1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 bool enable_lecoc; 40 41 static struct bt_sock_list l2cap_sk_list = { 42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 43 }; 44 45 static const struct proto_ops l2cap_sock_ops; 46 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 47 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 48 int proto, gfp_t prio); 49 50 bool l2cap_is_socket(struct socket *sock) 51 { 52 return sock && sock->ops == &l2cap_sock_ops; 53 } 54 EXPORT_SYMBOL(l2cap_is_socket); 55 56 static int l2cap_validate_bredr_psm(u16 psm) 57 { 58 /* PSM must be odd and lsb of upper byte must be 0 */ 59 if ((psm & 0x0101) != 0x0001) 60 return -EINVAL; 61 62 /* Restrict usage of well-known PSMs */ 63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 64 return -EACCES; 65 66 return 0; 67 } 68 69 static int l2cap_validate_le_psm(u16 psm) 70 { 71 /* Valid LE_PSM ranges are defined only until 0x00ff */ 72 if (psm > 0x00ff) 73 return -EINVAL; 74 75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 77 return -EACCES; 78 79 return 0; 80 } 81 82 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 83 { 84 struct sock *sk = sock->sk; 85 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 86 struct sockaddr_l2 la; 87 int len, err = 0; 88 89 BT_DBG("sk %p", sk); 90 91 if (!addr || addr->sa_family != AF_BLUETOOTH) 92 return -EINVAL; 93 94 memset(&la, 0, sizeof(la)); 95 len = min_t(unsigned int, sizeof(la), alen); 96 memcpy(&la, addr, len); 97 98 if (la.l2_cid && la.l2_psm) 99 return -EINVAL; 100 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 102 return -EINVAL; 103 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 105 if (!enable_lecoc && la.l2_psm) 106 return -EINVAL; 107 /* We only allow ATT user space socket */ 108 if (la.l2_cid && 109 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 110 return -EINVAL; 111 } 112 113 lock_sock(sk); 114 115 if (sk->sk_state != BT_OPEN) { 116 err = -EBADFD; 117 goto done; 118 } 119 120 if (la.l2_psm) { 121 __u16 psm = __le16_to_cpu(la.l2_psm); 122 123 if (la.l2_bdaddr_type == BDADDR_BREDR) 124 err = l2cap_validate_bredr_psm(psm); 125 else 126 err = l2cap_validate_le_psm(psm); 127 128 if (err) 129 goto done; 130 } 131 132 if (la.l2_cid) 133 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 134 else 135 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 136 137 if (err < 0) 138 goto done; 139 140 switch (chan->chan_type) { 141 case L2CAP_CHAN_CONN_LESS: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 143 chan->sec_level = BT_SECURITY_SDP; 144 break; 145 case L2CAP_CHAN_CONN_ORIENTED: 146 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 147 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 case L2CAP_CHAN_RAW: 151 chan->sec_level = BT_SECURITY_SDP; 152 break; 153 } 154 155 bacpy(&chan->src, &la.l2_bdaddr); 156 chan->src_type = la.l2_bdaddr_type; 157 158 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 159 chan->mode = L2CAP_MODE_LE_FLOWCTL; 160 161 chan->state = BT_BOUND; 162 sk->sk_state = BT_BOUND; 163 164 done: 165 release_sock(sk); 166 return err; 167 } 168 169 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 170 int alen, int flags) 171 { 172 struct sock *sk = sock->sk; 173 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 174 struct sockaddr_l2 la; 175 int len, err = 0; 176 177 BT_DBG("sk %p", sk); 178 179 if (!addr || alen < sizeof(addr->sa_family) || 180 addr->sa_family != AF_BLUETOOTH) 181 return -EINVAL; 182 183 memset(&la, 0, sizeof(la)); 184 len = min_t(unsigned int, sizeof(la), alen); 185 memcpy(&la, addr, len); 186 187 if (la.l2_cid && la.l2_psm) 188 return -EINVAL; 189 190 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 191 return -EINVAL; 192 193 /* Check that the socket wasn't bound to something that 194 * conflicts with the address given to connect(). If chan->src 195 * is BDADDR_ANY it means bind() was never used, in which case 196 * chan->src_type and la.l2_bdaddr_type do not need to match. 197 */ 198 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 199 bdaddr_type_is_le(la.l2_bdaddr_type)) { 200 /* Old user space versions will try to incorrectly bind 201 * the ATT socket using BDADDR_BREDR. We need to accept 202 * this and fix up the source address type only when 203 * both the source CID and destination CID indicate 204 * ATT. Anything else is an invalid combination. 205 */ 206 if (chan->scid != L2CAP_CID_ATT || 207 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 208 return -EINVAL; 209 210 /* We don't have the hdev available here to make a 211 * better decision on random vs public, but since all 212 * user space versions that exhibit this issue anyway do 213 * not support random local addresses assuming public 214 * here is good enough. 