projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use const for struct l2cap_ops field
[deliverable/linux.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 36
37#include "smp.h"
bb58f747 38
5b28d95c
MY		 39static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
41};
42
cf2f90f5 43static const struct proto_ops l2cap_sock_ops;
80808e43 44static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818
GP		 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio);
cf2f90f5 47
b3916db3
DH		 48bool l2cap_is_socket(struct socket *sock)
49{
50 return sock && sock->ops == &l2cap_sock_ops;
51}
52EXPORT_SYMBOL(l2cap_is_socket);
53
4946096d
JH		 54static int l2cap_validate_bredr_psm(u16 psm)
55{
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
58 return -EINVAL;
59
60 /* Restrict usage of well-known PSMs */
61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
62 return -EACCES;
63
64 return 0;
65}
66
67static int l2cap_validate_le_psm(u16 psm)
68{
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
70 if (psm > 0x00ff)
71 return -EINVAL;
72
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
75 return -EACCES;
76
77 return 0;
78}
79
af6bcd82
GP		 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
81{
82 struct sock *sk = sock->sk;
4343478f 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 84 struct sockaddr_l2 la;
85 int len, err = 0;
86
87 BT_DBG("sk %p", sk);
88
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
90 return -EINVAL;
91
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
95
b62f328b 96 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 97 return -EINVAL;
98
80c1a2e7
JH		 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100 return -EINVAL;
101
21626e62
JH		 102 if (la.l2_cid) {
103 /* When the socket gets created it defaults to
104 * CHAN_CONN_ORIENTED, so we need to overwrite the
105 * default here.
106 */
107 chan->chan_type = L2CAP_CHAN_FIXED;
108 chan->omtu = L2CAP_DEFAULT_MTU;
109 }
110
bfe4655f 111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 112 /* We only allow ATT user space socket */
9149761a 113 if (la.l2_cid &&
dcf4adbf 114 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 115 return -EINVAL;
116 }
117
af6bcd82
GP		 118 lock_sock(sk);
119
120 if (sk->sk_state != BT_OPEN) {
121 err = -EBADFD;
122 goto done;
123 }
124
125 if (la.l2_psm) {
126 __u16 psm = __le16_to_cpu(la.l2_psm);
127
4946096d
JH		 128 if (la.l2_bdaddr_type == BDADDR_BREDR)
129 err = l2cap_validate_bredr_psm(psm);
130 else
131 err = l2cap_validate_le_psm(psm);
af6bcd82 132
4946096d 133 if (err)
af6bcd82 134 goto done;
af6bcd82
GP		 135 }
136
9e4425ff 137 if (la.l2_cid)
6e4aff10 138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 139 else
140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 141
9e4425ff
GP		 142 if (err < 0)
143 goto done;
af6bcd82 144
6a974b50 145 switch (chan->chan_type) {
3124b843
MH		 146 case L2CAP_CHAN_CONN_LESS:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
148 chan->sec_level = BT_SECURITY_SDP;
149 break;
6a974b50
MH		 150 case L2CAP_CHAN_CONN_ORIENTED:
151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
153 chan->sec_level = BT_SECURITY_SDP;
154 break;
cb6ca8e1
JH		 155 case L2CAP_CHAN_RAW:
156 chan->sec_level = BT_SECURITY_SDP;
157 break;
6a974b50 158 }
b62f328b 159
7eafc59e 160 bacpy(&chan->src, &la.l2_bdaddr);
4f1654e0 161 chan->src_type = la.l2_bdaddr_type;
89bc500e 162
38319713 163 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 164 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 165
89bc500e 166 chan->state = BT_BOUND;
9e4425ff 167 sk->sk_state = BT_BOUND;
af6bcd82
GP		 168
169done:
170 release_sock(sk);
171 return err;
172}
173
2d792818
GP		 174static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
175 int alen, int flags)
4e34c50b
GP		 176{
177 struct sock *sk = sock->sk;
0c1bc5c6 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 179 struct sockaddr_l2 la;
180 int len, err = 0;
181
182 BT_DBG("sk %p", sk);
183
184 if (!addr || alen < sizeof(addr->sa_family) ||
185 addr->sa_family != AF_BLUETOOTH)
186 return -EINVAL;
187
188 memset(&la, 0, sizeof(la));
189 len = min_t(unsigned int, sizeof(la), alen);
190 memcpy(&la, addr, len);
191
acd7d370 192 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 193 return -EINVAL;
194
80c1a2e7
JH		 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
196 return -EINVAL;
197
eb622495
JH		 198 /* Check that the socket wasn't bound to something that
199 * conflicts with the address given to connect(). If chan->src
200 * is BDADDR_ANY it means bind() was never used, in which case
201 * chan->src_type and la.l2_bdaddr_type do not need to match.
202 */
203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
204 bdaddr_type_is_le(la.l2_bdaddr_type)) {
205 /* Old user space versions will try to incorrectly bind
206 * the ATT socket using BDADDR_BREDR. We need to accept
207 * this and fix up the source address type only when
208 * both the source CID and destination CID indicate
209 * ATT. Anything else is an invalid combination.
210 */
211 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 212 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 213 return -EINVAL;
214
215 /* We don't have the hdev available here to make a
216 * better decision on random vs public, but since all
217 * user space versions that exhibit this issue anyway do
218 * not support random local addresses assuming public
219 * here is good enough.
