projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branches 'x86/amd', 'x86/vt-d', 'arm/exynos', 'arm/mediatek' and 'arm/renesas...
[deliverable/linux.git] / net / bluetooth / l2cap_sock.c
CommitLineData
bb58f747
GP		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
bb58f747
GP		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/* Bluetooth L2CAP sockets. */
29
9149761a 30#include <linux/module.h>
bc3b2d7f 31#include <linux/export.h>
6230c9b4 32
bb58f747 33#include <net/bluetooth/bluetooth.h>
33575df7 34#include <net/bluetooth/hci_core.h>
bb58f747 35#include <net/bluetooth/l2cap.h>
ac4b7236
MH		 36
37#include "smp.h"
bb58f747 38
5b28d95c
MY		 39static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
41};
42
cf2f90f5 43static const struct proto_ops l2cap_sock_ops;
80808e43 44static void l2cap_sock_init(struct sock *sk, struct sock *parent);
2d792818 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 46 int proto, gfp_t prio, int kern);
cf2f90f5 47
b3916db3
DH		 48bool l2cap_is_socket(struct socket *sock)
49{
50 return sock && sock->ops == &l2cap_sock_ops;
51}
52EXPORT_SYMBOL(l2cap_is_socket);
53
4946096d
JH		 54static int l2cap_validate_bredr_psm(u16 psm)
55{
56 /* PSM must be odd and lsb of upper byte must be 0 */
57 if ((psm & 0x0101) != 0x0001)
58 return -EINVAL;
59
60 /* Restrict usage of well-known PSMs */
114f9f1e 61 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 62 return -EACCES;
63
64 return 0;
65}
66
67static int l2cap_validate_le_psm(u16 psm)
68{
69 /* Valid LE_PSM ranges are defined only until 0x00ff */
114f9f1e 70 if (psm > L2CAP_PSM_LE_DYN_END)
4946096d
JH		 71 return -EINVAL;
72
73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
114f9f1e 74 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
4946096d
JH		 75 return -EACCES;
76
77 return 0;
78}
79
af6bcd82
GP		 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
81{
82 struct sock *sk = sock->sk;
4343478f 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 84 struct sockaddr_l2 la;
85 int len, err = 0;
86
87 BT_DBG("sk %p", sk);
88
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
90 return -EINVAL;
91
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
95
b62f328b 96 if (la.l2_cid && la.l2_psm)
af6bcd82
GP		 97 return -EINVAL;
98
80c1a2e7
JH		 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100 return -EINVAL;
101
bfe4655f 102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 103 /* We only allow ATT user space socket */
9149761a 104 if (la.l2_cid &&
dcf4adbf 105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 106 return -EINVAL;
107 }
108
af6bcd82
GP		 109 lock_sock(sk);
110
111 if (sk->sk_state != BT_OPEN) {
112 err = -EBADFD;
113 goto done;
114 }
115
116 if (la.l2_psm) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
118
4946096d
JH		 119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
121 else
122 err = l2cap_validate_le_psm(psm);
af6bcd82 123
4946096d 124 if (err)
af6bcd82 125 goto done;
af6bcd82
GP		 126 }
127
a2342c5f
JH		 128 bacpy(&chan->src, &la.l2_bdaddr);
129 chan->src_type = la.l2_bdaddr_type;
130
9e4425ff 131 if (la.l2_cid)
6e4aff10 132 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
9e4425ff
GP		 133 else
134 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
af6bcd82 135
9e4425ff
GP		 136 if (err < 0)
137 goto done;
af6bcd82 138
6a974b50 139 switch (chan->chan_type) {
3124b843
MH		 140 case L2CAP_CHAN_CONN_LESS:
141 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
142 chan->sec_level = BT_SECURITY_SDP;
143 break;
6a974b50
MH		 144 case L2CAP_CHAN_CONN_ORIENTED:
145 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
146 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
147 chan->sec_level = BT_SECURITY_SDP;
148 break;
cb6ca8e1
JH		 149 case L2CAP_CHAN_RAW:
150 chan->sec_level = BT_SECURITY_SDP;
151 break;
c16900cf
JH		 152 case L2CAP_CHAN_FIXED:
153 /* Fixed channels default to the L2CAP core not holding a
154 * hci_conn reference for them. For fixed channels mapping to
155 * L2CAP sockets we do want to hold a reference so set the
156 * appropriate flag to request it.
157 */
158 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 break;
6a974b50 160 }
b62f328b 161
38319713 162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 164
89bc500e 165 chan->state = BT_BOUND;
9e4425ff 166 sk->sk_state = BT_BOUND;
af6bcd82
GP		 167
168done:
169 release_sock(sk);
170 return err;
171}
172
2d792818
GP		 173static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
174 int alen, int flags)
4e34c50b
GP		 175{
176 struct sock *sk = sock->sk;
0c1bc5c6 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4e34c50b
GP		 178 struct sockaddr_l2 la;
179 int len, err = 0;
180
181 BT_DBG("sk %p", sk);
182
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
185 return -EINVAL;
186
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
190
acd7d370 191 if (la.l2_cid && la.l2_psm)
4e34c50b
GP		 192 return -EINVAL;
193
80c1a2e7
JH		 194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
195 return -EINVAL;
196
eb622495
JH		 197 /* Check that the socket wasn't bound to something that
198 * conflicts with the address given to connect(). If chan->src
199 * is BDADDR_ANY it means bind() was never used, in which case
200 * chan->src_type and la.l2_bdaddr_type do not need to match.
201 */
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204 /* Old user space versions will try to incorrectly bind
205 * the ATT socket using BDADDR_BREDR. We need to accept
206 * this and fix up the source address type only when
207 * both the source CID and destination CID indicate
208 * ATT. Anything else is an invalid combination.
209 */
210 if (chan->scid != L2CAP_CID_ATT ||
dcf4adbf 211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
eb622495
JH		 212 return -EINVAL;
213
214 /* We don't have the hdev available here to make a
215 * better decision on random vs public, but since all
216 * user space versions that exhibit this issue anyway do
217 * not support random local addresses assuming public
218 * here is good enough.
