Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
55static int l2cap_validate_bredr_psm(u16 psm)
56{
57 /* PSM must be odd and lsb of upper byte must be 0 */
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61 /* Restrict usage of well-known PSMs */
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70 /* Valid LE_PSM ranges are defined only until 0x00ff */
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79}
80
81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105 /* We only allow ATT user space socket */
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155 /* Fixed channels default to the L2CAP core not holding a
156 * hci_conn reference for them. For fixed channels mapping to
157 * L2CAP sockets we do want to hold a reference so set the
158 * appropriate flag to request it.
159 */
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170done:
171 release_sock(sk);
172 return err;
173}
174
175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177{
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199 /* Check that the socket wasn't bound to something that
200 * conflicts with the address given to connect(). If chan->src
201 * is BDADDR_ANY it means bind() was never used, in which case
202 * chan->src_type and la.l2_bdaddr_type do not need to match.
203 */
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206 /* Old user space versions will try to incorrectly bind
207 * the ATT socket using BDADDR_BREDR. We need to accept
208 * this and fix up the source address type only when
209 * both the source CID and destination CID indicate
210 * ATT. Anything else is an invalid combination.
211 */
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216 /* We don't have the hdev available here to make a
217 * better decision on random vs public, but since all
218 * user space versions that exhibit this issue anyway do
219 * not support random local addresses assuming public
220 * here is good enough.
221 */
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229 /* We only allow ATT user space socket */
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251}
252
253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281 /* fall through */
282 default:
283 err = -EOPNOTSUPP;
284 goto done;
285 }
286
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
289
290 /* Listening channels need to use nested locking in order not to
291 * cause lockdep warnings when the created child channels end up
292 * being locked in the same thread as the parent channel.
293 */
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
306{
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318 /* Wait for an incoming connection. (wake-one). */
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
320 while (1) {
321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
323 break;
324 }
325
326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
329
330 if (!timeo) {
331 err = -EAGAIN;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339
340 release_sock(sk);
341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345 }
346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int peer)
362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
372 return -ENOTCONN;
373
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376
377 la->l2_psm = chan->psm;
378
379 if (peer) {
380 bacpy(&la->l2_bdaddr, &chan->dst);
381 la->l2_cid = cpu_to_le16(chan->dcid);
382 la->l2_bdaddr_type = chan->dst_type;
383 } else {
384 bacpy(&la->l2_bdaddr, &chan->src);
385 la->l2_cid = cpu_to_le16(chan->scid);
386 la->l2_bdaddr_type = chan->src_type;
387 }
388
389 return sizeof(struct sockaddr_l2);
390}
391
392static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
394{
395 struct sock *sk = sock->sk;
396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
399 int len, err = 0;
400 u32 opt;
401
402 BT_DBG("sk %p", sk);
403
404 if (get_user(len, optlen))
405 return -EFAULT;
406
407 lock_sock(sk);
408
409 switch (optname) {
410 case L2CAP_OPTIONS:
411 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
412 * legacy ATT code depends on getsockopt for
413 * L2CAP_OPTIONS we need to let this pass.
414 */
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
417 err = -EINVAL;
418 break;
419 }
420
421 memset(&opts, 0, sizeof(opts));
422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
428 opts.txwin_size = chan->tx_win;
429
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
432 err = -EFAULT;
433
434 break;
435
436 case L2CAP_LM:
437 switch (chan->sec_level) {
438 case BT_SECURITY_LOW:
439 opt = L2CAP_LM_AUTH;
440 break;
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443 break;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
446 L2CAP_LM_SECURE;
447 break;
448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 break;
452 default:
453 opt = 0;
454 break;
455 }
456
457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458 opt |= L2CAP_LM_MASTER;
459
460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461 opt |= L2CAP_LM_RELIABLE;
462
463 if (put_user(opt, (u32 __user *) optval))
464 err = -EFAULT;
465
466 break;
467
468 case L2CAP_CONNINFO:
469 if (sk->sk_state != BT_CONNECTED &&
470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
472 err = -ENOTCONN;
473 break;
474 }
475
476 memset(&cinfo, 0, sizeof(cinfo));
477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
479
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
482 err = -EFAULT;
483
484 break;
485
486 default:
487 err = -ENOPROTOOPT;
488 break;
489 }
490
491 release_sock(sk);
492 return err;
493}
494
495static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
497{
498 struct sock *sk = sock->sk;
499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500 struct bt_security sec;
501 struct bt_power pwr;
502 int len, err = 0;
503
504 BT_DBG("sk %p", sk);
505
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
508
509 if (level != SOL_BLUETOOTH)
510 return -ENOPROTOOPT;
511
512 if (get_user(len, optlen))
513 return -EFAULT;
514
515 lock_sock(sk);
516
517 switch (optname) {
518 case BT_SECURITY:
519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520 chan->chan_type != L2CAP_CHAN_FIXED &&
521 chan->chan_type != L2CAP_CHAN_RAW) {
522 err = -EINVAL;
523 break;
524 }
525
526 memset(&sec, 0, sizeof(sec));
527 if (chan->conn) {
528 sec.level = chan->conn->hcon->sec_level;
529
530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
532 } else {
533 sec.level = chan->sec_level;
534 }
535
536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
538 err = -EFAULT;
539
540 break;
541
542 case BT_DEFER_SETUP:
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
544 err = -EINVAL;
545 break;
546 }
547
548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
550 err = -EFAULT;
551
552 break;
553
554 case BT_FLUSHABLE:
555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556 (u32 __user *) optval))
557 err = -EFAULT;
558
559 break;
560
561 case BT_POWER:
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563 && sk->sk_type != SOCK_RAW) {
564 err = -EINVAL;
565 break;
566 }
567
568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
569
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
572 err = -EFAULT;
573
574 break;
575
576 case BT_CHANNEL_POLICY:
577 if (put_user(chan->chan_policy, (u32 __user *) optval))
578 err = -EFAULT;
579 break;
580
581 case BT_SNDMTU:
582 if (!bdaddr_type_is_le(chan->src_type)) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (sk->sk_state != BT_CONNECTED) {
588 err = -ENOTCONN;
589 break;
590 }
591
592 if (put_user(chan->omtu, (u16 __user *) optval))
593 err = -EFAULT;
594 break;
595
596 case BT_RCVMTU:
597 if (!bdaddr_type_is_le(chan->src_type)) {
598 err = -EINVAL;
599 break;
600 }
601
602 if (put_user(chan->imtu, (u16 __user *) optval))
603 err = -EFAULT;
604 break;
605
606 default:
607 err = -ENOPROTOOPT;
608 break;
609 }
610
611 release_sock(sk);
612 return err;
613}
614
615static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
616{
617 switch (chan->scid) {
618 case L2CAP_CID_ATT:
619 if (mtu < L2CAP_LE_MIN_MTU)
620 return false;
621 break;
622
623 default:
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625 return false;
626 }
627
628 return true;
629}
630
631static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
633{
634 struct sock *sk = sock->sk;
635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636 struct l2cap_options opts;
637 int len, err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case L2CAP_OPTIONS:
646 if (bdaddr_type_is_le(chan->src_type)) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (sk->sk_state == BT_CONNECTED) {
652 err = -EINVAL;
653 break;
654 }
655
656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
662 opts.txwin_size = chan->tx_win;
663
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
666 err = -EFAULT;
667 break;
668 }
669
670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
671 err = -EINVAL;
672 break;
673 }
674
675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
676 err = -EINVAL;
677 break;
678 }
679
680 chan->mode = opts.mode;
681 switch (chan->mode) {
682 case L2CAP_MODE_LE_FLOWCTL:
683 break;
684 case L2CAP_MODE_BASIC:
685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
686 break;
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
689 if (!disable_ertm)
690 break;
691 /* fall through */
692 default:
693 err = -EINVAL;
694 break;
695 }
696
697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
701 chan->tx_win = opts.txwin_size;
702 chan->flush_to = opts.flush_to;
703 break;
704
705 case L2CAP_LM:
706 if (get_user(opt, (u32 __user *) optval)) {
707 err = -EFAULT;
708 break;
709 }
710
711 if (opt & L2CAP_LM_FIPS) {
712 err = -EINVAL;
713 break;
714 }
715
716 if (opt & L2CAP_LM_AUTH)
717 chan->sec_level = BT_SECURITY_LOW;
718 if (opt & L2CAP_LM_ENCRYPT)
719 chan->sec_level = BT_SECURITY_MEDIUM;
720 if (opt & L2CAP_LM_SECURE)
721 chan->sec_level = BT_SECURITY_HIGH;
722
723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
725 else
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
727
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
730 else
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
732 break;
733
734 default:
735 err = -ENOPROTOOPT;
736 break;
737 }
738
739 release_sock(sk);
740 return err;
741}
742
743static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
745{
746 struct sock *sk = sock->sk;
747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748 struct bt_security sec;
749 struct bt_power pwr;
750 struct l2cap_conn *conn;
751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
758
759 if (level != SOL_BLUETOOTH)
760 return -ENOPROTOOPT;
761
762 lock_sock(sk);
763
764 switch (optname) {
765 case BT_SECURITY:
766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767 chan->chan_type != L2CAP_CHAN_FIXED &&
768 chan->chan_type != L2CAP_CHAN_RAW) {
769 err = -EINVAL;
770 break;
771 }
772
773 sec.level = BT_SECURITY_LOW;
774
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
777 err = -EFAULT;
778 break;
779 }
780
781 if (sec.level < BT_SECURITY_LOW ||
782 sec.level > BT_SECURITY_FIPS) {
783 err = -EINVAL;
784 break;
785 }
786
787 chan->sec_level = sec.level;
788
789 if (!chan->conn)
790 break;
791
792 conn = chan->conn;
793
794 /* change security for LE channels */
795 if (chan->scid == L2CAP_CID_ATT) {
796 if (smp_conn_security(conn->hcon, sec.level)) {
797 err = -EINVAL;
798 break;
799 }
800
801 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
802 sk->sk_state = BT_CONFIG;
803 chan->state = BT_CONFIG;
804
805 /* or for ACL link */
806 } else if ((sk->sk_state == BT_CONNECT2 &&
807 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
808 sk->sk_state == BT_CONNECTED) {
809 if (!l2cap_chan_check_security(chan, true))
810 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
811 else
812 sk->sk_state_change(sk);
813 } else {
814 err = -EINVAL;
815 }
816 break;
817
818 case BT_DEFER_SETUP:
819 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
820 err = -EINVAL;
821 break;
822 }
823
824 if (get_user(opt, (u32 __user *) optval)) {
825 err = -EFAULT;
826 break;
827 }
828
829 if (opt) {
830 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831 set_bit(FLAG_DEFER_SETUP, &chan->flags);
832 } else {
833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
835 }
836 break;
837
838 case BT_FLUSHABLE:
839 if (get_user(opt, (u32 __user *) optval)) {
840 err = -EFAULT;
841 break;
842 }
843
844 if (opt > BT_FLUSHABLE_ON) {
845 err = -EINVAL;
846 break;
847 }
848
849 if (opt == BT_FLUSHABLE_OFF) {
850 conn = chan->conn;
851 /* proceed further only when we have l2cap_conn and
852 No Flush support in the LM */
853 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
854 err = -EINVAL;
855 break;
856 }
857 }
858
859 if (opt)
860 set_bit(FLAG_FLUSHABLE, &chan->flags);
861 else
862 clear_bit(FLAG_FLUSHABLE, &chan->flags);
863 break;
864
865 case BT_POWER:
866 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
867 chan->chan_type != L2CAP_CHAN_RAW) {
868 err = -EINVAL;
869 break;
870 }
871
872 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
873
874 len = min_t(unsigned int, sizeof(pwr), optlen);
875 if (copy_from_user((char *) &pwr, optval, len)) {
876 err = -EFAULT;
877 break;
878 }
879
880 if (pwr.force_active)
881 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
882 else
883 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
884 break;
885
886 case BT_CHANNEL_POLICY:
887 if (get_user(opt, (u32 __user *) optval)) {
888 err = -EFAULT;
889 break;
890 }
891
892 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
893 err = -EINVAL;
894 break;
895 }
896
897 if (chan->mode != L2CAP_MODE_ERTM &&
898 chan->mode != L2CAP_MODE_STREAMING) {
899 err = -EOPNOTSUPP;
900 break;
901 }
902
903 chan->chan_policy = (u8) opt;
904
905 if (sk->sk_state == BT_CONNECTED &&
906 chan->move_role == L2CAP_MOVE_ROLE_NONE)
907 l2cap_move_start(chan);
908
909 break;
910
911 case BT_SNDMTU:
912 if (!bdaddr_type_is_le(chan->src_type)) {
913 err = -EINVAL;
914 break;
915 }
916
917 /* Setting is not supported as it's the remote side that
918 * decides this.
