1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 bool enable_lecoc; 40 41 static struct bt_sock_list l2cap_sk_list = { 42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 43 }; 44 45 static const struct proto_ops l2cap_sock_ops; 46 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 48 int proto, gfp_t prio); 49 50 bool l2cap_is_socket(struct socket *sock) 51 { 52 return sock && sock->ops == &l2cap_sock_ops; 53 } 54 EXPORT_SYMBOL(l2cap_is_socket); 55 56 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 57 { 58 struct sock *sk = sock->sk; 59 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 60 struct sockaddr_l2 la; 61 int len, err = 0; 62 63 BT_DBG("sk %p", sk); 64 65 if (!addr || addr->sa_family != AF_BLUETOOTH) 66 return -EINVAL; 67 68 memset(&la, 0, sizeof(la)); 69 len = min_t(unsigned int, sizeof(la), alen); 70 memcpy(&la, addr, len); 71 72 if (la.l2_cid && la.l2_psm) 73 return -EINVAL; 74 75 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 76 return -EINVAL; 77 78 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 79 if (!enable_lecoc && la.l2_psm) 80 return -EINVAL; 81 /* We only allow ATT user space socket */ 82 if (la.l2_cid && 83 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 84 return -EINVAL; 85 } 86 87 lock_sock(sk); 88 89 if (sk->sk_state != BT_OPEN) { 90 err = -EBADFD; 91 goto done; 92 } 93 94 if (la.l2_psm) { 95 __u16 psm = __le16_to_cpu(la.l2_psm); 96 97 /* PSM must be odd and lsb of upper byte must be 0 */ 98 if ((psm & 0x0101) != 0x0001) { 99 err = -EINVAL; 100 goto done; 101 } 102 103 /* Restrict usage of well-known PSMs */ 104 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) { 105 err = -EACCES; 106 goto done; 107 } 108 } 109 110 if (la.l2_cid) 111 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 112 else 113 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 114 115 if (err < 0) 116 goto done; 117 118 switch (chan->chan_type) { 119 case L2CAP_CHAN_CONN_LESS: 120 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 121 chan->sec_level = BT_SECURITY_SDP; 122 break; 123 case L2CAP_CHAN_CONN_ORIENTED: 124 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 125 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 126 chan->sec_level = BT_SECURITY_SDP; 127 break; 128 } 129 130 bacpy(&chan->src, &la.l2_bdaddr); 131 chan->src_type = la.l2_bdaddr_type; 132 133 chan->state = BT_BOUND; 134 sk->sk_state = BT_BOUND; 135 136 done: 137 release_sock(sk); 138 return err; 139 } 140 141 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 142 int alen, int flags) 143 { 144 struct sock *sk = sock->sk; 145 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 146 struct sockaddr_l2 la; 147 int len, err = 0; 148 149 BT_DBG("sk %p", sk); 150 151 if (!addr || alen < sizeof(addr->sa_family) || 152 addr->sa_family != AF_BLUETOOTH) 153 return -EINVAL; 154 155 memset(&la, 0, sizeof(la)); 156 len = min_t(unsigned int, sizeof(la), alen); 157 memcpy(&la, addr, len); 158 159 if (la.l2_cid && la.l2_psm) 160 return -EINVAL; 161 162 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 163 return -EINVAL; 164 165 /* Check that the socket wasn't bound to something that 166 * conflicts with the address given to connect(). If chan->src 167 * is BDADDR_ANY it means bind() was never used, in which case 168 * chan->src_type and la.l2_bdaddr_type do not need to match. 169 */ 170 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 171 bdaddr_type_is_le(la.l2_bdaddr_type)) { 172 /* Old user space versions will try to incorrectly bind 173 * the ATT socket using BDADDR_BREDR. We need to accept 174 * this and fix up the source address type only when 175 * both the source CID and destination CID indicate 176 * ATT. Anything else is an invalid combination. 177 */ 178 if (chan->scid != L2CAP_CID_ATT || 179 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 180 return -EINVAL; 181 182 /* We don't have the hdev available here to make a 183 * better decision on random vs public, but since all 184 * user space versions that exhibit this issue anyway do 185 * not support random local addresses assuming public 186 * here is good enough. 