Avoid reading past buffer when calling GETACL
[zen-stable.git] / net / bluetooth / l2cap_sock.c
blob401d9428ae4c824f6dbe2871d77bb6742ba4688c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
28 /* Bluetooth L2CAP sockets. */
30 #include <linux/security.h>
31 #include <linux/export.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/smp.h>
38 static const struct proto_ops l2cap_sock_ops;
39 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
44 struct sock *sk = sock->sk;
45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46 struct sockaddr_l2 la;
47 int len, err = 0;
49 BT_DBG("sk %p", sk);
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
58 if (la.l2_cid && la.l2_psm)
59 return -EINVAL;
61 lock_sock(sk);
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, la.l2_cid);
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
89 if (err < 0)
90 goto done;
92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
98 chan->state = BT_BOUND;
99 sk->sk_state = BT_BOUND;
101 done:
102 release_sock(sk);
103 return err;
106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
108 struct sock *sk = sock->sk;
109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110 struct sockaddr_l2 la;
111 int len, err = 0;
113 BT_DBG("sk %p", sk);
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
123 if (la.l2_cid && la.l2_psm)
124 return -EINVAL;
126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
127 if (err)
128 goto done;
130 err = bt_sock_wait_state(sk, BT_CONNECTED,
131 sock_sndtimeo(sk, flags & O_NONBLOCK));
132 done:
133 if (sock_owned_by_user(sk))
134 release_sock(sk);
135 return err;
138 static int l2cap_sock_listen(struct socket *sock, int backlog)
140 struct sock *sk = sock->sk;
141 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
142 int err = 0;
144 BT_DBG("sk %p backlog %d", sk, backlog);
146 lock_sock(sk);
148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
149 || sk->sk_state != BT_BOUND) {
150 err = -EBADFD;
151 goto done;
154 switch (chan->mode) {
155 case L2CAP_MODE_BASIC:
156 break;
157 case L2CAP_MODE_ERTM:
158 case L2CAP_MODE_STREAMING:
159 if (!disable_ertm)
160 break;
161 /* fall through */
162 default:
163 err = -ENOTSUPP;
164 goto done;
167 sk->sk_max_ack_backlog = backlog;
168 sk->sk_ack_backlog = 0;
170 chan->state = BT_LISTEN;
171 sk->sk_state = BT_LISTEN;
173 done:
174 release_sock(sk);
175 return err;
178 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
180 DECLARE_WAITQUEUE(wait, current);
181 struct sock *sk = sock->sk, *nsk;
182 long timeo;
183 int err = 0;
185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
189 BT_DBG("sk %p timeo %ld", sk, timeo);
191 /* Wait for an incoming connection. (wake-one). */
192 add_wait_queue_exclusive(sk_sleep(sk), &wait);
193 while (1) {
194 set_current_state(TASK_INTERRUPTIBLE);
196 if (sk->sk_state != BT_LISTEN) {
197 err = -EBADFD;
198 break;
201 nsk = bt_accept_dequeue(sk, newsock);
202 if (nsk)
203 break;
205 if (!timeo) {
206 err = -EAGAIN;
207 break;
210 if (signal_pending(current)) {
211 err = sock_intr_errno(timeo);
212 break;
215 release_sock(sk);
216 timeo = schedule_timeout(timeo);
217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
219 __set_current_state(TASK_RUNNING);
220 remove_wait_queue(sk_sleep(sk), &wait);
222 if (err)
223 goto done;
225 newsock->state = SS_CONNECTED;
227 BT_DBG("new socket %p", nsk);
229 done:
230 release_sock(sk);
231 return err;
234 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
237 struct sock *sk = sock->sk;
238 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
240 BT_DBG("sock %p, sk %p", sock, sk);
242 addr->sa_family = AF_BLUETOOTH;
243 *len = sizeof(struct sockaddr_l2);
