search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s390: block: add SPDX identifiers to the remaining files
[linux/fpc-iii.git] / net / bluetooth / l2cap_sock.c
blob67a8642f57ea7c8ceadc1d379019ea6135877068
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/module.h>
31 #include <linux/export.h>
32 #include <linux/sched/signal.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/l2cap.h>
37
38 #include "smp.h"
39
40 static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42 };
43
44 static const struct proto_ops l2cap_sock_ops;
45 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49 bool l2cap_is_socket(struct socket *sock)
50 {
51 return sock && sock->ops == &l2cap_sock_ops;
52 }
53 EXPORT_SYMBOL(l2cap_is_socket);
54
55 static int l2cap_validate_bredr_psm(u16 psm)
56 {
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66 }
67
68 static int l2cap_validate_le_psm(u16 psm)
69 {
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79 }
80
81 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82 {
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170 done:
171 release_sock(sk);
172 return err;
173 }
174
175 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177 {
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251 }
252
253 static int l2cap_sock_listen(struct socket *sock, int backlog)
254 {
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
283 err = -EOPNOTSUPP;
284 goto done;
285 }
286
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
289
290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
298
299 done:
300 release_sock(sk);
301 return err;
302 }
303
304 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
306 {
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
320 while (1) {
321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
323 break;
324 }
325
326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
329
330 if (!timeo) {
331 err = -EAGAIN;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339
340 release_sock(sk);
341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345 }
346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355 done:
356 release_sock(sk);
357 return err;
358 }
359
360 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int *len, int peer)
362 {
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
372 return -ENOTCONN;
373
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376 *len = sizeof(struct sockaddr_l2);
377
378 la->l2_psm = chan->psm;
379
380 if (peer) {
381 bacpy(&la->l2_bdaddr, &chan->dst);
382 la->l2_cid = cpu_to_le16(chan->dcid);
383 la->l2_bdaddr_type = chan->dst_type;
384 } else {
385 bacpy(&la->l2_bdaddr, &chan->src);
386 la->l2_cid = cpu_to_le16(chan->scid);
387 la->l2_bdaddr_type = chan->src_type;
388 }
389
390 return 0;
391 }
392
393 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
394 char __user *optval, int __user *optlen)
395 {
396 struct sock *sk = sock->sk;
397 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
398 struct l2cap_options opts;
399 struct l2cap_conninfo cinfo;
400 int len, err = 0;
401 u32 opt;
402
403 BT_DBG("sk %p", sk);
404
405 if (get_user(len, optlen))
406 return -EFAULT;
407
408 lock_sock(sk);
409
410 switch (optname) {
411 case L2CAP_OPTIONS:
412 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
413 * legacy ATT code depends on getsockopt for
414 * L2CAP_OPTIONS we need to let this pass.
415 */
416 if (bdaddr_type_is_le(chan->src_type) &&
417 chan->scid != L2CAP_CID_ATT) {
418 err = -EINVAL;
419 break;
420 }
421
422 memset(&opts, 0, sizeof(opts));
423 opts.imtu = chan->imtu;
424 opts.omtu = chan->omtu;
425 opts.flush_to = chan->flush_to;
426 opts.mode = chan->mode;
427 opts.fcs = chan->fcs;
428 opts.max_tx = chan->max_tx;
429 opts.txwin_size = chan->tx_win;
430
431 len = min_t(unsigned int, len, sizeof(opts));
432 if (copy_to_user(optval, (char *) &opts, len))
433 err = -EFAULT;
434
435 break;
436
437 case L2CAP_LM:
438 switch (chan->sec_level) {
439 case BT_SECURITY_LOW:
440 opt = L2CAP_LM_AUTH;
441 break;
442 case BT_SECURITY_MEDIUM:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444 break;
445 case BT_SECURITY_HIGH:
446 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
447 L2CAP_LM_SECURE;
448 break;
449 case BT_SECURITY_FIPS:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
451 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
452 break;
453 default:
454 opt = 0;
455 break;
456 }
457
458 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
459 opt |= L2CAP_LM_MASTER;
460
461 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
462 opt |= L2CAP_LM_RELIABLE;
463
464 if (put_user(opt, (u32 __user *) optval))
465 err = -EFAULT;
466
467 break;
468
469 case L2CAP_CONNINFO:
470 if (sk->sk_state != BT_CONNECTED &&
471 !(sk->sk_state == BT_CONNECT2 &&
472 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
473 err = -ENOTCONN;