187 */ 188 chan->src_type = BDADDR_LE_PUBLIC; 189 } 190 191 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 192 return -EINVAL; 193 194 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 195 if (!enable_lecoc && la.l2_psm) 196 return -EINVAL; 197 /* We only allow ATT user space socket */ 198 if (la.l2_cid && 199 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 200 return -EINVAL; 201 } 202 203 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 204 &la.l2_bdaddr, la.l2_bdaddr_type); 205 if (err) 206 return err; 207 208 lock_sock(sk); 209 210 err = bt_sock_wait_state(sk, BT_CONNECTED, 211 sock_sndtimeo(sk, flags & O_NONBLOCK)); 212 213 release_sock(sk); 214 215 return err; 216 } 217 218 static int l2cap_sock_listen(struct socket *sock, int backlog) 219 { 220 struct sock *sk = sock->sk; 221 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 222 int err = 0; 223 224 BT_DBG("sk %p backlog %d", sk, backlog); 225 226 lock_sock(sk); 227 228 if (sk->sk_state != BT_BOUND) { 229 err = -EBADFD; 230 goto done; 231 } 232 233 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 234 err = -EINVAL; 235 goto done; 236 } 237 238 switch (chan->mode) { 239 case L2CAP_MODE_BASIC: 240 break; 241 case L2CAP_MODE_ERTM: 242 case L2CAP_MODE_STREAMING: 243 if (!disable_ertm) 244 break; 245 /* fall through */ 246 default: 247 err = -ENOTSUPP; 248 goto done; 249 } 250 251 sk->sk_max_ack_backlog = backlog; 252 sk->sk_ack_backlog = 0; 253 254 chan->state = BT_LISTEN; 255 sk->sk_state = BT_LISTEN; 256 257 done: 258 release_sock(sk); 259 return err; 260 } 261 262 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 263 int flags) 264 { 265 DECLARE_WAITQUEUE(wait, current); 266 struct sock *sk = sock->sk, *nsk; 267 long timeo; 268 int err = 0; 269 270 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 271 272 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 273 274 BT_DBG("sk %p timeo %ld", sk, timeo); 275 276 /* Wait for an incoming connection. (wake-one). */ 277 add_wait_queue_exclusive(sk_sleep(sk), &wait); 278 while (1) { 279 set_current_state(TASK_INTERRUPTIBLE); 280 281 if (sk->sk_state != BT_LISTEN) { 282 err = -EBADFD; 283 break; 284 } 285 286 nsk = bt_accept_dequeue(sk, newsock); 287 if (nsk) 288 break; 289 290 if (!timeo) { 291 err = -EAGAIN; 292 break; 293 } 294 295 if (signal_pending(current)) { 296 err = sock_intr_errno(timeo); 297 break; 298 } 299 300 release_sock(sk); 301 timeo = schedule_timeout(timeo); 302 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 303 } 304 __set_current_state(TASK_RUNNING); 305 remove_wait_queue(sk_sleep(sk), &wait); 306 307 if (err) 308 goto done; 309 310 newsock->state = SS_CONNECTED; 311 312 BT_DBG("new socket %p", nsk); 313 314 done: 315 release_sock(sk); 316 return err; 317 } 318 319 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 320 int *len, int peer) 321 { 322 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 323 struct sock *sk = sock->sk; 324 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 325 326 BT_DBG("sock %p, sk %p", sock, sk); 327 328 memset(la, 0, sizeof(struct sockaddr_l2)); 329 addr->sa_family = AF_BLUETOOTH; 330 *len = sizeof(struct sockaddr_l2); 331 332 if (peer) { 333 la->l2_psm = chan->psm; 334 bacpy(&la->l2_bdaddr, &chan->dst); 335 la->l2_cid = cpu_to_le16(chan->dcid); 336 la->l2_bdaddr_type = chan->dst_type; 337 } else { 338 la->l2_psm = chan->sport; 339 bacpy(&la->l2_bdaddr, &chan->src); 340 la->l2_cid = cpu_to_le16(chan->scid); 341 la->l2_bdaddr_type = chan->src_type; 342 } 343 344 return 0; 345 } 346 347 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 348 char __user *optval, int __user *optlen) 349 { 350 struct sock *sk = sock->sk; 351 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 352 struct l2cap_options opts; 353 struct l2cap_conninfo cinfo; 354 int len, err = 0; 355 u32 opt; 356 357 BT_DBG("sk %p", sk); 358 359 if (get_user(len, optlen)) 360 return -EFAULT; 361 362 lock_sock(sk); 363 364 switch (optname) { 365 case L2CAP_OPTIONS: 366 memset(&opts, 0, sizeof(opts)); 367 opts.imtu = chan->imtu; 368 opts.omtu = chan->omtu; 369 opts.flush_to = chan->flush_to; 370 opts.mode = chan->mode; 371 opts.fcs = chan->fcs; 372 opts.max_tx = chan->max_tx; 373 opts.txwin_size = chan->tx_win; 374 375 len = min_t(unsigned int, len, sizeof(opts)); 376 if (copy_to_user(optval, (char *) &opts, len)) 377 err = -EFAULT; 378 379 break; 380 381 case L2CAP_LM: 382 switch (chan->sec_level) { 383 case BT_SECURITY_LOW: 384 opt = L2CAP_LM_AUTH; 385 break; 386 case BT_SECURITY_MEDIUM: 387 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 388 break; 389 case BT_SECURITY_HIGH: 390 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 391 L2CAP_LM_SECURE; 392 break; 393 default: 394 opt = 0; 395 break; 396 } 397 398 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 399 opt |= L2CAP_LM_MASTER; 400 401 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 402 opt |= L2CAP_LM_RELIABLE; 403 404 if (put_user(opt, (u32 __user *) optval)) 405 err = -EFAULT; 406 break; 407 408 case L2CAP_CONNINFO: 409 if (sk->sk_state != BT_CONNECTED && 410 !(sk->sk_state == BT_CONNECT2 && 411 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 412 err = -ENOTCONN; 413 break; 414 } 415 416 memset(&cinfo, 0, sizeof(cinfo)); 417 cinfo.hci_handle = chan->conn->hcon->handle; 418 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 419 420 len = min_t(unsigned int, len, sizeof(cinfo)); 421 if (copy_to_user(optval, (char *) &cinfo, len)) 422 err = -EFAULT; 423 424 break; 425 426 default: 427 err = -ENOPROTOOPT; 428 break; 429 } 430 431 release_sock(sk); 432 return err; 433 } 434 435 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 436 char __user *optval, int __user *optlen) 437 { 438 struct sock *sk = sock->sk; 439 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 440 struct bt_security sec; 441 struct bt_power pwr; 442 int len, err = 0; 443 444 BT_DBG("sk %p", sk); 445 446 if (level == SOL_L2CAP) 447 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 448 449 if (level != SOL_BLUETOOTH) 450 return -ENOPROTOOPT; 451 452 if (get_user(len, optlen)) 453 return -EFAULT; 454 455 lock_sock(sk); 456 457 switch (optname) { 458 case BT_SECURITY: 459 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 460 chan->chan_type != L2CAP_CHAN_RAW) { 461 err = -EINVAL; 462 break; 463 } 464 465 memset(&sec, 0, sizeof(sec)); 466 if (chan->conn) { 467 sec.level = chan->conn->hcon->sec_level; 468 469 if (sk->sk_state == BT_CONNECTED) 470 sec.key_size = chan->conn->hcon->enc_key_size; 471 } else { 472 sec.level = chan->sec_level; 473 } 474 475 len = min_t(unsigned int, len, sizeof(sec)); 476 if (copy_to_user(optval, (char *) &sec, len)) 477 err = -EFAULT; 478 479 break; 480 481 case BT_DEFER_SETUP: 482 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 483 err = -EINVAL; 484 break; 485 } 486 487 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 488 (u32 __user *) optval)) 489 err = -EFAULT; 490 491 break; 492 493 case BT_FLUSHABLE: 494 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 495 (u32 __user *) optval)) 496 err = -EFAULT; 497 498 break; 499 500 case BT_POWER: 501 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 502 && sk->sk_type != SOCK_RAW) { 503 err = -EINVAL; 504 break; 505 } 506 507 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 508 509 len = min_t(unsigned int, len, sizeof(pwr)); 510 if (copy_to_user(optval, (char *) &pwr, len)) 511 err = -EFAULT; 512 513 break; 514 515 case BT_CHANNEL_POLICY: 516 if (put_user(chan->chan_policy, (u32 __user *) optval)) 517 err = -EFAULT; 518 break; 519 520 default: 521 err = -ENOPROTOOPT; 522 break; 523 } 524 525 release_sock(sk); 526 return err; 527 } 528 529 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 530 { 531 switch (chan->scid) { 532 case L2CAP_CID_ATT: 533 if (mtu < L2CAP_LE_MIN_MTU) 534 return false; 535 break; 536 537 default: 538 if (mtu < L2CAP_DEFAULT_MIN_MTU) 539 return false; 540 } 541 542 return true; 543 } 544 545 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 546 char __user *optval, unsigned int optlen) 547 { 548 struct sock *sk = sock->sk; 549 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 550 struct l2cap_options opts; 551 int len, err = 0; 552 u32 opt; 553 554 BT_DBG("sk %p", sk); 555 556 lock_sock(sk); 557 558 switch (optname) { 559 case L2CAP_OPTIONS: 560 if (sk->sk_state == BT_CONNECTED) { 561 err = -EINVAL; 562 break; 563 } 564 565 opts.imtu = chan->imtu; 566 opts.omtu = chan->omtu; 567 opts.flush_to = chan->flush_to; 568 opts.mode = chan->mode; 569 opts.fcs = chan->fcs; 570 