Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36
37#include "smp.h"
38
39static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
41};
42
43static const struct proto_ops l2cap_sock_ops;
44static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio, int kern);
47
48bool l2cap_is_socket(struct socket *sock)
49{
50 return sock && sock->ops == &l2cap_sock_ops;
51}
52EXPORT_SYMBOL(l2cap_is_socket);
53
54static int l2cap_validate_bredr_psm(u16 psm)
55{
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
58 return -EINVAL;
59
60 /* Restrict usage of well-known PSMs */
61 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
62 return -EACCES;
63
64 return 0;
65}
66
67static int l2cap_validate_le_psm(u16 psm)
68{
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
70 if (psm > L2CAP_PSM_LE_DYN_END)
71 return -EINVAL;
72
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
75 return -EACCES;
76
77 return 0;
78}
79
80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
81{
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
85 int len, err = 0;
86
87 BT_DBG("sk %p", sk);
88
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
90 return -EINVAL;
91
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
95
96 if (la.l2_cid && la.l2_psm)
97 return -EINVAL;
98
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100 return -EINVAL;
101
102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103 /* We only allow ATT user space socket */
104 if (la.l2_cid &&
105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
106 return -EINVAL;
107 }
108
109 lock_sock(sk);
110
111 if (sk->sk_state != BT_OPEN) {
112 err = -EBADFD;
113 goto done;
114 }
115
116 if (la.l2_psm) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
118
119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
121 else
122 err = l2cap_validate_le_psm(psm);
123
124 if (err)
125 goto done;
126 }
127
128 bacpy(&chan->src, &la.l2_bdaddr);
129 chan->src_type = la.l2_bdaddr_type;
130
131 if (la.l2_cid)
132 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
133 else
134 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
135
136 if (err < 0)
137 goto done;
138
139 switch (chan->chan_type) {
140 case L2CAP_CHAN_CONN_LESS:
141 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
142 chan->sec_level = BT_SECURITY_SDP;
143 break;
144 case L2CAP_CHAN_CONN_ORIENTED:
145 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
146 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
147 chan->sec_level = BT_SECURITY_SDP;
148 break;
149 case L2CAP_CHAN_RAW:
150 chan->sec_level = BT_SECURITY_SDP;
151 break;
152 case L2CAP_CHAN_FIXED:
153 /* Fixed channels default to the L2CAP core not holding a
154 * hci_conn reference for them. For fixed channels mapping to
155 * L2CAP sockets we do want to hold a reference so set the
156 * appropriate flag to request it.
157 */
158 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 break;
160 }
161
162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
164
165 chan->state = BT_BOUND;
166 sk->sk_state = BT_BOUND;
167
168done:
169 release_sock(sk);
170 return err;
171}
172
173static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
174 int alen, int flags)
175{
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 struct sockaddr_l2 la;
179 int len, err = 0;
180
181 BT_DBG("sk %p", sk);
182
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
185 return -EINVAL;
186
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
190
191 if (la.l2_cid && la.l2_psm)
192 return -EINVAL;
193
194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
195 return -EINVAL;
196
197 /* Check that the socket wasn't bound to something that
198 * conflicts with the address given to connect(). If chan->src
199 * is BDADDR_ANY it means bind() was never used, in which case
200 * chan->src_type and la.l2_bdaddr_type do not need to match.
201 */
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204 /* Old user space versions will try to incorrectly bind
205 * the ATT socket using BDADDR_BREDR. We need to accept
206 * this and fix up the source address type only when
207 * both the source CID and destination CID indicate
208 * ATT. Anything else is an invalid combination.
209 */
210 if (chan->scid != L2CAP_CID_ATT ||
211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
212 return -EINVAL;
213
214 /* We don't have the hdev available here to make a
215 * better decision on random vs public, but since all
216 * user space versions that exhibit this issue anyway do
217 * not support random local addresses assuming public
218 * here is good enough.
219 */
220 chan->src_type = BDADDR_LE_PUBLIC;
221 }
222
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
224 return -EINVAL;
225
226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227 /* We only allow ATT user space socket */
228 if (la.l2_cid &&
229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
230 return -EINVAL;
231 }
232
233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
235
236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237 &la.l2_bdaddr, la.l2_bdaddr_type);
238 if (err)
239 return err;
240
241 lock_sock(sk);
242
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
245
246 release_sock(sk);
247
248 return err;
249}
250
251static int l2cap_sock_listen(struct socket *sock, int backlog)
252{
253 struct sock *sk = sock->sk;
254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
255 int err = 0;
256
257 BT_DBG("sk %p backlog %d", sk, backlog);
258
259 lock_sock(sk);
260
261 if (sk->sk_state != BT_BOUND) {
262 err = -EBADFD;
263 goto done;
264 }
265
266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
267 err = -EINVAL;
268 goto done;
269 }
270
271 switch (chan->mode) {
272 case L2CAP_MODE_BASIC:
273 case L2CAP_MODE_LE_FLOWCTL:
274 break;
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
277 if (!disable_ertm)
278 break;
279 /* fall through */
280 default:
281 err = -EOPNOTSUPP;
282 goto done;
283 }
284
285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
287
288 /* Listening channels need to use nested locking in order not to
289 * cause lockdep warnings when the created child channels end up
290 * being locked in the same thread as the parent channel.
291 */
292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
293
294 chan->state = BT_LISTEN;
295 sk->sk_state = BT_LISTEN;
296
297done:
298 release_sock(sk);
299 return err;
300}
301
302static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
303 int flags)
304{
305 DEFINE_WAIT_FUNC(wait, woken_wake_function);
306 struct sock *sk = sock->sk, *nsk;
307 long timeo;
308 int err = 0;
309
310 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
311
312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
313
314 BT_DBG("sk %p timeo %ld", sk, timeo);
315
316 /* Wait for an incoming connection. (wake-one). */
317 add_wait_queue_exclusive(sk_sleep(sk), &wait);
318 while (1) {
319 if (sk->sk_state != BT_LISTEN) {
320 err = -EBADFD;
321 break;
322 }
323
324 nsk = bt_accept_dequeue(sk, newsock);
325 if (nsk)
326 break;
327
328 if (!timeo) {
329 err = -EAGAIN;
330 break;
331 }
332
333 if (signal_pending(current)) {
334 err = sock_intr_errno(timeo);
335 break;
336 }
337
338 release_sock(sk);
339
340 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
341
342 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
343 }
344 remove_wait_queue(sk_sleep(sk), &wait);
345
346 if (err)
347 goto done;
348
349 newsock->state = SS_CONNECTED;
350
351 BT_DBG("new socket %p", nsk);
352
353done:
354 release_sock(sk);
355 return err;
356}
357
358static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
359 int *len, int peer)
360{
361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
362 struct sock *sk = sock->sk;
363 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
364
365 BT_DBG("sock %p, sk %p", sock, sk);
366
367 if (peer && sk->sk_state != BT_CONNECTED &&
368 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
369 sk->sk_state != BT_CONFIG)
370 return -ENOTCONN;
371
372 memset(la, 0, sizeof(struct sockaddr_l2));
373 addr->sa_family = AF_BLUETOOTH;
374 *len = sizeof(struct sockaddr_l2);
375
376 la->l2_psm = chan->psm;
377
378 if (peer) {
379 bacpy(&la->l2_bdaddr, &chan->dst);
380 la->l2_cid = cpu_to_le16(chan->dcid);
381 la->l2_bdaddr_type = chan->dst_type;
382 } else {
383 bacpy(&la->l2_bdaddr, &chan->src);
384 la->l2_cid = cpu_to_le16(chan->scid);
385 la->l2_bdaddr_type = chan->src_type;
386 }
387
388 return 0;
389}
390
391static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
392 char __user *optval, int __user *optlen)
393{
394 struct sock *sk = sock->sk;
395 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
396 struct l2cap_options opts;
397 struct l2cap_conninfo cinfo;
398 int len, err = 0;
399 u32 opt;
400
401 BT_DBG("sk %p", sk);
402
403 if (get_user(len, optlen))
404 return -EFAULT;
405
406 lock_sock(sk);
407
408 switch (optname) {
409 case L2CAP_OPTIONS:
410 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
411 * legacy ATT code depends on getsockopt for
412 * L2CAP_OPTIONS we need to let this pass.
413 */
414 if (bdaddr_type_is_le(chan->src_type) &&
415 chan->scid != L2CAP_CID_ATT) {
416 err = -EINVAL;
417 break;
418 }
419
420 memset(&opts, 0, sizeof(opts));
421 opts.imtu = chan->imtu;
422 opts.omtu = chan->omtu;
423 opts.flush_to = chan->flush_to;
424 opts.mode = chan->mode;
425 opts.fcs = chan->fcs;
426 opts.max_tx = chan->max_tx;
427 opts.txwin_size = chan->tx_win;
428
429 len = min_t(unsigned int, len, sizeof(opts));
430 if (copy_to_user(optval, (char *) &opts, len))
431 err = -EFAULT;
432
433 break;
434
435 case L2CAP_LM:
436 switch (chan->sec_level) {
437 case BT_SECURITY_LOW:
438 opt = L2CAP_LM_AUTH;
439 break;
440 case BT_SECURITY_MEDIUM:
441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
442 break;
443 case BT_SECURITY_HIGH:
444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
445 L2CAP_LM_SECURE;
446 break;
447 case BT_SECURITY_FIPS:
448 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
449 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
450 break;
451 default:
452 opt = 0;
453 break;
454 }
455
456 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
457 opt |= L2CAP_LM_MASTER;
458
459 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
460 opt |= L2CAP_LM_RELIABLE;
461
462 if (put_user(opt, (u32 __user *) optval))
463 err = -EFAULT;
464
465 break;
466
467 case L2CAP_CONNINFO:
468 if (sk->sk_state != BT_CONNECTED &&
469 !(sk->sk_state == BT_CONNECT2 &&
470 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
471 err = -ENOTCONN;
472 break;
473 }
474
475 memset(&cinfo, 0, sizeof(cinfo));
476 cinfo.hci_handle = chan->conn->hcon->handle;
477 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
478
479 len = min_t(unsigned int, len, sizeof(cinfo));
480 if (copy_to_user(optval, (char *) &cinfo, len))
481 err = -EFAULT;
482
483 break;
484
485 default:
486 err = -ENOPROTOOPT;
487 break;
488 }
489
490 release_sock(sk);
491 return err;
492}
493
494static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
495 char __user *optval, int __user *optlen)
496{
497 struct sock *sk = sock->sk;
498 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
499 struct bt_security sec;
500 struct bt_power pwr;
501 int len, err = 0;
502
503 BT_DBG("sk %p", sk);
504
505 if (level == SOL_L2CAP)
506 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
507
508 if (level != SOL_BLUETOOTH)
509 return -ENOPROTOOPT;
510
511 if (get_user(len, optlen))
512 return -EFAULT;
513
514 lock_sock(sk);
515
