xref: /openbmc/linux/net/bluetooth/l2cap_sock.c (revision 31b90347)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5    Copyright (C) 2010 Google Inc.
6    Copyright (C) 2011 ProFUSION Embedded Systems
7 
8    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License version 2 as
12    published by the Free Software Foundation;
13 
14    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 
23    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25    SOFTWARE IS DISCLAIMED.
26 */
27 
28 /* Bluetooth L2CAP sockets. */
29 
30 #include <linux/export.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/l2cap.h>
35 
36 #include "smp.h"
37 
38 static struct bt_sock_list l2cap_sk_list = {
39 	.lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
40 };
41 
42 static const struct proto_ops l2cap_sock_ops;
43 static void l2cap_sock_init(struct sock *sk, struct sock *parent);
44 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
45 				     int proto, gfp_t prio);
46 
47 bool l2cap_is_socket(struct socket *sock)
48 {
49 	return sock && sock->ops == &l2cap_sock_ops;
50 }
51 EXPORT_SYMBOL(l2cap_is_socket);
52 
53 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
54 {
55 	struct sock *sk = sock->sk;
56 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
57 	struct sockaddr_l2 la;
58 	int len, err = 0;
59 
60 	BT_DBG("sk %p", sk);
61 
62 	if (!addr || addr->sa_family != AF_BLUETOOTH)
63 		return -EINVAL;
64 
65 	memset(&la, 0, sizeof(la));
66 	len = min_t(unsigned int, sizeof(la), alen);
67 	memcpy(&la, addr, len);
68 
69 	if (la.l2_cid && la.l2_psm)
70 		return -EINVAL;
71 
72 	if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
73 		return -EINVAL;
74 
75 	if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
76 		/* Connection oriented channels are not supported on LE */
77 		if (la.l2_psm)
78 			return -EINVAL;
79 		/* We only allow ATT user space socket */
80 		if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
81 			return -EINVAL;
82 	}
83 
84 	lock_sock(sk);
85 
86 	if (sk->sk_state != BT_OPEN) {
87 		err = -EBADFD;
88 		goto done;
89 	}
90 
91 	if (la.l2_psm) {
92 		__u16 psm = __le16_to_cpu(la.l2_psm);
93 
94 		/* PSM must be odd and lsb of upper byte must be 0 */
95 		if ((psm & 0x0101) != 0x0001) {
96 			err = -EINVAL;
97 			goto done;
98 		}
99 
100 		/* Restrict usage of well-known PSMs */
101 		if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
102 			err = -EACCES;
103 			goto done;
104 		}
105 	}
106 
107 	if (la.l2_cid)
108 		err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
109 	else
110 		err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
111 
112 	if (err < 0)
113 		goto done;
114 
115 	switch (chan->chan_type) {
116 	case L2CAP_CHAN_CONN_LESS:
117 		if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
118 			chan->sec_level = BT_SECURITY_SDP;
119 		break;
120 	case L2CAP_CHAN_CONN_ORIENTED:
121 		if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
122 		    __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
123 			chan->sec_level = BT_SECURITY_SDP;
124 		break;
125 	}
126 
127 	bacpy(&chan->src, &la.l2_bdaddr);
128 	chan->src_type = la.l2_bdaddr_type;
129 
130 	chan->state = BT_BOUND;
131 	sk->sk_state = BT_BOUND;
132 
133 done:
134 	release_sock(sk);
135 	return err;
136 }
137 
138 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
139 			      int alen, int flags)
140 {
141 	struct sock *sk = sock->sk;
142 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
143 	struct sockaddr_l2 la;
144 	int len, err = 0;
145 
146 	BT_DBG("sk %p", sk);
147 
148 	if (!addr || alen < sizeof(addr->sa_family) ||
149 	    addr->sa_family != AF_BLUETOOTH)
150 		return -EINVAL;
151 
152 	memset(&la, 0, sizeof(la));
153 	len = min_t(unsigned int, sizeof(la), alen);
154 	memcpy(&la, addr, len);
155 
156 	if (la.l2_cid && la.l2_psm)
157 		return -EINVAL;
158 
159 	if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
160 		return -EINVAL;
161 
162 	/* Check that the socket wasn't bound to something that
163 	 * conflicts with the address given to connect(). If chan->src
164 	 * is BDADDR_ANY it means bind() was never used, in which case
165 	 * chan->src_type and la.l2_bdaddr_type do not need to match.
166 	 */
167 	if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
168 	    bdaddr_type_is_le(la.l2_bdaddr_type)) {
169 		/* Old user space versions will try to incorrectly bind
170 		 * the ATT socket using BDADDR_BREDR. We need to accept
171 		 * this and fix up the source address type only when
172 		 * both the source CID and destination CID indicate
173 		 * ATT. Anything else is an invalid combination.
174 		 */
175 		if (chan->scid != L2CAP_CID_ATT ||
176 		    la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
177 			return -EINVAL;
178 
179 		/* We don't have the hdev available here to make a
180 		 * better decision on random vs public, but since all
181 		 * user space versions that exhibit this issue anyway do
182 		 * not support random local addresses assuming public
183 		 * here is good enough.
