Gitiles
Code Review Sign In
192.168.1.100 / T108 / 50f43abd51b98a89a2ec2d51cd2725a28869fae6 / . / marvell / linux / net / bluetooth / l2cap_sock.c
blob: 6ec6f6a06521d47b5f61191871830887b15b824c [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48static void l2cap_sock_cleanup_listen(struct sock *parent);
49
50bool l2cap_is_socket(struct socket *sock)
51{
52 return sock && sock->ops == &l2cap_sock_ops;
53}
54EXPORT_SYMBOL(l2cap_is_socket);
55
56static int l2cap_validate_bredr_psm(u16 psm)
57{
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
60 return -EINVAL;
61
62 /* Restrict usage of well-known PSMs */
63 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
64 return -EACCES;
65
66 return 0;
67}
68
69static int l2cap_validate_le_psm(u16 psm)
70{
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
72 if (psm > L2CAP_PSM_LE_DYN_END)
73 return -EINVAL;
74
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
77 return -EACCES;
78
79 return 0;
80}
81
82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83{
84 struct sock *sk = sock->sk;
85 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
86 struct sockaddr_l2 la;
87 int len, err = 0;
88
89 BT_DBG("sk %p", sk);
90
91 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
92 addr->sa_family != AF_BLUETOOTH)
93 return -EINVAL;
94
95 memset(&la, 0, sizeof(la));
96 len = min_t(unsigned int, sizeof(la), alen);
97 memcpy(&la, addr, len);
98
99 if (la.l2_cid && la.l2_psm)
100 return -EINVAL;
101
102 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
103 return -EINVAL;
104
105 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
106 /* We only allow ATT user space socket */
107 if (la.l2_cid &&
108 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
109 return -EINVAL;
110 }
111
112 lock_sock(sk);
113
114 if (sk->sk_state != BT_OPEN) {
115 err = -EBADFD;
116 goto done;
117 }
118
119 if (la.l2_psm) {
120 __u16 psm = __le16_to_cpu(la.l2_psm);
121
122 if (la.l2_bdaddr_type == BDADDR_BREDR)
123 err = l2cap_validate_bredr_psm(psm);
124 else
125 err = l2cap_validate_le_psm(psm);
126
127 if (err)
128 goto done;
129 }
130
131 bacpy(&chan->src, &la.l2_bdaddr);
132 chan->src_type = la.l2_bdaddr_type;
133
134 if (la.l2_cid)
135 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 else
137 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
138
139 if (err < 0)
140 goto done;
141
142 switch (chan->chan_type) {
143 case L2CAP_CHAN_CONN_LESS:
144 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
145 chan->sec_level = BT_SECURITY_SDP;
146 break;
147 case L2CAP_CHAN_CONN_ORIENTED:
148 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
149 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
150 chan->sec_level = BT_SECURITY_SDP;
151 break;
152 case L2CAP_CHAN_RAW:
153 chan->sec_level = BT_SECURITY_SDP;
154 break;
155 case L2CAP_CHAN_FIXED:
156 /* Fixed channels default to the L2CAP core not holding a
157 * hci_conn reference for them. For fixed channels mapping to
158 * L2CAP sockets we do want to hold a reference so set the
159 * appropriate flag to request it.
160 */
161 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
162 break;
163 }
164
165 if (chan->psm && bdaddr_type_is_le(chan->src_type))
166 chan->mode = L2CAP_MODE_LE_FLOWCTL;
167
168 chan->state = BT_BOUND;
169 sk->sk_state = BT_BOUND;
170
171done:
172 release_sock(sk);
173 return err;
174}
175
176static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
177 int alen, int flags)
178{
179 struct sock *sk = sock->sk;
180 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
181 struct sockaddr_l2 la;
182 int len, err = 0;
183 bool zapped;
184
185 BT_DBG("sk %p", sk);
186
187 lock_sock(sk);
188 zapped = sock_flag(sk, SOCK_ZAPPED);
189 release_sock(sk);
190
191 if (zapped)
192 return -EINVAL;
193
194 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
195 addr->sa_family != AF_BLUETOOTH)
196 return -EINVAL;
197
198 memset(&la, 0, sizeof(la));
199 len = min_t(unsigned int, sizeof(la), alen);
200 memcpy(&la, addr, len);
201
202 if (la.l2_cid && la.l2_psm)
203 return -EINVAL;
204
205 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
206 return -EINVAL;
207
208 /* Check that the socket wasn't bound to something that
209 * conflicts with the address given to connect(). If chan->src
210 * is BDADDR_ANY it means bind() was never used, in which case
211 * chan->src_type and la.l2_bdaddr_type do not need to match.
212 */
213 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
214 bdaddr_type_is_le(la.l2_bdaddr_type)) {
215 /* Old user space versions will try to incorrectly bind
216 * the ATT socket using BDADDR_BREDR. We need to accept
217 * this and fix up the source address type only when
218 * both the source CID and destination CID indicate
219 * ATT. Anything else is an invalid combination.
220 */
221 if (chan->scid != L2CAP_CID_ATT ||
222 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
223 return -EINVAL;
224
225 /* We don't have the hdev available here to make a
226 * better decision on random vs public, but since all
227 * user space versions that exhibit this issue anyway do
228 * not support random local addresses assuming public
229 * here is good enough.