474 break;
475 }
476
477 memset(&cinfo, 0, sizeof(cinfo));
478 cinfo.hci_handle = chan->conn->hcon->handle;
479 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
480
481 len = min_t(unsigned int, len, sizeof(cinfo));
482 if (copy_to_user(optval, (char *) &cinfo, len))
483 err = -EFAULT;
484
485 break;
486
487 default:
488 err = -ENOPROTOOPT;
489 break;
490 }
491
492 release_sock(sk);
493 return err;
494 }
495
496 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
497 char __user *optval, int __user *optlen)
498 {
499 struct sock *sk = sock->sk;
500 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501 struct bt_security sec;
502 struct bt_power pwr;
503 int len, err = 0;
504
505 BT_DBG("sk %p", sk);
506
507 if (level == SOL_L2CAP)
508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509
510 if (level != SOL_BLUETOOTH)
511 return -ENOPROTOOPT;
512
513 if (get_user(len, optlen))
514 return -EFAULT;
515
516 lock_sock(sk);
517
518 switch (optname) {
519 case BT_SECURITY:
520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
521 chan->chan_type != L2CAP_CHAN_FIXED &&
522 chan->chan_type != L2CAP_CHAN_RAW) {
523 err = -EINVAL;
524 break;
525 }
526
527 memset(&sec, 0, sizeof(sec));
528 if (chan->conn) {
529 sec.level = chan->conn->hcon->sec_level;
530
531 if (sk->sk_state == BT_CONNECTED)
532 sec.key_size = chan->conn->hcon->enc_key_size;
533 } else {
534 sec.level = chan->sec_level;
535 }
536
537 len = min_t(unsigned int, len, sizeof(sec));
538 if (copy_to_user(optval, (char *) &sec, len))
539 err = -EFAULT;
540
541 break;
542
543 case BT_DEFER_SETUP:
544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
545 err = -EINVAL;
546 break;
547 }
548
549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550 (u32 __user *) optval))
551 err = -EFAULT;
552
553 break;
554
555 case BT_FLUSHABLE:
556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
557 (u32 __user *) optval))
558 err = -EFAULT;
559
560 break;
561
562 case BT_POWER:
563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
564 && sk->sk_type != SOCK_RAW) {
565 err = -EINVAL;
566 break;
567 }
568
569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
570
571 len = min_t(unsigned int, len, sizeof(pwr));
572 if (copy_to_user(optval, (char *) &pwr, len))
573 err = -EFAULT;
574
575 break;
576
577 case BT_CHANNEL_POLICY:
578 if (put_user(chan->chan_policy, (u32 __user *) optval))
579 err = -EFAULT;
580 break;
581
582 case BT_SNDMTU:
583 if (!bdaddr_type_is_le(chan->src_type)) {
584 err = -EINVAL;
585 break;
586 }
587
588 if (sk->sk_state != BT_CONNECTED) {
589 err = -ENOTCONN;
590 break;
591 }
592
593 if (put_user(chan->omtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
597 case BT_RCVMTU:
598 if (!bdaddr_type_is_le(chan->src_type)) {
599 err = -EINVAL;
600 break;
601 }
602
603 if (put_user(chan->imtu, (u16 __user *) optval))
604 err = -EFAULT;
605 break;
606
607 default:
608 err = -ENOPROTOOPT;
609 break;
610 }
611
612 release_sock(sk);
613 return err;
614 }
615
616 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617 {
618 switch (chan->scid) {
619 case L2CAP_CID_ATT:
620 if (mtu < L2CAP_LE_MIN_MTU)
621 return false;
622 break;
623
624 default:
625 if (mtu < L2CAP_DEFAULT_MIN_MTU)
626 return false;
627 }
628
629 return true;
630 }
631
632 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
633 char __user *optval, unsigned int optlen)
634 {
635 struct sock *sk = sock->sk;
636 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
637 struct l2cap_options opts;
638 int len, err = 0;
639 u32 opt;
640
641 BT_DBG("sk %p", sk);
642
643 lock_sock(sk);
644
645 switch (optname) {
646 case L2CAP_OPTIONS:
647 if (bdaddr_type_is_le(chan->src_type)) {
648 err = -EINVAL;
649 break;
650 }
651
652 if (sk->sk_state == BT_CONNECTED) {
653 err = -EINVAL;
654 break;
655 }
656
657 opts.imtu = chan->imtu;
658 opts.omtu = chan->omtu;
659 opts.flush_to = chan->flush_to;
660 opts.mode = chan->mode;
661 opts.fcs = chan->fcs;
662 opts.max_tx = chan->max_tx;
663 opts.txwin_size = chan->tx_win;
664
665 len = min_t(unsigned int, sizeof(opts), optlen);
666 if (copy_from_user((char *) &opts, optval, len)) {
667 err = -EFAULT;
668 break;
669 }
670
671 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
672 err = -EINVAL;
673 break;
674 }
675
676 if (!l2cap_valid_mtu(chan, opts.imtu)) {
677 err = -EINVAL;
678 break;
679 }
680
681 chan->mode = opts.mode;
682 switch (chan->mode) {
683 case L2CAP_MODE_LE_FLOWCTL:
684 break;
685 case L2CAP_MODE_BASIC:
686 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
687 break;
688 case L2CAP_MODE_ERTM:
689 case L2CAP_MODE_STREAMING:
690 if (!disable_ertm)
691 break;
692 /* fall through */
693 default:
694 err = -EINVAL;
695 break;
696 }
697
698 chan->imtu = opts.imtu;
699 chan->omtu = opts.omtu;
700 chan->fcs = opts.fcs;
701 chan->max_tx = opts.max_tx;
702 chan->tx_win = opts.txwin_size;
