Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
[linux-btrfs-devel.git] / net / bluetooth / l2cap_sock.c
blobe8292369cdcf68981b4a59969b2c4af41b703f90
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP sockets. */
29 #include <linux/security.h>
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/smp.h>
36 static const struct proto_ops l2cap_sock_ops;
37 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
38 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
40 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
42 struct sock *sk = sock->sk;
43 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
44 struct sockaddr_l2 la;
45 int len, err = 0;
47 BT_DBG("sk %p", sk);
49 if (!addr || addr->sa_family != AF_BLUETOOTH)
50 return -EINVAL;
52 memset(&la, 0, sizeof(la));
53 len = min_t(unsigned int, sizeof(la), alen);
54 memcpy(&la, addr, len);
56 if (la.l2_cid && la.l2_psm)
57 return -EINVAL;
59 lock_sock(sk);
61 if (sk->sk_state != BT_OPEN) {
62 err = -EBADFD;
63 goto done;
66 if (la.l2_psm) {
67 __u16 psm = __le16_to_cpu(la.l2_psm);
69 /* PSM must be odd and lsb of upper byte must be 0 */
70 if ((psm & 0x0101) != 0x0001) {
71 err = -EINVAL;
72 goto done;
75 /* Restrict usage of well-known PSMs */
76 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
77 err = -EACCES;
78 goto done;
82 if (la.l2_cid)
83 err = l2cap_add_scid(chan, la.l2_cid);
84 else
85 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
87 if (err < 0)
88 goto done;
90 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
91 __le16_to_cpu(la.l2_psm) == 0x0003)
92 chan->sec_level = BT_SECURITY_SDP;
94 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
96 chan->state = BT_BOUND;
97 sk->sk_state = BT_BOUND;
99 done:
100 release_sock(sk);
101 return err;
104 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
106 struct sock *sk = sock->sk;
107 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
108 struct sockaddr_l2 la;
109 int len, err = 0;
111 BT_DBG("sk %p", sk);
113 if (!addr || alen < sizeof(addr->sa_family) ||
114 addr->sa_family != AF_BLUETOOTH)
115 return -EINVAL;
117 memset(&la, 0, sizeof(la));
118 len = min_t(unsigned int, sizeof(la), alen);
119 memcpy(&la, addr, len);
121 if (la.l2_cid && la.l2_psm)
122 return -EINVAL;
124 lock_sock(sk);
126 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED
127 && !(la.l2_psm || la.l2_cid)) {
128 err = -EINVAL;
129 goto done;
132 switch (chan->mode) {
133 case L2CAP_MODE_BASIC:
134 break;
135 case L2CAP_MODE_ERTM:
136 case L2CAP_MODE_STREAMING:
137 if (!disable_ertm)
138 break;
139 /* fall through */
140 default:
141 err = -ENOTSUPP;
142 goto done;
145 switch (sk->sk_state) {
146 case BT_CONNECT:
147 case BT_CONNECT2:
148 case BT_CONFIG:
149 /* Already connecting */
150 goto wait;
152 case BT_CONNECTED:
153 /* Already connected */
154 err = -EISCONN;
155 goto done;
157 case BT_OPEN:
158 case BT_BOUND:
159 /* Can connect */
160 break;
162 default:
163 err = -EBADFD;
164 goto done;
167 /* PSM must be odd and lsb of upper byte must be 0 */
168 if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid &&
169 chan->chan_type != L2CAP_CHAN_RAW) {
170 err = -EINVAL;
171 goto done;
174 /* Set destination address and psm */
175 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
176 chan->psm = la.l2_psm;
177 chan->dcid = la.l2_cid;
179 err = l2cap_chan_connect(l2cap_pi(sk)->chan);
180 if (err)
181 goto done;
183 wait:
184 err = bt_sock_wait_state(sk, BT_CONNECTED,
185 sock_sndtimeo(sk, flags & O_NONBLOCK));
186 done:
187 release_sock(sk);
188 return err;
191 static int l2cap_sock_listen(struct socket *sock, int backlog)
193 struct sock *sk = sock->sk;
194 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
195 int err = 0;
197 BT_DBG("sk %p backlog %d", sk, backlog);
199 lock_sock(sk);
201 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