184 		 */
185 		chan->src_type = BDADDR_LE_PUBLIC;
186 	}
187 
188 	if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
189 		return -EINVAL;
190 
191 	if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
192 		/* Connection oriented channels are not supported on LE */
193 		if (la.l2_psm)
194 			return -EINVAL;
195 		/* We only allow ATT user space socket */
196 		if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
197 			return -EINVAL;
198 	}
199 
200 	err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
201 				 &la.l2_bdaddr, la.l2_bdaddr_type);
202 	if (err)
203 		return err;
204 
205 	lock_sock(sk);
206 
207 	err = bt_sock_wait_state(sk, BT_CONNECTED,
208 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
209 
210 	release_sock(sk);
211 
212 	return err;
213 }
214 
215 static int l2cap_sock_listen(struct socket *sock, int backlog)
216 {
217 	struct sock *sk = sock->sk;
218 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
219 	int err = 0;
220 
221 	BT_DBG("sk %p backlog %d", sk, backlog);
222 
223 	lock_sock(sk);
224 
225 	if (sk->sk_state != BT_BOUND) {
226 		err = -EBADFD;
227 		goto done;
228 	}
229 
230 	if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
231 		err = -EINVAL;
232 		goto done;
233 	}
234 
235 	switch (chan->mode) {
236 	case L2CAP_MODE_BASIC:
237 		break;
238 	case L2CAP_MODE_ERTM:
239 	case L2CAP_MODE_STREAMING:
240 		if (!disable_ertm)
241 			break;
242 		/* fall through */
243 	default:
244 		err = -ENOTSUPP;
245 		goto done;
246 	}
247 
248 	sk->sk_max_ack_backlog = backlog;
249 	sk->sk_ack_backlog = 0;
250 
251 	chan->state = BT_LISTEN;
252 	sk->sk_state = BT_LISTEN;
253 
254 done:
255 	release_sock(sk);
256 	return err;
257 }
258 
259 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
260 			     int flags)
261 {
262 	DECLARE_WAITQUEUE(wait, current);
263 	struct sock *sk = sock->sk, *nsk;
264 	long timeo;
265 	int err = 0;
266 
267 	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
268 
269 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
270 
271 	BT_DBG("sk %p timeo %ld", sk, timeo);
272 
273 	/* Wait for an incoming connection. (wake-one). */
274 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
275 	while (1) {
276 		set_current_state(TASK_INTERRUPTIBLE);
277 
278 		if (sk->sk_state != BT_LISTEN) {
279 			err = -EBADFD;
280 			break;
281 		}
282 
283 		nsk = bt_accept_dequeue(sk, newsock);
284 		if (nsk)
285 			break;
286 
287 		if (!timeo) {
288 			err = -EAGAIN;
289 			break;
290 		}
291 
292 		if (signal_pending(current)) {
293 			err = sock_intr_errno(timeo);
294 			break;
295 		}
296 
297 		release_sock(sk);
298 		timeo = schedule_timeout(timeo);
299 		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
300 	}
301 	__set_current_state(TASK_RUNNING);
302 	remove_wait_queue(sk_sleep(sk), &wait);
303 
304 	if (err)
305 		goto done;
306 
307 	newsock->state = SS_CONNECTED;
308 
309 	BT_DBG("new socket %p", nsk);
310 
311 done:
312 	release_sock(sk);
313 	return err;
314 }
315 
316 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
317 			      int *len, int peer)
318 {
319 	struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
320 	struct sock *sk = sock->sk;
321 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
322 
323 	BT_DBG("sock %p, sk %p", sock, sk);
324 
325 	memset(la, 0, sizeof(struct sockaddr_l2));
326 	addr->sa_family = AF_BLUETOOTH;
327 	*len = sizeof(struct sockaddr_l2);
328 
329 	if (peer) {
330 		la->l2_psm = chan->psm;
331 		bacpy(&la->l2_bdaddr, &chan->dst);
332 		la->l2_cid = cpu_to_le16(chan->dcid);
333 		la->l2_bdaddr_type = chan->dst_type;
334 	} else {
335 		la->l2_psm = chan->sport;
336 		bacpy(&la->l2_bdaddr, &chan->src);
337 		la->l2_cid = cpu_to_le16(chan->scid);
338 		la->l2_bdaddr_type = chan->src_type;
339 	}
340 
341 	return 0;
342 }
343 
344 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
345 				     char __user *optval, int __user *optlen)
346 {
347 	struct sock *sk = sock->sk;
348 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
349 	struct l2cap_options opts;
350 	struct l2cap_conninfo cinfo;
351 	int len, err = 0;
352 	u32 opt;
353 
354 	BT_DBG("sk %p", sk);
355 
356 	if (get_user(len, optlen))
357 		return -EFAULT;
358 
359 	lock_sock(sk);
360 
361 	switch (optname) {
362 	case L2CAP_OPTIONS:
363 		memset(&opts, 0, sizeof(opts));
364 		opts.imtu     = chan->imtu;
365 		opts.omtu     = chan->omtu;
