SECURE)
611                         chan->sec_level = BT_SECURITY_HIGH;
612
613                 chan->role_switch    = (opt & L2CAP_LM_MASTER);
614                 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
615                 break;
616
617         default:
618                 err = -ENOPROTOOPT;
619                 break;
620         }
621
622         release_sock(sk);
623         return err;
624 }
625
626 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
627 {
628         struct sock *sk = sock->sk;
629         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
630         struct bt_security sec;
631         int len, err = 0;
632         u32 opt;
633
634         BT_DBG("sk %p", sk);
635
636         if (level == SOL_L2CAP)
637                 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
638
639         if (level != SOL_BLUETOOTH)
640                 return -ENOPROTOOPT;
641
642         lock_sock(sk);
643
644         switch (optname) {
645         case BT_SECURITY:
646                 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
647                                 && sk->sk_type != SOCK_RAW) {
648                         err = -EINVAL;
649                         break;
650                 }
651
652                 sec.level = BT_SECURITY_LOW;
653
654                 len = min_t(unsigned int, sizeof(sec), optlen);
655                 if (copy_from_user((char *) &sec, optval, len)) {
656                         err = -EFAULT;
657                         break;
658                 }
659
660                 if (sec.level < BT_SECURITY_LOW ||
661                                         sec.level > BT_SECURITY_HIGH) {
662                         err = -EINVAL;
663                         break;
664                 }
665
666                 chan->sec_level = sec.level;
667                 break;
668
669         case BT_DEFER_SETUP:
670                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
671                         err = -EINVAL;
672                         break;
673                 }
674
675                 if (get_user(opt, (u32 __user *) optval)) {
676                         err = -EFAULT;
677                         break;
678                 }
679
680                 bt_sk(sk)->defer_setup = opt;
681                 break;
682
683         case BT_FLUSHABLE:
684                 if (get_user(opt, (u32 __user *) optval)) {
685                         err = -EFAULT;
686                         break;
687                 }
688
689                 if (opt > BT_FLUSHABLE_ON) {
690                         err = -EINVAL;
691                         break;
692                 }
693
694                 if (opt == BT_FLUSHABLE_OFF) {
695                         struct l2cap_conn *conn = chan->conn;
696                         /* proceed further only when we have l2cap_conn and
697                            No Flush support in the LM */
698                         if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
699                                 err = -EINVAL;
700                                 break;
701                         }
702                 }
703
704                 chan->flushable = opt;
705                 break;
706
707         default:
708                 err = -ENOPROTOOPT;
709                 break;
710         }
711
712         release_sock(sk);
713         return err;
714 }
715
716 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
717 {
718         struct sock *sk = sock->sk;
719         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
720         struct sk_buff *skb;
721         u16 control;
722         int err;
723
724         BT_DBG("sock %p, sk %p", sock, sk);
725
726         err = sock_error(sk);
727         if (err)
728                 return err;
729
730         if (msg->msg_flags & MSG_OOB)
731                 return -EOPNOTSUPP;
732
733         lock_sock(sk);
734
735         if (sk->sk_state != BT_CONNECTED) {
736                 err = -ENOTCONN;
737                 goto done;
738         }
739
740         /* Connectionless channel */
741         if (sk->sk_type == SOCK_DGRAM) {
742                 skb = l2cap_create_connless_pdu(chan, msg, len);
743                 if (IS_ERR(skb)) {
744                         err = PTR_ERR(skb);
745                 } else {
746                         l2cap_do_send(chan, skb);
747                         err = len;
748                 }
749                 goto done;
750         }
751
752         switch (chan->mode) {
753         case L2CAP_MODE_BASIC:
754                 /* Check outgoing MTU */
755                 if (len > chan->omtu) {
756                         err = -EMSGSIZE;
