Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / kernel / linux / v4.14 / net / bluetooth / l2cap_sock.c
blob: 511a1da6ca9712cd559cb9a90d4b0d5ae194d19a [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79}
80
81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170done:
171 release_sock(sk);
172 return err;
173}
174
175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177{
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251}
252
253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
283 err = -EOPNOTSUPP;
284 goto done;
285 }
286
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
289
290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
306{
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
320 while (1) {
321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
323 break;
324 }
325
326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
329
330 if (!timeo) {
331 err = -EAGAIN;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339
340 release_sock(sk);
341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345 }
346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int *len, int peer)
362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
372 return -ENOTCONN;
373
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376 *len = sizeof(struct sockaddr_l2);
377
378 la->l2_psm = chan->psm;
379
380 if (peer) {
381 bacpy(&la->l2_bdaddr, &chan->dst);
382 la->l2_cid = cpu_to_le16(chan->dcid);
383 la->l2_bdaddr_type = chan->dst_type;
384 } else {
385 bacpy(&la->l2_bdaddr, &chan->src);
386 la->l2_cid = cpu_to_le16(chan->scid);
387 la->l2_bdaddr_type = chan->src_type;
388 }
389
390 return 0;
391}
392
393static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
394 char __user *optval, int __user *optlen)
395{
396 struct sock *sk = sock->sk;
397 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
398 struct l2cap_options opts;
399 struct l2cap_conninfo cinfo;
400 int len, err = 0;
401 u32 opt;
402
403 BT_DBG("sk %p", sk);
404
405 if (get_user(len, optlen))
406 return -EFAULT;
407
408 lock_sock(sk);
409
410 switch (optname) {
411 case L2CAP_OPTIONS:
412 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
413 * legacy ATT code depends on getsockopt for
414 * L2CAP_OPTIONS we need to let this pass.
415 */
416 if (bdaddr_type_is_le(chan->src_type) &&
417 chan->scid != L2CAP_CID_ATT) {
418 err = -EINVAL;
419 break;
420 }
421
422 memset(&opts, 0, sizeof(opts));
423 opts.imtu = chan->imtu;
424 opts.omtu = chan->omtu;
425 opts.flush_to = chan->flush_to;
426 opts.mode = chan->mode;
427 opts.fcs = chan->fcs;
428 opts.max_tx = chan->max_tx;
429 opts.txwin_size = chan->tx_win;
430
431 len = min_t(unsigned int, len, sizeof(opts));
432 if (copy_to_user(optval, (char *) &opts, len))
433 err = -EFAULT;
434
435 break;
436
437 case L2CAP_LM:
438 switch (chan->sec_level) {
439 case BT_SECURITY_LOW:
440 opt = L2CAP_LM_AUTH;
441 break;
442 case BT_SECURITY_MEDIUM:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
444 break;
445 case BT_SECURITY_HIGH:
446 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
447 L2CAP_LM_SECURE;
448 break;
449 case BT_SECURITY_FIPS:
450 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
451 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
452 break;
453 default:
454 opt = 0;
455 break;
456 }
457
458 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
459 opt |= L2CAP_LM_MASTER;
460
461 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
462 opt |= L2CAP_LM_RELIABLE;
463
464 if (put_user(opt, (u32 __user *) optval))
465 err = -EFAULT;
466
467 break;
468
469 case L2CAP_CONNINFO:
470 if (sk->sk_state != BT_CONNECTED &&
471 !(sk->sk_state == BT_CONNECT2 &&
472 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
473 err = -ENOTCONN;
474 break;
475 }
476
477 memset(&cinfo, 0, sizeof(cinfo));
478 cinfo.hci_handle = chan->conn->hcon->handle;
479 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
480
481 len = min_t(unsigned int, len, sizeof(cinfo));
482 if (copy_to_user(optval, (char *) &cinfo, len))
483 err = -EFAULT;
484
485 break;
486
487 default:
488 err = -ENOPROTOOPT;
489 break;
490 }
491
492 release_sock(sk);
493 return err;
494}
495
496static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
497 char __user *optval, int __user *optlen)
498{
499 struct sock *sk = sock->sk;
500 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
501 struct bt_security sec;
502 struct bt_power pwr;
503 int len, err = 0;
504
505 BT_DBG("sk %p", sk);
506
507 if (level == SOL_L2CAP)