366 		opts.flush_to = chan->flush_to;
367 		opts.mode     = chan->mode;
368 		opts.fcs      = chan->fcs;
369 		opts.max_tx   = chan->max_tx;
370 		opts.txwin_size = chan->tx_win;
371 
372 		len = min_t(unsigned int, len, sizeof(opts));
373 		if (copy_to_user(optval, (char *) &opts, len))
374 			err = -EFAULT;
375 
376 		break;
377 
378 	case L2CAP_LM:
379 		switch (chan->sec_level) {
380 		case BT_SECURITY_LOW:
381 			opt = L2CAP_LM_AUTH;
382 			break;
383 		case BT_SECURITY_MEDIUM:
384 			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
385 			break;
386 		case BT_SECURITY_HIGH:
387 			opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
388 			      L2CAP_LM_SECURE;
389 			break;
390 		default:
391 			opt = 0;
392 			break;
393 		}
394 
395 		if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
396 			opt |= L2CAP_LM_MASTER;
397 
398 		if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
399 			opt |= L2CAP_LM_RELIABLE;
400 
401 		if (put_user(opt, (u32 __user *) optval))
402 			err = -EFAULT;
403 		break;
404 
405 	case L2CAP_CONNINFO:
406 		if (sk->sk_state != BT_CONNECTED &&
407 		    !(sk->sk_state == BT_CONNECT2 &&
408 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
409 			err = -ENOTCONN;
410 			break;
411 		}
412 
413 		memset(&cinfo, 0, sizeof(cinfo));
414 		cinfo.hci_handle = chan->conn->hcon->handle;
415 		memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
416 
417 		len = min_t(unsigned int, len, sizeof(cinfo));
418 		if (copy_to_user(optval, (char *) &cinfo, len))
419 			err = -EFAULT;
420 
421 		break;
422 
423 	default:
424 		err = -ENOPROTOOPT;
425 		break;
426 	}
427 
428 	release_sock(sk);
429 	return err;
430 }
431 
432 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
433 				 char __user *optval, int __user *optlen)
434 {
435 	struct sock *sk = sock->sk;
436 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
437 	struct bt_security sec;
438 	struct bt_power pwr;
439 	int len, err = 0;
440 
441 	BT_DBG("sk %p", sk);
442 
443 	if (level == SOL_L2CAP)
444 		return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
445 
446 	if (level != SOL_BLUETOOTH)
447 		return -ENOPROTOOPT;
448 
449 	if (get_user(len, optlen))
450 		return -EFAULT;
451 
452 	lock_sock(sk);
453 
454 	switch (optname) {
455 	case BT_SECURITY:
456 		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
457 		    chan->chan_type != L2CAP_CHAN_RAW) {
458 			err = -EINVAL;
459 			break;
460 		}
461 
462 		memset(&sec, 0, sizeof(sec));
463 		if (chan->conn) {
464 			sec.level = chan->conn->hcon->sec_level;
465 
466 			if (sk->sk_state == BT_CONNECTED)
467 				sec.key_size = chan->conn->hcon->enc_key_size;
468 		} else {
469 			sec.level = chan->sec_level;
470 		}
471 
472 		len = min_t(unsigned int, len, sizeof(sec));
473 		if (copy_to_user(optval, (char *) &sec, len))
474 			err = -EFAULT;
475 
476 		break;
477 
478 	case BT_DEFER_SETUP:
479 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
480 			err = -EINVAL;
481 			break;
482 		}
483 
484 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
485 			     (u32 __user *) optval))
486 			err = -EFAULT;
487 
488 		break;
489 
490 	case BT_FLUSHABLE:
491 		if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
492 			     (u32 __user *) optval))
493 			err = -EFAULT;
494 
495 		break;
496 
497 	case BT_POWER:
498 		if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
499 		    && sk->sk_type != SOCK_RAW) {
500 			err = -EINVAL;
501 			break;
502 		}
503 
504 		pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
505 
506 		len = min_t(unsigned int, len, sizeof(pwr));
507 		if (copy_to_user(optval, (char *) &pwr, len))
508 			err = -EFAULT;
509 
510 		break;
511 
512 	case BT_CHANNEL_POLICY:
513 		if (put_user(chan->chan_policy, (u32 __user *) optval))
514 			err = -EFAULT;
515 		break;
516 
517 	default:
518 		err = -ENOPROTOOPT;
519 		break;
520 	}
521 
522 	release_sock(sk);
523 	return err;
524 }
525 
526 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
527 {
528 	switch (chan->scid) {
529 	case L2CAP_CID_ATT:
530 		if (mtu < L2CAP_LE_MIN_MTU)
531 			return false;
532 		break;
533 
534 	default:
535 		if (mtu < L2CAP_DEFAULT_MIN_MTU)
536 			return false;
537 	}
538 
539 	return true;
540 }
541 
542 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
543 				     char __user *optval, unsigned int optlen)
544 {
545 	struct sock *sk = sock->sk;
546 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