703 chan->flush_to = opts.flush_to;
704 break;
705
706 case L2CAP_LM:
707 if (get_user(opt, (u32 __user *) optval)) {
708 err = -EFAULT;
709 break;
710 }
711
712 if (opt & L2CAP_LM_FIPS) {
713 err = -EINVAL;
714 break;
715 }
716
717 if (opt & L2CAP_LM_AUTH)
718 chan->sec_level = BT_SECURITY_LOW;
719 if (opt & L2CAP_LM_ENCRYPT)
720 chan->sec_level = BT_SECURITY_MEDIUM;
721 if (opt & L2CAP_LM_SECURE)
722 chan->sec_level = BT_SECURITY_HIGH;
723
724 if (opt & L2CAP_LM_MASTER)
725 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726 else
727 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
728
729 if (opt & L2CAP_LM_RELIABLE)
730 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 else
732 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
733 break;
734
735 default:
736 err = -ENOPROTOOPT;
737 break;
738 }
739
740 release_sock(sk);
741 return err;
742 }
743
744 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
745 char __user *optval, unsigned int optlen)
746 {
747 struct sock *sk = sock->sk;
748 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
749 struct bt_security sec;
750 struct bt_power pwr;
751 struct l2cap_conn *conn;
752 int len, err = 0;
753 u32 opt;
754
755 BT_DBG("sk %p", sk);
756
757 if (level == SOL_L2CAP)
758 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759
760 if (level != SOL_BLUETOOTH)
761 return -ENOPROTOOPT;
762
763 lock_sock(sk);
764
765 switch (optname) {
766 case BT_SECURITY:
767 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
768 chan->chan_type != L2CAP_CHAN_FIXED &&
769 chan->chan_type != L2CAP_CHAN_RAW) {
770 err = -EINVAL;
771 break;
772 }
773
774 sec.level = BT_SECURITY_LOW;
775
776 len = min_t(unsigned int, sizeof(sec), optlen);
777 if (copy_from_user((char *) &sec, optval, len)) {
778 err = -EFAULT;
779 break;
780 }
781
782 if (sec.level < BT_SECURITY_LOW ||
783 sec.level > BT_SECURITY_FIPS) {
784 err = -EINVAL;
785 break;
786 }
787
788 chan->sec_level = sec.level;
789
790 if (!chan->conn)
791 break;
792
793 conn = chan->conn;
794
795 /*change security for LE channels */
796 if (chan->scid == L2CAP_CID_ATT) {
797 if (smp_conn_security(conn->hcon, sec.level))
798 break;
799 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
800 sk->sk_state = BT_CONFIG;
801 chan->state = BT_CONFIG;
802
803 /* or for ACL link */
804 } else if ((sk->sk_state == BT_CONNECT2 &&
805 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
806 sk->sk_state == BT_CONNECTED) {
807 if (!l2cap_chan_check_security(chan, true))
808 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
809 else
810 sk->sk_state_change(sk);
811 } else {
812 err = -EINVAL;
813 }
814 break;
815
816 case BT_DEFER_SETUP:
817 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
818 err = -EINVAL;
819 break;
820 }
821
822 if (get_user(opt, (u32 __user *) optval)) {
823 err = -EFAULT;
824 break;
825 }
826
827 if (opt) {
828 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
829 set_bit(FLAG_DEFER_SETUP, &chan->flags);
830 } else {
831 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
833 }
834 break;
835
836 case BT_FLUSHABLE:
837 if (get_user(opt, (u32 __user *) optval)) {
838 err = -EFAULT;
839 break;
840 }
841
842 if (opt > BT_FLUSHABLE_ON) {
843 err = -EINVAL;
844 break;
845 }
846
847 if (opt == BT_FLUSHABLE_OFF) {
848 conn = chan->conn;
849 /* proceed further only when we have l2cap_conn and
850 No Flush support in the LM */
851 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
852 err = -EINVAL;
853 break;
854 }
855 }
856
857 if (opt)
858 set_bit(FLAG_FLUSHABLE, &chan->flags);
859 else
860 clear_bit(FLAG_FLUSHABLE, &chan->flags);
861 break;
862
863 case BT_POWER:
864 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
865 chan->chan_type != L2CAP_CHAN_RAW) {
866 err = -EINVAL;
867 break;
868 }
869
870 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
871
872 len = min_t(unsigned int, sizeof(pwr), optlen);
873 if (copy_from_user((char *) &pwr, optval, len)) {
874 err = -EFAULT;
875 break;
876 }
877
878 if (pwr.force_active)
879 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 else
881 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882 break;
883
884 case BT_CHANNEL_POLICY:
885 if (get_user(opt, (u32 __user *) optval)) {
886 err = -EFAULT;
887 break;
888 }
889
890 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
891 err = -EINVAL;
892 break;
893 }
894
895 if (chan->mode != L2CAP_MODE_ERTM &&
896 chan->mode != L2CAP_MODE_STREAMING) {
897 err = -EOPNOTSUPP;
898 break;
899 }
900
901 chan->chan_policy = (u8) opt;
902
903 if (sk->sk_state == BT_CONNECTED &&
904 chan->move_role == L2CAP_MOVE_ROLE_NONE)
905 l2cap_move_start(chan);
906
907 break;
908
909 case BT_SNDMTU:
910 if (!bdaddr_type_is_le(chan->src_type)) {
911 err = -EINVAL;
912 break;
913 }
914
915 /* Setting is not supported as it's the remote side that
916 * decides this.