opts.max_tx = chan->max_tx; 571 opts.txwin_size = chan->tx_win; 572 573 len = min_t(unsigned int, sizeof(opts), optlen); 574 if (copy_from_user((char *) &opts, optval, len)) { 575 err = -EFAULT; 576 break; 577 } 578 579 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 580 err = -EINVAL; 581 break; 582 } 583 584 if (!l2cap_valid_mtu(chan, opts.imtu)) { 585 err = -EINVAL; 586 break; 587 } 588 589 chan->mode = opts.mode; 590 switch (chan->mode) { 591 case L2CAP_MODE_BASIC: 592 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 593 break; 594 case L2CAP_MODE_ERTM: 595 case L2CAP_MODE_STREAMING: 596 if (!disable_ertm) 597 break; 598 /* fall through */ 599 default: 600 err = -EINVAL; 601 break; 602 } 603 604 chan->imtu = opts.imtu; 605 chan->omtu = opts.omtu; 606 chan->fcs = opts.fcs; 607 chan->max_tx = opts.max_tx; 608 chan->tx_win = opts.txwin_size; 609 chan->flush_to = opts.flush_to; 610 break; 611 612 case L2CAP_LM: 613 if (get_user(opt, (u32 __user *) optval)) { 614 err = -EFAULT; 615 break; 616 } 617 618 if (opt & L2CAP_LM_AUTH) 619 chan->sec_level = BT_SECURITY_LOW; 620 if (opt & L2CAP_LM_ENCRYPT) 621 chan->sec_level = BT_SECURITY_MEDIUM; 622 if (opt & L2CAP_LM_SECURE) 623 chan->sec_level = BT_SECURITY_HIGH; 624 625 if (opt & L2CAP_LM_MASTER) 626 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 627 else 628 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 629 630 if (opt & L2CAP_LM_RELIABLE) 631 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 632 else 633 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 634 break; 635 636 default: 637 err = -ENOPROTOOPT; 638 break; 639 } 640 641 release_sock(sk); 642 return err; 643 } 644 645 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 646 char __user *optval, unsigned int optlen) 647 { 648 struct sock *sk = sock->sk; 649 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 650 struct bt_security sec; 651 struct bt_power pwr; 652 struct l2cap_conn *conn; 653 int len, err = 0; 654 u32 opt; 655 656 BT_DBG("sk %p", sk); 657 658 if (level == SOL_L2CAP) 659 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 660 661 if (level != SOL_BLUETOOTH) 662 return -ENOPROTOOPT; 663 664 lock_sock(sk); 665 666 switch (optname) { 667 case BT_SECURITY: 668 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 669 chan->chan_type != L2CAP_CHAN_RAW) { 670 err = -EINVAL; 671 break; 672 } 673 674 sec.level = BT_SECURITY_LOW; 675 676 len = min_t(unsigned int, sizeof(sec), optlen); 677 if (copy_from_user((char *) &sec, optval, len)) { 678 err = -EFAULT; 679 break; 680 } 681 682 if (sec.level < BT_SECURITY_LOW || 683 sec.level > BT_SECURITY_HIGH) { 684 err = -EINVAL; 685 break; 686 } 687 688 chan->sec_level = sec.level; 689 690 if (!chan->conn) 691 break; 692 693 conn = chan->conn; 694 695 /*change security for LE channels */ 696 if (chan->scid == L2CAP_CID_ATT) { 697 if (!conn->hcon->out) { 698 err = -EINVAL; 699 break; 700 } 701 702 if (smp_conn_security(conn->hcon, sec.level)) 703 break; 704 sk->sk_state = BT_CONFIG; 705 chan->state = BT_CONFIG; 706 707 /* or for ACL link */ 708 } else if ((sk->sk_state == BT_CONNECT2 && 709 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 710 sk->sk_state == BT_CONNECTED) { 711 if (!l2cap_chan_check_security(chan)) 712 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 713 else 714 sk->sk_state_change(sk); 715 } else { 716 err = -EINVAL; 717 } 718 break; 719 720 case BT_DEFER_SETUP: 721 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 722 err = -EINVAL; 723 break; 724 } 725 726 if (get_user(opt, (u32 __user *) optval)) { 727 err = -EFAULT; 728 break; 729 } 730 731 if (opt) { 732 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 733 set_bit(FLAG_DEFER_SETUP, &chan->flags); 734 } else { 735 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 736 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 737 } 738 break; 739 740 case BT_FLUSHABLE: 741 if (get_user(opt, (u32 __user *) optval)) { 742 err = -EFAULT; 743 break; 744 } 745 746 if (opt > BT_FLUSHABLE_ON) { 747 err = -EINVAL; 748 break; 749 } 750 751 if (opt == BT_FLUSHABLE_OFF) { 752 conn = chan->conn; 753 /* proceed further only when we have l2cap_conn and 754 No Flush support in the LM */ 755 