projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Reject invalid bdaddr types for sockets
[deliverable/linux.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
bc3b2d7f 30#include <linux/export.h>
6230c9b4 31
bb58f747 32#include <net/bluetooth/bluetooth.h>
33575df7 33#include <net/bluetooth/hci_core.h>
bb58f747 34#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 35
36#include "smp.h"
bb58f747 37
5b28d95c
MY		 38static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
40};
41
cf2f90f5 42static const struct proto_ops l2cap_sock_ops;
80808e43 43static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 44static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 int proto, gfp_t prio);
cf2f90f5 46
b3916db3
DH		 47bool l2cap_is_socket(struct socket *sock)
48{
49 return sock && sock->ops == &l2cap_sock_ops;
50}
51EXPORT_SYMBOL(l2cap_is_socket);
52
af6bcd82
GP		 53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
54{
55 struct sock *sk = sock->sk;
4343478f 56 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 57 struct sockaddr_l2 la;
58 int len, err = 0;
59
60 BT_DBG("sk %p", sk);
61
62 if (!addr || addr->sa_family != AF_BLUETOOTH)
63 return -EINVAL;
64
65 memset(&la, 0, sizeof(la));
66 len = min_t(unsigned int, sizeof(la), alen);
67 memcpy(&la, addr, len);
68
b62f328b 69 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 70 return -EINVAL;
71
80c1a2e7
JH		 72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
73 return -EINVAL;
74
af6bcd82
GP		 75 lock_sock(sk);
76
77 if (sk->sk_state != BT_OPEN) {
78 err = -EBADFD;
79 goto done;
80 }
81
82 if (la.l2_psm) {
83 __u16 psm = __le16_to_cpu(la.l2_psm);
84
85 /* PSM must be odd and lsb of upper byte must be 0 */
86 if ((psm & 0x0101) != 0x0001) {
87 err = -EINVAL;
88 goto done;
89 }
90
91 /* Restrict usage of well-known PSMs */
92 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
93 err = -EACCES;
94 goto done;
95 }
96 }
97
9e4425ff 98 if (la.l2_cid)
6e4aff10 99 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 100 else
101 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 102
9e4425ff
GP		 103 if (err < 0)
104 goto done;
af6bcd82 105
6a974b50 106 switch (chan->chan_type) {
3124b843
MH		 107 case L2CAP_CHAN_CONN_LESS:
108 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
109 chan->sec_level = BT_SECURITY_SDP;
110 break;
6a974b50
MH		 111 case L2CAP_CHAN_CONN_ORIENTED:
112 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
113 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
114 chan->sec_level = BT_SECURITY_SDP;
115 break;
116 }
b62f328b 117
7eafc59e 118 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 119 chan->src_type = la.l2_bdaddr_type;
89bc500e
GP		 120
121 chan->state = BT_BOUND;
9e4425ff 122 sk->sk_state = BT_BOUND;
af6bcd82
GP		 123
124done:
125 release_sock(sk);
126 return err;
127}
128
2d792818
GP		 129static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
130 int alen, int flags)
4e34c50b
GP		 131{
132 struct sock *sk = sock->sk;
0c1bc5c6 133 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 134 struct sockaddr_l2 la;
135 int len, err = 0;
136
137 BT_DBG("sk %p", sk);
138
139 if (!addr || alen < sizeof(addr->sa_family) ||
140 addr->sa_family != AF_BLUETOOTH)
141 return -EINVAL;
142
143 memset(&la, 0, sizeof(la));
144 len = min_t(unsigned int, sizeof(la), alen);
145 memcpy(&la, addr, len);
146
acd7d370 147 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 148 return -EINVAL;
149
80c1a2e7
JH		 150 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
151 return -EINVAL;
152
6e4aff10 153 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 154 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 155 if (err)
b3fb611e 156 return err;
4e34c50b 157
6be36555
AE		 158 lock_sock(sk);
159
4e34c50b 160 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 161 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 162
163 release_sock(sk);
164
4e34c50b
GP		 165 return err;
166}
167
af6bcd82
GP		 168static int l2cap_sock_listen(struct socket *sock, int backlog)
169{
170 struct sock *sk = sock->sk;
0c1bc5c6 171 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 172 int err = 0;
173
174 BT_DBG("sk %p backlog %d", sk, backlog);
175
176 lock_sock(sk);
177
6b3af733 178 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 179 err = -EBADFD;
180 goto done;
181 }
182
6b3af733