245 if (peer) {
246 la->l2_psm = chan->psm;
247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
248 la->l2_cid = cpu_to_le16(chan->dcid);
249 } else {
250 la->l2_psm = chan->sport;
251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
252 la->l2_cid = cpu_to_le16(chan->scid);
255 return 0;
258 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
260 struct sock *sk = sock->sk;
261 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
262 struct l2cap_options opts;
263 struct l2cap_conninfo cinfo;
264 int len, err = 0;
265 u32 opt;
267 BT_DBG("sk %p", sk);
269 if (get_user(len, optlen))
270 return -EFAULT;
272 lock_sock(sk);
274 switch (optname) {
275 case L2CAP_OPTIONS:
276 memset(&opts, 0, sizeof(opts));
277 opts.imtu = chan->imtu;
278 opts.omtu = chan->omtu;
279 opts.flush_to = chan->flush_to;
280 opts.mode = chan->mode;
281 opts.fcs = chan->fcs;
282 opts.max_tx = chan->max_tx;
283 opts.txwin_size = chan->tx_win;
285 len = min_t(unsigned int, len, sizeof(opts));
286 if (copy_to_user(optval, (char *) &opts, len))
287 err = -EFAULT;
289 break;
291 case L2CAP_LM:
292 switch (chan->sec_level) {
293 case BT_SECURITY_LOW:
294 opt = L2CAP_LM_AUTH;
295 break;
296 case BT_SECURITY_MEDIUM:
297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
298 break;
299 case BT_SECURITY_HIGH:
300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
301 L2CAP_LM_SECURE;
302 break;
303 default:
304 opt = 0;
305 break;
308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
309 opt |= L2CAP_LM_MASTER;
311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
312 opt |= L2CAP_LM_RELIABLE;
314 if (put_user(opt, (u32 __user *) optval))
315 err = -EFAULT;
316 break;
318 case L2CAP_CONNINFO:
319 if (sk->sk_state != BT_CONNECTED &&
320 !(sk->sk_state == BT_CONNECT2 &&
321 bt_sk(sk)->defer_setup)) {
322 err = -ENOTCONN;
323 break;
326 memset(&cinfo, 0, sizeof(cinfo));
327 cinfo.hci_handle = chan->conn->hcon->handle;
328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
330 len = min_t(unsigned int, len, sizeof(cinfo));
331 if (copy_to_user(optval, (char *) &cinfo, len))
332 err = -EFAULT;
334 break;
336 default:
337 err = -ENOPROTOOPT;
338 break;
341 release_sock(sk);
342 return err;
345 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
347 struct sock *sk = sock->sk;
348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349 struct bt_security sec;
350 struct bt_power pwr;
351 int len, err = 0;
353 BT_DBG("sk %p", sk);
355 if (level == SOL_L2CAP)
356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
358 if (level != SOL_BLUETOOTH)
359 return -ENOPROTOOPT;
361 if (get_user(len, optlen))
362 return -EFAULT;
364 lock_sock(sk);
366 switch (optname) {
367 case BT_SECURITY:
368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
369 chan->chan_type != L2CAP_CHAN_RAW) {
370 err = -EINVAL;
371 break;
374 memset(&sec, 0, sizeof(sec));
375 sec.level = chan->sec_level;
377 if (sk->sk_state == BT_CONNECTED)
378 sec.key_size = chan->conn->hcon->enc_key_size;
380 len = min_t(unsigned int, len, sizeof(sec));
381 if (copy_to_user(optval, (char *) &sec, len))
382 err = -EFAULT;
384 break;
386 case BT_DEFER_SETUP:
387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
388 err = -EINVAL;
389 break;
392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
393 err = -EFAULT;
395 break;
397 case BT_FLUSHABLE:
398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
399 (u32 __user *) optval))
400 err = -EFAULT;
402 break;
404 case BT_POWER:
405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
406 && sk->sk_type != SOCK_RAW) {
407 err = -EINVAL;
408 break;
411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