516 switch (optname) {
517 case BT_SECURITY:
518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
519 chan->chan_type != L2CAP_CHAN_FIXED &&
520 chan->chan_type != L2CAP_CHAN_RAW) {
521 err = -EINVAL;
522 break;
523 }
524
525 memset(&sec, 0, sizeof(sec));
526 if (chan->conn) {
527 sec.level = chan->conn->hcon->sec_level;
528
529 if (sk->sk_state == BT_CONNECTED)
530 sec.key_size = chan->conn->hcon->enc_key_size;
531 } else {
532 sec.level = chan->sec_level;
533 }
534
535 len = min_t(unsigned int, len, sizeof(sec));
536 if (copy_to_user(optval, (char *) &sec, len))
537 err = -EFAULT;
538
539 break;
540
541 case BT_DEFER_SETUP:
542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
543 err = -EINVAL;
544 break;
545 }
546
547 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
548 (u32 __user *) optval))
549 err = -EFAULT;
550
551 break;
552
553 case BT_FLUSHABLE:
554 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
555 (u32 __user *) optval))
556 err = -EFAULT;
557
558 break;
559
560 case BT_POWER:
561 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
562 && sk->sk_type != SOCK_RAW) {
563 err = -EINVAL;
564 break;
565 }
566
567 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
568
569 len = min_t(unsigned int, len, sizeof(pwr));
570 if (copy_to_user(optval, (char *) &pwr, len))
571 err = -EFAULT;
572
573 break;
574
575 case BT_CHANNEL_POLICY:
576 if (put_user(chan->chan_policy, (u32 __user *) optval))
577 err = -EFAULT;
578 break;
579
580 case BT_SNDMTU:
581 if (!bdaddr_type_is_le(chan->src_type)) {
582 err = -EINVAL;
583 break;
584 }
585
586 if (sk->sk_state != BT_CONNECTED) {
587 err = -ENOTCONN;
588 break;
589 }
590
591 if (put_user(chan->omtu, (u16 __user *) optval))
592 err = -EFAULT;
593 break;
594
595 case BT_RCVMTU:
596 if (!bdaddr_type_is_le(chan->src_type)) {
597 err = -EINVAL;
598 break;
599 }
600
601 if (put_user(chan->imtu, (u16 __user *) optval))
602 err = -EFAULT;
603 break;
604
605 default:
606 err = -ENOPROTOOPT;
607 break;
608 }
609
610 release_sock(sk);
611 return err;
612}
613
614static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
615{
616 switch (chan->scid) {
617 case L2CAP_CID_ATT:
618 if (mtu < L2CAP_LE_MIN_MTU)
619 return false;
620 break;
621
622 default:
623 if (mtu < L2CAP_DEFAULT_MIN_MTU)
624 return false;
625 }
626
627 return true;
628}
629
630static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
631 char __user *optval, unsigned int optlen)
632{
633 struct sock *sk = sock->sk;
634 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
635 struct l2cap_options opts;
636 int len, err = 0;
637 u32 opt;
638
639 BT_DBG("sk %p", sk);
640
641 lock_sock(sk);
642
643 switch (optname) {
644 case L2CAP_OPTIONS:
645 if (bdaddr_type_is_le(chan->src_type)) {
646 err = -EINVAL;
647 break;
648 }
649
650 if (sk->sk_state == BT_CONNECTED) {
651 err = -EINVAL;
652 break;
653 }
654
655 opts.imtu = chan->imtu;
656 opts.omtu = chan->omtu;
657 opts.flush_to = chan->flush_to;
658 opts.mode = chan->mode;
659 opts.fcs = chan->fcs;
660 opts.max_tx = chan->max_tx;
661 opts.txwin_size = chan->tx_win;
662
663 len = min_t(unsigned int, sizeof(opts), optlen);
664 if (copy_from_user((char *) &opts, optval, len)) {
665 err = -EFAULT;
666 break;
667 }
668
669 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
670 err = -EINVAL;
671 break;
672 }
673
674 if (!l2cap_valid_mtu(chan, opts.imtu)) {
675 err = -EINVAL;
676 break;
677 }
678
679 chan->mode = opts.mode;
680 switch (chan->mode) {
681 case L2CAP_MODE_LE_FLOWCTL:
682 break;
683 case L2CAP_MODE_BASIC:
684 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
685 break;
686 case L2CAP_MODE_ERTM:
687 case L2CAP_MODE_STREAMING:
688 if (!disable_ertm)
689 break;
690 /* fall through */
691 default:
692 err = -EINVAL;
693 break;
694 }
695
696 chan->imtu = opts.imtu;
697 chan->omtu = opts.omtu;
698 chan->fcs = opts.fcs;
699 chan->max_tx = opts.max_tx;
700 chan->tx_win = opts.txwin_size;
701 chan->flush_to = opts.flush_to;
702 break;
703
704 case L2CAP_LM:
705 if (get_user(opt, (u32 __user *) optval)) {
706 err = -EFAULT;
707 break;
708 }
709
710 if (opt & L2CAP_LM_FIPS) {
711 err = -EINVAL;
712 break;
713 }
714
715 if (opt & L2CAP_LM_AUTH)
716 chan->sec_level = BT_SECURITY_LOW;
717 if (opt & L2CAP_LM_ENCRYPT)
718 chan->sec_level = BT_SECURITY_MEDIUM;
719 if (opt & L2CAP_LM_SECURE)
720 chan->sec_level = BT_SECURITY_HIGH;
721
722 if (opt & L2CAP_LM_MASTER)
723 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
724 else
725 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
726
727 if (opt & L2CAP_LM_RELIABLE)
728 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
729 else
730 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 break;
732
733 default:
734 err = -ENOPROTOOPT;
735 break;
736 }
737
738 release_sock(sk);
739 return err;
740}
741
742static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
743 char __user *optval, unsigned int optlen)
744{
745 struct sock *sk = sock->sk;
746 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
747 struct bt_security sec;
748 struct bt_power pwr;
749 struct l2cap_conn *conn;
750 int len, err = 0;
751 u32 opt;
752
753 BT_DBG("sk %p", sk);
754
755 if (level == SOL_L2CAP)
756 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
757
758 if (level != SOL_BLUETOOTH)
759 return -ENOPROTOOPT;
760
761 lock_sock(sk);
762
763 switch (optname) {
764 case BT_SECURITY:
765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
766 chan->chan_type != L2CAP_CHAN_FIXED &&
767 chan->chan_type != L2CAP_CHAN_RAW) {
768 err = -EINVAL;
769 break;
770 }
771
772 sec.level = BT_SECURITY_LOW;
773
774 len = min_t(unsigned int, sizeof(sec), optlen);
775 if (copy_from_user((char *) &sec, optval, len)) {
776 err = -EFAULT;
777 break;
778 }
779
780 if (sec.level < BT_SECURITY_LOW ||
781 sec.level > BT_SECURITY_HIGH) {
782 err = -EINVAL;
783 break;
784 }
785
786 chan->sec_level = sec.level;
787
788 if (!chan->conn)
789 break;
790
791 conn = chan->conn;
792
793 /*change security for LE channels */
794 if (chan->scid == L2CAP_CID_ATT) {
795 if (smp_conn_security(conn->hcon, sec.level))
796 break;
797 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
798 sk->sk_state = BT_CONFIG;
799 chan->state = BT_CONFIG;
800
801 /* or for ACL link */
802 } else if ((sk->sk_state == BT_CONNECT2 &&
803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
804 sk->sk_state == BT_CONNECTED) {
805 if (!l2cap_chan_check_security(chan, true))
806 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
807 else
808 sk->sk_state_change(sk);
809 } else {
810 err = -EINVAL;
811 }
812 break;
813
814 case BT_DEFER_SETUP:
815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
816 err = -EINVAL;
817 break;
818 }
819
820 if (get_user(opt, (u32 __user *) optval)) {
821 err = -EFAULT;
822 break;
823 }
824
825 if (opt) {
826 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
827 set_bit(FLAG_DEFER_SETUP, &chan->flags);
828 } else {
829 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
830 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
831 }
832 break;
833
834 case BT_FLUSHABLE:
835 if (get_user(opt, (u32 __user *) optval)) {
836 err = -EFAULT;
837 break;
838 }
839
840 if (opt > BT_FLUSHABLE_ON) {
841 err = -EINVAL;
842 break;
843 }
844
845 if (opt == BT_FLUSHABLE_OFF) {
846 conn = chan->conn;
847 /* proceed further only when we have l2cap_conn and
848 No Flush support in the LM */
849 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
850 err = -EINVAL;
851 break;
852 }
853 }
854
855 if (opt)
856 set_bit(FLAG_FLUSHABLE, &chan->flags);
857 else
858 clear_bit(FLAG_FLUSHABLE, &chan->flags);
859 break;
860
861 case BT_POWER:
862 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
863 chan->chan_type != L2CAP_CHAN_RAW) {
864 err = -EINVAL;
865 break;
866 }
867
868 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
869
870 len = min_t(unsigned int, sizeof(pwr), optlen);
871 if (copy_from_user((char *) &pwr, optval, len)) {
872 err = -EFAULT;
873 break;
874 }
875
876 if (pwr.force_active)
877 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
878 else
879 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 break;
881
882 case BT_CHANNEL_POLICY:
883 if (get_user(opt, (u32 __user *) optval)) {
884 err = -EFAULT;
885 break;
886 }
887
888 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
889 err = -EINVAL;
890 break;
891 }
892
893 if (chan->mode != L2CAP_MODE_ERTM &&
894 chan->mode != L2CAP_MODE_STREAMING) {
895 err = -EOPNOTSUPP;
896 break;
897 }
898
899 chan->chan_policy = (u8) opt;
900
901 if (sk->sk_state == BT_CONNECTED &&
902 chan->move_role == L2CAP_MOVE_ROLE_NONE)
903 l2cap_move_start(chan);
904
905 break;
906
907 case BT_SNDMTU:
908 if (!bdaddr_type_is_le(chan->src_type)) {
909 err = -EINVAL;
910 break;
911 }
912
913 /* Setting is not supported as it's the remote side that
914 * decides this.
915 */
916 err = -EPERM;
917 break;
918
919 case BT_RCVMTU:
920 if (!bdaddr_type_is_le(chan->src_type)) {
921 err = -EINVAL;
922 break;
923 }
924
925 if (sk->sk_state == BT_CONNECTED) {
926 err = -EISCONN;
927 break;
928 }
929
930 if (get_user(opt, (u32 __user *) optval)) {
931 err = -EFAULT;
932 break;
933 }
934
935 chan->imtu = opt;
936 break;
937
938 default:
939 err = -ENOPROTOOPT;
940 break;
941 }
942
943 release_sock(sk);
944 return err;
945}
946
947static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
948 size_t len)
949{
950 struct sock *sk = sock->sk;
951 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
952 int err;
953
954 BT_DBG("sock %p, sk %p", sock, sk);
955
956 err = sock_error(sk);
957 if (err)
958 return err;
959
960 if (msg->msg_flags & MSG_OOB)
961 return -EOPNOTSUPP;
962
963 if (sk->sk_state != BT_CONNECTED)
964 return -ENOTCONN;
965
966 lock_sock(sk);
967 err = bt_sock_wait_ready(sk, msg->msg_flags);
968 release_sock(sk);
969 if (err)
970 return err;
971
972 l2cap_chan_lock(chan);
973 err = l2cap_chan_send(chan, msg, len);
974 l2cap_chan_unlock(chan);
975
976 return err;
977}
978
979static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
980 size_t len, int flags)
981{
982 struct sock *sk = sock->sk;
983 struct l2cap_pinfo *pi = l2cap_pi(sk);
984 int err;
985
986 lock_sock(sk);
987
988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
989 &bt_sk(sk)->flags)) {
990 if (bdaddr_type_is_le(pi->chan->src_type)) {
991 sk->sk_state = BT_CONNECTED;
992 pi->chan->state = BT_CONNECTED;
993 __l2cap_le_connect_rsp_defer(pi->chan);
994 } else {
995 sk->sk_state = BT_CONFIG;
996 pi->chan->state = BT_CONFIG;
997 __l2cap_connect_rsp_defer(pi->chan);
998 }
999
1000 err = 0;
1001 goto done;
1002 }
1003
1004 release_sock(sk);
1005
1006 if (sock->type == SOCK_STREAM)
1007 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1008 else
1009 err = bt_sock_recvmsg(sock, msg, len, flags);
1010
1011 if (pi->chan->mode != L2CAP_MODE_ERTM)
1012 return err;
1013
1014 /* Attempt to put pending rx data in the socket buffer */
1015
1016 lock_sock(sk);
1017
1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1019 goto done;
1020
1021 if (pi->rx_busy_skb) {
1022 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1023 pi->rx_busy_skb = NULL;
1024 else
1025 goto done;
1026 }
1027
1028 /* Restore data flow when half of the receive buffer is
1029 * available. This avoids resending large numbers of
1030 * frames.
1031 */
1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1033 l2cap_chan_busy(pi->chan, 0);
1034
1035done:
1036 release_sock(sk);
1037 return err;
1038}
1039
1040/* Kill socket (only if zapped and orphan)
1041 * Must be called on unlocked socket.
