search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
USB: cp210x: call generic open last in open
[zen-stable.git] / net / bluetooth / l2cap_sock.c
blobc61d967012b2008547767dd69cec91be0f97d30d
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26 */
27
28 /* Bluetooth L2CAP sockets. */
29
30 #include <linux/security.h>
31 #include <linux/export.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/smp.h>
37
38 static const struct proto_ops l2cap_sock_ops;
39 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
40 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio);
41
42 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
43 {
44 struct sock *sk = sock->sk;
45 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
46 struct sockaddr_l2 la;
47 int len, err = 0;
48
49 BT_DBG("sk %p", sk);
50
51 if (!addr || addr->sa_family != AF_BLUETOOTH)
52 return -EINVAL;
53
54 memset(&la, 0, sizeof(la));
55 len = min_t(unsigned int, sizeof(la), alen);
56 memcpy(&la, addr, len);
57
58 if (la.l2_cid && la.l2_psm)
59 return -EINVAL;
60
61 lock_sock(sk);
62
63 if (sk->sk_state != BT_OPEN) {
64 err = -EBADFD;
65 goto done;
66 }
67
68 if (la.l2_psm) {
69 __u16 psm = __le16_to_cpu(la.l2_psm);
70
71 /* PSM must be odd and lsb of upper byte must be 0 */
72 if ((psm & 0x0101) != 0x0001) {
73 err = -EINVAL;
74 goto done;
75 }
76
77 /* Restrict usage of well-known PSMs */
78 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
79 err = -EACCES;
80 goto done;
81 }
82 }
83
84 if (la.l2_cid)
85 err = l2cap_add_scid(chan, la.l2_cid);
86 else
87 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
88
89 if (err < 0)
90 goto done;
91
92 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
93 __le16_to_cpu(la.l2_psm) == 0x0003)
94 chan->sec_level = BT_SECURITY_SDP;
95
96 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
97
98 chan->state = BT_BOUND;
99 sk->sk_state = BT_BOUND;
100
101 done:
102 release_sock(sk);
103 return err;
104 }
105
106 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
107 {
108 struct sock *sk = sock->sk;
109 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
110 struct sockaddr_l2 la;
111 int len, err = 0;
112
113 BT_DBG("sk %p", sk);
114
115 if (!addr || alen < sizeof(addr->sa_family) ||
116 addr->sa_family != AF_BLUETOOTH)
117 return -EINVAL;
118
119 memset(&la, 0, sizeof(la));
120 len = min_t(unsigned int, sizeof(la), alen);
121 memcpy(&la, addr, len);
122
123 if (la.l2_cid && la.l2_psm)
124 return -EINVAL;
125
126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
127 if (err)
128 goto done;
129
130 err = bt_sock_wait_state(sk, BT_CONNECTED,
131 sock_sndtimeo(sk, flags & O_NONBLOCK));
132 done:
133 if (sock_owned_by_user(sk))
134 release_sock(sk);
135 return err;
136 }
137
138 static int l2cap_sock_listen(struct socket *sock, int backlog)
139 {
140 struct sock *sk = sock->sk;
141 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
142 int err = 0;
143
144 BT_DBG("sk %p backlog %d", sk, backlog);
145
146 lock_sock(sk);
147
148 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
149 || sk->sk_state != BT_BOUND) {
150 err = -EBADFD;
151 goto done;
152 }
153
154 switch (chan->mode) {
155 case L2CAP_MODE_BASIC:
156 break;
157 case L2CAP_MODE_ERTM:
158 case L2CAP_MODE_STREAMING:
159 if (!disable_ertm)
160 break;
161 /* fall through */
162 default:
163 err = -ENOTSUPP;
164 goto done;
165 }
166