202 || sk->sk_state != BT_BOUND) {
203 err = -EBADFD;
204 goto done;
207 switch (chan->mode) {
208 case L2CAP_MODE_BASIC:
209 break;
210 case L2CAP_MODE_ERTM:
211 case L2CAP_MODE_STREAMING:
212 if (!disable_ertm)
213 break;
214 /* fall through */
215 default:
216 err = -ENOTSUPP;
217 goto done;
220 sk->sk_max_ack_backlog = backlog;
221 sk->sk_ack_backlog = 0;
223 chan->state = BT_LISTEN;
224 sk->sk_state = BT_LISTEN;
226 done:
227 release_sock(sk);
228 return err;
231 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
233 DECLARE_WAITQUEUE(wait, current);
234 struct sock *sk = sock->sk, *nsk;
235 long timeo;
236 int err = 0;
238 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
240 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
242 BT_DBG("sk %p timeo %ld", sk, timeo);
244 /* Wait for an incoming connection. (wake-one). */
245 add_wait_queue_exclusive(sk_sleep(sk), &wait);
246 while (1) {
247 set_current_state(TASK_INTERRUPTIBLE);
249 if (sk->sk_state != BT_LISTEN) {
250 err = -EBADFD;
251 break;
254 nsk = bt_accept_dequeue(sk, newsock);
255 if (nsk)
256 break;
258 if (!timeo) {
259 err = -EAGAIN;
260 break;
263 if (signal_pending(current)) {
264 err = sock_intr_errno(timeo);
265 break;
268 release_sock(sk);
269 timeo = schedule_timeout(timeo);
270 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
272 __set_current_state(TASK_RUNNING);
273 remove_wait_queue(sk_sleep(sk), &wait);
275 if (err)
276 goto done;
278 newsock->state = SS_CONNECTED;
280 BT_DBG("new socket %p", nsk);
282 done:
283 release_sock(sk);
284 return err;
287 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
289 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
290 struct sock *sk = sock->sk;
291 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
293 BT_DBG("sock %p, sk %p", sock, sk);
295 addr->sa_family = AF_BLUETOOTH;
296 *len = sizeof(struct sockaddr_l2);
298 if (peer) {
299 la->l2_psm = chan->psm;
300 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
301 la->l2_cid = cpu_to_le16(chan->dcid);
302 } else {
303 la->l2_psm = chan->sport;
304 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
305 la->l2_cid = cpu_to_le16(chan->scid);
308 return 0;
311 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
313 struct sock *sk = sock->sk;
314 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
315 struct l2cap_options opts;
316 struct l2cap_conninfo cinfo;
317 int len, err = 0;
318 u32 opt;
320 BT_DBG("sk %p", sk);
322 if (get_user(len, optlen))
323 return -EFAULT;
325 lock_sock(sk);
327 switch (optname) {
328 case L2CAP_OPTIONS:
329 memset(&opts, 0, sizeof(opts));
330 opts.imtu = chan->imtu;
331 opts.omtu = chan->omtu;
332 opts.flush_to = chan->flush_to;
333 opts.mode = chan->mode;
334 opts.fcs = chan->fcs;
335 opts.max_tx = chan->max_tx;
336 opts.txwin_size = (__u16)chan->tx_win;
338 len = min_t(unsigned int, len, sizeof(opts));
339 if (copy_to_user(optval, (char *) &opts, len))
340 err = -EFAULT;
342 break;
344 case L2CAP_LM:
345 switch (chan->sec_level) {
346 case BT_SECURITY_LOW:
347 opt = L2CAP_LM_AUTH;
348 break;
349 case BT_SECURITY_MEDIUM:
350 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
351 break;
352 case BT_SECURITY_HIGH:
353 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
354 L2CAP_LM_SECURE;
355 break;
356 default:
357 opt = 0;
358 break;
361 if (chan->role_switch)
362 opt |= L2CAP_LM_MASTER;
364 if (chan->force_reliable)
365 opt |= L2CAP_LM_RELIABLE;
367 if (put_user(opt, (u32 __user *) optval))
368 err = -EFAULT;
369 break;
371 case L2CAP_CONNINFO:
372 if (sk->sk_state != BT_CONNECTED &&
373 !(sk->sk_state == BT_CONNECT2 &&
374 bt_sk(sk)->defer_setup)) {
375 err = -ENOTCONN;
376 break;
379 memset(&cinfo, 0, sizeof(cinfo));
380 cinfo.hci_handle = chan->conn->hcon->handle;
381 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