547 	struct l2cap_options opts;
548 	int len, err = 0;
549 	u32 opt;
550 
551 	BT_DBG("sk %p", sk);
552 
553 	lock_sock(sk);
554 
555 	switch (optname) {
556 	case L2CAP_OPTIONS:
557 		if (sk->sk_state == BT_CONNECTED) {
558 			err = -EINVAL;
559 			break;
560 		}
561 
562 		opts.imtu     = chan->imtu;
563 		opts.omtu     = chan->omtu;
564 		opts.flush_to = chan->flush_to;
565 		opts.mode     = chan->mode;
566 		opts.fcs      = chan->fcs;
567 		opts.max_tx   = chan->max_tx;
568 		opts.txwin_size = chan->tx_win;
569 
570 		len = min_t(unsigned int, sizeof(opts), optlen);
571 		if (copy_from_user((char *) &opts, optval, len)) {
572 			err = -EFAULT;
573 			break;
574 		}
575 
576 		if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
577 			err = -EINVAL;
578 			break;
579 		}
580 
581 		if (!l2cap_valid_mtu(chan, opts.imtu)) {
582 			err = -EINVAL;
583 			break;
584 		}
585 
586 		chan->mode = opts.mode;
587 		switch (chan->mode) {
588 		case L2CAP_MODE_BASIC:
589 			clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
590 			break;
591 		case L2CAP_MODE_ERTM:
592 		case L2CAP_MODE_STREAMING:
593 			if (!disable_ertm)
594 				break;
595 			/* fall through */
596 		default:
597 			err = -EINVAL;
598 			break;
599 		}
600 
601 		chan->imtu = opts.imtu;
602 		chan->omtu = opts.omtu;
603 		chan->fcs  = opts.fcs;
604 		chan->max_tx = opts.max_tx;
605 		chan->tx_win = opts.txwin_size;
606 		chan->flush_to = opts.flush_to;
607 		break;
608 
609 	case L2CAP_LM:
610 		if (get_user(opt, (u32 __user *) optval)) {
611 			err = -EFAULT;
612 			break;
613 		}
614 
615 		if (opt & L2CAP_LM_AUTH)
616 			chan->sec_level = BT_SECURITY_LOW;
617 		if (opt & L2CAP_LM_ENCRYPT)
618 			chan->sec_level = BT_SECURITY_MEDIUM;
619 		if (opt & L2CAP_LM_SECURE)
620 			chan->sec_level = BT_SECURITY_HIGH;
621 
622 		if (opt & L2CAP_LM_MASTER)
623 			set_bit(FLAG_ROLE_SWITCH, &chan->flags);
624 		else
625 			clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
626 
627 		if (opt & L2CAP_LM_RELIABLE)
628 			set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
629 		else
630 			clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
631 		break;
632 
633 	default:
634 		err = -ENOPROTOOPT;
635 		break;
636 	}
637 
638 	release_sock(sk);
639 	return err;
640 }
641 
642 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
643 				 char __user *optval, unsigned int optlen)
644 {
645 	struct sock *sk = sock->sk;
646 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
647 	struct bt_security sec;
648 	struct bt_power pwr;
649 	struct l2cap_conn *conn;
650 	int len, err = 0;
651 	u32 opt;
652 
653 	BT_DBG("sk %p", sk);
654 
655 	if (level == SOL_L2CAP)
656 		return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
657 
658 	if (level != SOL_BLUETOOTH)
659 		return -ENOPROTOOPT;
660 
661 	lock_sock(sk);
662 
663 	switch (optname) {
664 	case BT_SECURITY:
665 		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
666 		    chan->chan_type != L2CAP_CHAN_RAW) {
667 			err = -EINVAL;
668 			break;
669 		}
670 
671 		sec.level = BT_SECURITY_LOW;
672 
673 		len = min_t(unsigned int, sizeof(sec), optlen);
674 		if (copy_from_user((char *) &sec, optval, len)) {
675 			err = -EFAULT;
676 			break;
677 		}
678 
679 		if (sec.level < BT_SECURITY_LOW ||
680 		    sec.level > BT_SECURITY_HIGH) {
681 			err = -EINVAL;
682 			break;
683 		}
684 
685 		chan->sec_level = sec.level;
686 
687 		if (!chan->conn)
688 			break;
689 
690 		conn = chan->conn;
691 
692 		/*change security for LE channels */
693 		if (chan->scid == L2CAP_CID_ATT) {
694 			if (!conn->hcon->out) {
695 				err = -EINVAL;
696 				break;
697 			}
698 
699 			if (smp_conn_security(conn->hcon, sec.level))
700 				break;
701 			sk->sk_state = BT_CONFIG;
702 			chan->state = BT_CONFIG;
703 
704 		/* or for ACL link */
705 		} else if ((sk->sk_state == BT_CONNECT2 &&
706 			    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
707 			   sk->sk_state == BT_CONNECTED) {
708 			if (!l2cap_chan_check_security(chan))
709 				set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
710 			else
711 				sk->sk_state_change(sk);
712 		} else {
713 			err = -EINVAL;
714 		}
715 		break;
716 
717 	case BT_DEFER_SETUP:
718 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
719 			err = -EINVAL;
720 			break;
721 		}
722 
723 		if (get_user(opt, (u32 __user *) optval)) {
724 			err = -EFAULT;
725 			break;
726 		}