757                         goto done;
758                 }
759
760                 /* Create a basic PDU */
761                 skb = l2cap_create_basic_pdu(chan, msg, len);
762                 if (IS_ERR(skb)) {
763                         err = PTR_ERR(skb);
764                         goto done;
765                 }
766
767                 l2cap_do_send(chan, skb);
768                 err = len;
769                 break;
770
771         case L2CAP_MODE_ERTM:
772         case L2CAP_MODE_STREAMING:
773                 /* Entire SDU fits into one PDU */
774                 if (len <= chan->remote_mps) {
775                         control = L2CAP_SDU_UNSEGMENTED;
776                         skb = l2cap_create_iframe_pdu(chan, msg, len, control,
777                                                                         0);
778                         if (IS_ERR(skb)) {
779                                 err = PTR_ERR(skb);
780                                 goto done;
781                         }
782                         __skb_queue_tail(&chan->tx_q, skb);
783
784                         if (chan->tx_send_head == NULL)
785                                 chan->tx_send_head = skb;
786
787                 } else {
788                 /* Segment SDU into multiples PDUs */
789                         err = l2cap_sar_segment_sdu(chan, msg, len);
790                         if (err < 0)
791                                 goto done;
792                 }
793
794                 if (chan->mode == L2CAP_MODE_STREAMING) {
795                         l2cap_streaming_send(chan);
796                         err = len;
797                         break;
798                 }
799
800                 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
801                                 (chan->conn_state & L2CAP_CONN_WAIT_F)) {
802                         err = len;
803                         break;
804                 }
805                 err = l2cap_ertm_send(chan);
806
807                 if (err >= 0)
808                         err = len;
809                 break;
810
811         default:
812                 BT_DBG("bad state %1.1x", chan->mode);
813                 err = -EBADFD;
814         }
815
816 done:
817         release_sock(sk);
818         return err;
819 }
820
821 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
822 {
823         struct sock *sk = sock->sk;
824
825         lock_sock(sk);
826
827         if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
828                 sk->sk_state = BT_CONFIG;
829
830                 __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan);
831                 release_sock(sk);
832                 return 0;
833         }
834
835         release_sock(sk);
836
837         if (sock->type == SOCK_STREAM)
838                 return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
839
840         return bt_sock_recvmsg(iocb, sock, msg, len, flags);
841 }
842
843 /* Kill socket (only if zapped and orphan)
844  * Must be called on unlocked socket.
845  */
846 void l2cap_sock_kill(struct sock *sk)
847 {
848         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
849                 return;
850
851         BT_DBG("sk %p state %d", sk, sk->sk_state);
852
853         /* Kill poor orphan */
854
855         l2cap_chan_free(l2cap_pi(sk)->chan);
856         bt_sock_unlink(&l2cap_sk_list, sk);
857         sock_set_flag(sk, SOCK_DEAD);
858         sock_put(sk);
859 }
860
861 /* Must be called on unlocked socket. */
862 static void l2cap_sock_close(struct sock *sk)
863 {
864         l2cap_sock_clear_timer(sk);
865         lock_sock(sk);
866         __l2cap_sock_close(sk, ECONNRESET);
867         release_sock(sk);
868         l2cap_sock_kill(sk);
869 }
870
871 static void l2cap_sock_cleanup_listen(struct sock *parent)
872 {
873         struct sock *sk;
874
875         BT_DBG("parent %p", parent);
876
877         /* Close not yet accepted channels */
878         while ((sk = bt_accept_dequeue(parent, NULL)))
879                 l2cap_sock_close(sk);
880
881         parent->sk_state = BT_CLOSED;
882         sock_set_flag(parent, SOCK_ZAPPED);
883 }
884
885 void __l2cap_sock_close(struct sock *sk, int reason)
886 {
887         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
888         struct l2cap_conn *conn = chan->conn;
889
890         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
891
892         switch (sk->sk_state) {
893         case BT_LISTEN:
894                 l2cap_sock_cleanup_listen(sk);
895                 break;
896
897         case BT_CONNECTED:
898         case BT_CONFIG:
899                 if ((sk->sk_type == SOCK_SEQPACKET ||
900                                         sk->sk_type == SOCK_STREAM) &&
901                                         conn->hcon->type == ACL_LINK) {
902                         l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
903                         l2cap_send_disconn_req(conn, chan, reason);
904                 } else
905                         l2cap_chan_del(chan, reason);
906                 break;
907
908         case BT_CONNECT2:
909                 if ((sk->sk_type == SOCK_SEQPACKET ||
910                                         sk->sk_type == SOCK_STREAM) &&
911                                         conn->hcon->type == ACL_LINK) {
912                         struct l2cap_conn_rsp rsp;
913                         __u16 result;
914
915                         if (bt_sk(sk)->defer_setup)
916                                 result = L2CAP_CR_SEC_BLOCK;
917                         else
918                                 result = L2CAP_CR_BAD_PSM;
919
920                         rsp.scid   = cpu_to_le16(chan->dcid);
921                         rsp.dcid   = cpu_to_le16(chan->scid);
922                         rsp.result = cpu_to_le16(result);
923                         rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
924                         l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
925                                                         sizeof(rsp), &rsp);
926                 }
927
928                 l2cap_chan_del(chan, reason);
929                 break;
930
931         case BT_CONNECT:
932         case BT_DISCONN:
933                 l2cap_chan_del(chan, reason);
934                 break;
935
936         default:
937                 sock_set_flag(sk, SOCK_ZAPPED);
938                 break;
939         }
940 }
941
942 static int l2cap_sock_shutdown(struct socket *sock, int how)
943 {
944         struct sock *sk = sock->sk;
945         struct l2cap_chan *chan = l2cap_pi(sk)->chan;
946         int err = 0;
947
948         BT_DBG("sock %p, sk %p", sock, sk);
949
950         if (!sk)
951                 return 0;
952
953         lock_sock(sk);
954         if (!sk->sk_shutdown) {
955                 if (chan->mode == L2CAP_MODE_ERTM)
956                         err = __l2cap_wait_ack(sk);
957
958                 sk->sk_shutdown = SHUTDOWN_MASK;
959                 l2cap_sock_clear_timer(sk);
960                 __l2cap_sock_close(sk, 0);
961
962                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
963                         err = bt_sock_wait_state(sk, BT_CLOSED,
964                                                         sk->sk_lingertime);
965         }
966
967         if (!err && sk->sk_err)
968                 err = -sk->sk_err;
969
970         release_sock(sk);
971         return err;
972 }
973
974 static int l2cap_sock_release(struct socket *sock)
975 {
976         struct sock *sk = sock->sk;
977         int err;
978
979         BT_DBG("sock %p, sk %p", sock, sk);
980
981         if (!sk)
982                 return 0;
983
984         err = l2cap_sock_shutdown(sock, 2);
985
986         sock_orphan(sk);
987         l2cap_sock_kill(sk);
988         return err;
989 }
990
991 static void l2cap_sock_destruct(struct sock *sk)
992 {
993         BT_DBG("sk %p", sk);
994
995         skb_queue_purge(&sk->sk_receive_queue);
996         skb_queue_purge(&sk->sk_write_queue);
997 }
998
999 void l2cap_sock_init(struct sock *sk, struct sock *parent)
1000 {
1001         struct l2cap_pinfo *pi = l2cap_pi(sk);
1002         struct l2cap_chan *chan = pi->chan;
1003
1004         BT_DBG("sk %p", sk);
1005
1006         if (parent) {
1007                 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1008
1009                 sk->sk_type = parent->sk_type;
1010                 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
1011
1012                 chan->imtu = pchan->imtu;
1013                 chan->omtu = pchan->omtu;
1014                 chan->conf_state = pchan->conf_state;
1015                 chan->mode = pchan->mode;
1016                 chan->fcs  = pchan->fcs;
1017                 chan->max_tx = pchan->max_tx;
1018                 chan->tx_win = pchan->tx_win;
1019                 chan->sec_level = pchan->sec_level;
1020                 chan->role_switch = pchan->role_switch;
1021                 chan->force_reliable = pchan->force_reliable;
1022                 chan->flushable = pchan->flushable;
1023         } else {
1024                 chan->imtu = L2CAP_DEFAULT_MTU;
1025                 chan->omtu = 0;
1026                 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1027                         chan->mode = L2CAP_MODE_ERTM;