219 */
220 chan->src_type = BDADDR_LE_PUBLIC;
221 }
1f209383
JH		 222
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
224 return -EINVAL;
225
bfe4655f 226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
bfe4655f 227 /* We only allow ATT user space socket */
9149761a 228 if (la.l2_cid &&
dcf4adbf 229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
bfe4655f
JH		 230 return -EINVAL;
231 }
232
38319713 233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
0ce43ce6 234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
38319713 235
6e4aff10 236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
8e9f9892 237 &la.l2_bdaddr, la.l2_bdaddr_type);
4e34c50b 238 if (err)
b3fb611e 239 return err;
4e34c50b 240
6be36555
AE		 241 lock_sock(sk);
242
4e34c50b 243 err = bt_sock_wait_state(sk, BT_CONNECTED,
2d792818 244 sock_sndtimeo(sk, flags & O_NONBLOCK));
b3fb611e
AE		 245
246 release_sock(sk);
247
4e34c50b
GP		 248 return err;
249}
250
af6bcd82
GP		 251static int l2cap_sock_listen(struct socket *sock, int backlog)
252{
253 struct sock *sk = sock->sk;
0c1bc5c6 254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
af6bcd82
GP		 255 int err = 0;
256
257 BT_DBG("sk %p backlog %d", sk, backlog);
258
259 lock_sock(sk);
260
6b3af733 261 if (sk->sk_state != BT_BOUND) {
af6bcd82
GP		 262 err = -EBADFD;
263 goto done;
264 }
265
6b3af733
MH		 266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
267 err = -EINVAL;
268 goto done;
269 }
270
0c1bc5c6 271 switch (chan->mode) {
af6bcd82 272 case L2CAP_MODE_BASIC:
38319713 273 case L2CAP_MODE_LE_FLOWCTL:
af6bcd82
GP		 274 break;
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
277 if (!disable_ertm)
278 break;
279 /* fall through */
280 default:
beb19e4c 281 err = -EOPNOTSUPP;
af6bcd82
GP		 282 goto done;
283 }
284
af6bcd82
GP		 285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
89bc500e 287
abe84903
JH		 288 /* Listening channels need to use nested locking in order not to
289 * cause lockdep warnings when the created child channels end up
290 * being locked in the same thread as the parent channel.
291 */
292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
293
89bc500e 294 chan->state = BT_LISTEN;
af6bcd82
GP		 295 sk->sk_state = BT_LISTEN;
296
297done:
298 release_sock(sk);
299 return err;
300}
301
2d792818
GP		 302static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
303 int flags)
c47b7c72 304{
dfb2fae7 305 DEFINE_WAIT_FUNC(wait, woken_wake_function);
c47b7c72
GP		 306 struct sock *sk = sock->sk, *nsk;
307 long timeo;
308 int err = 0;
309
3b2ab39e 310 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 311
c47b7c72
GP		 312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
313
314 BT_DBG("sk %p timeo %ld", sk, timeo);
315
316 /* Wait for an incoming connection. (wake-one). */
317 add_wait_queue_exclusive(sk_sleep(sk), &wait);
f9a3c20a 318 while (1) {
f9a3c20a
PH		 319 if (sk->sk_state != BT_LISTEN) {
320 err = -EBADFD;
c47b7c72
GP		 321 break;
322 }
323
f9a3c20a
PH		 324 nsk = bt_accept_dequeue(sk, newsock);
325 if (nsk)
326 break;
c47b7c72 327
f9a3c20a
PH		 328 if (!timeo) {
329 err = -EAGAIN;
c47b7c72
GP		 330 break;
331 }
332
333 if (signal_pending(current)) {
334 err = sock_intr_errno(timeo);
335 break;
336 }
f9a3c20a
PH		 337
338 release_sock(sk);
dfb2fae7
PH		 339
340 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
341
3b2ab39e 342 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
c47b7c72 343 }
c47b7c72
GP		 344 remove_wait_queue(sk_sleep(sk), &wait);
345
346 if (err)
347 goto done;
348
349 newsock->state = SS_CONNECTED;
350
351 BT_DBG("new socket %p", nsk);
352
353done:
354 release_sock(sk);
355 return err;
356}
357
2d792818
GP		 358static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
359 int *len, int peer)
d7175d55
GP		 360{
361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
362 struct sock *sk = sock->sk;
0c1bc5c6 363 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
d7175d55
GP		 364
365 BT_DBG("sock %p, sk %p", sock, sk);
366
e8b1ab9e 367 if (peer && sk->sk_state != BT_CONNECTED &&
bf19d51b
JH		 368 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
369 sk->sk_state != BT_CONFIG)
b783fbc3
JH		 370 return -ENOTCONN;
371
792039c7 372 memset(la, 0, sizeof(struct sockaddr_l2));
d7175d55
GP		 373 addr->sa_family = AF_BLUETOOTH;
374 *len = sizeof(struct sockaddr_l2);
375
d7e5e76b
JH		 376 la->l2_psm = chan->psm;
377
d7175d55 378 if (peer) {
7eafc59e 379 bacpy(&la->l2_bdaddr, &chan->dst);
fe4128e0 380 la->l2_cid = cpu_to_le16(chan->dcid);
4f1654e0 381 la->l2_bdaddr_type = chan->dst_type;
d7175d55 382 } else {
7eafc59e 383 bacpy(&la->l2_bdaddr, &chan->src);
fe4128e0 384 la->l2_cid = cpu_to_le16(chan->scid);
4f1654e0 385 la->l2_bdaddr_type = chan->src_type;
d7175d55
GP		 386 }
387
388 return 0;
389}
390
2d792818
GP		 391static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
392 char __user *optval, int __user *optlen)
99f4808d
GP		 393{
394 struct sock *sk = sock->sk;
4343478f 395 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d
GP		 396 struct l2cap_options opts;
397 struct l2cap_conninfo cinfo;
398 int len, err = 0;
399 u32 opt;
400
401 BT_DBG("sk %p", sk);
402
403 if (get_user(len, optlen))
404 return -EFAULT;
405
406 lock_sock(sk);
407
408 switch (optname) {
409 case L2CAP_OPTIONS:
64b4f8dc
JH		 410 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
411 * legacy ATT code depends on getsockopt for
412 * L2CAP_OPTIONS we need to let this pass.
