projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Introduce requirements for security level 4
[deliverable/linux.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 36
37#include "smp.h"
bb58f747 38
9149761a
JH		 39bool enable_lecoc;
40
5b28d95c
MY		 41static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43};
44
cf2f90f5 45static const struct proto_ops l2cap_sock_ops;
80808e43 46static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 47static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio);
cf2f90f5 49
b3916db3
DH		 50bool l2cap_is_socket(struct socket *sock)
51{
52 return sock && sock->ops == &l2cap_sock_ops;
53}
54EXPORT_SYMBOL(l2cap_is_socket);
55
4946096d
JH		 56static int l2cap_validate_bredr_psm(u16 psm)
57{
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
60 return -EINVAL;
61
62 /* Restrict usage of well-known PSMs */
63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
64 return -EACCES;
65
66 return 0;
67}
68
69static int l2cap_validate_le_psm(u16 psm)
70{
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
72 if (psm > 0x00ff)
73 return -EINVAL;
74
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
77 return -EACCES;
78
79 return 0;
80}
81
af6bcd82
GP		 82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83{
84 struct sock *sk = sock->sk;
4343478f 85 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 86 struct sockaddr_l2 la;
87 int len, err = 0;
88
89 BT_DBG("sk %p", sk);
90
91 if (!addr || addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
b62f328b 98 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 99 return -EINVAL;
100
80c1a2e7
JH		 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
bfe4655f 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
9149761a 105 if (!enable_lecoc && la.l2_psm)
bfe4655f
JH		 106 return -EINVAL;
107 /* We only allow ATT user space socket */
9149761a
JH		 108 if (la.l2_cid &&
109 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 110 return -EINVAL;
111 }
112
af6bcd82
GP		 113 lock_sock(sk);
114
115 if (sk->sk_state != BT_OPEN) {
116 err = -EBADFD;
117 goto done;
118 }
119
120 if (la.l2_psm) {
121 __u16 psm = __le16_to_cpu(la.l2_psm);
122
4946096d
JH		 123 if (la.l2_bdaddr_type == BDADDR_BREDR)
124 err = l2cap_validate_bredr_psm(psm);
125 else
126 err = l2cap_validate_le_psm(psm);
af6bcd82 127
4946096d 128 if (err)
af6bcd82 129 goto done;
af6bcd82
GP		 130 }
131
9e4425ff 132 if (la.l2_cid)
6e4aff10 133 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 134 else
135 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 136
9e4425ff
GP		 137 if (err < 0)
138 goto done;
af6bcd82 139
6a974b50 140 switch (chan->chan_type) {
3124b843
MH		 141 case L2CAP_CHAN_CONN_LESS:
142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
143 chan->sec_level = BT_SECURITY_SDP;
144 break;
6a974b50
MH		 145 case L2CAP_CHAN_CONN_ORIENTED:
146 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
147 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
148 chan->sec_level = BT_SECURITY_SDP;
149 break;
cb6ca8e1
JH		 150 case L2CAP_CHAN_RAW:
151 chan->sec_level = BT_SECURITY_SDP;
152 break;
6a974b50 153 }
b62f328b 154
7eafc59e 155 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 156 chan->src_type = la.l2_bdaddr_type;
89bc500e 157
38319713 158 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 159 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 160
89bc500e 161 chan->state = BT_BOUND;
9e4425ff 162 sk->sk_state = BT_BOUND;
af6bcd82
GP		 163
164done:
165 release_sock(sk);
166 return err;
167}
168
2d792818
GP		 169static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
170 int alen, int flags)
4e34c50b
GP		 171{
172 struct sock *sk = sock->sk;
0c1bc5c6 173 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 174 struct sockaddr_l2 la;
175 int len, err = 0;
176
177 BT_DBG("sk %p", sk);
178
179 if (!addr || alen < sizeof(addr->sa_family) ||
180 addr->sa_family != AF_BLUETOOTH)
181 return -EINVAL;
182
183 memset(&la, 0, sizeof(la));
184 len = min_t(unsigned int, sizeof(la), alen);
185 memcpy(&la, addr, len);
186
acd7d370 187 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 188 return -EINVAL;
189
80c1a2e7
JH		 190 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
191 return -EINVAL;
192
eb622495
JH		 193 /* Check that the socket wasn't bound to something that
194 * conflicts with the address given to connect(). If chan->src
195 * is BDADDR_ANY it means bind() was never used, in which case
196 * chan->src_type and la.l2_bdaddr_type do not need to match.
197 */
198 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
199 bdaddr_type_is_le(la.l2_bdaddr_type)) {
200 /* Old user space versions will try to incorrectly bind
201 * the ATT socket using BDADDR_BREDR. We need to accept
202 * this and fix up the source address type only when
203 * both the source CID and destination CID indicate
204 * ATT. Anything else is an invalid combination.
205 */
206 if (chan->scid != L2CAP_CID_ATT ||
207 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
208 return -EINVAL;
209
210 /* We don't have the hdev available here to make a
211 * better decision on random vs public, but since all
212 * user space versions that exhibit this issue anyway do
213 * not support random local addresses assuming public
214 * here is good enough.