215 */ 216 chan->src_type = BDADDR_LE_PUBLIC; 217 } 218 219 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 220 return -EINVAL; 221 222 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 223 if (!enable_lecoc && la.l2_psm) 224 return -EINVAL; 225 /* We only allow ATT user space socket */ 226 if (la.l2_cid && 227 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 228 return -EINVAL; 229 } 230 231 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 232 chan->mode = L2CAP_MODE_LE_FLOWCTL; 233 234 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 235 &la.l2_bdaddr, la.l2_bdaddr_type); 236 if (err) 237 return err; 238 239 lock_sock(sk); 240 241 err = bt_sock_wait_state(sk, BT_CONNECTED, 242 sock_sndtimeo(sk, flags & O_NONBLOCK)); 243 244 release_sock(sk); 245 246 return err; 247 } 248 249 static int l2cap_sock_listen(struct socket *sock, int backlog) 250 { 251 struct sock *sk = sock->sk; 252 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 253 int err = 0; 254 255 BT_DBG("sk %p backlog %d", sk, backlog); 256 257 lock_sock(sk); 258 259 if (sk->sk_state != BT_BOUND) { 260 err = -EBADFD; 261 goto done; 262 } 263 264 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 265 err = -EINVAL; 266 goto done; 267 } 268 269 switch (chan->mode) { 270 case L2CAP_MODE_BASIC: 271 case L2CAP_MODE_LE_FLOWCTL: 272 break; 273 case L2CAP_MODE_ERTM: 274 case L2CAP_MODE_STREAMING: 275 if (!disable_ertm) 276 break; 277 /* fall through */ 278 default: 279 err = -ENOTSUPP; 280 goto done; 281 } 282 283 sk->sk_max_ack_backlog = backlog; 284 sk->sk_ack_backlog = 0; 285 286 chan->state = BT_LISTEN; 287 sk->sk_state = BT_LISTEN; 288 289 done: 290 release_sock(sk); 291 return err; 292 } 293 294 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 295 int flags) 296 { 297 DECLARE_WAITQUEUE(wait, current); 298 struct sock *sk = sock->sk, *nsk; 299 long timeo; 300 int err = 0; 301 302 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 303 304 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 305 306 BT_DBG("sk %p timeo %ld", sk, timeo); 307 308 /* Wait for an incoming connection. (wake-one). */ 309 add_wait_queue_exclusive(sk_sleep(sk), &wait); 310 while (1) { 311 set_current_state(TASK_INTERRUPTIBLE); 312 313 if (sk->sk_state != BT_LISTEN) { 314 err = -EBADFD; 315 break; 316 } 317 318 nsk = bt_accept_dequeue(sk, newsock); 319 if (nsk) 320 break; 321 322 if (!timeo) { 323 err = -EAGAIN; 324 break; 325 } 326 327 if (signal_pending(current)) { 328 err = sock_intr_errno(timeo); 329 break; 330 } 331 332 release_sock(sk); 333 timeo = schedule_timeout(timeo); 334 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 335 } 336 __set_current_state(TASK_RUNNING); 337 remove_wait_queue(sk_sleep(sk), &wait); 338 339 if (err) 340 goto done; 341 342 newsock->state = SS_CONNECTED; 343 344 BT_DBG("new socket %p", nsk); 345 346 done: 347 release_sock(sk); 348 return err; 349 } 350 351 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 352 int *len, int peer) 353 { 354 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 355 struct sock *sk = sock->sk; 356 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 357 358 BT_DBG("sock %p, sk %p", sock, sk); 359 360 memset(la, 0, sizeof(struct sockaddr_l2)); 361 addr->sa_family = AF_BLUETOOTH; 362 *len = sizeof(struct sockaddr_l2); 363 364 if (peer) { 365 la->l2_psm = chan->psm; 366 bacpy(&la->l2_bdaddr, &chan->dst); 367 la->l2_cid = cpu_to_le16(chan->dcid); 368 la->l2_bdaddr_type = chan->dst_type; 369 } else { 370 la->l2_psm = chan->sport; 371 bacpy(&la->l2_bdaddr, &chan->src); 372 la->l2_cid = cpu_to_le16(chan->scid); 373 la->l2_bdaddr_type = chan->src_type; 374 } 375 376 return 0; 377 } 378 379 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 380 char __user *optval, int __user *optlen) 381 { 382 struct sock *sk = sock->sk; 383 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 384 struct l2cap_options opts; 385 struct l2cap_conninfo cinfo; 386 int len, err = 0; 387 u32 opt; 388 389 BT_DBG("sk %p", sk); 390 391 if (get_user(len, optlen)) 392 return -EFAULT; 393 394 lock_sock(sk); 395 396 switch (optname) { 397 case L2CAP_OPTIONS: 398 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 399 * legacy ATT code depends on getsockopt for 400 * L2CAP_OPTIONS we need to let this pass. 401 */ 402 if (bdaddr_type_is_le(chan->src_type) && 403 chan->scid != L2CAP_CID_ATT) { 404 err = -EINVAL; 405 break; 406 } 407 408 memset(&opts, 0, sizeof(opts)); 409 opts.imtu = chan->imtu; 410 