917 */
918 err = -EPERM;
919 break;
920
921 case BT_RCVMTU:
922 if (!bdaddr_type_is_le(chan->src_type)) {
923 err = -EINVAL;
924 break;
925 }
926
927 if (sk->sk_state == BT_CONNECTED) {
928 err = -EISCONN;
929 break;
930 }
931
932 if (get_user(opt, (u16 __user *) optval)) {
933 err = -EFAULT;
934 break;
935 }
936
937 chan->imtu = opt;
938 break;
939
940 default:
941 err = -ENOPROTOOPT;
942 break;
943 }
944
945 release_sock(sk);
946 return err;
947 }
948
949 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
950 size_t len)
951 {
952 struct sock *sk = sock->sk;
953 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
954 int err;
955
956 BT_DBG("sock %p, sk %p", sock, sk);
957
958 err = sock_error(sk);
959 if (err)
960 return err;
961
962 if (msg->msg_flags & MSG_OOB)
963 return -EOPNOTSUPP;
964
965 if (sk->sk_state != BT_CONNECTED)
966 return -ENOTCONN;
967
968 lock_sock(sk);
969 err = bt_sock_wait_ready(sk, msg->msg_flags);
970 release_sock(sk);
971 if (err)
972 return err;
973
974 l2cap_chan_lock(chan);
975 err = l2cap_chan_send(chan, msg, len);
976 l2cap_chan_unlock(chan);
977
978 return err;
979 }
980
981 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
982 size_t len, int flags)
983 {
984 struct sock *sk = sock->sk;
985 struct l2cap_pinfo *pi = l2cap_pi(sk);
986 int err;
987
988 lock_sock(sk);
989
990 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
991 &bt_sk(sk)->flags)) {
992 if (bdaddr_type_is_le(pi->chan->src_type)) {
993 sk->sk_state = BT_CONNECTED;
994 pi->chan->state = BT_CONNECTED;
995 __l2cap_le_connect_rsp_defer(pi->chan);
996 } else {
997 sk->sk_state = BT_CONFIG;
998 pi->chan->state = BT_CONFIG;
999 __l2cap_connect_rsp_defer(pi->chan);
1000 }
1001
1002 err = 0;
1003 goto done;
1004 }
1005
1006 release_sock(sk);
1007
1008 if (sock->type == SOCK_STREAM)
1009 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1010 else
1011 err = bt_sock_recvmsg(sock, msg, len, flags);
1012
1013 if (pi->chan->mode != L2CAP_MODE_ERTM)
1014 return err;
1015
1016 /* Attempt to put pending rx data in the socket buffer */
1017
1018 lock_sock(sk);
1019
1020 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1021 goto done;
1022
1023 if (pi->rx_busy_skb) {
1024 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1025 pi->rx_busy_skb = NULL;
1026 else
1027 goto done;
1028 }
1029
1030 /* Restore data flow when half of the receive buffer is
1031 * available. This avoids resending large numbers of
1032 * frames.
1033 */
1034 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1035 l2cap_chan_busy(pi->chan, 0);
1036
1037 done:
1038 release_sock(sk);
1039 return err;
1040 }
1041
1042 /* Kill socket (only if zapped and orphan)
1043 * Must be called on unlocked socket.
