1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26 */ 27 28 /* Bluetooth L2CAP sockets. */ 29 30 #include <linux/module.h> 31 #include <linux/export.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 37 #include "smp.h" 38 39 static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41 }; 42 43 static const struct proto_ops l2cap_sock_ops; 44 static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48 bool l2cap_is_socket(struct socket *sock) 49 { 50 return sock && sock->ops == &l2cap_sock_ops; 51 } 52 EXPORT_SYMBOL(l2cap_is_socket); 53 54 static int l2cap_validate_bredr_psm(u16 psm) 55 { 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65 } 66 67 static int l2cap_validate_le_psm(u16 psm) 68 { 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78 } 79 80 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81 { 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (la.l2_cid) { 103 /* When the socket gets created it defaults to 104 * CHAN_CONN_ORIENTED, so we need to overwrite the 105 * default here. 106 */ 107 chan->chan_type = L2CAP_CHAN_FIXED; 108 chan->omtu = L2CAP_DEFAULT_MTU; 109 } 110 111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 112 /* We only allow ATT user space socket */ 113 if (la.l2_cid && 114 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 115 return -EINVAL; 116 } 117 118 lock_sock(sk); 119 120 if (sk->sk_state != BT_OPEN) { 121 err = -EBADFD; 122 goto done; 123 } 124 125 if (la.l2_psm) { 126 __u16 psm = __le16_to_cpu(la.l2_psm); 127 128 if (la.l2_bdaddr_type == BDADDR_BREDR) 129 err = l2cap_validate_bredr_psm(psm); 130 else 131 err = l2cap_validate_le_psm(psm); 132 133 if (err) 134 goto done; 135 } 136 137 if (la.l2_cid) 138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 139 else 140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 141 142 if (err < 0) 143 goto done; 144 145 switch (chan->chan_type) { 146 case L2CAP_CHAN_CONN_LESS: 147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 case L2CAP_CHAN_CONN_ORIENTED: 151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 153 chan->sec_level = BT_SECURITY_SDP; 154 break; 155 case L2CAP_CHAN_RAW: 156 chan->sec_level = BT_SECURITY_SDP; 157 break; 158 } 159 160 bacpy(&chan->src, &la.l2_bdaddr); 161 chan->src_type = la.l2_bdaddr_type; 162 163 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 164 chan->mode = L2CAP_MODE_LE_FLOWCTL; 165 166 chan->state = BT_BOUND; 167 sk->sk_state = BT_BOUND; 168 169 done: 170 release_sock(sk); 171 return err; 172 } 173 174 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 175 int alen, int flags) 176 { 177 struct sock *sk = sock->sk; 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 179 struct sockaddr_l2 la; 180 int len, err = 0; 181 182 BT_DBG("sk %p", sk); 183 184 if (!addr || alen < sizeof(addr->sa_family) || 185 addr->sa_family != AF_BLUETOOTH) 186 return -EINVAL; 187 188 memset(&la, 0, sizeof(la)); 189 len = min_t(unsigned int, sizeof(la), alen); 190 memcpy(&la, addr, len); 191 192 if (la.l2_cid && la.l2_psm) 193 return -EINVAL; 194 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 196 return -EINVAL; 197 198 /* Check that the socket wasn't bound to something that 199 * conflicts with the address given to connect(). If chan->src 200 * is BDADDR_ANY it means bind() was never used, in which case 201 * chan->src_type and la.l2_bdaddr_type do not need to match. 202 */ 203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 204 bdaddr_type_is_le(la.l2_bdaddr_type)) { 205 /* Old user space versions will try to incorrectly bind 206 * the ATT socket using BDADDR_BREDR. We need to accept 207 * this and fix up the source address type only when 208 * both the source CID and destination CID indicate 209 * ATT. Anything else is an invalid combination. 210 */ 211 if (chan->scid != L2CAP_CID_ATT || 212 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 213 return -EINVAL; 214 215 /* We don't have the hdev available here to make a 216 * better decision on random vs public, but since all 217 * user space versions that exhibit this issue anyway do 218 * not support random local addresses assuming public 219 * here is good enough. 