opts.omtu = chan->omtu; 411 opts.flush_to = chan->flush_to; 412 opts.mode = chan->mode; 413 opts.fcs = chan->fcs; 414 opts.max_tx = chan->max_tx; 415 opts.txwin_size = chan->tx_win; 416 417 len = min_t(unsigned int, len, sizeof(opts)); 418 if (copy_to_user(optval, (char *) &opts, len)) 419 err = -EFAULT; 420 421 break; 422 423 case L2CAP_LM: 424 switch (chan->sec_level) { 425 case BT_SECURITY_LOW: 426 opt = L2CAP_LM_AUTH; 427 break; 428 case BT_SECURITY_MEDIUM: 429 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 430 break; 431 case BT_SECURITY_HIGH: 432 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 433 L2CAP_LM_SECURE; 434 break; 435 default: 436 opt = 0; 437 break; 438 } 439 440 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 441 opt |= L2CAP_LM_MASTER; 442 443 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 444 opt |= L2CAP_LM_RELIABLE; 445 446 if (put_user(opt, (u32 __user *) optval)) 447 err = -EFAULT; 448 break; 449 450 case L2CAP_CONNINFO: 451 if (sk->sk_state != BT_CONNECTED && 452 !(sk->sk_state == BT_CONNECT2 && 453 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 454 err = -ENOTCONN; 455 break; 456 } 457 458 memset(&cinfo, 0, sizeof(cinfo)); 459 cinfo.hci_handle = chan->conn->hcon->handle; 460 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 461 462 len = min_t(unsigned int, len, sizeof(cinfo)); 463 if (copy_to_user(optval, (char *) &cinfo, len)) 464 err = -EFAULT; 465 466 break; 467 468 default: 469 err = -ENOPROTOOPT; 470 break; 471 } 472 473 release_sock(sk); 474 return err; 475 } 476 477 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 478 char __user *optval, int __user *optlen) 479 { 480 struct sock *sk = sock->sk; 481 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 482 struct bt_security sec; 483 struct bt_power pwr; 484 int len, err = 0; 485 486 BT_DBG("sk %p", sk); 487 488 if (level == SOL_L2CAP) 489 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 490 491 if (level != SOL_BLUETOOTH) 492 return -ENOPROTOOPT; 493 494 if (get_user(len, optlen)) 495 return -EFAULT; 496 497 lock_sock(sk); 498 499 switch (optname) { 500 case BT_SECURITY: 501 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 502 chan->chan_type != L2CAP_CHAN_RAW) { 503 err = -EINVAL; 504 break; 505 } 506 507 memset(&sec, 0, sizeof(sec)); 508 if (chan->conn) { 509 sec.level = chan->conn->hcon->sec_level; 510 511 if (sk->sk_state == BT_CONNECTED) 512 sec.key_size = chan->conn->hcon->enc_key_size; 513 } else { 514 sec.level = chan->sec_level; 515 } 516 517 len = min_t(unsigned int, len, sizeof(sec)); 518 if (copy_to_user(optval, (char *) &sec, len)) 519 err = -EFAULT; 520 521 break; 522 523 case BT_DEFER_SETUP: 524 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 525 err = -EINVAL; 526 break; 527 } 528 529 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 530 (u32 __user *) optval)) 531 err = -EFAULT; 532 533 break; 534 535 case BT_FLUSHABLE: 536 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 537 (u32 __user *) optval)) 538 err = -EFAULT; 539 540 break; 541 542 case BT_POWER: 543 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 544 && sk->sk_type != SOCK_RAW) { 545 err = -EINVAL; 546 break; 547 } 548 549 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 550 551 len = min_t(unsigned int, len, sizeof(pwr)); 552 if (copy_to_user(optval, (char *) &pwr, len)) 553 err = -EFAULT; 554 555 break; 556 557 case BT_CHANNEL_POLICY: 558 if (put_user(chan->chan_policy, (u32 __user *) optval)) 559 err = -EFAULT; 560 break; 561 562 case BT_SNDMTU: 563 if (!enable_lecoc) { 564 err = -EPROTONOSUPPORT; 565 break; 566 } 567 568 if (!bdaddr_type_is_le(chan->src_type)) { 569 err = -EINVAL; 570 break; 571 } 572 573 if (sk->sk_state != BT_CONNECTED) { 574 err = -ENOTCONN; 575 break; 576 } 577 578 if (put_user(chan->omtu, (u16 __user *) optval)) 579 err = -EFAULT; 580 break; 581 582 case BT_RCVMTU: 583 if (!enable_lecoc) { 584 err = -EPROTONOSUPPORT; 585 break; 586 } 587 588 if (!bdaddr_type_is_le(chan->src_type)) { 589 err = -EINVAL; 590 break; 591 } 592 593 if (put_user(chan->imtu, (u16 __user *) optval)) 594 err = -EFAULT; 595 break; 596 597 default: 598 err = -ENOPROTOOPT; 599 break; 600 } 601 602 release_sock(sk); 603 return err; 604 } 605 606 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 607 { 608 switch (chan->scid) { 609 case L2CAP_CID_ATT: 610 if (mtu < L2CAP_LE_MIN_MTU) 611 return false; 612 break; 613 614 default: 615 if (mtu < L2CAP_DEFAULT_MIN_MTU) 616 return false; 617 } 618 619 return true; 620 } 621 622 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 623 char __user *optval, unsigned int