MH		 183 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
184 err = -EINVAL;
185 goto done;
186 }
187
0c1bc5c6 188 switch (chan->mode) {
af6bcd82
GP		 189 case L2CAP_MODE_BASIC:
190 break;
191 case L2CAP_MODE_ERTM:
192 case L2CAP_MODE_STREAMING:
193 if (!disable_ertm)
194 break;
195 /* fall through */
196 default:
197 err = -ENOTSUPP;
198 goto done;
199 }
200
af6bcd82
GP		 201 sk->sk_max_ack_backlog = backlog;
202 sk->sk_ack_backlog = 0;
89bc500e
GP		 203
204 chan->state = BT_LISTEN;
af6bcd82
GP		 205 sk->sk_state = BT_LISTEN;
206
207done:
208 release_sock(sk);
209 return err;
210}
211
2d792818
GP		 212static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
213 int flags)
c47b7c72
GP		 214{
215 DECLARE_WAITQUEUE(wait, current);
216 struct sock *sk = sock->sk, *nsk;
217 long timeo;
218 int err = 0;
219
220 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
221
c47b7c72
GP		 222 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
223
224 BT_DBG("sk %p timeo %ld", sk, timeo);
225
226 /* Wait for an incoming connection. (wake-one). */
227 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 228 while (1) {
c47b7c72 229 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 230
231 if (sk->sk_state != BT_LISTEN) {
232 err = -EBADFD;
c47b7c72
GP		 233 break;
234 }
235
f9a3c20a
PH		 236 nsk = bt_accept_dequeue(sk, newsock);
237 if (nsk)
238 break;
c47b7c72 239
f9a3c20a
PH		 240 if (!timeo) {
241 err = -EAGAIN;
c47b7c72
GP		 242 break;
243 }
244
245 if (signal_pending(current)) {
246 err = sock_intr_errno(timeo);
247 break;
248 }
f9a3c20a
PH		 249
250 release_sock(sk);
251 timeo = schedule_timeout(timeo);
252 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 253 }
f9a3c20a 254 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 255 remove_wait_queue(sk_sleep(sk), &wait);
256
257 if (err)
258 goto done;
259
260 newsock->state = SS_CONNECTED;
261
262 BT_DBG("new socket %p", nsk);
263
264done:
265 release_sock(sk);
266 return err;
267}
268
2d792818
GP		 269static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
270 int *len, int peer)
d7175d55
GP		 271{
272 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
273 struct sock *sk = sock->sk;
0c1bc5c6 274 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 275
276 BT_DBG("sock %p, sk %p", sock, sk);
277
792039c7 278 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 279 addr->sa_family = AF_BLUETOOTH;
280 *len = sizeof(struct sockaddr_l2);
281
282 if (peer) {
fe4128e0 283 la->l2_psm = chan->psm;
7eafc59e 284 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 285 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 286 la->l2_bdaddr_type = chan->dst_type;
d7175d55 287 } else {
0c1bc5c6 288 la->l2_psm = chan->sport;
7eafc59e 289 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 290 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 291 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 292 }
293
294 return 0;
295}
296
2d792818
GP		 297static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
298 char __user *optval, int __user *optlen)
99f4808d
GP		 299{
300 struct sock *sk = sock->sk;
4343478f 301 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 302 struct l2cap_options opts;
303 struct l2cap_conninfo cinfo;
304 int len, err = 0;
305 u32 opt;
306
307 BT_DBG("sk %p", sk);
308
309 if (get_user(len, optlen))
310 return -EFAULT;
311
312 lock_sock(sk);
313
314 switch (optname) {
315 case L2CAP_OPTIONS:
e3fb592b 316 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 317 opts.imtu = chan->imtu;
318 opts.omtu = chan->omtu;
319 opts.flush_to = chan->flush_to;
320 opts.mode = chan->mode;
47d1ec61
GP		 321 opts.fcs = chan->fcs;
322 opts.max_tx = chan->max_tx;
6327eb98 323 opts.txwin_size = chan->tx_win;
99f4808d
GP		 324
325 len = min_t(unsigned int, len, sizeof(opts));
326 if (copy_to_user(optval, (char *) &opts, len))
327 err = -EFAULT;
328
329 break;
330
331 case L2CAP_LM:
4343478f 332 switch (chan->sec_level) {
99f4808d
GP		 333 case BT_SECURITY_LOW:
334 opt = L2CAP_LM_AUTH;
335 break;
336 case BT_SECURITY_MEDIUM:
337 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
338 break;
339 case BT_SECURITY_HIGH:
340 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 341 L2CAP_LM_SECURE;
99f4808d
GP		 342 break;
343 default:
344 opt = 0;
345 break;
346 }
347
43bd0f32 348 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 349 opt |= L2CAP_LM_MASTER;