1042 */
1043static void l2cap_sock_kill(struct sock *sk)
1044{
1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1046 return;
1047
1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1049
1050 /* Kill poor orphan */
1051
1052 l2cap_chan_put(l2cap_pi(sk)->chan);
1053 sock_set_flag(sk, SOCK_DEAD);
1054 sock_put(sk);
1055}
1056
1057static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1058{
1059 DECLARE_WAITQUEUE(wait, current);
1060 int err = 0;
1061 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1062 /* Timeout to prevent infinite loop */
1063 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1064
1065 add_wait_queue(sk_sleep(sk), &wait);
1066 set_current_state(TASK_INTERRUPTIBLE);
1067 do {
1068 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1069 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1070 jiffies_to_msecs(timeout - jiffies));
1071
1072 if (!timeo)
1073 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1074
1075 if (signal_pending(current)) {
1076 err = sock_intr_errno(timeo);
1077 break;
1078 }
1079
1080 release_sock(sk);
1081 timeo = schedule_timeout(timeo);
1082 lock_sock(sk);
1083 set_current_state(TASK_INTERRUPTIBLE);
1084
1085 err = sock_error(sk);
1086 if (err)
1087 break;
1088
1089 if (time_after(jiffies, timeout)) {
1090 err = -ENOLINK;
1091 break;
1092 }
1093
1094 } while (chan->unacked_frames > 0 &&
1095 chan->state == BT_CONNECTED);
1096
1097 set_current_state(TASK_RUNNING);
1098 remove_wait_queue(sk_sleep(sk), &wait);
1099 return err;
1100}
1101
1102static int l2cap_sock_shutdown(struct socket *sock, int how)
1103{
1104 struct sock *sk = sock->sk;
1105 struct l2cap_chan *chan;
1106 struct l2cap_conn *conn;
1107 int err = 0;
1108
1109 BT_DBG("sock %p, sk %p", sock, sk);
1110
1111 if (!sk)
1112 return 0;
1113
1114 lock_sock(sk);
1115
1116 if (sk->sk_shutdown)
1117 goto shutdown_already;
1118
1119 BT_DBG("Handling sock shutdown");
1120
1121 /* prevent sk structure from being freed whilst unlocked */
1122 sock_hold(sk);
1123
1124 chan = l2cap_pi(sk)->chan;
1125 /* prevent chan structure from being freed whilst unlocked */
1126 l2cap_chan_hold(chan);
1127
1128 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1129
1130 if (chan->mode == L2CAP_MODE_ERTM &&
1131 chan->unacked_frames > 0 &&
1132 chan->state == BT_CONNECTED) {
1133 err = __l2cap_wait_ack(sk, chan);
1134
1135 /* After waiting for ACKs, check whether shutdown
1136 * has already been actioned to close the L2CAP
1137 * link such as by l2cap_disconnection_req().
1138 */
1139 if (sk->sk_shutdown)
1140 goto has_shutdown;
1141 }
1142
1143 sk->sk_shutdown = SHUTDOWN_MASK;
1144 release_sock(sk);
1145
1146 l2cap_chan_lock(chan);
1147 conn = chan->conn;
1148 if (conn)
1149 /* prevent conn structure from being freed */
1150 l2cap_conn_get(conn);
1151 l2cap_chan_unlock(chan);
1152
1153 if (conn)
1154 /* mutex lock must be taken before l2cap_chan_lock() */
1155 mutex_lock(&conn->chan_lock);
1156
1157 l2cap_chan_lock(chan);
1158 l2cap_chan_close(chan, 0);
1159 l2cap_chan_unlock(chan);
1160
1161 if (conn) {
1162 mutex_unlock(&conn->chan_lock);
1163 l2cap_conn_put(conn);
1164 }
1165
1166 lock_sock(sk);
1167
1168 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1169 !(current->flags & PF_EXITING))
1170 err = bt_sock_wait_state(sk, BT_CLOSED,
1171 sk->sk_lingertime);
1172
1173has_shutdown:
1174 l2cap_chan_put(chan);
1175 sock_put(sk);
1176
1177shutdown_already:
1178 if (!err && sk->sk_err)
1179 err = -sk->sk_err;
1180
1181 release_sock(sk);
1182
1183 BT_DBG("Sock shutdown complete err: %d", err);
1184
1185 return err;
1186}
1187
1188static int l2cap_sock_release(struct socket *sock)
1189{
1190 struct sock *sk = sock->sk;
1191 int err;
1192
1193 BT_DBG("sock %p, sk %p", sock, sk);
1194
1195 if (!sk)
1196 return 0;
1197
1198 bt_sock_unlink(&l2cap_sk_list, sk);
1199
1200 err = l2cap_sock_shutdown(sock, 2);
1201
1202 sock_orphan(sk);
1203 l2cap_sock_kill(sk);
1204 return err;
1205}
1206
1207static void l2cap_sock_cleanup_listen(struct sock *parent)
1208{
1209 struct sock *sk;
1210
1211 BT_DBG("parent %p state %s", parent,
1212 state_to_string(parent->sk_state));
1213
1214 /* Close not yet accepted channels */
1215 while ((sk = bt_accept_dequeue(parent, NULL))) {
1216 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1217
1218 BT_DBG("child chan %p state %s", chan,
1219 state_to_string(chan->state));
1220
1221 l2cap_chan_lock(chan);
1222 __clear_chan_timer(chan);
1223 l2cap_chan_close(chan, ECONNRESET);
1224 l2cap_chan_unlock(chan);
1225
1226 l2cap_sock_kill(sk);
1227 }
1228}
1229
1230static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1231{
1232 struct sock *sk, *parent = chan->data;
1233
1234 lock_sock(parent);
1235
1236 /* Check for backlog size */
1237 if (sk_acceptq_is_full(parent)) {
1238 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1239 release_sock(parent);
1240 return NULL;
1241 }
1242
1243 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1244 GFP_ATOMIC, 0);
1245 if (!sk) {
1246 release_sock(parent);
1247 return NULL;
1248 }
1249
1250 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1251
1252 l2cap_sock_init(sk, parent);
1253
1254 bt_accept_enqueue(parent, sk);
1255
1256 release_sock(parent);
1257
1258 return l2cap_pi(sk)->chan;
1259}
1260
1261static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1262{
1263 struct sock *sk = chan->data;
1264 int err;
1265
1266 lock_sock(sk);
1267
1268 if (l2cap_pi(sk)->rx_busy_skb) {
1269 err = -ENOMEM;
1270 goto done;
1271 }
1272
1273 err = sock_queue_rcv_skb(sk, skb);
1274
1275 /* For ERTM, handle one skb that doesn't fit into the recv
1276 * buffer. This is important to do because the data frames
1277 * have already been acked, so the skb cannot be discarded.
1278 *
1279 * Notify the l2cap core that the buffer is full, so the
1280 * LOCAL_BUSY state is entered and no more frames are
1281 * acked and reassembled until there is buffer space
1282 * available.
1283 */
1284 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1285 l2cap_pi(sk)->rx_busy_skb = skb;
1286 l2cap_chan_busy(chan, 1);
1287 err = 0;
1288 }
1289
1290done:
1291 release_sock(sk);
1292
1293 return err;
1294}
1295
1296static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1297{
1298 struct sock *sk = chan->data;
1299
1300 l2cap_sock_kill(sk);
1301}
1302
1303static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1304{
1305 struct sock *sk = chan->data;
1306 struct sock *parent;
1307
1308 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1309
1310 /* This callback can be called both for server (BT_LISTEN)
1311 * sockets as well as "normal" ones. To avoid lockdep warnings
1312 * with child socket locking (through l2cap_sock_cleanup_listen)
1313 * we need separation into separate nesting levels. The simplest
1314 * way to accomplish this is to inherit the nesting level used
1315 * for the channel.
1316 */
1317 lock_sock_nested(sk, atomic_read(&chan->nesting));
1318
1319 parent = bt_sk(sk)->parent;
1320
1321 sock_set_flag(sk, SOCK_ZAPPED);
1322
1323 switch (chan->state) {
1324 case BT_OPEN:
1325 case BT_BOUND:
1326 case BT_CLOSED:
1327 break;
1328 case BT_LISTEN:
1329 l2cap_sock_cleanup_listen(sk);
1330 sk->sk_state = BT_CLOSED;
1331 chan->state = BT_CLOSED;
1332
1333 break;
1334 default:
1335 sk->sk_state = BT_CLOSED;
1336 chan->state = BT_CLOSED;
1337
1338 sk->sk_err = err;
1339
1340 if (parent) {
1341 bt_accept_unlink(sk);
1342 parent->sk_data_ready(parent);
1343 } else {
1344 sk->sk_state_change(sk);
1345 }
1346
1347 break;
1348 }
1349
1350 release_sock(sk);
1351}
1352
1353static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1354 int err)
1355{
1356 struct sock *sk = chan->data;
1357
1358 sk->sk_state = state;
1359
1360 if (err)
1361 sk->sk_err = err;
1362}
1363
1364static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1365 unsigned long hdr_len,
1366 unsigned long len, int nb)
1367{
1368 struct sock *sk = chan->data;
1369 struct sk_buff *skb;
1370 int err;
1371
1372 l2cap_chan_unlock(chan);
1373 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1374 l2cap_chan_lock(chan);
1375
1376 if (!skb)
1377 return ERR_PTR(err);
1378
1379 skb->priority = sk->sk_priority;
1380
1381 bt_cb(skb)->l2cap.chan = chan;
1382
1383 return skb;
1384}
1385
1386static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1387{
1388 struct sock *sk = chan->data;
1389 struct sock *parent;
1390
1391 lock_sock(sk);
1392
1393 parent = bt_sk(sk)->parent;
1394
1395 BT_DBG("sk %p, parent %p", sk, parent);
1396
1397 sk->sk_state = BT_CONNECTED;
1398 sk->sk_state_change(sk);
1399
1400 if (parent)
1401 parent->sk_data_ready(parent);
1402
1403 release_sock(sk);
1404}
1405
1406static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1407{
1408 struct sock *parent, *sk = chan->data;
1409
1410 lock_sock(sk);
1411
1412 parent = bt_sk(sk)->parent;
1413 if (parent)
1414 parent->sk_data_ready(parent);
1415
1416 release_sock(sk);
1417}
1418
1419static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1420{
1421 struct sock *sk = chan->data;
1422
1423 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1424 sk->sk_state = BT_CONNECTED;
1425 chan->state = BT_CONNECTED;
1426 }
1427
1428 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1429 sk->sk_state_change(sk);
1430}
1431
1432static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1433{
1434 struct sock *sk = chan->data;
1435
1436 lock_sock(sk);
1437 sk->sk_shutdown = SHUTDOWN_MASK;
1438 release_sock(sk);
1439}
1440
1441static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1442{
1443 struct sock *sk = chan->data;
1444
1445 return sk->sk_sndtimeo;
1446}
1447
1448static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1449{
1450 struct sock *sk = chan->data;
1451
1452 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1453 sk->sk_state_change(sk);
1454}
1455
1456static const struct l2cap_ops l2cap_chan_ops = {
1457 .name = "L2CAP Socket Interface",
1458 .new_connection = l2cap_sock_new_connection_cb,
1459 .recv = l2cap_sock_recv_cb,
1460 .close = l2cap_sock_close_cb,
1461 .teardown = l2cap_sock_teardown_cb,
1462 .state_change = l2cap_sock_state_change_cb,
1463 .ready = l2cap_sock_ready_cb,
1464 .defer = l2cap_sock_defer_cb,
1465 .resume = l2cap_sock_resume_cb,
1466 .suspend = l2cap_sock_suspend_cb,
1467 .set_shutdown = l2cap_sock_set_shutdown_cb,
1468 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1469 .alloc_skb = l2cap_sock_alloc_skb_cb,
1470};
1471
1472static void l2cap_sock_destruct(struct sock *sk)
1473{
1474 BT_DBG("sk %p", sk);
1475
1476 if (l2cap_pi(sk)->chan)
1477 l2cap_chan_put(l2cap_pi(sk)->chan);
1478
1479 if (l2cap_pi(sk)->rx_busy_skb) {
1480 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1481 l2cap_pi(sk)->rx_busy_skb = NULL;
1482 }
1483
1484 skb_queue_purge(&sk->sk_receive_queue);
1485 skb_queue_purge(&sk->sk_write_queue);
1486}
1487
1488static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1489 int *msg_namelen)
1490{
1491 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1492
1493 memset(la, 0, sizeof(struct sockaddr_l2));