230 */
231 chan->src_type = BDADDR_LE_PUBLIC;
232 }
233
234 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
235 return -EINVAL;
236
237 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
238 /* We only allow ATT user space socket */
239 if (la.l2_cid &&
240 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
241 return -EINVAL;
242 }
243
244 if (chan->psm && bdaddr_type_is_le(chan->src_type))
245 chan->mode = L2CAP_MODE_LE_FLOWCTL;
246
247 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
248 &la.l2_bdaddr, la.l2_bdaddr_type);
249 if (err)
250 return err;
251
252 lock_sock(sk);
253
254 err = bt_sock_wait_state(sk, BT_CONNECTED,
255 sock_sndtimeo(sk, flags & O_NONBLOCK));
256
257 release_sock(sk);
258
259 return err;
260}
261
262static int l2cap_sock_listen(struct socket *sock, int backlog)
263{
264 struct sock *sk = sock->sk;
265 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
266 int err = 0;
267
268 BT_DBG("sk %p backlog %d", sk, backlog);
269
270 lock_sock(sk);
271
272 if (sk->sk_state != BT_BOUND) {
273 err = -EBADFD;
274 goto done;
275 }
276
277 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
278 err = -EINVAL;
279 goto done;
280 }
281
282 switch (chan->mode) {
283 case L2CAP_MODE_BASIC:
284 case L2CAP_MODE_LE_FLOWCTL:
285 break;
286 case L2CAP_MODE_ERTM:
287 case L2CAP_MODE_STREAMING:
288 if (!disable_ertm)
289 break;
290 /* fall through */
291 default:
292 err = -EOPNOTSUPP;
293 goto done;
294 }
295
296 sk->sk_max_ack_backlog = backlog;
297 sk->sk_ack_backlog = 0;
298
299 /* Listening channels need to use nested locking in order not to
300 * cause lockdep warnings when the created child channels end up
301 * being locked in the same thread as the parent channel.
302 */
303 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
304
305 chan->state = BT_LISTEN;
306 sk->sk_state = BT_LISTEN;
307
308done:
309 release_sock(sk);
310 return err;
311}
312
313static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
314 int flags, bool kern)
315{
316 DEFINE_WAIT_FUNC(wait, woken_wake_function);
317 struct sock *sk = sock->sk, *nsk;
318 long timeo;
319 int err = 0;
320
321 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
322
323 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
324
325 BT_DBG("sk %p timeo %ld", sk, timeo);
326
327 /* Wait for an incoming connection. (wake-one). */
328 add_wait_queue_exclusive(sk_sleep(sk), &wait);
329 while (1) {
330 if (sk->sk_state != BT_LISTEN) {
331 err = -EBADFD;
332 break;
333 }
334
335 nsk = bt_accept_dequeue(sk, newsock);
336 if (nsk)
337 break;
338
339 if (!timeo) {
340 err = -EAGAIN;
341 break;
342 }
343
344 if (signal_pending(current)) {
345 err = sock_intr_errno(timeo);
346 break;
347 }
348
349 release_sock(sk);
350
351 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
352
353 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
354 }
355 remove_wait_queue(sk_sleep(sk), &wait);
356
357 if (err)
358 goto done;
359
360 newsock->state = SS_CONNECTED;
361
362 BT_DBG("new socket %p", nsk);
363
364done:
365 release_sock(sk);
366 return err;
367}
368
369static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
370 int peer)
371{
372 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
373 struct sock *sk = sock->sk;
374 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
375
376 BT_DBG("sock %p, sk %p", sock, sk);
377
378 if (peer && sk->sk_state != BT_CONNECTED &&
379 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
380 sk->sk_state != BT_CONFIG)
381 return -ENOTCONN;
382
383 memset(la, 0, sizeof(struct sockaddr_l2));
384 addr->sa_family = AF_BLUETOOTH;
385
386 la->l2_psm = chan->psm;
387
388 if (peer) {
389 bacpy(&la->l2_bdaddr, &chan->dst);
390 la->l2_cid = cpu_to_le16(chan->dcid);
391 la->l2_bdaddr_type = chan->dst_type;
392 } else {
393 bacpy(&la->l2_bdaddr, &chan->src);
394 la->l2_cid = cpu_to_le16(chan->scid);
395 la->l2_bdaddr_type = chan->src_type;
396 }
397
398 return sizeof(struct sockaddr_l2);
399}
400
401static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
402 char __user *optval, int __user *optlen)
403{
404 struct sock *sk = sock->sk;
405 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
406 struct l2cap_options opts;
407 struct l2cap_conninfo cinfo;
408 int err = 0;
409 size_t len;
410 u32 opt;
411
412 BT_DBG("sk %p", sk);
413
414 if (get_user(len, optlen))
415 return -EFAULT;
416
417 lock_sock(sk);
418
419 switch (optname) {
420 case L2CAP_OPTIONS:
421 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
422 * legacy ATT code depends on getsockopt for
423 * L2CAP_OPTIONS we need to let this pass.