350
ecf61bdb 351 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 352 opt |= L2CAP_LM_RELIABLE;
353
354 if (put_user(opt, (u32 __user *) optval))
355 err = -EFAULT;
356 break;
357
358 case L2CAP_CONNINFO:
359 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 360 !(sk->sk_state == BT_CONNECT2 &&
361 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 362 err = -ENOTCONN;
363 break;
364 }
365
8d03e971 366 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 367 cinfo.hci_handle = chan->conn->hcon->handle;
368 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 369
370 len = min_t(unsigned int, len, sizeof(cinfo));
371 if (copy_to_user(optval, (char *) &cinfo, len))
372 err = -EFAULT;
373
374 break;
375
376 default:
377 err = -ENOPROTOOPT;
378 break;
379 }
380
381 release_sock(sk);
382 return err;
383}
384
2d792818
GP		 385static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
386 char __user *optval, int __user *optlen)
99f4808d
GP		 387{
388 struct sock *sk = sock->sk;
4343478f 389 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 390 struct bt_security sec;
14b12d0b 391 struct bt_power pwr;
99f4808d
GP		 392 int len, err = 0;
393
394 BT_DBG("sk %p", sk);
395
396 if (level == SOL_L2CAP)
397 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
398
399 if (level != SOL_BLUETOOTH)
400 return -ENOPROTOOPT;
401
402 if (get_user(len, optlen))
403 return -EFAULT;
404
405 lock_sock(sk);
406
407 switch (optname) {
408 case BT_SECURITY:
715ec005 409 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 410 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 411 err = -EINVAL;
412 break;
413 }
414
8f360119 415 memset(&sec, 0, sizeof(sec));
85e34368 416 if (chan->conn) {
c6585a4d 417 sec.level = chan->conn->hcon->sec_level;
99f4808d 418
85e34368
AE		 419 if (sk->sk_state == BT_CONNECTED)
420 sec.key_size = chan->conn->hcon->enc_key_size;
421 } else {
422 sec.level = chan->sec_level;
423 }
8f360119 424
99f4808d
GP		 425 len = min_t(unsigned int, len, sizeof(sec));
426 if (copy_to_user(optval, (char *) &sec, len))
427 err = -EFAULT;
428
429 break;
430
431 case BT_DEFER_SETUP:
432 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
433 err = -EINVAL;
434 break;
435 }
436
c5daa683
GP		 437 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
438 (u32 __user *) optval))
99f4808d
GP		 439 err = -EFAULT;
440
441 break;
442
443 case BT_FLUSHABLE:
d57b0e8b 444 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 445 (u32 __user *) optval))
99f4808d
GP		 446 err = -EFAULT;
447
448 break;
449
14b12d0b
JG		 450 case BT_POWER:
451 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 452 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 453 err = -EINVAL;
454 break;
455 }
456
15770b1a 457 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 458
459 len = min_t(unsigned int, len, sizeof(pwr));
460 if (copy_to_user(optval, (char *) &pwr, len))
461 err = -EFAULT;
462
463 break;
464
2ea66482 465 case BT_CHANNEL_POLICY:
2ea66482
MM		 466 if (put_user(chan->chan_policy, (u32 __user *) optval))
467 err = -EFAULT;
468 break;
469
99f4808d
GP		 470 default:
471 err = -ENOPROTOOPT;
472 break;
473 }
474
475 release_sock(sk);
476 return err;
477}
478
682877c3
AG		 479static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
480{
481 switch (chan->scid) {
073d1cf3 482 case L2CAP_CID_ATT:
8c3a4f00 483 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 484 return false;
485 break;
486
487 default:
488 if (mtu < L2CAP_DEFAULT_MIN_MTU)
489 return false;
490 }
491
492 return true;
493}
494
2d792818
GP		 495static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
496 char __user *optval, unsigned int optlen)
33575df7
GP		 497{
498 struct sock *sk = sock->sk;
b4450035 499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 500 struct l2cap_options opts;
501 int len, err = 0;
502 u32 opt;
503
504 BT_DBG("sk %p", sk);
505
506 lock_sock(sk);
507
508 switch (optname) {
509 case L2CAP_OPTIONS:
510 if (sk->sk_state == BT_CONNECTED) {
511 err = -EINVAL;
512 break;
513 }
514
0c1bc5c6
GP		 515 opts.imtu = chan->imtu;
516 opts.omtu = chan->omtu;
517 opts.flush_to = chan->flush_to;
518 opts.mode = chan->mode;
47d1ec61
GP		 519 opts.fcs = chan->fcs;
520 opts.max_tx = chan->max_tx;
6327eb98 521 opts.txwin_size = chan->tx_win;
33575df7
GP		 522