215 */
216 chan->src_type = BDADDR_LE_PUBLIC;
217 }
1f209383
JH		 218
219 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
220 return -EINVAL;
221
bfe4655f 222 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
9149761a 223 if (!enable_lecoc && la.l2_psm)
bfe4655f
JH		 224 return -EINVAL;
225 /* We only allow ATT user space socket */
9149761a
JH		 226 if (la.l2_cid &&
227 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 228 return -EINVAL;
229 }
230
38319713 231 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 232 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 233
6e4aff10 234 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 235 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 236 if (err)
b3fb611e 237 return err;
4e34c50b 238
6be36555
AE		 239 lock_sock(sk);
240
4e34c50b 241 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 242 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 243
244 release_sock(sk);
245
4e34c50b
GP		 246 return err;
247}
248
af6bcd82
GP		 249static int l2cap_sock_listen(struct socket *sock, int backlog)
250{
251 struct sock *sk = sock->sk;
0c1bc5c6 252 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 253 int err = 0;
254
255 BT_DBG("sk %p backlog %d", sk, backlog);
256
257 lock_sock(sk);
258
6b3af733 259 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 260 err = -EBADFD;
261 goto done;
262 }
263
6b3af733
MH		 264 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
265 err = -EINVAL;
266 goto done;
267 }
268
0c1bc5c6 269 switch (chan->mode) {
af6bcd82 270 case L2CAP_MODE_BASIC:
38319713 271 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 272 break;
273 case L2CAP_MODE_ERTM:
274 case L2CAP_MODE_STREAMING:
275 if (!disable_ertm)
276 break;
277 /* fall through */
278 default:
279 err = -ENOTSUPP;
280 goto done;
281 }
282
af6bcd82
GP		 283 sk->sk_max_ack_backlog = backlog;
284 sk->sk_ack_backlog = 0;
89bc500e
GP		 285
286 chan->state = BT_LISTEN;
af6bcd82
GP		 287 sk->sk_state = BT_LISTEN;
288
289done:
290 release_sock(sk);
291 return err;
292}
293
2d792818
GP		 294static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
295 int flags)
c47b7c72
GP		 296{
297 DECLARE_WAITQUEUE(wait, current);
298 struct sock *sk = sock->sk, *nsk;
299 long timeo;
300 int err = 0;
301
302 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
303
c47b7c72
GP		 304 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
305
306 BT_DBG("sk %p timeo %ld", sk, timeo);
307
308 /* Wait for an incoming connection. (wake-one). */
309 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 310 while (1) {
c47b7c72 311 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 312
313 if (sk->sk_state != BT_LISTEN) {
314 err = -EBADFD;
c47b7c72
GP		 315 break;
316 }
317
f9a3c20a
PH		 318 nsk = bt_accept_dequeue(sk, newsock);
319 if (nsk)
320 break;
c47b7c72 321
f9a3c20a
PH		 322 if (!timeo) {
323 err = -EAGAIN;
c47b7c72
GP		 324 break;
325 }
326
327 if (signal_pending(current)) {
328 err = sock_intr_errno(timeo);
329 break;
330 }
f9a3c20a
PH		 331
332 release_sock(sk);
333 timeo = schedule_timeout(timeo);
334 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 335 }
f9a3c20a 336 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 337 remove_wait_queue(sk_sleep(sk), &wait);
338
339 if (err)
340 goto done;
341
342 newsock->state = SS_CONNECTED;
343
344 BT_DBG("new socket %p", nsk);
345
346done:
347 release_sock(sk);
348 return err;
349}
350
2d792818
GP		 351static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
352 int *len, int peer)
d7175d55
GP		 353{
354 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
355 struct sock *sk = sock->sk;
0c1bc5c6 356 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 357
358 BT_DBG("sock %p, sk %p", sock, sk);
359
792039c7 360 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 361 addr->sa_family = AF_BLUETOOTH;
362 *len = sizeof(struct sockaddr_l2);
363
364 if (peer) {
fe4128e0 365 la->l2_psm = chan->psm;
7eafc59e 366 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 367 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 368 la->l2_bdaddr_type = chan->dst_type;
d7175d55 369 } else {
0c1bc5c6 370 la->l2_psm = chan->sport;
7eafc59e 371 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 372 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 373 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 374 }
375
376 return 0;
377}
378
2d792818
GP		 379static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
380 char __user *optval, int __user *optlen)
99f4808d
GP		 381{
382 struct sock *sk = sock->sk;
4343478f 383 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 384 struct l2cap_options opts;
385 struct l2cap_conninfo cinfo;
386 int len, err = 0;
387 u32 opt;
388
389 BT_DBG("sk %p", sk);
390
391 if (get_user(len, optlen))
392 return -EFAULT;
393
394 lock_sock(sk);
395
396 switch (optname) {
397 case L2CAP_OPTIONS:
64b4f8dc
JH		 398 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
399 * legacy ATT code depends on getsockopt for
400 * L2CAP_OPTIONS we need to let this pass.