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 756 err = -EINVAL; 757 break; 758 } 759 } 760 761 if (opt) 762 set_bit(FLAG_FLUSHABLE, &chan->flags); 763 else 764 clear_bit(FLAG_FLUSHABLE, &chan->flags); 765 break; 766 767 case BT_POWER: 768 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 769 chan->chan_type != L2CAP_CHAN_RAW) { 770 err = -EINVAL; 771 break; 772 } 773 774 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 775 776 len = min_t(unsigned int, sizeof(pwr), optlen); 777 if (copy_from_user((char *) &pwr, optval, len)) { 778 err = -EFAULT; 779 break; 780 } 781 782 if (pwr.force_active) 783 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 784 else 785 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 786 break; 787 788 case BT_CHANNEL_POLICY: 789 if (get_user(opt, (u32 __user *) optval)) { 790 err = -EFAULT; 791 break; 792 } 793 794 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 795 err = -EINVAL; 796 break; 797 } 798 799 if (chan->mode != L2CAP_MODE_ERTM && 800 chan->mode != L2CAP_MODE_STREAMING) { 801 err = -EOPNOTSUPP; 802 break; 803 } 804 805 chan->chan_policy = (u8) opt; 806 807 if (sk->sk_state == BT_CONNECTED && 808 chan->move_role == L2CAP_MOVE_ROLE_NONE) 809 l2cap_move_start(chan); 810 811 break; 812 813 default: 814 err = -ENOPROTOOPT; 815 break; 816 } 817 818 release_sock(sk); 819 return err; 820 } 821 822 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 823 struct msghdr *msg, size_t len) 824 { 825 struct sock *sk = sock->sk; 826 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 827 int err; 828 829 BT_DBG("sock %p, sk %p", sock, sk); 830 831 err = sock_error(sk); 832 if (err) 833 return err; 834 835 if (msg->msg_flags & MSG_OOB) 836 return -EOPNOTSUPP; 837 838 if (sk->sk_state != BT_CONNECTED) 839 return -ENOTCONN; 840 841 lock_sock(sk); 842 err = bt_sock_wait_ready(sk, msg->msg_flags); 843 release_sock(sk); 844 if (err) 845 return err; 846 847 l2cap_chan_lock(chan); 848 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 849 l2cap_chan_unlock(chan); 850 851 return err; 852 } 853 854 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 855 struct msghdr *msg, size_t len, int flags) 856 { 857 struct sock *sk = sock->sk; 858 struct l2cap_pinfo *pi = l2cap_pi(sk); 859 int err; 860 861 lock_sock(sk); 862 863 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 864 &bt_sk(sk)->flags)) { 865 sk->sk_state = BT_CONFIG; 866 pi->chan->state = BT_CONFIG; 867 868 __l2cap_connect_rsp_defer(pi->chan); 869 err = 0; 870 goto done; 871 } 872 873 release_sock(sk); 874 875 if (sock->type == SOCK_STREAM) 876 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 877 else 878 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 879 880 if (pi->chan->mode != L2CAP_MODE_ERTM) 881 return err; 882 883 /* Attempt to put pending rx data in the socket buffer */ 884 885 lock_sock(sk); 886 887 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 888 goto done; 889 890 if (pi->rx_busy_skb) { 891 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 892 pi->rx_busy_skb = NULL; 893 else 894 goto done; 895 } 896 897 /* Restore data flow when half of the receive buffer is 898 * available. This avoids resending large numbers of 899 * frames. 900 */ 901 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 902 l2cap_chan_busy(pi->chan, 0); 903 904 done: 905 release_sock(sk); 906 return err; 907 } 908 909 /* Kill socket (only if zapped and orphan) 910 * Must be called on unlocked socket. 911 */ 912 static void l2cap_sock_kill(struct sock *sk) 913 { 914 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 915 return; 916 917 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 918 919 /* Kill poor orphan */ 920 921 l2cap_chan_put(l2cap_pi(sk)->chan); 922 sock_set_flag(sk, SOCK_DEAD); 923 sock_put(sk); 924 } 925 926 static int __l2cap_wait_ack(struct sock *sk) 927 { 928 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 929 DECLARE_WAITQUEUE(wait, current); 930 int err = 0; 931 int timeo = HZ/5; 932 933 add_wait_queue(sk_sleep(sk), &wait); 934 set_current_state(TASK_INTERRUPTIBLE); 935 while (chan->unacked_frames > 0 && chan->conn) { 936 if (!timeo) 937 timeo = HZ/5; 938 939 if (signal_pending(current)) { 940 err = sock_intr_errno(timeo); 941 