523 len = min_t(unsigned int, sizeof(opts), optlen);
524 if (copy_from_user((char *) &opts, optval, len)) {
525 err = -EFAULT;
526 break;
527 }
528
6327eb98 529 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 530 err = -EINVAL;
531 break;
532 }
533
682877c3
AG		 534 if (!l2cap_valid_mtu(chan, opts.imtu)) {
535 err = -EINVAL;
536 break;
537 }
538
0c1bc5c6
GP		 539 chan->mode = opts.mode;
540 switch (chan->mode) {
33575df7 541 case L2CAP_MODE_BASIC:
c1360a1c 542 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 543 break;
544 case L2CAP_MODE_ERTM:
545 case L2CAP_MODE_STREAMING:
546 if (!disable_ertm)
547 break;
548 /* fall through */
549 default:
550 err = -EINVAL;
551 break;
552 }
553
0c1bc5c6
GP		 554 chan->imtu = opts.imtu;
555 chan->omtu = opts.omtu;
47d1ec61
GP		 556 chan->fcs = opts.fcs;
557 chan->max_tx = opts.max_tx;
6327eb98 558 chan->tx_win = opts.txwin_size;
12d59781 559 chan->flush_to = opts.flush_to;
33575df7
GP		 560 break;
561
562 case L2CAP_LM:
563 if (get_user(opt, (u32 __user *) optval)) {
564 err = -EFAULT;
565 break;
566 }
567
568 if (opt & L2CAP_LM_AUTH)
4343478f 569 chan->sec_level = BT_SECURITY_LOW;
33575df7 570 if (opt & L2CAP_LM_ENCRYPT)
4343478f 571 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 572 if (opt & L2CAP_LM_SECURE)
4343478f 573 chan->sec_level = BT_SECURITY_HIGH;
33575df7 574
43bd0f32
AE		 575 if (opt & L2CAP_LM_MASTER)
576 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
577 else
578 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 579
580 if (opt & L2CAP_LM_RELIABLE)
581 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
582 else
583 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 584 break;
585
586 default:
587 err = -ENOPROTOOPT;
588 break;
589 }
590
591 release_sock(sk);
592 return err;
593}
594
2d792818
GP		 595static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
596 char __user *optval, unsigned int optlen)
33575df7
GP		 597{
598 struct sock *sk = sock->sk;
4343478f 599 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 600 struct bt_security sec;
14b12d0b 601 struct bt_power pwr;
f1cb9af5 602 struct l2cap_conn *conn;
33575df7
GP		 603 int len, err = 0;
604 u32 opt;
605
606 BT_DBG("sk %p", sk);
607
608 if (level == SOL_L2CAP)
609 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
610
611 if (level != SOL_BLUETOOTH)
612 return -ENOPROTOOPT;
613
614 lock_sock(sk);
615
616 switch (optname) {
617 case BT_SECURITY:
715ec005 618 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 619 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 620 err = -EINVAL;
621 break;
622 }
623
624 sec.level = BT_SECURITY_LOW;
625
626 len = min_t(unsigned int, sizeof(sec), optlen);
627 if (copy_from_user((char *) &sec, optval, len)) {
628 err = -EFAULT;
629 break;
630 }
631
632 if (sec.level < BT_SECURITY_LOW ||
2d792818 633 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 634 err = -EINVAL;
635 break;
636 }
637
4343478f 638 chan->sec_level = sec.level;
f1cb9af5 639
0bee1d60
GP		 640 if (!chan->conn)
641 break;
642
f1cb9af5 643 conn = chan->conn;
0bee1d60
GP		 644
645 /*change security for LE channels */
073d1cf3 646 if (chan->scid == L2CAP_CID_ATT) {
f1cb9af5
VCG		 647 if (!conn->hcon->out) {
648 err = -EINVAL;
649 break;
650 }
651
cc110922 652 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 653 break;
f1cb9af5 654 sk->sk_state = BT_CONFIG;
3542b854 655 chan->state = BT_CONFIG;
0bee1d60 656
a7d7723a
GP		 657 /* or for ACL link */
658 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 659 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 660 sk->sk_state == BT_CONNECTED) {
661 if (!l2cap_chan_check_security(chan))
c5daa683 662 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 663 else
664 sk->sk_state_change(sk);
0bee1d60
GP		 665 } else {
666 err = -EINVAL;
f1cb9af5 667 }
33575df7
GP		 668 break;
669
670 case BT_DEFER_SETUP:
671 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
672 err = -EINVAL;
673 break;
674 }
675
676 if (get_user(opt, (u32 __user *) optval)) {
677 err = -EFAULT;
678 break;
679 }
680
bdc25783 681 if (opt) {
c5daa683 682 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 683 set_bit(FLAG_DEFER_SETUP, &chan->flags);
684 } else {
c5daa683 685 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 686 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
687 }
33575df7
GP		 688 break;
689