383 len = min_t(unsigned int, len, sizeof(cinfo));
384 if (copy_to_user(optval, (char *) &cinfo, len))
385 err = -EFAULT;
387 break;
389 default:
390 err = -ENOPROTOOPT;
391 break;
394 release_sock(sk);
395 return err;
398 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
400 struct sock *sk = sock->sk;
401 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
402 struct bt_security sec;
403 struct bt_power pwr;
404 int len, err = 0;
406 BT_DBG("sk %p", sk);
408 if (level == SOL_L2CAP)
409 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
411 if (level != SOL_BLUETOOTH)
412 return -ENOPROTOOPT;
414 if (get_user(len, optlen))
415 return -EFAULT;
417 lock_sock(sk);
419 switch (optname) {
420 case BT_SECURITY:
421 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
422 chan->chan_type != L2CAP_CHAN_RAW) {
423 err = -EINVAL;
424 break;
427 memset(&sec, 0, sizeof(sec));
428 sec.level = chan->sec_level;
430 if (sk->sk_state == BT_CONNECTED)
431 sec.key_size = chan->conn->hcon->enc_key_size;
433 len = min_t(unsigned int, len, sizeof(sec));
434 if (copy_to_user(optval, (char *) &sec, len))
435 err = -EFAULT;
437 break;
439 case BT_DEFER_SETUP:
440 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
441 err = -EINVAL;
442 break;
445 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
446 err = -EFAULT;
448 break;
450 case BT_FLUSHABLE:
451 if (put_user(chan->flushable, (u32 __user *) optval))
452 err = -EFAULT;
454 break;
456 case BT_POWER:
457 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
458 && sk->sk_type != SOCK_RAW) {
459 err = -EINVAL;
460 break;
463 pwr.force_active = chan->force_active;
465 len = min_t(unsigned int, len, sizeof(pwr));
466 if (copy_to_user(optval, (char *) &pwr, len))
467 err = -EFAULT;
469 break;
471 default:
472 err = -ENOPROTOOPT;
473 break;
476 release_sock(sk);
477 return err;
480 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
482 struct sock *sk = sock->sk;
483 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
484 struct l2cap_options opts;
485 int len, err = 0;
486 u32 opt;
488 BT_DBG("sk %p", sk);
490 lock_sock(sk);
492 switch (optname) {
493 case L2CAP_OPTIONS:
494 if (sk->sk_state == BT_CONNECTED) {
495 err = -EINVAL;
496 break;
499 opts.imtu = chan->imtu;
500 opts.omtu = chan->omtu;
501 opts.flush_to = chan->flush_to;
502 opts.mode = chan->mode;
503 opts.fcs = chan->fcs;
504 opts.max_tx = chan->max_tx;
505 opts.txwin_size = (__u16)chan->tx_win;
507 len = min_t(unsigned int, sizeof(opts), optlen);
508 if (copy_from_user((char *) &opts, optval, len)) {
509 err = -EFAULT;
510 break;
513 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
514 err = -EINVAL;
515 break;
518 chan->mode = opts.mode;
519 switch (chan->mode) {
520 case L2CAP_MODE_BASIC:
521 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
522 break;
523 case L2CAP_MODE_ERTM:
524 case L2CAP_MODE_STREAMING:
525 if (!disable_ertm)
526 break;
527 /* fall through */
528 default:
529 err = -EINVAL;
530 break;
533 chan->imtu = opts.imtu;
534 chan->omtu = opts.omtu;
535 chan->fcs = opts.fcs;
536 chan->max_tx = opts.max_tx;
537 chan->tx_win = (__u8)opts.txwin_size;
538 break;
540 case L2CAP_LM:
541 if (get_user(opt, (u32 __user *) optval)) {
542 err = -EFAULT;
543 break;
546 if (opt & L2CAP_LM_AUTH)
547 chan->sec_level = BT_SECURITY_LOW;
548 if (opt & L2CAP_LM_ENCRYPT)
549 chan->sec_level = BT_SECURITY_MEDIUM;
550 if (opt & L2CAP_LM_SECURE)
551 chan->sec_level = BT_SECURITY_HIGH;
553 chan->role_switch = (opt & L2CAP_LM_MASTER);
554 chan->force_reliable = (opt & L2CAP_LM_RELIABLE);
555 break;
557 default:
558 err = -ENOPROTOOPT;
559 break;
562 release_sock(sk);
563 return err;
566 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
568 struct sock *sk = sock->sk;
569 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
570 struct bt_security sec;
571 struct bt_power pwr;
572 struct l2cap_conn *conn;