919 */
920 err = -EPERM;
921 break;
922
923 case BT_RCVMTU:
924 if (!bdaddr_type_is_le(chan->src_type)) {
925 err = -EINVAL;
926 break;
927 }
928
929 if (sk->sk_state == BT_CONNECTED) {
930 err = -EISCONN;
931 break;
932 }
933
934 if (get_user(opt, (u16 __user *) optval)) {
935 err = -EFAULT;
936 break;
937 }
938
939 chan->imtu = opt;
940 break;
941
942 default:
943 err = -ENOPROTOOPT;
944 break;
945 }
946
947 release_sock(sk);
948 return err;
949}
950
951static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
952 size_t len)
953{
954 struct sock *sk = sock->sk;
955 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
956 int err;
957
958 BT_DBG("sock %p, sk %p", sock, sk);
959
960 err = sock_error(sk);
961 if (err)
962 return err;
963
964 if (msg->msg_flags & MSG_OOB)
965 return -EOPNOTSUPP;
966
967 if (sk->sk_state != BT_CONNECTED)
968 return -ENOTCONN;
969
970 lock_sock(sk);
971 err = bt_sock_wait_ready(sk, msg->msg_flags);
972 release_sock(sk);
973 if (err)
974 return err;
975
976 l2cap_chan_lock(chan);
977 err = l2cap_chan_send(chan, msg, len);
978 l2cap_chan_unlock(chan);
979
980 return err;
981}
982
983static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
984 size_t len, int flags)
985{
986 struct sock *sk = sock->sk;
987 struct l2cap_pinfo *pi = l2cap_pi(sk);
988 int err;
989
990 lock_sock(sk);
991
992 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
993 &bt_sk(sk)->flags)) {
994 if (bdaddr_type_is_le(pi->chan->src_type)) {
995 sk->sk_state = BT_CONNECTED;
996 pi->chan->state = BT_CONNECTED;
997 __l2cap_le_connect_rsp_defer(pi->chan);
998 } else {
999 sk->sk_state = BT_CONFIG;
1000 pi->chan->state = BT_CONFIG;
1001 __l2cap_connect_rsp_defer(pi->chan);
1002 }
1003
1004 err = 0;
1005 goto done;
1006 }
1007
1008 release_sock(sk);
1009
1010 if (sock->type == SOCK_STREAM)
1011 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1012 else
1013 err = bt_sock_recvmsg(sock, msg, len, flags);
1014
1015 if (pi->chan->mode != L2CAP_MODE_ERTM)
1016 return err;
1017
1018 /* Attempt to put pending rx data in the socket buffer */
1019
1020 lock_sock(sk);
1021
1022 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1023 goto done;
1024
1025 if (pi->rx_busy_skb) {
1026 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1027 pi->rx_busy_skb = NULL;
1028 else
1029 goto done;
1030 }
1031
1032 /* Restore data flow when half of the receive buffer is
1033 * available. This avoids resending large numbers of
1034 * frames.
1035 */
1036 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1037 l2cap_chan_busy(pi->chan, 0);
1038
1039done:
1040 release_sock(sk);
1041 return err;
1042}
1043
1044/* Kill socket (only if zapped and orphan)
1045 * Must be called on unlocked socket.
1046 */
1047static void l2cap_sock_kill(struct sock *sk)
1048{
1049 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1050 return;
1051
1052 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1053
1054 /* Kill poor orphan */
1055
1056 l2cap_chan_put(l2cap_pi(sk)->chan);
1057 sock_set_flag(sk, SOCK_DEAD);
1058 sock_put(sk);
1059}
1060
1061static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1062{
1063 DECLARE_WAITQUEUE(wait, current);
1064 int err = 0;
1065 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1066 /* Timeout to prevent infinite loop */
1067 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1068
1069 add_wait_queue(sk_sleep(sk), &wait);
1070 set_current_state(TASK_INTERRUPTIBLE);
1071 do {
1072 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1073 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1074 jiffies_to_msecs(timeout - jiffies));
1075
1076 if (!timeo)
1077 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1078
1079 if (signal_pending(current)) {
1080 err = sock_intr_errno(timeo);
1081 break;
1082 }
1083
1084 release_sock(sk);
1085 timeo = schedule_timeout(timeo);
1086 lock_sock(sk);
1087 set_current_state(TASK_INTERRUPTIBLE);
1088
1089 err = sock_error(sk);
1090 if (err)
1091 break;
1092
1093 if (time_after(jiffies, timeout)) {
1094 err = -ENOLINK;
1095 break;
1096 }
1097
1098 } while (chan->unacked_frames > 0 &&
1099 chan->state == BT_CONNECTED);
1100
1101 set_current_state(TASK_RUNNING);
1102 remove_wait_queue(sk_sleep(sk), &wait);
1103 return err;
1104}
1105
1106static int l2cap_sock_shutdown(struct socket *sock, int how)
1107{
1108 struct sock *sk = sock->sk;
1109 struct l2cap_chan *chan;
1110 struct l2cap_conn *conn;
1111 int err = 0;
1112
1113 BT_DBG("sock %p, sk %p", sock, sk);
1114
1115 if (!sk)
1116 return 0;
1117
1118 lock_sock(sk);
1119
1120 if (sk->sk_shutdown)
1121 goto shutdown_already;
1122
1123 BT_DBG("Handling sock shutdown");
1124
1125 /* prevent sk structure from being freed whilst unlocked */
1126 sock_hold(sk);
1127
1128 chan = l2cap_pi(sk)->chan;
1129 /* prevent chan structure from being freed whilst unlocked */
1130 l2cap_chan_hold(chan);
1131
1132 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1133
1134 if (chan->mode == L2CAP_MODE_ERTM &&
1135 chan->unacked_frames > 0 &&
1136 chan->state == BT_CONNECTED) {
1137 err = __l2cap_wait_ack(sk, chan);
1138
1139 /* After waiting for ACKs, check whether shutdown
1140 * has already been actioned to close the L2CAP
1141 * link such as by l2cap_disconnection_req().
1142 */
1143 if (sk->sk_shutdown)
1144 goto has_shutdown;
1145 }
1146
1147 sk->sk_shutdown = SHUTDOWN_MASK;
1148 release_sock(sk);
1149
1150 l2cap_chan_lock(chan);
1151 conn = chan->conn;
1152 if (conn)
1153 /* prevent conn structure from being freed */
1154 l2cap_conn_get(conn);
1155 l2cap_chan_unlock(chan);
1156
1157 if (conn)
1158 /* mutex lock must be taken before l2cap_chan_lock() */
1159 mutex_lock(&conn->chan_lock);
1160
1161 l2cap_chan_lock(chan);
1162 l2cap_chan_close(chan, 0);
1163 l2cap_chan_unlock(chan);
1164
1165 if (conn) {
1166 mutex_unlock(&conn->chan_lock);
1167 l2cap_conn_put(conn);
1168 }
1169
1170 lock_sock(sk);
1171
1172 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1173 !(current->flags & PF_EXITING))
1174 err = bt_sock_wait_state(sk, BT_CLOSED,
1175 sk->sk_lingertime);
1176
1177has_shutdown:
1178 l2cap_chan_put(chan);
1179 sock_put(sk);
1180
1181shutdown_already:
1182 if (!err && sk->sk_err)
1183 err = -sk->sk_err;
1184
1185 release_sock(sk);
1186
1187 BT_DBG("Sock shutdown complete err: %d", err);
1188
1189 return err;
1190}
1191
1192static int l2cap_sock_release(struct socket *sock)
1193{
1194 struct sock *sk = sock->sk;
1195 int err;
1196
1197 BT_DBG("sock %p, sk %p", sock, sk);
1198
1199 if (!sk)
1200 return 0;
1201
1202 bt_sock_unlink(&l2cap_sk_list, sk);
1203
1204 err = l2cap_sock_shutdown(sock, 2);
1205
1206 sock_orphan(sk);
1207 l2cap_sock_kill(sk);
1208 return err;
1209}
1210
1211static void l2cap_sock_cleanup_listen(struct sock *parent)
1212{
1213 struct sock *sk;
1214
1215 BT_DBG("parent %p state %s", parent,
1216 state_to_string(parent->sk_state));
1217
1218 /* Close not yet accepted channels */
1219 while ((sk = bt_accept_dequeue(parent, NULL))) {
1220 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1221
1222 BT_DBG("child chan %p state %s", chan,
1223 state_to_string(chan->state));
1224
1225 l2cap_chan_lock(chan);
1226 __clear_chan_timer(chan);
1227 l2cap_chan_close(chan, ECONNRESET);
1228 l2cap_chan_unlock(chan);
1229
1230 l2cap_sock_kill(sk);
1231 }
1232}
1233
1234static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1235{
1236 struct sock *sk, *parent = chan->data;
1237
1238 lock_sock(parent);
1239
1240 /* Check for backlog size */
1241 if (sk_acceptq_is_full(parent)) {
1242 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1243 release_sock(parent);
1244 return NULL;
1245 }
1246
1247 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1248 GFP_ATOMIC, 0);
1249 if (!sk) {
1250 release_sock(parent);
1251 return NULL;
1252 }
1253
1254 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1255
1256 l2cap_sock_init(sk, parent);
1257
1258 bt_accept_enqueue(parent, sk, false);
1259
1260 release_sock(parent);
1261
1262 return l2cap_pi(sk)->chan;
1263}
1264
1265static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1266{
1267 struct sock *sk = chan->data;
1268 int err;
1269
1270 lock_sock(sk);
1271
1272 if (l2cap_pi(sk)->rx_busy_skb) {
1273 err = -ENOMEM;
1274 goto done;
1275 }
1276
1277 if (chan->mode != L2CAP_MODE_ERTM &&
1278 chan->mode != L2CAP_MODE_STREAMING) {
1279 /* Even if no filter is attached, we could potentially
1280 * get errors from security modules, etc.