401 */
402 if (bdaddr_type_is_le(chan->src_type) &&
403 chan->scid != L2CAP_CID_ATT) {
404 err = -EINVAL;
405 break;
406 }
407
e3fb592b 408 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 409 opts.imtu = chan->imtu;
410 opts.omtu = chan->omtu;
411 opts.flush_to = chan->flush_to;
412 opts.mode = chan->mode;
47d1ec61
GP		 413 opts.fcs = chan->fcs;
414 opts.max_tx = chan->max_tx;
6327eb98 415 opts.txwin_size = chan->tx_win;
99f4808d
GP		 416
417 len = min_t(unsigned int, len, sizeof(opts));
418 if (copy_to_user(optval, (char *) &opts, len))
419 err = -EFAULT;
420
421 break;
422
423 case L2CAP_LM:
4343478f 424 switch (chan->sec_level) {
99f4808d
GP		 425 case BT_SECURITY_LOW:
426 opt = L2CAP_LM_AUTH;
427 break;
428 case BT_SECURITY_MEDIUM:
429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
430 break;
431 case BT_SECURITY_HIGH:
432 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 433 L2CAP_LM_SECURE;
99f4808d
GP		 434 break;
435 default:
436 opt = 0;
437 break;
438 }
439
43bd0f32 440 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 441 opt |= L2CAP_LM_MASTER;
442
ecf61bdb 443 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 444 opt |= L2CAP_LM_RELIABLE;
445
446 if (put_user(opt, (u32 __user *) optval))
447 err = -EFAULT;
448 break;
449
450 case L2CAP_CONNINFO:
451 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 452 !(sk->sk_state == BT_CONNECT2 &&
453 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 454 err = -ENOTCONN;
455 break;
456 }
457
8d03e971 458 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 459 cinfo.hci_handle = chan->conn->hcon->handle;
460 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 461
462 len = min_t(unsigned int, len, sizeof(cinfo));
463 if (copy_to_user(optval, (char *) &cinfo, len))
464 err = -EFAULT;
465
466 break;
467
468 default:
469 err = -ENOPROTOOPT;
470 break;
471 }
472
473 release_sock(sk);
474 return err;
475}
476
2d792818
GP		 477static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
478 char __user *optval, int __user *optlen)
99f4808d
GP		 479{
480 struct sock *sk = sock->sk;
4343478f 481 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 482 struct bt_security sec;
14b12d0b 483 struct bt_power pwr;
99f4808d
GP		 484 int len, err = 0;
485
486 BT_DBG("sk %p", sk);
487
488 if (level == SOL_L2CAP)
489 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
490
491 if (level != SOL_BLUETOOTH)
492 return -ENOPROTOOPT;
493
494 if (get_user(len, optlen))
495 return -EFAULT;
496
497 lock_sock(sk);
498
499 switch (optname) {
500 case BT_SECURITY:
715ec005 501 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 502 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 503 err = -EINVAL;
504 break;
505 }
506
8f360119 507 memset(&sec, 0, sizeof(sec));
85e34368 508 if (chan->conn) {
c6585a4d 509 sec.level = chan->conn->hcon->sec_level;
99f4808d 510
85e34368
AE		 511 if (sk->sk_state == BT_CONNECTED)
512 sec.key_size = chan->conn->hcon->enc_key_size;
513 } else {
514 sec.level = chan->sec_level;
515 }
8f360119 516
99f4808d
GP		 517 len = min_t(unsigned int, len, sizeof(sec));
518 if (copy_to_user(optval, (char *) &sec, len))
519 err = -EFAULT;
520
521 break;
522
523 case BT_DEFER_SETUP:
524 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
525 err = -EINVAL;
526 break;
527 }
528
c5daa683
GP		 529 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
530 (u32 __user *) optval))
99f4808d
GP		 531 err = -EFAULT;
532
533 break;
534
535 case BT_FLUSHABLE:
d57b0e8b 536 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 537 (u32 __user *) optval))
99f4808d
GP		 538 err = -EFAULT;
539
540 break;
541
14b12d0b
JG		 542 case BT_POWER:
543 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 544 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 545 err = -EINVAL;
546 break;
547 }
548
15770b1a 549 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 550
551 len = min_t(unsigned int, len, sizeof(pwr));
552 if (copy_to_user(optval, (char *) &pwr, len))
553 err = -EFAULT;
554
555 break;
556
2ea66482 557 case BT_CHANNEL_POLICY:
2ea66482
MM		 558 if (put_user(chan->chan_policy, (u32 __user *) optval))
559 err = -EFAULT;
560 break;
561
1f435424
JH		 562 case BT_SNDMTU:
563 if (!enable_lecoc) {
564 err = -EPROTONOSUPPORT;
565 break;
566 }
567
568 if (!bdaddr_type_is_le(chan->src_type)) {
569 err = -EINVAL;
570 break;
571 }
572
573 if (sk->sk_state != BT_CONNECTED) {
574 err = -ENOTCONN;
575 break;
576 }
577
578 if (put_user(chan->omtu, (u16 __user *) optval))
579 err = -EFAULT;
580 break;
581
582 case BT_RCVMTU:
583 if (!enable_lecoc) {
584 err = -EPROTONOSUPPORT;
585 break;
586 }
587
588 if (!bdaddr_type_is_le(chan->src_type)) {
589 err = -EINVAL;
590 break;
591 }
592
593 if (put_user(chan->imtu, (u16 __user *) optval))
594 err = -EFAULT;
595 break;
596
99f4808d
GP		 597 default:
598 err = -ENOPROTOOPT;
599 break;
600 }
601
602 release_sock(sk);
603 return err;
604}
605
682877c3
AG		 606static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
607{
608 switch (chan->scid) {
073d1cf3 609 case L2CAP_CID_ATT:
8c3a4f00 610 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 611 return false;
612 break;
613
614 default:
615 if (mtu < L2CAP_DEFAULT_MIN_MTU)
616 return false;
617 }
618
619 return true;
620}
621
2d792818
GP		 622static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
623 char __user *optval, unsigned int optlen)
33575df7
GP		 624{
625 struct sock *sk = sock->sk;
b4450035 626 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 627 struct l2cap_options opts;
628 int len, err = 0;
629 u32 opt;
630
631 BT_DBG("sk %p", sk);
632
633 lock_sock(sk);
634
635 switch (optname) {
636 case L2CAP_OPTIONS:
64b4f8dc
JH		 637 if (bdaddr_type_is_le(chan->src_type)) {
638 err = -EINVAL;
639 break;
640 }
641
33575df7
GP		 642 if (sk->sk_state == BT_CONNECTED) {
643 err = -EINVAL;
644 break;
645 }
646
0c1bc5c6
GP		 647 opts.imtu = chan->imtu;
648 opts.omtu = chan->omtu;
649 opts.flush_to = chan->flush_to;
650 opts.mode = chan->mode;
47d1ec61
GP		 651 opts.fcs = chan->fcs;
652 opts.max_tx = chan->max_tx;
6327eb98 653 opts.txwin_size = chan->tx_win;
33575df7
GP		 654
655 len = min_t(unsigned int, sizeof(opts), optlen);
656 if (copy_from_user((char *) &opts, optval, len)) {
657 err = -EFAULT;
658 break;
659 }
660
6327eb98 661 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 662 err = -EINVAL;