167 sk->sk_max_ack_backlog = backlog;
168 sk->sk_ack_backlog = 0;
169
170 chan->state = BT_LISTEN;
171 sk->sk_state = BT_LISTEN;
172
173 done:
174 release_sock(sk);
175 return err;
176 }
177
178 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
179 {
180 DECLARE_WAITQUEUE(wait, current);
181 struct sock *sk = sock->sk, *nsk;
182 long timeo;
183 int err = 0;
184
185 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
186
187 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
188
189 BT_DBG("sk %p timeo %ld", sk, timeo);
190
191 /* Wait for an incoming connection. (wake-one). */
192 add_wait_queue_exclusive(sk_sleep(sk), &wait);
193 while (1) {
194 set_current_state(TASK_INTERRUPTIBLE);
195
196 if (sk->sk_state != BT_LISTEN) {
197 err = -EBADFD;
198 break;
199 }
200
201 nsk = bt_accept_dequeue(sk, newsock);
202 if (nsk)
203 break;
204
205 if (!timeo) {
206 err = -EAGAIN;
207 break;
208 }
209
210 if (signal_pending(current)) {
211 err = sock_intr_errno(timeo);
212 break;
213 }
214
215 release_sock(sk);
216 timeo = schedule_timeout(timeo);
217 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
218 }
219 __set_current_state(TASK_RUNNING);
220 remove_wait_queue(sk_sleep(sk), &wait);
221
222 if (err)
223 goto done;
224
225 newsock->state = SS_CONNECTED;
226
227 BT_DBG("new socket %p", nsk);
228
229 done:
230 release_sock(sk);
231 return err;
232 }
233
234 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
235 {
236 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
237 struct sock *sk = sock->sk;
238 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
239
240 BT_DBG("sock %p, sk %p", sock, sk);
241
242 addr->sa_family = AF_BLUETOOTH;
243 *len = sizeof(struct sockaddr_l2);
244
245 if (peer) {
246 la->l2_psm = chan->psm;
247 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
248 la->l2_cid = cpu_to_le16(chan->dcid);
249 } else {
250 la->l2_psm = chan->sport;
251 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
252 la->l2_cid = cpu_to_le16(chan->scid);
253 }
254
255 return 0;
256 }
257
258 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
259 {
260 struct sock *sk = sock->sk;
261 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
262 struct l2cap_options opts;
263 struct l2cap_conninfo cinfo;
264 int len, err = 0;
265 u32 opt;
266
267 BT_DBG("sk %p", sk);
268
269 if (get_user(len, optlen))
270 return -EFAULT;
271
272 lock_sock(sk);
273
274 switch (optname) {
275 case L2CAP_OPTIONS:
276 memset(&opts, 0, sizeof(opts));
277 opts.imtu = chan->imtu;
278 opts.omtu = chan->omtu;
279 opts.flush_to = chan->flush_to;
280 opts.mode = chan->mode;
281 opts.fcs = chan->fcs;
282 opts.max_tx = chan->max_tx;
283 opts.txwin_size = chan->tx_win;
284
285 len = min_t(unsigned int, len, sizeof(opts));
286 if (copy_to_user(optval, (char *) &opts, len))
287 err = -EFAULT;
288
289 break;
290
291 case L2CAP_LM:
292 switch (chan->sec_level) {
293 case BT_SECURITY_LOW:
294 opt = L2CAP_LM_AUTH;
295 break;
296 case BT_SECURITY_MEDIUM:
297 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
298 break;
299 case BT_SECURITY_HIGH:
300 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
301 L2CAP_LM_SECURE;
302 break;
303 default:
304 opt = 0;
305 break;
306 }
307
308 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
309 opt |= L2CAP_LM_MASTER;
310
311 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
312 opt |= L2CAP_LM_RELIABLE;