1281 */
1282 err = sk_filter(sk, skb);
1283 if (err)
1284 goto done;
1285 }
1286
1287 err = __sock_queue_rcv_skb(sk, skb);
1288
1289 /* For ERTM, handle one skb that doesn't fit into the recv
1290 * buffer. This is important to do because the data frames
1291 * have already been acked, so the skb cannot be discarded.
1292 *
1293 * Notify the l2cap core that the buffer is full, so the
1294 * LOCAL_BUSY state is entered and no more frames are
1295 * acked and reassembled until there is buffer space
1296 * available.
1297 */
1298 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1299 l2cap_pi(sk)->rx_busy_skb = skb;
1300 l2cap_chan_busy(chan, 1);
1301 err = 0;
1302 }
1303
1304done:
1305 release_sock(sk);
1306
1307 return err;
1308}
1309
1310static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1311{
1312 struct sock *sk = chan->data;
1313
1314 l2cap_sock_kill(sk);
1315}
1316
1317static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1318{
1319 struct sock *sk = chan->data;
1320 struct sock *parent;
1321
1322 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1323
1324 /* This callback can be called both for server (BT_LISTEN)
1325 * sockets as well as "normal" ones. To avoid lockdep warnings
1326 * with child socket locking (through l2cap_sock_cleanup_listen)
1327 * we need separation into separate nesting levels. The simplest
1328 * way to accomplish this is to inherit the nesting level used
1329 * for the channel.
1330 */
1331 lock_sock_nested(sk, atomic_read(&chan->nesting));
1332
1333 parent = bt_sk(sk)->parent;
1334
1335 sock_set_flag(sk, SOCK_ZAPPED);
1336
1337 switch (chan->state) {
1338 case BT_OPEN:
1339 case BT_BOUND:
1340 case BT_CLOSED:
1341 break;
1342 case BT_LISTEN:
1343 l2cap_sock_cleanup_listen(sk);
1344 sk->sk_state = BT_CLOSED;
1345 chan->state = BT_CLOSED;
1346
1347 break;
1348 default:
1349 sk->sk_state = BT_CLOSED;
1350 chan->state = BT_CLOSED;
1351
1352 sk->sk_err = err;
1353
1354 if (parent) {
1355 bt_accept_unlink(sk);
1356 parent->sk_data_ready(parent);
1357 } else {
1358 sk->sk_state_change(sk);
1359 }
1360
1361 break;
1362 }
1363
1364 release_sock(sk);
1365}
1366
1367static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1368 int err)
1369{
1370 struct sock *sk = chan->data;
1371
1372 sk->sk_state = state;
1373
1374 if (err)
1375 sk->sk_err = err;
1376}
1377
1378static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1379 unsigned long hdr_len,
1380 unsigned long len, int nb)
1381{
1382 struct sock *sk = chan->data;
1383 struct sk_buff *skb;
1384 int err;
1385
1386 l2cap_chan_unlock(chan);
1387 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1388 l2cap_chan_lock(chan);
1389
1390 if (!skb)
1391 return ERR_PTR(err);
1392
1393 skb->priority = sk->sk_priority;
1394
1395 bt_cb(skb)->l2cap.chan = chan;
1396
1397 return skb;
1398}
1399
1400static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1401{
1402 struct sock *sk = chan->data;
1403 struct sock *parent;
1404
1405 lock_sock(sk);
1406
1407 parent = bt_sk(sk)->parent;
1408
1409 BT_DBG("sk %p, parent %p", sk, parent);
1410
1411 sk->sk_state = BT_CONNECTED;
1412 sk->sk_state_change(sk);
1413
1414 if (parent)
1415 parent->sk_data_ready(parent);
1416
1417 release_sock(sk);
1418}
1419
1420static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1421{
1422 struct sock *parent, *sk = chan->data;
1423
1424 lock_sock(sk);
1425
1426 parent = bt_sk(sk)->parent;
1427 if (parent)
1428 parent->sk_data_ready(parent);
1429
1430 release_sock(sk);
1431}
1432
1433static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1434{
1435 struct sock *sk = chan->data;
1436
1437 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1438 sk->sk_state = BT_CONNECTED;
1439 chan->state = BT_CONNECTED;
1440 }
1441
1442 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1443 sk->sk_state_change(sk);
1444}
1445
1446static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1447{
1448 struct sock *sk = chan->data;
1449
1450 lock_sock(sk);
1451 sk->sk_shutdown = SHUTDOWN_MASK;
1452 release_sock(sk);
1453}
1454
1455static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1456{
1457 struct sock *sk = chan->data;
1458
1459 return sk->sk_sndtimeo;
1460}
1461
1462static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1463{
1464 struct sock *sk = chan->data;
1465
1466 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1467 sk->sk_state_change(sk);
1468}
1469
1470static const struct l2cap_ops l2cap_chan_ops = {
1471 .name = "L2CAP Socket Interface",
1472 .new_connection = l2cap_sock_new_connection_cb,
1473 .recv = l2cap_sock_recv_cb,
1474 .close = l2cap_sock_close_cb,
1475 .teardown = l2cap_sock_teardown_cb,
1476 .state_change = l2cap_sock_state_change_cb,
1477 .ready = l2cap_sock_ready_cb,
1478 .defer = l2cap_sock_defer_cb,
1479 .resume = l2cap_sock_resume_cb,
1480 .suspend = l2cap_sock_suspend_cb,
1481 .set_shutdown = l2cap_sock_set_shutdown_cb,
1482 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1483 .alloc_skb = l2cap_sock_alloc_skb_cb,
1484};
1485
1486static void l2cap_sock_destruct(struct sock *sk)
1487{
1488 BT_DBG("sk %p", sk);
1489
1490 if (l2cap_pi(sk)->chan)
1491 l2cap_chan_put(l2cap_pi(sk)->chan);
1492
1493 if (l2cap_pi(sk)->rx_busy_skb) {
1494 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1495 l2cap_pi(sk)->rx_busy_skb = NULL;
1496 }
1497
1498 skb_queue_purge(&sk->sk_receive_queue);
1499 skb_queue_purge(&sk->sk_write_queue);
1500}
1501
1502static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1503 int *msg_namelen)
1504{
1505 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1506
1507 memset(la, 0, sizeof(struct sockaddr_l2));
1508 la->l2_family = AF_BLUETOOTH;
1509 la->l2_psm = bt_cb(skb)->l2cap.psm;
1510 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1511
1512 *msg_namelen = sizeof(struct sockaddr_l2);
1513}
1514
1515static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1516{
1517 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1518
1519 BT_DBG("sk %p", sk);
1520
1521 if (parent) {
1522 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1523
1524 sk->sk_type = parent->sk_type;
1525 bt_sk(sk)->flags = bt_sk(parent)->flags;
1526
1527 chan->chan_type = pchan->chan_type;
1528 chan->imtu = pchan->imtu;
1529 chan->omtu = pchan->omtu;
1530 chan->conf_state = pchan->conf_state;
1531 chan->mode = pchan->mode;
1532 chan->fcs = pchan->fcs;
1533 chan->max_tx = pchan->max_tx;
1534 chan->tx_win = pchan->tx_win;
1535 chan->tx_win_max = pchan->tx_win_max;
1536 chan->sec_level = pchan->sec_level;
1537 chan->flags = pchan->flags;
1538 chan->tx_credits = pchan->tx_credits;
1539 chan->rx_credits = pchan->rx_credits;
1540
1541 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1542 chan->scid = pchan->scid;
1543 chan->dcid = pchan->scid;
1544 }
1545
1546 security_sk_clone(parent, sk);
1547 } else {
1548 switch (sk->sk_type) {
1549 case SOCK_RAW:
1550 chan->chan_type = L2CAP_CHAN_RAW;
1551 break;
1552 case SOCK_DGRAM:
1553 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1554 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1555 break;
1556 case SOCK_SEQPACKET:
1557 case SOCK_STREAM:
1558 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1559 break;
1560 }
1561
1562 chan->imtu = L2CAP_DEFAULT_MTU;
1563 chan->omtu = 0;
1564 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1565 chan->mode = L2CAP_MODE_ERTM;
1566 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1567 } else {
1568 chan->mode = L2CAP_MODE_BASIC;
1569 }
1570
1571 l2cap_chan_set_defaults(chan);
1572 }
1573
1574 /* Default config options */
1575 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1576
1577 chan->data = sk;
1578 chan->ops = &l2cap_chan_ops;
1579}
1580
1581static struct proto l2cap_proto = {
1582 .name = "L2CAP",
1583 .owner = THIS_MODULE,
1584 .obj_size = sizeof(struct l2cap_pinfo)
1585};
1586
1587static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1588 int proto, gfp_t prio, int kern)
1589{
1590 struct sock *sk;
1591 struct l2cap_chan *chan;
1592
1593 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1594 if (!sk)
1595 return NULL;
1596
1597 sock_init_data(sock, sk);
1598 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1599
1600 sk->sk_destruct = l2cap_sock_destruct;
1601 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1602
1603 sock_reset_flag(sk, SOCK_ZAPPED);
1604
1605 sk->sk_protocol = proto;
1606 sk->sk_state = BT_OPEN;
1607
1608 chan = l2cap_chan_create();
1609 if (!chan) {
1610 sk_free(sk);
1611 return NULL;
1612 }
1613
1614 l2cap_chan_hold(chan);
1615
1616 l2cap_pi(sk)->chan = chan;
1617
1618 return sk;
1619}
1620
1621static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1622 int kern)
1623{
1624 struct sock *sk;
1625
1626 BT_DBG("sock %p", sock);
1627
1628 sock->state = SS_UNCONNECTED;
1629
1630 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1631 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1632 return -ESOCKTNOSUPPORT;
1633
1634 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1635 return -EPERM;
1636
1637 sock->ops = &l2cap_sock_ops;
1638
1639 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1640 if (!sk)
1641 return -ENOMEM;
1642
1643 l2cap_sock_init(sk, NULL);
1644 bt_sock_link(&l2cap_sk_list, sk);
1645 return 0;
1646}
1647
1648static const struct proto_ops l2cap_sock_ops = {
1649 .family = PF_BLUETOOTH,
1650 .owner = THIS_MODULE,
1651 .release = l2cap_sock_release,
1652 .bind = l2cap_sock_bind,
1653 .connect = l2cap_sock_connect,
1654 .listen = l2cap_sock_listen,
1655 .accept = l2cap_sock_accept,
1656 .getname = l2cap_sock_getname,
1657 .sendmsg = l2cap_sock_sendmsg,