413 len = min_t(unsigned int, len, sizeof(pwr));
414 if (copy_to_user(optval, (char *) &pwr, len))
415 err = -EFAULT;
417 break;
419 case BT_CHANNEL_POLICY:
420 if (!enable_hs) {
421 err = -ENOPROTOOPT;
422 break;
425 if (put_user(chan->chan_policy, (u32 __user *) optval))
426 err = -EFAULT;
427 break;
429 default:
430 err = -ENOPROTOOPT;
431 break;
434 release_sock(sk);
435 return err;
438 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
440 struct sock *sk = sock->sk;
441 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
442 struct l2cap_options opts;
443 int len, err = 0;
444 u32 opt;
446 BT_DBG("sk %p", sk);
448 lock_sock(sk);
450 switch (optname) {
451 case L2CAP_OPTIONS:
452 if (sk->sk_state == BT_CONNECTED) {
453 err = -EINVAL;
454 break;
457 opts.imtu = chan->imtu;
458 opts.omtu = chan->omtu;
459 opts.flush_to = chan->flush_to;
460 opts.mode = chan->mode;
461 opts.fcs = chan->fcs;
462 opts.max_tx = chan->max_tx;
463 opts.txwin_size = chan->tx_win;
465 len = min_t(unsigned int, sizeof(opts), optlen);
466 if (copy_from_user((char *) &opts, optval, len)) {
467 err = -EFAULT;
468 break;
471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
472 err = -EINVAL;
473 break;
476 chan->mode = opts.mode;
477 switch (chan->mode) {
478 case L2CAP_MODE_BASIC:
479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
480 break;
481 case L2CAP_MODE_ERTM:
482 case L2CAP_MODE_STREAMING:
483 if (!disable_ertm)
484 break;
485 /* fall through */
486 default:
487 err = -EINVAL;
488 break;
491 chan->imtu = opts.imtu;
492 chan->omtu = opts.omtu;
493 chan->fcs = opts.fcs;
494 chan->max_tx = opts.max_tx;
495 chan->tx_win = opts.txwin_size;
496 break;
498 case L2CAP_LM:
499 if (get_user(opt, (u32 __user *) optval)) {
500 err = -EFAULT;
501 break;
504 if (opt & L2CAP_LM_AUTH)
505 chan->sec_level = BT_SECURITY_LOW;
506 if (opt & L2CAP_LM_ENCRYPT)
507 chan->sec_level = BT_SECURITY_MEDIUM;
508 if (opt & L2CAP_LM_SECURE)
509 chan->sec_level = BT_SECURITY_HIGH;
511 if (opt & L2CAP_LM_MASTER)
512 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
513 else
514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
516 if (opt & L2CAP_LM_RELIABLE)
517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
518 else
519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
520 break;
522 default:
523 err = -ENOPROTOOPT;
524 break;
527 release_sock(sk);
528 return err;
531 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
533 struct sock *sk = sock->sk;
534 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
535 struct bt_security sec;
536 struct bt_power pwr;
537 struct l2cap_conn *conn;
538 int len, err = 0;
539 u32 opt;
541 BT_DBG("sk %p", sk);
543 if (level == SOL_L2CAP)
544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
546 if (level != SOL_BLUETOOTH)
547 return -ENOPROTOOPT;
549 lock_sock(sk);
551 switch (optname) {
552 case BT_SECURITY:
553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
554 chan->chan_type != L2CAP_CHAN_RAW) {
555 err = -EINVAL;
556 break;
559 sec.level = BT_SECURITY_LOW;
561 len = min_t(unsigned int, sizeof(sec), optlen);
562 if (copy_from_user((char *) &sec, optval, len)) {
563 err = -EFAULT;
564 break;
567 if (sec.level < BT_SECURITY_LOW ||
568 sec.level > BT_SECURITY_HIGH) {
569 err = -EINVAL;
570 break;
573 chan->sec_level = sec.level;
575 if (!chan->conn)
576 break;
578 conn = chan->conn;
580 /*change security for LE channels */
581 if (chan->scid == L2CAP_CID_LE_DATA) {
582 if (!conn->hcon->out) {
583 err = -EINVAL;
584 break;
587 if (smp_conn_security(conn, sec.level))
588 break;
589 sk->sk_state = BT_CONFIG;
590 chan->state = BT_CONFIG;
592 /* or for ACL link, under defer_setup time */
593 } else if (sk->sk_state == BT_CONNECT2 &&