690 case BT_FLUSHABLE:
691 if (get_user(opt, (u32 __user *) optval)) {
692 err = -EFAULT;
693 break;
694 }
695
696 if (opt > BT_FLUSHABLE_ON) {
697 err = -EINVAL;
698 break;
699 }
700
701 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 702 conn = chan->conn;
25985edc 703 /* proceed further only when we have l2cap_conn and
33575df7
GP		 704 No Flush support in the LM */
705 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
706 err = -EINVAL;
707 break;
708 }
709 }
710
d57b0e8b
AE		 711 if (opt)
712 set_bit(FLAG_FLUSHABLE, &chan->flags);
713 else
714 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 715 break;
716
14b12d0b
JG		 717 case BT_POWER:
718 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 719 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 720 err = -EINVAL;
721 break;
722 }
723
724 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
725
726 len = min_t(unsigned int, sizeof(pwr), optlen);
727 if (copy_from_user((char *) &pwr, optval, len)) {
728 err = -EFAULT;
729 break;
730 }
15770b1a
AE		 731
732 if (pwr.force_active)
733 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
734 else
735 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 736 break;
737
2ea66482 738 case BT_CHANNEL_POLICY:
2ea66482
MM		 739 if (get_user(opt, (u32 __user *) optval)) {
740 err = -EFAULT;
741 break;
742 }
743
744 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
745 err = -EINVAL;
746 break;
747 }
748
749 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 750 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 751 err = -EOPNOTSUPP;
752 break;
753 }
754
755 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 756
757 if (sk->sk_state == BT_CONNECTED &&
758 chan->move_role == L2CAP_MOVE_ROLE_NONE)
759 l2cap_move_start(chan);
760
14b12d0b
JG		 761 break;
762
33575df7
GP		 763 default:
764 err = -ENOPROTOOPT;
765 break;
766 }
767
768 release_sock(sk);
769 return err;
770}
fd83ccdb 771
2d792818
GP		 772static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
773 struct msghdr *msg, size_t len)
fd83ccdb
GP		 774{
775 struct sock *sk = sock->sk;
0c1bc5c6 776 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 777 int err;
778
779 BT_DBG("sock %p, sk %p", sock, sk);
780
781 err = sock_error(sk);
782 if (err)
783 return err;
784
785 if (msg->msg_flags & MSG_OOB)
786 return -EOPNOTSUPP;
787
a6a5568c 788 if (sk->sk_state != BT_CONNECTED)
9a91a04a 789 return -ENOTCONN;
fd83ccdb 790
e793dcf0
JH		 791 lock_sock(sk);
792 err = bt_sock_wait_ready(sk, msg->msg_flags);
793 release_sock(sk);
794 if (err)
795 return err;
796
a6a5568c 797 l2cap_chan_lock(chan);
5e59b791 798 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 799 l2cap_chan_unlock(chan);
fd83ccdb 800
fd83ccdb
GP		 801 return err;
802}
33575df7 803
2d792818
GP		 804static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
805 struct msghdr *msg, size_t len, int flags)
68983259
GP		 806{
807 struct sock *sk = sock->sk;
e328140f
MM		 808 struct l2cap_pinfo *pi = l2cap_pi(sk);
809 int err;
68983259
GP		 810
811 lock_sock(sk);
812
c5daa683
GP		 813 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
814 &bt_sk(sk)->flags)) {
8c1d787b 815 sk->sk_state = BT_CONFIG;
3542b854 816 pi->chan->state = BT_CONFIG;
8c1d787b 817
e328140f 818 __l2cap_connect_rsp_defer(pi->chan);
970871bc
JH		 819 err = 0;
820 goto done;
68983259
GP		 821 }
822
823 release_sock(sk);
824
825 if (sock->type == SOCK_STREAM)
e328140f
MM		 826 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
827 else
828 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
829
830 if (pi->chan->mode != L2CAP_MODE_ERTM)
831 return err;
832
833 /* Attempt to put pending rx data in the socket buffer */
834
835 lock_sock(sk);
836
837 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
838 goto done;
839
840 if (pi->rx_busy_skb) {
841 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
842 pi->rx_busy_skb = NULL;
843 else
844 goto done;
845 }
846
847 /* Restore data flow when half of the receive buffer is
848 * available. This avoids resending large numbers of
849 * frames.
850 */
851 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
852 l2cap_chan_busy(pi->chan, 0);
68983259 853
e328140f
MM		 854done:
855 release_sock(sk);
856 return err;
68983259
GP		 857}
858
05fc1576
GP		 859/* Kill socket (only if zapped and orphan)
860 * Must be called on unlocked socket.