508 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
509
510 if (level != SOL_BLUETOOTH)
511 return -ENOPROTOOPT;
512
513 if (get_user(len, optlen))
514 return -EFAULT;
515
516 lock_sock(sk);
517
518 switch (optname) {
519 case BT_SECURITY:
520 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
521 chan->chan_type != L2CAP_CHAN_FIXED &&
522 chan->chan_type != L2CAP_CHAN_RAW) {
523 err = -EINVAL;
524 break;
525 }
526
527 memset(&sec, 0, sizeof(sec));
528 if (chan->conn) {
529 sec.level = chan->conn->hcon->sec_level;
530
531 if (sk->sk_state == BT_CONNECTED)
532 sec.key_size = chan->conn->hcon->enc_key_size;
533 } else {
534 sec.level = chan->sec_level;
535 }
536
537 len = min_t(unsigned int, len, sizeof(sec));
538 if (copy_to_user(optval, (char *) &sec, len))
539 err = -EFAULT;
540
541 break;
542
543 case BT_DEFER_SETUP:
544 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
545 err = -EINVAL;
546 break;
547 }
548
549 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
550 (u32 __user *) optval))
551 err = -EFAULT;
552
553 break;
554
555 case BT_FLUSHABLE:
556 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
557 (u32 __user *) optval))
558 err = -EFAULT;
559
560 break;
561
562 case BT_POWER:
563 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
564 && sk->sk_type != SOCK_RAW) {
565 err = -EINVAL;
566 break;
567 }
568
569 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
570
571 len = min_t(unsigned int, len, sizeof(pwr));
572 if (copy_to_user(optval, (char *) &pwr, len))
573 err = -EFAULT;
574
575 break;
576
577 case BT_CHANNEL_POLICY:
578 if (put_user(chan->chan_policy, (u32 __user *) optval))
579 err = -EFAULT;
580 break;
581
582 case BT_SNDMTU:
583 if (!bdaddr_type_is_le(chan->src_type)) {
584 err = -EINVAL;
585 break;
586 }
587
588 if (sk->sk_state != BT_CONNECTED) {
589 err = -ENOTCONN;
590 break;
591 }
592
593 if (put_user(chan->omtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
597 case BT_RCVMTU:
598 if (!bdaddr_type_is_le(chan->src_type)) {
599 err = -EINVAL;
600 break;
601 }
602
603 if (put_user(chan->imtu, (u16 __user *) optval))
604 err = -EFAULT;
605 break;
606
607 default:
608 err = -ENOPROTOOPT;
609 break;
610 }
611
612 release_sock(sk);
613 return err;
614}
615
616static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
617{
618 switch (chan->scid) {
619 case L2CAP_CID_ATT:
620 if (mtu < L2CAP_LE_MIN_MTU)
621 return false;
622 break;
623
624 default:
625 if (mtu < L2CAP_DEFAULT_MIN_MTU)
626 return false;
627 }
628
629 return true;
630}
631
632static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
633 char __user *optval, unsigned int optlen)
634{
635 struct sock *sk = sock->sk;
636 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
637 struct l2cap_options opts;
638 int len, err = 0;
639 u32 opt;
640
641 BT_DBG("sk %p", sk);
642
643 lock_sock(sk);
644
645 switch (optname) {
646 case L2CAP_OPTIONS:
647 if (bdaddr_type_is_le(chan->src_type)) {
648 err = -EINVAL;
649 break;
650 }
651
652 if (sk->sk_state == BT_CONNECTED) {
653 err = -EINVAL;
654 break;
655 }
656
657 opts.imtu = chan->imtu;
658 opts.omtu = chan->omtu;
659 opts.flush_to = chan->flush_to;
660 opts.mode = chan->mode;
661 opts.fcs = chan->fcs;
662 opts.max_tx = chan->max_tx;
663 opts.txwin_size = chan->tx_win;
664
665 len = min_t(unsigned int, sizeof(opts), optlen);
666 if (copy_from_user((char *) &opts, optval, len)) {
667 err = -EFAULT;
668 break;
669 }
670
671 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
672 err = -EINVAL;
673 break;
674 }
675
676 if (!l2cap_valid_mtu(chan, opts.imtu)) {
677 err = -EINVAL;
678 break;
679 }
680
681 chan->mode = opts.mode;
682 switch (chan->mode) {
683 case L2CAP_MODE_LE_FLOWCTL:
684 break;
685 case L2CAP_MODE_BASIC:
686 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
687 break;
688 case L2CAP_MODE_ERTM:
689 case L2CAP_MODE_STREAMING:
690 if (!disable_ertm)
691 break;
692 /* fall through */
693 default:
694 err = -EINVAL;
695 break;
696 }
697
698 chan->imtu = opts.imtu;
699 chan->omtu = opts.omtu;
700 chan->fcs = opts.fcs;
701 chan->max_tx = opts.max_tx;
702 chan->tx_win = opts.txwin_size;
703 chan->flush_to = opts.flush_to;
704 break;
705
706 case L2CAP_LM:
707 if (get_user(opt, (u32 __user *) optval)) {
708 err = -EFAULT;
709 break;
710 }
711
712 if (opt & L2CAP_LM_FIPS) {
713 err = -EINVAL;
714 break;
715 }
716
717 if (opt & L2CAP_LM_AUTH)
718 chan->sec_level = BT_SECURITY_LOW;
719 if (opt & L2CAP_LM_ENCRYPT)
720 chan->sec_level = BT_SECURITY_MEDIUM;