573 int len, err = 0;
574 u32 opt;
576 BT_DBG("sk %p", sk);
578 if (level == SOL_L2CAP)
579 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
581 if (level != SOL_BLUETOOTH)
582 return -ENOPROTOOPT;
584 lock_sock(sk);
586 switch (optname) {
587 case BT_SECURITY:
588 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
589 chan->chan_type != L2CAP_CHAN_RAW) {
590 err = -EINVAL;
591 break;
594 sec.level = BT_SECURITY_LOW;
596 len = min_t(unsigned int, sizeof(sec), optlen);
597 if (copy_from_user((char *) &sec, optval, len)) {
598 err = -EFAULT;
599 break;
602 if (sec.level < BT_SECURITY_LOW ||
603 sec.level > BT_SECURITY_HIGH) {
604 err = -EINVAL;
605 break;
608 chan->sec_level = sec.level;
610 conn = chan->conn;
611 if (conn && chan->scid == L2CAP_CID_LE_DATA) {
612 if (!conn->hcon->out) {
613 err = -EINVAL;
614 break;
617 if (smp_conn_security(conn, sec.level))
618 break;
620 err = 0;
621 sk->sk_state = BT_CONFIG;
623 break;
625 case BT_DEFER_SETUP:
626 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
627 err = -EINVAL;
628 break;
631 if (get_user(opt, (u32 __user *) optval)) {
632 err = -EFAULT;
633 break;
636 bt_sk(sk)->defer_setup = opt;
637 break;
639 case BT_FLUSHABLE:
640 if (get_user(opt, (u32 __user *) optval)) {
641 err = -EFAULT;
642 break;
645 if (opt > BT_FLUSHABLE_ON) {
646 err = -EINVAL;
647 break;
650 if (opt == BT_FLUSHABLE_OFF) {
651 struct l2cap_conn *conn = chan->conn;
652 /* proceed further only when we have l2cap_conn and
653 No Flush support in the LM */
654 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
655 err = -EINVAL;
656 break;
660 chan->flushable = opt;
661 break;
663 case BT_POWER:
664 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
665 chan->chan_type != L2CAP_CHAN_RAW) {
666 err = -EINVAL;
667 break;
670 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
672 len = min_t(unsigned int, sizeof(pwr), optlen);
673 if (copy_from_user((char *) &pwr, optval, len)) {
674 err = -EFAULT;
675 break;
677 chan->force_active = pwr.force_active;
678 break;
680 default:
681 err = -ENOPROTOOPT;
682 break;
685 release_sock(sk);
686 return err;
689 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
691 struct sock *sk = sock->sk;
692 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
693 int err;
695 BT_DBG("sock %p, sk %p", sock, sk);
697 err = sock_error(sk);
698 if (err)
699 return err;
701 if (msg->msg_flags & MSG_OOB)
702 return -EOPNOTSUPP;
704 lock_sock(sk);
706 if (sk->sk_state != BT_CONNECTED) {
707 release_sock(sk);
708 return -ENOTCONN;
711 err = l2cap_chan_send(chan, msg, len);
713 release_sock(sk);
714 return err;
717 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
719 struct sock *sk = sock->sk;
720 struct l2cap_pinfo *pi = l2cap_pi(sk);
721 int err;
723 lock_sock(sk);
725 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
726 sk->sk_state = BT_CONFIG;
728 __l2cap_connect_rsp_defer(pi->chan);
729 release_sock(sk);
730 return 0;
733 release_sock(sk);
735 if (sock->type == SOCK_STREAM)
736 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
737 else
738 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
740 if (pi->chan->mode != L2CAP_MODE_ERTM)
741 return err;
743 /* Attempt to put pending rx data in the socket buffer */
745 lock_sock(sk);
747 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
748 goto done;
750 if (pi->rx_busy_skb) {
751 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
752 pi->rx_busy_skb = NULL;
753 else
754 goto done;
757 /* Restore data flow when half of the receive buffer is
758 * available. This avoids resending large numbers of
759 * frames.
761 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
762 l2cap_chan_busy(pi->chan, 0);
764 done:
765 release_sock(sk);
766 return err;
769 /* Kill socket (only if zapped and orphan)
770 * Must be called on unlocked socket.