413 */
414 if (bdaddr_type_is_le(chan->src_type) &&
415 chan->scid != L2CAP_CID_ATT) {
416 err = -EINVAL;
417 break;
418 }
419
e3fb592b 420 memset(&opts, 0, sizeof(opts));
0c1bc5c6
GP		 421 opts.imtu = chan->imtu;
422 opts.omtu = chan->omtu;
423 opts.flush_to = chan->flush_to;
424 opts.mode = chan->mode;
47d1ec61
GP		 425 opts.fcs = chan->fcs;
426 opts.max_tx = chan->max_tx;
6327eb98 427 opts.txwin_size = chan->tx_win;
99f4808d
GP		 428
429 len = min_t(unsigned int, len, sizeof(opts));
430 if (copy_to_user(optval, (char *) &opts, len))
431 err = -EFAULT;
432
433 break;
434
435 case L2CAP_LM:
4343478f 436 switch (chan->sec_level) {
99f4808d
GP		 437 case BT_SECURITY_LOW:
438 opt = L2CAP_LM_AUTH;
439 break;
440 case BT_SECURITY_MEDIUM:
441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
442 break;
443 case BT_SECURITY_HIGH:
444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2d792818 445 L2CAP_LM_SECURE;
99f4808d 446 break;
7d513e92
MH		 447 case BT_SECURITY_FIPS:
448 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
449 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
450 break;
99f4808d
GP		 451 default:
452 opt = 0;
453 break;
454 }
455
43bd0f32 456 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
99f4808d
GP		 457 opt |= L2CAP_LM_MASTER;
458
ecf61bdb 459 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
99f4808d
GP		 460 opt |= L2CAP_LM_RELIABLE;
461
462 if (put_user(opt, (u32 __user *) optval))
463 err = -EFAULT;
7d513e92 464
99f4808d
GP		 465 break;
466
467 case L2CAP_CONNINFO:
468 if (sk->sk_state != BT_CONNECTED &&
c5daa683
GP		 469 !(sk->sk_state == BT_CONNECT2 &&
470 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
99f4808d
GP		 471 err = -ENOTCONN;
472 break;
473 }
474
8d03e971 475 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 476 cinfo.hci_handle = chan->conn->hcon->handle;
477 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
99f4808d
GP		 478
479 len = min_t(unsigned int, len, sizeof(cinfo));
480 if (copy_to_user(optval, (char *) &cinfo, len))
481 err = -EFAULT;
482
483 break;
484
485 default:
486 err = -ENOPROTOOPT;
487 break;
488 }
489
490 release_sock(sk);
491 return err;
492}
493
2d792818
GP		 494static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
495 char __user *optval, int __user *optlen)
99f4808d
GP		 496{
497 struct sock *sk = sock->sk;
4343478f 498 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
99f4808d 499 struct bt_security sec;
14b12d0b 500 struct bt_power pwr;
99f4808d
GP		 501 int len, err = 0;
502
503 BT_DBG("sk %p", sk);
504
505 if (level == SOL_L2CAP)
506 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
507
508 if (level != SOL_BLUETOOTH)
509 return -ENOPROTOOPT;
510
511 if (get_user(len, optlen))
512 return -EFAULT;
513
514 lock_sock(sk);
515
516 switch (optname) {
517 case BT_SECURITY:
715ec005 518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 519 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 520 chan->chan_type != L2CAP_CHAN_RAW) {
99f4808d
GP		 521 err = -EINVAL;
522 break;
523 }
524
8f360119 525 memset(&sec, 0, sizeof(sec));
85e34368 526 if (chan->conn) {
c6585a4d 527 sec.level = chan->conn->hcon->sec_level;
99f4808d 528
85e34368
AE		 529 if (sk->sk_state == BT_CONNECTED)
530 sec.key_size = chan->conn->hcon->enc_key_size;
531 } else {
532 sec.level = chan->sec_level;
533 }
8f360119 534
99f4808d
GP		 535 len = min_t(unsigned int, len, sizeof(sec));
536 if (copy_to_user(optval, (char *) &sec, len))
537 err = -EFAULT;
538
539 break;
540
541 case BT_DEFER_SETUP:
542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
543 err = -EINVAL;
544 break;
545 }
546
c5daa683
GP		 547 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
548 (u32 __user *) optval))
99f4808d
GP		 549 err = -EFAULT;
550
551 break;
552
553 case BT_FLUSHABLE:
d57b0e8b 554 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
2d792818 555 (u32 __user *) optval))
99f4808d
GP		 556 err = -EFAULT;
557
558 break;
559
14b12d0b
JG		 560 case BT_POWER:
561 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2d792818 562 && sk->sk_type != SOCK_RAW) {
14b12d0b
JG		 563 err = -EINVAL;
564 break;
565 }
566
15770b1a 567 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 568
569 len = min_t(unsigned int, len, sizeof(pwr));
570 if (copy_to_user(optval, (char *) &pwr, len))
571 err = -EFAULT;
572
573 break;
574
2ea66482 575 case BT_CHANNEL_POLICY:
2ea66482
MM		 576 if (put_user(chan->chan_policy, (u32 __user *) optval))
577 err = -EFAULT;
578 break;
579
1f435424 580 case BT_SNDMTU:
1f435424
JH		 581 if (!bdaddr_type_is_le(chan->src_type)) {
582 err = -EINVAL;
583 break;
584 }
585
586 if (sk->sk_state != BT_CONNECTED) {
587 err = -ENOTCONN;
588 break;
589 }
590
591 if (put_user(chan->omtu, (u16 __user *) optval))
592 err = -EFAULT;
593 break;
594
595 case BT_RCVMTU:
1f435424
JH		 596 if (!bdaddr_type_is_le(chan->src_type)) {
597 err = -EINVAL;
598 break;
599 }
600
601 if (put_user(chan->imtu, (u16 __user *) optval))
602 err = -EFAULT;
603 break;
604
99f4808d
GP		 605 default:
606 err = -ENOPROTOOPT;
607 break;
608 }
609
610 release_sock(sk);
611 return err;
612}
613
682877c3
AG		 614static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
615{
616 switch (chan->scid) {
073d1cf3 617 case L2CAP_CID_ATT:
8c3a4f00 618 if (mtu < L2CAP_LE_MIN_MTU)
682877c3
AG		 619 return false;
620 break;
621
622 default:
623 if (mtu < L2CAP_DEFAULT_MIN_MTU)
624 return false;
625 }
626
627 return true;
628}
629
2d792818
GP		 630static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
631 char __user *optval, unsigned int optlen)
33575df7
GP		 632{
633 struct sock *sk = sock->sk;
b4450035 634 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7
GP		 635 struct l2cap_options opts;
636 int len, err = 0;
637 u32 opt;
638
639 BT_DBG("sk %p", sk);
640
641 lock_sock(sk);
642
643 switch (optname) {
644 case L2CAP_OPTIONS:
64b4f8dc
JH		 645 if (bdaddr_type_is_le(chan->src_type)) {
646 err = -EINVAL;
647 break;
648 }
649
33575df7
GP		 650 if (sk->sk_state == BT_CONNECTED) {
651 err = -EINVAL;
652 break;
653 }
654
0c1bc5c6
GP		 655 opts.imtu = chan->imtu;
656 opts.omtu = chan->omtu;
657 opts.flush_to = chan->flush_to;
658 opts.mode = chan->mode;
47d1ec61
GP		 659 opts.fcs = chan->fcs;
660 opts.max_tx = chan->max_tx;
6327eb98 661 opts.txwin_size = chan->tx_win;
33575df7
GP		 662
663 len = min_t(unsigned int, sizeof(opts), optlen);
664 if (copy_from_user((char *) &opts, optval, len)) {
665 err = -EFAULT;
666 break;
667 }
668