220 */ 221 chan->src_type = BDADDR_LE_PUBLIC; 222 } 223 224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 225 return -EINVAL; 226 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 228 /* We only allow ATT user space socket */ 229 if (la.l2_cid && 230 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 231 return -EINVAL; 232 } 233 234 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 235 chan->mode = L2CAP_MODE_LE_FLOWCTL; 236 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 238 &la.l2_bdaddr, la.l2_bdaddr_type); 239 if (err) 240 return err; 241 242 lock_sock(sk); 243 244 err = bt_sock_wait_state(sk, BT_CONNECTED, 245 sock_sndtimeo(sk, flags & O_NONBLOCK)); 246 247 release_sock(sk); 248 249 return err; 250 } 251 252 static int l2cap_sock_listen(struct socket *sock, int backlog) 253 { 254 struct sock *sk = sock->sk; 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 256 int err = 0; 257 258 BT_DBG("sk %p backlog %d", sk, backlog); 259 260 lock_sock(sk); 261 262 if (sk->sk_state != BT_BOUND) { 263 err = -EBADFD; 264 goto done; 265 } 266 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 268 err = -EINVAL; 269 goto done; 270 } 271 272 switch (chan->mode) { 273 case L2CAP_MODE_BASIC: 274 case L2CAP_MODE_LE_FLOWCTL: 275 break; 276 case L2CAP_MODE_ERTM: 277 case L2CAP_MODE_STREAMING: 278 if (!disable_ertm) 279 break; 280 /* fall through */ 281 default: 282 err = -ENOTSUPP; 283 goto done; 284 } 285 286 sk->sk_max_ack_backlog = backlog; 287 sk->sk_ack_backlog = 0; 288 289 chan->state = BT_LISTEN; 290 sk->sk_state = BT_LISTEN; 291 292 done: 293 release_sock(sk); 294 return err; 295 } 296 297 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 298 int flags) 299 { 300 DECLARE_WAITQUEUE(wait, current); 301 struct sock *sk = sock->sk, *nsk; 302 long timeo; 303 int err = 0; 304 305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 306 307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 308 309 BT_DBG("sk %p timeo %ld", sk, timeo); 310 311 /* Wait for an incoming connection. (wake-one). */ 312 add_wait_queue_exclusive(sk_sleep(sk), &wait); 313 while (1) { 314 set_current_state(TASK_INTERRUPTIBLE); 315 316 if (sk->sk_state != BT_LISTEN) { 317 err = -EBADFD; 318 break; 319 } 320 321 nsk = bt_accept_dequeue(sk, newsock); 322 if (nsk) 323 break; 324 325 if (!timeo) { 326 err = -EAGAIN; 327 break; 328 } 329 330 if (signal_pending(current)) { 331 err = sock_intr_errno(timeo); 332 break; 333 } 334 335 release_sock(sk); 336 timeo = schedule_timeout(timeo); 337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 338 } 339 __set_current_state(TASK_RUNNING); 340 remove_wait_queue(sk_sleep(sk), &wait); 341 342 if (err) 343 goto done; 344 345 newsock->state = SS_CONNECTED; 346 347 BT_DBG("new socket %p", nsk); 348 349 done: 350 release_sock(sk); 351 return err; 352 } 353 354 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 355 int *len, int peer) 356 { 357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 358 struct sock *sk = sock->sk; 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 360 361 BT_DBG("sock %p, sk %p", sock, sk); 362 363 if (peer && sk->sk_state != BT_CONNECTED && 364 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 365 return -ENOTCONN; 366 367 memset(la, 0, sizeof(struct sockaddr_l2)); 368 addr->sa_family = AF_BLUETOOTH; 369 *len = sizeof(struct sockaddr_l2); 370 371 la->l2_psm = chan->psm; 372 373 if (peer) { 374 bacpy(&la->l2_bdaddr, &chan->dst); 375 la->l2_cid = cpu_to_le16(chan->dcid); 376 la->l2_bdaddr_type = chan->dst_type; 377 } else { 378 bacpy(&la->l2_bdaddr, &chan->src); 379 la->l2_cid = cpu_to_le16(chan->scid); 380 la->l2_bdaddr_type = chan->src_type; 381 } 382 383 return 0; 384 } 385 386 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 387 char __user *optval, int __user *optlen) 388 { 389 struct sock *sk = sock->sk; 390 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 391 struct l2cap_options opts; 392 struct l2cap_conninfo cinfo; 393 int len, err = 0; 394 u32 opt; 395 396 BT_DBG("sk %p", sk); 397 398 if (get_user(len, optlen)) 399 return -EFAULT; 400 401 lock_sock(sk); 402 403 switch (optname) { 404 case