break; 942 } 943 944 release_sock(sk); 945 timeo = schedule_timeout(timeo); 946 lock_sock(sk); 947 set_current_state(TASK_INTERRUPTIBLE); 948 949 err = sock_error(sk); 950 if (err) 951 break; 952 } 953 set_current_state(TASK_RUNNING); 954 remove_wait_queue(sk_sleep(sk), &wait); 955 return err; 956 } 957 958 static int l2cap_sock_shutdown(struct socket *sock, int how) 959 { 960 struct sock *sk = sock->sk; 961 struct l2cap_chan *chan; 962 struct l2cap_conn *conn; 963 int err = 0; 964 965 BT_DBG("sock %p, sk %p", sock, sk); 966 967 if (!sk) 968 return 0; 969 970 chan = l2cap_pi(sk)->chan; 971 conn = chan->conn; 972 973 if (conn) 974 mutex_lock(&conn->chan_lock); 975 976 l2cap_chan_lock(chan); 977 lock_sock(sk); 978 979 if (!sk->sk_shutdown) { 980 if (chan->mode == L2CAP_MODE_ERTM) 981 err = __l2cap_wait_ack(sk); 982 983 sk->sk_shutdown = SHUTDOWN_MASK; 984 985 release_sock(sk); 986 l2cap_chan_close(chan, 0); 987 lock_sock(sk); 988 989 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 990 err = bt_sock_wait_state(sk, BT_CLOSED, 991 sk->sk_lingertime); 992 } 993 994 if (!err && sk->sk_err) 995 err = -sk->sk_err; 996 997 release_sock(sk); 998 l2cap_chan_unlock(chan); 999 1000 if (conn) 1001 mutex_unlock(&conn->chan_lock); 1002 1003 return err; 1004 } 1005 1006 static int l2cap_sock_release(struct socket *sock) 1007 { 1008 struct sock *sk = sock->sk; 1009 int err; 1010 1011 BT_DBG("sock %p, sk %p", sock, sk); 1012 1013 if (!sk) 1014 return 0; 1015 1016 bt_sock_unlink(&l2cap_sk_list, sk); 1017 1018 err = l2cap_sock_shutdown(sock, 2); 1019 1020 sock_orphan(sk); 1021 l2cap_sock_kill(sk); 1022 return err; 1023 } 1024 1025 static void l2cap_sock_cleanup_listen(struct sock *parent) 1026 { 1027 struct sock *sk; 1028 1029 BT_DBG("parent %p", parent); 1030 1031 /* Close not yet accepted channels */ 1032 while ((sk = bt_accept_dequeue(parent, NULL))) { 1033 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1034 1035 l2cap_chan_lock(chan); 1036 __clear_chan_timer(chan); 1037 l2cap_chan_close(chan, ECONNRESET); 1038 l2cap_chan_unlock(chan); 1039 1040 l2cap_sock_kill(sk); 1041 } 1042 } 1043 1044 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1045 { 1046 struct sock *sk, *parent = chan->data; 1047 1048 lock_sock(parent); 1049 1050 /* Check for backlog size */ 1051 if (sk_acceptq_is_full(parent)) { 1052 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1053 return NULL; 1054 } 1055 1056 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1057 GFP_ATOMIC); 1058 if (!sk) 1059 return NULL; 1060 1061 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1062 1063 l2cap_sock_init(sk, parent); 1064 1065 bt_accept_enqueue(parent, sk); 1066 1067 release_sock(parent); 1068 1069 return l2cap_pi(sk)->chan; 1070 } 1071 1072 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1073 { 1074 struct sock *sk = chan->data; 1075 int err; 1076 1077 lock_sock(sk); 1078 1079 if (l2cap_pi(sk)->rx_busy_skb) { 1080 err = -ENOMEM; 1081 goto done; 1082 } 1083 1084 err = sock_queue_rcv_skb(sk, skb); 1085 1086 /* For ERTM, handle one skb that doesn't fit into the recv 1087 * buffer. This is important to do because the data frames 1088 * have already been acked, so the skb cannot be discarded. 1089 * 1090 * Notify the l2cap core that the buffer is full, so the 1091 * LOCAL_BUSY state is entered and no more frames are 1092 * acked and reassembled until there is buffer space 1093 * available. 1094 */ 1095 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1096 l2cap_pi(sk)->rx_busy_skb = skb; 1097 l2cap_chan_busy(chan, 1); 1098 err = 0; 1099 } 1100 1101 done: 1102 release_sock(sk); 1103 1104 return err; 1105 } 1106 1107 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1108 { 1109 struct sock *sk = chan->data; 1110 1111 l2cap_sock_kill(sk); 1112 } 1113 1114 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1115 { 1116 struct sock *sk = chan->data; 1117 struct sock *parent; 1118 1119 lock_sock(sk); 1120 1121 parent = bt_sk(sk)->parent; 1122 1123 sock_set_flag(sk, SOCK_ZAPPED); 1124 1125 switch (chan->state) { 1126 case BT_OPEN: 1127 case BT_BOUND: 1128 case BT_CLOSED: 1129 break; 1130 case BT_LISTEN: 1131 l2cap_sock_cleanup_listen(sk); 1132 sk->sk_state = BT_CLOSED; 1133 chan->state = BT_CLOSED; 