727 
728 		if (opt) {
729 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
730 			set_bit(FLAG_DEFER_SETUP, &chan->flags);
731 		} else {
732 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
733 			clear_bit(FLAG_DEFER_SETUP, &chan->flags);
734 		}
735 		break;
736 
737 	case BT_FLUSHABLE:
738 		if (get_user(opt, (u32 __user *) optval)) {
739 			err = -EFAULT;
740 			break;
741 		}
742 
743 		if (opt > BT_FLUSHABLE_ON) {
744 			err = -EINVAL;
745 			break;
746 		}
747 
748 		if (opt == BT_FLUSHABLE_OFF) {
749 			conn = chan->conn;
750 			/* proceed further only when we have l2cap_conn and
751 			   No Flush support in the LM */
752 			if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
753 				err = -EINVAL;
754 				break;
755 			}
756 		}
757 
758 		if (opt)
759 			set_bit(FLAG_FLUSHABLE, &chan->flags);
760 		else
761 			clear_bit(FLAG_FLUSHABLE, &chan->flags);
762 		break;
763 
764 	case BT_POWER:
765 		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
766 		    chan->chan_type != L2CAP_CHAN_RAW) {
767 			err = -EINVAL;
768 			break;
769 		}
770 
771 		pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
772 
773 		len = min_t(unsigned int, sizeof(pwr), optlen);
774 		if (copy_from_user((char *) &pwr, optval, len)) {
775 			err = -EFAULT;
776 			break;
777 		}
778 
779 		if (pwr.force_active)
780 			set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
781 		else
782 			clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
783 		break;
784 
785 	case BT_CHANNEL_POLICY:
786 		if (get_user(opt, (u32 __user *) optval)) {
787 			err = -EFAULT;
788 			break;
789 		}
790 
791 		if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
792 			err = -EINVAL;
793 			break;
794 		}
795 
796 		if (chan->mode != L2CAP_MODE_ERTM &&
797 		    chan->mode != L2CAP_MODE_STREAMING) {
798 			err = -EOPNOTSUPP;
799 			break;
800 		}
801 
802 		chan->chan_policy = (u8) opt;
803 
804 		if (sk->sk_state == BT_CONNECTED &&
805 		    chan->move_role == L2CAP_MOVE_ROLE_NONE)
806 			l2cap_move_start(chan);
807 
808 		break;
809 
810 	default:
811 		err = -ENOPROTOOPT;
812 		break;
813 	}
814 
815 	release_sock(sk);
816 	return err;
817 }
818 
819 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
820 			      struct msghdr *msg, size_t len)
821 {
822 	struct sock *sk = sock->sk;
823 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
824 	int err;
825 
826 	BT_DBG("sock %p, sk %p", sock, sk);
827 
828 	err = sock_error(sk);
829 	if (err)
830 		return err;
831 
832 	if (msg->msg_flags & MSG_OOB)
833 		return -EOPNOTSUPP;
834 
835 	if (sk->sk_state != BT_CONNECTED)
836 		return -ENOTCONN;
837 
838 	lock_sock(sk);
839 	err = bt_sock_wait_ready(sk, msg->msg_flags);
840 	release_sock(sk);
841 	if (err)
842 		return err;
843 
844 	l2cap_chan_lock(chan);
845 	err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
846 	l2cap_chan_unlock(chan);
847 
848 	return err;
849 }
850 
851 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
852 			      struct msghdr *msg, size_t len, int flags)
853 {
854 	struct sock *sk = sock->sk;
855 	struct l2cap_pinfo *pi = l2cap_pi(sk);
856 	int err;
857 
858 	lock_sock(sk);
859 
860 	if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
861 						    &bt_sk(sk)->flags)) {
862 		sk->sk_state = BT_CONFIG;
863 		pi->chan->state = BT_CONFIG;
864 
865 		__l2cap_connect_rsp_defer(pi->chan);
866 		err = 0;
867 		goto done;
868 	}
869 
870 	release_sock(sk);
871 
872 	if (sock->type == SOCK_STREAM)
873 		err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags);
874 	else
875 		err = bt_sock_recvmsg(iocb, sock, msg, len, flags);
876 
877 	if (pi->chan->mode != L2CAP_MODE_ERTM)
878 		return err;
879 
880 	/* Attempt to put pending rx data in the socket buffer */
881 
882 	lock_sock(sk);
883 
884 	if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
885 		goto done;
886 
887 	if (pi->rx_busy_skb) {
888 		if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb))
889 			pi->rx_busy_skb = NULL;
890 		else
891 			goto done;
892 	}
893 
894 	/* Restore data flow when half of the receive buffer is
895 	 * available.  This avoids resending large numbers of
896 	 * frames.
897 	 */
898 	if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
899 		l2cap_chan_busy(pi->chan, 0);
900 
901 done:
902 	release_sock(sk);
903 	return err;
904 }
905 
906 /* Kill socket (only if zapped and orphan)
907  * Must be called on unlocked socket.