594 bt_sk(sk)->defer_setup) {
595 err = l2cap_chan_check_security(chan);
596 } else {
597 err = -EINVAL;
599 break;
601 case BT_DEFER_SETUP:
602 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
603 err = -EINVAL;
604 break;
607 if (get_user(opt, (u32 __user *) optval)) {
608 err = -EFAULT;
609 break;
612 bt_sk(sk)->defer_setup = opt;
613 break;
615 case BT_FLUSHABLE:
616 if (get_user(opt, (u32 __user *) optval)) {
617 err = -EFAULT;
618 break;
621 if (opt > BT_FLUSHABLE_ON) {
622 err = -EINVAL;
623 break;
626 if (opt == BT_FLUSHABLE_OFF) {
627 struct l2cap_conn *conn = chan->conn;
628 /* proceed further only when we have l2cap_conn and
629 No Flush support in the LM */
630 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
631 err = -EINVAL;
632 break;
636 if (opt)
637 set_bit(FLAG_FLUSHABLE, &chan->flags);
638 else
639 clear_bit(FLAG_FLUSHABLE, &chan->flags);
640 break;
642 case BT_POWER:
643 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
644 chan->chan_type != L2CAP_CHAN_RAW) {
645 err = -EINVAL;
646 break;
649 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
651 len = min_t(unsigned int, sizeof(pwr), optlen);
652 if (copy_from_user((char *) &pwr, optval, len)) {
653 err = -EFAULT;
654 break;
657 if (pwr.force_active)
658 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
659 else
660 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
661 break;
663 case BT_CHANNEL_POLICY:
664 if (!enable_hs) {
665 err = -ENOPROTOOPT;
666 break;
669 if (get_user(opt, (u32 __user *) optval)) {
670 err = -EFAULT;
671 break;
674 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
675 err = -EINVAL;
676 break;
679 if (chan->mode != L2CAP_MODE_ERTM &&
680 chan->mode != L2CAP_MODE_STREAMING) {
681 err = -EOPNOTSUPP;
682 break;
685 chan->chan_policy = (u8) opt;
686 break;
688 default:
689 err = -ENOPROTOOPT;
690 break;
693 release_sock(sk);
694 return err;
697 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
699 struct sock *sk = sock->sk;
700 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
701 int err;
703 BT_DBG("sock %p, sk %p", sock, sk);
705 err = sock_error(sk);
706 if (err)
707 return err;
709 if (msg->msg_flags & MSG_OOB)
710 return -EOPNOTSUPP;
712 lock_sock(sk);
714 if (sk->sk_state != BT_CONNECTED) {
715 release_sock(sk);
716 return -ENOTCONN;
719 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
721 release_sock(sk);
722 return err;
725 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
727 struct sock *sk = sock->sk;
728 struct l2cap_pinfo *pi = l2cap_pi(sk);
729 int err;
731 lock_sock(sk);
733 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
734 sk->sk_state = BT_CONFIG;
735 pi->chan->state = BT_CONFIG;
737 __l2cap_connect_rsp_defer(pi->chan);
738 release_sock(sk);
739 return 0;
742 release_sock(sk);
744 if (sock->type == SOCK_STREAM)
745 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
746 else
747 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
749 if (pi->chan->mode != L2CAP_MODE_ERTM)
750 return err;
752 /* Attempt to put pending rx data in the socket buffer */
754 lock_sock(sk);
756 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
757 goto done;
759 if (pi->rx_busy_skb) {
760 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
761 pi->rx_busy_skb = NULL;
762 else
763 goto done;
766 /* Restore data flow when half of the receive buffer is
767 * available. This avoids resending large numbers of
768 * frames.
770 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
771 l2cap_chan_busy(pi->chan, 0);
773 done:
774 release_sock(sk);
775 return err;
778 /* Kill socket (only if zapped and orphan)
779 * Must be called on unlocked socket.