L2CAP_OPTIONS: 405 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 406 * legacy ATT code depends on getsockopt for 407 * L2CAP_OPTIONS we need to let this pass. 408 */ 409 if (bdaddr_type_is_le(chan->src_type) && 410 chan->scid != L2CAP_CID_ATT) { 411 err = -EINVAL; 412 break; 413 } 414 415 memset(&opts, 0, sizeof(opts)); 416 opts.imtu = chan->imtu; 417 opts.omtu = chan->omtu; 418 opts.flush_to = chan->flush_to; 419 opts.mode = chan->mode; 420 opts.fcs = chan->fcs; 421 opts.max_tx = chan->max_tx; 422 opts.txwin_size = chan->tx_win; 423 424 len = min_t(unsigned int, len, sizeof(opts)); 425 if (copy_to_user(optval, (char *) &opts, len)) 426 err = -EFAULT; 427 428 break; 429 430 case L2CAP_LM: 431 switch (chan->sec_level) { 432 case BT_SECURITY_LOW: 433 opt = L2CAP_LM_AUTH; 434 break; 435 case BT_SECURITY_MEDIUM: 436 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 437 break; 438 case BT_SECURITY_HIGH: 439 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 440 L2CAP_LM_SECURE; 441 break; 442 case BT_SECURITY_FIPS: 443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 444 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 445 break; 446 default: 447 opt = 0; 448 break; 449 } 450 451 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 452 opt |= L2CAP_LM_MASTER; 453 454 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 455 opt |= L2CAP_LM_RELIABLE; 456 457 if (put_user(opt, (u32 __user *) optval)) 458 err = -EFAULT; 459 460 break; 461 462 case L2CAP_CONNINFO: 463 if (sk->sk_state != BT_CONNECTED && 464 !(sk->sk_state == BT_CONNECT2 && 465 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 466 err = -ENOTCONN; 467 break; 468 } 469 470 memset(&cinfo, 0, sizeof(cinfo)); 471 cinfo.hci_handle = chan->conn->hcon->handle; 472 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 473 474 len = min_t(unsigned int, len, sizeof(cinfo)); 475 if (copy_to_user(optval, (char *) &cinfo, len)) 476 err = -EFAULT; 477 478 break; 479 480 default: 481 err = -ENOPROTOOPT; 482 break; 483 } 484 485 release_sock(sk); 486 return err; 487 } 488 489 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 490 char __user *optval, int __user *optlen) 491 { 492 struct sock *sk = sock->sk; 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 494 struct bt_security sec; 495 struct bt_power pwr; 496 int len, err = 0; 497 498 BT_DBG("sk %p", sk); 499 500 if (level == SOL_L2CAP) 501 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 502 503 if (level != SOL_BLUETOOTH) 504 return -ENOPROTOOPT; 505 506 if (get_user(len, optlen)) 507 return -EFAULT; 508 509 lock_sock(sk); 510 511 switch (optname) { 512 case BT_SECURITY: 513 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 514 chan->chan_type != L2CAP_CHAN_FIXED && 515 chan->chan_type != L2CAP_CHAN_RAW) { 516 err = -EINVAL; 517 break; 518 } 519 520 memset(&sec, 0, sizeof(sec)); 521 if (chan->conn) { 522 sec.level = chan->conn->hcon->sec_level; 523 524 if (sk->sk_state == BT_CONNECTED) 525 sec.key_size = chan->conn->hcon->enc_key_size; 526 } else { 527 sec.level = chan->sec_level; 528 } 529 530 len = min_t(unsigned int, len, sizeof(sec)); 531 if (copy_to_user(optval, (char *) &sec, len)) 532 err = -EFAULT; 533 534 break; 535 536 case BT_DEFER_SETUP: 537 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 538 err = -EINVAL; 539 break; 540 } 541 542 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 543 (u32 __user *) optval)) 544 err = -EFAULT; 545 546 break; 547 548 case BT_FLUSHABLE: 549 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 550 (u32 __user *) optval)) 551 err = -EFAULT; 552 553 break; 554 555 case BT_POWER: 556 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 557 && sk->sk_type != SOCK_RAW) { 558 err = -EINVAL; 559 break; 560 } 561 562 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 563 564 len = min_t(unsigned int, len, sizeof(pwr)); 565 if (copy_to_user(optval, (char *) &pwr, len)) 566 err = -EFAULT; 567 568 break; 569 570 case BT_CHANNEL_POLICY: 571 if (put_user(chan->chan_policy, (u32 __user *) optval)) 572 err = -EFAULT; 573 break; 574 575 case BT_SNDMTU: 576 if (!bdaddr_type_is_le(chan->src_type)) { 577 err = -EINVAL; 578 break; 579 } 580 581 if (sk->sk_state != BT_CONNECTED) { 582 err = -ENOTCONN; 583 break; 584 } 585 586 if (put_user(chan->omtu, (u16 __user *) optval)) 587 err = -EFAULT; 588 break; 589 590 case BT_RCVMTU: 591 if (!bdaddr_type_is_le(chan->src_type)) { 592 err = -EINVAL; 593 break; 594 } 595 596 if (put_user(chan->imtu, (u16 __user *) optval)) 597 err = -EFAULT; 598 break; 599 600 default: 601 err = -ENOPROTOOPT; 602 break; 603 } 604 605 release_sock(sk); 606 return err; 607 } 608 609 static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 610 { 611 switch (chan->scid) { 612 case L2CAP_CID_ATT: 613 if (mtu < L2CAP_LE_MIN_MTU) 614 return false; 615 break; 616 617 default: 618 if (mtu < L2CAP_DEFAULT_MIN_MTU) 619 return false; 620 } 621 622 return true; 623 } 624 625 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 626 char __user *optval, unsigned int optlen) 627 { 628 struct sock *sk = sock->sk; 629 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 630 struct l2cap_options opts; 631 int len, err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case L2CAP_OPTIONS: 640 if (bdaddr_type_is_le(chan->src_type)) { 641 err = -EINVAL; 642 break; 643 } 644 645 if (sk->sk_state == BT_CONNECTED) { 646 err = -EINVAL; 647 break; 648 } 649 650 opts.imtu = chan->imtu; 651 opts.omtu = chan->omtu; 652 opts.flush_to = chan->flush_to; 653 opts.mode = chan->mode; 654 opts.fcs = chan->fcs; 655 opts.max_tx = chan->max_tx; 656 opts.txwin_size = chan->tx_win; 657 658 len = min_t(unsigned int, sizeof(opts), optlen); 659 if (copy_from_user((char *) &opts, optval, len)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (!l2cap_valid_mtu(chan, opts.imtu)) { 670 err = -EINVAL; 671 break; 672 } 673 674 chan->mode = opts.mode; 675 switch (chan->mode) { 676 case L2CAP_MODE_LE_FLOWCTL: 677 break; 678 case L2CAP_MODE_BASIC: 679 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 680 break; 681 case L2CAP_MODE_ERTM: 682 case L2CAP_MODE_STREAMING: 683 if (!disable_ertm) 684 break; 685 /* fall through */ 686 default: 687 err = -EINVAL; 688 break; 689 } 690 691 chan->imtu = opts.imtu; 692 chan->omtu = opts.omtu; 693 chan->fcs = opts.fcs; 694 chan->max_tx = opts.max_tx; 695 chan->tx_win = opts.txwin_size; 696 chan->flush_to = opts.flush_to; 697 break; 698 699 case L2CAP_LM: 700 if (get_user(opt, (u32 __user *) optval)) { 701 err = -EFAULT; 702 break; 703 } 704 705 if (opt & L2CAP_LM_FIPS) { 706 err = -EINVAL; 707 break; 708 } 709 710 if (opt & L2CAP_LM_AUTH) 711 chan->sec_level = BT_SECURITY_LOW; 712 if (opt & L2CAP_LM_ENCRYPT) 713 chan->sec_level = BT_SECURITY_MEDIUM; 714 if (opt & L2CAP_LM_SECURE) 715 chan->sec_level = BT_SECURITY_HIGH; 716 717 if (opt & L2CAP_LM_MASTER) 718 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 719 else 720 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 721 722 if (opt & L2CAP_LM_RELIABLE) 723 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 724 else 725 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 726 break; 727 728 default: 729 err = -ENOPROTOOPT; 730 break; 731 } 732 733 release_sock(sk); 734 return err; 735 } 736 737 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 738 char __user *optval, unsigned int optlen) 739 { 740 struct sock *sk = sock->sk; 741 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 742 struct bt_security sec; 743 struct bt_power pwr; 744 struct l2cap_conn *conn; 745 int len, err = 0; 746 u32 opt; 747 748 BT_DBG("sk %p", sk); 749 750 if (level == SOL_L2CAP) 751 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 752 753 if (level != SOL_BLUETOOTH) 754 return -ENOPROTOOPT; 755 756 lock_sock(sk); 757 758 switch (optname) { 759 case BT_SECURITY: 760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 761 chan->chan_type != L2CAP_CHAN_FIXED && 762 chan->chan_type != L2CAP_CHAN_RAW) { 763 err = -EINVAL; 764 break; 765 } 766 767 sec.level = BT_SECURITY_LOW; 768 769 len = min_t(unsigned int, sizeof(sec), optlen); 770 if (copy_from_user((char *) &sec, optval, len)) { 771 err = -EFAULT; 772 break; 773 } 774 775 if (sec.level < BT_SECURITY_LOW || 776 sec.level > BT_SECURITY_HIGH) { 777 err = -EINVAL; 778 