663 break;
664 }
665
682877c3
AG		 666 if (!l2cap_valid_mtu(chan, opts.imtu)) {
667 err = -EINVAL;
668 break;
669 }
670
0c1bc5c6
GP		 671 chan->mode = opts.mode;
672 switch (chan->mode) {
38319713
JH		 673 case L2CAP_MODE_LE_FLOWCTL:
674 break;
33575df7 675 case L2CAP_MODE_BASIC:
c1360a1c 676 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 677 break;
678 case L2CAP_MODE_ERTM:
679 case L2CAP_MODE_STREAMING:
680 if (!disable_ertm)
681 break;
682 /* fall through */
683 default:
684 err = -EINVAL;
685 break;
686 }
687
0c1bc5c6
GP		 688 chan->imtu = opts.imtu;
689 chan->omtu = opts.omtu;
47d1ec61
GP		 690 chan->fcs = opts.fcs;
691 chan->max_tx = opts.max_tx;
6327eb98 692 chan->tx_win = opts.txwin_size;
12d59781 693 chan->flush_to = opts.flush_to;
33575df7
GP		 694 break;
695
696 case L2CAP_LM:
697 if (get_user(opt, (u32 __user *) optval)) {
698 err = -EFAULT;
699 break;
700 }
701
702 if (opt & L2CAP_LM_AUTH)
4343478f 703 chan->sec_level = BT_SECURITY_LOW;
33575df7 704 if (opt & L2CAP_LM_ENCRYPT)
4343478f 705 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 706 if (opt & L2CAP_LM_SECURE)
4343478f 707 chan->sec_level = BT_SECURITY_HIGH;
33575df7 708
43bd0f32
AE		 709 if (opt & L2CAP_LM_MASTER)
710 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
711 else
712 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 713
714 if (opt & L2CAP_LM_RELIABLE)
715 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
716 else
717 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 718 break;
719
720 default:
721 err = -ENOPROTOOPT;
722 break;
723 }
724
725 release_sock(sk);
726 return err;
727}
728
2d792818
GP		 729static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
730 char __user *optval, unsigned int optlen)
33575df7
GP		 731{
732 struct sock *sk = sock->sk;
4343478f 733 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 734 struct bt_security sec;
14b12d0b 735 struct bt_power pwr;
f1cb9af5 736 struct l2cap_conn *conn;
33575df7
GP		 737 int len, err = 0;
738 u32 opt;
739
740 BT_DBG("sk %p", sk);
741
742 if (level == SOL_L2CAP)
743 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
744
745 if (level != SOL_BLUETOOTH)
746 return -ENOPROTOOPT;
747
748 lock_sock(sk);
749
750 switch (optname) {
751 case BT_SECURITY:
715ec005 752 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 753 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 754 err = -EINVAL;
755 break;
756 }
757
758 sec.level = BT_SECURITY_LOW;
759
760 len = min_t(unsigned int, sizeof(sec), optlen);
761 if (copy_from_user((char *) &sec, optval, len)) {
762 err = -EFAULT;
763 break;
764 }
765
766 if (sec.level < BT_SECURITY_LOW ||
2d792818 767 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 768 err = -EINVAL;
769 break;
770 }
771
4343478f 772 chan->sec_level = sec.level;
f1cb9af5 773
0bee1d60
GP		 774 if (!chan->conn)
775 break;
776
f1cb9af5 777 conn = chan->conn;
0bee1d60
GP		 778
779 /*change security for LE channels */
073d1cf3 780 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 781 if (!conn->hcon->out) {
782 err = -EINVAL;
783 break;
784 }
785
cc110922 786 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 787 break;
f1cb9af5 788 sk->sk_state = BT_CONFIG;
3542b854 789 chan->state = BT_CONFIG;
0bee1d60 790
a7d7723a
GP		 791 /* or for ACL link */
792 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 793 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 794 sk->sk_state == BT_CONNECTED) {
795 if (!l2cap_chan_check_security(chan))
c5daa683 796 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 797 else
798 sk->sk_state_change(sk);
0bee1d60
GP		 799 } else {
800 err = -EINVAL;
f1cb9af5 801 }
33575df7
GP		 802 break;
803
804 case BT_DEFER_SETUP:
805 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
806 err = -EINVAL;
807 break;
808 }
809
810 if (get_user(opt, (u32 __user *) optval)) {
811 err = -EFAULT;
812 break;
813 }
814
bdc25783 815 if (opt) {
c5daa683 816 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 817 set_bit(FLAG_DEFER_SETUP, &chan->flags);
818 } else {
c5daa683 819 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 820 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
821 }
33575df7
GP		 822 break;
823
824 case BT_FLUSHABLE:
825 if (get_user(opt, (u32 __user *) optval)) {
826 err = -EFAULT;
827 break;
828 }
829
830 if (opt > BT_FLUSHABLE_ON) {
831 err = -EINVAL;
832 break;
833 }
834
835 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 836 conn = chan->conn;
25985edc 837 /* proceed further only when we have l2cap_conn and
33575df7
GP		 838 No Flush support in the LM */
839 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
840 err = -EINVAL;
841 break;
842 }
843 }
844
d57b0e8b
AE		 845 if (opt)
846 set_bit(FLAG_FLUSHABLE, &chan->flags);
847 else
848 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 849 break;
850
14b12d0b
JG		 851 case BT_POWER:
852 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 853 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 854 err = -EINVAL;
855 break;
856 }
857
858 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
859
860 len = min_t(unsigned int, sizeof(pwr), optlen);
861 if (copy_from_user((char *) &pwr, optval, len)) {
862 err = -EFAULT;
863 break;
864 }
15770b1a
AE		 865
866 if (pwr.force_active)
867 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
868 else
869 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 870 break;
871
2ea66482 872 case BT_CHANNEL_POLICY:
2ea66482
MM		 873 if (get_user(opt, (u32 __user *) optval)) {
874 err = -EFAULT;
875 break;
876 }
877
878 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
879 err = -EINVAL;
880 break;
881 }
882
883 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 884 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 885 err = -EOPNOTSUPP;
886 break;
887 }
888
889 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 890
891 if (sk->sk_state == BT_CONNECTED &&
892 chan->move_role == L2CAP_MOVE_ROLE_NONE)
893 l2cap_move_start(chan);
894
14b12d0b
JG		 895 break;
896
1f435424
JH		 897 case BT_SNDMTU:
898 if (!enable_lecoc) {
899 err = -EPROTONOSUPPORT;
900 break;
901 }
902
903 if (!bdaddr_type_is_le(chan->src_type)) {
904 err = -EINVAL;
905 break;
906 }
907
908 /* Setting is not supported as it's the remote side that
909 * decides this.