1028                         chan->conf_state |= L2CAP_CONF_STATE2_DEVICE;
1029                 } else {
1030                         chan->mode = L2CAP_MODE_BASIC;
1031                 }
1032                 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
1033                 chan->fcs  = L2CAP_FCS_CRC16;
1034                 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
1035                 chan->sec_level = BT_SECURITY_LOW;
1036                 chan->role_switch = 0;
1037                 chan->force_reliable = 0;
1038                 chan->flushable = BT_FLUSHABLE_OFF;
1039         }
1040
1041         /* Default config options */
1042         chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1043 }
1044
1045 static struct proto l2cap_proto = {
1046         .name           = "L2CAP",
1047         .owner          = THIS_MODULE,
1048         .obj_size       = sizeof(struct l2cap_pinfo)
1049 };
1050
1051 struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1052 {
1053         struct sock *sk;
1054
1055         sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1056         if (!sk)
1057                 return NULL;
1058
1059         sock_init_data(sock, sk);
1060         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1061
1062         sk->sk_destruct = l2cap_sock_destruct;
1063         sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1064
1065         sock_reset_flag(sk, SOCK_ZAPPED);
1066
1067         sk->sk_protocol = proto;
1068         sk->sk_state = BT_OPEN;
1069
1070         setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
1071
1072         bt_sock_link(&l2cap_sk_list, sk);
1073         return sk;
1074 }
1075
1076 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1077                              int kern)
1078 {
1079         struct sock *sk;
1080         struct l2cap_chan *chan;
1081
1082         BT_DBG("sock %p", sock);
1083
1084         sock->state = SS_UNCONNECTED;
1085
1086         if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1087                         sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1088                 return -ESOCKTNOSUPPORT;
1089
1090         if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1091                 return -EPERM;
1092
1093         sock->ops = &l2cap_sock_ops;
1094
1095         sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1096         if (!sk)
1097                 return -ENOMEM;
1098
1099         chan = l2cap_chan_alloc(sk);
1100         if (!chan) {
1101                 l2cap_sock_kill(sk);
1102                 return -ENOMEM;
1103         }
1104
1105         l2cap_pi(sk)->chan = chan;
1106
1107         l2cap_sock_init(sk, NULL);
1108         return 0;
1109 }
1110
1111 static const struct proto_ops l2cap_sock_ops = {
1112         .family         = PF_BLUETOOTH,
1113         .owner          = THIS_MODULE,
1114         .release        = l2cap_sock_release,
1115         .bind           = l2cap_sock_bind,
1116         .connect        = l2cap_sock_connect,
1117         .listen         = l2cap_sock_listen,
1118         .accept         = l2cap_sock_accept,
1119         .getname        = l2cap_sock_getname,
1120         .sendmsg        = l2cap_sock_sendmsg,
1121         .recvmsg        = l2cap_sock_recvmsg,
1122         .poll           = bt_sock_poll,
1123         .ioctl          = bt_sock_ioctl,
1124         .mmap           = sock_no_mmap,
1125         .socketpair     = sock_no_socketpair,
1126         .shutdown       = l2cap_sock_shutdown,
1127         .setsockopt     = l2cap_sock_setsockopt,
1128         .getsockopt     = l2cap_sock_getsockopt
1129 };
1130
1131 static const struct net_proto_family l2cap_sock_family_ops = {
1132         .family = PF_BLUETOOTH,
1133         .owner  = THIS_MODULE,
1134         .create = l2cap_sock_create,
1135 };
1136
1137 int __init l2cap_init_sockets(void)
1138 {
1139         int err;
1140
1141         err = proto_register(&l2cap_proto, 0);
1142         if (err < 0)
1143                 return err;
1144
1145         err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1146         if (err < 0)
1147                 goto error;
1148
1149         BT_INFO("L2CAP socket layer initialized");
1150
1151         return 0;
1152
1153 error:
1154         BT_ERR("L2CAP socket registration failed");
1155         proto_unregister(&l2cap_proto);
1156         return err;
1157 }
1158
1159 void l2cap_cleanup_sockets(void)
1160 {
1161         if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1162                 BT_ERR("L2CAP socket unregistration failed");
1163
1164         proto_unregister(&l2cap_proto);
1165 }