908  */
909 static void l2cap_sock_kill(struct sock *sk)
910 {
911 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
912 		return;
913 
914 	BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
915 
916 	/* Kill poor orphan */
917 
918 	l2cap_chan_put(l2cap_pi(sk)->chan);
919 	sock_set_flag(sk, SOCK_DEAD);
920 	sock_put(sk);
921 }
922 
923 static int __l2cap_wait_ack(struct sock *sk)
924 {
925 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
926 	DECLARE_WAITQUEUE(wait, current);
927 	int err = 0;
928 	int timeo = HZ/5;
929 
930 	add_wait_queue(sk_sleep(sk), &wait);
931 	set_current_state(TASK_INTERRUPTIBLE);
932 	while (chan->unacked_frames > 0 && chan->conn) {
933 		if (!timeo)
934 			timeo = HZ/5;
935 
936 		if (signal_pending(current)) {
937 			err = sock_intr_errno(timeo);
938 			break;
939 		}
940 
941 		release_sock(sk);
942 		timeo = schedule_timeout(timeo);
943 		lock_sock(sk);
944 		set_current_state(TASK_INTERRUPTIBLE);
945 
946 		err = sock_error(sk);
947 		if (err)
948 			break;
949 	}
950 	set_current_state(TASK_RUNNING);
951 	remove_wait_queue(sk_sleep(sk), &wait);
952 	return err;
953 }
954 
955 static int l2cap_sock_shutdown(struct socket *sock, int how)
956 {
957 	struct sock *sk = sock->sk;
958 	struct l2cap_chan *chan;
959 	struct l2cap_conn *conn;
960 	int err = 0;
961 
962 	BT_DBG("sock %p, sk %p", sock, sk);
963 
964 	if (!sk)
965 		return 0;
966 
967 	chan = l2cap_pi(sk)->chan;
968 	conn = chan->conn;
969 
970 	if (conn)
971 		mutex_lock(&conn->chan_lock);
972 
973 	l2cap_chan_lock(chan);
974 	lock_sock(sk);
975 
976 	if (!sk->sk_shutdown) {
977 		if (chan->mode == L2CAP_MODE_ERTM)
978 			err = __l2cap_wait_ack(sk);
979 
980 		sk->sk_shutdown = SHUTDOWN_MASK;
981 
982 		release_sock(sk);
983 		l2cap_chan_close(chan, 0);
984 		lock_sock(sk);
985 
986 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
987 			err = bt_sock_wait_state(sk, BT_CLOSED,
988 						 sk->sk_lingertime);
989 	}
990 
991 	if (!err && sk->sk_err)
992 		err = -sk->sk_err;
993 
994 	release_sock(sk);
995 	l2cap_chan_unlock(chan);
996 
997 	if (conn)
998 		mutex_unlock(&conn->chan_lock);
999 
1000 	return err;
1001 }
1002 
1003 static int l2cap_sock_release(struct socket *sock)
1004 {
1005 	struct sock *sk = sock->sk;
1006 	int err;
1007 
1008 	BT_DBG("sock %p, sk %p", sock, sk);
1009 
1010 	if (!sk)
1011 		return 0;
1012 
1013 	bt_sock_unlink(&l2cap_sk_list, sk);
1014 
1015 	err = l2cap_sock_shutdown(sock, 2);
1016 
1017 	sock_orphan(sk);
1018 	l2cap_sock_kill(sk);
1019 	return err;
1020 }
1021 
1022 static void l2cap_sock_cleanup_listen(struct sock *parent)
1023 {
1024 	struct sock *sk;
1025 
1026 	BT_DBG("parent %p", parent);
1027 
1028 	/* Close not yet accepted channels */
1029 	while ((sk = bt_accept_dequeue(parent, NULL))) {
1030 		struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1031 
1032 		l2cap_chan_lock(chan);
1033 		__clear_chan_timer(chan);
1034 		l2cap_chan_close(chan, ECONNRESET);
1035 		l2cap_chan_unlock(chan);
1036 
1037 		l2cap_sock_kill(sk);
1038 	}
1039 }
1040 
1041 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1042 {
1043 	struct sock *sk, *parent = chan->data;
1044 
1045 	lock_sock(parent);
1046 
1047 	/* Check for backlog size */
1048 	if (sk_acceptq_is_full(parent)) {
1049 		BT_DBG("backlog full %d", parent->sk_ack_backlog);
1050 		return NULL;
1051 	}
1052 
1053 	sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1054 			      GFP_ATOMIC);
1055 	if (!sk)
1056 		return NULL;
1057 
1058 	bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1059 
1060 	l2cap_sock_init(sk, parent);
1061 
1062 	bt_accept_enqueue(parent, sk);
1063 
1064 	release_sock(parent);
1065 
1066 	return l2cap_pi(sk)->chan;
1067 }
1068 
1069 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1070 {
1071 	struct sock *sk = chan->data;
1072 	int err;
1073 
1074 	lock_sock(sk);
1075 
1076 	if (l2cap_pi(sk)->rx_busy_skb) {
1077 		err = -ENOMEM;
1078 		goto done;
1079 	}
1080 
1081 	err = sock_queue_rcv_skb(sk, skb);
1082 
1083 	/* For ERTM, handle one skb that doesn't fit into the recv
1084 	 * buffer.  This is important to do because the data frames
1085 	 * have already been acked, so the skb cannot be discarded.
1086 	 *
1087 	 * Notify the l2cap core that the buffer is full, so the
1088 	 * LOCAL_BUSY state is entered and no more frames are
1089 	 * acked and reassembled until there is buffer space
1090 	 * available.