break; 779 } 780 781 chan->sec_level = sec.level; 782 783 if (!chan->conn) 784 break; 785 786 conn = chan->conn; 787 788 /*change security for LE channels */ 789 if (chan->scid == L2CAP_CID_ATT) { 790 if (smp_conn_security(conn->hcon, sec.level)) 791 break; 792 sk->sk_state = BT_CONFIG; 793 chan->state = BT_CONFIG; 794 795 /* or for ACL link */ 796 } else if ((sk->sk_state == BT_CONNECT2 && 797 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 798 sk->sk_state == BT_CONNECTED) { 799 if (!l2cap_chan_check_security(chan)) 800 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 801 else 802 sk->sk_state_change(sk); 803 } else { 804 err = -EINVAL; 805 } 806 break; 807 808 case BT_DEFER_SETUP: 809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 810 err = -EINVAL; 811 break; 812 } 813 814 if (get_user(opt, (u32 __user *) optval)) { 815 err = -EFAULT; 816 break; 817 } 818 819 if (opt) { 820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 821 set_bit(FLAG_DEFER_SETUP, &chan->flags); 822 } else { 823 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 824 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 825 } 826 break; 827 828 case BT_FLUSHABLE: 829 if (get_user(opt, (u32 __user *) optval)) { 830 err = -EFAULT; 831 break; 832 } 833 834 if (opt > BT_FLUSHABLE_ON) { 835 err = -EINVAL; 836 break; 837 } 838 839 if (opt == BT_FLUSHABLE_OFF) { 840 conn = chan->conn; 841 /* proceed further only when we have l2cap_conn and 842 No Flush support in the LM */ 843 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 844 err = -EINVAL; 845 break; 846 } 847 } 848 849 if (opt) 850 set_bit(FLAG_FLUSHABLE, &chan->flags); 851 else 852 clear_bit(FLAG_FLUSHABLE, &chan->flags); 853 break; 854 855 case BT_POWER: 856 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 857 chan->chan_type != L2CAP_CHAN_RAW) { 858 err = -EINVAL; 859 break; 860 } 861 862 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 863 864 len = min_t(unsigned int, sizeof(pwr), optlen); 865 if (copy_from_user((char *) &pwr, optval, len)) { 866 err = -EFAULT; 867 break; 868 } 869 870 if (pwr.force_active) 871 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 872 else 873 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 874 break; 875 876 case BT_CHANNEL_POLICY: 877 if (get_user(opt, (u32 __user *) optval)) { 878 err = -EFAULT; 879 break; 880 } 881 882 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 883 err = -EINVAL; 884 break; 885 } 886 887 if (chan->mode != L2CAP_MODE_ERTM && 888 chan->mode != L2CAP_MODE_STREAMING) { 889 err = -EOPNOTSUPP; 890 break; 891 } 892 893 chan->chan_policy = (u8) opt; 894 895 if (sk->sk_state == BT_CONNECTED && 896 chan->move_role == L2CAP_MOVE_ROLE_NONE) 897 l2cap_move_start(chan); 898 899 break; 900 901 case BT_SNDMTU: 902 if (!bdaddr_type_is_le(chan->src_type)) { 903 err = -EINVAL; 904 break; 905 } 906 907 /* Setting is not supported as it's the remote side that 908 * decides this. 909 */ 910 err = -EPERM; 911 break; 912 913 case BT_RCVMTU: 914 if (!bdaddr_type_is_le(chan->src_type)) { 915 err = -EINVAL; 916 break; 917 } 918 919 if (sk->sk_state == BT_CONNECTED) { 920 err = -EISCONN; 921 break; 922 } 923 924 if (get_user(opt, (u32 __user *) optval)) { 925 err = -EFAULT; 926 break; 927 } 928 929 chan->imtu = opt; 930 break; 931 932 default: 933 err = -ENOPROTOOPT; 934 break; 935 } 936 937 release_sock(sk); 938 return err; 939 } 940 941 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 942 struct msghdr *msg, size_t len) 943 { 944 struct sock *sk = sock->sk; 945 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 946 int err; 947 948 BT_DBG("sock %p, sk %p", sock, sk); 949 950 err = sock_error(sk); 951 if (err) 952 return err; 953 954 if (msg->msg_flags & MSG_OOB) 955 return -EOPNOTSUPP; 956 957 if (sk->sk_state != BT_CONNECTED) 958 return -ENOTCONN; 959 960 lock_sock(sk); 961 err = bt_sock_wait_ready(sk, msg->msg_flags); 962 release_sock(sk); 963 if (err) 964 return err; 965 966 l2cap_chan_lock(chan); 967 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 968 l2cap_chan_unlock(chan); 969 970 return err; 971 } 972 973 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 