220 */
221 chan->src_type = BDADDR_LE_PUBLIC;
222 }
1f209383
JH		 223
224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
225 return -EINVAL;
226
bfe4655f 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 228 /* We only allow ATT user space socket */
9149761a 229 if (la.l2_cid &&
dcf4adbf 230 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 231 return -EINVAL;
232 }
233
38319713 234 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 235 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 236
6e4aff10 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 238 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 239 if (err)
b3fb611e 240 return err;
4e34c50b 241
6be36555
AE		 242 lock_sock(sk);
243
4e34c50b 244 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 245 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 246
247 release_sock(sk);
248
4e34c50b
GP		 249 return err;
250}
251
af6bcd82
GP		 252static int l2cap_sock_listen(struct socket *sock, int backlog)
253{
254 struct sock *sk = sock->sk;
0c1bc5c6 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 256 int err = 0;
257
258 BT_DBG("sk %p backlog %d", sk, backlog);
259
260 lock_sock(sk);
261
6b3af733 262 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 263 err = -EBADFD;
264 goto done;
265 }
266
6b3af733
MH		 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
268 err = -EINVAL;
269 goto done;
270 }
271
0c1bc5c6 272 switch (chan->mode) {
af6bcd82 273 case L2CAP_MODE_BASIC:
38319713 274 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 275 break;
276 case L2CAP_MODE_ERTM:
277 case L2CAP_MODE_STREAMING:
278 if (!disable_ertm)
279 break;
280 /* fall through */
281 default:
282 err = -ENOTSUPP;
283 goto done;
284 }
285
af6bcd82
GP		 286 sk->sk_max_ack_backlog = backlog;
287 sk->sk_ack_backlog = 0;
89bc500e
GP		 288
289 chan->state = BT_LISTEN;
af6bcd82
GP		 290 sk->sk_state = BT_LISTEN;
291
292done:
293 release_sock(sk);
294 return err;
295}
296
2d792818
GP		 297static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
298 int flags)
c47b7c72
GP		 299{
300 DECLARE_WAITQUEUE(wait, current);
301 struct sock *sk = sock->sk, *nsk;
302 long timeo;
303 int err = 0;
304
305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
306
c47b7c72
GP		 307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
308
309 BT_DBG("sk %p timeo %ld", sk, timeo);
310
311 /* Wait for an incoming connection. (wake-one). */
312 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 313 while (1) {
c47b7c72 314 set_current_state(TASK_INTERRUPTIBLE);
f9a3c20a
PH		 315
316 if (sk->sk_state != BT_LISTEN) {
317 err = -EBADFD;
c47b7c72
GP		 318 break;
319 }
320
f9a3c20a
PH		 321 nsk = bt_accept_dequeue(sk, newsock);
322 if (nsk)
323 break;
c47b7c72 324
f9a3c20a
PH		 325 if (!timeo) {
326 err = -EAGAIN;
c47b7c72
GP		 327 break;
328 }
329
330 if (signal_pending(current)) {
331 err = sock_intr_errno(timeo);
332 break;
333 }
f9a3c20a
PH		 334
335 release_sock(sk);
336 timeo = schedule_timeout(timeo);
337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
c47b7c72 338 }
f9a3c20a 339 __set_current_state(TASK_RUNNING);
c47b7c72
GP		 340 remove_wait_queue(sk_sleep(sk), &wait);
341
342 if (err)
343 goto done;
344
345 newsock->state = SS_CONNECTED;
346
347 BT_DBG("new socket %p", nsk);
348
349done:
350 release_sock(sk);
351 return err;
352}
353
2d792818
GP		 354static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
355 int *len, int peer)
d7175d55
GP		 356{
357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
358 struct sock *sk = sock->sk;
0c1bc5c6 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 360
361 BT_DBG("sock %p, sk %p", sock, sk);
362
e8b1ab9e
JH		 363 if (peer && sk->sk_state != BT_CONNECTED &&
364 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
b783fbc3
JH		 365 return -ENOTCONN;
366
792039c7 367 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 368 addr->sa_family = AF_BLUETOOTH;
369 *len = sizeof(struct sockaddr_l2);
370
d7e5e76b
JH		 371 la->l2_psm = chan->psm;
372
d7175d55 373 if (peer) {
7eafc59e 374 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 375 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 376 la->l2_bdaddr_type = chan->dst_type;
d7175d55 377 } else {
7eafc59e 378 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 379 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 380 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 381 }
382
383 return 0;
384}
385
2d792818
GP		 386static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
387 char __user *optval, int __user *optlen)
99f4808d
GP		 388{
389 struct sock *sk = sock->sk;
4343478f 390 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 391 struct l2cap_options opts;
392 struct l2cap_conninfo cinfo;
393 int len, err = 0;
394 u32 opt;
395
396 BT_DBG("sk %p", sk);
397
398 if (get_user(len, optlen))
399 return -EFAULT;
400
401 lock_sock(sk);
402
403 switch (optname) {
404 case L2CAP_OPTIONS:
64b4f8dc
JH		 405 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
406 * legacy ATT code depends on getsockopt for
407 * L2CAP_OPTIONS we need to let this pass.