6327eb98 669 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
33575df7
GP		 670 err = -EINVAL;
671 break;
672 }
673
682877c3
AG		 674 if (!l2cap_valid_mtu(chan, opts.imtu)) {
675 err = -EINVAL;
676 break;
677 }
678
0c1bc5c6
GP		 679 chan->mode = opts.mode;
680 switch (chan->mode) {
38319713
JH		 681 case L2CAP_MODE_LE_FLOWCTL:
682 break;
33575df7 683 case L2CAP_MODE_BASIC:
c1360a1c 684 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
33575df7
GP		 685 break;
686 case L2CAP_MODE_ERTM:
687 case L2CAP_MODE_STREAMING:
688 if (!disable_ertm)
689 break;
690 /* fall through */
691 default:
692 err = -EINVAL;
693 break;
694 }
695
0c1bc5c6
GP		 696 chan->imtu = opts.imtu;
697 chan->omtu = opts.omtu;
47d1ec61
GP		 698 chan->fcs = opts.fcs;
699 chan->max_tx = opts.max_tx;
6327eb98 700 chan->tx_win = opts.txwin_size;
12d59781 701 chan->flush_to = opts.flush_to;
33575df7
GP		 702 break;
703
704 case L2CAP_LM:
705 if (get_user(opt, (u32 __user *) optval)) {
706 err = -EFAULT;
707 break;
708 }
709
7d513e92
MH		 710 if (opt & L2CAP_LM_FIPS) {
711 err = -EINVAL;
712 break;
713 }
714
33575df7 715 if (opt & L2CAP_LM_AUTH)
4343478f 716 chan->sec_level = BT_SECURITY_LOW;
33575df7 717 if (opt & L2CAP_LM_ENCRYPT)
4343478f 718 chan->sec_level = BT_SECURITY_MEDIUM;
33575df7 719 if (opt & L2CAP_LM_SECURE)
4343478f 720 chan->sec_level = BT_SECURITY_HIGH;
33575df7 721
43bd0f32
AE		 722 if (opt & L2CAP_LM_MASTER)
723 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
724 else
725 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
ecf61bdb
AE		 726
727 if (opt & L2CAP_LM_RELIABLE)
728 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
729 else
730 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
33575df7
GP		 731 break;
732
733 default:
734 err = -ENOPROTOOPT;
735 break;
736 }
737
738 release_sock(sk);
739 return err;
740}
741
2d792818
GP		 742static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
743 char __user *optval, unsigned int optlen)
33575df7
GP		 744{
745 struct sock *sk = sock->sk;
4343478f 746 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
33575df7 747 struct bt_security sec;
14b12d0b 748 struct bt_power pwr;
f1cb9af5 749 struct l2cap_conn *conn;
33575df7
GP		 750 int len, err = 0;
751 u32 opt;
752
753 BT_DBG("sk %p", sk);
754
755 if (level == SOL_L2CAP)
756 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
757
758 if (level != SOL_BLUETOOTH)
759 return -ENOPROTOOPT;
760
761 lock_sock(sk);
762
763 switch (optname) {
764 case BT_SECURITY:
715ec005 765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
e0c888ad 766 chan->chan_type != L2CAP_CHAN_FIXED &&
2d792818 767 chan->chan_type != L2CAP_CHAN_RAW) {
33575df7
GP		 768 err = -EINVAL;
769 break;
770 }
771
772 sec.level = BT_SECURITY_LOW;
773
774 len = min_t(unsigned int, sizeof(sec), optlen);
775 if (copy_from_user((char *) &sec, optval, len)) {
776 err = -EFAULT;
777 break;
778 }
779
780 if (sec.level < BT_SECURITY_LOW ||
a164cee1 781 sec.level > BT_SECURITY_FIPS) {
33575df7
GP		 782 err = -EINVAL;
783 break;
784 }
785
4343478f 786 chan->sec_level = sec.level;
f1cb9af5 787
0bee1d60
GP		 788 if (!chan->conn)
789 break;
790
f1cb9af5 791 conn = chan->conn;
0bee1d60
GP		 792
793 /*change security for LE channels */
073d1cf3 794 if (chan->scid == L2CAP_CID_ATT) {
cc110922 795 if (smp_conn_security(conn->hcon, sec.level))
f1cb9af5 796 break;
d52deb17 797 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
f1cb9af5 798 sk->sk_state = BT_CONFIG;
3542b854 799 chan->state = BT_CONFIG;
0bee1d60 800
a7d7723a
GP		 801 /* or for ACL link */
802 } else if ((sk->sk_state == BT_CONNECT2 &&
2d792818 803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
a7d7723a 804 sk->sk_state == BT_CONNECTED) {
e7cafc45 805 if (!l2cap_chan_check_security(chan, true))
c5daa683 806 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 807 else
808 sk->sk_state_change(sk);
0bee1d60
GP		 809 } else {
810 err = -EINVAL;
f1cb9af5 811 }
33575df7
GP		 812 break;
813
814 case BT_DEFER_SETUP:
815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
816 err = -EINVAL;
817 break;
818 }
819
820 if (get_user(opt, (u32 __user *) optval)) {
821 err = -EFAULT;
822 break;
823 }
824
bdc25783 825 if (opt) {
c5daa683 826 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 827 set_bit(FLAG_DEFER_SETUP, &chan->flags);
828 } else {
c5daa683 829 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
bdc25783
MH		 830 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
831 }
33575df7
GP		 832 break;
833
834 case BT_FLUSHABLE:
835 if (get_user(opt, (u32 __user *) optval)) {
836 err = -EFAULT;
837 break;
838 }
839
840 if (opt > BT_FLUSHABLE_ON) {
841 err = -EINVAL;
842 break;
843 }
844
845 if (opt == BT_FLUSHABLE_OFF) {
c1f23a2b 846 conn = chan->conn;
25985edc 847 /* proceed further only when we have l2cap_conn and
33575df7
GP		 848 No Flush support in the LM */
849 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
850 err = -EINVAL;
851 break;
852 }
853 }
854
d57b0e8b
AE		 855 if (opt)
856 set_bit(FLAG_FLUSHABLE, &chan->flags);
857 else
858 clear_bit(FLAG_FLUSHABLE, &chan->flags);
33575df7
GP		 859 break;
860
14b12d0b
JG		 861 case BT_POWER:
862 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
2d792818 863 chan->chan_type != L2CAP_CHAN_RAW) {
14b12d0b
JG		 864 err = -EINVAL;
865 break;
866 }
867
868 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
869
870 len = min_t(unsigned int, sizeof(pwr), optlen);
871 if (copy_from_user((char *) &pwr, optval, len)) {
872 err = -EFAULT;
873 break;
874 }
15770b1a
AE		 875
876 if (pwr.force_active)
877 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
878 else
879 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b
JG		 880 break;
881
2ea66482 882 case BT_CHANNEL_POLICY:
2ea66482
MM		 883 if (get_user(opt, (u32 __user *) optval)) {
884 err = -EFAULT;
885 break;
886 }
887
888 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
889 err = -EINVAL;
890 break;
891 }
892
893 if (chan->mode != L2CAP_MODE_ERTM &&
2d792818 894 chan->mode != L2CAP_MODE_STREAMING) {
2ea66482
MM		 895 err = -EOPNOTSUPP;
896 break;
897 }
898
899 chan->chan_policy = (u8) opt;
3f7a56c4
MM		 900
901 if (sk->sk_state == BT_CONNECTED &&
902 chan->move_role == L2CAP_MOVE_ROLE_NONE)
903 l2cap_move_start(chan);
904
14b12d0b
JG		 905 break;
906
1f435424 907 case BT_SNDMTU:
1f435424
JH		 908 if (!bdaddr_type_is_le(chan->src_type)) {
909 err = -EINVAL;
910 break;
911 }
912
913 /* Setting is not supported as it's the remote side that
914 * decides this.