1134 1135 break; 1136 default: 1137 sk->sk_state = BT_CLOSED; 1138 chan->state = BT_CLOSED; 1139 1140 sk->sk_err = err; 1141 1142 if (parent) { 1143 bt_accept_unlink(sk); 1144 parent->sk_data_ready(parent, 0); 1145 } else { 1146 sk->sk_state_change(sk); 1147 } 1148 1149 break; 1150 } 1151 1152 release_sock(sk); 1153 } 1154 1155 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1156 int err) 1157 { 1158 struct sock *sk = chan->data; 1159 1160 sk->sk_state = state; 1161 1162 if (err) 1163 sk->sk_err = err; 1164 } 1165 1166 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1167 unsigned long len, int nb) 1168 { 1169 struct sock *sk = chan->data; 1170 struct sk_buff *skb; 1171 int err; 1172 1173 l2cap_chan_unlock(chan); 1174 skb = bt_skb_send_alloc(sk, len, nb, &err); 1175 l2cap_chan_lock(chan); 1176 1177 if (!skb) 1178 return ERR_PTR(err); 1179 1180 bt_cb(skb)->chan = chan; 1181 1182 return skb; 1183 } 1184 1185 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1186 { 1187 struct sock *sk = chan->data; 1188 struct sock *parent; 1189 1190 lock_sock(sk); 1191 1192 parent = bt_sk(sk)->parent; 1193 1194 BT_DBG("sk %p, parent %p", sk, parent); 1195 1196 sk->sk_state = BT_CONNECTED; 1197 sk->sk_state_change(sk); 1198 1199 if (parent) 1200 parent->sk_data_ready(parent, 0); 1201 1202 release_sock(sk); 1203 } 1204 1205 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1206 { 1207 struct sock *parent, *sk = chan->data; 1208 1209 lock_sock(sk); 1210 1211 parent = bt_sk(sk)->parent; 1212 if (parent) 1213 parent->sk_data_ready(parent, 0); 1214 1215 release_sock(sk); 1216 } 1217 1218 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1219 { 1220 struct sock *sk = chan->data; 1221 1222 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1223 sk->sk_state_change(sk); 1224 } 1225 1226 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1227 { 1228 struct sock *sk = chan->data; 1229 1230 lock_sock(sk); 1231 sk->sk_shutdown = SHUTDOWN_MASK; 1232 release_sock(sk); 1233 } 1234 1235 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1236 { 1237 struct sock *sk = chan->data; 1238 1239 return sk->sk_sndtimeo; 1240 } 1241 1242 static struct l2cap_ops l2cap_chan_ops = { 1243 .name = "L2CAP Socket Interface", 1244 .new_connection = l2cap_sock_new_connection_cb, 1245 .recv = l2cap_sock_recv_cb, 1246 .close = l2cap_sock_close_cb, 1247 .teardown = l2cap_sock_teardown_cb, 1248 .state_change = l2cap_sock_state_change_cb, 1249 .ready = l2cap_sock_ready_cb, 1250 .defer = l2cap_sock_defer_cb, 1251 .resume = l2cap_sock_resume_cb, 1252 .set_shutdown = l2cap_sock_set_shutdown_cb, 1253 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1254 .alloc_skb = l2cap_sock_alloc_skb_cb, 1255 }; 1256 1257 static void l2cap_sock_destruct(struct sock *sk) 1258 { 1259 BT_DBG("sk %p", sk); 1260 1261 if (l2cap_pi(sk)->chan) 1262 l2cap_chan_put(l2cap_pi(sk)->chan); 1263 1264 if (l2cap_pi(sk)->rx_busy_skb) { 1265 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1266 l2cap_pi(sk)->rx_busy_skb = NULL; 1267 } 1268 1269 skb_queue_purge(&sk->sk_receive_queue); 1270 skb_queue_purge(&sk->sk_write_queue); 1271 } 1272 1273 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1274 int *msg_namelen) 1275 { 1276 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name; 1277 1278 memset(la, 0, sizeof(struct sockaddr_l2)); 1279 la->l2_family = AF_BLUETOOTH; 1280 la->l2_psm = bt_cb(skb)->psm; 1281 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1282 1283 *msg_namelen = sizeof(struct sockaddr_l2); 1284 } 1285 1286 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1287 { 1288 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1289 1290 BT_DBG("sk %p", sk); 1291 1292 if (parent) { 1293 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1294 1295 sk->sk_type = parent->sk_type; 1296 bt_sk(sk)->flags = bt_sk(parent)->flags; 1297 1298 chan->chan_type = pchan->chan_type; 1299 chan->imtu = pchan->imtu; 1300 chan->omtu = pchan->omtu; 1301 chan->conf_state = pchan->conf_state; 1302 chan->mode = pchan->mode; 1303 chan->fcs = pchan->fcs; 1304 chan->max_tx = pchan->max_tx; 1305 chan->tx_win = pchan->tx_win; 1306 chan->tx_win_max = pchan->tx_win_max; 1307 chan->sec_level = pchan->sec_level; 1308 chan->flags = pchan->flags; 