408 */
409 if (bdaddr_type_is_le(chan->src_type) &&
410 chan->scid != L2CAP_CID_ATT) {
411 err = -EINVAL;
412 break;
413 }
414
e3fb592b 415 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 416 opts.imtu = chan->imtu;
417 opts.omtu = chan->omtu;
418 opts.flush_to = chan->flush_to;
419 opts.mode = chan->mode;
47d1ec61
GP		 420 opts.fcs = chan->fcs;
421 opts.max_tx = chan->max_tx;
6327eb98 422 opts.txwin_size = chan->tx_win;
99f4808d
GP		 423
424 len = min_t(unsigned int, len, sizeof(opts));
425 if (copy_to_user(optval, (char *) &opts, len))
426 err = -EFAULT;
427
428 break;
429
430 case L2CAP_LM:
4343478f 431 switch (chan->sec_level) {
99f4808d
GP		 432 case BT_SECURITY_LOW:
433 opt = L2CAP_LM_AUTH;
434 break;
435 case BT_SECURITY_MEDIUM:
436 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
437 break;
438 case BT_SECURITY_HIGH:
439 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 440 L2CAP_LM_SECURE;
99f4808d 441 break;
7d513e92
MH		 442 case BT_SECURITY_FIPS:
443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
444 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
445 break;
99f4808d
GP		 446 default:
447 opt = 0;
448 break;
449 }
450
43bd0f32 451 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 452 opt |= L2CAP_LM_MASTER;
453
ecf61bdb 454 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 455 opt |= L2CAP_LM_RELIABLE;
456
457 if (put_user(opt, (u32 __user *) optval))
458 err = -EFAULT;
7d513e92 459
99f4808d
GP		 460 break;
461
462 case L2CAP_CONNINFO:
463 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 464 !(sk->sk_state == BT_CONNECT2 &&
465 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 466 err = -ENOTCONN;
467 break;
468 }
469
8d03e971 470 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 471 cinfo.hci_handle = chan->conn->hcon->handle;
472 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 473
474 len = min_t(unsigned int, len, sizeof(cinfo));
475 if (copy_to_user(optval, (char *) &cinfo, len))
476 err = -EFAULT;
477
478 break;
479
480 default:
481 err = -ENOPROTOOPT;
482 break;
483 }
484
485 release_sock(sk);
486 return err;
487}
488
2d792818
GP		 489static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
490 char __user *optval, int __user *optlen)
99f4808d
GP		 491{
492 struct sock *sk = sock->sk;
4343478f 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 494 struct bt_security sec;
14b12d0b 495 struct bt_power pwr;
99f4808d
GP		 496 int len, err = 0;
497
498 BT_DBG("sk %p", sk);
499
500 if (level == SOL_L2CAP)
501 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
502
503 if (level != SOL_BLUETOOTH)
504 return -ENOPROTOOPT;
505
506 if (get_user(len, optlen))
507 return -EFAULT;
508
509 lock_sock(sk);
510
511 switch (optname) {
512 case BT_SECURITY:
715ec005 513 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 514 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 515 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 516 err = -EINVAL;
517 break;
518 }
519
8f360119 520 memset(&sec, 0, sizeof(sec));
85e34368 521 if (chan->conn) {
c6585a4d 522 sec.level = chan->conn->hcon->sec_level;
99f4808d 523
85e34368
AE		 524 if (sk->sk_state == BT_CONNECTED)
525 sec.key_size = chan->conn->hcon->enc_key_size;
526 } else {
527 sec.level = chan->sec_level;
528 }
8f360119 529
99f4808d
GP		 530 len = min_t(unsigned int, len, sizeof(sec));
531 if (copy_to_user(optval, (char *) &sec, len))
532 err = -EFAULT;
533
534 break;
535
536 case BT_DEFER_SETUP:
537 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
538 err = -EINVAL;
539 break;
540 }
541
c5daa683
GP		 542 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
543 (u32 __user *) optval))
99f4808d
GP		 544 err = -EFAULT;
545
546 break;
547
548 case BT_FLUSHABLE:
d57b0e8b 549 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 550 (u32 __user *) optval))
99f4808d
GP		 551 err = -EFAULT;
552
553 break;
554
14b12d0b
JG		 555 case BT_POWER:
556 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 557 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 558 err = -EINVAL;
559 break;
560 }
561
15770b1a 562 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 563
564 len = min_t(unsigned int, len, sizeof(pwr));
565 if (copy_to_user(optval, (char *) &pwr, len))
566 err = -EFAULT;
567
568 break;
569
2ea66482 570 case BT_CHANNEL_POLICY:
2ea66482
MM		 571 if (put_user(chan->chan_policy, (u32 __user *) optval))
572 err = -EFAULT;
573 break;
574
1f435424 575 case BT_SNDMTU:
1f435424
JH		 576 if (!bdaddr_type_is_le(chan->src_type)) {
577 err = -EINVAL;
578 break;
579 }
580
581 if (sk->sk_state != BT_CONNECTED) {
582 err = -ENOTCONN;
583 break;
584 }
585
586 if (put_user(chan->omtu, (u16 __user *) optval))
587 err = -EFAULT;
588 break;
589
590 case BT_RCVMTU:
1f435424
JH		 591 if (!bdaddr_type_is_le(chan->src_type)) {
592 err = -EINVAL;
593 break;
594 }
595
596 if (put_user(chan->imtu, (u16 __user *) optval))
597 err = -EFAULT;
598 break;
599
99f4808d
GP		 600 default:
601 err = -ENOPROTOOPT;
602 break;
603 }
604
605 release_sock(sk);
606 return err;
607}
608
682877c3
AG		 609static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
610{
611 switch (chan->scid) {
073d1cf3 612 case L2CAP_CID_ATT:
8c3a4f00 613 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 614 return false;
615 break;
616
617 default:
618 if (mtu < L2CAP_DEFAULT_MIN_MTU)
619 return false;
620 }
621
622 return true;
623}
624
2d792818
GP		 625static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
626 char __user *optval, unsigned int optlen)
33575df7
GP		 627{
628 struct sock *sk = sock->sk;
b4450035 629 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 630 struct l2cap_options opts;
631 int len, err = 0;
632 u32 opt;
633
634 BT_DBG("sk %p", sk);
635
636 lock_sock(sk);
637
638 switch (optname) {
639 case L2CAP_OPTIONS:
64b4f8dc
JH		 640 if (bdaddr_type_is_le(chan->src_type)) {
641 err = -EINVAL;
642 break;
643 }
644
33575df7
GP		 645 if (sk->sk_state == BT_CONNECTED) {
646 err = -EINVAL;
647 break;
648 }
649
0c1bc5c6
GP		 650 opts.imtu = chan->imtu;
651 opts.omtu = chan->omtu;
652 opts.flush_to = chan->flush_to;
653 opts.mode = chan->mode;
47d1ec61
GP		 654 opts.fcs = chan->fcs;
655 opts.max_tx = chan->max_tx;
6327eb98 656 opts.txwin_size = chan->tx_win;
33575df7
GP		 657
658 len = min_t(unsigned int, sizeof(opts), optlen);
659 if (copy_from_user((char *) &opts, optval, len)) {
660 err = -EFAULT;