915 */
916 err = -EPERM;
917 break;
918
919 case BT_RCVMTU:
1f435424
JH		 920 if (!bdaddr_type_is_le(chan->src_type)) {
921 err = -EINVAL;
922 break;
923 }
924
925 if (sk->sk_state == BT_CONNECTED) {
926 err = -EISCONN;
927 break;
928 }
929
23bc6ab0 930 if (get_user(opt, (u16 __user *) optval)) {
1f435424
JH		 931 err = -EFAULT;
932 break;
933 }
934
935 chan->imtu = opt;
936 break;
937
33575df7
GP		 938 default:
939 err = -ENOPROTOOPT;
940 break;
941 }
942
943 release_sock(sk);
944 return err;
945}
fd83ccdb 946
1b784140
YX		 947static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
948 size_t len)
fd83ccdb
GP		 949{
950 struct sock *sk = sock->sk;
0c1bc5c6 951 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
fd83ccdb
GP		 952 int err;
953
954 BT_DBG("sock %p, sk %p", sock, sk);
955
956 err = sock_error(sk);
957 if (err)
958 return err;
959
960 if (msg->msg_flags & MSG_OOB)
961 return -EOPNOTSUPP;
962
a6a5568c 963 if (sk->sk_state != BT_CONNECTED)
9a91a04a 964 return -ENOTCONN;
fd83ccdb 965
e793dcf0
JH		 966 lock_sock(sk);
967 err = bt_sock_wait_ready(sk, msg->msg_flags);
968 release_sock(sk);
969 if (err)
970 return err;
971
a6a5568c 972 l2cap_chan_lock(chan);
8d46321c 973 err = l2cap_chan_send(chan, msg, len);
a6a5568c 974 l2cap_chan_unlock(chan);
fd83ccdb 975
fd83ccdb
GP		 976 return err;
977}
33575df7 978
1b784140
YX		 979static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
980 size_t len, int flags)
68983259
GP		 981{
982 struct sock *sk = sock->sk;
e328140f
MM		 983 struct l2cap_pinfo *pi = l2cap_pi(sk);
984 int err;
68983259
GP		 985
986 lock_sock(sk);
987
c5daa683
GP		 988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
989 &bt_sk(sk)->flags)) {
38319713
JH		 990 if (bdaddr_type_is_le(pi->chan->src_type)) {
991 sk->sk_state = BT_CONNECTED;
992 pi->chan->state = BT_CONNECTED;
993 __l2cap_le_connect_rsp_defer(pi->chan);
994 } else {
995 sk->sk_state = BT_CONFIG;
996 pi->chan->state = BT_CONFIG;
997 __l2cap_connect_rsp_defer(pi->chan);
998 }
8c1d787b 999
970871bc
JH		 1000 err = 0;
1001 goto done;
68983259
GP		 1002 }
1003
1004 release_sock(sk);
1005
1006 if (sock->type == SOCK_STREAM)
1b784140 1007 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
e328140f 1008 else
1b784140 1009 err = bt_sock_recvmsg(sock, msg, len, flags);
e328140f
MM		 1010
1011 if (pi->chan->mode != L2CAP_MODE_ERTM)
1012 return err;
1013
1014 /* Attempt to put pending rx data in the socket buffer */
1015
1016 lock_sock(sk);
1017
1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1019 goto done;
1020
1021 if (pi->rx_busy_skb) {
dbb50887 1022 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
e328140f
MM		 1023 pi->rx_busy_skb = NULL;
1024 else
1025 goto done;
1026 }
1027
1028 /* Restore data flow when half of the receive buffer is
1029 * available. This avoids resending large numbers of
1030 * frames.
1031 */
1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1033 l2cap_chan_busy(pi->chan, 0);
68983259 1034
e328140f
MM		 1035done:
1036 release_sock(sk);
1037 return err;
68983259
GP		 1038}
1039
05fc1576
GP		 1040/* Kill socket (only if zapped and orphan)
1041 * Must be called on unlocked socket.
1042 */
ba3bd0ee 1043static void l2cap_sock_kill(struct sock *sk)
05fc1576
GP		 1044{
1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1046 return;
1047
e05dcc32 1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
05fc1576
GP		 1049
1050 /* Kill poor orphan */
6ff5abbf 1051
4af66c69 1052 l2cap_chan_put(l2cap_pi(sk)->chan);
05fc1576
GP		 1053 sock_set_flag(sk, SOCK_DEAD);
1054 sock_put(sk);
1055}
1056
f65468f6 1057static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
dc25306b 1058{
dc25306b
GP		 1059 DECLARE_WAITQUEUE(wait, current);
1060 int err = 0;
cb02a255 1061 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
e432c72c
DJ		 1062 /* Timeout to prevent infinite loop */
1063 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
dc25306b
GP		 1064
1065 add_wait_queue(sk_sleep(sk), &wait);
1066 set_current_state(TASK_INTERRUPTIBLE);
f65468f6 1067 do {
e432c72c
DJ		 1068 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1069 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1070 jiffies_to_msecs(timeout - jiffies));
451e4c6c 1071
dc25306b 1072 if (!timeo)
cb02a255 1073 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
dc25306b
GP		 1074
1075 if (signal_pending(current)) {
1076 err = sock_intr_errno(timeo);
1077 break;
1078 }
1079
1080 release_sock(sk);
1081 timeo = schedule_timeout(timeo);
1082 lock_sock(sk);
1083 set_current_state(TASK_INTERRUPTIBLE);
1084
1085 err = sock_error(sk);
1086 if (err)
1087 break;
f65468f6 1088
e432c72c
DJ		 1089 if (time_after(jiffies, timeout)) {
1090 err = -ENOLINK;
1091 break;
1092 }
1093
f65468f6
DJ		 1094 } while (chan->unacked_frames > 0 &&
1095 chan->state == BT_CONNECTED);
1096
dc25306b
GP		 1097 set_current_state(TASK_RUNNING);
1098 remove_wait_queue(sk_sleep(sk), &wait);
1099 return err;
1100}
1101
dcba0dba
GP		 1102static int l2cap_sock_shutdown(struct socket *sock, int how)
1103{
1104 struct sock *sk = sock->sk;
7ddb6e0f 1105 struct l2cap_chan *chan;
3df91ea2 1106 struct l2cap_conn *conn;
dcba0dba
GP		 1107 int err = 0;
1108
1109 BT_DBG("sock %p, sk %p", sock, sk);
1110
1111 if (!sk)
1112 return 0;
1113
04ba72e6
DJ		 1114 lock_sock(sk);
1115
e7456437
DJ		 1116 if (sk->sk_shutdown)
1117 goto shutdown_already;
1118
1119 BT_DBG("Handling sock shutdown");
1120
2baea85d
DJ		 1121 /* prevent sk structure from being freed whilst unlocked */
1122 sock_hold(sk);
1123
7ddb6e0f 1124 chan = l2cap_pi(sk)->chan;
2baea85d
DJ		 1125 /* prevent chan structure from being freed whilst unlocked */
1126 l2cap_chan_hold(chan);
3df91ea2 1127
49d11741
JH		 1128 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1129
e7456437
DJ		 1130 if (chan->mode == L2CAP_MODE_ERTM &&
1131 chan->unacked_frames > 0 &&
9f7378a9 1132 chan->state == BT_CONNECTED) {
e7456437 1133 err = __l2cap_wait_ack(sk, chan);
dcba0dba 1134
9f7378a9
DJ		 1135 /* After waiting for ACKs, check whether shutdown
1136 * has already been actioned to close the L2CAP
1137 * link such as by l2cap_disconnection_req().