1494 la->l2_family = AF_BLUETOOTH;
1495 la->l2_psm = bt_cb(skb)->l2cap.psm;
1496 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1497
1498 *msg_namelen = sizeof(struct sockaddr_l2);
1499}
1500
1501static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1502{
1503 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1504
1505 BT_DBG("sk %p", sk);
1506
1507 if (parent) {
1508 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1509
1510 sk->sk_type = parent->sk_type;
1511 bt_sk(sk)->flags = bt_sk(parent)->flags;
1512
1513 chan->chan_type = pchan->chan_type;
1514 chan->imtu = pchan->imtu;
1515 chan->omtu = pchan->omtu;
1516 chan->conf_state = pchan->conf_state;
1517 chan->mode = pchan->mode;
1518 chan->fcs = pchan->fcs;
1519 chan->max_tx = pchan->max_tx;
1520 chan->tx_win = pchan->tx_win;
1521 chan->tx_win_max = pchan->tx_win_max;
1522 chan->sec_level = pchan->sec_level;
1523 chan->flags = pchan->flags;
1524 chan->tx_credits = pchan->tx_credits;
1525 chan->rx_credits = pchan->rx_credits;
1526
1527 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1528 chan->scid = pchan->scid;
1529 chan->dcid = pchan->scid;
1530 }
1531
1532 security_sk_clone(parent, sk);
1533 } else {
1534 switch (sk->sk_type) {
1535 case SOCK_RAW:
1536 chan->chan_type = L2CAP_CHAN_RAW;
1537 break;
1538 case SOCK_DGRAM:
1539 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1540 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1541 break;
1542 case SOCK_SEQPACKET:
1543 case SOCK_STREAM:
1544 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1545 break;
1546 }
1547
1548 chan->imtu = L2CAP_DEFAULT_MTU;
1549 chan->omtu = 0;
1550 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1551 chan->mode = L2CAP_MODE_ERTM;
1552 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1553 } else {
1554 chan->mode = L2CAP_MODE_BASIC;
1555 }
1556
1557 l2cap_chan_set_defaults(chan);
1558 }
1559
1560 /* Default config options */
1561 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1562
1563 chan->data = sk;
1564 chan->ops = &l2cap_chan_ops;
1565}
1566
1567static struct proto l2cap_proto = {
1568 .name = "L2CAP",
1569 .owner = THIS_MODULE,
1570 .obj_size = sizeof(struct l2cap_pinfo)
1571};
1572
1573static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1574 int proto, gfp_t prio, int kern)
1575{
1576 struct sock *sk;
1577 struct l2cap_chan *chan;
1578
1579 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1580 if (!sk)
1581 return NULL;
1582
1583 sock_init_data(sock, sk);
1584 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1585
1586 sk->sk_destruct = l2cap_sock_destruct;
1587 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1588
1589 sock_reset_flag(sk, SOCK_ZAPPED);
1590
1591 sk->sk_protocol = proto;
1592 sk->sk_state = BT_OPEN;
1593
1594 chan = l2cap_chan_create();
1595 if (!chan) {
1596 sk_free(sk);
1597 return NULL;
1598 }
1599
1600 l2cap_chan_hold(chan);
1601
1602 l2cap_pi(sk)->chan = chan;
1603
1604 return sk;
1605}
1606
1607static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1608 int kern)
1609{
1610 struct sock *sk;
1611
1612 BT_DBG("sock %p", sock);
1613
1614 sock->state = SS_UNCONNECTED;
1615
1616 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1617 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1618 return -ESOCKTNOSUPPORT;
1619
1620 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1621 return -EPERM;
1622
1623 sock->ops = &l2cap_sock_ops;
1624
1625 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1626 if (!sk)
1627 return -ENOMEM;
1628
1629 l2cap_sock_init(sk, NULL);
1630 bt_sock_link(&l2cap_sk_list, sk);
1631 return 0;
1632}
1633
1634static const struct proto_ops l2cap_sock_ops = {
1635 .family = PF_BLUETOOTH,
1636 .owner = THIS_MODULE,
1637 .release = l2cap_sock_release,
1638 .bind = l2cap_sock_bind,
1639 .connect = l2cap_sock_connect,
1640 .listen = l2cap_sock_listen,
1641 .accept = l2cap_sock_accept,
1642 .getname = l2cap_sock_getname,
1643 .sendmsg = l2cap_sock_sendmsg,
1644 .recvmsg = l2cap_sock_recvmsg,
1645 .poll = bt_sock_poll,
1646 .ioctl = bt_sock_ioctl,
1647 .mmap = sock_no_mmap,
1648 .socketpair = sock_no_socketpair,
1649 .shutdown = l2cap_sock_shutdown,
1650 .setsockopt = l2cap_sock_setsockopt,
1651 .getsockopt = l2cap_sock_getsockopt
1652};
1653
1654static const struct net_proto_family l2cap_sock_family_ops = {
1655 .family = PF_BLUETOOTH,
1656 .owner = THIS_MODULE,
1657 .create = l2cap_sock_create,
1658};
1659
1660int __init l2cap_init_sockets(void)
1661{
1662 int err;
1663
1664 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1665
1666 err = proto_register(&l2cap_proto, 0);
1667 if (err < 0)
1668 return err;
1669
1670 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1671 if (err < 0) {
1672 BT_ERR("L2CAP socket registration failed");
1673 goto error;
1674 }
1675
1676 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1677 NULL);
1678 if (err < 0) {
1679 BT_ERR("Failed to create L2CAP proc file");
1680 bt_sock_unregister(BTPROTO_L2CAP);
1681 goto error;
1682 }
1683
1684 BT_INFO("L2CAP socket layer initialized");
1685
1686 return 0;
1687
1688error:
1689 proto_unregister(&l2cap_proto);
1690 return err;
1691}
1692
1693void l2cap_cleanup_sockets(void)
1694{
1695 bt_procfs_cleanup(&init_net, "l2cap");
1696 bt_sock_unregister(BTPROTO_L2CAP);
1697 proto_unregister(&l2cap_proto);
1698}
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/filter.h>
33#include <linux/sched/signal.h>
34
35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h>
37#include <net/bluetooth/l2cap.h>
38
39#include "smp.h"
40
41static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43};
44
45static const struct proto_ops l2cap_sock_ops;
46static void l2cap_sock_init(struct sock *sk, struct sock *parent);
47static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio, int kern);
49static void l2cap_sock_cleanup_listen(struct sock *parent);
50
51bool l2cap_is_socket(struct socket *sock)
52{
53 return sock && sock->ops == &l2cap_sock_ops;
54}
55EXPORT_SYMBOL(l2cap_is_socket);
56
57static int l2cap_validate_bredr_psm(u16 psm)
58{
59 /* PSM must be odd and lsb of upper byte must be 0 */
60 if ((psm & 0x0101) != 0x0001)
61 return -EINVAL;
62
63 /* Restrict usage of well-known PSMs */
64 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
65 return -EACCES;
66
67 return 0;
68}
69
70static int l2cap_validate_le_psm(u16 psm)
71{
72 /* Valid LE_PSM ranges are defined only until 0x00ff */
73 if (psm > L2CAP_PSM_LE_DYN_END)
74 return -EINVAL;
75
76 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
77 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
78 return -EACCES;
79
80 return 0;
81}
82
83static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
84{
85 struct sock *sk = sock->sk;
86 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
87 struct sockaddr_l2 la;
88 int len, err = 0;
89
90 BT_DBG("sk %p", sk);
91
92 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
93 addr->sa_family != AF_BLUETOOTH)
94 return -EINVAL;
95
96 memset(&la, 0, sizeof(la));
97 len = min_t(unsigned int, sizeof(la), alen);
98 memcpy(&la, addr, len);
99
100 if (la.l2_cid && la.l2_psm)
101 return -EINVAL;
102
103 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
104 return -EINVAL;
105
106 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
107 /* We only allow ATT user space socket */
108 if (la.l2_cid &&
109 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
110 return -EINVAL;
111 }
112
113 lock_sock(sk);
114
115 if (sk->sk_state != BT_OPEN) {
116 err = -EBADFD;
117 goto done;
118 }
119
120 if (la.l2_psm) {
121 __u16 psm = __le16_to_cpu(la.l2_psm);
122
123 if (la.l2_bdaddr_type == BDADDR_BREDR)
124 err = l2cap_validate_bredr_psm(psm);
125 else
126 err = l2cap_validate_le_psm(psm);
127
128 if (err)
129 goto done;
130 }
131
132 bacpy(&chan->src, &la.l2_bdaddr);
133 chan->src_type = la.l2_bdaddr_type;
134
135 if (la.l2_cid)
136 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
137 else
138 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
139
140 if (err < 0)
141 goto done;
142
143 switch (chan->chan_type) {
144 case L2CAP_CHAN_CONN_LESS:
145 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
146 chan->sec_level = BT_SECURITY_SDP;
147 break;
148 case L2CAP_CHAN_CONN_ORIENTED:
149 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
150 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
151 chan->sec_level = BT_SECURITY_SDP;
152 break;
153 case L2CAP_CHAN_RAW:
154 chan->sec_level = BT_SECURITY_SDP;
155 break;
156 case L2CAP_CHAN_FIXED:
157 /* Fixed channels default to the L2CAP core not holding a
158 * hci_conn reference for them. For fixed channels mapping to
159 * L2CAP sockets we do want to hold a reference so set the
160 * appropriate flag to request it.
161 */
162 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
163 break;
164 }
165
166 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
167 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
168 */
169 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
170 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
171 chan->mode = L2CAP_MODE_LE_FLOWCTL;
172
173 chan->state = BT_BOUND;
174 sk->sk_state = BT_BOUND;
175
176done:
177 release_sock(sk);
178 return err;
179}
180
181static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
182 int alen, int flags)
183{
184 struct sock *sk = sock->sk;
185 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
186 struct sockaddr_l2 la;
187 int len, err = 0;
188 bool zapped;
189
190 BT_DBG("sk %p", sk);
191
192 lock_sock(sk);
193 zapped = sock_flag(sk, SOCK_ZAPPED);
194 release_sock(sk);
195
196 if (zapped)
197 return -EINVAL;
198
199 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
200 addr->sa_family != AF_BLUETOOTH)
201 return -EINVAL;
202
203 memset(&la, 0, sizeof(la));
204 len = min_t(unsigned int, sizeof(la), alen);
205 memcpy(&la, addr, len);
206
207 if (la.l2_cid && la.l2_psm)
208 return -EINVAL;
209
210 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
211 return -EINVAL;
212
213 /* Check that the socket wasn't bound to something that
214 * conflicts with the address given to connect(). If chan->src
215 * is BDADDR_ANY it means bind() was never used, in which case
216 * chan->src_type and la.l2_bdaddr_type do not need to match.
217 */
218 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
219 bdaddr_type_is_le(la.l2_bdaddr_type)) {
220 /* Old user space versions will try to incorrectly bind
221 * the ATT socket using BDADDR_BREDR. We need to accept
222 * this and fix up the source address type only when
223 * both the source CID and destination CID indicate
224 * ATT. Anything else is an invalid combination.
225 */
226 if (chan->scid != L2CAP_CID_ATT ||
227 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
228 return -EINVAL;
229
230 /* We don't have the hdev available here to make a
231 * better decision on random vs public, but since all
232 * user space versions that exhibit this issue anyway do
233 * not support random local addresses assuming public
234 * here is good enough.