721 if (opt & L2CAP_LM_SECURE)
722 chan->sec_level = BT_SECURITY_HIGH;
723
724 if (opt & L2CAP_LM_MASTER)
725 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
726 else
727 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
728
729 if (opt & L2CAP_LM_RELIABLE)
730 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 else
732 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
733 break;
734
735 default:
736 err = -ENOPROTOOPT;
737 break;
738 }
739
740 release_sock(sk);
741 return err;
742}
743
744static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
745 char __user *optval, unsigned int optlen)
746{
747 struct sock *sk = sock->sk;
748 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
749 struct bt_security sec;
750 struct bt_power pwr;
751 struct l2cap_conn *conn;
752 int len, err = 0;
753 u32 opt;
754
755 BT_DBG("sk %p", sk);
756
757 if (level == SOL_L2CAP)
758 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
759
760 if (level != SOL_BLUETOOTH)
761 return -ENOPROTOOPT;
762
763 lock_sock(sk);
764
765 switch (optname) {
766 case BT_SECURITY:
767 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
768 chan->chan_type != L2CAP_CHAN_FIXED &&
769 chan->chan_type != L2CAP_CHAN_RAW) {
770 err = -EINVAL;
771 break;
772 }
773
774 sec.level = BT_SECURITY_LOW;
775
776 len = min_t(unsigned int, sizeof(sec), optlen);
777 if (copy_from_user((char *) &sec, optval, len)) {
778 err = -EFAULT;
779 break;
780 }
781
782 if (sec.level < BT_SECURITY_LOW ||
783 sec.level > BT_SECURITY_FIPS) {
784 err = -EINVAL;
785 break;
786 }
787
788 chan->sec_level = sec.level;
789
790 if (!chan->conn)
791 break;
792
793 conn = chan->conn;
794
795 /*change security for LE channels */
796 if (chan->scid == L2CAP_CID_ATT) {
797 if (smp_conn_security(conn->hcon, sec.level))
798 break;
799 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
800 sk->sk_state = BT_CONFIG;
801 chan->state = BT_CONFIG;
802
803 /* or for ACL link */
804 } else if ((sk->sk_state == BT_CONNECT2 &&
805 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
806 sk->sk_state == BT_CONNECTED) {
807 if (!l2cap_chan_check_security(chan, true))
808 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
809 else
810 sk->sk_state_change(sk);
811 } else {
812 err = -EINVAL;
813 }
814 break;
815
816 case BT_DEFER_SETUP:
817 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
818 err = -EINVAL;
819 break;
820 }
821
822 if (get_user(opt, (u32 __user *) optval)) {
823 err = -EFAULT;
824 break;
825 }
826
827 if (opt) {
828 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
829 set_bit(FLAG_DEFER_SETUP, &chan->flags);
830 } else {
831 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
833 }
834 break;
835
836 case BT_FLUSHABLE:
837 if (get_user(opt, (u32 __user *) optval)) {
838 err = -EFAULT;
839 break;
840 }
841
842 if (opt > BT_FLUSHABLE_ON) {
843 err = -EINVAL;
844 break;
845 }
846
847 if (opt == BT_FLUSHABLE_OFF) {
848 conn = chan->conn;
849 /* proceed further only when we have l2cap_conn and
850 No Flush support in the LM */
851 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
852 err = -EINVAL;
853 break;
854 }
855 }
856
857 if (opt)
858 set_bit(FLAG_FLUSHABLE, &chan->flags);
859 else
860 clear_bit(FLAG_FLUSHABLE, &chan->flags);
861 break;
862
863 case BT_POWER:
864 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
865 chan->chan_type != L2CAP_CHAN_RAW) {
866 err = -EINVAL;
867 break;
868 }
869
870 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
871
872 len = min_t(unsigned int, sizeof(pwr), optlen);
873 if (copy_from_user((char *) &pwr, optval, len)) {
874 err = -EFAULT;
875 break;
876 }
877
878 if (pwr.force_active)
879 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 else
881 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882 break;
883
884 case BT_CHANNEL_POLICY:
885 if (get_user(opt, (u32 __user *) optval)) {
886 err = -EFAULT;
887 break;
888 }
889
890 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
891 err = -EINVAL;
892 break;
893 }
894
895 if (chan->mode != L2CAP_MODE_ERTM &&
896 chan->mode != L2CAP_MODE_STREAMING) {
897 err = -EOPNOTSUPP;
898 break;
899 }
900
901 chan->chan_policy = (u8) opt;
902
903 if (sk->sk_state == BT_CONNECTED &&
904 chan->move_role == L2CAP_MOVE_ROLE_NONE)
905 l2cap_move_start(chan);
906
907 break;
908
909 case BT_SNDMTU:
910 if (!bdaddr_type_is_le(chan->src_type)) {
911 err = -EINVAL;
912 break;
913 }
914
915 /* Setting is not supported as it's the remote side that
916 * decides this.