661 break;
662 }
663
6327eb98 664 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 665 err = -EINVAL;
666 break;
667 }
668
682877c3
AG		 669 if (!l2cap_valid_mtu(chan, opts.imtu)) {
670 err = -EINVAL;
671 break;
672 }
673
0c1bc5c6
GP		 674 chan->mode = opts.mode;
675 switch (chan->mode) {
38319713
JH		 676 case L2CAP_MODE_LE_FLOWCTL:
677 break;
33575df7 678 case L2CAP_MODE_BASIC:
c1360a1c 679 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 680 break;
681 case L2CAP_MODE_ERTM:
682 case L2CAP_MODE_STREAMING:
683 if (!disable_ertm)
684 break;
685 /* fall through */
686 default:
687 err = -EINVAL;
688 break;
689 }
690
0c1bc5c6
GP		 691 chan->imtu = opts.imtu;
692 chan->omtu = opts.omtu;
47d1ec61
GP		 693 chan->fcs = opts.fcs;
694 chan->max_tx = opts.max_tx;
6327eb98 695 chan->tx_win = opts.txwin_size;
12d59781 696 chan->flush_to = opts.flush_to;
33575df7
GP		 697 break;
698
699 case L2CAP_LM:
700 if (get_user(opt, (u32 __user *) optval)) {
701 err = -EFAULT;
702 break;
703 }
704
7d513e92
MH		 705 if (opt & L2CAP_LM_FIPS) {
706 err = -EINVAL;
707 break;
708 }
709
33575df7 710 if (opt & L2CAP_LM_AUTH)
4343478f 711 chan->sec_level = BT_SECURITY_LOW;
33575df7 712 if (opt & L2CAP_LM_ENCRYPT)
4343478f 713 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 714 if (opt & L2CAP_LM_SECURE)
4343478f 715 chan->sec_level = BT_SECURITY_HIGH;
33575df7 716
43bd0f32
AE		 717 if (opt & L2CAP_LM_MASTER)
718 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
719 else
720 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 721
722 if (opt & L2CAP_LM_RELIABLE)
723 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
724 else
725 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 726 break;
727
728 default:
729 err = -ENOPROTOOPT;
730 break;
731 }
732
733 release_sock(sk);
734 return err;
735}
736
2d792818
GP		 737static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
738 char __user *optval, unsigned int optlen)
33575df7
GP		 739{
740 struct sock *sk = sock->sk;
4343478f 741 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 742 struct bt_security sec;
14b12d0b 743 struct bt_power pwr;
f1cb9af5 744 struct l2cap_conn *conn;
33575df7
GP		 745 int len, err = 0;
746 u32 opt;
747
748 BT_DBG("sk %p", sk);
749
750 if (level == SOL_L2CAP)
751 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
752
753 if (level != SOL_BLUETOOTH)
754 return -ENOPROTOOPT;
755
756 lock_sock(sk);
757
758 switch (optname) {
759 case BT_SECURITY:
715ec005 760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 761 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 762 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 763 err = -EINVAL;
764 break;
765 }
766
767 sec.level = BT_SECURITY_LOW;
768
769 len = min_t(unsigned int, sizeof(sec), optlen);
770 if (copy_from_user((char *) &sec, optval, len)) {
771 err = -EFAULT;
772 break;
773 }
774
775 if (sec.level < BT_SECURITY_LOW ||
2d792818 776 sec.level > BT_SECURITY_HIGH) {
33575df7
GP		 777 err = -EINVAL;
778 break;
779 }
780
4343478f 781 chan->sec_level = sec.level;
f1cb9af5 782
0bee1d60
GP		 783 if (!chan->conn)
784 break;
785
f1cb9af5 786 conn = chan->conn;
0bee1d60
GP		 787
788 /*change security for LE channels */
073d1cf3 789 if (chan->scid == L2CAP_CID_ATT) {
cc110922 790 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 791 break;
f1cb9af5 792 sk->sk_state = BT_CONFIG;
3542b854 793 chan->state = BT_CONFIG;
0bee1d60 794
a7d7723a
GP		 795 /* or for ACL link */
796 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 797 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a
GP		 798 sk->sk_state == BT_CONNECTED) {
799 if (!l2cap_chan_check_security(chan))
c5daa683 800 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 801 else
802 sk->sk_state_change(sk);
0bee1d60
GP		 803 } else {
804 err = -EINVAL;
f1cb9af5 805 }
33575df7
GP		 806 break;
807
808 case BT_DEFER_SETUP:
809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
810 err = -EINVAL;
811 break;
812 }
813
814 if (get_user(opt, (u32 __user *) optval)) {
815 err = -EFAULT;
816 break;
817 }
818
bdc25783 819 if (opt) {
c5daa683 820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 821 set_bit(FLAG_DEFER_SETUP, &chan->flags);
822 } else {
c5daa683 823 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 824 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
825 }
33575df7
GP		 826 break;
827
828 case BT_FLUSHABLE:
829 if (get_user(opt, (u32 __user *) optval)) {
830 err = -EFAULT;
831 break;
832 }
833
834 if (opt > BT_FLUSHABLE_ON) {
835 err = -EINVAL;
836 break;
837 }
838
839 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 840 conn = chan->conn;
25985edc 841 /* proceed further only when we have l2cap_conn and
33575df7
GP		 842 No Flush support in the LM */
843 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
844 err = -EINVAL;
845 break;
846 }
847 }
848
d57b0e8b
AE		 849 if (opt)
850 set_bit(FLAG_FLUSHABLE, &chan->flags);
851 else
852 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 853 break;
854
14b12d0b
JG		 855 case BT_POWER:
856 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 857 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 858 err = -EINVAL;
859 break;
860 }
861
862 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
863
864 len = min_t(unsigned int, sizeof(pwr), optlen);
865 if (copy_from_user((char *) &pwr, optval, len)) {
866 err = -EFAULT;
867 break;
868 }
15770b1a
AE		 869
870 if (pwr.force_active)
871 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
872 else
873 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 874 break;
875
2ea66482 876 case BT_CHANNEL_POLICY:
2ea66482
MM		 877 if (get_user(opt, (u32 __user *) optval)) {
878 err = -EFAULT;
879 break;
880 }
881
882 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
883 err = -EINVAL;
884 break;
885 }
886
887 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 888 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 889 err = -EOPNOTSUPP;
890 break;
891 }
892
893 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 894
895 if (sk->sk_state == BT_CONNECTED &&
896 chan->move_role == L2CAP_MOVE_ROLE_NONE)
897 l2cap_move_start(chan);
898
14b12d0b
JG		 899 break;
900
1f435424 901 case BT_SNDMTU:
1f435424
JH		 902 if (!bdaddr_type_is_le(chan->src_type)) {
903 err = -EINVAL;
904 break;
905 }
906
907 /* Setting is not supported as it's the remote side that
908 * decides this.