optlen) 624 { 625 struct sock *sk = sock->sk; 626 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 627 struct l2cap_options opts; 628 int len, err = 0; 629 u32 opt; 630 631 BT_DBG("sk %p", sk); 632 633 lock_sock(sk); 634 635 switch (optname) { 636 case L2CAP_OPTIONS: 637 if (bdaddr_type_is_le(chan->src_type)) { 638 err = -EINVAL; 639 break; 640 } 641 642 if (sk->sk_state == BT_CONNECTED) { 643 err = -EINVAL; 644 break; 645 } 646 647 opts.imtu = chan->imtu; 648 opts.omtu = chan->omtu; 649 opts.flush_to = chan->flush_to; 650 opts.mode = chan->mode; 651 opts.fcs = chan->fcs; 652 opts.max_tx = chan->max_tx; 653 opts.txwin_size = chan->tx_win; 654 655 len = min_t(unsigned int, sizeof(opts), optlen); 656 if (copy_from_user((char *) &opts, optval, len)) { 657 err = -EFAULT; 658 break; 659 } 660 661 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 662 err = -EINVAL; 663 break; 664 } 665 666 if (!l2cap_valid_mtu(chan, opts.imtu)) { 667 err = -EINVAL; 668 break; 669 } 670 671 chan->mode = opts.mode; 672 switch (chan->mode) { 673 case L2CAP_MODE_LE_FLOWCTL: 674 break; 675 case L2CAP_MODE_BASIC: 676 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 677 break; 678 case L2CAP_MODE_ERTM: 679 case L2CAP_MODE_STREAMING: 680 if (!disable_ertm) 681 break; 682 /* fall through */ 683 default: 684 err = -EINVAL; 685 break; 686 } 687 688 chan->imtu = opts.imtu; 689 chan->omtu = opts.omtu; 690 chan->fcs = opts.fcs; 691 chan->max_tx = opts.max_tx; 692 chan->tx_win = opts.txwin_size; 693 chan->flush_to = opts.flush_to; 694 break; 695 696 case L2CAP_LM: 697 if (get_user(opt, (u32 __user *) optval)) { 698 err = -EFAULT; 699 break; 700 } 701 702 if (opt & L2CAP_LM_AUTH) 703 chan->sec_level = BT_SECURITY_LOW; 704 if (opt & L2CAP_LM_ENCRYPT) 705 chan->sec_level = BT_SECURITY_MEDIUM; 706 if (opt & L2CAP_LM_SECURE) 707 chan->sec_level = BT_SECURITY_HIGH; 708 709 if (opt & L2CAP_LM_MASTER) 710 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 711 else 712 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 713 714 if (opt & L2CAP_LM_RELIABLE) 715 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 716 else 717 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 718 break; 719 720 default: 721 err = -ENOPROTOOPT; 722 break; 723 } 724 725 release_sock(sk); 726 return err; 727 } 728 729 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 730 char __user *optval, unsigned int optlen) 731 { 732 struct sock *sk = sock->sk; 733 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 734 struct bt_security sec; 735 struct bt_power pwr; 736 struct l2cap_conn *conn; 737 int len, err = 0; 738 u32 opt; 739 740 BT_DBG("sk %p", sk); 741 742 if (level == SOL_L2CAP) 743 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 744 745 if (level != SOL_BLUETOOTH) 746 return -ENOPROTOOPT; 747 748 lock_sock(sk); 749 750 switch (optname) { 751 case BT_SECURITY: 752 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 753 chan->chan_type != L2CAP_CHAN_RAW) { 754 err = -EINVAL; 755 break; 756 } 757 758 sec.level = BT_SECURITY_LOW; 759 760 len = min_t(unsigned int, sizeof(sec), optlen); 761 if (copy_from_user((char *) &sec, optval, len)) { 762 err = -EFAULT; 763 break; 764 } 765 766 if (sec.level < BT_SECURITY_LOW || 767 sec.level > BT_SECURITY_HIGH) { 768 err = -EINVAL; 769 break; 770 } 771 772 chan->sec_level = sec.level; 773 774 if (!chan->conn) 775 break; 776 777 conn = chan->conn; 778 779 /*change security for LE channels */ 780 if (chan->scid == L2CAP_CID_ATT) { 781 if (!conn->hcon->out) { 782 err = -EINVAL; 783 break; 784 } 785 786 if (smp_conn_security(conn->hcon, sec.level)) 787 break; 788 sk->sk_state = BT_CONFIG; 789 chan->state = BT_CONFIG; 790 791 /* or for ACL link */ 792 } else if ((sk->sk_state == BT_CONNECT2 && 793 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 794 sk->sk_state == BT_CONNECTED) { 795 if (!l2cap_chan_check_security(chan)) 796 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 797 else 798 sk->sk_state_change(sk); 799 } else { 800 err = -EINVAL; 801 } 802 break; 803 804 case BT_DEFER_SETUP: 805 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 806 err = -EINVAL; 807 break; 808 } 809 810 if (get_user(opt, (u32 __user *) optval)) { 811 err = -EFAULT; 812 break; 813 } 814 815 if (opt) { 816 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 817 set_bit(FLAG_DEFER_SETUP, &chan->flags); 818 } else { 819 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 820 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 821 } 822 break; 823 824 case BT_FLUSHABLE: 825 if (get_user(opt, (u32 __user *) optval)) { 826 err = -EFAULT; 827 break; 