235 */
236 chan->src_type = BDADDR_LE_PUBLIC;
237 }
238
239 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
240 return -EINVAL;
241
242 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
243 /* We only allow ATT user space socket */
244 if (la.l2_cid &&
245 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
246 return -EINVAL;
247 }
248
249 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
250 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
251 */
252 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
253 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
254 chan->mode = L2CAP_MODE_LE_FLOWCTL;
255
256 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
257 &la.l2_bdaddr, la.l2_bdaddr_type,
258 sk->sk_sndtimeo);
259 if (err)
260 return err;
261
262 lock_sock(sk);
263
264 err = bt_sock_wait_state(sk, BT_CONNECTED,
265 sock_sndtimeo(sk, flags & O_NONBLOCK));
266
267 release_sock(sk);
268
269 return err;
270}
271
272static int l2cap_sock_listen(struct socket *sock, int backlog)
273{
274 struct sock *sk = sock->sk;
275 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
276 int err = 0;
277
278 BT_DBG("sk %p backlog %d", sk, backlog);
279
280 lock_sock(sk);
281
282 if (sk->sk_state != BT_BOUND) {
283 err = -EBADFD;
284 goto done;
285 }
286
287 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
288 err = -EINVAL;
289 goto done;
290 }
291
292 switch (chan->mode) {
293 case L2CAP_MODE_BASIC:
294 case L2CAP_MODE_LE_FLOWCTL:
295 break;
296 case L2CAP_MODE_EXT_FLOWCTL:
297 if (!enable_ecred) {
298 err = -EOPNOTSUPP;
299 goto done;
300 }
301 break;
302 case L2CAP_MODE_ERTM:
303 case L2CAP_MODE_STREAMING:
304 if (!disable_ertm)
305 break;
306 fallthrough;
307 default:
308 err = -EOPNOTSUPP;
309 goto done;
310 }
311
312 sk->sk_max_ack_backlog = backlog;
313 sk->sk_ack_backlog = 0;
314
315 /* Listening channels need to use nested locking in order not to
316 * cause lockdep warnings when the created child channels end up
317 * being locked in the same thread as the parent channel.
318 */
319 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
320
321 chan->state = BT_LISTEN;
322 sk->sk_state = BT_LISTEN;
323
324done:
325 release_sock(sk);
326 return err;
327}
328
329static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
330 int flags, bool kern)
331{
332 DEFINE_WAIT_FUNC(wait, woken_wake_function);
333 struct sock *sk = sock->sk, *nsk;
334 long timeo;
335 int err = 0;
336
337 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
338
339 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
340
341 BT_DBG("sk %p timeo %ld", sk, timeo);
342
343 /* Wait for an incoming connection. (wake-one). */
344 add_wait_queue_exclusive(sk_sleep(sk), &wait);
345 while (1) {
346 if (sk->sk_state != BT_LISTEN) {
347 err = -EBADFD;
348 break;
349 }
350
351 nsk = bt_accept_dequeue(sk, newsock);
352 if (nsk)
353 break;
354
355 if (!timeo) {
356 err = -EAGAIN;
357 break;
358 }
359
360 if (signal_pending(current)) {
361 err = sock_intr_errno(timeo);
362 break;
363 }
364
365 release_sock(sk);
366
367 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
368
369 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
370 }
371 remove_wait_queue(sk_sleep(sk), &wait);
372
373 if (err)
374 goto done;
375
376 newsock->state = SS_CONNECTED;
377
378 BT_DBG("new socket %p", nsk);
379
380done:
381 release_sock(sk);
382 return err;
383}
384
385static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
386 int peer)
387{
388 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
389 struct sock *sk = sock->sk;
390 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
391
392 BT_DBG("sock %p, sk %p", sock, sk);
393
394 if (peer && sk->sk_state != BT_CONNECTED &&
395 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
396 sk->sk_state != BT_CONFIG)
397 return -ENOTCONN;
398
399 memset(la, 0, sizeof(struct sockaddr_l2));
400 addr->sa_family = AF_BLUETOOTH;
401
402 la->l2_psm = chan->psm;
403
404 if (peer) {
405 bacpy(&la->l2_bdaddr, &chan->dst);
406 la->l2_cid = cpu_to_le16(chan->dcid);
407 la->l2_bdaddr_type = chan->dst_type;
408 } else {
409 bacpy(&la->l2_bdaddr, &chan->src);
410 la->l2_cid = cpu_to_le16(chan->scid);
411 la->l2_bdaddr_type = chan->src_type;
412 }
413
414 return sizeof(struct sockaddr_l2);
415}
416
417static int l2cap_get_mode(struct l2cap_chan *chan)
418{
419 switch (chan->mode) {
420 case L2CAP_MODE_BASIC:
421 return BT_MODE_BASIC;
422 case L2CAP_MODE_ERTM:
423 return BT_MODE_ERTM;
424 case L2CAP_MODE_STREAMING:
425 return BT_MODE_STREAMING;
426 case L2CAP_MODE_LE_FLOWCTL:
427 return BT_MODE_LE_FLOWCTL;
428 case L2CAP_MODE_EXT_FLOWCTL:
429 return BT_MODE_EXT_FLOWCTL;
430 }
431
432 return -EINVAL;
433}
434
435static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
436 char __user *optval, int __user *optlen)
437{
438 struct sock *sk = sock->sk;
439 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
440 struct l2cap_options opts;
441 struct l2cap_conninfo cinfo;
442 int err = 0;
443 size_t len;
444 u32 opt;
445
446 BT_DBG("sk %p", sk);
447
448 if (get_user(len, optlen))
449 return -EFAULT;
450
451 lock_sock(sk);
452
453 switch (optname) {
454 case L2CAP_OPTIONS:
455 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
456 * legacy ATT code depends on getsockopt for
457 * L2CAP_OPTIONS we need to let this pass.
458 */
459 if (bdaddr_type_is_le(chan->src_type) &&
460 chan->scid != L2CAP_CID_ATT) {
461 err = -EINVAL;
462 break;
463 }
464
465 /* Only BR/EDR modes are supported here */
466 switch (chan->mode) {
467 case L2CAP_MODE_BASIC:
468 case L2CAP_MODE_ERTM:
469 case L2CAP_MODE_STREAMING:
470 break;
471 default:
472 err = -EINVAL;
473 break;
474 }
475
476 if (err < 0)
477 break;
478
479 memset(&opts, 0, sizeof(opts));
480 opts.imtu = chan->imtu;
481 opts.omtu = chan->omtu;
482 opts.flush_to = chan->flush_to;
483 opts.mode = chan->mode;
484 opts.fcs = chan->fcs;
485 opts.max_tx = chan->max_tx;
486 opts.txwin_size = chan->tx_win;
487
488 BT_DBG("mode 0x%2.2x", chan->mode);
489
490 len = min(len, sizeof(opts));
491 if (copy_to_user(optval, (char *) &opts, len))
492 err = -EFAULT;
493
494 break;
495
496 case L2CAP_LM:
497 switch (chan->sec_level) {
498 case BT_SECURITY_LOW:
499 opt = L2CAP_LM_AUTH;
500 break;
501 case BT_SECURITY_MEDIUM:
502 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
503 break;
504 case BT_SECURITY_HIGH:
505 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
506 L2CAP_LM_SECURE;
507 break;
508 case BT_SECURITY_FIPS:
509 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
510 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
511 break;
512 default:
513 opt = 0;
514 break;
515 }
516
517 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
518 opt |= L2CAP_LM_MASTER;
519
520 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
521 opt |= L2CAP_LM_RELIABLE;
522
523 if (put_user(opt, (u32 __user *) optval))
524 err = -EFAULT;
525
526 break;
527
528 case L2CAP_CONNINFO:
529 if (sk->sk_state != BT_CONNECTED &&
530 !(sk->sk_state == BT_CONNECT2 &&
531 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
532 err = -ENOTCONN;
533 break;
534 }
535
536 memset(&cinfo, 0, sizeof(cinfo));
537 cinfo.hci_handle = chan->conn->hcon->handle;
538 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
539
540 len = min(len, sizeof(cinfo));
541 if (copy_to_user(optval, (char *) &cinfo, len))
542 err = -EFAULT;
543
544 break;
545
546 default:
547 err = -ENOPROTOOPT;
548 break;
549 }
550
551 release_sock(sk);
552 return err;
553}
554
555static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
556 char __user *optval, int __user *optlen)
557{
558 struct sock *sk = sock->sk;
559 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
560 struct bt_security sec;
561 struct bt_power pwr;
562 u32 phys;
563 int len, mode, err = 0;
564
565 BT_DBG("sk %p", sk);
566
567 if (level == SOL_L2CAP)
568 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
569
570 if (level != SOL_BLUETOOTH)
571 return -ENOPROTOOPT;
572
573 if (get_user(len, optlen))
574 return -EFAULT;
575
576 lock_sock(sk);
577
578 switch (optname) {
579 case BT_SECURITY:
580 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
581 chan->chan_type != L2CAP_CHAN_FIXED &&
582 chan->chan_type != L2CAP_CHAN_RAW) {
583 err = -EINVAL;
584 break;
585 }
586
587 memset(&sec, 0, sizeof(sec));
588 if (chan->conn) {
589 sec.level = chan->conn->hcon->sec_level;
590
591 if (sk->sk_state == BT_CONNECTED)
592 sec.key_size = chan->conn->hcon->enc_key_size;
593 } else {
594 sec.level = chan->sec_level;
595 }
596
597 len = min_t(unsigned int, len, sizeof(sec));
598 if (copy_to_user(optval, (char *) &sec, len))
599 err = -EFAULT;
600
601 break;
602
603 case BT_DEFER_SETUP:
604 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
605 err = -EINVAL;
606 break;
607 }
608
609 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
610 (u32 __user *) optval))
611 err = -EFAULT;
612
613 break;
614
615 case BT_FLUSHABLE:
616 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
617 (u32 __user *) optval))
618 err = -EFAULT;
619
620 break;
621
622 case BT_POWER:
623 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
624 && sk->sk_type != SOCK_RAW) {
625 err = -EINVAL;
626 break;
627 }
628
629 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
630
631 len = min_t(unsigned int, len, sizeof(pwr));
632 if (copy_to_user(optval, (char *) &pwr, len))
633 err = -EFAULT;
634
635 break;
636
637 case BT_CHANNEL_POLICY:
638 if (put_user(chan->chan_policy, (u32 __user *) optval))
639 err = -EFAULT;
640 break;
641
642 case BT_SNDMTU:
643 if (!bdaddr_type_is_le(chan->src_type)) {
644 err = -EINVAL;
645 break;
646 }
647
648 if (sk->sk_state != BT_CONNECTED) {
649 err = -ENOTCONN;
650 break;
651 }
652
653 if (put_user(chan->omtu, (u16 __user *) optval))
654 err = -EFAULT;
655 break;
656
657 case BT_RCVMTU:
658 if (!bdaddr_type_is_le(chan->src_type)) {
659 err = -EINVAL;
660 break;
661 }
662
663 if (put_user(chan->imtu, (u16 __user *) optval))
664 err = -EFAULT;
665 break;
666
667 case BT_PHY:
668 if (sk->sk_state != BT_CONNECTED) {
669 err = -ENOTCONN;
670 break;
671 }
672
673 phys = hci_conn_get_phy(chan->conn->hcon);
674
675 if (put_user(phys, (u32 __user *) optval))
676 err = -EFAULT;
677 break;
678
679 case BT_MODE:
680 if (!enable_ecred) {
681 err = -ENOPROTOOPT;
682 break;
683 }
684
685 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