909 */
910 err = -EPERM;
911 break;
912
913 case BT_RCVMTU:
1f435424
JH		 914 if (!bdaddr_type_is_le(chan->src_type)) {
915 err = -EINVAL;
916 break;
917 }
918
919 if (sk->sk_state == BT_CONNECTED) {
920 err = -EISCONN;
921 break;
922 }
923
924 if (get_user(opt, (u32 __user *) optval)) {
925 err = -EFAULT;
926 break;
927 }
928
929 chan->imtu = opt;
930 break;
931
33575df7
GP		 932 default:
933 err = -ENOPROTOOPT;
934 break;
935 }
936
937 release_sock(sk);
938 return err;
939}
fd83ccdb 940
2d792818
GP		 941static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
942 struct msghdr *msg, size_t len)
fd83ccdb
GP		 943{
944 struct sock *sk = sock->sk;
0c1bc5c6 945 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 946 int err;
947
948 BT_DBG("sock %p, sk %p", sock, sk);
949
950 err = sock_error(sk);
951 if (err)
952 return err;
953
954 if (msg->msg_flags & MSG_OOB)
955 return -EOPNOTSUPP;
956
a6a5568c 957 if (sk->sk_state != BT_CONNECTED)
9a91a04a 958 return -ENOTCONN;
fd83ccdb 959
e793dcf0
JH		 960 lock_sock(sk);
961 err = bt_sock_wait_ready(sk, msg->msg_flags);
962 release_sock(sk);
963 if (err)
964 return err;
965
a6a5568c 966 l2cap_chan_lock(chan);
5e59b791 967 err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
a6a5568c 968 l2cap_chan_unlock(chan);
fd83ccdb 969
fd83ccdb
GP		 970 return err;
971}
33575df7 972
2d792818
GP		 973static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
974 struct msghdr *msg, size_t len, int flags)
68983259
GP		 975{
976 struct sock *sk = sock->sk;
e328140f
MM		 977 struct l2cap_pinfo *pi = l2cap_pi(sk);
978 int err;
68983259
GP		 979
980 lock_sock(sk);
981
c5daa683
GP		 982 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
983 &bt_sk(sk)->flags)) {
38319713
JH		 984 if (bdaddr_type_is_le(pi->chan->src_type)) {
985 sk->sk_state = BT_CONNECTED;
986 pi->chan->state = BT_CONNECTED;
987 __l2cap_le_connect_rsp_defer(pi->chan);
988 } else {
989 sk->sk_state = BT_CONFIG;
990 pi->chan->state = BT_CONFIG;
991 __l2cap_connect_rsp_defer(pi->chan);
992 }
8c1d787b 993
970871bc
JH		 994 err = 0;
995 goto done;
68983259
GP		 996 }
997
998 release_sock(sk);
999
1000 if (sock->type == SOCK_STREAM)
e328140f
MM		 1001 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
1002 else
1003 err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
1004
1005 if (pi->chan->mode != L2CAP_MODE_ERTM)
1006 return err;
1007
1008 /* Attempt to put pending rx data in the socket buffer */
1009
1010 lock_sock(sk);
1011
1012 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1013 goto done;
1014
1015 if (pi->rx_busy_skb) {
1016 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1017 pi->rx_busy_skb = NULL;
1018 else
1019 goto done;
1020 }
1021
1022 /* Restore data flow when half of the receive buffer is
1023 * available. This avoids resending large numbers of
1024 * frames.
1025 */
1026 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1027 l2cap_chan_busy(pi->chan, 0);
68983259 1028
e328140f
MM		 1029done:
1030 release_sock(sk);
1031 return err;
68983259
GP		 1032}
1033
05fc1576
GP		 1034/* Kill socket (only if zapped and orphan)
1035 * Must be called on unlocked socket.