828 } 829 830 if (opt > BT_FLUSHABLE_ON) { 831 err = -EINVAL; 832 break; 833 } 834 835 if (opt == BT_FLUSHABLE_OFF) { 836 conn = chan->conn; 837 /* proceed further only when we have l2cap_conn and 838 No Flush support in the LM */ 839 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 840 err = -EINVAL; 841 break; 842 } 843 } 844 845 if (opt) 846 set_bit(FLAG_FLUSHABLE, &chan->flags); 847 else 848 clear_bit(FLAG_FLUSHABLE, &chan->flags); 849 break; 850 851 case BT_POWER: 852 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 853 chan->chan_type != L2CAP_CHAN_RAW) { 854 err = -EINVAL; 855 break; 856 } 857 858 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 859 860 len = min_t(unsigned int, sizeof(pwr), optlen); 861 if (copy_from_user((char *) &pwr, optval, len)) { 862 err = -EFAULT; 863 break; 864 } 865 866 if (pwr.force_active) 867 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 868 else 869 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 870 break; 871 872 case BT_CHANNEL_POLICY: 873 if (get_user(opt, (u32 __user *) optval)) { 874 err = -EFAULT; 875 break; 876 } 877 878 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 879 err = -EINVAL; 880 break; 881 } 882 883 if (chan->mode != L2CAP_MODE_ERTM && 884 chan->mode != L2CAP_MODE_STREAMING) { 885 err = -EOPNOTSUPP; 886 break; 887 } 888 889 chan->chan_policy = (u8) opt; 890 891 if (sk->sk_state == BT_CONNECTED && 892 chan->move_role == L2CAP_MOVE_ROLE_NONE) 893 l2cap_move_start(chan); 894 895 break; 896 897 case BT_SNDMTU: 898 if (!enable_lecoc) { 899 err = -EPROTONOSUPPORT; 900 break; 901 } 902 903 if (!bdaddr_type_is_le(chan->src_type)) { 904 err = -EINVAL; 905 break; 906 } 907 908 /* Setting is not supported as it's the remote side that 909 * decides this. 910 */ 911 err = -EPERM; 912 break; 913 914 case BT_RCVMTU: 915 if (!enable_lecoc) { 916 err = -EPROTONOSUPPORT; 917 break; 918 } 919 920 if (!bdaddr_type_is_le(chan->src_type)) { 921 err = -EINVAL; 922 break; 923 } 924 925 if (sk->sk_state == BT_CONNECTED) { 926 err = -EISCONN; 927 break; 928 } 929 930 if (get_user(opt, (u32 __user *) optval)) { 931 err = -EFAULT; 932 break; 933 } 934 935 chan->imtu = opt; 936 break; 937 938 default: 939 err = -ENOPROTOOPT; 940 break; 941 } 942 943 release_sock(sk); 944 return err; 945 } 946 947 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 948 struct msghdr *msg, size_t len) 949 { 950 struct sock *sk = sock->sk; 951 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 952 int err; 953 954 BT_DBG("sock %p, sk %p", sock, sk); 955 956 err = sock_error(sk); 957 if (err) 958 return err; 959 960 if (msg->msg_flags & MSG_OOB) 961 return -EOPNOTSUPP; 962 963 if (sk->sk_state != BT_CONNECTED) 964 return -ENOTCONN; 965 966 lock_sock(sk); 967 err = bt_sock_wait_ready(sk, msg->msg_flags); 968 release_sock(sk); 969 if (err) 970 return err; 971 972 l2cap_chan_lock(chan); 973 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 974 l2cap_chan_unlock(chan); 975 976 return err; 977 } 978 979 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 980 struct msghdr *msg, size_t len, int flags) 981 { 982 struct sock *sk = sock->sk; 983 struct l2cap_pinfo *pi = l2cap_pi(sk); 984 int err; 985 986 lock_sock(sk); 987 988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 989 &bt_sk(sk)->flags)) { 990 if (bdaddr_type_is_le(pi->chan->src_type)) { 991 sk->sk_state = BT_CONNECTED; 992 pi->chan->state = BT_CONNECTED; 993 __l2cap_le_connect_rsp_defer(pi->chan); 994 } else { 995 sk->sk_state = BT_CONFIG; 996 pi->chan->state = BT_CONFIG; 997 __l2cap_connect_rsp_defer(pi->chan); 998 } 999 1000 err = 0; 1001 goto done; 1002 } 1003 1004 release_sock(sk); 1005 1006 if (sock->type == SOCK_STREAM) 1007 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1008 else 1009 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1010 1011 if (pi->chan->mode != L2CAP_MODE_ERTM) 1012 return err; 1013 1014 /* Attempt to put pending rx data in the socket buffer */ 1015 1016 lock_sock(sk); 1017 1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1019 goto done; 1020 1021 if (pi->rx_busy_skb) { 1022 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1023 pi->rx_busy_skb = NULL; 1024 else 1025 goto done; 1026 } 1027 1028 /* Restore data flow when half of the receive buffer is 1029 * available. This avoids resending large numbers of 1030 * frames. 1031 */ 1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1033 l2cap_chan_busy(pi->chan, 0); 1034 1035 done: 1036 release_sock(sk); 1037 return err; 1038 } 1039 1040 /* Kill socket (only if zapped and orphan) 1041 * Must be called on unlocked socket. 