917 */
918 err = -EPERM;
919 break;
920
921 case BT_RCVMTU:
922 if (!bdaddr_type_is_le(chan->src_type)) {
923 err = -EINVAL;
924 break;
925 }
926
927 if (sk->sk_state == BT_CONNECTED) {
928 err = -EISCONN;
929 break;
930 }
931
932 if (get_user(opt, (u16 __user *) optval)) {
933 err = -EFAULT;
934 break;
935 }
936
937 chan->imtu = opt;
938 break;
939
940 default:
941 err = -ENOPROTOOPT;
942 break;
943 }
944
945 release_sock(sk);
946 return err;
947}
948
949static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
950 size_t len)
951{
952 struct sock *sk = sock->sk;
953 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
954 int err;
955
956 BT_DBG("sock %p, sk %p", sock, sk);
957
958 err = sock_error(sk);
959 if (err)
960 return err;
961
962 if (msg->msg_flags & MSG_OOB)
963 return -EOPNOTSUPP;
964
965 if (sk->sk_state != BT_CONNECTED)
966 return -ENOTCONN;
967
968 lock_sock(sk);
969 err = bt_sock_wait_ready(sk, msg->msg_flags);
970 release_sock(sk);
971 if (err)
972 return err;
973
974 l2cap_chan_lock(chan);
975 err = l2cap_chan_send(chan, msg, len);
976 l2cap_chan_unlock(chan);
977
978 return err;
979}
980
981static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
982 size_t len, int flags)
983{
984 struct sock *sk = sock->sk;
985 struct l2cap_pinfo *pi = l2cap_pi(sk);
986 int err;
987
988 lock_sock(sk);
989
990 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
991 &bt_sk(sk)->flags)) {
992 if (bdaddr_type_is_le(pi->chan->src_type)) {
993 sk->sk_state = BT_CONNECTED;
994 pi->chan->state = BT_CONNECTED;
995 __l2cap_le_connect_rsp_defer(pi->chan);
996 } else {
997 sk->sk_state = BT_CONFIG;
998 pi->chan->state = BT_CONFIG;
999 __l2cap_connect_rsp_defer(pi->chan);
1000 }
1001
1002 err = 0;
1003 goto done;
1004 }
1005
1006 release_sock(sk);
1007
1008 if (sock->type == SOCK_STREAM)
1009 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1010 else
1011 err = bt_sock_recvmsg(sock, msg, len, flags);
1012
1013 if (pi->chan->mode != L2CAP_MODE_ERTM)
1014 return err;
1015
1016 /* Attempt to put pending rx data in the socket buffer */
1017
1018 lock_sock(sk);
1019
1020 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1021 goto done;
1022
1023 if (pi->rx_busy_skb) {
1024 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1025 pi->rx_busy_skb = NULL;
1026 else
1027 goto done;
1028 }
1029
1030 /* Restore data flow when half of the receive buffer is
1031 * available. This avoids resending large numbers of
1032 * frames.
1033 */
1034 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1035 l2cap_chan_busy(pi->chan, 0);
1036
1037done:
1038 release_sock(sk);
1039 return err;
1040}
1041
1042/* Kill socket (only if zapped and orphan)
1043 * Must be called on unlocked socket, with l2cap channel lock.