1044 */
1045 static void l2cap_sock_kill(struct sock *sk)
1046 {
1047 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1048 return;
1049
1050 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1051
1052 /* Kill poor orphan */
1053
1054 l2cap_chan_put(l2cap_pi(sk)->chan);
1055 sock_set_flag(sk, SOCK_DEAD);
1056 sock_put(sk);
1057 }
1058
1059 static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1060 {
1061 DECLARE_WAITQUEUE(wait, current);
1062 int err = 0;
1063 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1064 /* Timeout to prevent infinite loop */
1065 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1066
1067 add_wait_queue(sk_sleep(sk), &wait);
1068 set_current_state(TASK_INTERRUPTIBLE);
1069 do {
1070 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1071 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1072 jiffies_to_msecs(timeout - jiffies));
1073
1074 if (!timeo)
1075 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1076
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1079 break;
1080 }
1081
1082 release_sock(sk);
1083 timeo = schedule_timeout(timeo);
1084 lock_sock(sk);
1085 set_current_state(TASK_INTERRUPTIBLE);
1086
1087 err = sock_error(sk);
1088 if (err)
1089 break;
1090
1091 if (time_after(jiffies, timeout)) {
1092 err = -ENOLINK;
1093 break;
1094 }
1095
1096 } while (chan->unacked_frames > 0 &&
1097 chan->state == BT_CONNECTED);
1098
1099 set_current_state(TASK_RUNNING);
1100 remove_wait_queue(sk_sleep(sk), &wait);
1101 return err;
1102 }
1103
1104 static int l2cap_sock_shutdown(struct socket *sock, int how)
1105 {
1106 struct sock *sk = sock->sk;
1107 struct l2cap_chan *chan;
1108 struct l2cap_conn *conn;
1109 int err = 0;
1110
1111 BT_DBG("sock %p, sk %p", sock, sk);
1112
1113 if (!sk)
1114 return 0;
1115
1116 lock_sock(sk);
1117
1118 if (sk->sk_shutdown)
1119 goto shutdown_already;
1120
1121 BT_DBG("Handling sock shutdown");
1122
1123 /* prevent sk structure from being freed whilst unlocked */
1124 sock_hold(sk);
1125
1126 chan = l2cap_pi(sk)->chan;
1127 /* prevent chan structure from being freed whilst unlocked */
1128 l2cap_chan_hold(chan);
1129
1130 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1131
1132 if (chan->mode == L2CAP_MODE_ERTM &&
1133 chan->unacked_frames > 0 &&
1134 chan->state == BT_CONNECTED) {
1135 err = __l2cap_wait_ack(sk, chan);
1136
1137 /* After waiting for ACKs, check whether shutdown
1138 * has already been actioned to close the L2CAP
1139 * link such as by l2cap_disconnection_req().
1140 */
1141 if (sk->sk_shutdown)
1142 goto has_shutdown;
1143 }
1144
1145 sk->sk_shutdown = SHUTDOWN_MASK;
1146 release_sock(sk);
1147
1148 l2cap_chan_lock(chan);
1149 conn = chan->conn;
1150 if (conn)
1151 /* prevent conn structure from being freed */
1152 l2cap_conn_get(conn);
1153 l2cap_chan_unlock(chan);
1154
1155 if (conn)
1156 /* mutex lock must be taken before l2cap_chan_lock() */
1157 mutex_lock(&conn->chan_lock);
1158
1159 l2cap_chan_lock(chan);
1160 l2cap_chan_close(chan, 0);
1161 l2cap_chan_unlock(chan);
1162
1163 if (conn) {
1164 mutex_unlock(&conn->chan_lock);
1165 l2cap_conn_put(conn);
1166 }
1167
1168 lock_sock(sk);
1169
1170 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1171 !(current->flags & PF_EXITING))
1172 err = bt_sock_wait_state(sk, BT_CLOSED,
1173 sk->sk_lingertime);
1174
1175 has_shutdown:
1176 l2cap_chan_put(chan);
1177 sock_put(sk);
1178
1179 shutdown_already:
1180 if (!err && sk->sk_err)
1181 err = -sk->sk_err;
1182
1183 release_sock(sk);
1184
1185 BT_DBG("Sock shutdown complete err: %d", err);
1186
1187 return err;
1188 }
1189
1190 static int l2cap_sock_release(struct socket *sock)
1191 {
1192 struct sock *sk = sock->sk;
1193 int err;
1194
1195 BT_DBG("sock %p, sk %p", sock, sk);
1196
1197 if (!sk)
1198 return 0;
1199
1200 bt_sock_unlink(&l2cap_sk_list, sk);
1201
1202 err = l2cap_sock_shutdown(sock, 2);
1203
1204 sock_orphan(sk);
1205 l2cap_sock_kill(sk);
1206 return err;
1207 }
1208
1209 static void l2cap_sock_cleanup_listen(struct sock *parent)
1210 {
1211 struct sock *sk;
1212
1213 BT_DBG("parent %p state %s", parent,
1214 state_to_string(parent->sk_state));
1215