974 struct msghdr *msg, size_t len, int flags) 975 { 976 struct sock *sk = sock->sk; 977 struct l2cap_pinfo *pi = l2cap_pi(sk); 978 int err; 979 980 lock_sock(sk); 981 982 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 983 &bt_sk(sk)->flags)) { 984 if (bdaddr_type_is_le(pi->chan->src_type)) { 985 sk->sk_state = BT_CONNECTED; 986 pi->chan->state = BT_CONNECTED; 987 __l2cap_le_connect_rsp_defer(pi->chan); 988 } else { 989 sk->sk_state = BT_CONFIG; 990 pi->chan->state = BT_CONFIG; 991 __l2cap_connect_rsp_defer(pi->chan); 992 } 993 994 err = 0; 995 goto done; 996 } 997 998 release_sock(sk); 999 1000 if (sock->type == SOCK_STREAM) 1001 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1002 else 1003 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1004 1005 if (pi->chan->mode != L2CAP_MODE_ERTM) 1006 return err; 1007 1008 /* Attempt to put pending rx data in the socket buffer */ 1009 1010 lock_sock(sk); 1011 1012 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1013 goto done; 1014 1015 if (pi->rx_busy_skb) { 1016 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1017 pi->rx_busy_skb = NULL; 1018 else 1019 goto done; 1020 } 1021 1022 /* Restore data flow when half of the receive buffer is 1023 * available. This avoids resending large numbers of 1024 * frames. 1025 */ 1026 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1027 l2cap_chan_busy(pi->chan, 0); 1028 1029 done: 1030 release_sock(sk); 1031 return err; 1032 } 1033 1034 /* Kill socket (only if zapped and orphan) 1035 * Must be called on unlocked socket. 1036 */ 1037 static void l2cap_sock_kill(struct sock *sk) 1038 { 1039 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1040 return; 1041 1042 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1043 1044 /* Kill poor orphan */ 1045 1046 l2cap_chan_put(l2cap_pi(sk)->chan); 1047 sock_set_flag(sk, SOCK_DEAD); 1048 sock_put(sk); 1049 } 1050 1051 static int __l2cap_wait_ack(struct sock *sk) 1052 { 1053 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1054 DECLARE_WAITQUEUE(wait, current); 1055 int err = 0; 1056 int timeo = HZ/5; 1057 1058 add_wait_queue(sk_sleep(sk), &wait); 1059 set_current_state(TASK_INTERRUPTIBLE); 1060 while (chan->unacked_frames > 0 && chan->conn) { 1061 if (!timeo) 1062 timeo = HZ/5; 1063 1064 if (signal_pending(current)) { 1065 err = sock_intr_errno(timeo); 1066 break; 1067 } 1068 1069 release_sock(sk); 1070 timeo = schedule_timeout(timeo); 1071 lock_sock(sk); 1072 set_current_state(TASK_INTERRUPTIBLE); 1073 1074 err = sock_error(sk); 1075 if (err) 1076 break; 1077 } 1078 set_current_state(TASK_RUNNING); 1079 remove_wait_queue(sk_sleep(sk), &wait); 1080 return err; 1081 } 1082 1083 static int l2cap_sock_shutdown(struct socket *sock, int how) 1084 { 1085 struct sock *sk = sock->sk; 1086 struct l2cap_chan *chan; 1087 struct l2cap_conn *conn; 1088 int err = 0; 1089 1090 BT_DBG("sock %p, sk %p", sock, sk); 1091 1092 if (!sk) 1093 return 0; 1094 1095 chan = l2cap_pi(sk)->chan; 1096 conn = chan->conn; 1097 1098 if (conn) 1099 mutex_lock(&conn->chan_lock); 1100 1101 l2cap_chan_lock(chan); 1102 lock_sock(sk); 1103 1104 if (!sk->sk_shutdown) { 1105 if (chan->mode == L2CAP_MODE_ERTM) 1106 err = __l2cap_wait_ack(sk); 1107 1108 sk->sk_shutdown = SHUTDOWN_MASK; 1109 1110 release_sock(sk); 1111 l2cap_chan_close(chan, 0); 1112 lock_sock(sk); 1113 1114 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1115 err = bt_sock_wait_state(sk, BT_CLOSED, 1116 sk->sk_lingertime); 1117 } 1118 1119 if (!err && sk->sk_err) 1120 err = -sk->sk_err; 1121 1122 release_sock(sk); 1123 l2cap_chan_unlock(chan); 1124 1125 if (conn) 1126 mutex_unlock(&conn->chan_lock); 1127 1128 return err; 1129 } 1130 1131 static int l2cap_sock_release(struct socket *sock) 1132 { 1133 struct sock *sk = sock->sk; 1134 int err; 1135 1136 BT_DBG("sock %p, sk %p", sock, sk); 1137 1138 if (!sk) 1139 return 0; 1140 1141 bt_sock_unlink(&l2cap_sk_list, sk); 1142 1143 err = l2cap_sock_shutdown(sock, 2); 1144 1145 sock_orphan(sk); 1146 l2cap_sock_kill(sk); 1147 return err; 1148 } 1149 1150 static void l2cap_sock_cleanup_listen(struct sock *parent) 1151 { 1152 struct sock *sk; 