313
314 if (put_user(opt, (u32 __user *) optval))
315 err = -EFAULT;
316 break;
317
318 case L2CAP_CONNINFO:
319 if (sk->sk_state != BT_CONNECTED &&
320 !(sk->sk_state == BT_CONNECT2 &&
321 bt_sk(sk)->defer_setup)) {
322 err = -ENOTCONN;
323 break;
324 }
325
326 memset(&cinfo, 0, sizeof(cinfo));
327 cinfo.hci_handle = chan->conn->hcon->handle;
328 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
329
330 len = min_t(unsigned int, len, sizeof(cinfo));
331 if (copy_to_user(optval, (char *) &cinfo, len))
332 err = -EFAULT;
333
334 break;
335
336 default:
337 err = -ENOPROTOOPT;
338 break;
339 }
340
341 release_sock(sk);
342 return err;
343 }
344
345 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
346 {
347 struct sock *sk = sock->sk;
348 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349 struct bt_security sec;
350 struct bt_power pwr;
351 int len, err = 0;
352
353 BT_DBG("sk %p", sk);
354
355 if (level == SOL_L2CAP)
356 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
357
358 if (level != SOL_BLUETOOTH)
359 return -ENOPROTOOPT;
360
361 if (get_user(len, optlen))
362 return -EFAULT;
363
364 lock_sock(sk);
365
366 switch (optname) {
367 case BT_SECURITY:
368 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
369 chan->chan_type != L2CAP_CHAN_RAW) {
370 err = -EINVAL;
371 break;
372 }
373
374 memset(&sec, 0, sizeof(sec));
375 sec.level = chan->sec_level;
376
377 if (sk->sk_state == BT_CONNECTED)
378 sec.key_size = chan->conn->hcon->enc_key_size;
379
380 len = min_t(unsigned int, len, sizeof(sec));
381 if (copy_to_user(optval, (char *) &sec, len))
382 err = -EFAULT;
383
384 break;
385
386 case BT_DEFER_SETUP:
387 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
388 err = -EINVAL;
389 break;
390 }
391
392 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
393 err = -EFAULT;
394
395 break;
396
397 case BT_FLUSHABLE:
398 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
399 (u32 __user *) optval))
400 err = -EFAULT;
401
402 break;
403
404 case BT_POWER:
405 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
406 && sk->sk_type != SOCK_RAW) {
407 err = -EINVAL;
408 break;
409 }
410
411 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
412
413 len = min_t(unsigned int, len, sizeof(pwr));
414 if (copy_to_user(optval, (char *) &pwr, len))
415 err = -EFAULT;
416
417 break;
418
419 case BT_CHANNEL_POLICY:
420 if (!enable_hs) {
421 err = -ENOPROTOOPT;
422 break;
423 }
424
425 if (put_user(chan->chan_policy, (u32 __user *) optval))
426 err = -EFAULT;
427 break;
428
429 default:
430 err = -ENOPROTOOPT;
431 break;
432 }
433
434 release_sock(sk);
435 return err;
436 }
437
438 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
439 {
440 struct sock *sk = sock->sk;
441 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
442 struct l2cap_options opts;
443 int len, err = 0;
444 u32 opt;
445
446 BT_DBG("sk %p", sk);
447
448 lock_sock(sk);
449
450 switch (optname) {
451 case L2CAP_OPTIONS:
452 if (sk->sk_state == BT_CONNECTED) {
453 err = -EINVAL;
454 break;
455 }
456
457 opts.imtu = chan->imtu;
458 opts.omtu = chan->omtu;
459 opts.flush_to = chan->flush_to;
460 opts.mode = chan->mode;
461 opts.fcs = chan->fcs;
462 opts.max_tx = chan->max_tx;
463 opts.txwin_size = chan->tx_win;
464
465 len = min_t(unsigned int, sizeof(opts), optlen);
466 if (copy_from_user((char *) &opts, optval, len)) {