1658 .recvmsg = l2cap_sock_recvmsg,
1659 .poll = bt_sock_poll,
1660 .ioctl = bt_sock_ioctl,
1661 .gettstamp = sock_gettstamp,
1662 .mmap = sock_no_mmap,
1663 .socketpair = sock_no_socketpair,
1664 .shutdown = l2cap_sock_shutdown,
1665 .setsockopt = l2cap_sock_setsockopt,
1666 .getsockopt = l2cap_sock_getsockopt
1667};
1668
1669static const struct net_proto_family l2cap_sock_family_ops = {
1670 .family = PF_BLUETOOTH,
1671 .owner = THIS_MODULE,
1672 .create = l2cap_sock_create,
1673};
1674
1675int __init l2cap_init_sockets(void)
1676{
1677 int err;
1678
1679 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1680
1681 err = proto_register(&l2cap_proto, 0);
1682 if (err < 0)
1683 return err;
1684
1685 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1686 if (err < 0) {
1687 BT_ERR("L2CAP socket registration failed");
1688 goto error;
1689 }
1690
1691 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1692 NULL);
1693 if (err < 0) {
1694 BT_ERR("Failed to create L2CAP proc file");
1695 bt_sock_unregister(BTPROTO_L2CAP);
1696 goto error;
1697 }
1698
1699 BT_INFO("L2CAP socket layer initialized");
1700
1701 return 0;
1702
1703error:
1704 proto_unregister(&l2cap_proto);
1705 return err;
1706}
1707
1708void l2cap_cleanup_sockets(void)
1709{
1710 bt_procfs_cleanup(&init_net, "l2cap");
1711 bt_sock_unregister(BTPROTO_L2CAP);
1712 proto_unregister(&l2cap_proto);
1713}
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
6 Copyright (C) 2011 ProFUSION Embedded Systems
7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/filter.h>
33#include <linux/sched/signal.h>
34
35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h>
37#include <net/bluetooth/l2cap.h>
38
39#include "smp.h"
40
41static struct bt_sock_list l2cap_sk_list = {
42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
43};
44
45static const struct proto_ops l2cap_sock_ops;
46static void l2cap_sock_init(struct sock *sk, struct sock *parent);
47static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
48 int proto, gfp_t prio, int kern);
49
50bool l2cap_is_socket(struct socket *sock)
51{
52 return sock && sock->ops == &l2cap_sock_ops;
53}
54EXPORT_SYMBOL(l2cap_is_socket);
55
56static int l2cap_validate_bredr_psm(u16 psm)
57{
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
60 return -EINVAL;
61
62 /* Restrict usage of well-known PSMs */
63 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
64 return -EACCES;
65
66 return 0;
67}
68
69static int l2cap_validate_le_psm(u16 psm)
70{
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
72 if (psm > L2CAP_PSM_LE_DYN_END)
73 return -EINVAL;
74
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
77 return -EACCES;
78
79 return 0;
80}
81
82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
83{
84 struct sock *sk = sock->sk;
85 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
86 struct sockaddr_l2 la;
87 int len, err = 0;
88
89 BT_DBG("sk %p", sk);
90
91 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
92 addr->sa_family != AF_BLUETOOTH)
93 return -EINVAL;
94
95 memset(&la, 0, sizeof(la));
96 len = min_t(unsigned int, sizeof(la), alen);
97 memcpy(&la, addr, len);
98
99 if (la.l2_cid && la.l2_psm)
100 return -EINVAL;
101
102 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
103 return -EINVAL;
104
105 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
106 /* We only allow ATT user space socket */
107 if (la.l2_cid &&
108 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
109 return -EINVAL;
110 }
111
112 lock_sock(sk);
113
114 if (sk->sk_state != BT_OPEN) {
115 err = -EBADFD;
116 goto done;
117 }
118
119 if (la.l2_psm) {
120 __u16 psm = __le16_to_cpu(la.l2_psm);
121
122 if (la.l2_bdaddr_type == BDADDR_BREDR)
123 err = l2cap_validate_bredr_psm(psm);
124 else
125 err = l2cap_validate_le_psm(psm);
126
127 if (err)
128 goto done;
129 }
130
131 bacpy(&chan->src, &la.l2_bdaddr);
132 chan->src_type = la.l2_bdaddr_type;
133
134 if (la.l2_cid)
135 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
136 else
137 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
138
139 if (err < 0)
140 goto done;
141
142 switch (chan->chan_type) {
143 case L2CAP_CHAN_CONN_LESS:
144 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
145 chan->sec_level = BT_SECURITY_SDP;
146 break;
147 case L2CAP_CHAN_CONN_ORIENTED:
148 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
149 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
150 chan->sec_level = BT_SECURITY_SDP;
151 break;
152 case L2CAP_CHAN_RAW:
153 chan->sec_level = BT_SECURITY_SDP;
154 break;
155 case L2CAP_CHAN_FIXED:
156 /* Fixed channels default to the L2CAP core not holding a
157 * hci_conn reference for them. For fixed channels mapping to
158 * L2CAP sockets we do want to hold a reference so set the
159 * appropriate flag to request it.
160 */
161 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
162 break;
163 }
164
165 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
166 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
167 */
168 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
169 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
170 chan->mode = L2CAP_MODE_LE_FLOWCTL;
171
172 chan->state = BT_BOUND;
173 sk->sk_state = BT_BOUND;
174
175done:
176 release_sock(sk);
177 return err;
178}
179
180static void l2cap_sock_init_pid(struct sock *sk)
181{
182 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
183
184 /* Only L2CAP_MODE_EXT_FLOWCTL ever need to access the PID in order to
185 * group the channels being requested.
186 */
187 if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
188 return;
189
190 spin_lock(&sk->sk_peer_lock);
191 sk->sk_peer_pid = get_pid(task_tgid(current));
192 spin_unlock(&sk->sk_peer_lock);
193}
194
195static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
196 int alen, int flags)
197{
198 struct sock *sk = sock->sk;
199 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
200 struct sockaddr_l2 la;
201 int len, err = 0;
202 bool zapped;
203
204 BT_DBG("sk %p", sk);
205
206 lock_sock(sk);
207 zapped = sock_flag(sk, SOCK_ZAPPED);
208 release_sock(sk);
209
210 if (zapped)
211 return -EINVAL;
212
213 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
214 addr->sa_family != AF_BLUETOOTH)
215 return -EINVAL;
216
217 memset(&la, 0, sizeof(la));
218 len = min_t(unsigned int, sizeof(la), alen);
219 memcpy(&la, addr, len);
220
221 if (la.l2_cid && la.l2_psm)
222 return -EINVAL;
223
224 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
225 return -EINVAL;
226
227 /* Check that the socket wasn't bound to something that
228 * conflicts with the address given to connect(). If chan->src
229 * is BDADDR_ANY it means bind() was never used, in which case
230 * chan->src_type and la.l2_bdaddr_type do not need to match.
231 */
232 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
233 bdaddr_type_is_le(la.l2_bdaddr_type)) {
234 /* Old user space versions will try to incorrectly bind
235 * the ATT socket using BDADDR_BREDR. We need to accept
236 * this and fix up the source address type only when
237 * both the source CID and destination CID indicate
238 * ATT. Anything else is an invalid combination.
239 */
240 if (chan->scid != L2CAP_CID_ATT ||
241 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
242 return -EINVAL;
243
244 /* We don't have the hdev available here to make a
245 * better decision on random vs public, but since all
246 * user space versions that exhibit this issue anyway do
247 * not support random local addresses assuming public
248 * here is good enough.
249 */
250 chan->src_type = BDADDR_LE_PUBLIC;
251 }
252
253 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
254 return -EINVAL;
255
256 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
257 /* We only allow ATT user space socket */
258 if (la.l2_cid &&
259 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
260 return -EINVAL;
261 }
262
263 /* Use L2CAP_MODE_LE_FLOWCTL (CoC) in case of LE address and
264 * L2CAP_MODE_EXT_FLOWCTL (ECRED) has not been set.
265 */
266 if (chan->psm && bdaddr_type_is_le(chan->src_type) &&
267 chan->mode != L2CAP_MODE_EXT_FLOWCTL)
268 chan->mode = L2CAP_MODE_LE_FLOWCTL;
269
270 l2cap_sock_init_pid(sk);
271
272 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
273 &la.l2_bdaddr, la.l2_bdaddr_type);
274 if (err)
275 return err;
276
277 lock_sock(sk);
278
279 err = bt_sock_wait_state(sk, BT_CONNECTED,
280 sock_sndtimeo(sk, flags & O_NONBLOCK));
281
282 release_sock(sk);
283
284 return err;
285}
286
287static int l2cap_sock_listen(struct socket *sock, int backlog)
288{
289 struct sock *sk = sock->sk;
290 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
291 int err = 0;
292
293 BT_DBG("sk %p backlog %d", sk, backlog);
294
295 lock_sock(sk);
296
297 if (sk->sk_state != BT_BOUND) {
298 err = -EBADFD;
299 goto done;
300 }
301
302 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
303 err = -EINVAL;
304 goto done;
305 }
306
307 switch (chan->mode) {
308 case L2CAP_MODE_BASIC:
309 case L2CAP_MODE_LE_FLOWCTL:
310 break;
311 case L2CAP_MODE_EXT_FLOWCTL:
312 if (!enable_ecred) {
313 err = -EOPNOTSUPP;
314 goto done;
315 }
316 break;
317 case L2CAP_MODE_ERTM:
318 case L2CAP_MODE_STREAMING:
319 if (!disable_ertm)
320 break;
321 fallthrough;
322 default:
323 err = -EOPNOTSUPP;
324 goto done;
325 }
326
327 l2cap_sock_init_pid(sk);
328
329 sk->sk_max_ack_backlog = backlog;
330 sk->sk_ack_backlog = 0;
331
332 /* Listening channels need to use nested locking in order not to
333 * cause lockdep warnings when the created child channels end up
334 * being locked in the same thread as the parent channel.