1091 	 */
1092 	if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1093 		l2cap_pi(sk)->rx_busy_skb = skb;
1094 		l2cap_chan_busy(chan, 1);
1095 		err = 0;
1096 	}
1097 
1098 done:
1099 	release_sock(sk);
1100 
1101 	return err;
1102 }
1103 
1104 static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1105 {
1106 	struct sock *sk = chan->data;
1107 
1108 	l2cap_sock_kill(sk);
1109 }
1110 
1111 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1112 {
1113 	struct sock *sk = chan->data;
1114 	struct sock *parent;
1115 
1116 	lock_sock(sk);
1117 
1118 	parent = bt_sk(sk)->parent;
1119 
1120 	sock_set_flag(sk, SOCK_ZAPPED);
1121 
1122 	switch (chan->state) {
1123 	case BT_OPEN:
1124 	case BT_BOUND:
1125 	case BT_CLOSED:
1126 		break;
1127 	case BT_LISTEN:
1128 		l2cap_sock_cleanup_listen(sk);
1129 		sk->sk_state = BT_CLOSED;
1130 		chan->state = BT_CLOSED;
1131 
1132 		break;
1133 	default:
1134 		sk->sk_state = BT_CLOSED;
1135 		chan->state = BT_CLOSED;
1136 
1137 		sk->sk_err = err;
1138 
1139 		if (parent) {
1140 			bt_accept_unlink(sk);
1141 			parent->sk_data_ready(parent, 0);
1142 		} else {
1143 			sk->sk_state_change(sk);
1144 		}
1145 
1146 		break;
1147 	}
1148 
1149 	release_sock(sk);
1150 }
1151 
1152 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1153 				       int err)
1154 {
1155 	struct sock *sk = chan->data;
1156 
1157 	sk->sk_state = state;
1158 
1159 	if (err)
1160 		sk->sk_err = err;
1161 }
1162 
1163 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1164 					       unsigned long len, int nb)
1165 {
1166 	struct sock *sk = chan->data;
1167 	struct sk_buff *skb;
1168 	int err;
1169 
1170 	l2cap_chan_unlock(chan);
1171 	skb = bt_skb_send_alloc(sk, len, nb, &err);
1172 	l2cap_chan_lock(chan);
1173 
1174 	if (!skb)
1175 		return ERR_PTR(err);
1176 
1177 	bt_cb(skb)->chan = chan;
1178 
1179 	return skb;
1180 }
1181 
1182 static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1183 {
1184 	struct sock *sk = chan->data;
1185 	struct sock *parent;
1186 
1187 	lock_sock(sk);
1188 
1189 	parent = bt_sk(sk)->parent;
1190 
1191 	BT_DBG("sk %p, parent %p", sk, parent);
1192 
1193 	sk->sk_state = BT_CONNECTED;
1194 	sk->sk_state_change(sk);
1195 
1196 	if (parent)
1197 		parent->sk_data_ready(parent, 0);
1198 
1199 	release_sock(sk);
1200 }
1201 
1202 static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1203 {
1204 	struct sock *parent, *sk = chan->data;
1205 
1206 	lock_sock(sk);
1207 
1208 	parent = bt_sk(sk)->parent;
1209 	if (parent)
1210 		parent->sk_data_ready(parent, 0);
1211 
1212 	release_sock(sk);
1213 }
1214 
1215 static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1216 {
1217 	struct sock *sk = chan->data;
1218 
1219 	clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1220 	sk->sk_state_change(sk);
1221 }
1222 
1223 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1224 {
1225 	struct sock *sk = chan->data;
1226 
1227 	lock_sock(sk);
1228 	sk->sk_shutdown = SHUTDOWN_MASK;
1229 	release_sock(sk);
1230 }
1231 
1232 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1233 {
1234 	struct sock *sk = chan->data;
1235 
1236 	return sk->sk_sndtimeo;
1237 }
1238 
1239 static struct l2cap_ops l2cap_chan_ops = {
1240 	.name		= "L2CAP Socket Interface",
1241 	.new_connection	= l2cap_sock_new_connection_cb,
1242 	.recv		= l2cap_sock_recv_cb,
1243 	.close		= l2cap_sock_close_cb,
1244 	.teardown	= l2cap_sock_teardown_cb,
1245 	.state_change	= l2cap_sock_state_change_cb,
1246 	.ready		= l2cap_sock_ready_cb,
1247 	.defer		= l2cap_sock_defer_cb,
1248 	.resume		= l2cap_sock_resume_cb,
1249 	.set_shutdown	= l2cap_sock_set_shutdown_cb,
1250 	.get_sndtimeo	= l2cap_sock_get_sndtimeo_cb,
1251 	.alloc_skb	= l2cap_sock_alloc_skb_cb,
1252 };
1253 
1254 static void l2cap_sock_destruct(struct sock *sk)
1255 {
1256 	BT_DBG("sk %p", sk);
1257 
1258 	if (l2cap_pi(sk)->chan)
1259 		l2cap_chan_put(l2cap_pi(sk)->chan);
1260 
1261 	if (l2cap_pi(sk)->rx_busy_skb) {
1262 		kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1263 		l2cap_pi(sk)->rx_busy_skb = NULL;
1264 	}
1265 
1266 	skb_queue_purge(&sk->sk_receive_queue);
1267 	skb_queue_purge(&sk->sk_write_queue);
1268 }
1269 
1270 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1271 			       int *msg_namelen)
1272 {
1273 	struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1274 
1275 	memset(la, 0, sizeof(struct sockaddr_l2));
1276 	la->l2_family = AF_BLUETOOTH;
1277 	la->l2_psm = bt_cb(skb)->psm;
1278 	bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1279 
1280 	*msg_namelen = sizeof(struct sockaddr_l2);
1281 }
1282 
1283 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1284 {
1285 	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1286 
1287 	BT_DBG("sk %p", sk);
1288 
1289 	if (parent) {
1290 		struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1291 