910 */
911 err = -EPERM;
912 break;
913
914 case BT_RCVMTU:
915 if (!enable_lecoc) {
916 err = -EPROTONOSUPPORT;
917 break;
918 }
919
920 if (!bdaddr_type_is_le(chan->src_type)) {
921 err = -EINVAL;
922 break;
923 }
924
925 if (sk->sk_state == BT_CONNECTED) {
926 err = -EISCONN;
927 break;
928 }
929
930 if (get_user(opt, (u32 __user *) optval)) {
931 err = -EFAULT;
932 break;
933 }
934
935 chan->imtu = opt;
936 break;
937
33575df7
GP		 938 default:
939 err = -ENOPROTOOPT;
940 break;
941 }
942
943 release_sock(sk);
944 return err;
945}
fd83ccdb 946
2d792818
GP		 947static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
948 struct msghdr *msg, size_t len)
fd83ccdb
GP		 949{
950 struct sock *sk = sock->sk;
0c1bc5c6 951 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 952 int err;
953
954 BT_DBG("sock %p, sk %p", sock, sk);
955
956 err = sock_error(sk);
957 if (err)
958 return err;
959
960 if (msg->msg_flags & MSG_OOB)
961 return -EOPNOTSUPP;
962
a6a5568c 963 if (sk->sk_state != BT_CONNECTED)
9a91a04a 964 return -ENOTCONN;
fd83ccdb 965
e793dcf0
JH		 966 lock_sock(sk);
967 err = bt_sock_wait_ready(sk, msg->msg_flags);
968 release_sock(sk);
969 if (err)
970 return err;
971
a6a5568c 972 l2cap_chan_lock(chan);
5e59b791 973 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 974 l2cap_chan_unlock(chan);
fd83ccdb 975
fd83ccdb
GP		 976 return err;
977}
33575df7 978
2d792818
GP		 979static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
980 struct msghdr *msg, size_t len, int flags)
68983259
GP		 981{
982 struct sock *sk = sock->sk;
e328140f
MM		 983 struct l2cap_pinfo *pi = l2cap_pi(sk);
984 int err;
68983259
GP		 985
986 lock_sock(sk);
987
c5daa683
GP		 988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
989 &bt_sk(sk)->flags)) {
38319713
JH		 990 if (bdaddr_type_is_le(pi->chan->src_type)) {
991 sk->sk_state = BT_CONNECTED;
992 pi->chan->state = BT_CONNECTED;
993 __l2cap_le_connect_rsp_defer(pi->chan);
994 } else {
995 sk->sk_state = BT_CONFIG;
996 pi->chan->state = BT_CONFIG;
997 __l2cap_connect_rsp_defer(pi->chan);
998 }
8c1d787b 999
970871bc
JH		 1000 err = 0;
1001 goto done;
68983259
GP		 1002 }
1003
1004 release_sock(sk);
1005
1006 if (sock->type == SOCK_STREAM)
e328140f
MM		 1007 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1008 else
1009 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1010
1011 if (pi->chan->mode != L2CAP_MODE_ERTM)
1012 return err;
1013
1014 /* Attempt to put pending rx data in the socket buffer */
1015
1016 lock_sock(sk);
1017
1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1019 goto done;
1020
1021 if (pi->rx_busy_skb) {
1022 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1023 pi->rx_busy_skb = NULL;
1024 else
1025 goto done;
1026 }
1027
1028 /* Restore data flow when half of the receive buffer is
1029 * available. This avoids resending large numbers of
1030 * frames.
1031 */
1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1033 l2cap_chan_busy(pi->chan, 0);
68983259 1034
e328140f
MM		 1035done:
1036 release_sock(sk);
1037 return err;
68983259
GP		 1038}
1039
05fc1576
GP		 1040/* Kill socket (only if zapped and orphan)
1041 * Must be called on unlocked socket.