1138 */
1139 if (sk->sk_shutdown)
1140 goto has_shutdown;
1141 }
1142
e7456437 1143 sk->sk_shutdown = SHUTDOWN_MASK;
e7456437 1144 release_sock(sk);
04ba72e6
DJ		 1145
1146 l2cap_chan_lock(chan);
1147 conn = chan->conn;
1148 if (conn)
1149 /* prevent conn structure from being freed */
1150 l2cap_conn_get(conn);
1151 l2cap_chan_unlock(chan);
1152
1153 if (conn)
1154 /* mutex lock must be taken before l2cap_chan_lock() */
1155 mutex_lock(&conn->chan_lock);
1156
1157 l2cap_chan_lock(chan);
e7456437 1158 l2cap_chan_close(chan, 0);
04ba72e6
DJ		 1159 l2cap_chan_unlock(chan);
1160
1161 if (conn) {
1162 mutex_unlock(&conn->chan_lock);
1163 l2cap_conn_put(conn);
1164 }
1165
e7456437 1166 lock_sock(sk);
dcba0dba 1167
e7456437
DJ		 1168 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1169 !(current->flags & PF_EXITING))
1170 err = bt_sock_wait_state(sk, BT_CLOSED,
1171 sk->sk_lingertime);
dcba0dba 1172
9f7378a9 1173has_shutdown:
04ba72e6
DJ		 1174 l2cap_chan_put(chan);
1175 sock_put(sk);
1176
1177shutdown_already:
dcba0dba
GP		 1178 if (!err && sk->sk_err)
1179 err = -sk->sk_err;
1180
1181 release_sock(sk);
3df91ea2 1182
04ba72e6 1183 BT_DBG("Sock shutdown complete err: %d", err);
451e4c6c 1184
dcba0dba
GP		 1185 return err;
1186}
1187
554f05bb
GP		 1188static int l2cap_sock_release(struct socket *sock)
1189{
1190 struct sock *sk = sock->sk;
1191 int err;
1192
1193 BT_DBG("sock %p, sk %p", sock, sk);
1194
1195 if (!sk)
1196 return 0;
1197
5b28d95c
MY		 1198 bt_sock_unlink(&l2cap_sk_list, sk);
1199
554f05bb
GP		 1200 err = l2cap_sock_shutdown(sock, 2);
1201
1202 sock_orphan(sk);
1203 l2cap_sock_kill(sk);
1204 return err;
1205}
1206
c0df7f6e
AE		 1207static void l2cap_sock_cleanup_listen(struct sock *parent)
1208{
1209 struct sock *sk;
1210
49d11741
JH		 1211 BT_DBG("parent %p state %s", parent,
1212 state_to_string(parent->sk_state));
c0df7f6e
AE		 1213
1214 /* Close not yet accepted channels */
1215 while ((sk = bt_accept_dequeue(parent, NULL))) {
1216 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1217
49d11741
JH		 1218 BT_DBG("child chan %p state %s", chan,
1219 state_to_string(chan->state));
1220
c0df7f6e
AE		 1221 l2cap_chan_lock(chan);
1222 __clear_chan_timer(chan);
1223 l2cap_chan_close(chan, ECONNRESET);
1224 l2cap_chan_unlock(chan);
1225
1226 l2cap_sock_kill(sk);
1227 }
1228}
1229
80b98027 1230static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
80808e43 1231{
80b98027 1232 struct sock *sk, *parent = chan->data;
80808e43 1233
8ffb9290
GP		 1234 lock_sock(parent);
1235
53826692
GP		 1236 /* Check for backlog size */
1237 if (sk_acceptq_is_full(parent)) {
1238 BT_DBG("backlog full %d", parent->sk_ack_backlog);
8a96f3cd 1239 release_sock(parent);
53826692
GP		 1240 return NULL;
1241 }
1242
80808e43 1243 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
11aa9c28 1244 GFP_ATOMIC, 0);
8a96f3cd
JT		 1245 if (!sk) {
1246 release_sock(parent);
80808e43 1247 return NULL;
8a96f3cd 1248 }
80808e43 1249
d22015aa
OP		 1250 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1251
80808e43
GP		 1252 l2cap_sock_init(sk, parent);
1253
644912e1
GP		 1254 bt_accept_enqueue(parent, sk);
1255
8ffb9290
GP		 1256 release_sock(parent);
1257
80808e43
GP		 1258 return l2cap_pi(sk)->chan;
1259}
1260
80b98027 1261static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
23070494 1262{
80b98027 1263 struct sock *sk = chan->data;
84b34d98 1264 int err;
e328140f 1265
6be36555
AE		 1266 lock_sock(sk);
1267
84b34d98 1268 if (l2cap_pi(sk)->rx_busy_skb) {
6be36555
AE		 1269 err = -ENOMEM;
1270 goto done;
1271 }
e328140f 1272
dbb50887
DB		 1273 if (chan->mode != L2CAP_MODE_ERTM &&
1274 chan->mode != L2CAP_MODE_STREAMING) {
1275 /* Even if no filter is attached, we could potentially
1276 * get errors from security modules, etc.
1277 */
1278 err = sk_filter(sk, skb);
1279 if (err)
1280 goto done;
1281 }
1282
1283 err = __sock_queue_rcv_skb(sk, skb);
e328140f
MM		 1284
1285 /* For ERTM, handle one skb that doesn't fit into the recv
1286 * buffer. This is important to do because the data frames
1287 * have already been acked, so the skb cannot be discarded.
1288 *
1289 * Notify the l2cap core that the buffer is full, so the
1290 * LOCAL_BUSY state is entered and no more frames are
1291 * acked and reassembled until there is buffer space
1292 * available.
1293 */
84b34d98
MH		 1294 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1295 l2cap_pi(sk)->rx_busy_skb = skb;
1296 l2cap_chan_busy(chan, 1);
e328140f
MM		 1297 err = 0;
1298 }
23070494 1299
6be36555
AE		 1300done:
1301 release_sock(sk);
1302
e328140f 1303 return err;
23070494
GP		 1304}
1305
80b98027 1306static void l2cap_sock_close_cb(struct l2cap_chan *chan)
ba3bd0ee 1307{
80b98027 1308 struct sock *sk = chan->data;
ba3bd0ee
GP		 1309
1310 l2cap_sock_kill(sk);
1311}
1312
c0df7f6e
AE		 1313static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1314{
1315 struct sock *sk = chan->data;
1316 struct sock *parent;
1317
49d11741
JH		 1318 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1319
3b2ab39e
JH		 1320 /* This callback can be called both for server (BT_LISTEN)
1321 * sockets as well as "normal" ones. To avoid lockdep warnings
1322 * with child socket locking (through l2cap_sock_cleanup_listen)
1323 * we need separation into separate nesting levels. The simplest
1324 * way to accomplish this is to inherit the nesting level used
1325 * for the channel.