424 */
425 if (bdaddr_type_is_le(chan->src_type) &&
426 chan->scid != L2CAP_CID_ATT) {
427 err = -EINVAL;
428 break;
429 }
430
431 /* Only BR/EDR modes are supported here */
432 switch (chan->mode) {
433 case L2CAP_MODE_BASIC:
434 case L2CAP_MODE_ERTM:
435 case L2CAP_MODE_STREAMING:
436 break;
437 default:
438 err = -EINVAL;
439 break;
440 }
441
442 if (err < 0)
443 break;
444
445 memset(&opts, 0, sizeof(opts));
446 opts.imtu = chan->imtu;
447 opts.omtu = chan->omtu;
448 opts.flush_to = chan->flush_to;
449 opts.mode = chan->mode;
450 opts.fcs = chan->fcs;
451 opts.max_tx = chan->max_tx;
452 opts.txwin_size = chan->tx_win;
453
454 len = min(len, sizeof(opts));
455 if (copy_to_user(optval, (char *) &opts, len))
456 err = -EFAULT;
457
458 break;
459
460 case L2CAP_LM:
461 switch (chan->sec_level) {
462 case BT_SECURITY_LOW:
463 opt = L2CAP_LM_AUTH;
464 break;
465 case BT_SECURITY_MEDIUM:
466 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
467 break;
468 case BT_SECURITY_HIGH:
469 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
470 L2CAP_LM_SECURE;
471 break;
472 case BT_SECURITY_FIPS:
473 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
474 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
475 break;
476 default:
477 opt = 0;
478 break;
479 }
480
481 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
482 opt |= L2CAP_LM_MASTER;
483
484 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
485 opt |= L2CAP_LM_RELIABLE;
486
487 if (put_user(opt, (u32 __user *) optval))
488 err = -EFAULT;
489
490 break;
491
492 case L2CAP_CONNINFO:
493 if (sk->sk_state != BT_CONNECTED &&
494 !(sk->sk_state == BT_CONNECT2 &&
495 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
496 err = -ENOTCONN;
497 break;
498 }
499
500 memset(&cinfo, 0, sizeof(cinfo));
501 cinfo.hci_handle = chan->conn->hcon->handle;
502 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
503
504 len = min(len, sizeof(cinfo));
505 if (copy_to_user(optval, (char *) &cinfo, len))
506 err = -EFAULT;
507
508 break;
509
510 default:
511 err = -ENOPROTOOPT;
512 break;
513 }
514
515 release_sock(sk);
516 return err;
517}
518
519static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
520 char __user *optval, int __user *optlen)
521{
522 struct sock *sk = sock->sk;
523 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
524 struct bt_security sec;
525 struct bt_power pwr;
526 int len, err = 0;
527
528 BT_DBG("sk %p", sk);
529
530 if (level == SOL_L2CAP)
531 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
532
533 if (level != SOL_BLUETOOTH)
534 return -ENOPROTOOPT;
535
536 if (get_user(len, optlen))
537 return -EFAULT;
538
539 lock_sock(sk);
540
541 switch (optname) {
542 case BT_SECURITY:
543 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
544 chan->chan_type != L2CAP_CHAN_FIXED &&
545 chan->chan_type != L2CAP_CHAN_RAW) {
546 err = -EINVAL;
547 break;
548 }
549
550 memset(&sec, 0, sizeof(sec));
551 if (chan->conn) {
552 sec.level = chan->conn->hcon->sec_level;
553
554 if (sk->sk_state == BT_CONNECTED)
555 sec.key_size = chan->conn->hcon->enc_key_size;
556 } else {
557 sec.level = chan->sec_level;
558 }
559
560 len = min_t(unsigned int, len, sizeof(sec));
561 if (copy_to_user(optval, (char *) &sec, len))
562 err = -EFAULT;
563
564 break;
565
566 case BT_DEFER_SETUP:
567 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
568 err = -EINVAL;
569 break;
570 }
571
572 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
573 (u32 __user *) optval))
574 err = -EFAULT;
575
576 break;
577
578 case BT_FLUSHABLE:
579 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
580 (u32 __user *) optval))
581 err = -EFAULT;
582
583 break;
584
585 case BT_POWER:
586 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
587 && sk->sk_type != SOCK_RAW) {
588 err = -EINVAL;
589 break;
590 }
591
592 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
593
594 len = min_t(unsigned int, len, sizeof(pwr));
595 if (copy_to_user(optval, (char *) &pwr, len))
596 err = -EFAULT;
597
598 break;
599
600 case BT_CHANNEL_POLICY:
601 if (put_user(chan->chan_policy, (u32 __user *) optval))
602 err = -EFAULT;
603 break;
604
605 case BT_SNDMTU:
606 if (!bdaddr_type_is_le(chan->src_type)) {
607 err = -EINVAL;
608 break;
609 }
610
611 if (sk->sk_state != BT_CONNECTED) {
612 err = -ENOTCONN;
613 break;
614 }
615
616 if (put_user(chan->omtu, (u16 __user *) optval))
617 err = -EFAULT;
618 break;
619
620 case BT_RCVMTU:
621 if (!bdaddr_type_is_le(chan->src_type)) {
622 err = -EINVAL;
623 break;
624 }
625
626 if (put_user(chan->imtu, (u16 __user *) optval))
627 err = -EFAULT;
628 break;
629
630 default:
631 err = -ENOPROTOOPT;
632 break;
633 }
634
635 release_sock(sk);
636 return err;
637}
638
639static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
640{
641 switch (chan->scid) {
642 case L2CAP_CID_ATT:
643 if (mtu < L2CAP_LE_MIN_MTU)
644 return false;
645 break;
646
647 default:
648 if (mtu < L2CAP_DEFAULT_MIN_MTU)
649 return false;
650 }
651
652 return true;
653}
654
655static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
656 char __user *optval, unsigned int optlen)
657{
658 struct sock *sk = sock->sk;
659 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
660 struct l2cap_options opts;
661 int len, err = 0;
662 u32 opt;
663
664 BT_DBG("sk %p", sk);
665
666 lock_sock(sk);
667
668 switch (optname) {
669 case L2CAP_OPTIONS:
670 if (bdaddr_type_is_le(chan->src_type)) {
671 err = -EINVAL;
672 break;
673 }
674
675 if (sk->sk_state == BT_CONNECTED) {
676 err = -EINVAL;
677 break;
678 }
679
680 opts.imtu = chan->imtu;
681 opts.omtu = chan->omtu;
682 opts.flush_to = chan->flush_to;
683 opts.mode = chan->mode;
684 opts.fcs = chan->fcs;
685 opts.max_tx = chan->max_tx;
686 opts.txwin_size = chan->tx_win;
687
688 len = min_t(unsigned int, sizeof(opts), optlen);