686 err = -EINVAL;
687 break;
688 }
689
690 mode = l2cap_get_mode(chan);
691 if (mode < 0) {
692 err = mode;
693 break;
694 }
695
696 if (put_user(mode, (u8 __user *) optval))
697 err = -EFAULT;
698 break;
699
700 default:
701 err = -ENOPROTOOPT;
702 break;
703 }
704
705 release_sock(sk);
706 return err;
707}
708
709static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
710{
711 switch (chan->scid) {
712 case L2CAP_CID_ATT:
713 if (mtu < L2CAP_LE_MIN_MTU)
714 return false;
715 break;
716
717 default:
718 if (mtu < L2CAP_DEFAULT_MIN_MTU)
719 return false;
720 }
721
722 return true;
723}
724
725static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
726 sockptr_t optval, unsigned int optlen)
727{
728 struct sock *sk = sock->sk;
729 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
730 struct l2cap_options opts;
731 int err = 0;
732 u32 opt;
733
734 BT_DBG("sk %p", sk);
735
736 lock_sock(sk);
737
738 switch (optname) {
739 case L2CAP_OPTIONS:
740 if (bdaddr_type_is_le(chan->src_type)) {
741 err = -EINVAL;
742 break;
743 }
744
745 if (sk->sk_state == BT_CONNECTED) {
746 err = -EINVAL;
747 break;
748 }
749
750 opts.imtu = chan->imtu;
751 opts.omtu = chan->omtu;
752 opts.flush_to = chan->flush_to;
753 opts.mode = chan->mode;
754 opts.fcs = chan->fcs;
755 opts.max_tx = chan->max_tx;
756 opts.txwin_size = chan->tx_win;
757
758 err = bt_copy_from_sockptr(&opts, sizeof(opts), optval, optlen);
759 if (err)
760 break;
761
762 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
763 err = -EINVAL;
764 break;
765 }
766
767 if (!l2cap_valid_mtu(chan, opts.imtu)) {
768 err = -EINVAL;
769 break;
770 }
771
772 /* Only BR/EDR modes are supported here */
773 switch (opts.mode) {
774 case L2CAP_MODE_BASIC:
775 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
776 break;
777 case L2CAP_MODE_ERTM:
778 case L2CAP_MODE_STREAMING:
779 if (!disable_ertm)
780 break;
781 fallthrough;
782 default:
783 err = -EINVAL;
784 break;
785 }
786
787 if (err < 0)
788 break;
789
790 chan->mode = opts.mode;
791
792 BT_DBG("mode 0x%2.2x", chan->mode);
793
794 chan->imtu = opts.imtu;
795 chan->omtu = opts.omtu;
796 chan->fcs = opts.fcs;
797 chan->max_tx = opts.max_tx;
798 chan->tx_win = opts.txwin_size;
799 chan->flush_to = opts.flush_to;
800 break;
801
802 case L2CAP_LM:
803 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
804 if (err)
805 break;
806
807 if (opt & L2CAP_LM_FIPS) {
808 err = -EINVAL;
809 break;
810 }
811
812 if (opt & L2CAP_LM_AUTH)
813 chan->sec_level = BT_SECURITY_LOW;
814 if (opt & L2CAP_LM_ENCRYPT)
815 chan->sec_level = BT_SECURITY_MEDIUM;
816 if (opt & L2CAP_LM_SECURE)
817 chan->sec_level = BT_SECURITY_HIGH;
818
819 if (opt & L2CAP_LM_MASTER)
820 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
821 else
822 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
823
824 if (opt & L2CAP_LM_RELIABLE)
825 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
826 else
827 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
828 break;
829
830 default:
831 err = -ENOPROTOOPT;
832 break;
833 }
834
835 release_sock(sk);
836 return err;
837}
838
839static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
840{
841 switch (mode) {
842 case BT_MODE_BASIC:
843 if (bdaddr_type_is_le(chan->src_type))
844 return -EINVAL;
845 mode = L2CAP_MODE_BASIC;
846 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
847 break;
848 case BT_MODE_ERTM:
849 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
850 return -EINVAL;
851 mode = L2CAP_MODE_ERTM;
852 break;
853 case BT_MODE_STREAMING:
854 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
855 return -EINVAL;
856 mode = L2CAP_MODE_STREAMING;
857 break;
858 case BT_MODE_LE_FLOWCTL:
859 if (!bdaddr_type_is_le(chan->src_type))
860 return -EINVAL;
861 mode = L2CAP_MODE_LE_FLOWCTL;
862 break;
863 case BT_MODE_EXT_FLOWCTL:
864 /* TODO: Add support for ECRED PDUs to BR/EDR */
865 if (!bdaddr_type_is_le(chan->src_type))
866 return -EINVAL;
867 mode = L2CAP_MODE_EXT_FLOWCTL;
868 break;
869 default:
870 return -EINVAL;
871 }
872
873 chan->mode = mode;
874
875 return 0;
876}
877
878static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
879 sockptr_t optval, unsigned int optlen)
880{
881 struct sock *sk = sock->sk;
882 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
883 struct bt_security sec;
884 struct bt_power pwr;
885 struct l2cap_conn *conn;
886 int err = 0;
887 u32 opt;
888 u16 mtu;
889 u8 mode;
890
891 BT_DBG("sk %p", sk);
892
893 if (level == SOL_L2CAP)
894 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
895
896 if (level != SOL_BLUETOOTH)
897 return -ENOPROTOOPT;
898
899 lock_sock(sk);
900
901 switch (optname) {
902 case BT_SECURITY:
903 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
904 chan->chan_type != L2CAP_CHAN_FIXED &&
905 chan->chan_type != L2CAP_CHAN_RAW) {
906 err = -EINVAL;
907 break;
908 }
909
910 sec.level = BT_SECURITY_LOW;
911
912 err = bt_copy_from_sockptr(&sec, sizeof(sec), optval, optlen);
913 if (err)
914 break;
915
916 if (sec.level < BT_SECURITY_LOW ||
917 sec.level > BT_SECURITY_FIPS) {
918 err = -EINVAL;
919 break;
920 }
921
922 chan->sec_level = sec.level;
923
924 if (!chan->conn)
925 break;
926
927 conn = chan->conn;
928
929 /* change security for LE channels */
930 if (chan->scid == L2CAP_CID_ATT) {
931 if (smp_conn_security(conn->hcon, sec.level)) {
932 err = -EINVAL;
933 break;
934 }
935
936 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
937 sk->sk_state = BT_CONFIG;
938 chan->state = BT_CONFIG;
939
940 /* or for ACL link */
941 } else if ((sk->sk_state == BT_CONNECT2 &&
942 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
943 sk->sk_state == BT_CONNECTED) {
944 if (!l2cap_chan_check_security(chan, true))
945 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
946 else
947 sk->sk_state_change(sk);
948 } else {
949 err = -EINVAL;
950 }
951 break;
952
953 case BT_DEFER_SETUP:
954 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
955 err = -EINVAL;
956 break;
957 }
958
959 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
960 if (err)
961 break;
962
963 if (opt) {
964 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
965 set_bit(FLAG_DEFER_SETUP, &chan->flags);
966 } else {
967 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
968 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
969 }
970 break;
971
972 case BT_FLUSHABLE:
973 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
974 if (err)
975 break;
976
977 if (opt > BT_FLUSHABLE_ON) {
978 err = -EINVAL;
979 break;
980 }
981
982 if (opt == BT_FLUSHABLE_OFF) {
983 conn = chan->conn;
984 /* proceed further only when we have l2cap_conn and
985 No Flush support in the LM */
986 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
987 err = -EINVAL;
988 break;
989 }
990 }
991
992 if (opt)
993 set_bit(FLAG_FLUSHABLE, &chan->flags);
994 else
995 clear_bit(FLAG_FLUSHABLE, &chan->flags);
996 break;
997
998 case BT_POWER:
999 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
1000 chan->chan_type != L2CAP_CHAN_RAW) {
1001 err = -EINVAL;
1002 break;
1003 }
1004
1005 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
1006
1007 err = bt_copy_from_sockptr(&pwr, sizeof(pwr), optval, optlen);
1008 if (err)
1009 break;
1010
1011 if (pwr.force_active)
1012 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1013 else
1014 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1015 break;
1016
1017 case BT_CHANNEL_POLICY:
1018 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1019 if (err)
1020 break;
1021
1022 err = -EOPNOTSUPP;
1023 break;
1024
1025 case BT_SNDMTU:
1026 if (!bdaddr_type_is_le(chan->src_type)) {
1027 err = -EINVAL;
1028 break;
1029 }
1030
1031 /* Setting is not supported as it's the remote side that
1032 * decides this.
1033 */
1034 err = -EPERM;
1035 break;
1036
1037 case BT_RCVMTU:
1038 if (!bdaddr_type_is_le(chan->src_type)) {
1039 err = -EINVAL;
1040 break;
1041 }
1042
1043 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1044 sk->sk_state == BT_CONNECTED) {
1045 err = -EISCONN;
1046 break;
1047 }
1048
1049 err = bt_copy_from_sockptr(&mtu, sizeof(mtu), optval, optlen);
1050 if (err)
1051 break;
1052
1053 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1054 sk->sk_state == BT_CONNECTED)
1055 err = l2cap_chan_reconfigure(chan, mtu);
1056 else
1057 chan->imtu = mtu;
1058
1059 break;
1060
1061 case BT_MODE:
1062 if (!enable_ecred) {
1063 err = -ENOPROTOOPT;
1064 break;
1065 }
1066
1067 BT_DBG("sk->sk_state %u", sk->sk_state);
1068
1069 if (sk->sk_state != BT_BOUND) {
1070 err = -EINVAL;
1071 break;
1072 }
1073
1074 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1075 err = -EINVAL;
1076 break;
1077 }
1078
1079 err = bt_copy_from_sockptr(&mode, sizeof(mode), optval, optlen);
1080 if (err)
1081 break;
1082
1083 BT_DBG("mode %u", mode);
1084
1085 err = l2cap_set_mode(chan, mode);
1086 if (err)
1087 break;
1088
1089 BT_DBG("mode 0x%2.2x", chan->mode);
1090
1091 break;
1092
1093 default:
1094 err = -ENOPROTOOPT;
1095 break;
1096 }
1097
1098 release_sock(sk);
1099 return err;
1100}
1101
1102static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1103 size_t len)
1104{
1105 struct sock *sk = sock->sk;
1106 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1107 int err;
1108
1109 BT_DBG("sock %p, sk %p", sock, sk);
1110
1111 err = sock_error(sk);
1112 if (err)
1113 return err;
1114
1115 if (msg->msg_flags & MSG_OOB)
1116 return -EOPNOTSUPP;
1117
1118 if (sk->sk_state != BT_CONNECTED)
1119 return -ENOTCONN;
1120
1121 lock_sock(sk);
1122 err = bt_sock_wait_ready(sk, msg->msg_flags);
1123 release_sock(sk);
1124 if (err)
1125 return err;
1126
1127 l2cap_chan_lock(chan);
1128 err = l2cap_chan_send(chan, msg, len);
1129 l2cap_chan_unlock(chan);
1130
1131 return err;
1132}
1133
1134static void l2cap_publish_rx_avail(struct l2cap_chan *chan)
1135{
1136 struct sock *sk = chan->data;
1137 ssize_t avail = sk->sk_rcvbuf - atomic_read(&sk->sk_rmem_alloc);
1138 int expected_skbs, skb_overhead;
1139
1140 if (avail <= 0) {
1141 l2cap_chan_rx_avail(chan, 0);
1142 return;
1143 }
1144
1145 if (!chan->mps) {
1146 l2cap_chan_rx_avail(chan, -1);
1147 return;
1148 }
1149
1150 /* Correct available memory by estimated sk_buff overhead.
1151 * This is significant due to small transfer sizes. However, accept
1152 * at least one full packet if receive space is non-zero.