1326 */
1327 lock_sock_nested(sk, atomic_read(&chan->nesting));
c0df7f6e
AE		 1328
1329 parent = bt_sk(sk)->parent;
1330
1331 sock_set_flag(sk, SOCK_ZAPPED);
1332
1333 switch (chan->state) {
1334 case BT_OPEN:
1335 case BT_BOUND:
1336 case BT_CLOSED:
1337 break;
1338 case BT_LISTEN:
1339 l2cap_sock_cleanup_listen(sk);
1340 sk->sk_state = BT_CLOSED;
1341 chan->state = BT_CLOSED;
1342
1343 break;
1344 default:
1345 sk->sk_state = BT_CLOSED;
1346 chan->state = BT_CLOSED;
1347
1348 sk->sk_err = err;
1349
1350 if (parent) {
1351 bt_accept_unlink(sk);
676d2369 1352 parent->sk_data_ready(parent);
c0df7f6e
AE		 1353 } else {
1354 sk->sk_state_change(sk);
1355 }
1356
1357 break;
1358 }
1359
1360 release_sock(sk);
1361}
1362
53f52121
GP		 1363static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1364 int err)
89bc500e 1365{
80b98027 1366 struct sock *sk = chan->data;
89bc500e
GP		 1367
1368 sk->sk_state = state;
53f52121
GP		 1369
1370 if (err)
1371 sk->sk_err = err;
89bc500e
GP		 1372}
1373
2f7719ce 1374static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
d9fbd02b 1375 unsigned long hdr_len,
90338947 1376 unsigned long len, int nb)
2f7719ce 1377{
0f2c6153 1378 struct sock *sk = chan->data;
90338947
GP		 1379 struct sk_buff *skb;
1380 int err;
1381
a6a5568c 1382 l2cap_chan_unlock(chan);
d9fbd02b 1383 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
a6a5568c
MM		 1384 l2cap_chan_lock(chan);
1385
90338947
GP		 1386 if (!skb)
1387 return ERR_PTR(err);
2f7719ce 1388
8d46321c
MH		 1389 skb->priority = sk->sk_priority;
1390
a4368ff3 1391 bt_cb(skb)->l2cap.chan = chan;
0e790c64 1392
90338947 1393 return skb;
2f7719ce
AE		 1394}
1395
54a59aa2
AE		 1396static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1397{
1398 struct sock *sk = chan->data;
1399 struct sock *parent;
1400
1401 lock_sock(sk);
1402
1403 parent = bt_sk(sk)->parent;
1404
1405 BT_DBG("sk %p, parent %p", sk, parent);
1406
1407 sk->sk_state = BT_CONNECTED;
1408 sk->sk_state_change(sk);
1409
1410 if (parent)
676d2369 1411 parent->sk_data_ready(parent);
54a59aa2
AE		 1412
1413 release_sock(sk);
1414}
1415
2dc4e510
GP		 1416static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1417{
acdcabf5
GP		 1418 struct sock *parent, *sk = chan->data;
1419
1420 lock_sock(sk);
2dc4e510 1421
acdcabf5 1422 parent = bt_sk(sk)->parent;
2dc4e510 1423 if (parent)
676d2369 1424 parent->sk_data_ready(parent);
acdcabf5
GP		 1425
1426 release_sock(sk);
2dc4e510
GP		 1427}
1428
d97c899b
MH		 1429static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1430{
1431 struct sock *sk = chan->data;
1432
d52deb17
JH		 1433 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1434 sk->sk_state = BT_CONNECTED;
1435 chan->state = BT_CONNECTED;
1436 }
1437
d97c899b
MH		 1438 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1439 sk->sk_state_change(sk);
1440}
1441
5ec1bbe5
GP		 1442static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1443{
1444 struct sock *sk = chan->data;
1445
1446 lock_sock(sk);
1447 sk->sk_shutdown = SHUTDOWN_MASK;
1448 release_sock(sk);
1449}
1450
8d836d71
GP		 1451static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1452{
1453 struct sock *sk = chan->data;
1454
1455 return sk->sk_sndtimeo;
1456}
1457
837776f7
JH		 1458static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1459{
1460 struct sock *sk = chan->data;
1461
1462 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1463 sk->sk_state_change(sk);
1464}
1465
67f86a45 1466static const struct l2cap_ops l2cap_chan_ops = {
0498878b
JR		 1467 .name = "L2CAP Socket Interface",
1468 .new_connection = l2cap_sock_new_connection_cb,
1469 .recv = l2cap_sock_recv_cb,
1470 .close = l2cap_sock_close_cb,
1471 .teardown = l2cap_sock_teardown_cb,
1472 .state_change = l2cap_sock_state_change_cb,
1473 .ready = l2cap_sock_ready_cb,
1474 .defer = l2cap_sock_defer_cb,
1475 .resume = l2cap_sock_resume_cb,
1476 .suspend = l2cap_sock_suspend_cb,
1477 .set_shutdown = l2cap_sock_set_shutdown_cb,
1478 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1479 .alloc_skb = l2cap_sock_alloc_skb_cb,
80808e43
GP		 1480};
1481
bb58f747
GP		 1482static void l2cap_sock_destruct(struct sock *sk)
1483{
1484 BT_DBG("sk %p", sk);
1485
23d3a869
SL		 1486 if (l2cap_pi(sk)->chan)
1487 l2cap_chan_put(l2cap_pi(sk)->chan);
84b34d98 1488
e328140f
MM		 1489 if (l2cap_pi(sk)->rx_busy_skb) {
1490 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1491 l2cap_pi(sk)->rx_busy_skb = NULL;
1492 }
1493
bb58f747
GP		 1494 skb_queue_purge(&sk->sk_receive_queue);
1495 skb_queue_purge(&sk->sk_write_queue);
1496}
1497
2edf870d
MH		 1498static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1499 int *msg_namelen)
1500{
342dfc30 1501 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
2edf870d
MH		 1502
1503 memset(la, 0, sizeof(struct sockaddr_l2));
1504 la->l2_family = AF_BLUETOOTH;
a4368ff3
JH		 1505 la->l2_psm = bt_cb(skb)->l2cap.psm;
1506 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
2edf870d
MH		 1507
1508 *msg_namelen = sizeof(struct sockaddr_l2);
1509}
1510
80808e43 1511static void l2cap_sock_init(struct sock *sk, struct sock *parent)
bb58f747 1512{
84b34d98 1513 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
bb58f747
GP		 1514
1515 BT_DBG("sk %p", sk);
1516
1517 if (parent) {
b4450035
GP		 1518 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1519
bb58f747 1520 sk->sk_type = parent->sk_type;
c5daa683 1521 bt_sk(sk)->flags = bt_sk(parent)->flags;
bb58f747 1522
715ec005 1523 chan->chan_type = pchan->chan_type;
0c1bc5c6
GP		 1524 chan->imtu = pchan->imtu;
1525 chan->omtu = pchan->omtu;