1042 */
ba3bd0ee 1043static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1044{
1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1046 return;
1047
e05dcc32 1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1049
1050 /* Kill poor orphan */
6ff5abbf 1051
4af66c69 1052 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1053 sock_set_flag(sk, SOCK_DEAD);
1054 sock_put(sk);
1055}
1056
dc25306b
GP		 1057static int __l2cap_wait_ack(struct sock *sk)
1058{
1059 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1060 DECLARE_WAITQUEUE(wait, current);
1061 int err = 0;
1062 int timeo = HZ/5;
1063
1064 add_wait_queue(sk_sleep(sk), &wait);
1065 set_current_state(TASK_INTERRUPTIBLE);
1066 while (chan->unacked_frames > 0 && chan->conn) {
1067 if (!timeo)
1068 timeo = HZ/5;
1069
1070 if (signal_pending(current)) {
1071 err = sock_intr_errno(timeo);
1072 break;
1073 }
1074
1075 release_sock(sk);
1076 timeo = schedule_timeout(timeo);
1077 lock_sock(sk);
1078 set_current_state(TASK_INTERRUPTIBLE);
1079
1080 err = sock_error(sk);
1081 if (err)
1082 break;
1083 }
1084 set_current_state(TASK_RUNNING);
1085 remove_wait_queue(sk_sleep(sk), &wait);
1086 return err;
1087}
1088
dcba0dba
GP		 1089static int l2cap_sock_shutdown(struct socket *sock, int how)
1090{
1091 struct sock *sk = sock->sk;
7ddb6e0f 1092 struct l2cap_chan *chan;
3df91ea2 1093 struct l2cap_conn *conn;
dcba0dba
GP		 1094 int err = 0;
1095
1096 BT_DBG("sock %p, sk %p", sock, sk);
1097
1098 if (!sk)
1099 return 0;
1100
7ddb6e0f 1101 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 1102 conn = chan->conn;
1103
1104 if (conn)
1105 mutex_lock(&conn->chan_lock);
7ddb6e0f 1106
6be36555 1107 l2cap_chan_lock(chan);
dcba0dba 1108 lock_sock(sk);
6be36555 1109
dcba0dba 1110 if (!sk->sk_shutdown) {
0c1bc5c6 1111 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 1112 err = __l2cap_wait_ack(sk);
1113
1114 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 1115
6be36555 1116 release_sock(sk);
0f852724 1117 l2cap_chan_close(chan, 0);
6be36555 1118 lock_sock(sk);
dcba0dba
GP		 1119
1120 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1121 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 1122 sk->sk_lingertime);
dcba0dba
GP		 1123 }
1124
1125 if (!err && sk->sk_err)
1126 err = -sk->sk_err;
1127
1128 release_sock(sk);
6be36555 1129 l2cap_chan_unlock(chan);
3df91ea2
AE		 1130
1131 if (conn)
1132 mutex_unlock(&conn->chan_lock);
1133
dcba0dba
GP		 1134 return err;
1135}
1136
554f05bb
GP		 1137static int l2cap_sock_release(struct socket *sock)
1138{
1139 struct sock *sk = sock->sk;
1140 int err;
1141
1142 BT_DBG("sock %p, sk %p", sock, sk);
1143
1144 if (!sk)
1145 return 0;
1146
5b28d95c
MY		 1147 bt_sock_unlink(&l2cap_sk_list, sk);
1148
554f05bb
GP		 1149 err = l2cap_sock_shutdown(sock, 2);
1150
1151 sock_orphan(sk);
1152 l2cap_sock_kill(sk);
1153 return err;
1154}
1155
c0df7f6e
AE		 1156static void l2cap_sock_cleanup_listen(struct sock *parent)
1157{
1158 struct sock *sk;
1159
1160 BT_DBG("parent %p", parent);
1161
1162 /* Close not yet accepted channels */
1163 while ((sk = bt_accept_dequeue(parent, NULL))) {
1164 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1165
1166 l2cap_chan_lock(chan);
1167 __clear_chan_timer(chan);
1168 l2cap_chan_close(chan, ECONNRESET);
1169 l2cap_chan_unlock(chan);
1170
1171 l2cap_sock_kill(sk);
1172 }
1173}
1174
80b98027 1175static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1176{
80b98027 1177 struct sock *sk, *parent = chan->data;
80808e43 1178
8ffb9290
GP		 1179 lock_sock(parent);
1180
53826692
GP		 1181 /* Check for backlog size */
1182 if (sk_acceptq_is_full(parent)) {
1183 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1184 return NULL;
1185 }
1186
80808e43 1187 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1188 GFP_ATOMIC);
80808e43
GP		 1189 if (!sk)
1190 return NULL;
1191
d22015aa
OP		 1192 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1193
80808e43
GP		 1194 l2cap_sock_init(sk, parent);
1195
644912e1
GP		 1196 bt_accept_enqueue(parent, sk);
1197
8ffb9290
GP		 1198 release_sock(parent);
1199
80808e43
GP		 1200 return l2cap_pi(sk)->chan;
1201}
1202
80b98027 1203static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1204{
80b98027 1205 struct sock *sk = chan->data;
84b34d98 1206 int err;
e328140f 1207
6be36555
AE		 1208 lock_sock(sk);
1209
84b34d98 1210 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1211 err = -ENOMEM;
1212 goto done;
1213 }
e328140f
MM		 1214
1215 err = sock_queue_rcv_skb(sk, skb);
1216
1217 /* For ERTM, handle one skb that doesn't fit into the recv
1218 * buffer. This is important to do because the data frames
1219 * have already been acked, so the skb cannot be discarded.
1220 *
1221 * Notify the l2cap core that the buffer is full, so the
1222 * LOCAL_BUSY state is entered and no more frames are
1223 * acked and reassembled until there is buffer space
1224 * available.