1216 /* Close not yet accepted channels */
1217 while ((sk = bt_accept_dequeue(parent, NULL))) {
1218 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1219
1220 BT_DBG("child chan %p state %s", chan,
1221 state_to_string(chan->state));
1222
1223 l2cap_chan_lock(chan);
1224 __clear_chan_timer(chan);
1225 l2cap_chan_close(chan, ECONNRESET);
1226 l2cap_chan_unlock(chan);
1227
1228 l2cap_sock_kill(sk);
1229 }
1230 }
1231
1232 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1233 {
1234 struct sock *sk, *parent = chan->data;
1235
1236 lock_sock(parent);
1237
1238 /* Check for backlog size */
1239 if (sk_acceptq_is_full(parent)) {
1240 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1241 release_sock(parent);
1242 return NULL;
1243 }
1244
1245 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1246 GFP_ATOMIC, 0);
1247 if (!sk) {
1248 release_sock(parent);
1249 return NULL;
1250 }
1251
1252 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1253
1254 l2cap_sock_init(sk, parent);
1255
1256 bt_accept_enqueue(parent, sk);
1257
1258 release_sock(parent);
1259
1260 return l2cap_pi(sk)->chan;
1261 }
1262
1263 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1264 {
1265 struct sock *sk = chan->data;
1266 int err;
1267
1268 lock_sock(sk);
1269
1270 if (l2cap_pi(sk)->rx_busy_skb) {
1271 err = -ENOMEM;
1272 goto done;
1273 }
1274
1275 if (chan->mode != L2CAP_MODE_ERTM &&
1276 chan->mode != L2CAP_MODE_STREAMING) {
1277 /* Even if no filter is attached, we could potentially
1278 * get errors from security modules, etc.
1279 */
1280 err = sk_filter(sk, skb);
1281 if (err)
1282 goto done;
1283 }
1284
1285 err = __sock_queue_rcv_skb(sk, skb);
1286
1287 /* For ERTM, handle one skb that doesn't fit into the recv
1288 * buffer. This is important to do because the data frames
1289 * have already been acked, so the skb cannot be discarded.
1290 *
1291 * Notify the l2cap core that the buffer is full, so the
1292 * LOCAL_BUSY state is entered and no more frames are
1293 * acked and reassembled until there is buffer space
1294 * available.
1295 */
1296 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1297 l2cap_pi(sk)->rx_busy_skb = skb;
1298 l2cap_chan_busy(chan, 1);
1299 err = 0;
1300 }
1301
1302 done:
1303 release_sock(sk);
1304
1305 return err;
1306 }
1307
1308 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1309 {
1310 struct sock *sk = chan->data;
1311
1312 l2cap_sock_kill(sk);
1313 }
1314
1315 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1316 {
1317 struct sock *sk = chan->data;
1318 struct sock *parent;
1319
1320 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1321
1322 /* This callback can be called both for server (BT_LISTEN)
1323 * sockets as well as "normal" ones. To avoid lockdep warnings
1324 * with child socket locking (through l2cap_sock_cleanup_listen)
1325 * we need separation into separate nesting levels. The simplest
1326 * way to accomplish this is to inherit the nesting level used
1327 * for the channel.
1328 */
1329 lock_sock_nested(sk, atomic_read(&chan->nesting));
1330
1331 parent = bt_sk(sk)->parent;
1332
1333 sock_set_flag(sk, SOCK_ZAPPED);
1334
1335 switch (chan->state) {
1336 case BT_OPEN:
1337 case BT_BOUND:
1338 case BT_CLOSED:
1339 break;
1340 case BT_LISTEN:
1341 l2cap_sock_cleanup_listen(sk);
1342 sk->sk_state = BT_CLOSED;
1343 chan->state = BT_CLOSED;
1344
1345 break;
1346 default:
1347 sk->sk_state = BT_CLOSED;
1348 chan->state = BT_CLOSED;
1349
1350 sk->sk_err = err;
1351
1352 if (parent) {
1353 bt_accept_unlink(sk);
1354 parent->sk_data_ready(parent);
1355 } else {
1356 sk->sk_state_change(sk);
1357 }
1358
1359 break;
1360 }
1361
1362 release_sock(sk);
1363 }
1364
1365 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1366 int err)
1367 {
1368 struct sock *sk = chan->data;
1369
1370 sk->sk_state = state;
1371
1372 if (err)
1373 sk->sk_err = err;
1374 }
1375
1376 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1377 unsigned long hdr_len,
1378 unsigned long len, int nb)
1379 {
1380 struct sock *sk = chan->data;
1381 struct sk_buff *skb;
1382 int err;
1383
1384 l2cap_chan_unlock(chan);
1385 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1386 l2cap_chan_lock(chan);