772 static void l2cap_sock_kill(struct sock *sk)
774 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
775 return;
777 BT_DBG("sk %p state %d", sk, sk->sk_state);
779 /* Kill poor orphan */
781 l2cap_chan_destroy(l2cap_pi(sk)->chan);
782 sock_set_flag(sk, SOCK_DEAD);
783 sock_put(sk);
786 static int l2cap_sock_shutdown(struct socket *sock, int how)
788 struct sock *sk = sock->sk;
789 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
790 int err = 0;
792 BT_DBG("sock %p, sk %p", sock, sk);
794 if (!sk)
795 return 0;
797 lock_sock(sk);
798 if (!sk->sk_shutdown) {
799 if (chan->mode == L2CAP_MODE_ERTM)
800 err = __l2cap_wait_ack(sk);
802 sk->sk_shutdown = SHUTDOWN_MASK;
803 l2cap_chan_close(chan, 0);
805 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
806 err = bt_sock_wait_state(sk, BT_CLOSED,
807 sk->sk_lingertime);
810 if (!err && sk->sk_err)
811 err = -sk->sk_err;
813 release_sock(sk);
814 return err;
817 static int l2cap_sock_release(struct socket *sock)
819 struct sock *sk = sock->sk;
820 int err;
822 BT_DBG("sock %p, sk %p", sock, sk);
824 if (!sk)
825 return 0;
827 err = l2cap_sock_shutdown(sock, 2);
829 sock_orphan(sk);
830 l2cap_sock_kill(sk);
831 return err;
834 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
836 struct sock *sk, *parent = data;
838 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
839 GFP_ATOMIC);
840 if (!sk)
841 return NULL;
843 l2cap_sock_init(sk, parent);
845 return l2cap_pi(sk)->chan;
848 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
850 int err;
851 struct sock *sk = data;
852 struct l2cap_pinfo *pi = l2cap_pi(sk);
854 if (pi->rx_busy_skb)
855 return -ENOMEM;
857 err = sock_queue_rcv_skb(sk, skb);
859 /* For ERTM, handle one skb that doesn't fit into the recv
860 * buffer. This is important to do because the data frames
861 * have already been acked, so the skb cannot be discarded.
863 * Notify the l2cap core that the buffer is full, so the
864 * LOCAL_BUSY state is entered and no more frames are
865 * acked and reassembled until there is buffer space
866 * available.
868 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
869 pi->rx_busy_skb = skb;
870 l2cap_chan_busy(pi->chan, 1);
871 err = 0;
874 return err;
877 static void l2cap_sock_close_cb(void *data)
879 struct sock *sk = data;
881 l2cap_sock_kill(sk);
884 static void l2cap_sock_state_change_cb(void *data, int state)
886 struct sock *sk = data;
888 sk->sk_state = state;
891 static struct l2cap_ops l2cap_chan_ops = {
892 .name = "L2CAP Socket Interface",
893 .new_connection = l2cap_sock_new_connection_cb,
894 .recv = l2cap_sock_recv_cb,
895 .close = l2cap_sock_close_cb,
896 .state_change = l2cap_sock_state_change_cb,
899 static void l2cap_sock_destruct(struct sock *sk)
901 BT_DBG("sk %p", sk);
903 if (l2cap_pi(sk)->rx_busy_skb) {
904 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
905 l2cap_pi(sk)->rx_busy_skb = NULL;
908 skb_queue_purge(&sk->sk_receive_queue);
909 skb_queue_purge(&sk->sk_write_queue);
912 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
914 struct l2cap_pinfo *pi = l2cap_pi(sk);
915 struct l2cap_chan *chan = pi->chan;
917 BT_DBG("sk %p", sk);
919 if (parent) {
920 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
922 sk->sk_type = parent->sk_type;
923 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
925 chan->chan_type = pchan->chan_type;
926 chan->imtu = pchan->imtu;
927 chan->omtu = pchan->omtu;
928 chan->conf_state = pchan->conf_state;
929 chan->mode = pchan->mode;
930 chan->fcs = pchan->fcs;
931 chan->max_tx = pchan->max_tx;
932 chan->tx_win = pchan->tx_win;
933 chan->sec_level = pchan->sec_level;
934 chan->role_switch = pchan->role_switch;
935 chan->force_reliable = pchan->force_reliable;
936 chan->flushable = pchan->flushable;
937 chan->force_active = pchan->force_active;