335 */
336 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
337
338 chan->state = BT_LISTEN;
339 sk->sk_state = BT_LISTEN;
340
341done:
342 release_sock(sk);
343 return err;
344}
345
346static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
347 int flags, bool kern)
348{
349 DEFINE_WAIT_FUNC(wait, woken_wake_function);
350 struct sock *sk = sock->sk, *nsk;
351 long timeo;
352 int err = 0;
353
354 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
355
356 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
357
358 BT_DBG("sk %p timeo %ld", sk, timeo);
359
360 /* Wait for an incoming connection. (wake-one). */
361 add_wait_queue_exclusive(sk_sleep(sk), &wait);
362 while (1) {
363 if (sk->sk_state != BT_LISTEN) {
364 err = -EBADFD;
365 break;
366 }
367
368 nsk = bt_accept_dequeue(sk, newsock);
369 if (nsk)
370 break;
371
372 if (!timeo) {
373 err = -EAGAIN;
374 break;
375 }
376
377 if (signal_pending(current)) {
378 err = sock_intr_errno(timeo);
379 break;
380 }
381
382 release_sock(sk);
383
384 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
385
386 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
387 }
388 remove_wait_queue(sk_sleep(sk), &wait);
389
390 if (err)
391 goto done;
392
393 newsock->state = SS_CONNECTED;
394
395 BT_DBG("new socket %p", nsk);
396
397done:
398 release_sock(sk);
399 return err;
400}
401
402static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
403 int peer)
404{
405 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
406 struct sock *sk = sock->sk;
407 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
408
409 BT_DBG("sock %p, sk %p", sock, sk);
410
411 if (peer && sk->sk_state != BT_CONNECTED &&
412 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
413 sk->sk_state != BT_CONFIG)
414 return -ENOTCONN;
415
416 memset(la, 0, sizeof(struct sockaddr_l2));
417 addr->sa_family = AF_BLUETOOTH;
418
419 la->l2_psm = chan->psm;
420
421 if (peer) {
422 bacpy(&la->l2_bdaddr, &chan->dst);
423 la->l2_cid = cpu_to_le16(chan->dcid);
424 la->l2_bdaddr_type = chan->dst_type;
425 } else {
426 bacpy(&la->l2_bdaddr, &chan->src);
427 la->l2_cid = cpu_to_le16(chan->scid);
428 la->l2_bdaddr_type = chan->src_type;
429 }
430
431 return sizeof(struct sockaddr_l2);
432}
433
434static int l2cap_get_mode(struct l2cap_chan *chan)
435{
436 switch (chan->mode) {
437 case L2CAP_MODE_BASIC:
438 return BT_MODE_BASIC;
439 case L2CAP_MODE_ERTM:
440 return BT_MODE_ERTM;
441 case L2CAP_MODE_STREAMING:
442 return BT_MODE_STREAMING;
443 case L2CAP_MODE_LE_FLOWCTL:
444 return BT_MODE_LE_FLOWCTL;
445 case L2CAP_MODE_EXT_FLOWCTL:
446 return BT_MODE_EXT_FLOWCTL;
447 }
448
449 return -EINVAL;
450}
451
452static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
453 char __user *optval, int __user *optlen)
454{
455 struct sock *sk = sock->sk;
456 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
457 struct l2cap_options opts;
458 struct l2cap_conninfo cinfo;
459 int len, err = 0;
460 u32 opt;
461
462 BT_DBG("sk %p", sk);
463
464 if (get_user(len, optlen))
465 return -EFAULT;
466
467 lock_sock(sk);
468
469 switch (optname) {
470 case L2CAP_OPTIONS:
471 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
472 * legacy ATT code depends on getsockopt for
473 * L2CAP_OPTIONS we need to let this pass.
474 */
475 if (bdaddr_type_is_le(chan->src_type) &&
476 chan->scid != L2CAP_CID_ATT) {
477 err = -EINVAL;
478 break;
479 }
480
481 /* Only BR/EDR modes are supported here */
482 switch (chan->mode) {
483 case L2CAP_MODE_BASIC:
484 case L2CAP_MODE_ERTM:
485 case L2CAP_MODE_STREAMING:
486 break;
487 default:
488 err = -EINVAL;
489 break;
490 }
491
492 if (err < 0)
493 break;
494
495 memset(&opts, 0, sizeof(opts));
496 opts.imtu = chan->imtu;
497 opts.omtu = chan->omtu;
498 opts.flush_to = chan->flush_to;
499 opts.mode = chan->mode;
500 opts.fcs = chan->fcs;
501 opts.max_tx = chan->max_tx;
502 opts.txwin_size = chan->tx_win;
503
504 BT_DBG("mode 0x%2.2x", chan->mode);
505
506 len = min_t(unsigned int, len, sizeof(opts));
507 if (copy_to_user(optval, (char *) &opts, len))
508 err = -EFAULT;
509
510 break;
511
512 case L2CAP_LM:
513 switch (chan->sec_level) {
514 case BT_SECURITY_LOW:
515 opt = L2CAP_LM_AUTH;
516 break;
517 case BT_SECURITY_MEDIUM:
518 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
519 break;
520 case BT_SECURITY_HIGH:
521 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
522 L2CAP_LM_SECURE;
523 break;
524 case BT_SECURITY_FIPS:
525 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
526 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
527 break;
528 default:
529 opt = 0;
530 break;
531 }
532
533 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
534 opt |= L2CAP_LM_MASTER;
535
536 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
537 opt |= L2CAP_LM_RELIABLE;
538
539 if (put_user(opt, (u32 __user *) optval))
540 err = -EFAULT;
541
542 break;
543
544 case L2CAP_CONNINFO:
545 if (sk->sk_state != BT_CONNECTED &&
546 !(sk->sk_state == BT_CONNECT2 &&
547 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
548 err = -ENOTCONN;
549 break;
550 }
551
552 memset(&cinfo, 0, sizeof(cinfo));
553 cinfo.hci_handle = chan->conn->hcon->handle;
554 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
555
556 len = min_t(unsigned int, len, sizeof(cinfo));
557 if (copy_to_user(optval, (char *) &cinfo, len))
558 err = -EFAULT;
559
560 break;
561
562 default:
563 err = -ENOPROTOOPT;
564 break;
565 }
566
567 release_sock(sk);
568 return err;
569}
570
571static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
572 char __user *optval, int __user *optlen)
573{
574 struct sock *sk = sock->sk;
575 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
576 struct bt_security sec;
577 struct bt_power pwr;
578 u32 phys;
579 int len, mode, err = 0;
580
581 BT_DBG("sk %p", sk);
582
583 if (level == SOL_L2CAP)
584 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
585
586 if (level != SOL_BLUETOOTH)
587 return -ENOPROTOOPT;
588
589 if (get_user(len, optlen))
590 return -EFAULT;
591
592 lock_sock(sk);
593
594 switch (optname) {
595 case BT_SECURITY:
596 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
597 chan->chan_type != L2CAP_CHAN_FIXED &&
598 chan->chan_type != L2CAP_CHAN_RAW) {
599 err = -EINVAL;
600 break;
601 }
602
603 memset(&sec, 0, sizeof(sec));
604 if (chan->conn) {
605 sec.level = chan->conn->hcon->sec_level;
606
607 if (sk->sk_state == BT_CONNECTED)
608 sec.key_size = chan->conn->hcon->enc_key_size;
609 } else {
610 sec.level = chan->sec_level;
611 }
612
613 len = min_t(unsigned int, len, sizeof(sec));
614 if (copy_to_user(optval, (char *) &sec, len))
615 err = -EFAULT;
616
617 break;
618
619 case BT_DEFER_SETUP:
620 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
621 err = -EINVAL;
622 break;
623 }
624
625 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
626 (u32 __user *) optval))
627 err = -EFAULT;
628
629 break;
630
631 case BT_FLUSHABLE:
632 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
633 (u32 __user *) optval))
634 err = -EFAULT;
635
636 break;
637
638 case BT_POWER:
639 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
640 && sk->sk_type != SOCK_RAW) {
641 err = -EINVAL;
642 break;
643 }
644
645 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
646
647 len = min_t(unsigned int, len, sizeof(pwr));
648 if (copy_to_user(optval, (char *) &pwr, len))
649 err = -EFAULT;
650
651 break;
652
653 case BT_CHANNEL_POLICY:
654 if (put_user(chan->chan_policy, (u32 __user *) optval))
655 err = -EFAULT;
656 break;
657
658 case BT_SNDMTU:
659 if (!bdaddr_type_is_le(chan->src_type)) {
660 err = -EINVAL;
661 break;
662 }
663
664 if (sk->sk_state != BT_CONNECTED) {
665 err = -ENOTCONN;
666 break;
667 }
668
669 if (put_user(chan->omtu, (u16 __user *) optval))
670 err = -EFAULT;
671 break;
672
673 case BT_RCVMTU:
674 if (!bdaddr_type_is_le(chan->src_type)) {
675 err = -EINVAL;
676 break;
677 }
678
679 if (put_user(chan->imtu, (u16 __user *) optval))
680 err = -EFAULT;
681 break;
682
683 case BT_PHY:
684 if (sk->sk_state != BT_CONNECTED) {
685 err = -ENOTCONN;
686 break;
687 }
688
689 phys = hci_conn_get_phy(chan->conn->hcon);
690
691 if (put_user(phys, (u32 __user *) optval))
692 err = -EFAULT;
693 break;
694
695 case BT_MODE:
696 if (!enable_ecred) {
697 err = -ENOPROTOOPT;
698 break;
699 }
700
701 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
702 err = -EINVAL;
703 break;
704 }
705
706 mode = l2cap_get_mode(chan);
707 if (mode < 0) {
708 err = mode;
709 break;
710 }
711
712 if (put_user(mode, (u8 __user *) optval))
713 err = -EFAULT;
714 break;
715
716 default:
717 err = -ENOPROTOOPT;
718 break;
719 }
720
721 release_sock(sk);
722 return err;
723}
724
725static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
726{
727 switch (chan->scid) {
728 case L2CAP_CID_ATT:
729 if (mtu < L2CAP_LE_MIN_MTU)
730 return false;
731 break;
732
733 default:
734 if (mtu < L2CAP_DEFAULT_MIN_MTU)
735 return false;
736 }
737
738 return true;
739}
740
741static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
742 sockptr_t optval, unsigned int optlen)
743{
744 struct sock *sk = sock->sk;
745 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
746 struct l2cap_options opts;
747 int len, err = 0;
748 u32 opt;
749
750 BT_DBG("sk %p", sk);
751
752 lock_sock(sk);
753
754 switch (optname) {
755 case L2CAP_OPTIONS:
756 if (bdaddr_type_is_le(chan->src_type)) {
757 err = -EINVAL;
758 break;
759 }
760
761 if (sk->sk_state == BT_CONNECTED) {
762 err = -EINVAL;
763 break;
764 }
765
766 opts.imtu = chan->imtu;
767 opts.omtu = chan->omtu;
768 opts.flush_to = chan->flush_to;
769 opts.mode = chan->mode;
770 opts.fcs = chan->fcs;
771 opts.max_tx = chan->max_tx;
772 opts.txwin_size = chan->tx_win;
773
774 len = min_t(unsigned int, sizeof(opts), optlen);
775 if (copy_from_sockptr(&opts, optval, len)) {
776 err = -EFAULT;
777 break;
778 }
779
780 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
781 err = -EINVAL;
782 break;
783 }
784
785 if (!l2cap_valid_mtu(chan, opts.imtu)) {
786 err = -EINVAL;
787 break;
788 }
789
790 /* Only BR/EDR modes are supported here */