1042 */ 1043 static void l2cap_sock_kill(struct sock *sk) 1044 { 1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1046 return; 1047 1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1049 1050 /* Kill poor orphan */ 1051 1052 l2cap_chan_put(l2cap_pi(sk)->chan); 1053 sock_set_flag(sk, SOCK_DEAD); 1054 sock_put(sk); 1055 } 1056 1057 static int __l2cap_wait_ack(struct sock *sk) 1058 { 1059 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1060 DECLARE_WAITQUEUE(wait, current); 1061 int err = 0; 1062 int timeo = HZ/5; 1063 1064 add_wait_queue(sk_sleep(sk), &wait); 1065 set_current_state(TASK_INTERRUPTIBLE); 1066 while (chan->unacked_frames > 0 && chan->conn) { 1067 if (!timeo) 1068 timeo = HZ/5; 1069 1070 if (signal_pending(current)) { 1071 err = sock_intr_errno(timeo); 1072 break; 1073 } 1074 1075 release_sock(sk); 1076 timeo = schedule_timeout(timeo); 1077 lock_sock(sk); 1078 set_current_state(TASK_INTERRUPTIBLE); 1079 1080 err = sock_error(sk); 1081 if (err) 1082 break; 1083 } 1084 set_current_state(TASK_RUNNING); 1085 remove_wait_queue(sk_sleep(sk), &wait); 1086 return err; 1087 } 1088 1089 static int l2cap_sock_shutdown(struct socket *sock, int how) 1090 { 1091 struct sock *sk = sock->sk; 1092 struct l2cap_chan *chan; 1093 struct l2cap_conn *conn; 1094 int err = 0; 1095 1096 BT_DBG("sock %p, sk %p", sock, sk); 1097 1098 if (!sk) 1099 return 0; 1100 1101 chan = l2cap_pi(sk)->chan; 1102 conn = chan->conn; 1103 1104 if (conn) 1105 mutex_lock(&conn->chan_lock); 1106 1107 l2cap_chan_lock(chan); 1108 lock_sock(sk); 1109 1110 if (!sk->sk_shutdown) { 1111 if (chan->mode == L2CAP_MODE_ERTM) 1112 err = __l2cap_wait_ack(sk); 1113 1114 sk->sk_shutdown = SHUTDOWN_MASK; 1115 1116 release_sock(sk); 1117 l2cap_chan_close(chan, 0); 1118 lock_sock(sk); 1119 1120 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1121 err = bt_sock_wait_state(sk, BT_CLOSED, 1122 sk->sk_lingertime); 1123 } 1124 1125 if (!err && sk->sk_err) 1126 err = -sk->sk_err; 1127 1128 release_sock(sk); 1129 l2cap_chan_unlock(chan); 1130 1131 if (conn) 1132 mutex_unlock(&conn->chan_lock); 1133 1134 return err; 1135 } 1136 1137 static int l2cap_sock_release(struct socket *sock) 1138 { 1139 struct sock *sk = sock->sk; 1140 int err; 1141 1142 BT_DBG("sock %p, sk %p", sock, sk); 1143 1144 if (!sk) 1145 return 0; 1146 1147 bt_sock_unlink(&l2cap_sk_list, sk); 1148 1149 err = l2cap_sock_shutdown(sock, 2); 1150 1151 sock_orphan(sk); 1152 l2cap_sock_kill(sk); 1153 return err; 1154 } 1155 1156 static void l2cap_sock_cleanup_listen(struct sock *parent) 1157 { 1158 struct sock *sk; 1159 1160 BT_DBG("parent %p", parent); 1161 1162 /* Close not yet accepted channels */ 1163 while ((sk = bt_accept_dequeue(parent, NULL))) { 1164 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1165 1166 l2cap_chan_lock(chan); 1167 __clear_chan_timer(chan); 1168 l2cap_chan_close(chan, ECONNRESET); 1169 l2cap_chan_unlock(chan); 1170 1171 l2cap_sock_kill(sk); 1172 } 1173 } 1174 1175 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1176 { 1177 struct sock *sk, *parent = chan->data; 1178 1179 lock_sock(parent); 1180 1181 /* Check for backlog size */ 1182 if (sk_acceptq_is_full(parent)) { 1183 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1184 return NULL; 1185 } 1186 1187 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1188 GFP_ATOMIC); 1189 if (!sk) 1190 return NULL; 1191 1192 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1193 1194 l2cap_sock_init(sk, parent); 1195 1196 bt_accept_enqueue(parent, sk); 1197 1198 release_sock(parent); 1199 1200 return l2cap_pi(sk)->chan; 1201 } 1202 1203 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1204 { 1205 struct sock *sk = chan->data; 1206 int err; 1207 1208 lock_sock(sk); 1209 1210 if (l2cap_pi(sk)->rx_busy_skb) { 1211 err = -ENOMEM; 1212 goto done; 1213 } 1214 1215 err = sock_queue_rcv_skb(sk, skb); 1216 1217 /* For ERTM, handle one skb that doesn't fit into the recv 1218 * buffer. This is important to do because the data frames 1219 * have already been acked, so the skb cannot be discarded. 1220 * 1221 * Notify the l2cap core that the buffer is full, so the 1222 * LOCAL_BUSY state is entered and no more frames are 1223 * acked and reassembled until there is buffer space 1224 * available. 