1225 */
84b34d98
MH		 1226 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1227 l2cap_pi(sk)->rx_busy_skb = skb;
1228 l2cap_chan_busy(chan, 1);
e328140f
MM		 1229 err = 0;
1230 }
23070494 1231
6be36555
AE		 1232done:
1233 release_sock(sk);
1234
e328140f 1235 return err;
23070494
GP		 1236}
1237
80b98027 1238static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1239{
80b98027 1240 struct sock *sk = chan->data;
ba3bd0ee
GP		 1241
1242 l2cap_sock_kill(sk);
1243}
1244
c0df7f6e
AE		 1245static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1246{
1247 struct sock *sk = chan->data;
1248 struct sock *parent;
1249
1250 lock_sock(sk);
1251
1252 parent = bt_sk(sk)->parent;
1253
1254 sock_set_flag(sk, SOCK_ZAPPED);
1255
1256 switch (chan->state) {
1257 case BT_OPEN:
1258 case BT_BOUND:
1259 case BT_CLOSED:
1260 break;
1261 case BT_LISTEN:
1262 l2cap_sock_cleanup_listen(sk);
1263 sk->sk_state = BT_CLOSED;
1264 chan->state = BT_CLOSED;
1265
1266 break;
1267 default:
1268 sk->sk_state = BT_CLOSED;
1269 chan->state = BT_CLOSED;
1270
1271 sk->sk_err = err;
1272
1273 if (parent) {
1274 bt_accept_unlink(sk);
1275 parent->sk_data_ready(parent, 0);
1276 } else {
1277 sk->sk_state_change(sk);
1278 }
1279
1280 break;
1281 }
1282
1283 release_sock(sk);
1284}
1285
53f52121
GP		 1286static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1287 int err)
89bc500e 1288{
80b98027 1289 struct sock *sk = chan->data;
89bc500e
GP		 1290
1291 sk->sk_state = state;
53f52121
GP		 1292
1293 if (err)
1294 sk->sk_err = err;
89bc500e
GP		 1295}
1296
2f7719ce 1297static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1298 unsigned long len, int nb)
2f7719ce 1299{
0f2c6153 1300 struct sock *sk = chan->data;
90338947
GP		 1301 struct sk_buff *skb;
1302 int err;
1303
a6a5568c 1304 l2cap_chan_unlock(chan);
0f2c6153 1305 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1306 l2cap_chan_lock(chan);
1307
90338947
GP		 1308 if (!skb)
1309 return ERR_PTR(err);
2f7719ce 1310
0e790c64
GP		 1311 bt_cb(skb)->chan = chan;
1312
90338947 1313 return skb;
2f7719ce
AE		 1314}
1315
54a59aa2
AE		 1316static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1317{
1318 struct sock *sk = chan->data;
1319 struct sock *parent;
1320
1321 lock_sock(sk);
1322
1323 parent = bt_sk(sk)->parent;
1324
1325 BT_DBG("sk %p, parent %p", sk, parent);
1326
1327 sk->sk_state = BT_CONNECTED;
1328 sk->sk_state_change(sk);
1329
1330 if (parent)
1331 parent->sk_data_ready(parent, 0);
1332
1333 release_sock(sk);
1334}
1335
2dc4e510
GP		 1336static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1337{
acdcabf5
GP		 1338 struct sock *parent, *sk = chan->data;
1339
1340 lock_sock(sk);
2dc4e510 1341
acdcabf5 1342 parent = bt_sk(sk)->parent;
2dc4e510
GP		 1343 if (parent)
1344 parent->sk_data_ready(parent, 0);
acdcabf5
GP		 1345
1346 release_sock(sk);
2dc4e510
GP		 1347}
1348
d97c899b
MH		 1349static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1350{
1351 struct sock *sk = chan->data;
1352
1353 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1354 sk->sk_state_change(sk);
1355}
1356
5ec1bbe5
GP		 1357static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1358{
1359 struct sock *sk = chan->data;
1360
1361 lock_sock(sk);
1362 sk->sk_shutdown = SHUTDOWN_MASK;
1363 release_sock(sk);
1364}
1365
8d836d71
GP		 1366static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1367{
1368 struct sock *sk = chan->data;
1369
1370 return sk->sk_sndtimeo;
1371}
1372
837776f7
JH		 1373static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1374{
1375 struct sock *sk = chan->data;
1376
1377 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1378 sk->sk_state_change(sk);
1379}
1380
80808e43
GP		 1381static struct l2cap_ops l2cap_chan_ops = {
1382 .name = "L2CAP Socket Interface",
1383 .new_connection = l2cap_sock_new_connection_cb,
23070494 1384 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1385 .close = l2cap_sock_close_cb,
c0df7f6e 1386 .teardown = l2cap_sock_teardown_cb,
89bc500e 1387 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1388 .ready = l2cap_sock_ready_cb,
2dc4e510 1389 .defer = l2cap_sock_defer_cb,
d97c899b 1390 .resume = l2cap_sock_resume_cb,
837776f7 1391 .suspend = l2cap_sock_suspend_cb,
5ec1bbe5 1392 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1393 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1394 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1395};
1396
bb58f747
GP		 1397static void l2cap_sock_destruct(struct sock *sk)
1398{
1399 BT_DBG("sk %p", sk);
1400
23d3a869
SL		 1401 if (l2cap_pi(sk)->chan)
1402 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1403
e328140f
MM		 1404 if (l2cap_pi(sk)->rx_busy_skb) {
1405 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1406 l2cap_pi(sk)->rx_busy_skb = NULL;
1407 }
1408
bb58f747
GP		 1409 skb_queue_purge(&sk->sk_receive_queue);
1410 skb_queue_purge(&sk->sk_write_queue);
1411}
1412
2edf870d
MH		 1413static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1414 int *msg_namelen)
1415{
342dfc30 1416 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1417
1418 memset(la, 0, sizeof(struct sockaddr_l2));
1419 la->l2_family = AF_BLUETOOTH;
1420 la->l2_psm = bt_cb(skb)->psm;
1421 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1422
1423 *msg_namelen = sizeof(struct sockaddr_l2);
1424}
1425
80808e43 1426static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1427{
84b34d98 1428 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1429
1430 BT_DBG("sk %p", sk);
1431
1432 if (parent) {
b4450035
GP		 1433 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1434