791 switch (opts.mode) {
792 case L2CAP_MODE_BASIC:
793 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
794 break;
795 case L2CAP_MODE_ERTM:
796 case L2CAP_MODE_STREAMING:
797 if (!disable_ertm)
798 break;
799 fallthrough;
800 default:
801 err = -EINVAL;
802 break;
803 }
804
805 if (err < 0)
806 break;
807
808 chan->mode = opts.mode;
809
810 BT_DBG("mode 0x%2.2x", chan->mode);
811
812 chan->imtu = opts.imtu;
813 chan->omtu = opts.omtu;
814 chan->fcs = opts.fcs;
815 chan->max_tx = opts.max_tx;
816 chan->tx_win = opts.txwin_size;
817 chan->flush_to = opts.flush_to;
818 break;
819
820 case L2CAP_LM:
821 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
822 err = -EFAULT;
823 break;
824 }
825
826 if (opt & L2CAP_LM_FIPS) {
827 err = -EINVAL;
828 break;
829 }
830
831 if (opt & L2CAP_LM_AUTH)
832 chan->sec_level = BT_SECURITY_LOW;
833 if (opt & L2CAP_LM_ENCRYPT)
834 chan->sec_level = BT_SECURITY_MEDIUM;
835 if (opt & L2CAP_LM_SECURE)
836 chan->sec_level = BT_SECURITY_HIGH;
837
838 if (opt & L2CAP_LM_MASTER)
839 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
840 else
841 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
842
843 if (opt & L2CAP_LM_RELIABLE)
844 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
845 else
846 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856}
857
858static int l2cap_set_mode(struct l2cap_chan *chan, u8 mode)
859{
860 switch (mode) {
861 case BT_MODE_BASIC:
862 if (bdaddr_type_is_le(chan->src_type))
863 return -EINVAL;
864 mode = L2CAP_MODE_BASIC;
865 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
866 break;
867 case BT_MODE_ERTM:
868 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
869 return -EINVAL;
870 mode = L2CAP_MODE_ERTM;
871 break;
872 case BT_MODE_STREAMING:
873 if (!disable_ertm || bdaddr_type_is_le(chan->src_type))
874 return -EINVAL;
875 mode = L2CAP_MODE_STREAMING;
876 break;
877 case BT_MODE_LE_FLOWCTL:
878 if (!bdaddr_type_is_le(chan->src_type))
879 return -EINVAL;
880 mode = L2CAP_MODE_LE_FLOWCTL;
881 break;
882 case BT_MODE_EXT_FLOWCTL:
883 /* TODO: Add support for ECRED PDUs to BR/EDR */
884 if (!bdaddr_type_is_le(chan->src_type))
885 return -EINVAL;
886 mode = L2CAP_MODE_EXT_FLOWCTL;
887 break;
888 default:
889 return -EINVAL;
890 }
891
892 chan->mode = mode;
893
894 return 0;
895}
896
897static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
898 sockptr_t optval, unsigned int optlen)
899{
900 struct sock *sk = sock->sk;
901 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
902 struct bt_security sec;
903 struct bt_power pwr;
904 struct l2cap_conn *conn;
905 int len, err = 0;
906 u32 opt;
907 u16 mtu;
908 u8 mode;
909
910 BT_DBG("sk %p", sk);
911
912 if (level == SOL_L2CAP)
913 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
914
915 if (level != SOL_BLUETOOTH)
916 return -ENOPROTOOPT;
917
918 lock_sock(sk);
919
920 switch (optname) {
921 case BT_SECURITY:
922 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
923 chan->chan_type != L2CAP_CHAN_FIXED &&
924 chan->chan_type != L2CAP_CHAN_RAW) {
925 err = -EINVAL;
926 break;
927 }
928
929 sec.level = BT_SECURITY_LOW;
930
931 len = min_t(unsigned int, sizeof(sec), optlen);
932 if (copy_from_sockptr(&sec, optval, len)) {
933 err = -EFAULT;
934 break;
935 }
936
937 if (sec.level < BT_SECURITY_LOW ||
938 sec.level > BT_SECURITY_FIPS) {
939 err = -EINVAL;
940 break;
941 }
942
943 chan->sec_level = sec.level;
944
945 if (!chan->conn)
946 break;
947
948 conn = chan->conn;
949
950 /* change security for LE channels */
951 if (chan->scid == L2CAP_CID_ATT) {
952 if (smp_conn_security(conn->hcon, sec.level)) {
953 err = -EINVAL;
954 break;
955 }
956
957 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
958 sk->sk_state = BT_CONFIG;
959 chan->state = BT_CONFIG;
960
961 /* or for ACL link */
962 } else if ((sk->sk_state == BT_CONNECT2 &&
963 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
964 sk->sk_state == BT_CONNECTED) {
965 if (!l2cap_chan_check_security(chan, true))
966 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
967 else
968 sk->sk_state_change(sk);
969 } else {
970 err = -EINVAL;
971 }
972 break;
973
974 case BT_DEFER_SETUP:
975 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
976 err = -EINVAL;
977 break;
978 }
979
980 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
981 err = -EFAULT;
982 break;
983 }
984
985 if (opt) {
986 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
987 set_bit(FLAG_DEFER_SETUP, &chan->flags);
988 } else {
989 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
990 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
991 }
992 break;
993
994 case BT_FLUSHABLE:
995 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
996 err = -EFAULT;
997 break;
998 }
999
1000 if (opt > BT_FLUSHABLE_ON) {
1001 err = -EINVAL;
1002 break;
1003 }
1004
1005 if (opt == BT_FLUSHABLE_OFF) {
1006 conn = chan->conn;
1007 /* proceed further only when we have l2cap_conn and
1008 No Flush support in the LM */
1009 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
1010 err = -EINVAL;
1011 break;
1012 }
1013 }
1014
1015 if (opt)
1016 set_bit(FLAG_FLUSHABLE, &chan->flags);
1017 else
1018 clear_bit(FLAG_FLUSHABLE, &chan->flags);
1019 break;
1020
1021 case BT_POWER:
1022 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
1023 chan->chan_type != L2CAP_CHAN_RAW) {
1024 err = -EINVAL;
1025 break;
1026 }
1027
1028 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
1029
1030 len = min_t(unsigned int, sizeof(pwr), optlen);
1031 if (copy_from_sockptr(&pwr, optval, len)) {
1032 err = -EFAULT;
1033 break;
1034 }
1035
1036 if (pwr.force_active)
1037 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1038 else
1039 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
1040 break;
1041
1042 case BT_CHANNEL_POLICY:
1043 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1044 err = -EFAULT;
1045 break;
1046 }
1047
1048 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
1049 err = -EINVAL;
1050 break;
1051 }
1052
1053 if (chan->mode != L2CAP_MODE_ERTM &&
1054 chan->mode != L2CAP_MODE_STREAMING) {
1055 err = -EOPNOTSUPP;
1056 break;
1057 }
1058
1059 chan->chan_policy = (u8) opt;
1060
1061 if (sk->sk_state == BT_CONNECTED &&
1062 chan->move_role == L2CAP_MOVE_ROLE_NONE)
1063 l2cap_move_start(chan);
1064
1065 break;
1066
1067 case BT_SNDMTU:
1068 if (!bdaddr_type_is_le(chan->src_type)) {
1069 err = -EINVAL;
1070 break;
1071 }
1072
1073 /* Setting is not supported as it's the remote side that
1074 * decides this.
1075 */
1076 err = -EPERM;
1077 break;
1078
1079 case BT_RCVMTU:
1080 if (!bdaddr_type_is_le(chan->src_type)) {
1081 err = -EINVAL;
1082 break;
1083 }
1084
1085 if (chan->mode == L2CAP_MODE_LE_FLOWCTL &&
1086 sk->sk_state == BT_CONNECTED) {
1087 err = -EISCONN;
1088 break;
1089 }
1090
1091 if (copy_from_sockptr(&mtu, optval, sizeof(u16))) {
1092 err = -EFAULT;
1093 break;
1094 }
1095
1096 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL &&
1097 sk->sk_state == BT_CONNECTED)
1098 err = l2cap_chan_reconfigure(chan, mtu);
1099 else
1100 chan->imtu = mtu;
1101
1102 break;
1103
1104 case BT_MODE:
1105 if (!enable_ecred) {
1106 err = -ENOPROTOOPT;
1107 break;
1108 }
1109
1110 BT_DBG("sk->sk_state %u", sk->sk_state);
1111
1112 if (sk->sk_state != BT_BOUND) {
1113 err = -EINVAL;
1114 break;
1115 }
1116
1117 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1118 err = -EINVAL;
1119 break;
1120 }
1121
1122 if (copy_from_sockptr(&mode, optval, sizeof(u8))) {
1123 err = -EFAULT;
1124 break;
1125 }
1126
1127 BT_DBG("mode %u", mode);
1128
1129 err = l2cap_set_mode(chan, mode);
1130 if (err)
1131 break;
1132
1133 BT_DBG("mode 0x%2.2x", chan->mode);
1134
1135 break;
1136
1137 default:
1138 err = -ENOPROTOOPT;
1139 break;
1140 }
1141
1142 release_sock(sk);
1143 return err;
1144}
1145
1146static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1147 size_t len)
1148{
1149 struct sock *sk = sock->sk;
1150 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1151 int err;
1152
1153 BT_DBG("sock %p, sk %p", sock, sk);
1154
1155 err = sock_error(sk);
1156 if (err)
1157 return err;
1158
1159 if (msg->msg_flags & MSG_OOB)
1160 return -EOPNOTSUPP;
1161
1162 if (sk->sk_state != BT_CONNECTED)
1163 return -ENOTCONN;
1164
1165 lock_sock(sk);
1166 err = bt_sock_wait_ready(sk, msg->msg_flags);
1167 release_sock(sk);
1168 if (err)
1169 return err;
1170
1171 l2cap_chan_lock(chan);
1172 err = l2cap_chan_send(chan, msg, len);
1173 l2cap_chan_unlock(chan);
1174
1175 return err;
1176}
1177
1178static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1179 size_t len, int flags)
1180{
1181 struct sock *sk = sock->sk;
1182 struct l2cap_pinfo *pi = l2cap_pi(sk);
1183 int err;
1184
1185 lock_sock(sk);
1186
1187 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
1188 &bt_sk(sk)->flags)) {
1189 if (pi->chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
1190 sk->sk_state = BT_CONNECTED;
1191 pi->chan->state = BT_CONNECTED;
1192 __l2cap_ecred_conn_rsp_defer(pi->chan);
1193 } else if (bdaddr_type_is_le(pi->chan->src_type)) {
1194 sk->sk_state = BT_CONNECTED;
1195 pi->chan->state = BT_CONNECTED;
1196 __l2cap_le_connect_rsp_defer(pi->chan);
1197 } else {
1198 sk->sk_state = BT_CONFIG;
1199 pi->chan->state = BT_CONFIG;
1200 __l2cap_connect_rsp_defer(pi->chan);
1201 }
1202
1203 err = 0;
1204 goto done;
1205 }
1206
1207 release_sock(sk);
1208
1209 if (sock->type == SOCK_STREAM)
1210 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1211 else
1212 err = bt_sock_recvmsg(sock, msg, len, flags);
1213
1214 if (pi->chan->mode != L2CAP_MODE_ERTM)
1215 return err;
1216
1217 /* Attempt to put pending rx data in the socket buffer */
1218
1219 lock_sock(sk);
1220
1221 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1222 goto done;
1223
1224 if (pi->rx_busy_skb) {
1225 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1226 pi->rx_busy_skb = NULL;
1227 else
1228 goto done;
1229 }
1230
1231 /* Restore data flow when half of the receive buffer is
1232 * available. This avoids resending large numbers of
1233 * frames.