689 if (copy_from_user((char *) &opts, optval, len)) {
690 err = -EFAULT;
691 break;
692 }
693
694 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
695 err = -EINVAL;
696 break;
697 }
698
699 if (!l2cap_valid_mtu(chan, opts.imtu)) {
700 err = -EINVAL;
701 break;
702 }
703
704 /* Only BR/EDR modes are supported here */
705 switch (opts.mode) {
706 case L2CAP_MODE_BASIC:
707 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
708 break;
709 case L2CAP_MODE_ERTM:
710 case L2CAP_MODE_STREAMING:
711 if (!disable_ertm)
712 break;
713 /* fall through */
714 default:
715 err = -EINVAL;
716 break;
717 }
718
719 if (err < 0)
720 break;
721
722 chan->mode = opts.mode;
723 chan->imtu = opts.imtu;
724 chan->omtu = opts.omtu;
725 chan->fcs = opts.fcs;
726 chan->max_tx = opts.max_tx;
727 chan->tx_win = opts.txwin_size;
728 chan->flush_to = opts.flush_to;
729 break;
730
731 case L2CAP_LM:
732 if (get_user(opt, (u32 __user *) optval)) {
733 err = -EFAULT;
734 break;
735 }
736
737 if (opt & L2CAP_LM_FIPS) {
738 err = -EINVAL;
739 break;
740 }
741
742 if (opt & L2CAP_LM_AUTH)
743 chan->sec_level = BT_SECURITY_LOW;
744 if (opt & L2CAP_LM_ENCRYPT)
745 chan->sec_level = BT_SECURITY_MEDIUM;
746 if (opt & L2CAP_LM_SECURE)
747 chan->sec_level = BT_SECURITY_HIGH;
748
749 if (opt & L2CAP_LM_MASTER)
750 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
751 else
752 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
753
754 if (opt & L2CAP_LM_RELIABLE)
755 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
756 else
757 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
758 break;
759
760 default:
761 err = -ENOPROTOOPT;
762 break;
763 }
764
765 release_sock(sk);
766 return err;
767}
768
769static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
770 char __user *optval, unsigned int optlen)
771{
772 struct sock *sk = sock->sk;
773 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
774 struct bt_security sec;
775 struct bt_power pwr;
776 struct l2cap_conn *conn;
777 int len, err = 0;
778 u32 opt;
779
780 BT_DBG("sk %p", sk);
781
782 if (level == SOL_L2CAP)
783 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
784
785 if (level != SOL_BLUETOOTH)
786 return -ENOPROTOOPT;
787
788 lock_sock(sk);
789
790 switch (optname) {
791 case BT_SECURITY:
792 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
793 chan->chan_type != L2CAP_CHAN_FIXED &&
794 chan->chan_type != L2CAP_CHAN_RAW) {
795 err = -EINVAL;
796 break;
797 }
798
799 sec.level = BT_SECURITY_LOW;
800
801 len = min_t(unsigned int, sizeof(sec), optlen);
802 if (copy_from_user((char *) &sec, optval, len)) {
803 err = -EFAULT;
804 break;
805 }
806
807 if (sec.level < BT_SECURITY_LOW ||
808 sec.level > BT_SECURITY_FIPS) {
809 err = -EINVAL;
810 break;
811 }
812
813 chan->sec_level = sec.level;
814
815 if (!chan->conn)
816 break;
817
818 conn = chan->conn;
819
820 /* change security for LE channels */
821 if (chan->scid == L2CAP_CID_ATT) {
822 if (smp_conn_security(conn->hcon, sec.level)) {
823 err = -EINVAL;
824 break;
825 }
826
827 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
828 sk->sk_state = BT_CONFIG;
829 chan->state = BT_CONFIG;
830
831 /* or for ACL link */
832 } else if ((sk->sk_state == BT_CONNECT2 &&
833 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
834 sk->sk_state == BT_CONNECTED) {
835 if (!l2cap_chan_check_security(chan, true))
836 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
837 else
838 sk->sk_state_change(sk);
839 } else {
840 err = -EINVAL;
841 }
842 break;
843
844 case BT_DEFER_SETUP:
845 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
846 err = -EINVAL;
847 break;
848 }
849
850 if (get_user(opt, (u32 __user *) optval)) {
851 err = -EFAULT;
852 break;
853 }
854
855 if (opt) {
856 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
857 set_bit(FLAG_DEFER_SETUP, &chan->flags);
858 } else {
859 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
860 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
861 }
862 break;
863
864 case BT_FLUSHABLE:
865 if (get_user(opt, (u32 __user *) optval)) {
866 err = -EFAULT;
867 break;
868 }
869
870 if (opt > BT_FLUSHABLE_ON) {
871 err = -EINVAL;
872 break;
873 }
874
875 if (opt == BT_FLUSHABLE_OFF) {
876 conn = chan->conn;
877 /* proceed further only when we have l2cap_conn and
878 No Flush support in the LM */
879 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
880 err = -EINVAL;
881 break;
882 }
883 }
884
885 if (opt)
886 set_bit(FLAG_FLUSHABLE, &chan->flags);
887 else
888 clear_bit(FLAG_FLUSHABLE, &chan->flags);
889 break;
890
891 case BT_POWER:
892 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
893 chan->chan_type != L2CAP_CHAN_RAW) {
894 err = -EINVAL;
895 break;
896 }
897
898 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
899
900 len = min_t(unsigned int, sizeof(pwr), optlen);
901 if (copy_from_user((char *) &pwr, optval, len)) {
902 err = -EFAULT;
903 break;
904 }
905
906 if (pwr.force_active)
907 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
908 else
909 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
910 break;
911
912 case BT_CHANNEL_POLICY:
913 if (get_user(opt, (u32 __user *) optval)) {
914 err = -EFAULT;
915 break;
916 }
917
918 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
919 err = -EINVAL;
920 break;
921 }
922
923 if (chan->mode != L2CAP_MODE_ERTM &&
924 chan->mode != L2CAP_MODE_STREAMING) {
925 err = -EOPNOTSUPP;
926 break;
927 }
928
929 chan->chan_policy = (u8) opt;
930
931 if (sk->sk_state == BT_CONNECTED &&
932 chan->move_role == L2CAP_MOVE_ROLE_NONE)
933 l2cap_move_start(chan);
934
935 break;
936
937 case BT_SNDMTU:
938 if (!bdaddr_type_is_le(chan->src_type)) {
939 err = -EINVAL;
940 break;
941 }
942
943 /* Setting is not supported as it's the remote side that
944 * decides this.