1153 */
1154 expected_skbs = DIV_ROUND_UP(avail, chan->mps);
1155 skb_overhead = expected_skbs * sizeof(struct sk_buff);
1156 if (skb_overhead < avail)
1157 l2cap_chan_rx_avail(chan, avail - skb_overhead);
1158 else
1159 l2cap_chan_rx_avail(chan, -1);
1160}
1161
1162static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1163 size_t len, int flags)
1164{
1165 struct sock *sk = sock->sk;
1166 struct l2cap_pinfo *pi = l2cap_pi(sk);
1167 int err;
1168
1169 lock_sock(sk);
1170
1171 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1172 &bt_sk(sk)->flags)) {
1173 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1174 sk->sk_state = BT_CONNECTED;
1175 pi->chan->state = BT_CONNECTED;
1176 __l2cap_ecred_conn_rsp_defer(pi->chan);
1177 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1178 sk->sk_state = BT_CONNECTED;
1179 pi->chan->state = BT_CONNECTED;
1180 __l2cap_le_connect_rsp_defer(pi->chan);
1181 } else {
1182 sk->sk_state = BT_CONFIG;
1183 pi->chan->state = BT_CONFIG;
1184 __l2cap_connect_rsp_defer(pi->chan);
1185 }
1186
1187 err = 0;
1188 goto done;
1189 }
1190
1191 release_sock(sk);
1192
1193 if (sock->type == SOCK_STREAM)
1194 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1195 else
1196 err = bt_sock_recvmsg(sock, msg, len, flags);
1197
1198 if (pi->chan->mode != L2CAP_MODE_ERTM &&
1199 pi->chan->mode != L2CAP_MODE_LE_FLOWCTL &&
1200 pi->chan->mode != L2CAP_MODE_EXT_FLOWCTL)
1201 return err;
1202
1203 lock_sock(sk);
1204
1205 l2cap_publish_rx_avail(pi->chan);
1206
1207 /* Attempt to put pending rx data in the socket buffer */
1208 while (!list_empty(&pi->rx_busy)) {
1209 struct l2cap_rx_busy *rx_busy =
1210 list_first_entry(&pi->rx_busy,
1211 struct l2cap_rx_busy,
1212 list);
1213 if (__sock_queue_rcv_skb(sk, rx_busy->skb) < 0)
1214 goto done;
1215 list_del(&rx_busy->list);
1216 kfree(rx_busy);
1217 }
1218
1219 /* Restore data flow when half of the receive buffer is
1220 * available. This avoids resending large numbers of
1221 * frames.
1222 */
1223 if (test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state) &&
1224 atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1225 l2cap_chan_busy(pi->chan, 0);
1226
1227done:
1228 release_sock(sk);
1229 return err;
1230}
1231
1232/* Kill socket (only if zapped and orphan)
1233 * Must be called on unlocked socket, with l2cap channel lock.
1234 */
1235static void l2cap_sock_kill(struct sock *sk)
1236{
1237 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1238 return;
1239
1240 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1241
1242 /* Kill poor orphan */
1243
1244 l2cap_chan_put(l2cap_pi(sk)->chan);
1245 sock_set_flag(sk, SOCK_DEAD);
1246 sock_put(sk);
1247}
1248
1249static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1250{
1251 DECLARE_WAITQUEUE(wait, current);
1252 int err = 0;
1253 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1254 /* Timeout to prevent infinite loop */
1255 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1256
1257 add_wait_queue(sk_sleep(sk), &wait);
1258 set_current_state(TASK_INTERRUPTIBLE);
1259 do {
1260 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1261 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1262 jiffies_to_msecs(timeout - jiffies));
1263
1264 if (!timeo)
1265 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1266
1267 if (signal_pending(current)) {
1268 err = sock_intr_errno(timeo);
1269 break;
1270 }
1271
1272 release_sock(sk);
1273 timeo = schedule_timeout(timeo);
1274 lock_sock(sk);
1275 set_current_state(TASK_INTERRUPTIBLE);
1276
1277 err = sock_error(sk);
1278 if (err)
1279 break;
1280
1281 if (time_after(jiffies, timeout)) {
1282 err = -ENOLINK;
1283 break;
1284 }
1285
1286 } while (chan->unacked_frames > 0 &&
1287 chan->state == BT_CONNECTED);
1288
1289 set_current_state(TASK_RUNNING);
1290 remove_wait_queue(sk_sleep(sk), &wait);
1291 return err;
1292}
1293
1294static int l2cap_sock_shutdown(struct socket *sock, int how)
1295{
1296 struct sock *sk = sock->sk;
1297 struct l2cap_chan *chan;
1298 struct l2cap_conn *conn;
1299 int err = 0;
1300
1301 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1302
1303 /* 'how' parameter is mapped to sk_shutdown as follows:
1304 * SHUT_RD (0) --> RCV_SHUTDOWN (1)
1305 * SHUT_WR (1) --> SEND_SHUTDOWN (2)
1306 * SHUT_RDWR (2) --> SHUTDOWN_MASK (3)
1307 */
1308 how++;
1309
1310 if (!sk)
1311 return 0;
1312
1313 lock_sock(sk);
1314
1315 if ((sk->sk_shutdown & how) == how)
1316 goto shutdown_already;
1317
1318 BT_DBG("Handling sock shutdown");
1319
1320 /* prevent sk structure from being freed whilst unlocked */
1321 sock_hold(sk);
1322
1323 chan = l2cap_pi(sk)->chan;
1324 /* prevent chan structure from being freed whilst unlocked */
1325 l2cap_chan_hold(chan);
1326
1327 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1328
1329 if (chan->mode == L2CAP_MODE_ERTM &&
1330 chan->unacked_frames > 0 &&
1331 chan->state == BT_CONNECTED) {
1332 err = __l2cap_wait_ack(sk, chan);
1333
1334 /* After waiting for ACKs, check whether shutdown
1335 * has already been actioned to close the L2CAP
1336 * link such as by l2cap_disconnection_req().
1337 */
1338 if ((sk->sk_shutdown & how) == how)
1339 goto shutdown_matched;
1340 }
1341
1342 /* Try setting the RCV_SHUTDOWN bit, return early if SEND_SHUTDOWN
1343 * is already set
1344 */
1345 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1346 sk->sk_shutdown |= RCV_SHUTDOWN;
1347 if ((sk->sk_shutdown & how) == how)
1348 goto shutdown_matched;
1349 }
1350
1351 sk->sk_shutdown |= SEND_SHUTDOWN;
1352 release_sock(sk);
1353
1354 l2cap_chan_lock(chan);
1355 conn = chan->conn;
1356 if (conn)
1357 /* prevent conn structure from being freed */
1358 l2cap_conn_get(conn);
1359 l2cap_chan_unlock(chan);
1360
1361 if (conn)
1362 /* mutex lock must be taken before l2cap_chan_lock() */
1363 mutex_lock(&conn->chan_lock);
1364
1365 l2cap_chan_lock(chan);
1366 l2cap_chan_close(chan, 0);
1367 l2cap_chan_unlock(chan);
1368
1369 if (conn) {
1370 mutex_unlock(&conn->chan_lock);
1371 l2cap_conn_put(conn);
1372 }
1373
1374 lock_sock(sk);
1375
1376 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1377 !(current->flags & PF_EXITING))
1378 err = bt_sock_wait_state(sk, BT_CLOSED,
1379 sk->sk_lingertime);
1380
1381shutdown_matched:
1382 l2cap_chan_put(chan);
1383 sock_put(sk);
1384
1385shutdown_already:
1386 if (!err && sk->sk_err)
1387 err = -sk->sk_err;
1388
1389 release_sock(sk);
1390
1391 BT_DBG("Sock shutdown complete err: %d", err);
1392
1393 return err;
1394}
1395
1396static int l2cap_sock_release(struct socket *sock)
1397{
1398 struct sock *sk = sock->sk;
1399 int err;
1400 struct l2cap_chan *chan;
1401
1402 BT_DBG("sock %p, sk %p", sock, sk);
1403
1404 if (!sk)
1405 return 0;
1406
1407 l2cap_sock_cleanup_listen(sk);
1408 bt_sock_unlink(&l2cap_sk_list, sk);
1409
1410 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1411 chan = l2cap_pi(sk)->chan;
1412
1413 l2cap_chan_hold(chan);
1414 l2cap_chan_lock(chan);
1415
1416 sock_orphan(sk);
1417 l2cap_sock_kill(sk);
1418
1419 l2cap_chan_unlock(chan);
1420 l2cap_chan_put(chan);
1421
1422 return err;
1423}
1424
1425static void l2cap_sock_cleanup_listen(struct sock *parent)
1426{
1427 struct sock *sk;
1428
1429 BT_DBG("parent %p state %s", parent,
1430 state_to_string(parent->sk_state));
1431
1432 /* Close not yet accepted channels */
1433 while ((sk = bt_accept_dequeue(parent, NULL))) {
1434 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1435
1436 BT_DBG("child chan %p state %s", chan,
1437 state_to_string(chan->state));
1438
1439 l2cap_chan_hold(chan);
1440 l2cap_chan_lock(chan);
1441
1442 __clear_chan_timer(chan);
1443 l2cap_chan_close(chan, ECONNRESET);
1444 l2cap_sock_kill(sk);
1445
1446 l2cap_chan_unlock(chan);
1447 l2cap_chan_put(chan);
1448 }
1449}
1450
1451static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1452{
1453 struct sock *sk, *parent = chan->data;
1454
1455 lock_sock(parent);
1456
1457 /* Check for backlog size */
1458 if (sk_acceptq_is_full(parent)) {
1459 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1460 release_sock(parent);
1461 return NULL;
1462 }
1463
1464 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1465 GFP_ATOMIC, 0);
1466 if (!sk) {
1467 release_sock(parent);
1468 return NULL;
1469 }
1470
1471 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1472
1473 l2cap_sock_init(sk, parent);
1474
1475 bt_accept_enqueue(parent, sk, false);
1476
1477 release_sock(parent);
1478
1479 return l2cap_pi(sk)->chan;
1480}
1481
1482static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1483{
1484 struct sock *sk = chan->data;
1485 struct l2cap_pinfo *pi = l2cap_pi(sk);
1486 int err;
1487
1488 lock_sock(sk);
1489
1490 if (chan->mode == L2CAP_MODE_ERTM && !list_empty(&pi->rx_busy)) {
1491 err = -ENOMEM;
1492 goto done;
1493 }
1494
1495 if (chan->mode != L2CAP_MODE_ERTM &&
1496 chan->mode != L2CAP_MODE_STREAMING &&
1497 chan->mode != L2CAP_MODE_LE_FLOWCTL &&
1498 chan->mode != L2CAP_MODE_EXT_FLOWCTL) {
1499 /* Even if no filter is attached, we could potentially
1500 * get errors from security modules, etc.
1501 */
1502 err = sk_filter(sk, skb);
1503 if (err)
1504 goto done;
1505 }
1506
1507 err = __sock_queue_rcv_skb(sk, skb);
1508
1509 l2cap_publish_rx_avail(chan);
1510
1511 /* For ERTM and LE, handle a skb that doesn't fit into the recv
1512 * buffer. This is important to do because the data frames
1513 * have already been acked, so the skb cannot be discarded.
1514 *
1515 * Notify the l2cap core that the buffer is full, so the
1516 * LOCAL_BUSY state is entered and no more frames are
1517 * acked and reassembled until there is buffer space
1518 * available.
1519 */
1520 if (err < 0 &&
1521 (chan->mode == L2CAP_MODE_ERTM ||
1522 chan->mode == L2CAP_MODE_LE_FLOWCTL ||
1523 chan->mode == L2CAP_MODE_EXT_FLOWCTL)) {
1524 struct l2cap_rx_busy *rx_busy =
1525 kmalloc(sizeof(*rx_busy), GFP_KERNEL);
1526 if (!rx_busy) {
1527 err = -ENOMEM;
1528 goto done;
1529 }
1530 rx_busy->skb = skb;
1531 list_add_tail(&rx_busy->list, &pi->rx_busy);
1532 l2cap_chan_busy(chan, 1);
1533 err = 0;
1534 }
1535
1536done:
1537 release_sock(sk);
1538
1539 return err;
1540}
1541
1542static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1543{
1544 struct sock *sk = chan->data;
1545
1546 if (!sk)
1547 return;
1548
1549 l2cap_sock_kill(sk);
1550}
1551
1552static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1553{
1554 struct sock *sk = chan->data;
1555 struct sock *parent;
1556
1557 if (!sk)
1558 return;
1559
1560 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1561
1562 /* This callback can be called both for server (BT_LISTEN)
1563 * sockets as well as "normal" ones. To avoid lockdep warnings
1564 * with child socket locking (through l2cap_sock_cleanup_listen)
1565 * we need separation into separate nesting levels. The simplest
1566 * way to accomplish this is to inherit the nesting level used
1567 * for the channel.