1036 */
ba3bd0ee 1037static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1038{
1039 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1040 return;
1041
e05dcc32 1042 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1043
1044 /* Kill poor orphan */
6ff5abbf 1045
4af66c69 1046 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1047 sock_set_flag(sk, SOCK_DEAD);
1048 sock_put(sk);
1049}
1050
dc25306b
GP		 1051static int __l2cap_wait_ack(struct sock *sk)
1052{
1053 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1054 DECLARE_WAITQUEUE(wait, current);
1055 int err = 0;
1056 int timeo = HZ/5;
1057
1058 add_wait_queue(sk_sleep(sk), &wait);
1059 set_current_state(TASK_INTERRUPTIBLE);
1060 while (chan->unacked_frames > 0 && chan->conn) {
1061 if (!timeo)
1062 timeo = HZ/5;
1063
1064 if (signal_pending(current)) {
1065 err = sock_intr_errno(timeo);
1066 break;
1067 }
1068
1069 release_sock(sk);
1070 timeo = schedule_timeout(timeo);
1071 lock_sock(sk);
1072 set_current_state(TASK_INTERRUPTIBLE);
1073
1074 err = sock_error(sk);
1075 if (err)
1076 break;
1077 }
1078 set_current_state(TASK_RUNNING);
1079 remove_wait_queue(sk_sleep(sk), &wait);
1080 return err;
1081}
1082
dcba0dba
GP		 1083static int l2cap_sock_shutdown(struct socket *sock, int how)
1084{
1085 struct sock *sk = sock->sk;
7ddb6e0f 1086 struct l2cap_chan *chan;
3df91ea2 1087 struct l2cap_conn *conn;
dcba0dba
GP		 1088 int err = 0;
1089
1090 BT_DBG("sock %p, sk %p", sock, sk);
1091
1092 if (!sk)
1093 return 0;
1094
7ddb6e0f 1095 chan = l2cap_pi(sk)->chan;
3df91ea2
AE		 1096 conn = chan->conn;
1097
1098 if (conn)
1099 mutex_lock(&conn->chan_lock);
7ddb6e0f 1100
6be36555 1101 l2cap_chan_lock(chan);
dcba0dba 1102 lock_sock(sk);
6be36555 1103
dcba0dba 1104 if (!sk->sk_shutdown) {
0c1bc5c6 1105 if (chan->mode == L2CAP_MODE_ERTM)
dcba0dba
GP		 1106 err = __l2cap_wait_ack(sk);
1107
1108 sk->sk_shutdown = SHUTDOWN_MASK;
3df91ea2 1109
6be36555 1110 release_sock(sk);
0f852724 1111 l2cap_chan_close(chan, 0);
6be36555 1112 lock_sock(sk);
dcba0dba
GP		 1113
1114 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1115 err = bt_sock_wait_state(sk, BT_CLOSED,
2d792818 1116 sk->sk_lingertime);
dcba0dba
GP		 1117 }
1118
1119 if (!err && sk->sk_err)
1120 err = -sk->sk_err;
1121
1122 release_sock(sk);
6be36555 1123 l2cap_chan_unlock(chan);
3df91ea2
AE		 1124
1125 if (conn)
1126 mutex_unlock(&conn->chan_lock);
1127
dcba0dba
GP		 1128 return err;
1129}
1130
554f05bb
GP		 1131static int l2cap_sock_release(struct socket *sock)
1132{
1133 struct sock *sk = sock->sk;
1134 int err;
1135
1136 BT_DBG("sock %p, sk %p", sock, sk);
1137
1138 if (!sk)
1139 return 0;
1140
5b28d95c
MY		 1141 bt_sock_unlink(&l2cap_sk_list, sk);
1142
554f05bb
GP		 1143 err = l2cap_sock_shutdown(sock, 2);
1144
1145 sock_orphan(sk);
1146 l2cap_sock_kill(sk);
1147 return err;
1148}
1149
c0df7f6e
AE		 1150static void l2cap_sock_cleanup_listen(struct sock *parent)
1151{
1152 struct sock *sk;
1153
1154 BT_DBG("parent %p", parent);
1155
1156 /* Close not yet accepted channels */
1157 while ((sk = bt_accept_dequeue(parent, NULL))) {
1158 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1159
1160 l2cap_chan_lock(chan);
1161 __clear_chan_timer(chan);
1162 l2cap_chan_close(chan, ECONNRESET);
1163 l2cap_chan_unlock(chan);
1164
1165 l2cap_sock_kill(sk);
1166 }
1167}
1168
80b98027 1169static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1170{
80b98027 1171 struct sock *sk, *parent = chan->data;
80808e43 1172
8ffb9290
GP		 1173 lock_sock(parent);
1174
53826692
GP		 1175 /* Check for backlog size */
1176 if (sk_acceptq_is_full(parent)) {
1177 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1178 release_sock(parent);
53826692
GP		 1179 return NULL;
1180 }
1181
80808e43 1182 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
2d792818 1183 GFP_ATOMIC);
8a96f3cd
JT		 1184 if (!sk) {
1185 release_sock(parent);
80808e43 1186 return NULL;
8a96f3cd 1187 }
80808e43 1188
d22015aa
OP		 1189 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1190
80808e43
GP		 1191 l2cap_sock_init(sk, parent);
1192
644912e1
GP		 1193 bt_accept_enqueue(parent, sk);
1194
8ffb9290
GP		 1195 release_sock(parent);
1196
80808e43
GP		 1197 return l2cap_pi(sk)->chan;
1198}
1199
80b98027 1200static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1201{
80b98027 1202 struct sock *sk = chan->data;
84b34d98 1203 int err;
e328140f 1204
6be36555
AE		 1205 lock_sock(sk);
1206
84b34d98 1207 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1208 err = -ENOMEM;
1209 goto done;
1210 }
e328140f
MM		 1211
1212 err = sock_queue_rcv_skb(sk, skb);
1213
1214 /* For ERTM, handle one skb that doesn't fit into the recv
1215 * buffer. This is important to do because the data frames
1216 * have already been acked, so the skb cannot be discarded.
1217 *
1218 * Notify the l2cap core that the buffer is full, so the
1219 * LOCAL_BUSY state is entered and no more frames are
1220 * acked and reassembled until there is buffer space
1221 * available.