945 */
946 err = -EPERM;
947 break;
948
949 case BT_RCVMTU:
950 if (!bdaddr_type_is_le(chan->src_type)) {
951 err = -EINVAL;
952 break;
953 }
954
955 if (sk->sk_state == BT_CONNECTED) {
956 err = -EISCONN;
957 break;
958 }
959
960 if (get_user(opt, (u16 __user *) optval)) {
961 err = -EFAULT;
962 break;
963 }
964
965 chan->imtu = opt;
966 break;
967
968 default:
969 err = -ENOPROTOOPT;
970 break;
971 }
972
973 release_sock(sk);
974 return err;
975}
976
977static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
978 size_t len)
979{
980 struct sock *sk = sock->sk;
981 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
982 int err;
983
984 BT_DBG("sock %p, sk %p", sock, sk);
985
986 err = sock_error(sk);
987 if (err)
988 return err;
989
990 if (msg->msg_flags & MSG_OOB)
991 return -EOPNOTSUPP;
992
993 if (sk->sk_state != BT_CONNECTED)
994 return -ENOTCONN;
995
996 lock_sock(sk);
997 err = bt_sock_wait_ready(sk, msg->msg_flags);
998 release_sock(sk);
999 if (err)
1000 return err;
1001
1002 l2cap_chan_lock(chan);
1003 err = l2cap_chan_send(chan, msg, len);
1004 l2cap_chan_unlock(chan);
1005
1006 return err;
1007}
1008
1009static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1010 size_t len, int flags)
1011{
1012 struct sock *sk = sock->sk;
1013 struct l2cap_pinfo *pi = l2cap_pi(sk);
1014 int err;
1015
1016 lock_sock(sk);
1017
1018 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1019 &bt_sk(sk)->flags)) {
1020 if (bdaddr_type_is_le(pi->chan->src_type)) {
1021 sk->sk_state = BT_CONNECTED;
1022 pi->chan->state = BT_CONNECTED;
1023 __l2cap_le_connect_rsp_defer(pi->chan);
1024 } else {
1025 sk->sk_state = BT_CONFIG;
1026 pi->chan->state = BT_CONFIG;
1027 __l2cap_connect_rsp_defer(pi->chan);
1028 }
1029
1030 err = 0;
1031 goto done;
1032 }
1033
1034 release_sock(sk);
1035
1036 if (sock->type == SOCK_STREAM)
1037 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1038 else
1039 err = bt_sock_recvmsg(sock, msg, len, flags);
1040
1041 if (pi->chan->mode != L2CAP_MODE_ERTM)
1042 return err;
1043
1044 /* Attempt to put pending rx data in the socket buffer */
1045
1046 lock_sock(sk);
1047
1048 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1049 goto done;
1050
1051 if (pi->rx_busy_skb) {
1052 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1053 pi->rx_busy_skb = NULL;
1054 else
1055 goto done;
1056 }
1057
1058 /* Restore data flow when half of the receive buffer is
1059 * available. This avoids resending large numbers of
1060 * frames.
1061 */
1062 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1063 l2cap_chan_busy(pi->chan, 0);
1064
1065done:
1066 release_sock(sk);
1067 return err;
1068}
1069
1070/* Kill socket (only if zapped and orphan)
1071 * Must be called on unlocked socket, with l2cap channel lock.
1072 */
1073static void l2cap_sock_kill(struct sock *sk)
1074{
1075 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1076 return;
1077
1078 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1079
1080 /* Kill poor orphan */
1081
1082 l2cap_chan_put(l2cap_pi(sk)->chan);
1083 sock_set_flag(sk, SOCK_DEAD);
1084 sock_put(sk);
1085}
1086
1087static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1088{
1089 DECLARE_WAITQUEUE(wait, current);
1090 int err = 0;
1091 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1092 /* Timeout to prevent infinite loop */
1093 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1094
1095 add_wait_queue(sk_sleep(sk), &wait);
1096 set_current_state(TASK_INTERRUPTIBLE);
1097 do {
1098 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1099 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1100 jiffies_to_msecs(timeout - jiffies));
1101
1102 if (!timeo)
1103 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1104
1105 if (signal_pending(current)) {
1106 err = sock_intr_errno(timeo);
1107 break;
1108 }
1109
1110 release_sock(sk);
1111 timeo = schedule_timeout(timeo);
1112 lock_sock(sk);
1113 set_current_state(TASK_INTERRUPTIBLE);
1114
1115 err = sock_error(sk);
1116 if (err)
1117 break;
1118
1119 if (time_after(jiffies, timeout)) {
1120 err = -ENOLINK;
1121 break;
1122 }
1123
1124 } while (chan->unacked_frames > 0 &&
1125 chan->state == BT_CONNECTED);
1126
1127 set_current_state(TASK_RUNNING);
1128 remove_wait_queue(sk_sleep(sk), &wait);
1129 return err;
1130}
1131
1132static int l2cap_sock_shutdown(struct socket *sock, int how)
1133{
1134 struct sock *sk = sock->sk;
1135 struct l2cap_chan *chan;
1136 struct l2cap_conn *conn;
1137 int err = 0;
1138
1139 BT_DBG("sock %p, sk %p", sock, sk);
1140
1141 if (!sk)
1142 return 0;
1143
1144 lock_sock(sk);
1145
1146 if (sk->sk_shutdown)
1147 goto shutdown_already;
1148
1149 BT_DBG("Handling sock shutdown");
1150
1151 /* prevent sk structure from being freed whilst unlocked */
1152 sock_hold(sk);
1153
1154 chan = l2cap_pi(sk)->chan;
1155 /* prevent chan structure from being freed whilst unlocked */
1156 l2cap_chan_hold(chan);
1157
1158 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1159
1160 if (chan->mode == L2CAP_MODE_ERTM &&
1161 chan->unacked_frames > 0 &&
1162 chan->state == BT_CONNECTED) {
1163 err = __l2cap_wait_ack(sk, chan);
1164
1165 /* After waiting for ACKs, check whether shutdown
1166 * has already been actioned to close the L2CAP
1167 * link such as by l2cap_disconnection_req().