1225 */ 1226 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1227 l2cap_pi(sk)->rx_busy_skb = skb; 1228 l2cap_chan_busy(chan, 1); 1229 err = 0; 1230 } 1231 1232 done: 1233 release_sock(sk); 1234 1235 return err; 1236 } 1237 1238 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1239 { 1240 struct sock *sk = chan->data; 1241 1242 l2cap_sock_kill(sk); 1243 } 1244 1245 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1246 { 1247 struct sock *sk = chan->data; 1248 struct sock *parent; 1249 1250 lock_sock(sk); 1251 1252 parent = bt_sk(sk)->parent; 1253 1254 sock_set_flag(sk, SOCK_ZAPPED); 1255 1256 switch (chan->state) { 1257 case BT_OPEN: 1258 case BT_BOUND: 1259 case BT_CLOSED: 1260 break; 1261 case BT_LISTEN: 1262 l2cap_sock_cleanup_listen(sk); 1263 sk->sk_state = BT_CLOSED; 1264 chan->state = BT_CLOSED; 1265 1266 break; 1267 default: 1268 sk->sk_state = BT_CLOSED; 1269 chan->state = BT_CLOSED; 1270 1271 sk->sk_err = err; 1272 1273 if (parent) { 1274 bt_accept_unlink(sk); 1275 parent->sk_data_ready(parent, 0); 1276 } else { 1277 sk->sk_state_change(sk); 1278 } 1279 1280 break; 1281 } 1282 1283 release_sock(sk); 1284 } 1285 1286 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1287 int err) 1288 { 1289 struct sock *sk = chan->data; 1290 1291 sk->sk_state = state; 1292 1293 if (err) 1294 sk->sk_err = err; 1295 } 1296 1297 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1298 unsigned long len, int nb) 1299 { 1300 struct sock *sk = chan->data; 1301 struct sk_buff *skb; 1302 int err; 1303 1304 l2cap_chan_unlock(chan); 1305 skb = bt_skb_send_alloc(sk, len, nb, &err); 1306 l2cap_chan_lock(chan); 1307 1308 if (!skb) 1309 return ERR_PTR(err); 1310 1311 bt_cb(skb)->chan = chan; 1312 1313 return skb; 1314 } 1315 1316 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1317 { 1318 struct sock *sk = chan->data; 1319 struct sock *parent; 1320 1321 lock_sock(sk); 1322 1323 parent = bt_sk(sk)->parent; 1324 1325 BT_DBG("sk %p, parent %p", sk, parent); 1326 1327 sk->sk_state = BT_CONNECTED; 1328 sk->sk_state_change(sk); 1329 1330 if (parent) 1331 parent->sk_data_ready(parent, 0); 1332 1333 release_sock(sk); 1334 } 1335 1336 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1337 { 1338 struct sock *parent, *sk = chan->data; 1339 1340 lock_sock(sk); 1341 1342 parent = bt_sk(sk)->parent; 1343 if (parent) 1344 parent->sk_data_ready(parent, 0); 1345 1346 release_sock(sk); 1347 } 1348 1349 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1350 { 1351 struct sock *sk = chan->data; 1352 1353 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1354 sk->sk_state_change(sk); 1355 } 1356 1357 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1358 { 1359 struct sock *sk = chan->data; 1360 1361 lock_sock(sk); 1362 sk->sk_shutdown = SHUTDOWN_MASK; 1363 release_sock(sk); 1364 } 1365 1366 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1367 { 1368 struct sock *sk = chan->data; 1369 1370 return sk->sk_sndtimeo; 1371 } 1372 1373 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1374 { 1375 struct sock *sk = chan->data; 1376 1377 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1378 sk->sk_state_change(sk); 1379 } 1380 1381 static struct l2cap_ops l2cap_chan_ops = { 1382 .name = "L2CAP Socket Interface", 1383 .new_connection = l2cap_sock_new_connection_cb, 1384 .recv = l2cap_sock_recv_cb, 1385 .close = l2cap_sock_close_cb, 1386 .teardown = l2cap_sock_teardown_cb, 1387 .state_change = l2cap_sock_state_change_cb, 1388 .ready = l2cap_sock_ready_cb, 1389 .defer = l2cap_sock_defer_cb, 1390 .resume = l2cap_sock_resume_cb, 1391 .suspend = l2cap_sock_suspend_cb, 1392 .set_shutdown = l2cap_sock_set_shutdown_cb, 1393 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1394 .alloc_skb = l2cap_sock_alloc_skb_cb, 1395 }; 1396 1397 static void l2cap_sock_destruct(struct sock *sk) 1398 { 1399 BT_DBG("sk %p", sk); 1400 1401 if (l2cap_pi(sk)->chan) 1402 l2cap_chan_put(l2cap_pi(sk)->chan); 1403 1404 if (l2cap_pi(sk)->rx_busy_skb) { 1405 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1406 l2cap_pi(sk)->rx_busy_skb = NULL; 1407 } 1408 1409 skb_queue_purge(&sk->sk_receive_queue); 1410 skb_queue_purge(&sk->sk_write_queue); 1411 } 1412 1413 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1414 int *msg_namelen) 1415 { 1416 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1417 1418 memset(la, 0, sizeof(struct sockaddr_l2)); 1419 la->l2_family = AF_BLUETOOTH; 1420 la->l2_psm = bt_cb(skb)->psm; 1421 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1422 1423 *msg_namelen = sizeof(struct sockaddr_l2); 1424 } 1425 1426 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1427 { 1428 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1429 1430 BT_DBG("sk %p", sk); 1431 1432 if (parent) { 1433 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1434 1435 sk->sk_type = parent->sk_type; 1436 bt_sk(sk)->flags = bt_sk(parent)->flags; 1437 1438 chan->chan_type = pchan->chan_type; 1439 chan->imtu = pchan->imtu; 1440 chan->omtu = pchan->omtu; 1441 chan->conf_state = pchan->conf_state; 1442 chan->mode = pchan->mode; 1443 chan->fcs = pchan->fcs; 1444 chan->max_tx = pchan->max_tx; 1445 chan->tx_win = pchan->tx_win; 1446 chan->tx_win_max = pchan->tx_win_max; 1447 chan->sec_level = pchan->sec_level; 1448 chan->flags = pchan->flags; 1449 chan->tx_credits = pchan->tx_credits; 1450 chan->rx_credits = pchan->rx_credits; 1451 1452 security_sk_clone(parent, sk); 1453 } else { 1454 switch (sk->sk_type) { 1455 case SOCK_RAW: 1456 chan->chan_type = L2CAP_CHAN_RAW; 1457 break; 1458 case SOCK_DGRAM: 1459 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1460 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1461 break; 1462 case SOCK_SEQPACKET: 1463 case SOCK_STREAM: 1464 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1465 break; 1466 } 1467 1468 chan->imtu = L2CAP_DEFAULT_MTU; 1469 chan->omtu = 0; 1470 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1471 chan->mode = L2CAP_MODE_ERTM; 1472 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1473 } else { 1474 chan->mode = L2CAP_MODE_BASIC; 1475 } 1476 1477 l2cap_chan_set_defaults(chan); 1478 } 1479 1480 /* Default config options */ 1481 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1482 1483 chan->data = sk; 1484 chan->ops = &l2cap_chan_ops; 1485 } 1486 1487 static struct proto l2cap_proto = { 1488 .name = "L2CAP", 1489 .owner = THIS_MODULE, 1490 .obj_size = sizeof(struct l2cap_pinfo) 1491 }; 1492 1493 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1494 int proto, gfp_t prio) 1495 { 1496 struct sock *sk; 1497 struct l2cap_chan *chan; 1498 1499 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1500 if (!sk) 1501 return NULL; 1502 1503 sock_init_data(sock, sk); 1504 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1505 1506 sk->sk_destruct = l2cap_sock_destruct; 1507 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1508 1509 sock_reset_flag(sk, SOCK_ZAPPED); 1510 1511 sk->sk_protocol = proto; 1512 sk->sk_state = BT_OPEN; 1513 1514 chan = l2cap_chan_create(); 1515 if (!chan) { 1516 sk_free(sk); 1517 return NULL; 1518 } 1519 1520 l2cap_chan_hold(chan); 1521 1522 l2cap_pi(sk)->chan = chan; 1523 1524 return sk; 1525 } 1526 1527 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1528 int kern) 1529 { 1530 struct sock *sk; 1531 1532 BT_DBG("sock %p", sock); 1533 1534 sock->state = SS_UNCONNECTED; 1535 1536 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1537 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1538 return -ESOCKTNOSUPPORT; 1539 1540 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1541 return -EPERM; 1542 1543 sock->ops = &l2cap_sock_ops; 1544 1545 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1546 if (!sk) 1547 return -ENOMEM; 1548 1549 l2cap_sock_init(sk, NULL); 1550 bt_sock_link(&l2cap_sk_list, sk); 1551 return 0; 1552 } 1553 1554 static const struct proto_ops l2cap_sock_ops = { 1555 .family = PF_BLUETOOTH, 1556 .owner = THIS_MODULE, 1557 .release = l2cap_sock_release, 1558 .bind = l2cap_sock_bind, 1559 .connect = l2cap_sock_connect, 1560 .listen = l2cap_sock_listen, 1561 .accept = l2cap_sock_accept, 1562 .getname = l2cap_sock_getname, 1563 .sendmsg = l2cap_sock_sendmsg, 1564 .recvmsg = l2cap_sock_recvmsg, 1565 .poll = bt_sock_poll, 1566 .ioctl = bt_sock_ioctl, 1567 .mmap = sock_no_mmap, 1568 .socketpair = sock_no_socketpair, 1569 .shutdown = l2cap_sock_shutdown, 1570 .setsockopt = l2cap_sock_setsockopt, 1571 .getsockopt = l2cap_sock_getsockopt 1572 }; 1573 1574 static const struct net_proto_family l2cap_sock_family_ops = { 1575 .family = PF_BLUETOOTH, 1576 .owner = THIS_MODULE, 1577 .create = l2cap_sock_create, 1578 }; 1579 1580 int __init l2cap_init_sockets(void) 1581 { 1582 int err; 1583 1584 err = proto_register(&l2cap_proto, 0); 1585 if (err < 0) 1586 return err; 1587 1588 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1589 if (err < 0) { 1590 BT_ERR("L2CAP socket registration failed"); 1591 goto error; 1592 } 1593 1594 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1595 NULL); 1596 if (err < 0) { 1597 BT_ERR("Failed to create L2CAP proc file"); 1598 bt_sock_unregister(BTPROTO_L2CAP); 1599 goto error; 1600 } 1601 1602 BT_INFO("L2CAP socket layer initialized"); 1603 1604 return 0; 1605 1606 error: 1607 proto_unregister(&l2cap_proto); 1608 return err; 1609 } 1610 1611 void l2cap_cleanup_sockets(void) 1612 { 1613 bt_procfs_cleanup(&init_net, "l2cap"); 1614 bt_sock_unregister(BTPROTO_L2CAP); 1615 proto_unregister(&l2cap_proto); 1616 } 1617 1618 module_param(enable_lecoc, bool, 0644); 1619 MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC"); 1620