861 */
ba3bd0ee 862static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 863{
864 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
865 return;
866
e05dcc32 867 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 868
869 /* Kill poor orphan */
6ff5abbf 870
4af66c69 871 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 872 sock_set_flag(sk, SOCK_DEAD);
873 sock_put(sk);
874}
875
dcba0dba
GP		 876static int l2cap_sock_shutdown(struct socket *sock, int how)
877{
878 struct sock *sk = sock->sk;
7ddb6e0f 879 struct l2cap_chan *chan;
3df91ea2 880 struct l2cap_conn *conn;
dcba0dba
GP		 881 int err = 0;
882
883 BT_DBG("sock %p, sk %p", sock, sk);
884
885 if (!sk)
886 return 0;
887
7ddb6e0f 888 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 889 conn = chan->conn;
890
891 if (conn)
892 mutex_lock(&conn->chan_lock);
7ddb6e0f 893
6be36555 894 l2cap_chan_lock(chan);
dcba0dba 895 lock_sock(sk);
6be36555 896
dcba0dba 897 if (!sk->sk_shutdown) {
0c1bc5c6 898 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 899 err = __l2cap_wait_ack(sk);
900
901 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 902
6be36555 903 release_sock(sk);
0f852724 904 l2cap_chan_close(chan, 0);
6be36555 905 lock_sock(sk);
dcba0dba
GP		 906
907 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
908 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 909 sk->sk_lingertime);
dcba0dba
GP		 910 }
911
912 if (!err && sk->sk_err)
913 err = -sk->sk_err;
914
915 release_sock(sk);
6be36555 916 l2cap_chan_unlock(chan);
3df91ea2
AE		 917
918 if (conn)
919 mutex_unlock(&conn->chan_lock);
920
dcba0dba
GP		 921 return err;
922}
923
554f05bb
GP		 924static int l2cap_sock_release(struct socket *sock)
925{
926 struct sock *sk = sock->sk;
927 int err;
928
929 BT_DBG("sock %p, sk %p", sock, sk);
930
931 if (!sk)
932 return 0;
933
5b28d95c
MY		 934 bt_sock_unlink(&l2cap_sk_list, sk);
935
554f05bb
GP		 936 err = l2cap_sock_shutdown(sock, 2);
937
938 sock_orphan(sk);
939 l2cap_sock_kill(sk);
940 return err;
941}
942
c0df7f6e
AE		 943static void l2cap_sock_cleanup_listen(struct sock *parent)
944{
945 struct sock *sk;
946
947 BT_DBG("parent %p", parent);
948
949 /* Close not yet accepted channels */
950 while ((sk = bt_accept_dequeue(parent, NULL))) {
951 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
952
953 l2cap_chan_lock(chan);
954 __clear_chan_timer(chan);
955 l2cap_chan_close(chan, ECONNRESET);
956 l2cap_chan_unlock(chan);
957
958 l2cap_sock_kill(sk);
959 }
960}
961
80b98027 962static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 963{
80b98027 964 struct sock *sk, *parent = chan->data;
80808e43 965
53826692
GP		 966 /* Check for backlog size */
967 if (sk_acceptq_is_full(parent)) {
968 BT_DBG("backlog full %d", parent->sk_ack_backlog);
969 return NULL;
970 }
971
80808e43 972 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 973 GFP_ATOMIC);
80808e43
GP		 974 if (!sk)
975 return NULL;
976
d22015aa
OP		 977 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
978
80808e43
GP		 979 l2cap_sock_init(sk, parent);
980
644912e1
GP		 981 bt_accept_enqueue(parent, sk);
982
80808e43
GP		 983 return l2cap_pi(sk)->chan;
984}
985
80b98027 986static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 987{
80b98027 988 struct sock *sk = chan->data;
84b34d98 989 int err;
e328140f 990
6be36555
AE		 991 lock_sock(sk);
992
84b34d98 993 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 994 err = -ENOMEM;
995 goto done;
996 }
e328140f
MM		 997
998 err = sock_queue_rcv_skb(sk, skb);
999
1000 /* For ERTM, handle one skb that doesn't fit into the recv
1001 * buffer. This is important to do because the data frames
1002 * have already been acked, so the skb cannot be discarded.
1003 *
1004 * Notify the l2cap core that the buffer is full, so the
1005 * LOCAL_BUSY state is entered and no more frames are
1006 * acked and reassembled until there is buffer space
1007 * available.
1008 */
84b34d98
MH		 1009 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1010 l2cap_pi(sk)->rx_busy_skb = skb;
1011 l2cap_chan_busy(chan, 1);
e328140f
MM		 1012 err = 0;
1013 }
23070494 1014
6be36555
AE		 1015done:
1016 release_sock(sk);
1017
e328140f 1018 return err;
23070494
GP		 1019}
1020
80b98027 1021static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1022{
80b98027 1023 struct sock *sk = chan->data;
ba3bd0ee
GP		 1024
1025 l2cap_sock_kill(sk);
1026}
1027
c0df7f6e
AE		 1028static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1029{
1030 struct sock *sk = chan->data;
1031 struct sock *parent;
1032
1033 lock_sock(sk);
1034
1035 parent = bt_sk(sk)->parent;
1036
1037 sock_set_flag(sk, SOCK_ZAPPED);