1044 */
1045static void l2cap_sock_kill(struct sock *sk)
1046{
1047 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1048 return;
1049
1050 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1051
1052 /* Kill poor orphan */
1053
1054 l2cap_chan_put(l2cap_pi(sk)->chan);
1055 sock_set_flag(sk, SOCK_DEAD);
1056 sock_put(sk);
1057}
1058
1059static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1060{
1061 DECLARE_WAITQUEUE(wait, current);
1062 int err = 0;
1063 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1064 /* Timeout to prevent infinite loop */
1065 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1066
1067 add_wait_queue(sk_sleep(sk), &wait);
1068 set_current_state(TASK_INTERRUPTIBLE);
1069 do {
1070 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1071 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1072 jiffies_to_msecs(timeout - jiffies));
1073
1074 if (!timeo)
1075 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1076
1077 if (signal_pending(current)) {
1078 err = sock_intr_errno(timeo);
1079 break;
1080 }
1081
1082 release_sock(sk);
1083 timeo = schedule_timeout(timeo);
1084 lock_sock(sk);
1085 set_current_state(TASK_INTERRUPTIBLE);
1086
1087 err = sock_error(sk);
1088 if (err)
1089 break;
1090
1091 if (time_after(jiffies, timeout)) {
1092 err = -ENOLINK;
1093 break;
1094 }
1095
1096 } while (chan->unacked_frames > 0 &&
1097 chan->state == BT_CONNECTED);
1098
1099 set_current_state(TASK_RUNNING);
1100 remove_wait_queue(sk_sleep(sk), &wait);
1101 return err;
1102}
1103
1104static int l2cap_sock_shutdown(struct socket *sock, int how)
1105{
1106 struct sock *sk = sock->sk;
1107 struct l2cap_chan *chan;
1108 struct l2cap_conn *conn;
1109 int err = 0;
1110
1111 BT_DBG("sock %p, sk %p", sock, sk);
1112
1113 if (!sk)
1114 return 0;
1115
1116 lock_sock(sk);
1117
1118 if (sk->sk_shutdown)
1119 goto shutdown_already;
1120
1121 BT_DBG("Handling sock shutdown");
1122
1123 /* prevent sk structure from being freed whilst unlocked */
1124 sock_hold(sk);
1125
1126 chan = l2cap_pi(sk)->chan;
1127 /* prevent chan structure from being freed whilst unlocked */
1128 l2cap_chan_hold(chan);
1129
1130 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1131
1132 if (chan->mode == L2CAP_MODE_ERTM &&
1133 chan->unacked_frames > 0 &&
1134 chan->state == BT_CONNECTED) {
1135 err = __l2cap_wait_ack(sk, chan);
1136
1137 /* After waiting for ACKs, check whether shutdown
1138 * has already been actioned to close the L2CAP
1139 * link such as by l2cap_disconnection_req().
1140 */
1141 if (sk->sk_shutdown)
1142 goto has_shutdown;
1143 }
1144
1145 sk->sk_shutdown = SHUTDOWN_MASK;
1146 release_sock(sk);
1147
1148 l2cap_chan_lock(chan);
1149 conn = chan->conn;
1150 if (conn)
1151 /* prevent conn structure from being freed */
1152 l2cap_conn_get(conn);
1153 l2cap_chan_unlock(chan);
1154
1155 if (conn)
1156 /* mutex lock must be taken before l2cap_chan_lock() */
1157 mutex_lock(&conn->chan_lock);
1158
1159 l2cap_chan_lock(chan);
1160 l2cap_chan_close(chan, 0);
1161 l2cap_chan_unlock(chan);
1162
1163 if (conn) {
1164 mutex_unlock(&conn->chan_lock);
1165 l2cap_conn_put(conn);
1166 }
1167
1168 lock_sock(sk);
1169
1170 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1171 !(current->flags & PF_EXITING))
1172 err = bt_sock_wait_state(sk, BT_CLOSED,
1173 sk->sk_lingertime);
1174
1175has_shutdown:
1176 l2cap_chan_put(chan);
1177 sock_put(sk);
1178
1179shutdown_already:
1180 if (!err && sk->sk_err)
1181 err = -sk->sk_err;
1182
1183 release_sock(sk);
1184
1185 BT_DBG("Sock shutdown complete err: %d", err);
1186
1187 return err;
1188}
1189
1190static int l2cap_sock_release(struct socket *sock)
1191{
1192 struct sock *sk = sock->sk;
1193 int err;
1194 struct l2cap_chan *chan;
1195
1196 BT_DBG("sock %p, sk %p", sock, sk);
1197
1198 if (!sk)
1199 return 0;
1200
1201 bt_sock_unlink(&l2cap_sk_list, sk);
1202
1203 err = l2cap_sock_shutdown(sock, 2);
1204 chan = l2cap_pi(sk)->chan;
1205
1206 l2cap_chan_hold(chan);
1207 l2cap_chan_lock(chan);
1208
1209 sock_orphan(sk);
1210 l2cap_sock_kill(sk);
1211
1212 l2cap_chan_unlock(chan);
1213 l2cap_chan_put(chan);
1214
1215 return err;
1216}
1217
1218static void l2cap_sock_cleanup_listen(struct sock *parent)
1219{