1168 */
1169 if (sk->sk_shutdown)
1170 goto has_shutdown;
1171 }
1172
1173 sk->sk_shutdown = SHUTDOWN_MASK;
1174 release_sock(sk);
1175
1176 l2cap_chan_lock(chan);
1177 conn = chan->conn;
1178 if (conn)
1179 /* prevent conn structure from being freed */
1180 l2cap_conn_get(conn);
1181 l2cap_chan_unlock(chan);
1182
1183 if (conn)
1184 /* mutex lock must be taken before l2cap_chan_lock() */
1185 mutex_lock(&conn->chan_lock);
1186
1187 l2cap_chan_lock(chan);
1188 l2cap_chan_close(chan, 0);
1189 l2cap_chan_unlock(chan);
1190
1191 if (conn) {
1192 mutex_unlock(&conn->chan_lock);
1193 l2cap_conn_put(conn);
1194 }
1195
1196 lock_sock(sk);
1197
1198 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1199 !(current->flags & PF_EXITING))
1200 err = bt_sock_wait_state(sk, BT_CLOSED,
1201 sk->sk_lingertime);
1202
1203has_shutdown:
1204 l2cap_chan_put(chan);
1205 sock_put(sk);
1206
1207shutdown_already:
1208 if (!err && sk->sk_err)
1209 err = -sk->sk_err;
1210
1211 release_sock(sk);
1212
1213 BT_DBG("Sock shutdown complete err: %d", err);
1214
1215 return err;
1216}
1217
1218static int l2cap_sock_release(struct socket *sock)
1219{
1220 struct sock *sk = sock->sk;
1221 int err;
1222 struct l2cap_chan *chan;
1223
1224 BT_DBG("sock %p, sk %p", sock, sk);
1225
1226 if (!sk)
1227 return 0;
1228
1229 l2cap_sock_cleanup_listen(sk);
1230 bt_sock_unlink(&l2cap_sk_list, sk);
1231
1232 err = l2cap_sock_shutdown(sock, 2);
1233 chan = l2cap_pi(sk)->chan;
1234
1235 l2cap_chan_hold(chan);
1236 l2cap_chan_lock(chan);
1237
1238 sock_orphan(sk);
1239 l2cap_sock_kill(sk);
1240
1241 l2cap_chan_unlock(chan);
1242 l2cap_chan_put(chan);
1243
1244 return err;
1245}
1246
1247static void l2cap_sock_cleanup_listen(struct sock *parent)
1248{
1249 struct sock *sk;
1250
1251 BT_DBG("parent %p state %s", parent,
1252 state_to_string(parent->sk_state));
1253
1254 /* Close not yet accepted channels */
1255 while ((sk = bt_accept_dequeue(parent, NULL))) {
1256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1257
1258 BT_DBG("child chan %p state %s", chan,
1259 state_to_string(chan->state));
1260
1261 l2cap_chan_hold(chan);
1262 l2cap_chan_lock(chan);
1263
1264 __clear_chan_timer(chan);
1265 l2cap_chan_close(chan, ECONNRESET);
1266 l2cap_sock_kill(sk);
1267
1268 l2cap_chan_unlock(chan);
1269 l2cap_chan_put(chan);
1270 }
1271}
1272
1273static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1274{
1275 struct sock *sk, *parent = chan->data;
1276
1277 lock_sock(parent);
1278
1279 /* Check for backlog size */
1280 if (sk_acceptq_is_full(parent)) {
1281 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1282 release_sock(parent);
1283 return NULL;
1284 }
1285
1286 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1287 GFP_ATOMIC, 0);
1288 if (!sk) {
1289 release_sock(parent);
1290 return NULL;
1291 }
1292
1293 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1294
1295 l2cap_sock_init(sk, parent);
1296
1297 bt_accept_enqueue(parent, sk, false);
1298
1299 release_sock(parent);
1300
1301 return l2cap_pi(sk)->chan;
1302}
1303
1304static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1305{
1306 struct sock *sk = chan->data;
1307 int err;
1308
1309 lock_sock(sk);
1310
1311 if (l2cap_pi(sk)->rx_busy_skb) {
1312 err = -ENOMEM;
1313 goto done;
1314 }
1315
1316 if (chan->mode != L2CAP_MODE_ERTM &&
1317 chan->mode != L2CAP_MODE_STREAMING) {
1318 /* Even if no filter is attached, we could potentially
1319 * get errors from security modules, etc.
1320 */
1321 err = sk_filter(sk, skb);
1322 if (err)
1323 goto done;
1324 }
1325
1326 err = __sock_queue_rcv_skb(sk, skb);
1327
1328 /* For ERTM, handle one skb that doesn't fit into the recv
1329 * buffer. This is important to do because the data frames
1330 * have already been acked, so the skb cannot be discarded.
1331 *
1332 * Notify the l2cap core that the buffer is full, so the
1333 * LOCAL_BUSY state is entered and no more frames are
1334 * acked and reassembled until there is buffer space
1335 * available.
1336 */
1337 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1338 l2cap_pi(sk)->rx_busy_skb = skb;
1339 l2cap_chan_busy(chan, 1);
1340 err = 0;
1341 }
1342
1343done:
1344 release_sock(sk);
1345
1346 return err;
1347}
1348
1349static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1350{
1351 struct sock *sk = chan->data;
1352
1353 if (!sk)
1354 return;
1355
1356 l2cap_sock_kill(sk);
1357}
1358
1359static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1360{
1361 struct sock *sk = chan->data;
1362 struct sock *parent;
1363
1364 if (!sk)
1365 return;
1366
1367 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1368
1369 /* This callback can be called both for server (BT_LISTEN)
1370 * sockets as well as "normal" ones. To avoid lockdep warnings
1371 * with child socket locking (through l2cap_sock_cleanup_listen)
1372 * we need separation into separate nesting levels. The simplest
1373 * way to accomplish this is to inherit the nesting level used
1374 * for the channel.