1292 		sk->sk_type = parent->sk_type;
1293 		bt_sk(sk)->flags = bt_sk(parent)->flags;
1294 
1295 		chan->chan_type = pchan->chan_type;
1296 		chan->imtu = pchan->imtu;
1297 		chan->omtu = pchan->omtu;
1298 		chan->conf_state = pchan->conf_state;
1299 		chan->mode = pchan->mode;
1300 		chan->fcs  = pchan->fcs;
1301 		chan->max_tx = pchan->max_tx;
1302 		chan->tx_win = pchan->tx_win;
1303 		chan->tx_win_max = pchan->tx_win_max;
1304 		chan->sec_level = pchan->sec_level;
1305 		chan->flags = pchan->flags;
1306 
1307 		security_sk_clone(parent, sk);
1308 	} else {
1309 		switch (sk->sk_type) {
1310 		case SOCK_RAW:
1311 			chan->chan_type = L2CAP_CHAN_RAW;
1312 			break;
1313 		case SOCK_DGRAM:
1314 			chan->chan_type = L2CAP_CHAN_CONN_LESS;
1315 			bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1316 			break;
1317 		case SOCK_SEQPACKET:
1318 		case SOCK_STREAM:
1319 			chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1320 			break;
1321 		}
1322 
1323 		chan->imtu = L2CAP_DEFAULT_MTU;
1324 		chan->omtu = 0;
1325 		if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1326 			chan->mode = L2CAP_MODE_ERTM;
1327 			set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1328 		} else {
1329 			chan->mode = L2CAP_MODE_BASIC;
1330 		}
1331 
1332 		l2cap_chan_set_defaults(chan);
1333 	}
1334 
1335 	/* Default config options */
1336 	chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1337 
1338 	chan->data = sk;
1339 	chan->ops = &l2cap_chan_ops;
1340 }
1341 
1342 static struct proto l2cap_proto = {
1343 	.name		= "L2CAP",
1344 	.owner		= THIS_MODULE,
1345 	.obj_size	= sizeof(struct l2cap_pinfo)
1346 };
1347 
1348 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1349 				     int proto, gfp_t prio)
1350 {
1351 	struct sock *sk;
1352 	struct l2cap_chan *chan;
1353 
1354 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
1355 	if (!sk)
1356 		return NULL;
1357 
1358 	sock_init_data(sock, sk);
1359 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1360 
1361 	sk->sk_destruct = l2cap_sock_destruct;
1362 	sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1363 
1364 	sock_reset_flag(sk, SOCK_ZAPPED);
1365 
1366 	sk->sk_protocol = proto;
1367 	sk->sk_state = BT_OPEN;
1368 
1369 	chan = l2cap_chan_create();
1370 	if (!chan) {
1371 		sk_free(sk);
1372 		return NULL;
1373 	}
1374 
1375 	l2cap_chan_hold(chan);
1376 
1377 	l2cap_pi(sk)->chan = chan;
1378 
1379 	return sk;
1380 }
1381 
1382 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1383 			     int kern)
1384 {
1385 	struct sock *sk;
1386 
1387 	BT_DBG("sock %p", sock);
1388 
1389 	sock->state = SS_UNCONNECTED;
1390 
1391 	if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1392 	    sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1393 		return -ESOCKTNOSUPPORT;
1394 
1395 	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1396 		return -EPERM;
1397 
1398 	sock->ops = &l2cap_sock_ops;
1399 
1400 	sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
1401 	if (!sk)
1402 		return -ENOMEM;
1403 
1404 	l2cap_sock_init(sk, NULL);
1405 	bt_sock_link(&l2cap_sk_list, sk);
1406 	return 0;
1407 }
1408 
1409 static const struct proto_ops l2cap_sock_ops = {
1410 	.family		= PF_BLUETOOTH,
1411 	.owner		= THIS_MODULE,
1412 	.release	= l2cap_sock_release,
1413 	.bind		= l2cap_sock_bind,
1414 	.connect	= l2cap_sock_connect,
1415 	.listen		= l2cap_sock_listen,
1416 	.accept		= l2cap_sock_accept,
1417 	.getname	= l2cap_sock_getname,
1418 	.sendmsg	= l2cap_sock_sendmsg,
1419 	.recvmsg	= l2cap_sock_recvmsg,
1420 	.poll		= bt_sock_poll,
1421 	.ioctl		= bt_sock_ioctl,
1422 	.mmap		= sock_no_mmap,
1423 	.socketpair	= sock_no_socketpair,
1424 	.shutdown	= l2cap_sock_shutdown,
1425 	.setsockopt	= l2cap_sock_setsockopt,
1426 	.getsockopt	= l2cap_sock_getsockopt
1427 };
1428 
1429 static const struct net_proto_family l2cap_sock_family_ops = {
1430 	.family	= PF_BLUETOOTH,
1431 	.owner	= THIS_MODULE,
1432 	.create	= l2cap_sock_create,
1433 };
1434 
1435 int __init l2cap_init_sockets(void)
1436 {
1437 	int err;
1438 
1439 	err = proto_register(&l2cap_proto, 0);
1440 	if (err < 0)
1441 		return err;
1442 
1443 	err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1444 	if (err < 0) {
1445 		BT_ERR("L2CAP socket registration failed");
1446 		goto error;
1447 	}
1448 
1449 	err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1450 			     NULL);
1451 	if (err < 0) {
1452 		BT_ERR("Failed to create L2CAP proc file");
1453 		bt_sock_unregister(BTPROTO_L2CAP);
1454 		goto error;
1455 	}
1456 
1457 	BT_INFO("L2CAP socket layer initialized");
1458 
1459 	return 0;
1460 
1461 error:
1462 	proto_unregister(&l2cap_proto);
1463 	return err;
1464 }
1465 
1466 void l2cap_cleanup_sockets(void)
1467 {
1468 	bt_procfs_cleanup(&init_net, "l2cap");
1469 	bt_sock_unregister(BTPROTO_L2CAP);
1470 	proto_unregister(&l2cap_proto);
1471 }
1472