1568 */
1569 lock_sock_nested(sk, atomic_read(&chan->nesting));
1570
1571 parent = bt_sk(sk)->parent;
1572
1573 switch (chan->state) {
1574 case BT_OPEN:
1575 case BT_BOUND:
1576 case BT_CLOSED:
1577 break;
1578 case BT_LISTEN:
1579 l2cap_sock_cleanup_listen(sk);
1580 sk->sk_state = BT_CLOSED;
1581 chan->state = BT_CLOSED;
1582
1583 break;
1584 default:
1585 sk->sk_state = BT_CLOSED;
1586 chan->state = BT_CLOSED;
1587
1588 sk->sk_err = err;
1589
1590 if (parent) {
1591 bt_accept_unlink(sk);
1592 parent->sk_data_ready(parent);
1593 } else {
1594 sk->sk_state_change(sk);
1595 }
1596
1597 break;
1598 }
1599 release_sock(sk);
1600
1601 /* Only zap after cleanup to avoid use after free race */
1602 sock_set_flag(sk, SOCK_ZAPPED);
1603
1604}
1605
1606static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1607 int err)
1608{
1609 struct sock *sk = chan->data;
1610
1611 sk->sk_state = state;
1612
1613 if (err)
1614 sk->sk_err = err;
1615}
1616
1617static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1618 unsigned long hdr_len,
1619 unsigned long len, int nb)
1620{
1621 struct sock *sk = chan->data;
1622 struct sk_buff *skb;
1623 int err;
1624
1625 l2cap_chan_unlock(chan);
1626 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1627 l2cap_chan_lock(chan);
1628
1629 if (!skb)
1630 return ERR_PTR(err);
1631
1632 /* Channel lock is released before requesting new skb and then
1633 * reacquired thus we need to recheck channel state.
1634 */
1635 if (chan->state != BT_CONNECTED) {
1636 kfree_skb(skb);
1637 return ERR_PTR(-ENOTCONN);
1638 }
1639
1640 skb->priority = READ_ONCE(sk->sk_priority);
1641
1642 bt_cb(skb)->l2cap.chan = chan;
1643
1644 return skb;
1645}
1646
1647static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1648{
1649 struct sock *sk = chan->data;
1650 struct sock *parent;
1651
1652 lock_sock(sk);
1653
1654 parent = bt_sk(sk)->parent;
1655
1656 BT_DBG("sk %p, parent %p", sk, parent);
1657
1658 sk->sk_state = BT_CONNECTED;
1659 sk->sk_state_change(sk);
1660
1661 if (parent)
1662 parent->sk_data_ready(parent);
1663
1664 release_sock(sk);
1665}
1666
1667static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1668{
1669 struct sock *parent, *sk = chan->data;
1670
1671 lock_sock(sk);
1672
1673 parent = bt_sk(sk)->parent;
1674 if (parent)
1675 parent->sk_data_ready(parent);
1676
1677 release_sock(sk);
1678}
1679
1680static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1681{
1682 struct sock *sk = chan->data;
1683
1684 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1685 sk->sk_state = BT_CONNECTED;
1686 chan->state = BT_CONNECTED;
1687 }
1688
1689 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1690 sk->sk_state_change(sk);
1691}
1692
1693static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1694{
1695 struct sock *sk = chan->data;
1696
1697 lock_sock(sk);
1698 sk->sk_shutdown = SHUTDOWN_MASK;
1699 release_sock(sk);
1700}
1701
1702static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1703{
1704 struct sock *sk = chan->data;
1705
1706 return sk->sk_sndtimeo;
1707}
1708
1709static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1710{
1711 struct sock *sk = chan->data;
1712
1713 return sk->sk_peer_pid;
1714}
1715
1716static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1717{
1718 struct sock *sk = chan->data;
1719
1720 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1721 sk->sk_state_change(sk);
1722}
1723
1724static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1725{
1726 struct sock *sk = chan->data;
1727
1728 switch (chan->mode) {
1729 case L2CAP_MODE_ERTM:
1730 case L2CAP_MODE_STREAMING:
1731 return sk_filter(sk, skb);
1732 }
1733
1734 return 0;
1735}
1736
1737static const struct l2cap_ops l2cap_chan_ops = {
1738 .name = "L2CAP Socket Interface",
1739 .new_connection = l2cap_sock_new_connection_cb,
1740 .recv = l2cap_sock_recv_cb,
1741 .close = l2cap_sock_close_cb,
1742 .teardown = l2cap_sock_teardown_cb,
1743 .state_change = l2cap_sock_state_change_cb,
1744 .ready = l2cap_sock_ready_cb,
1745 .defer = l2cap_sock_defer_cb,
1746 .resume = l2cap_sock_resume_cb,
1747 .suspend = l2cap_sock_suspend_cb,
1748 .set_shutdown = l2cap_sock_set_shutdown_cb,
1749 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1750 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1751 .alloc_skb = l2cap_sock_alloc_skb_cb,
1752 .filter = l2cap_sock_filter,
1753};
1754
1755static void l2cap_sock_destruct(struct sock *sk)
1756{
1757 struct l2cap_rx_busy *rx_busy, *next;
1758
1759 BT_DBG("sk %p", sk);
1760
1761 if (l2cap_pi(sk)->chan) {
1762 l2cap_pi(sk)->chan->data = NULL;
1763 l2cap_chan_put(l2cap_pi(sk)->chan);
1764 }
1765
1766 list_for_each_entry_safe(rx_busy, next, &l2cap_pi(sk)->rx_busy, list) {
1767 kfree_skb(rx_busy->skb);
1768 list_del(&rx_busy->list);
1769 kfree(rx_busy);
1770 }
1771
1772 skb_queue_purge(&sk->sk_receive_queue);
1773 skb_queue_purge(&sk->sk_write_queue);
1774}
1775
1776static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1777 int *msg_namelen)
1778{
1779 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1780
1781 memset(la, 0, sizeof(struct sockaddr_l2));
1782 la->l2_family = AF_BLUETOOTH;
1783 la->l2_psm = bt_cb(skb)->l2cap.psm;
1784 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1785
1786 *msg_namelen = sizeof(struct sockaddr_l2);
1787}
1788
1789static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1790{
1791 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1792
1793 BT_DBG("sk %p", sk);
1794
1795 if (parent) {
1796 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1797
1798 sk->sk_type = parent->sk_type;
1799 bt_sk(sk)->flags = bt_sk(parent)->flags;
1800
1801 chan->chan_type = pchan->chan_type;
1802 chan->imtu = pchan->imtu;
1803 chan->omtu = pchan->omtu;
1804 chan->conf_state = pchan->conf_state;
1805 chan->mode = pchan->mode;
1806 chan->fcs = pchan->fcs;
1807 chan->max_tx = pchan->max_tx;
1808 chan->tx_win = pchan->tx_win;
1809 chan->tx_win_max = pchan->tx_win_max;
1810 chan->sec_level = pchan->sec_level;
1811 chan->flags = pchan->flags;
1812 chan->tx_credits = pchan->tx_credits;
1813 chan->rx_credits = pchan->rx_credits;
1814
1815 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1816 chan->scid = pchan->scid;
1817 chan->dcid = pchan->scid;
1818 }
1819
1820 security_sk_clone(parent, sk);
1821 } else {
1822 switch (sk->sk_type) {
1823 case SOCK_RAW:
1824 chan->chan_type = L2CAP_CHAN_RAW;
1825 break;
1826 case SOCK_DGRAM:
1827 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1828 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1829 break;
1830 case SOCK_SEQPACKET:
1831 case SOCK_STREAM:
1832 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1833 break;
1834 }
1835
1836 chan->imtu = L2CAP_DEFAULT_MTU;
1837 chan->omtu = 0;
1838 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1839 chan->mode = L2CAP_MODE_ERTM;
1840 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1841 } else {
1842 chan->mode = L2CAP_MODE_BASIC;
1843 }
1844
1845 l2cap_chan_set_defaults(chan);
1846 }
1847
1848 /* Default config options */
1849 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1850
1851 chan->data = sk;
1852 chan->ops = &l2cap_chan_ops;
1853
1854 l2cap_publish_rx_avail(chan);
1855}
1856
1857static struct proto l2cap_proto = {
1858 .name = "L2CAP",
1859 .owner = THIS_MODULE,
1860 .obj_size = sizeof(struct l2cap_pinfo)
1861};
1862
1863static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1864 int proto, gfp_t prio, int kern)
1865{
1866 struct sock *sk;
1867 struct l2cap_chan *chan;
1868
1869 sk = bt_sock_alloc(net, sock, &l2cap_proto, proto, prio, kern);
1870 if (!sk)
1871 return NULL;
1872
1873 sk->sk_destruct = l2cap_sock_destruct;
1874 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1875
1876 INIT_LIST_HEAD(&l2cap_pi(sk)->rx_busy);
1877
1878 chan = l2cap_chan_create();
1879 if (!chan) {
1880 sk_free(sk);
1881 return NULL;
1882 }
1883
1884 l2cap_chan_hold(chan);
1885
1886 l2cap_pi(sk)->chan = chan;
1887
1888 return sk;
1889}
1890
1891static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1892 int kern)
1893{
1894 struct sock *sk;
1895
1896 BT_DBG("sock %p", sock);
1897
1898 sock->state = SS_UNCONNECTED;
1899
1900 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1901 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1902 return -ESOCKTNOSUPPORT;
1903
1904 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1905 return -EPERM;
1906
1907 sock->ops = &l2cap_sock_ops;
1908
1909 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1910 if (!sk)
1911 return -ENOMEM;
1912
1913 l2cap_sock_init(sk, NULL);
1914 bt_sock_link(&l2cap_sk_list, sk);
1915 return 0;
1916}
1917
1918static const struct proto_ops l2cap_sock_ops = {
1919 .family = PF_BLUETOOTH,
1920 .owner = THIS_MODULE,
1921 .release = l2cap_sock_release,
1922 .bind = l2cap_sock_bind,
1923 .connect = l2cap_sock_connect,
1924 .listen = l2cap_sock_listen,
1925 .accept = l2cap_sock_accept,
1926 .getname = l2cap_sock_getname,
1927 .sendmsg = l2cap_sock_sendmsg,
1928 .recvmsg = l2cap_sock_recvmsg,
1929 .poll = bt_sock_poll,
1930 .ioctl = bt_sock_ioctl,
1931 .gettstamp = sock_gettstamp,
1932 .mmap = sock_no_mmap,
1933 .socketpair = sock_no_socketpair,
1934 .shutdown = l2cap_sock_shutdown,
1935 .setsockopt = l2cap_sock_setsockopt,
1936 .getsockopt = l2cap_sock_getsockopt
1937};
1938
1939static const struct net_proto_family l2cap_sock_family_ops = {
1940 .family = PF_BLUETOOTH,
1941 .owner = THIS_MODULE,
1942 .create = l2cap_sock_create,
1943};
1944
1945int __init l2cap_init_sockets(void)
1946{
1947 int err;
1948
1949 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1950
1951 err = proto_register(&l2cap_proto, 0);
1952 if (err < 0)
1953 return err;
1954
1955 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1956 if (err < 0) {
1957 BT_ERR("L2CAP socket registration failed");
1958 goto error;
1959 }
1960
1961 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1962 NULL);
1963 if (err < 0) {
1964 BT_ERR("Failed to create L2CAP proc file");
1965 bt_sock_unregister(BTPROTO_L2CAP);
1966 goto error;
1967 }
1968
1969 BT_INFO("L2CAP socket layer initialized");
1970
1971 return 0;
1972
1973error:
1974 proto_unregister(&l2cap_proto);
1975 return err;
1976}
1977
1978void l2cap_cleanup_sockets(void)
1979{
1980 bt_procfs_cleanup(&init_net, "l2cap");
1981 bt_sock_unregister(BTPROTO_L2CAP);
1982 proto_unregister(&l2cap_proto);
1983}