939 security_sk_clone(parent, sk);
940 } else {
942 switch (sk->sk_type) {
943 case SOCK_RAW:
944 chan->chan_type = L2CAP_CHAN_RAW;
945 break;
946 case SOCK_DGRAM:
947 chan->chan_type = L2CAP_CHAN_CONN_LESS;
948 break;
949 case SOCK_SEQPACKET:
950 case SOCK_STREAM:
951 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
952 break;
955 chan->imtu = L2CAP_DEFAULT_MTU;
956 chan->omtu = 0;
957 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
958 chan->mode = L2CAP_MODE_ERTM;
959 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
960 } else {
961 chan->mode = L2CAP_MODE_BASIC;
963 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
964 chan->fcs = L2CAP_FCS_CRC16;
965 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
966 chan->sec_level = BT_SECURITY_LOW;
967 chan->role_switch = 0;
968 chan->force_reliable = 0;
969 chan->flushable = BT_FLUSHABLE_OFF;
970 chan->force_active = BT_POWER_FORCE_ACTIVE_ON;
974 /* Default config options */
975 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
977 chan->data = sk;
978 chan->ops = &l2cap_chan_ops;
981 static struct proto l2cap_proto = {
982 .name = "L2CAP",
983 .owner = THIS_MODULE,
984 .obj_size = sizeof(struct l2cap_pinfo)
987 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
989 struct sock *sk;
990 struct l2cap_chan *chan;
992 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
993 if (!sk)
994 return NULL;
996 sock_init_data(sock, sk);
997 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
999 sk->sk_destruct = l2cap_sock_destruct;
1000 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1002 sock_reset_flag(sk, SOCK_ZAPPED);
1004 sk->sk_protocol = proto;
1005 sk->sk_state = BT_OPEN;
1007 chan = l2cap_chan_create(sk);
1008 if (!chan) {
1009 l2cap_sock_kill(sk);
1010 return NULL;
1013 l2cap_pi(sk)->chan = chan;
1015 return sk;
1018 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1019 int kern)
1021 struct sock *sk;
1023 BT_DBG("sock %p", sock);
1025 sock->state = SS_UNCONNECTED;
1027 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1028 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1029 return -ESOCKTNOSUPPORT;
1031 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1032 return -EPERM;
1034 sock->ops = &l2cap_sock_ops;
1036 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1037 if (!sk)
1038 return -ENOMEM;
1040 l2cap_sock_init(sk, NULL);
1041 return 0;
1044 static const struct proto_ops l2cap_sock_ops = {
1045 .family = PF_BLUETOOTH,
1046 .owner = THIS_MODULE,
1047 .release = l2cap_sock_release,
1048 .bind = l2cap_sock_bind,
1049 .connect = l2cap_sock_connect,
1050 .listen = l2cap_sock_listen,
1051 .accept = l2cap_sock_accept,
1052 .getname = l2cap_sock_getname,
1053 .sendmsg = l2cap_sock_sendmsg,
1054 .recvmsg = l2cap_sock_recvmsg,
1055 .poll = bt_sock_poll,
1056 .ioctl = bt_sock_ioctl,
1057 .mmap = sock_no_mmap,
1058 .socketpair = sock_no_socketpair,
1059 .shutdown = l2cap_sock_shutdown,
1060 .setsockopt = l2cap_sock_setsockopt,
1061 .getsockopt = l2cap_sock_getsockopt
1064 static const struct net_proto_family l2cap_sock_family_ops = {
1065 .family = PF_BLUETOOTH,
1066 .owner = THIS_MODULE,
1067 .create = l2cap_sock_create,
1070 int __init l2cap_init_sockets(void)
1072 int err;
1074 err = proto_register(&l2cap_proto, 0);
1075 if (err < 0)
1076 return err;
1078 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1079 if (err < 0)
1080 goto error;
1082 BT_INFO("L2CAP socket layer initialized");
1084 return 0;
1086 error:
1087 BT_ERR("L2CAP socket registration failed");
1088 proto_unregister(&l2cap_proto);
1089 return err;
1092 void l2cap_cleanup_sockets(void)
1094 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1095 BT_ERR("L2CAP socket unregistration failed");
1097 proto_unregister(&l2cap_proto);