1234 */
1235 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1236 l2cap_chan_busy(pi->chan, 0);
1237
1238done:
1239 release_sock(sk);
1240 return err;
1241}
1242
1243/* Kill socket (only if zapped and orphan)
1244 * Must be called on unlocked socket, with l2cap channel lock.
1245 */
1246static void l2cap_sock_kill(struct sock *sk)
1247{
1248 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1249 return;
1250
1251 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1252
1253 /* Kill poor orphan */
1254
1255 l2cap_chan_put(l2cap_pi(sk)->chan);
1256 sock_set_flag(sk, SOCK_DEAD);
1257 sock_put(sk);
1258}
1259
1260static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1261{
1262 DECLARE_WAITQUEUE(wait, current);
1263 int err = 0;
1264 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1265 /* Timeout to prevent infinite loop */
1266 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1267
1268 add_wait_queue(sk_sleep(sk), &wait);
1269 set_current_state(TASK_INTERRUPTIBLE);
1270 do {
1271 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1272 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1273 jiffies_to_msecs(timeout - jiffies));
1274
1275 if (!timeo)
1276 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1277
1278 if (signal_pending(current)) {
1279 err = sock_intr_errno(timeo);
1280 break;
1281 }
1282
1283 release_sock(sk);
1284 timeo = schedule_timeout(timeo);
1285 lock_sock(sk);
1286 set_current_state(TASK_INTERRUPTIBLE);
1287
1288 err = sock_error(sk);
1289 if (err)
1290 break;
1291
1292 if (time_after(jiffies, timeout)) {
1293 err = -ENOLINK;
1294 break;
1295 }
1296
1297 } while (chan->unacked_frames > 0 &&
1298 chan->state == BT_CONNECTED);
1299
1300 set_current_state(TASK_RUNNING);
1301 remove_wait_queue(sk_sleep(sk), &wait);
1302 return err;
1303}
1304
1305static int l2cap_sock_shutdown(struct socket *sock, int how)
1306{
1307 struct sock *sk = sock->sk;
1308 struct l2cap_chan *chan;
1309 struct l2cap_conn *conn;
1310 int err = 0;
1311
1312 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1313
1314 /* 'how' parameter is mapped to sk_shutdown as follows:
1315 * SHUT_RD (0) --> RCV_SHUTDOWN (1)
1316 * SHUT_WR (1) --> SEND_SHUTDOWN (2)
1317 * SHUT_RDWR (2) --> SHUTDOWN_MASK (3)
1318 */
1319 how++;
1320
1321 if (!sk)
1322 return 0;
1323
1324 lock_sock(sk);
1325
1326 if ((sk->sk_shutdown & how) == how)
1327 goto shutdown_already;
1328
1329 BT_DBG("Handling sock shutdown");
1330
1331 /* prevent sk structure from being freed whilst unlocked */
1332 sock_hold(sk);
1333
1334 chan = l2cap_pi(sk)->chan;
1335 /* prevent chan structure from being freed whilst unlocked */
1336 l2cap_chan_hold(chan);
1337
1338 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1339
1340 if (chan->mode == L2CAP_MODE_ERTM &&
1341 chan->unacked_frames > 0 &&
1342 chan->state == BT_CONNECTED) {
1343 err = __l2cap_wait_ack(sk, chan);
1344
1345 /* After waiting for ACKs, check whether shutdown
1346 * has already been actioned to close the L2CAP
1347 * link such as by l2cap_disconnection_req().
1348 */
1349 if ((sk->sk_shutdown & how) == how)
1350 goto shutdown_matched;
1351 }
1352
1353 /* Try setting the RCV_SHUTDOWN bit, return early if SEND_SHUTDOWN
1354 * is already set
1355 */
1356 if ((how & RCV_SHUTDOWN) && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1357 sk->sk_shutdown |= RCV_SHUTDOWN;
1358 if ((sk->sk_shutdown & how) == how)
1359 goto shutdown_matched;
1360 }
1361
1362 sk->sk_shutdown |= SEND_SHUTDOWN;
1363 release_sock(sk);
1364
1365 l2cap_chan_lock(chan);
1366 conn = chan->conn;
1367 if (conn)
1368 /* prevent conn structure from being freed */
1369 l2cap_conn_get(conn);
1370 l2cap_chan_unlock(chan);
1371
1372 if (conn)
1373 /* mutex lock must be taken before l2cap_chan_lock() */
1374 mutex_lock(&conn->chan_lock);
1375
1376 l2cap_chan_lock(chan);
1377 l2cap_chan_close(chan, 0);
1378 l2cap_chan_unlock(chan);
1379
1380 if (conn) {
1381 mutex_unlock(&conn->chan_lock);
1382 l2cap_conn_put(conn);
1383 }
1384
1385 lock_sock(sk);
1386
1387 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1388 !(current->flags & PF_EXITING))
1389 err = bt_sock_wait_state(sk, BT_CLOSED,
1390 sk->sk_lingertime);
1391
1392shutdown_matched:
1393 l2cap_chan_put(chan);
1394 sock_put(sk);
1395
1396shutdown_already:
1397 if (!err && sk->sk_err)
1398 err = -sk->sk_err;
1399
1400 release_sock(sk);
1401
1402 BT_DBG("Sock shutdown complete err: %d", err);
1403
1404 return err;
1405}
1406
1407static int l2cap_sock_release(struct socket *sock)
1408{
1409 struct sock *sk = sock->sk;
1410 int err;
1411 struct l2cap_chan *chan;
1412
1413 BT_DBG("sock %p, sk %p", sock, sk);
1414
1415 if (!sk)
1416 return 0;
1417
1418 bt_sock_unlink(&l2cap_sk_list, sk);
1419
1420 err = l2cap_sock_shutdown(sock, SHUT_RDWR);
1421 chan = l2cap_pi(sk)->chan;
1422
1423 l2cap_chan_hold(chan);
1424 l2cap_chan_lock(chan);
1425
1426 sock_orphan(sk);
1427 l2cap_sock_kill(sk);
1428
1429 l2cap_chan_unlock(chan);
1430 l2cap_chan_put(chan);
1431
1432 return err;
1433}
1434
1435static void l2cap_sock_cleanup_listen(struct sock *parent)
1436{
1437 struct sock *sk;
1438
1439 BT_DBG("parent %p state %s", parent,
1440 state_to_string(parent->sk_state));
1441
1442 /* Close not yet accepted channels */
1443 while ((sk = bt_accept_dequeue(parent, NULL))) {
1444 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1445
1446 BT_DBG("child chan %p state %s", chan,
1447 state_to_string(chan->state));
1448
1449 l2cap_chan_hold(chan);
1450 l2cap_chan_lock(chan);
1451
1452 __clear_chan_timer(chan);
1453 l2cap_chan_close(chan, ECONNRESET);
1454 l2cap_sock_kill(sk);
1455
1456 l2cap_chan_unlock(chan);
1457 l2cap_chan_put(chan);
1458 }
1459}
1460
1461static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1462{
1463 struct sock *sk, *parent = chan->data;
1464
1465 lock_sock(parent);
1466
1467 /* Check for backlog size */
1468 if (sk_acceptq_is_full(parent)) {
1469 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1470 release_sock(parent);
1471 return NULL;
1472 }
1473
1474 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1475 GFP_ATOMIC, 0);
1476 if (!sk) {
1477 release_sock(parent);
1478 return NULL;
1479 }
1480
1481 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1482
1483 l2cap_sock_init(sk, parent);
1484
1485 bt_accept_enqueue(parent, sk, false);
1486
1487 release_sock(parent);
1488
1489 return l2cap_pi(sk)->chan;
1490}
1491
1492static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1493{
1494 struct sock *sk = chan->data;
1495 int err;
1496
1497 lock_sock(sk);
1498
1499 if (l2cap_pi(sk)->rx_busy_skb) {
1500 err = -ENOMEM;
1501 goto done;
1502 }
1503
1504 if (chan->mode != L2CAP_MODE_ERTM &&
1505 chan->mode != L2CAP_MODE_STREAMING) {
1506 /* Even if no filter is attached, we could potentially
1507 * get errors from security modules, etc.
1508 */
1509 err = sk_filter(sk, skb);
1510 if (err)
1511 goto done;
1512 }
1513
1514 err = __sock_queue_rcv_skb(sk, skb);
1515
1516 /* For ERTM, handle one skb that doesn't fit into the recv
1517 * buffer. This is important to do because the data frames
1518 * have already been acked, so the skb cannot be discarded.
1519 *
1520 * Notify the l2cap core that the buffer is full, so the
1521 * LOCAL_BUSY state is entered and no more frames are
1522 * acked and reassembled until there is buffer space
1523 * available.
1524 */
1525 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1526 l2cap_pi(sk)->rx_busy_skb = skb;
1527 l2cap_chan_busy(chan, 1);
1528 err = 0;
1529 }
1530
1531done:
1532 release_sock(sk);
1533
1534 return err;
1535}
1536
1537static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1538{
1539 struct sock *sk = chan->data;
1540
1541 if (!sk)
1542 return;
1543
1544 l2cap_sock_kill(sk);
1545}
1546
1547static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1548{
1549 struct sock *sk = chan->data;
1550 struct sock *parent;
1551
1552 if (!sk)
1553 return;
1554
1555 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1556
1557 /* This callback can be called both for server (BT_LISTEN)
1558 * sockets as well as "normal" ones. To avoid lockdep warnings
1559 * with child socket locking (through l2cap_sock_cleanup_listen)
1560 * we need separation into separate nesting levels. The simplest
1561 * way to accomplish this is to inherit the nesting level used
1562 * for the channel.