1387
1388 if (!skb)
1389 return ERR_PTR(err);
1390
1391 skb->priority = sk->sk_priority;
1392
1393 bt_cb(skb)->l2cap.chan = chan;
1394
1395 return skb;
1396 }
1397
1398 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1399 {
1400 struct sock *sk = chan->data;
1401 struct sock *parent;
1402
1403 lock_sock(sk);
1404
1405 parent = bt_sk(sk)->parent;
1406
1407 BT_DBG("sk %p, parent %p", sk, parent);
1408
1409 sk->sk_state = BT_CONNECTED;
1410 sk->sk_state_change(sk);
1411
1412 if (parent)
1413 parent->sk_data_ready(parent);
1414
1415 release_sock(sk);
1416 }
1417
1418 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1419 {
1420 struct sock *parent, *sk = chan->data;
1421
1422 lock_sock(sk);
1423
1424 parent = bt_sk(sk)->parent;
1425 if (parent)
1426 parent->sk_data_ready(parent);
1427
1428 release_sock(sk);
1429 }
1430
1431 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1432 {
1433 struct sock *sk = chan->data;
1434
1435 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1436 sk->sk_state = BT_CONNECTED;
1437 chan->state = BT_CONNECTED;
1438 }
1439
1440 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1441 sk->sk_state_change(sk);
1442 }
1443
1444 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1445 {
1446 struct sock *sk = chan->data;
1447
1448 lock_sock(sk);
1449 sk->sk_shutdown = SHUTDOWN_MASK;
1450 release_sock(sk);
1451 }
1452
1453 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1454 {
1455 struct sock *sk = chan->data;
1456
1457 return sk->sk_sndtimeo;
1458 }
1459
1460 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1461 {
1462 struct sock *sk = chan->data;
1463
1464 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1465 sk->sk_state_change(sk);
1466 }
1467
1468 static const struct l2cap_ops l2cap_chan_ops = {
1469 .name = "L2CAP Socket Interface",
1470 .new_connection = l2cap_sock_new_connection_cb,
1471 .recv = l2cap_sock_recv_cb,
1472 .close = l2cap_sock_close_cb,
1473 .teardown = l2cap_sock_teardown_cb,
1474 .state_change = l2cap_sock_state_change_cb,
1475 .ready = l2cap_sock_ready_cb,
1476 .defer = l2cap_sock_defer_cb,
1477 .resume = l2cap_sock_resume_cb,
1478 .suspend = l2cap_sock_suspend_cb,
1479 .set_shutdown = l2cap_sock_set_shutdown_cb,
1480 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1481 .alloc_skb = l2cap_sock_alloc_skb_cb,
1482 };
1483
1484 static void l2cap_sock_destruct(struct sock *sk)
1485 {
1486 BT_DBG("sk %p", sk);
1487
1488 if (l2cap_pi(sk)->chan)
1489 l2cap_chan_put(l2cap_pi(sk)->chan);
1490
1491 if (l2cap_pi(sk)->rx_busy_skb) {
1492 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1493 l2cap_pi(sk)->rx_busy_skb = NULL;
1494 }
1495
1496 skb_queue_purge(&sk->sk_receive_queue);
1497 skb_queue_purge(&sk->sk_write_queue);
1498 }
1499
1500 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1501 int *msg_namelen)
1502 {
1503 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1504
1505 memset(la, 0, sizeof(struct sockaddr_l2));
1506 la->l2_family = AF_BLUETOOTH;
1507 la->l2_psm = bt_cb(skb)->l2cap.psm;
1508 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1509
1510 *msg_namelen = sizeof(struct sockaddr_l2);
1511 }
1512
1513 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1514 {
1515 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1516
1517 BT_DBG("sk %p", sk);
1518
1519 if (parent) {
1520 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1521
1522 sk->sk_type = parent->sk_type;
1523 bt_sk(sk)->flags = bt_sk(parent)->flags;
1524
1525 chan->chan_type = pchan->chan_type;
1526 chan->imtu = pchan->imtu;
1527 chan->omtu = pchan->omtu;
1528 chan->conf_state = pchan->conf_state;
1529 chan->mode = pchan->mode;
1530 chan->fcs = pchan->fcs;
1531 chan->max_tx = pchan->max_tx;
1532 chan->tx_win = pchan->tx_win;
1533 chan->tx_win_max = pchan->tx_win_max;
1534 chan->sec_level = pchan->sec_level;
1535 chan->flags = pchan->flags;
1536 chan->tx_credits = pchan->tx_credits;
1537 chan->rx_credits = pchan->rx_credits;
1538
1539 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1540 chan->scid = pchan->scid;
1541 chan->dcid = pchan->scid;
1542 }
1543
1544 security_sk_clone(parent, sk);
1545 } else {