1153 1154 BT_DBG("parent %p", parent); 1155 1156 /* Close not yet accepted channels */ 1157 while ((sk = bt_accept_dequeue(parent, NULL))) { 1158 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1159 1160 l2cap_chan_lock(chan); 1161 __clear_chan_timer(chan); 1162 l2cap_chan_close(chan, ECONNRESET); 1163 l2cap_chan_unlock(chan); 1164 1165 l2cap_sock_kill(sk); 1166 } 1167 } 1168 1169 static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1170 { 1171 struct sock *sk, *parent = chan->data; 1172 1173 lock_sock(parent); 1174 1175 /* Check for backlog size */ 1176 if (sk_acceptq_is_full(parent)) { 1177 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1178 release_sock(parent); 1179 return NULL; 1180 } 1181 1182 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1183 GFP_ATOMIC); 1184 if (!sk) { 1185 release_sock(parent); 1186 return NULL; 1187 } 1188 1189 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1190 1191 l2cap_sock_init(sk, parent); 1192 1193 bt_accept_enqueue(parent, sk); 1194 1195 release_sock(parent); 1196 1197 return l2cap_pi(sk)->chan; 1198 } 1199 1200 static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1201 { 1202 struct sock *sk = chan->data; 1203 int err; 1204 1205 lock_sock(sk); 1206 1207 if (l2cap_pi(sk)->rx_busy_skb) { 1208 err = -ENOMEM; 1209 goto done; 1210 } 1211 1212 err = sock_queue_rcv_skb(sk, skb); 1213 1214 /* For ERTM, handle one skb that doesn't fit into the recv 1215 * buffer. This is important to do because the data frames 1216 * have already been acked, so the skb cannot be discarded. 1217 * 1218 * Notify the l2cap core that the buffer is full, so the 1219 * LOCAL_BUSY state is entered and no more frames are 1220 * acked and reassembled until there is buffer space 1221 * available. 1222 */ 1223 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1224 l2cap_pi(sk)->rx_busy_skb = skb; 1225 l2cap_chan_busy(chan, 1); 1226 err = 0; 1227 } 1228 1229 done: 1230 release_sock(sk); 1231 1232 return err; 1233 } 1234 1235 static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1236 { 1237 struct sock *sk = chan->data; 1238 1239 l2cap_sock_kill(sk); 1240 } 1241 1242 static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1243 { 1244 struct sock *sk = chan->data; 1245 struct sock *parent; 1246 1247 lock_sock(sk); 1248 1249 parent = bt_sk(sk)->parent; 1250 1251 sock_set_flag(sk, SOCK_ZAPPED); 1252 1253 switch (chan->state) { 1254 case BT_OPEN: 1255 case BT_BOUND: 1256 case BT_CLOSED: 1257 break; 1258 case BT_LISTEN: 1259 l2cap_sock_cleanup_listen(sk); 1260 sk->sk_state = BT_CLOSED; 1261 chan->state = BT_CLOSED; 1262 1263 break; 1264 default: 1265 sk->sk_state = BT_CLOSED; 1266 chan->state = BT_CLOSED; 1267 1268 sk->sk_err = err; 1269 1270 if (parent) { 1271 bt_accept_unlink(sk); 1272 parent->sk_data_ready(parent); 1273 } else { 1274 sk->sk_state_change(sk); 1275 } 1276 1277 break; 1278 } 1279 1280 release_sock(sk); 1281 } 1282 1283 static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1284 int err) 1285 { 1286 struct sock *sk = chan->data; 1287 1288 sk->sk_state = state; 1289 1290 if (err) 1291 sk->sk_err = err; 1292 } 1293 1294 static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1295 unsigned long len, int nb) 1296 { 1297 struct sock *sk = chan->data; 1298 struct sk_buff *skb; 1299 int err; 1300 1301 l2cap_chan_unlock(chan); 1302 skb = bt_skb_send_alloc(sk, len, nb, &err); 1303 l2cap_chan_lock(chan); 1304 1305 if (!skb) 1306 return ERR_PTR(err); 1307 1308 bt_cb(skb)->chan = chan; 1309 1310 return skb; 1311 } 1312 1313 static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1314 { 1315 struct sock *sk = chan->data; 1316 struct sock *parent; 1317 1318 lock_sock(sk); 1319 1320 parent = bt_sk(sk)->parent; 1321 1322 BT_DBG("sk %p, parent %p", sk, parent); 1323 1324 sk->sk_state = BT_CONNECTED; 1325 sk->sk_state_change(sk); 1326 1327 if (parent) 1328 parent->sk_data_ready(parent); 1329 1330 release_sock(sk); 1331 } 1332 1333 static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1334 { 1335 struct sock *parent, *sk = chan->data; 1336 1337 lock_sock(sk); 1338 1339 parent = bt_sk(sk)->parent; 1340 if (parent) 1341 