1220 struct sock *sk;
1221
1222 BT_DBG("parent %p state %s", parent,
1223 state_to_string(parent->sk_state));
1224
1225 /* Close not yet accepted channels */
1226 while ((sk = bt_accept_dequeue(parent, NULL))) {
1227 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1228
1229 BT_DBG("child chan %p state %s", chan,
1230 state_to_string(chan->state));
1231
1232 l2cap_chan_hold(chan);
1233 l2cap_chan_lock(chan);
1234
1235 __clear_chan_timer(chan);
1236 l2cap_chan_close(chan, ECONNRESET);
1237 l2cap_sock_kill(sk);
1238
1239 l2cap_chan_unlock(chan);
1240 l2cap_chan_put(chan);
1241 }
1242}
1243
1244static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1245{
1246 struct sock *sk, *parent = chan->data;
1247
1248 lock_sock(parent);
1249
1250 /* Check for backlog size */
1251 if (sk_acceptq_is_full(parent)) {
1252 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1253 release_sock(parent);
1254 return NULL;
1255 }
1256
1257 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1258 GFP_ATOMIC, 0);
1259 if (!sk) {
1260 release_sock(parent);
1261 return NULL;
1262 }
1263
1264 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1265
1266 l2cap_sock_init(sk, parent);
1267
1268 bt_accept_enqueue(parent, sk, false);
1269
1270 release_sock(parent);
1271
1272 return l2cap_pi(sk)->chan;
1273}
1274
1275static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1276{
1277 struct sock *sk = chan->data;
1278 int err;
1279
1280 lock_sock(sk);
1281
1282 if (l2cap_pi(sk)->rx_busy_skb) {
1283 err = -ENOMEM;
1284 goto done;
1285 }
1286
1287 if (chan->mode != L2CAP_MODE_ERTM &&
1288 chan->mode != L2CAP_MODE_STREAMING) {
1289 /* Even if no filter is attached, we could potentially
1290 * get errors from security modules, etc.
1291 */
1292 err = sk_filter(sk, skb);
1293 if (err)
1294 goto done;
1295 }
1296
1297 err = __sock_queue_rcv_skb(sk, skb);
1298
1299 /* For ERTM, handle one skb that doesn't fit into the recv
1300 * buffer. This is important to do because the data frames
1301 * have already been acked, so the skb cannot be discarded.
1302 *
1303 * Notify the l2cap core that the buffer is full, so the
1304 * LOCAL_BUSY state is entered and no more frames are
1305 * acked and reassembled until there is buffer space
1306 * available.
1307 */
1308 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1309 l2cap_pi(sk)->rx_busy_skb = skb;
1310 l2cap_chan_busy(chan, 1);
1311 err = 0;
1312 }
1313
1314done:
1315 release_sock(sk);
1316
1317 return err;
1318}
1319
1320static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1321{
1322 struct sock *sk = chan->data;
1323
1324 l2cap_sock_kill(sk);
1325}
1326
1327static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1328{
1329 struct sock *sk = chan->data;
1330 struct sock *parent;
1331
1332 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1333
1334 /* This callback can be called both for server (BT_LISTEN)
1335 * sockets as well as "normal" ones. To avoid lockdep warnings
1336 * with child socket locking (through l2cap_sock_cleanup_listen)
1337 * we need separation into separate nesting levels. The simplest
1338 * way to accomplish this is to inherit the nesting level used
1339 * for the channel.
1340 */
1341 lock_sock_nested(sk, atomic_read(&chan->nesting));
1342
1343 parent = bt_sk(sk)->parent;
1344
1345 sock_set_flag(sk, SOCK_ZAPPED);
1346
1347 switch (chan->state) {
1348 case BT_OPEN:
1349 case BT_BOUND:
1350 case BT_CLOSED:
1351 break;
1352 case BT_LISTEN:
1353 l2cap_sock_cleanup_listen(sk);
1354 sk->sk_state = BT_CLOSED;
1355 chan->state = BT_CLOSED;
1356
1357 break;
1358 default:
1359 sk->sk_state = BT_CLOSED;
1360 chan->state = BT_CLOSED;
1361
1362 sk->sk_err = err;
1363
1364 if (parent) {
1365 bt_accept_unlink(sk);
1366 parent->sk_data_ready(parent);
1367 } else {
1368 sk->sk_state_change(sk);
1369 }
1370
1371 break;
1372 }
1373
1374 release_sock(sk);
1375}
1376
1377static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1378 int err)
1379{
1380 struct sock *sk = chan->data;
1381
1382 sk->sk_state = state;
1383
1384 if (err)
1385 sk->sk_err = err;
1386}
1387
1388static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1389 unsigned long hdr_len,
1390 unsigned long len, int nb)
1391{
1392 struct sock *sk = chan->data;