467 err = -EFAULT;
468 break;
469 }
470
471 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
472 err = -EINVAL;
473 break;
474 }
475
476 chan->mode = opts.mode;
477 switch (chan->mode) {
478 case L2CAP_MODE_BASIC:
479 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
480 break;
481 case L2CAP_MODE_ERTM:
482 case L2CAP_MODE_STREAMING:
483 if (!disable_ertm)
484 break;
485 /* fall through */
486 default:
487 err = -EINVAL;
488 break;
489 }
490
491 chan->imtu = opts.imtu;
492 chan->omtu = opts.omtu;
493 chan->fcs = opts.fcs;
494 chan->max_tx = opts.max_tx;
495 chan->tx_win = opts.txwin_size;
496 break;
497
498 case L2CAP_LM:
499 if (get_user(opt, (u32 __user *) optval)) {
500 err = -EFAULT;
501 break;
502 }
503
504 if (opt & L2CAP_LM_AUTH)
505 chan->sec_level = BT_SECURITY_LOW;
506 if (opt & L2CAP_LM_ENCRYPT)
507 chan->sec_level = BT_SECURITY_MEDIUM;
508 if (opt & L2CAP_LM_SECURE)
509 chan->sec_level = BT_SECURITY_HIGH;
510
511 if (opt & L2CAP_LM_MASTER)
512 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
513 else
514 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
515
516 if (opt & L2CAP_LM_RELIABLE)
517 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
518 else
519 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
520 break;
521
522 default:
523 err = -ENOPROTOOPT;
524 break;
525 }
526
527 release_sock(sk);
528 return err;
529 }
530
531 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
532 {
533 struct sock *sk = sock->sk;
534 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
535 struct bt_security sec;
536 struct bt_power pwr;
537 struct l2cap_conn *conn;
538 int len, err = 0;
539 u32 opt;
540
541 BT_DBG("sk %p", sk);
542
543 if (level == SOL_L2CAP)
544 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
545
546 if (level != SOL_BLUETOOTH)
547 return -ENOPROTOOPT;
548
549 lock_sock(sk);
550
551 switch (optname) {
552 case BT_SECURITY:
553 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
554 chan->chan_type != L2CAP_CHAN_RAW) {
555 err = -EINVAL;
556 break;
557 }
558
559 sec.level = BT_SECURITY_LOW;
560
561 len = min_t(unsigned int, sizeof(sec), optlen);
562 if (copy_from_user((char *) &sec, optval, len)) {
563 err = -EFAULT;
564 break;
565 }
566
567 if (sec.level < BT_SECURITY_LOW ||
568 sec.level > BT_SECURITY_HIGH) {
569 err = -EINVAL;
570 break;
571 }
572
573 chan->sec_level = sec.level;
574
575 if (!chan->conn)
576 break;
577
578 conn = chan->conn;
579
580 /*change security for LE channels */
581 if (chan->scid == L2CAP_CID_LE_DATA) {
582 if (!conn->hcon->out) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (smp_conn_security(conn, sec.level))
588 break;
589 sk->sk_state = BT_CONFIG;
590 chan->state = BT_CONFIG;
591
592 /* or for ACL link, under defer_setup time */
593 } else if (sk->sk_state == BT_CONNECT2 &&
594 bt_sk(sk)->defer_setup) {
595 err = l2cap_chan_check_security(chan);
596 } else {
597 err = -EINVAL;
598 }
599 break;
600
601 case BT_DEFER_SETUP:
602 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
603 err = -EINVAL;
604 break;
605 }
606
607 if (get_user(opt, (u32 __user *) optval)) {
608 err = -EFAULT;
609 break;
610 }
611
612 bt_sk(sk)->defer_setup = opt;
613 break;
614
615 case BT_FLUSHABLE:
616 if (get_user(opt, (u32 __user *) optval)) {
617 err = -EFAULT;
618 break;
619 }
620
621 if (opt > BT_FLUSHABLE_ON) {
622 err = -EINVAL;
623 break;
624 }
625