b4450035 1526 chan->conf_state = pchan->conf_state;
0c1bc5c6 1527 chan->mode = pchan->mode;
47d1ec61
GP		 1528 chan->fcs = pchan->fcs;
1529 chan->max_tx = pchan->max_tx;
1530 chan->tx_win = pchan->tx_win;
6b3c7104 1531 chan->tx_win_max = pchan->tx_win_max;
4343478f 1532 chan->sec_level = pchan->sec_level;
d57b0e8b 1533 chan->flags = pchan->flags;
0cd75f7e
JH		 1534 chan->tx_credits = pchan->tx_credits;
1535 chan->rx_credits = pchan->rx_credits;
6230c9b4 1536
7a8e5a31
JH		 1537 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1538 chan->scid = pchan->scid;
1539 chan->dcid = pchan->scid;
1540 }
1541
6230c9b4 1542 security_sk_clone(parent, sk);
bb58f747 1543 } else {
715ec005
GP		 1544 switch (sk->sk_type) {
1545 case SOCK_RAW:
1546 chan->chan_type = L2CAP_CHAN_RAW;
1547 break;
1548 case SOCK_DGRAM:
1549 chan->chan_type = L2CAP_CHAN_CONN_LESS;
2edf870d 1550 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
715ec005
GP		 1551 break;
1552 case SOCK_SEQPACKET:
1553 case SOCK_STREAM:
1554 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1555 break;
1556 }
1557
0c1bc5c6
GP		 1558 chan->imtu = L2CAP_DEFAULT_MTU;
1559 chan->omtu = 0;
bb58f747 1560 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
0c1bc5c6 1561 chan->mode = L2CAP_MODE_ERTM;
c1360a1c 1562 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
bb58f747 1563 } else {
0c1bc5c6 1564 chan->mode = L2CAP_MODE_BASIC;
bb58f747 1565 }
bd4b1653
AE		 1566
1567 l2cap_chan_set_defaults(chan);
bb58f747
GP		 1568 }
1569
1570 /* Default config options */
0c1bc5c6 1571 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
80808e43
GP		 1572
1573 chan->data = sk;
1574 chan->ops = &l2cap_chan_ops;
bb58f747
GP		 1575}
1576
1577static struct proto l2cap_proto = {
1578 .name = "L2CAP",
1579 .owner = THIS_MODULE,
1580 .obj_size = sizeof(struct l2cap_pinfo)
1581};
1582
2d792818 1583static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
11aa9c28 1584 int proto, gfp_t prio, int kern)
bb58f747
GP		 1585{
1586 struct sock *sk;
dc50a06d 1587 struct l2cap_chan *chan;
bb58f747 1588
11aa9c28 1589 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
bb58f747
GP		 1590 if (!sk)
1591 return NULL;
1592
1593 sock_init_data(sock, sk);
1594 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1595
1596 sk->sk_destruct = l2cap_sock_destruct;
ba13ccd9 1597 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
bb58f747
GP		 1598
1599 sock_reset_flag(sk, SOCK_ZAPPED);
1600
1601 sk->sk_protocol = proto;
1602 sk->sk_state = BT_OPEN;
1603
eef1d9b6 1604 chan = l2cap_chan_create();
dc50a06d 1605 if (!chan) {
49dfbb91 1606 sk_free(sk);
dc50a06d
GP		 1607 return NULL;
1608 }
1609
61d6ef3e
MM		 1610 l2cap_chan_hold(chan);
1611
dc50a06d
GP		 1612 l2cap_pi(sk)->chan = chan;
1613
bb58f747
GP		 1614 return sk;
1615}
1616
1617static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1618 int kern)
1619{
1620 struct sock *sk;
1621
1622 BT_DBG("sock %p", sock);
1623
1624 sock->state = SS_UNCONNECTED;
1625
1626 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
2d792818 1627 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
bb58f747
GP		 1628 return -ESOCKTNOSUPPORT;
1629
1630 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1631 return -EPERM;
1632
1633 sock->ops = &l2cap_sock_ops;
1634
11aa9c28 1635 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
bb58f747
GP		 1636 if (!sk)
1637 return -ENOMEM;
1638
1639 l2cap_sock_init(sk, NULL);
5b28d95c 1640 bt_sock_link(&l2cap_sk_list, sk);
bb58f747
GP		 1641 return 0;
1642}
1643
cf2f90f5 1644static const struct proto_ops l2cap_sock_ops = {
65390587
GP		 1645 .family = PF_BLUETOOTH,
1646 .owner = THIS_MODULE,
1647 .release = l2cap_sock_release,
1648 .bind = l2cap_sock_bind,
1649 .connect = l2cap_sock_connect,
1650 .listen = l2cap_sock_listen,
1651 .accept = l2cap_sock_accept,
1652 .getname = l2cap_sock_getname,
1653 .sendmsg = l2cap_sock_sendmsg,
1654 .recvmsg = l2cap_sock_recvmsg,
1655 .poll = bt_sock_poll,
1656 .ioctl = bt_sock_ioctl,
1657 .mmap = sock_no_mmap,
1658 .socketpair = sock_no_socketpair,
1659 .shutdown = l2cap_sock_shutdown,
1660 .setsockopt = l2cap_sock_setsockopt,
1661 .getsockopt = l2cap_sock_getsockopt
1662};
1663
bb58f747
GP		 1664static const struct net_proto_family l2cap_sock_family_ops = {
1665 .family = PF_BLUETOOTH,
1666 .owner = THIS_MODULE,
1667 .create = l2cap_sock_create,
1668};
1669
1670int __init l2cap_init_sockets(void)
1671{
e2174ca4 1672 int err;
bb58f747 1673
dd625558
MH		 1674 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1675
e2174ca4
GP		 1676 err = proto_register(&l2cap_proto, 0);
1677 if (err < 0)
1678 return err;
bb58f747 1679
e2174ca4 1680 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
5b28d95c
MY		 1681 if (err < 0) {
1682 BT_ERR("L2CAP socket registration failed");
e2174ca4 1683 goto error;
5b28d95c
MY		 1684 }
1685
b0316615 1686 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
2d792818 1687 NULL);
5b28d95c
MY		 1688 if (err < 0) {
1689 BT_ERR("Failed to create L2CAP proc file");
1690 bt_sock_unregister(BTPROTO_L2CAP);
1691 goto error;
1692 }
bb58f747 1693
e2174ca4 1694 BT_INFO("L2CAP socket layer initialized");
bb58f747 1695
e2174ca4 1696 return 0;
bb58f747
GP		 1697
1698error:
e2174ca4
GP		 1699 proto_unregister(&l2cap_proto);
1700 return err;
bb58f747
GP		 1701}
1702
1703void l2cap_cleanup_sockets(void)
1704{
5b28d95c 1705 bt_procfs_cleanup(&init_net, "l2cap");
5e9d7f86 1706 bt_sock_unregister(BTPROTO_L2CAP);
e2174ca4 1707 proto_unregister(&l2cap_proto);
bb58f747 1708}
Linux kernel - Deliverables
This page took 0.37701 seconds and 5 git commands to generate.