1546 switch (sk->sk_type) {
1547 case SOCK_RAW:
1548 chan->chan_type = L2CAP_CHAN_RAW;
1549 break;
1550 case SOCK_DGRAM:
1551 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1552 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1553 break;
1554 case SOCK_SEQPACKET:
1555 case SOCK_STREAM:
1556 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1557 break;
1558 }
1559
1560 chan->imtu = L2CAP_DEFAULT_MTU;
1561 chan->omtu = 0;
1562 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1563 chan->mode = L2CAP_MODE_ERTM;
1564 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1565 } else {
1566 chan->mode = L2CAP_MODE_BASIC;
1567 }
1568
1569 l2cap_chan_set_defaults(chan);
1570 }
1571
1572 /* Default config options */
1573 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1574
1575 chan->data = sk;
1576 chan->ops = &l2cap_chan_ops;
1577 }
1578
1579 static struct proto l2cap_proto = {
1580 .name = "L2CAP",
1581 .owner = THIS_MODULE,
1582 .obj_size = sizeof(struct l2cap_pinfo)
1583 };
1584
1585 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1586 int proto, gfp_t prio, int kern)
1587 {
1588 struct sock *sk;
1589 struct l2cap_chan *chan;
1590
1591 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1592 if (!sk)
1593 return NULL;
1594
1595 sock_init_data(sock, sk);
1596 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1597
1598 sk->sk_destruct = l2cap_sock_destruct;
1599 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1600
1601 sock_reset_flag(sk, SOCK_ZAPPED);
1602
1603 sk->sk_protocol = proto;
1604 sk->sk_state = BT_OPEN;
1605
1606 chan = l2cap_chan_create();
1607 if (!chan) {
1608 sk_free(sk);
1609 return NULL;
1610 }
1611
1612 l2cap_chan_hold(chan);
1613
1614 l2cap_pi(sk)->chan = chan;
1615
1616 return sk;
1617 }
1618
1619 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1620 int kern)
1621 {
1622 struct sock *sk;
1623
1624 BT_DBG("sock %p", sock);
1625
1626 sock->state = SS_UNCONNECTED;
1627
1628 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1629 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1630 return -ESOCKTNOSUPPORT;
1631
1632 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1633 return -EPERM;
1634
1635 sock->ops = &l2cap_sock_ops;
1636
1637 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1638 if (!sk)
1639 return -ENOMEM;
1640
1641 l2cap_sock_init(sk, NULL);
1642 bt_sock_link(&l2cap_sk_list, sk);
1643 return 0;
1644 }
1645
1646 static const struct proto_ops l2cap_sock_ops = {
1647 .family = PF_BLUETOOTH,
1648 .owner = THIS_MODULE,
1649 .release = l2cap_sock_release,
1650 .bind = l2cap_sock_bind,
1651 .connect = l2cap_sock_connect,
1652 .listen = l2cap_sock_listen,
1653 .accept = l2cap_sock_accept,
1654 .getname = l2cap_sock_getname,
1655 .sendmsg = l2cap_sock_sendmsg,
1656 .recvmsg = l2cap_sock_recvmsg,
1657 .poll = bt_sock_poll,
1658 .ioctl = bt_sock_ioctl,
1659 .mmap = sock_no_mmap,
1660 .socketpair = sock_no_socketpair,
1661 .shutdown = l2cap_sock_shutdown,
1662 .setsockopt = l2cap_sock_setsockopt,
1663 .getsockopt = l2cap_sock_getsockopt
1664 };
1665
1666 static const struct net_proto_family l2cap_sock_family_ops = {
1667 .family = PF_BLUETOOTH,
1668 .owner = THIS_MODULE,
1669 .create = l2cap_sock_create,
1670 };
1671
1672 int __init l2cap_init_sockets(void)
1673 {
1674 int err;
1675
1676 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1677
1678 err = proto_register(&l2cap_proto, 0);
1679 if (err < 0)
1680 return err;
1681
1682 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1683 if (err < 0) {
1684 BT_ERR("L2CAP socket registration failed");
1685 goto error;
1686 }
1687
1688 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1689 NULL);
1690 if (err < 0) {
1691 BT_ERR("Failed to create L2CAP proc file");
1692 bt_sock_unregister(BTPROTO_L2CAP);
1693 goto error;
1694 }
1695
1696 BT_INFO("L2CAP socket layer initialized");
1697
1698 return 0;
1699
1700 error:
1701 proto_unregister(&l2cap_proto);
1702 return err;
1703 }
1704
1705 void l2cap_cleanup_sockets(void)
1706 {
1707 bt_procfs_cleanup(&init_net, "l2cap");
1708 bt_sock_unregister(BTPROTO_L2CAP);
1709 proto_unregister(&l2cap_proto);
1710 }
Linux with added FPC-III support