1393 struct sk_buff *skb;
1394 int err;
1395
1396 l2cap_chan_unlock(chan);
1397 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1398 l2cap_chan_lock(chan);
1399
1400 if (!skb)
1401 return ERR_PTR(err);
1402
1403 skb->priority = sk->sk_priority;
1404
1405 bt_cb(skb)->l2cap.chan = chan;
1406
1407 return skb;
1408}
1409
1410static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1411{
1412 struct sock *sk = chan->data;
1413 struct sock *parent;
1414
1415 lock_sock(sk);
1416
1417 parent = bt_sk(sk)->parent;
1418
1419 BT_DBG("sk %p, parent %p", sk, parent);
1420
1421 sk->sk_state = BT_CONNECTED;
1422 sk->sk_state_change(sk);
1423
1424 if (parent)
1425 parent->sk_data_ready(parent);
1426
1427 release_sock(sk);
1428}
1429
1430static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1431{
1432 struct sock *parent, *sk = chan->data;
1433
1434 lock_sock(sk);
1435
1436 parent = bt_sk(sk)->parent;
1437 if (parent)
1438 parent->sk_data_ready(parent);
1439
1440 release_sock(sk);
1441}
1442
1443static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1444{
1445 struct sock *sk = chan->data;
1446
1447 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1448 sk->sk_state = BT_CONNECTED;
1449 chan->state = BT_CONNECTED;
1450 }
1451
1452 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1453 sk->sk_state_change(sk);
1454}
1455
1456static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1457{
1458 struct sock *sk = chan->data;
1459
1460 lock_sock(sk);
1461 sk->sk_shutdown = SHUTDOWN_MASK;
1462 release_sock(sk);
1463}
1464
1465static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1466{
1467 struct sock *sk = chan->data;
1468
1469 return sk->sk_sndtimeo;
1470}
1471
1472static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1473{
1474 struct sock *sk = chan->data;
1475
1476 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1477 sk->sk_state_change(sk);
1478}
1479
1480static const struct l2cap_ops l2cap_chan_ops = {
1481 .name = "L2CAP Socket Interface",
1482 .new_connection = l2cap_sock_new_connection_cb,
1483 .recv = l2cap_sock_recv_cb,
1484 .close = l2cap_sock_close_cb,
1485 .teardown = l2cap_sock_teardown_cb,
1486 .state_change = l2cap_sock_state_change_cb,
1487 .ready = l2cap_sock_ready_cb,
1488 .defer = l2cap_sock_defer_cb,
1489 .resume = l2cap_sock_resume_cb,
1490 .suspend = l2cap_sock_suspend_cb,
1491 .set_shutdown = l2cap_sock_set_shutdown_cb,
1492 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1493 .alloc_skb = l2cap_sock_alloc_skb_cb,
1494};
1495
1496static void l2cap_sock_destruct(struct sock *sk)
1497{
1498 BT_DBG("sk %p", sk);
1499
1500 if (l2cap_pi(sk)->chan)
1501 l2cap_chan_put(l2cap_pi(sk)->chan);
1502
1503 if (l2cap_pi(sk)->rx_busy_skb) {
1504 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1505 l2cap_pi(sk)->rx_busy_skb = NULL;
1506 }
1507
1508 skb_queue_purge(&sk->sk_receive_queue);
1509 skb_queue_purge(&sk->sk_write_queue);
1510}
1511
1512static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1513 int *msg_namelen)
1514{
1515 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1516
1517 memset(la, 0, sizeof(struct sockaddr_l2));
1518 la->l2_family = AF_BLUETOOTH;
1519 la->l2_psm = bt_cb(skb)->l2cap.psm;
1520 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1521
1522 *msg_namelen = sizeof(struct sockaddr_l2);
1523}
1524
1525static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1526{
1527 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1528
1529 BT_DBG("sk %p", sk);
1530
1531 if (parent) {
1532 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1533
1534 sk->sk_type = parent->sk_type;
1535 bt_sk(sk)->flags = bt_sk(parent)->flags;
1536
1537 chan->chan_type = pchan->chan_type;
1538 chan->imtu = pchan->imtu;
1539 chan->omtu = pchan->omtu;
1540 chan->conf_state = pchan->conf_state;
1541 chan->mode = pchan->mode;
1542 chan->fcs = pchan->fcs;
1543 chan->max_tx = pchan->max_tx;
1544 chan->tx_win = pchan->tx_win;
1545 chan->tx_win_max = pchan->tx_win_max;
1546 chan->sec_level = pchan->sec_level;
1547 chan->flags = pchan->flags;
1548 chan->tx_credits = pchan->tx_credits;
1549 chan->rx_credits = pchan->rx_credits;
1550
1551 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1552 chan->scid = pchan->scid;