1038
1039 switch (chan->state) {
1040 case BT_OPEN:
1041 case BT_BOUND:
1042 case BT_CLOSED:
1043 break;
1044 case BT_LISTEN:
1045 l2cap_sock_cleanup_listen(sk);
1046 sk->sk_state = BT_CLOSED;
1047 chan->state = BT_CLOSED;
1048
1049 break;
1050 default:
1051 sk->sk_state = BT_CLOSED;
1052 chan->state = BT_CLOSED;
1053
1054 sk->sk_err = err;
1055
1056 if (parent) {
1057 bt_accept_unlink(sk);
1058 parent->sk_data_ready(parent, 0);
1059 } else {
1060 sk->sk_state_change(sk);
1061 }
1062
1063 break;
1064 }
1065
1066 release_sock(sk);
1067}
1068
80b98027 1069static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state)
89bc500e 1070{
80b98027 1071 struct sock *sk = chan->data;
89bc500e
GP		 1072
1073 sk->sk_state = state;
1074}
1075
2f7719ce 1076static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1077 unsigned long len, int nb)
2f7719ce 1078{
90338947
GP		 1079 struct sk_buff *skb;
1080 int err;
1081
a6a5568c 1082 l2cap_chan_unlock(chan);
90338947 1083 skb = bt_skb_send_alloc(chan->sk, len, nb, &err);
a6a5568c
MM		 1084 l2cap_chan_lock(chan);
1085
90338947
GP		 1086 if (!skb)
1087 return ERR_PTR(err);
2f7719ce 1088
90338947 1089 return skb;
2f7719ce
AE		 1090}
1091
54a59aa2
AE		 1092static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1093{
1094 struct sock *sk = chan->data;
1095 struct sock *parent;
1096
1097 lock_sock(sk);
1098
1099 parent = bt_sk(sk)->parent;
1100
1101 BT_DBG("sk %p, parent %p", sk, parent);
1102
1103 sk->sk_state = BT_CONNECTED;
1104 sk->sk_state_change(sk);
1105
1106 if (parent)
1107 parent->sk_data_ready(parent, 0);
1108
1109 release_sock(sk);
1110}
1111
2dc4e510
GP		 1112static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1113{
1114 struct sock *sk = chan->data;
1115 struct sock *parent = bt_sk(sk)->parent;
1116
1117 if (parent)
1118 parent->sk_data_ready(parent, 0);
1119}
1120
d97c899b
MH		 1121static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1122{
1123 struct sock *sk = chan->data;
1124
1125 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1126 sk->sk_state_change(sk);
1127}
1128
80808e43
GP		 1129static struct l2cap_ops l2cap_chan_ops = {
1130 .name = "L2CAP Socket Interface",
1131 .new_connection = l2cap_sock_new_connection_cb,
23070494 1132 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1133 .close = l2cap_sock_close_cb,
c0df7f6e 1134 .teardown = l2cap_sock_teardown_cb,
89bc500e 1135 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1136 .ready = l2cap_sock_ready_cb,
2dc4e510 1137 .defer = l2cap_sock_defer_cb,
d97c899b 1138 .resume = l2cap_sock_resume_cb,
2f7719ce 1139 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1140};
1141
bb58f747
GP		 1142static void l2cap_sock_destruct(struct sock *sk)
1143{
1144 BT_DBG("sk %p", sk);
1145
23d3a869
SL		 1146 if (l2cap_pi(sk)->chan)
1147 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1148
e328140f
MM		 1149 if (l2cap_pi(sk)->rx_busy_skb) {
1150 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1151 l2cap_pi(sk)->rx_busy_skb = NULL;
1152 }
1153
bb58f747
GP		 1154 skb_queue_purge(&sk->sk_receive_queue);
1155 skb_queue_purge(&sk->sk_write_queue);
1156}
1157
2edf870d
MH		 1158static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1159 int *msg_namelen)
1160{
1161 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1162
1163 memset(la, 0, sizeof(struct sockaddr_l2));
1164 la->l2_family = AF_BLUETOOTH;
1165 la->l2_psm = bt_cb(skb)->psm;
1166 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1167
1168 *msg_namelen = sizeof(struct sockaddr_l2);
1169}
1170
80808e43 1171static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1172{
84b34d98 1173 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1174
1175 BT_DBG("sk %p", sk);
1176
1177 if (parent) {
b4450035
GP		 1178 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1179
bb58f747 1180 sk->sk_type = parent->sk_type;
c5daa683 1181 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1182
715ec005 1183 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1184 chan->imtu = pchan->imtu;
1185 chan->omtu = pchan->omtu;
b4450035 1186 chan->conf_state = pchan->conf_state;
0c1bc5c6 1187 chan->mode = pchan->mode;
47d1ec61
GP		 1188 chan->fcs = pchan->fcs;
1189 chan->max_tx = pchan->max_tx;
1190 chan->tx_win = pchan->tx_win;
6b3c7104 1191 chan->tx_win_max = pchan->tx_win_max;
4343478f 1192 chan->sec_level = pchan->sec_level;
d57b0e8b 1193 chan->flags = pchan->flags;
6230c9b4
PM		 1194
1195 security_sk_clone(parent, sk);
bb58f747 1196 } else {
715ec005
GP		 1197 switch (sk->sk_type) {
1198 case SOCK_RAW:
1199 chan->chan_type = L2CAP_CHAN_RAW;
1200 break;
1201 case SOCK_DGRAM:
1202 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1203 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1204 break;
1205 case SOCK_SEQPACKET:
1206 case SOCK_STREAM:
1207 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1208 break;
1209 }
1210
0c1bc5c6
GP		 1211 chan->imtu = L2CAP_DEFAULT_MTU;
1212 chan->omtu = 0;
bb58f747 1213 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1214 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1215 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1216 } else {
0c1bc5c6 1217 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1218 }
bd4b1653
AE		 1219
1220 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1221 }
1222
1223 /* Default config options */
0c1bc5c6 1224 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1225
1226 chan->data = sk;
1227 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1228}
1229
1230static struct proto l2cap_proto = {
1231 .name = "L2CAP",
1232 .owner = THIS_MODULE,
1233 .obj_size = sizeof(struct l2cap_pinfo)
1234};
1235
2d792818
GP		 1236static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1237 int proto, gfp_t prio)
bb58f747
GP		 1238{
1239 struct sock *sk;
dc50a06d 1240 struct l2cap_chan *chan;
bb58f747
GP		 1241
1242 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1243 if (!sk)
1244 return NULL;
1245
1246 sock_init_data(sock, sk);
1247 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1248
1249 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1250 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1251
1252 sock_reset_flag(sk, SOCK_ZAPPED);
1253
1254 sk->sk_protocol = proto;
1255 sk->sk_state = BT_OPEN;
1256
eef1d9b6 1257 chan = l2cap_chan_create();
dc50a06d 1258 if (!chan) {
49dfbb91 1259 sk_free(sk);
dc50a06d
GP		 1260 return NULL;
1261 }
1262
61d6ef3e
MM		 1263 l2cap_chan_hold(chan);
1264
eef1d9b6
GP		 1265 chan->sk = sk;
1266
dc50a06d
GP		 1267 l2cap_pi(sk)->chan = chan;
1268
bb58f747
GP		 1269 return sk;
1270}
1271
1272static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1273 int kern)
1274{
1275 struct sock *sk;
1276
1277 BT_DBG("sock %p", sock);
1278
1279 sock->state = SS_UNCONNECTED;
1280
1281 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1282 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1283 return -ESOCKTNOSUPPORT;
1284
1285 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1286 return -EPERM;
1287
1288 sock->ops = &l2cap_sock_ops;
1289
1290 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1291 if (!sk)
1292 return -ENOMEM;
1293
1294 l2cap_sock_init(sk, NULL);
5b28d95c 1295 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1296 return 0;
1297}
1298
cf2f90f5 1299static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1300 .family = PF_BLUETOOTH,
1301 .owner = THIS_MODULE,
1302 .release = l2cap_sock_release,
1303 .bind = l2cap_sock_bind,
1304 .connect = l2cap_sock_connect,
1305 .listen = l2cap_sock_listen,
1306 .accept = l2cap_sock_accept,
1307 .getname = l2cap_sock_getname,
1308 .sendmsg = l2cap_sock_sendmsg,
1309 .recvmsg = l2cap_sock_recvmsg,
1310 .poll = bt_sock_poll,
1311 .ioctl = bt_sock_ioctl,
1312 .mmap = sock_no_mmap,
1313 .socketpair = sock_no_socketpair,
1314 .shutdown = l2cap_sock_shutdown,
1315 .setsockopt = l2cap_sock_setsockopt,
1316 .getsockopt = l2cap_sock_getsockopt
1317};
1318
bb58f747
GP		 1319static const struct net_proto_family l2cap_sock_family_ops = {
1320 .family = PF_BLUETOOTH,
1321 .owner = THIS_MODULE,
1322 .create = l2cap_sock_create,
1323};
1324
1325int __init l2cap_init_sockets(void)
1326{
e2174ca4 1327 int err;
bb58f747 1328
e2174ca4
GP		 1329 err = proto_register(&l2cap_proto, 0);
1330 if (err < 0)
1331 return err;
bb58f747 1332
e2174ca4 1333 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1334 if (err < 0) {
1335 BT_ERR("L2CAP socket registration failed");
e2174ca4 1336 goto error;
5b28d95c
MY		 1337 }
1338
b0316615 1339 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1340 NULL);
5b28d95c
MY		 1341 if (err < 0) {
1342 BT_ERR("Failed to create L2CAP proc file");
1343 bt_sock_unregister(BTPROTO_L2CAP);
1344 goto error;
1345 }
bb58f747 1346
e2174ca4 1347 BT_INFO("L2CAP socket layer initialized");
bb58f747 1348
e2174ca4 1349 return 0;
bb58f747
GP		 1350
1351error:
e2174ca4
GP		 1352 proto_unregister(&l2cap_proto);
1353 return err;
bb58f747
GP		 1354}
1355
1356void l2cap_cleanup_sockets(void)
1357{
5b28d95c 1358 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1359 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1360 proto_unregister(&l2cap_proto);
bb58f747 1361}
Linux kernel - Deliverables
This page took 0.230079 seconds and 5 git commands to generate.