1375 */
1376 lock_sock_nested(sk, atomic_read(&chan->nesting));
1377
1378 parent = bt_sk(sk)->parent;
1379
1380 switch (chan->state) {
1381 case BT_OPEN:
1382 case BT_BOUND:
1383 case BT_CLOSED:
1384 break;
1385 case BT_LISTEN:
1386 l2cap_sock_cleanup_listen(sk);
1387 sk->sk_state = BT_CLOSED;
1388 chan->state = BT_CLOSED;
1389
1390 break;
1391 default:
1392 sk->sk_state = BT_CLOSED;
1393 chan->state = BT_CLOSED;
1394
1395 sk->sk_err = err;
1396
1397 if (parent) {
1398 bt_accept_unlink(sk);
1399 parent->sk_data_ready(parent);
1400 } else {
1401 sk->sk_state_change(sk);
1402 }
1403
1404 break;
1405 }
1406 release_sock(sk);
1407
1408 /* Only zap after cleanup to avoid use after free race */
1409 sock_set_flag(sk, SOCK_ZAPPED);
1410
1411}
1412
1413static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1414 int err)
1415{
1416 struct sock *sk = chan->data;
1417
1418 sk->sk_state = state;
1419
1420 if (err)
1421 sk->sk_err = err;
1422}
1423
1424static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1425 unsigned long hdr_len,
1426 unsigned long len, int nb)
1427{
1428 struct sock *sk = chan->data;
1429 struct sk_buff *skb;
1430 int err;
1431
1432 l2cap_chan_unlock(chan);
1433 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1434 l2cap_chan_lock(chan);
1435
1436 if (!skb)
1437 return ERR_PTR(err);
1438
1439 /* Channel lock is released before requesting new skb and then
1440 * reacquired thus we need to recheck channel state.
1441 */
1442 if (chan->state != BT_CONNECTED) {
1443 kfree_skb(skb);
1444 return ERR_PTR(-ENOTCONN);
1445 }
1446
1447 skb->priority = sk->sk_priority;
1448
1449 bt_cb(skb)->l2cap.chan = chan;
1450
1451 return skb;
1452}
1453
1454static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1455{
1456 struct sock *sk = chan->data;
1457 struct sock *parent;
1458
1459 lock_sock(sk);
1460
1461 parent = bt_sk(sk)->parent;
1462
1463 BT_DBG("sk %p, parent %p", sk, parent);
1464
1465 sk->sk_state = BT_CONNECTED;
1466 sk->sk_state_change(sk);
1467
1468 if (parent)
1469 parent->sk_data_ready(parent);
1470
1471 release_sock(sk);
1472}
1473
1474static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1475{
1476 struct sock *parent, *sk = chan->data;
1477
1478 lock_sock(sk);
1479
1480 parent = bt_sk(sk)->parent;
1481 if (parent)
1482 parent->sk_data_ready(parent);
1483
1484 release_sock(sk);
1485}
1486
1487static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1488{
1489 struct sock *sk = chan->data;
1490
1491 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1492 sk->sk_state = BT_CONNECTED;
1493 chan->state = BT_CONNECTED;
1494 }
1495
1496 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1497 sk->sk_state_change(sk);
1498}
1499
1500static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1501{
1502 struct sock *sk = chan->data;
1503
1504 lock_sock(sk);
1505 sk->sk_shutdown = SHUTDOWN_MASK;
1506 release_sock(sk);
1507}
1508
1509static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1510{
1511 struct sock *sk = chan->data;
1512
1513 return sk->sk_sndtimeo;
1514}
1515
1516static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1517{
1518 struct sock *sk = chan->data;
1519
1520 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1521 sk->sk_state_change(sk);
1522}
1523
1524static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1525{
1526 struct sock *sk = chan->data;
1527
1528 switch (chan->mode) {
1529 case L2CAP_MODE_ERTM:
1530 case L2CAP_MODE_STREAMING:
1531 return sk_filter(sk, skb);
1532 }
1533
1534 return 0;
1535}
1536
1537static const struct l2cap_ops l2cap_chan_ops = {
1538 .name = "L2CAP Socket Interface",
1539 .new_connection = l2cap_sock_new_connection_cb,
1540 .recv = l2cap_sock_recv_cb,
1541 .close = l2cap_sock_close_cb,
1542 .teardown = l2cap_sock_teardown_cb,
1543 .state_change = l2cap_sock_state_change_cb,
1544 .ready = l2cap_sock_ready_cb,
1545 .defer = l2cap_sock_defer_cb,
1546 .resume = l2cap_sock_resume_cb,
1547 .suspend = l2cap_sock_suspend_cb,
1548 .set_shutdown = l2cap_sock_set_shutdown_cb,
1549 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1550 .alloc_skb = l2cap_sock_alloc_skb_cb,
1551 .filter = l2cap_sock_filter,
1552};
1553
1554static void l2cap_sock_destruct(struct sock *sk)
1555{
1556 BT_DBG("sk %p", sk);
1557
1558 if (l2cap_pi(sk)->chan) {
1559 l2cap_pi(sk)->chan->data = NULL;
1560 l2cap_chan_put(l2cap_pi(sk)->chan);
1561 }
1562
1563 if (l2cap_pi(sk)->rx_busy_skb) {
1564 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1565 l2cap_pi(sk)->rx_busy_skb = NULL;
1566 }
1567
1568 skb_queue_purge(&sk->sk_receive_queue);
1569 skb_queue_purge(&sk->sk_write_queue);
1570}
1571
1572static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1573 int *msg_namelen)
1574{
1575 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1576
1577 memset(la, 0, sizeof(struct sockaddr_l2));
1578 la->l2_family = AF_BLUETOOTH;
1579 la->l2_psm = bt_cb(skb)->l2cap.psm;
1580 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1581
1582 *msg_namelen = sizeof(struct sockaddr_l2);
1583}
1584
1585static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1586{