1553 chan->dcid = pchan->scid;
1554 }
1555
1556 security_sk_clone(parent, sk);
1557 } else {
1558 switch (sk->sk_type) {
1559 case SOCK_RAW:
1560 chan->chan_type = L2CAP_CHAN_RAW;
1561 break;
1562 case SOCK_DGRAM:
1563 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1564 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1565 break;
1566 case SOCK_SEQPACKET:
1567 case SOCK_STREAM:
1568 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1569 break;
1570 }
1571
1572 chan->imtu = L2CAP_DEFAULT_MTU;
1573 chan->omtu = 0;
1574 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1575 chan->mode = L2CAP_MODE_ERTM;
1576 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1577 } else {
1578 chan->mode = L2CAP_MODE_BASIC;
1579 }
1580
1581 l2cap_chan_set_defaults(chan);
1582 }
1583
1584 /* Default config options */
1585 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1586
1587 chan->data = sk;
1588 chan->ops = &l2cap_chan_ops;
1589}
1590
1591static struct proto l2cap_proto = {
1592 .name = "L2CAP",
1593 .owner = THIS_MODULE,
1594 .obj_size = sizeof(struct l2cap_pinfo)
1595};
1596
1597static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1598 int proto, gfp_t prio, int kern)
1599{
1600 struct sock *sk;
1601 struct l2cap_chan *chan;
1602
1603 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1604 if (!sk)
1605 return NULL;
1606
1607 sock_init_data(sock, sk);
1608 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1609
1610 sk->sk_destruct = l2cap_sock_destruct;
1611 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1612
1613 sock_reset_flag(sk, SOCK_ZAPPED);
1614
1615 sk->sk_protocol = proto;
1616 sk->sk_state = BT_OPEN;
1617
1618 chan = l2cap_chan_create();
1619 if (!chan) {
1620 sk_free(sk);
1621 return NULL;
1622 }
1623
1624 l2cap_chan_hold(chan);
1625
1626 l2cap_pi(sk)->chan = chan;
1627
1628 return sk;
1629}
1630
1631static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1632 int kern)
1633{
1634 struct sock *sk;
1635
1636 BT_DBG("sock %p", sock);
1637
1638 sock->state = SS_UNCONNECTED;
1639
1640 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1641 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1642 return -ESOCKTNOSUPPORT;
1643
1644 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1645 return -EPERM;
1646
1647 sock->ops = &l2cap_sock_ops;
1648
1649 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1650 if (!sk)
1651 return -ENOMEM;
1652
1653 l2cap_sock_init(sk, NULL);
1654 bt_sock_link(&l2cap_sk_list, sk);
1655 return 0;
1656}
1657
1658static const struct proto_ops l2cap_sock_ops = {
1659 .family = PF_BLUETOOTH,
1660 .owner = THIS_MODULE,
1661 .release = l2cap_sock_release,
1662 .bind = l2cap_sock_bind,
1663 .connect = l2cap_sock_connect,
1664 .listen = l2cap_sock_listen,
1665 .accept = l2cap_sock_accept,
1666 .getname = l2cap_sock_getname,
1667 .sendmsg = l2cap_sock_sendmsg,
1668 .recvmsg = l2cap_sock_recvmsg,
1669 .poll = bt_sock_poll,
1670 .ioctl = bt_sock_ioctl,
1671 .mmap = sock_no_mmap,
1672 .socketpair = sock_no_socketpair,
1673 .shutdown = l2cap_sock_shutdown,
1674 .setsockopt = l2cap_sock_setsockopt,
1675 .getsockopt = l2cap_sock_getsockopt
1676};
1677
1678static const struct net_proto_family l2cap_sock_family_ops = {
1679 .family = PF_BLUETOOTH,
1680 .owner = THIS_MODULE,
1681 .create = l2cap_sock_create,
1682};
1683
1684int __init l2cap_init_sockets(void)
1685{
1686 int err;
1687
1688 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1689
1690 err = proto_register(&l2cap_proto, 0);
1691 if (err < 0)
1692 return err;
1693
1694 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1695 if (err < 0) {
1696 BT_ERR("L2CAP socket registration failed");
1697 goto error;
1698 }
1699
1700 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1701 NULL);
1702 if (err < 0) {
1703 BT_ERR("Failed to create L2CAP proc file");
1704 bt_sock_unregister(BTPROTO_L2CAP);
1705 goto error;
1706 }
1707
1708 BT_INFO("L2CAP socket layer initialized");
1709
1710 return 0;
1711
1712error:
1713 proto_unregister(&l2cap_proto);
1714 return err;
1715}
1716
1717void l2cap_cleanup_sockets(void)
1718{
1719 bt_procfs_cleanup(&init_net, "l2cap");
1720 bt_sock_unregister(BTPROTO_L2CAP);
1721 proto_unregister(&l2cap_proto);
1722}