781 static void l2cap_sock_kill(struct sock *sk)
783 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
784 return;
786 BT_DBG("sk %p state %d", sk, sk->sk_state);
788 /* Kill poor orphan */
790 l2cap_chan_destroy(l2cap_pi(sk)->chan);
791 sock_set_flag(sk, SOCK_DEAD);
792 sock_put(sk);
795 static int l2cap_sock_shutdown(struct socket *sock, int how)
797 struct sock *sk = sock->sk;
798 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
799 int err = 0;
801 BT_DBG("sock %p, sk %p", sock, sk);
803 if (!sk)
804 return 0;
806 lock_sock(sk);
807 if (!sk->sk_shutdown) {
808 if (chan->mode == L2CAP_MODE_ERTM)
809 err = __l2cap_wait_ack(sk);
811 sk->sk_shutdown = SHUTDOWN_MASK;
812 l2cap_chan_close(chan, 0);
814 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
815 err = bt_sock_wait_state(sk, BT_CLOSED,
816 sk->sk_lingertime);
819 if (!err && sk->sk_err)
820 err = -sk->sk_err;
822 release_sock(sk);
823 return err;
826 static int l2cap_sock_release(struct socket *sock)
828 struct sock *sk = sock->sk;
829 int err;
831 BT_DBG("sock %p, sk %p", sock, sk);
833 if (!sk)
834 return 0;
836 err = l2cap_sock_shutdown(sock, 2);
838 sock_orphan(sk);
839 l2cap_sock_kill(sk);
840 return err;
843 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
845 struct sock *sk, *parent = data;
847 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
848 GFP_ATOMIC);
849 if (!sk)
850 return NULL;
852 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
854 l2cap_sock_init(sk, parent);
856 return l2cap_pi(sk)->chan;
859 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
861 int err;
862 struct sock *sk = data;
863 struct l2cap_pinfo *pi = l2cap_pi(sk);
865 if (pi->rx_busy_skb)
866 return -ENOMEM;
868 err = sock_queue_rcv_skb(sk, skb);
870 /* For ERTM, handle one skb that doesn't fit into the recv
871 * buffer. This is important to do because the data frames
872 * have already been acked, so the skb cannot be discarded.
874 * Notify the l2cap core that the buffer is full, so the
875 * LOCAL_BUSY state is entered and no more frames are
876 * acked and reassembled until there is buffer space
877 * available.
879 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
880 pi->rx_busy_skb = skb;
881 l2cap_chan_busy(pi->chan, 1);
882 err = 0;
885 return err;
888 static void l2cap_sock_close_cb(void *data)
890 struct sock *sk = data;
892 l2cap_sock_kill(sk);
895 static void l2cap_sock_state_change_cb(void *data, int state)
897 struct sock *sk = data;
899 sk->sk_state = state;
902 static struct l2cap_ops l2cap_chan_ops = {
903 .name = "L2CAP Socket Interface",
904 .new_connection = l2cap_sock_new_connection_cb,
905 .recv = l2cap_sock_recv_cb,
906 .close = l2cap_sock_close_cb,
907 .state_change = l2cap_sock_state_change_cb,
910 static void l2cap_sock_destruct(struct sock *sk)
912 BT_DBG("sk %p", sk);
914 if (l2cap_pi(sk)->rx_busy_skb) {
915 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
916 l2cap_pi(sk)->rx_busy_skb = NULL;
919 skb_queue_purge(&sk->sk_receive_queue);
920 skb_queue_purge(&sk->sk_write_queue);
923 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
925 struct l2cap_pinfo *pi = l2cap_pi(sk);
926 struct l2cap_chan *chan = pi->chan;
928 BT_DBG("sk %p", sk);
930 if (parent) {
931 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
933 sk->sk_type = parent->sk_type;
934 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
936 chan->chan_type = pchan->chan_type;
937 chan->imtu = pchan->imtu;
938 chan->omtu = pchan->omtu;
939 chan->conf_state = pchan->conf_state;
940 chan->mode = pchan->mode;
941 chan->fcs = pchan->fcs;
942 chan->max_tx = pchan->max_tx;
943 chan->tx_win = pchan->tx_win;
944 chan->tx_win_max = pchan->tx_win_max;
945 chan->sec_level = pchan->sec_level;
946 chan->flags = pchan->flags;