1222 */
84b34d98
MH		 1223 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1224 l2cap_pi(sk)->rx_busy_skb = skb;
1225 l2cap_chan_busy(chan, 1);
e328140f
MM		 1226 err = 0;
1227 }
23070494 1228
6be36555
AE		 1229done:
1230 release_sock(sk);
1231
e328140f 1232 return err;
23070494
GP		 1233}
1234
80b98027 1235static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1236{
80b98027 1237 struct sock *sk = chan->data;
ba3bd0ee
GP		 1238
1239 l2cap_sock_kill(sk);
1240}
1241
c0df7f6e
AE		 1242static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1243{
1244 struct sock *sk = chan->data;
1245 struct sock *parent;
1246
1247 lock_sock(sk);
1248
1249 parent = bt_sk(sk)->parent;
1250
1251 sock_set_flag(sk, SOCK_ZAPPED);
1252
1253 switch (chan->state) {
1254 case BT_OPEN:
1255 case BT_BOUND:
1256 case BT_CLOSED:
1257 break;
1258 case BT_LISTEN:
1259 l2cap_sock_cleanup_listen(sk);
1260 sk->sk_state = BT_CLOSED;
1261 chan->state = BT_CLOSED;
1262
1263 break;
1264 default:
1265 sk->sk_state = BT_CLOSED;
1266 chan->state = BT_CLOSED;
1267
1268 sk->sk_err = err;
1269
1270 if (parent) {
1271 bt_accept_unlink(sk);
676d2369 1272 parent->sk_data_ready(parent);
c0df7f6e
AE		 1273 } else {
1274 sk->sk_state_change(sk);
1275 }
1276
1277 break;
1278 }
1279
1280 release_sock(sk);
1281}
1282
53f52121
GP		 1283static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1284 int err)
89bc500e 1285{
80b98027 1286 struct sock *sk = chan->data;
89bc500e
GP		 1287
1288 sk->sk_state = state;
53f52121
GP		 1289
1290 if (err)
1291 sk->sk_err = err;
89bc500e
GP		 1292}
1293
2f7719ce 1294static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
90338947 1295 unsigned long len, int nb)
2f7719ce 1296{
0f2c6153 1297 struct sock *sk = chan->data;
90338947
GP		 1298 struct sk_buff *skb;
1299 int err;
1300
a6a5568c 1301 l2cap_chan_unlock(chan);
0f2c6153 1302 skb = bt_skb_send_alloc(sk, len, nb, &err);
a6a5568c
MM		 1303 l2cap_chan_lock(chan);
1304
90338947
GP		 1305 if (!skb)
1306 return ERR_PTR(err);
2f7719ce 1307
0e790c64
GP		 1308 bt_cb(skb)->chan = chan;
1309
90338947 1310 return skb;
2f7719ce
AE		 1311}
1312
54a59aa2
AE		 1313static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1314{
1315 struct sock *sk = chan->data;
1316 struct sock *parent;
1317
1318 lock_sock(sk);
1319
1320 parent = bt_sk(sk)->parent;
1321
1322 BT_DBG("sk %p, parent %p", sk, parent);
1323
1324 sk->sk_state = BT_CONNECTED;
1325 sk->sk_state_change(sk);
1326
1327 if (parent)
676d2369 1328 parent->sk_data_ready(parent);
54a59aa2
AE		 1329
1330 release_sock(sk);
1331}
1332
2dc4e510
GP		 1333static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1334{
acdcabf5
GP		 1335 struct sock *parent, *sk = chan->data;
1336
1337 lock_sock(sk);
2dc4e510 1338
acdcabf5 1339 parent = bt_sk(sk)->parent;
2dc4e510 1340 if (parent)
676d2369 1341 parent->sk_data_ready(parent);
acdcabf5
GP		 1342
1343 release_sock(sk);
2dc4e510
GP		 1344}
1345
d97c899b
MH		 1346static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1347{
1348 struct sock *sk = chan->data;
1349
1350 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1351 sk->sk_state_change(sk);
1352}
1353
5ec1bbe5
GP		 1354static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1355{
1356 struct sock *sk = chan->data;
1357
1358 lock_sock(sk);
1359 sk->sk_shutdown = SHUTDOWN_MASK;
1360 release_sock(sk);
1361}
1362
8d836d71
GP		 1363static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1364{
1365 struct sock *sk = chan->data;
1366
1367 return sk->sk_sndtimeo;
1368}
1369
837776f7
JH		 1370static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1371{
1372 struct sock *sk = chan->data;
1373
1374 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1375 sk->sk_state_change(sk);
1376}
1377
67f86a45 1378static const struct l2cap_ops l2cap_chan_ops = {
80808e43
GP		 1379 .name = "L2CAP Socket Interface",
1380 .new_connection = l2cap_sock_new_connection_cb,
23070494 1381 .recv = l2cap_sock_recv_cb,
ba3bd0ee 1382 .close = l2cap_sock_close_cb,
c0df7f6e 1383 .teardown = l2cap_sock_teardown_cb,
89bc500e 1384 .state_change = l2cap_sock_state_change_cb,
54a59aa2 1385 .ready = l2cap_sock_ready_cb,
2dc4e510 1386 .defer = l2cap_sock_defer_cb,
d97c899b 1387 .resume = l2cap_sock_resume_cb,
837776f7 1388 .suspend = l2cap_sock_suspend_cb,
5ec1bbe5 1389 .set_shutdown = l2cap_sock_set_shutdown_cb,
8d836d71 1390 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
2f7719ce 1391 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1392};
1393
bb58f747
GP		 1394static void l2cap_sock_destruct(struct sock *sk)
1395{
1396 BT_DBG("sk %p", sk);
1397
23d3a869
SL		 1398 if (l2cap_pi(sk)->chan)
1399 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1400
e328140f
MM		 1401 if (l2cap_pi(sk)->rx_busy_skb) {
1402 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1403 l2cap_pi(sk)->rx_busy_skb = NULL;
1404 }
1405
bb58f747
GP		 1406 skb_queue_purge(&sk->sk_receive_queue);
1407 skb_queue_purge(&sk->sk_write_queue);
1408}
1409
2edf870d
MH		 1410static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1411 int *msg_namelen)
1412{
342dfc30 1413 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1414
1415 memset(la, 0, sizeof(struct sockaddr_l2));
1416 la->l2_family = AF_BLUETOOTH;
1417 la->l2_psm = bt_cb(skb)->psm;
1418 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1419
1420 *msg_namelen = sizeof(struct sockaddr_l2);
1421}
1422
80808e43 1423static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1424{
84b34d98 1425 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1426
1427 BT_DBG("sk %p", sk);
1428
1429 if (parent) {
b4450035
GP		 1430 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1431