626 if (opt == BT_FLUSHABLE_OFF) {
627 struct l2cap_conn *conn = chan->conn;
628 /* proceed further only when we have l2cap_conn and
629 No Flush support in the LM */
630 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
631 err = -EINVAL;
632 break;
633 }
634 }
635
636 if (opt)
637 set_bit(FLAG_FLUSHABLE, &chan->flags);
638 else
639 clear_bit(FLAG_FLUSHABLE, &chan->flags);
640 break;
641
642 case BT_POWER:
643 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
644 chan->chan_type != L2CAP_CHAN_RAW) {
645 err = -EINVAL;
646 break;
647 }
648
649 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
650
651 len = min_t(unsigned int, sizeof(pwr), optlen);
652 if (copy_from_user((char *) &pwr, optval, len)) {
653 err = -EFAULT;
654 break;
655 }
656
657 if (pwr.force_active)
658 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
659 else
660 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
661 break;
662
663 case BT_CHANNEL_POLICY:
664 if (!enable_hs) {
665 err = -ENOPROTOOPT;
666 break;
667 }
668
669 if (get_user(opt, (u32 __user *) optval)) {
670 err = -EFAULT;
671 break;
672 }
673
674 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
675 err = -EINVAL;
676 break;
677 }
678
679 if (chan->mode != L2CAP_MODE_ERTM &&
680 chan->mode != L2CAP_MODE_STREAMING) {
681 err = -EOPNOTSUPP;
682 break;
683 }
684
685 chan->chan_policy = (u8) opt;
686 break;
687
688 default:
689 err = -ENOPROTOOPT;
690 break;
691 }
692
693 release_sock(sk);
694 return err;
695 }
696
697 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
698 {
699 struct sock *sk = sock->sk;
700 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
701 int err;
702
703 BT_DBG("sock %p, sk %p", sock, sk);
704
705 err = sock_error(sk);
706 if (err)
707 return err;
708
709 if (msg->msg_flags & MSG_OOB)
710 return -EOPNOTSUPP;
711
712 lock_sock(sk);
713
714 if (sk->sk_state != BT_CONNECTED) {
715 release_sock(sk);
716 return -ENOTCONN;
717 }
718
719 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
720
721 release_sock(sk);
722 return err;
723 }
724
725 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
726 {
727 struct sock *sk = sock->sk;
728 struct l2cap_pinfo *pi = l2cap_pi(sk);
729 int err;
730
731 lock_sock(sk);
732
733 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
734 sk->sk_state = BT_CONFIG;
735 pi->chan->state = BT_CONFIG;
736
737 __l2cap_connect_rsp_defer(pi->chan);
738 release_sock(sk);
739 return 0;
740 }
741
742 release_sock(sk);
743
744 if (sock->type == SOCK_STREAM)
745 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
746 else
747 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
748
749 if (pi->chan->mode != L2CAP_MODE_ERTM)
750 return err;
751
752 /* Attempt to put pending rx data in the socket buffer */
753
754 lock_sock(sk);
755
756 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
757 goto done;
758
759 if (pi->rx_busy_skb) {
760 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
761 pi->rx_busy_skb = NULL;
762 else
763 goto done;
764 }
765
766 /* Restore data flow when half of the receive buffer is
767 * available. This avoids resending large numbers of
768 * frames.
769 */
770 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
771 l2cap_chan_busy(pi->chan, 0);
772
773 done:
774 release_sock(sk);
775 return err;
776 }
777
778 /* Kill socket (only if zapped and orphan)
779 * Must be called on unlocked socket.