1563 */
1564 lock_sock_nested(sk, atomic_read(&chan->nesting));
1565
1566 parent = bt_sk(sk)->parent;
1567
1568 switch (chan->state) {
1569 case BT_OPEN:
1570 case BT_BOUND:
1571 case BT_CLOSED:
1572 break;
1573 case BT_LISTEN:
1574 l2cap_sock_cleanup_listen(sk);
1575 sk->sk_state = BT_CLOSED;
1576 chan->state = BT_CLOSED;
1577
1578 break;
1579 default:
1580 sk->sk_state = BT_CLOSED;
1581 chan->state = BT_CLOSED;
1582
1583 sk->sk_err = err;
1584
1585 if (parent) {
1586 bt_accept_unlink(sk);
1587 parent->sk_data_ready(parent);
1588 } else {
1589 sk->sk_state_change(sk);
1590 }
1591
1592 break;
1593 }
1594 release_sock(sk);
1595
1596 /* Only zap after cleanup to avoid use after free race */
1597 sock_set_flag(sk, SOCK_ZAPPED);
1598
1599}
1600
1601static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1602 int err)
1603{
1604 struct sock *sk = chan->data;
1605
1606 sk->sk_state = state;
1607
1608 if (err)
1609 sk->sk_err = err;
1610}
1611
1612static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1613 unsigned long hdr_len,
1614 unsigned long len, int nb)
1615{
1616 struct sock *sk = chan->data;
1617 struct sk_buff *skb;
1618 int err;
1619
1620 l2cap_chan_unlock(chan);
1621 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1622 l2cap_chan_lock(chan);
1623
1624 if (!skb)
1625 return ERR_PTR(err);
1626
1627 skb->priority = sk->sk_priority;
1628
1629 bt_cb(skb)->l2cap.chan = chan;
1630
1631 return skb;
1632}
1633
1634static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1635{
1636 struct sock *sk = chan->data;
1637 struct sock *parent;
1638
1639 lock_sock(sk);
1640
1641 parent = bt_sk(sk)->parent;
1642
1643 BT_DBG("sk %p, parent %p", sk, parent);
1644
1645 sk->sk_state = BT_CONNECTED;
1646 sk->sk_state_change(sk);
1647
1648 if (parent)
1649 parent->sk_data_ready(parent);
1650
1651 release_sock(sk);
1652}
1653
1654static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1655{
1656 struct sock *parent, *sk = chan->data;
1657
1658 lock_sock(sk);
1659
1660 parent = bt_sk(sk)->parent;
1661 if (parent)
1662 parent->sk_data_ready(parent);
1663
1664 release_sock(sk);
1665}
1666
1667static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1668{
1669 struct sock *sk = chan->data;
1670
1671 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1672 sk->sk_state = BT_CONNECTED;
1673 chan->state = BT_CONNECTED;
1674 }
1675
1676 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1677 sk->sk_state_change(sk);
1678}
1679
1680static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1681{
1682 struct sock *sk = chan->data;
1683
1684 lock_sock(sk);
1685 sk->sk_shutdown = SHUTDOWN_MASK;
1686 release_sock(sk);
1687}
1688
1689static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1690{
1691 struct sock *sk = chan->data;
1692
1693 return sk->sk_sndtimeo;
1694}
1695
1696static struct pid *l2cap_sock_get_peer_pid_cb(struct l2cap_chan *chan)
1697{
1698 struct sock *sk = chan->data;
1699
1700 return sk->sk_peer_pid;
1701}
1702
1703static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1704{
1705 struct sock *sk = chan->data;
1706
1707 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1708 sk->sk_state_change(sk);
1709}
1710
1711static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1712{
1713 struct sock *sk = chan->data;
1714
1715 switch (chan->mode) {
1716 case L2CAP_MODE_ERTM:
1717 case L2CAP_MODE_STREAMING:
1718 return sk_filter(sk, skb);
1719 }
1720
1721 return 0;
1722}
1723
1724static const struct l2cap_ops l2cap_chan_ops = {
1725 .name = "L2CAP Socket Interface",
1726 .new_connection = l2cap_sock_new_connection_cb,
1727 .recv = l2cap_sock_recv_cb,
1728 .close = l2cap_sock_close_cb,
1729 .teardown = l2cap_sock_teardown_cb,
1730 .state_change = l2cap_sock_state_change_cb,
1731 .ready = l2cap_sock_ready_cb,
1732 .defer = l2cap_sock_defer_cb,
1733 .resume = l2cap_sock_resume_cb,
1734 .suspend = l2cap_sock_suspend_cb,
1735 .set_shutdown = l2cap_sock_set_shutdown_cb,
1736 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1737 .get_peer_pid = l2cap_sock_get_peer_pid_cb,
1738 .alloc_skb = l2cap_sock_alloc_skb_cb,
1739 .filter = l2cap_sock_filter,
1740};
1741
1742static void l2cap_sock_destruct(struct sock *sk)
1743{
1744 BT_DBG("sk %p", sk);
1745
1746 if (l2cap_pi(sk)->chan) {
1747 l2cap_pi(sk)->chan->data = NULL;
1748 l2cap_chan_put(l2cap_pi(sk)->chan);
1749 }
1750
1751 if (l2cap_pi(sk)->rx_busy_skb) {
1752 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1753 l2cap_pi(sk)->rx_busy_skb = NULL;
1754 }
1755
1756 skb_queue_purge(&sk->sk_receive_queue);
1757 skb_queue_purge(&sk->sk_write_queue);
1758}
1759
1760static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1761 int *msg_namelen)
1762{
1763 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1764
1765 memset(la, 0, sizeof(struct sockaddr_l2));
1766 la->l2_family = AF_BLUETOOTH;
1767 la->l2_psm = bt_cb(skb)->l2cap.psm;
1768 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1769
1770 *msg_namelen = sizeof(struct sockaddr_l2);
1771}
1772
1773static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1774{
1775 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1776
1777 BT_DBG("sk %p", sk);
1778
1779 if (parent) {
1780 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1781
1782 sk->sk_type = parent->sk_type;
1783 bt_sk(sk)->flags = bt_sk(parent)->flags;
1784
1785 chan->chan_type = pchan->chan_type;
1786 chan->imtu = pchan->imtu;
1787 chan->omtu = pchan->omtu;
1788 chan->conf_state = pchan->conf_state;
1789 chan->mode = pchan->mode;
1790 chan->fcs = pchan->fcs;
1791 chan->max_tx = pchan->max_tx;
1792 chan->tx_win = pchan->tx_win;
1793 chan->tx_win_max = pchan->tx_win_max;
1794 chan->sec_level = pchan->sec_level;
1795 chan->flags = pchan->flags;
1796 chan->tx_credits = pchan->tx_credits;
1797 chan->rx_credits = pchan->rx_credits;
1798
1799 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1800 chan->scid = pchan->scid;
1801 chan->dcid = pchan->scid;
1802 }
1803
1804 security_sk_clone(parent, sk);
1805 } else {
1806 switch (sk->sk_type) {
1807 case SOCK_RAW:
1808 chan->chan_type = L2CAP_CHAN_RAW;
1809 break;
1810 case SOCK_DGRAM:
1811 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1812 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1813 break;
1814 case SOCK_SEQPACKET:
1815 case SOCK_STREAM:
1816 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1817 break;
1818 }
1819
1820 chan->imtu = L2CAP_DEFAULT_MTU;
1821 chan->omtu = 0;
1822 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1823 chan->mode = L2CAP_MODE_ERTM;
1824 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1825 } else {
1826 chan->mode = L2CAP_MODE_BASIC;
1827 }
1828
1829 l2cap_chan_set_defaults(chan);
1830 }
1831
1832 /* Default config options */
1833 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1834
1835 chan->data = sk;
1836 chan->ops = &l2cap_chan_ops;
1837}
1838
1839static struct proto l2cap_proto = {
1840 .name = "L2CAP",
1841 .owner = THIS_MODULE,
1842 .obj_size = sizeof(struct l2cap_pinfo)
1843};
1844
1845static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1846 int proto, gfp_t prio, int kern)
1847{
1848 struct sock *sk;
1849 struct l2cap_chan *chan;
1850
1851 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1852 if (!sk)
1853 return NULL;
1854
1855 sock_init_data(sock, sk);
1856 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1857
1858 sk->sk_destruct = l2cap_sock_destruct;
1859 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1860
1861 sock_reset_flag(sk, SOCK_ZAPPED);
1862
1863 sk->sk_protocol = proto;
1864 sk->sk_state = BT_OPEN;
1865
1866 chan = l2cap_chan_create();
1867 if (!chan) {
1868 sk_free(sk);
1869 return NULL;
1870 }
1871
1872 l2cap_chan_hold(chan);
1873
1874 l2cap_pi(sk)->chan = chan;
1875
1876 return sk;
1877}
1878
1879static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1880 int kern)
1881{
1882 struct sock *sk;
1883
1884 BT_DBG("sock %p", sock);
1885
1886 sock->state = SS_UNCONNECTED;
1887
1888 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1889 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1890 return -ESOCKTNOSUPPORT;
1891
1892 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1893 return -EPERM;
1894
1895 sock->ops = &l2cap_sock_ops;
1896
1897 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1898 if (!sk)
1899 return -ENOMEM;
1900
1901 l2cap_sock_init(sk, NULL);
1902 bt_sock_link(&l2cap_sk_list, sk);
1903 return 0;
1904}
1905
1906static const struct proto_ops l2cap_sock_ops = {
1907 .family = PF_BLUETOOTH,
1908 .owner = THIS_MODULE,
1909 .release = l2cap_sock_release,
1910 .bind = l2cap_sock_bind,
1911 .connect = l2cap_sock_connect,
1912 .listen = l2cap_sock_listen,
1913 .accept = l2cap_sock_accept,
1914 .getname = l2cap_sock_getname,
1915 .sendmsg = l2cap_sock_sendmsg,
1916 .recvmsg = l2cap_sock_recvmsg,
1917 .poll = bt_sock_poll,
1918 .ioctl = bt_sock_ioctl,
1919 .gettstamp = sock_gettstamp,
1920 .mmap = sock_no_mmap,
1921 .socketpair = sock_no_socketpair,
1922 .shutdown = l2cap_sock_shutdown,
1923 .setsockopt = l2cap_sock_setsockopt,
1924 .getsockopt = l2cap_sock_getsockopt
1925};
1926
1927static const struct net_proto_family l2cap_sock_family_ops = {
1928 .family = PF_BLUETOOTH,
1929 .owner = THIS_MODULE,
1930 .create = l2cap_sock_create,
1931};
1932
1933int __init l2cap_init_sockets(void)
1934{
1935 int err;
1936
1937 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1938
1939 err = proto_register(&l2cap_proto, 0);
1940 if (err < 0)
1941 return err;
1942
1943 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1944 if (err < 0) {
1945 BT_ERR("L2CAP socket registration failed");
1946 goto error;
1947 }
1948
1949 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1950 NULL);
1951 if (err < 0) {
1952 BT_ERR("Failed to create L2CAP proc file");
1953 bt_sock_unregister(BTPROTO_L2CAP);
1954 goto error;
1955 }
1956
1957 BT_INFO("L2CAP socket layer initialized");
1958
1959 return 0;
1960
1961error:
1962 proto_unregister(&l2cap_proto);
1963 return err;
1964}
1965
1966void l2cap_cleanup_sockets(void)
1967{
1968 bt_procfs_cleanup(&init_net, "l2cap");
1969 bt_sock_unregister(BTPROTO_L2CAP);
1970 proto_unregister(&l2cap_proto);
1971}