bb58f747 1432 sk->sk_type = parent->sk_type;
c5daa683 1433 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1434
715ec005 1435 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1436 chan->imtu = pchan->imtu;
1437 chan->omtu = pchan->omtu;
b4450035 1438 chan->conf_state = pchan->conf_state;
0c1bc5c6 1439 chan->mode = pchan->mode;
47d1ec61
GP		 1440 chan->fcs = pchan->fcs;
1441 chan->max_tx = pchan->max_tx;
1442 chan->tx_win = pchan->tx_win;
6b3c7104 1443 chan->tx_win_max = pchan->tx_win_max;
4343478f 1444 chan->sec_level = pchan->sec_level;
d57b0e8b 1445 chan->flags = pchan->flags;
0cd75f7e
JH		 1446 chan->tx_credits = pchan->tx_credits;
1447 chan->rx_credits = pchan->rx_credits;
6230c9b4 1448
7a8e5a31
JH		 1449 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1450 chan->scid = pchan->scid;
1451 chan->dcid = pchan->scid;
1452 }
1453
6230c9b4 1454 security_sk_clone(parent, sk);
bb58f747 1455 } else {
715ec005
GP		 1456 switch (sk->sk_type) {
1457 case SOCK_RAW:
1458 chan->chan_type = L2CAP_CHAN_RAW;
1459 break;
1460 case SOCK_DGRAM:
1461 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1462 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1463 break;
1464 case SOCK_SEQPACKET:
1465 case SOCK_STREAM:
1466 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1467 break;
1468 }
1469
0c1bc5c6
GP		 1470 chan->imtu = L2CAP_DEFAULT_MTU;
1471 chan->omtu = 0;
bb58f747 1472 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1473 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1474 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1475 } else {
0c1bc5c6 1476 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1477 }
bd4b1653
AE		 1478
1479 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1480 }
1481
1482 /* Default config options */
0c1bc5c6 1483 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1484
1485 chan->data = sk;
1486 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1487}
1488
1489static struct proto l2cap_proto = {
1490 .name = "L2CAP",
1491 .owner = THIS_MODULE,
1492 .obj_size = sizeof(struct l2cap_pinfo)
1493};
1494
2d792818
GP		 1495static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1496 int proto, gfp_t prio)
bb58f747
GP		 1497{
1498 struct sock *sk;
dc50a06d 1499 struct l2cap_chan *chan;
bb58f747
GP		 1500
1501 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1502 if (!sk)
1503 return NULL;
1504
1505 sock_init_data(sock, sk);
1506 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1507
1508 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1509 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1510
1511 sock_reset_flag(sk, SOCK_ZAPPED);
1512
1513 sk->sk_protocol = proto;
1514 sk->sk_state = BT_OPEN;
1515
eef1d9b6 1516 chan = l2cap_chan_create();
dc50a06d 1517 if (!chan) {
49dfbb91 1518 sk_free(sk);
dc50a06d
GP		 1519 return NULL;
1520 }
1521
61d6ef3e
MM		 1522 l2cap_chan_hold(chan);
1523
dc50a06d
GP		 1524 l2cap_pi(sk)->chan = chan;
1525
bb58f747
GP		 1526 return sk;
1527}
1528
1529static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1530 int kern)
1531{
1532 struct sock *sk;
1533
1534 BT_DBG("sock %p", sock);
1535
1536 sock->state = SS_UNCONNECTED;
1537
1538 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1539 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1540 return -ESOCKTNOSUPPORT;
1541
1542 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1543 return -EPERM;
1544
1545 sock->ops = &l2cap_sock_ops;
1546
1547 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1548 if (!sk)
1549 return -ENOMEM;
1550
1551 l2cap_sock_init(sk, NULL);
5b28d95c 1552 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1553 return 0;
1554}
1555
cf2f90f5 1556static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1557 .family = PF_BLUETOOTH,
1558 .owner = THIS_MODULE,
1559 .release = l2cap_sock_release,
1560 .bind = l2cap_sock_bind,
1561 .connect = l2cap_sock_connect,
1562 .listen = l2cap_sock_listen,
1563 .accept = l2cap_sock_accept,
1564 .getname = l2cap_sock_getname,
1565 .sendmsg = l2cap_sock_sendmsg,
1566 .recvmsg = l2cap_sock_recvmsg,
1567 .poll = bt_sock_poll,
1568 .ioctl = bt_sock_ioctl,
1569 .mmap = sock_no_mmap,
1570 .socketpair = sock_no_socketpair,
1571 .shutdown = l2cap_sock_shutdown,
1572 .setsockopt = l2cap_sock_setsockopt,
1573 .getsockopt = l2cap_sock_getsockopt
1574};
1575
bb58f747
GP		 1576static const struct net_proto_family l2cap_sock_family_ops = {
1577 .family = PF_BLUETOOTH,
1578 .owner = THIS_MODULE,
1579 .create = l2cap_sock_create,
1580};
1581
1582int __init l2cap_init_sockets(void)
1583{
e2174ca4 1584 int err;
bb58f747 1585
e2174ca4
GP		 1586 err = proto_register(&l2cap_proto, 0);
1587 if (err < 0)
1588 return err;
bb58f747 1589
e2174ca4 1590 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1591 if (err < 0) {
1592 BT_ERR("L2CAP socket registration failed");
e2174ca4 1593 goto error;
5b28d95c
MY		 1594 }
1595
b0316615 1596 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1597 NULL);
5b28d95c
MY		 1598 if (err < 0) {
1599 BT_ERR("Failed to create L2CAP proc file");
1600 bt_sock_unregister(BTPROTO_L2CAP);
1601 goto error;
1602 }
bb58f747 1603
e2174ca4 1604 BT_INFO("L2CAP socket layer initialized");
bb58f747 1605
e2174ca4 1606 return 0;
bb58f747
GP		 1607
1608error:
e2174ca4
GP		 1609 proto_unregister(&l2cap_proto);
1610 return err;
bb58f747
GP		 1611}
1612
1613void l2cap_cleanup_sockets(void)
1614{
5b28d95c 1615 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1616 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1617 proto_unregister(&l2cap_proto);
bb58f747 1618}
Linux kernel - Deliverables
This page took 0.271661 seconds and 5 git commands to generate.