1587 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1588
1589 BT_DBG("sk %p", sk);
1590
1591 if (parent) {
1592 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1593
1594 sk->sk_type = parent->sk_type;
1595 bt_sk(sk)->flags = bt_sk(parent)->flags;
1596
1597 chan->chan_type = pchan->chan_type;
1598 chan->imtu = pchan->imtu;
1599 chan->omtu = pchan->omtu;
1600 chan->conf_state = pchan->conf_state;
1601 chan->mode = pchan->mode;
1602 chan->fcs = pchan->fcs;
1603 chan->max_tx = pchan->max_tx;
1604 chan->tx_win = pchan->tx_win;
1605 chan->tx_win_max = pchan->tx_win_max;
1606 chan->sec_level = pchan->sec_level;
1607 chan->flags = pchan->flags;
1608 chan->tx_credits = pchan->tx_credits;
1609 chan->rx_credits = pchan->rx_credits;
1610
1611 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1612 chan->scid = pchan->scid;
1613 chan->dcid = pchan->scid;
1614 }
1615
1616 security_sk_clone(parent, sk);
1617 } else {
1618 switch (sk->sk_type) {
1619 case SOCK_RAW:
1620 chan->chan_type = L2CAP_CHAN_RAW;
1621 break;
1622 case SOCK_DGRAM:
1623 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1624 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1625 break;
1626 case SOCK_SEQPACKET:
1627 case SOCK_STREAM:
1628 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1629 break;
1630 }
1631
1632 chan->imtu = L2CAP_DEFAULT_MTU;
1633 chan->omtu = 0;
1634 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1635 chan->mode = L2CAP_MODE_ERTM;
1636 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1637 } else {
1638 chan->mode = L2CAP_MODE_BASIC;
1639 }
1640
1641 l2cap_chan_set_defaults(chan);
1642 }
1643
1644 /* Default config options */
1645 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1646
1647 chan->data = sk;
1648 chan->ops = &l2cap_chan_ops;
1649}
1650
1651static struct proto l2cap_proto = {
1652 .name = "L2CAP",
1653 .owner = THIS_MODULE,
1654 .obj_size = sizeof(struct l2cap_pinfo)
1655};
1656
1657static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1658 int proto, gfp_t prio, int kern)
1659{
1660 struct sock *sk;
1661 struct l2cap_chan *chan;
1662
1663 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1664 if (!sk)
1665 return NULL;
1666
1667 sock_init_data(sock, sk);
1668 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1669
1670 sk->sk_destruct = l2cap_sock_destruct;
1671 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1672
1673 sock_reset_flag(sk, SOCK_ZAPPED);
1674
1675 sk->sk_protocol = proto;
1676 sk->sk_state = BT_OPEN;
1677
1678 chan = l2cap_chan_create();
1679 if (!chan) {
1680 sk_free(sk);
1681 sock->sk = NULL;
1682 return NULL;
1683 }
1684
1685 l2cap_chan_hold(chan);
1686
1687 l2cap_pi(sk)->chan = chan;
1688
1689 return sk;
1690}
1691
1692static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1693 int kern)
1694{
1695 struct sock *sk;
1696
1697 BT_DBG("sock %p", sock);
1698
1699 sock->state = SS_UNCONNECTED;
1700
1701 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1702 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1703 return -ESOCKTNOSUPPORT;
1704
1705 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1706 return -EPERM;
1707
1708 sock->ops = &l2cap_sock_ops;
1709
1710 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1711 if (!sk)
1712 return -ENOMEM;
1713
1714 l2cap_sock_init(sk, NULL);
1715 bt_sock_link(&l2cap_sk_list, sk);
1716 return 0;
1717}
1718
1719static const struct proto_ops l2cap_sock_ops = {
1720 .family = PF_BLUETOOTH,
1721 .owner = THIS_MODULE,
1722 .release = l2cap_sock_release,
1723 .bind = l2cap_sock_bind,
1724 .connect = l2cap_sock_connect,
1725 .listen = l2cap_sock_listen,
1726 .accept = l2cap_sock_accept,
1727 .getname = l2cap_sock_getname,
1728 .sendmsg = l2cap_sock_sendmsg,
1729 .recvmsg = l2cap_sock_recvmsg,
1730 .poll = bt_sock_poll,
1731 .ioctl = bt_sock_ioctl,
1732 .gettstamp = sock_gettstamp,
1733 .mmap = sock_no_mmap,
1734 .socketpair = sock_no_socketpair,
1735 .shutdown = l2cap_sock_shutdown,
1736 .setsockopt = l2cap_sock_setsockopt,
1737 .getsockopt = l2cap_sock_getsockopt
1738};
1739
1740static const struct net_proto_family l2cap_sock_family_ops = {
1741 .family = PF_BLUETOOTH,
1742 .owner = THIS_MODULE,
1743 .create = l2cap_sock_create,
1744};
1745
1746int __init l2cap_init_sockets(void)
1747{
1748 int err;
1749
1750 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1751
1752 err = proto_register(&l2cap_proto, 0);
1753 if (err < 0)
1754 return err;
1755
1756 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1757 if (err < 0) {
1758 BT_ERR("L2CAP socket registration failed");
1759 goto error;
1760 }
1761
1762 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1763 NULL);
1764 if (err < 0) {
1765 BT_ERR("Failed to create L2CAP proc file");
1766 bt_sock_unregister(BTPROTO_L2CAP);
1767 goto error;
1768 }
1769
1770 BT_INFO("L2CAP socket layer initialized");
1771
1772 return 0;
1773
1774error:
1775 proto_unregister(&l2cap_proto);
1776 return err;
1777}
1778
1779void l2cap_cleanup_sockets(void)
1780{
1781 bt_procfs_cleanup(&init_net, "l2cap");
1782 bt_sock_unregister(BTPROTO_L2CAP);
1783 proto_unregister(&l2cap_proto);
1784}