948 security_sk_clone(parent, sk);
949 } else {
951 switch (sk->sk_type) {
952 case SOCK_RAW:
953 chan->chan_type = L2CAP_CHAN_RAW;
954 break;
955 case SOCK_DGRAM:
956 chan->chan_type = L2CAP_CHAN_CONN_LESS;
957 break;
958 case SOCK_SEQPACKET:
959 case SOCK_STREAM:
960 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
961 break;
964 chan->imtu = L2CAP_DEFAULT_MTU;
965 chan->omtu = 0;
966 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
967 chan->mode = L2CAP_MODE_ERTM;
968 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
969 } else {
970 chan->mode = L2CAP_MODE_BASIC;
972 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
973 chan->fcs = L2CAP_FCS_CRC16;
974 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
975 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
976 chan->sec_level = BT_SECURITY_LOW;
977 chan->flags = 0;
978 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
981 /* Default config options */
982 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
984 chan->data = sk;
985 chan->ops = &l2cap_chan_ops;
988 static struct proto l2cap_proto = {
989 .name = "L2CAP",
990 .owner = THIS_MODULE,
991 .obj_size = sizeof(struct l2cap_pinfo)
994 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
996 struct sock *sk;
997 struct l2cap_chan *chan;
999 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1000 if (!sk)
1001 return NULL;
1003 sock_init_data(sock, sk);
1004 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1006 sk->sk_destruct = l2cap_sock_destruct;
1007 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
1009 sock_reset_flag(sk, SOCK_ZAPPED);
1011 sk->sk_protocol = proto;
1012 sk->sk_state = BT_OPEN;
1014 chan = l2cap_chan_create(sk);
1015 if (!chan) {
1016 l2cap_sock_kill(sk);
1017 return NULL;
1020 l2cap_pi(sk)->chan = chan;
1022 return sk;
1025 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1026 int kern)
1028 struct sock *sk;
1030 BT_DBG("sock %p", sock);
1032 sock->state = SS_UNCONNECTED;
1034 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1035 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1036 return -ESOCKTNOSUPPORT;
1038 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1039 return -EPERM;
1041 sock->ops = &l2cap_sock_ops;
1043 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1044 if (!sk)
1045 return -ENOMEM;
1047 l2cap_sock_init(sk, NULL);
1048 return 0;
1051 static const struct proto_ops l2cap_sock_ops = {
1052 .family = PF_BLUETOOTH,
1053 .owner = THIS_MODULE,
1054 .release = l2cap_sock_release,
1055 .bind = l2cap_sock_bind,
1056 .connect = l2cap_sock_connect,
1057 .listen = l2cap_sock_listen,
1058 .accept = l2cap_sock_accept,
1059 .getname = l2cap_sock_getname,
1060 .sendmsg = l2cap_sock_sendmsg,
1061 .recvmsg = l2cap_sock_recvmsg,
1062 .poll = bt_sock_poll,
1063 .ioctl = bt_sock_ioctl,
1064 .mmap = sock_no_mmap,
1065 .socketpair = sock_no_socketpair,
1066 .shutdown = l2cap_sock_shutdown,
1067 .setsockopt = l2cap_sock_setsockopt,
1068 .getsockopt = l2cap_sock_getsockopt
1071 static const struct net_proto_family l2cap_sock_family_ops = {
1072 .family = PF_BLUETOOTH,
1073 .owner = THIS_MODULE,
1074 .create = l2cap_sock_create,
1077 int __init l2cap_init_sockets(void)
1079 int err;
1081 err = proto_register(&l2cap_proto, 0);
1082 if (err < 0)
1083 return err;
1085 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1086 if (err < 0)
1087 goto error;
1089 BT_INFO("L2CAP socket layer initialized");
1091 return 0;
1093 error:
1094 BT_ERR("L2CAP socket registration failed");
1095 proto_unregister(&l2cap_proto);
1096 return err;
1099 void l2cap_cleanup_sockets(void)
1101 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1102 BT_ERR("L2CAP socket unregistration failed");
1104 proto_unregister(&l2cap_proto);