780 */
781 static void l2cap_sock_kill(struct sock *sk)
782 {
783 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
784 return;
785
786 BT_DBG("sk %p state %d", sk, sk->sk_state);
787
788 /* Kill poor orphan */
789
790 l2cap_chan_destroy(l2cap_pi(sk)->chan);
791 sock_set_flag(sk, SOCK_DEAD);
792 sock_put(sk);
793 }
794
795 static int l2cap_sock_shutdown(struct socket *sock, int how)
796 {
797 struct sock *sk = sock->sk;
798 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
799 int err = 0;
800
801 BT_DBG("sock %p, sk %p", sock, sk);
802
803 if (!sk)
804 return 0;
805
806 lock_sock(sk);
807 if (!sk->sk_shutdown) {
808 if (chan->mode == L2CAP_MODE_ERTM)
809 err = __l2cap_wait_ack(sk);
810
811 sk->sk_shutdown = SHUTDOWN_MASK;
812 l2cap_chan_close(chan, 0);
813
814 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
815 err = bt_sock_wait_state(sk, BT_CLOSED,
816 sk->sk_lingertime);
817 }
818
819 if (!err && sk->sk_err)
820 err = -sk->sk_err;
821
822 release_sock(sk);
823 return err;
824 }
825
826 static int l2cap_sock_release(struct socket *sock)
827 {
828 struct sock *sk = sock->sk;
829 int err;
830
831 BT_DBG("sock %p, sk %p", sock, sk);
832
833 if (!sk)
834 return 0;
835
836 err = l2cap_sock_shutdown(sock, 2);
837
838 sock_orphan(sk);
839 l2cap_sock_kill(sk);
840 return err;
841 }
842
843 static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
844 {
845 struct sock *sk, *parent = data;
846
847 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
848 GFP_ATOMIC);
849 if (!sk)
850 return NULL;
851
852 l2cap_sock_init(sk, parent);
853
854 return l2cap_pi(sk)->chan;
855 }
856
857 static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
858 {
859 int err;
860 struct sock *sk = data;
861 struct l2cap_pinfo *pi = l2cap_pi(sk);
862
863 if (pi->rx_busy_skb)
864 return -ENOMEM;
865
866 err = sock_queue_rcv_skb(sk, skb);
867
868 /* For ERTM, handle one skb that doesn't fit into the recv
869 * buffer. This is important to do because the data frames
870 * have already been acked, so the skb cannot be discarded.
871 *
872 * Notify the l2cap core that the buffer is full, so the
873 * LOCAL_BUSY state is entered and no more frames are
874 * acked and reassembled until there is buffer space
875 * available.
876 */
877 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) {
878 pi->rx_busy_skb = skb;
879 l2cap_chan_busy(pi->chan, 1);
880 err = 0;
881 }
882
883 return err;
884 }
885
886 static void l2cap_sock_close_cb(void *data)
887 {
888 struct sock *sk = data;
889
890 l2cap_sock_kill(sk);
891 }
892
893 static void l2cap_sock_state_change_cb(void *data, int state)
894 {
895 struct sock *sk = data;
896
897 sk->sk_state = state;
898 }
899
900 static struct l2cap_ops l2cap_chan_ops = {
901 .name = "L2CAP Socket Interface",
902 .new_connection = l2cap_sock_new_connection_cb,
903 .recv = l2cap_sock_recv_cb,
904 .close = l2cap_sock_close_cb,
905 .state_change = l2cap_sock_state_change_cb,
906 };
907
908 static void l2cap_sock_destruct(struct sock *sk)
909 {
910 BT_DBG("sk %p", sk);
911
912 if (l2cap_pi(sk)->rx_busy_skb) {
913 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
914 l2cap_pi(sk)->rx_busy_skb = NULL;
915 }
916
917 skb_queue_purge(&sk->sk_receive_queue);
918 skb_queue_purge(&sk->sk_write_queue);
919 }
920
921 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
922 {
923 struct l2cap_pinfo *pi = l2cap_pi(sk);
924 struct l2cap_chan *chan = pi->chan;
925
926 BT_DBG("sk %p", sk);
927
928 if (parent) {
929 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
930
931 sk->sk_type = parent->sk_type;
932 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
933
934 chan->chan_type = pchan->chan_type;
935 chan->imtu = pchan->imtu;
936 chan->omtu = pchan->omtu;
937 chan->conf_state = pchan->conf_state;
938 chan->mode = pchan->mode;
939 chan->fcs = pchan->fcs;
940 chan->max_tx = pchan->max_tx;
941 chan->tx_win = pchan->tx_win;
942 chan->tx_win_max = pchan->tx_win_max;
943 chan->sec_level = pchan->sec_level;
944 chan->flags = pchan->flags;
945