1309 1310 security_sk_clone(parent, sk); 1311 } else { 1312 switch (sk->sk_type) { 1313 case SOCK_RAW: 1314 chan->chan_type = L2CAP_CHAN_RAW; 1315 break; 1316 case SOCK_DGRAM: 1317 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1318 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1319 break; 1320 case SOCK_SEQPACKET: 1321 case SOCK_STREAM: 1322 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1323 break; 1324 } 1325 1326 chan->imtu = L2CAP_DEFAULT_MTU; 1327 chan->omtu = 0; 1328 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1329 chan->mode = L2CAP_MODE_ERTM; 1330 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1331 } else { 1332 chan->mode = L2CAP_MODE_BASIC; 1333 } 1334 1335 l2cap_chan_set_defaults(chan); 1336 } 1337 1338 /* Default config options */ 1339 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1340 1341 chan->data = sk; 1342 chan->ops = &l2cap_chan_ops; 1343 } 1344 1345 static struct proto l2cap_proto = { 1346 .name = "L2CAP", 1347 .owner = THIS_MODULE, 1348 .obj_size = sizeof(struct l2cap_pinfo) 1349 }; 1350 1351 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1352 int proto, gfp_t prio) 1353 { 1354 struct sock *sk; 1355 struct l2cap_chan *chan; 1356 1357 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1358 if (!sk) 1359 return NULL; 1360 1361 sock_init_data(sock, sk); 1362 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1363 1364 sk->sk_destruct = l2cap_sock_destruct; 1365 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1366 1367 sock_reset_flag(sk, SOCK_ZAPPED); 1368 1369 sk->sk_protocol = proto; 1370 sk->sk_state = BT_OPEN; 1371 1372 chan = l2cap_chan_create(); 1373 if (!chan) { 1374 sk_free(sk); 1375 return NULL; 1376 } 1377 1378 l2cap_chan_hold(chan); 1379 1380 l2cap_pi(sk)->chan = chan; 1381 1382 return sk; 1383 } 1384 1385 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1386 int kern) 1387 { 1388 struct sock *sk; 1389 1390 BT_DBG("sock %p", sock); 1391 1392 sock->state = SS_UNCONNECTED; 1393 1394 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1395 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1396 return -ESOCKTNOSUPPORT; 1397 1398 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1399 return -EPERM; 1400 1401 sock->ops = &l2cap_sock_ops; 1402 1403 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1404 if (!sk) 1405 return -ENOMEM; 1406 1407 l2cap_sock_init(sk, NULL); 1408 bt_sock_link(&l2cap_sk_list, sk); 1409 return 0; 1410 } 1411 1412 static const struct proto_ops l2cap_sock_ops = { 1413 .family = PF_BLUETOOTH, 1414 .owner = THIS_MODULE, 1415 .release = l2cap_sock_release, 1416 .bind = l2cap_sock_bind, 1417 .connect = l2cap_sock_connect, 1418 .listen = l2cap_sock_listen, 1419 .accept = l2cap_sock_accept, 1420 .getname = l2cap_sock_getname, 1421 .sendmsg = l2cap_sock_sendmsg, 1422 .recvmsg = l2cap_sock_recvmsg, 1423 .poll = bt_sock_poll, 1424 .ioctl = bt_sock_ioctl, 1425 .mmap = sock_no_mmap, 1426 .socketpair = sock_no_socketpair, 1427 .shutdown = l2cap_sock_shutdown, 1428 .setsockopt = l2cap_sock_setsockopt, 1429 .getsockopt = l2cap_sock_getsockopt 1430 }; 1431 1432 static const struct net_proto_family l2cap_sock_family_ops = { 1433 .family = PF_BLUETOOTH, 1434 .owner = THIS_MODULE, 1435 .create = l2cap_sock_create, 1436 }; 1437 1438 int __init l2cap_init_sockets(void) 1439 { 1440 int err; 1441 1442 err = proto_register(&l2cap_proto, 0); 1443 if (err < 0) 1444 return err; 1445 1446 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1447 if (err < 0) { 1448 BT_ERR("L2CAP socket registration failed"); 1449 goto error; 1450 } 1451 1452 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1453 NULL); 1454 if (err < 0) { 1455 BT_ERR("Failed to create L2CAP proc file"); 1456 bt_sock_unregister(BTPROTO_L2CAP); 1457 goto error; 1458 } 1459 1460 BT_INFO("L2CAP socket layer initialized"); 1461 1462 return 0; 1463 1464 error: 1465 proto_unregister(&l2cap_proto); 1466 return err; 1467 } 1468 1469 void l2cap_cleanup_sockets(void) 1470 { 1471 bt_procfs_cleanup(&init_net, "l2cap"); 1472 bt_sock_unregister(BTPROTO_L2CAP); 1473 proto_unregister(&l2cap_proto); 1474 } 1475 1476 module_param(enable_lecoc, bool, 0644); 1477 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC"); 1478