bb58f747 1435 sk->sk_type = parent->sk_type;
c5daa683 1436 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1437
715ec005 1438 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1439 chan->imtu = pchan->imtu;
1440 chan->omtu = pchan->omtu;
b4450035 1441 chan->conf_state = pchan->conf_state;
0c1bc5c6 1442 chan->mode = pchan->mode;
47d1ec61
GP		 1443 chan->fcs = pchan->fcs;
1444 chan->max_tx = pchan->max_tx;
1445 chan->tx_win = pchan->tx_win;
6b3c7104 1446 chan->tx_win_max = pchan->tx_win_max;
4343478f 1447 chan->sec_level = pchan->sec_level;
d57b0e8b 1448 chan->flags = pchan->flags;
0cd75f7e
JH		 1449 chan->tx_credits = pchan->tx_credits;
1450 chan->rx_credits = pchan->rx_credits;
6230c9b4
PM		 1451
1452 security_sk_clone(parent, sk);
bb58f747 1453 } else {
715ec005
GP		 1454 switch (sk->sk_type) {
1455 case SOCK_RAW:
1456 chan->chan_type = L2CAP_CHAN_RAW;
1457 break;
1458 case SOCK_DGRAM:
1459 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1460 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1461 break;
1462 case SOCK_SEQPACKET:
1463 case SOCK_STREAM:
1464 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1465 break;
1466 }
1467
0c1bc5c6
GP		 1468 chan->imtu = L2CAP_DEFAULT_MTU;
1469 chan->omtu = 0;
bb58f747 1470 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1471 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1472 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1473 } else {
0c1bc5c6 1474 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1475 }
bd4b1653
AE		 1476
1477 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1478 }
1479
1480 /* Default config options */
0c1bc5c6 1481 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1482
1483 chan->data = sk;
1484 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1485}
1486
1487static struct proto l2cap_proto = {
1488 .name = "L2CAP",
1489 .owner = THIS_MODULE,
1490 .obj_size = sizeof(struct l2cap_pinfo)
1491};
1492
2d792818
GP		 1493static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1494 int proto, gfp_t prio)
bb58f747
GP		 1495{
1496 struct sock *sk;
dc50a06d 1497 struct l2cap_chan *chan;
bb58f747
GP		 1498
1499 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1500 if (!sk)
1501 return NULL;
1502
1503 sock_init_data(sock, sk);
1504 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1505
1506 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1507 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1508
1509 sock_reset_flag(sk, SOCK_ZAPPED);
1510
1511 sk->sk_protocol = proto;
1512 sk->sk_state = BT_OPEN;
1513
eef1d9b6 1514 chan = l2cap_chan_create();
dc50a06d 1515 if (!chan) {
49dfbb91 1516 sk_free(sk);
dc50a06d
GP		 1517 return NULL;
1518 }
1519
61d6ef3e
MM		 1520 l2cap_chan_hold(chan);
1521
dc50a06d
GP		 1522 l2cap_pi(sk)->chan = chan;
1523
bb58f747
GP		 1524 return sk;
1525}
1526
1527static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1528 int kern)
1529{
1530 struct sock *sk;
1531
1532 BT_DBG("sock %p", sock);
1533
1534 sock->state = SS_UNCONNECTED;
1535
1536 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1537 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1538 return -ESOCKTNOSUPPORT;
1539
1540 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1541 return -EPERM;
1542
1543 sock->ops = &l2cap_sock_ops;
1544
1545 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1546 if (!sk)
1547 return -ENOMEM;
1548
1549 l2cap_sock_init(sk, NULL);
5b28d95c 1550 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1551 return 0;
1552}
1553
cf2f90f5 1554static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1555 .family = PF_BLUETOOTH,
1556 .owner = THIS_MODULE,
1557 .release = l2cap_sock_release,
1558 .bind = l2cap_sock_bind,
1559 .connect = l2cap_sock_connect,
1560 .listen = l2cap_sock_listen,
1561 .accept = l2cap_sock_accept,
1562 .getname = l2cap_sock_getname,
1563 .sendmsg = l2cap_sock_sendmsg,
1564 .recvmsg = l2cap_sock_recvmsg,
1565 .poll = bt_sock_poll,
1566 .ioctl = bt_sock_ioctl,
1567 .mmap = sock_no_mmap,
1568 .socketpair = sock_no_socketpair,
1569 .shutdown = l2cap_sock_shutdown,
1570 .setsockopt = l2cap_sock_setsockopt,
1571 .getsockopt = l2cap_sock_getsockopt
1572};
1573
bb58f747
GP		 1574static const struct net_proto_family l2cap_sock_family_ops = {
1575 .family = PF_BLUETOOTH,
1576 .owner = THIS_MODULE,
1577 .create = l2cap_sock_create,
1578};
1579
1580int __init l2cap_init_sockets(void)
1581{
e2174ca4 1582 int err;
bb58f747 1583
e2174ca4
GP		 1584 err = proto_register(&l2cap_proto, 0);
1585 if (err < 0)
1586 return err;
bb58f747 1587
e2174ca4 1588 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1589 if (err < 0) {
1590 BT_ERR("L2CAP socket registration failed");
e2174ca4 1591 goto error;
5b28d95c
MY		 1592 }
1593
b0316615 1594 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1595 NULL);
5b28d95c
MY		 1596 if (err < 0) {
1597 BT_ERR("Failed to create L2CAP proc file");
1598 bt_sock_unregister(BTPROTO_L2CAP);
1599 goto error;
1600 }
bb58f747 1601
e2174ca4 1602 BT_INFO("L2CAP socket layer initialized");
bb58f747 1603
e2174ca4 1604 return 0;
bb58f747
GP		 1605
1606error:
e2174ca4
GP		 1607 proto_unregister(&l2cap_proto);
1608 return err;
bb58f747
GP		 1609}
1610
1611void l2cap_cleanup_sockets(void)
1612{
5b28d95c 1613 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1614 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1615 proto_unregister(&l2cap_proto);
bb58f747 1616}
9149761a
JH		 1617
1618module_param(enable_lecoc, bool, 0644);
1619MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");
Linux kernel - Deliverables
This page took 0.26626 seconds and 5 git commands to generate.