946 security_sk_clone(parent, sk);
947 } else {
948
949 switch (sk->sk_type) {
950 case SOCK_RAW:
951 chan->chan_type = L2CAP_CHAN_RAW;
952 break;
953 case SOCK_DGRAM:
954 chan->chan_type = L2CAP_CHAN_CONN_LESS;
955 break;
956 case SOCK_SEQPACKET:
957 case SOCK_STREAM:
958 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
959 break;
960 }
961
962 chan->imtu = L2CAP_DEFAULT_MTU;
963 chan->omtu = 0;
964 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
965 chan->mode = L2CAP_MODE_ERTM;
966 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
967 } else {
968 chan->mode = L2CAP_MODE_BASIC;
969 }
970 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
971 chan->fcs = L2CAP_FCS_CRC16;
972 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
973 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
974 chan->sec_level = BT_SECURITY_LOW;
975 chan->flags = 0;
976 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
977 }
978
979 /* Default config options */
980 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
981
982 chan->data = sk;
983 chan->ops = &l2cap_chan_ops;
984 }
985
986 static struct proto l2cap_proto = {
987 .name = "L2CAP",
988 .owner = THIS_MODULE,
989 .obj_size = sizeof(struct l2cap_pinfo)
990 };
991
992 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
993 {
994 struct sock *sk;
995 struct l2cap_chan *chan;
996
997 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
998 if (!sk)
999 return NULL;
1000
1001 sock_init_data(sock, sk);
1002 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1003
1004 sk->sk_destruct = l2cap_sock_destruct;
1005 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1006
1007 sock_reset_flag(sk, SOCK_ZAPPED);
1008
1009 sk->sk_protocol = proto;
1010 sk->sk_state = BT_OPEN;
1011
1012 chan = l2cap_chan_create(sk);
1013 if (!chan) {
1014 l2cap_sock_kill(sk);
1015 return NULL;
1016 }
1017
1018 l2cap_pi(sk)->chan = chan;
1019
1020 return sk;
1021 }
1022
1023 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1024 int kern)
1025 {
1026 struct sock *sk;
1027
1028 BT_DBG("sock %p", sock);
1029
1030 sock->state = SS_UNCONNECTED;
1031
1032 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1033 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1034 return -ESOCKTNOSUPPORT;
1035
1036 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1037 return -EPERM;
1038
1039 sock->ops = &l2cap_sock_ops;
1040
1041 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1042 if (!sk)
1043 return -ENOMEM;
1044
1045 l2cap_sock_init(sk, NULL);
1046 return 0;
1047 }
1048
1049 static const struct proto_ops l2cap_sock_ops = {
1050 .family = PF_BLUETOOTH,
1051 .owner = THIS_MODULE,
1052 .release = l2cap_sock_release,
1053 .bind = l2cap_sock_bind,
1054 .connect = l2cap_sock_connect,
1055 .listen = l2cap_sock_listen,
1056 .accept = l2cap_sock_accept,
1057 .getname = l2cap_sock_getname,
1058 .sendmsg = l2cap_sock_sendmsg,
1059 .recvmsg = l2cap_sock_recvmsg,
1060 .poll = bt_sock_poll,
1061 .ioctl = bt_sock_ioctl,
1062 .mmap = sock_no_mmap,
1063 .socketpair = sock_no_socketpair,
1064 .shutdown = l2cap_sock_shutdown,
1065 .setsockopt = l2cap_sock_setsockopt,
1066 .getsockopt = l2cap_sock_getsockopt
1067 };
1068
1069 static const struct net_proto_family l2cap_sock_family_ops = {
1070 .family = PF_BLUETOOTH,
1071 .owner = THIS_MODULE,
1072 .create = l2cap_sock_create,
1073 };
1074
1075 int __init l2cap_init_sockets(void)
1076 {
1077 int err;
1078
1079 err = proto_register(&l2cap_proto, 0);
1080 if (err < 0)
1081 return err;
1082
1083 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1084 if (err < 0)
1085 goto error;
1086
1087 BT_INFO("L2CAP socket layer initialized");
1088
1089 return 0;
1090
1091 error:
1092 BT_ERR("L2CAP socket registration failed");
1093 proto_unregister(&l2cap_proto);
1094 return err;
1095 }
1096
1097 void l2cap_cleanup_sockets(void)
1098 {
1099 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
1100 BT_ERR("L2CAP socket unregistration failed");
1101
1102 proto_unregister(&l2cap_proto);
1103 }