parent->sk_data_ready(parent); 1342 1343 release_sock(sk); 1344 } 1345 1346 static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1347 { 1348 struct sock *sk = chan->data; 1349 1350 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1351 sk->sk_state_change(sk); 1352 } 1353 1354 static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1355 { 1356 struct sock *sk = chan->data; 1357 1358 lock_sock(sk); 1359 sk->sk_shutdown = SHUTDOWN_MASK; 1360 release_sock(sk); 1361 } 1362 1363 static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1364 { 1365 struct sock *sk = chan->data; 1366 1367 return sk->sk_sndtimeo; 1368 } 1369 1370 static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1371 { 1372 struct sock *sk = chan->data; 1373 1374 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1375 sk->sk_state_change(sk); 1376 } 1377 1378 static struct l2cap_ops l2cap_chan_ops = { 1379 .name = "L2CAP Socket Interface", 1380 .new_connection = l2cap_sock_new_connection_cb, 1381 .recv = l2cap_sock_recv_cb, 1382 .close = l2cap_sock_close_cb, 1383 .teardown = l2cap_sock_teardown_cb, 1384 .state_change = l2cap_sock_state_change_cb, 1385 .ready = l2cap_sock_ready_cb, 1386 .defer = l2cap_sock_defer_cb, 1387 .resume = l2cap_sock_resume_cb, 1388 .suspend = l2cap_sock_suspend_cb, 1389 .set_shutdown = l2cap_sock_set_shutdown_cb, 1390 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1391 .alloc_skb = l2cap_sock_alloc_skb_cb, 1392 }; 1393 1394 static void l2cap_sock_destruct(struct sock *sk) 1395 { 1396 BT_DBG("sk %p", sk); 1397 1398 if (l2cap_pi(sk)->chan) 1399 l2cap_chan_put(l2cap_pi(sk)->chan); 1400 1401 if (l2cap_pi(sk)->rx_busy_skb) { 1402 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1403 l2cap_pi(sk)->rx_busy_skb = NULL; 1404 } 1405 1406 skb_queue_purge(&sk->sk_receive_queue); 1407 skb_queue_purge(&sk->sk_write_queue); 1408 } 1409 1410 static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1411 int *msg_namelen) 1412 { 1413 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1414 1415 memset(la, 0, sizeof(struct sockaddr_l2)); 1416 la->l2_family = AF_BLUETOOTH; 1417 la->l2_psm = bt_cb(skb)->psm; 1418 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1419 1420 *msg_namelen = sizeof(struct sockaddr_l2); 1421 } 1422 1423 static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1424 { 1425 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1426 1427 BT_DBG("sk %p", sk); 1428 1429 if (parent) { 1430 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1431 1432 sk->sk_type = parent->sk_type; 1433 bt_sk(sk)->flags = bt_sk(parent)->flags; 1434 1435 chan->chan_type = pchan->chan_type; 1436 chan->imtu = pchan->imtu; 1437 chan->omtu = pchan->omtu; 1438 chan->conf_state = pchan->conf_state; 1439 chan->mode = pchan->mode; 1440 chan->fcs = pchan->fcs; 1441 chan->max_tx = pchan->max_tx; 1442 chan->tx_win = pchan->tx_win; 1443 chan->tx_win_max = pchan->tx_win_max; 1444 chan->sec_level = pchan->sec_level; 1445 chan->flags = pchan->flags; 1446 chan->tx_credits = pchan->tx_credits; 1447 chan->rx_credits = pchan->rx_credits; 1448 1449 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1450 chan->scid = pchan->scid; 1451 chan->dcid = pchan->scid; 1452 } 1453 1454 security_sk_clone(parent, sk); 1455 } else { 1456 switch (sk->sk_type) { 1457 case SOCK_RAW: 1458 chan->chan_type = L2CAP_CHAN_RAW; 1459 break; 1460 case SOCK_DGRAM: 1461 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1462 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1463 break; 1464 case SOCK_SEQPACKET: 1465 case SOCK_STREAM: 1466 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1467 break; 1468 } 1469 1470 chan->imtu = L2CAP_DEFAULT_MTU; 1471 chan->omtu = 0; 1472 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1473 chan->mode = L2CAP_MODE_ERTM; 1474 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1475 } else { 1476 chan->mode = L2CAP_MODE_BASIC; 1477 } 1478 1479 l2cap_chan_set_defaults(chan); 1480 } 1481 1482 /* Default config options */ 1483 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1484 1485 chan->data = sk; 1486 chan->ops = &l2cap_chan_ops; 1487 } 1488 1489 static struct proto l2cap_proto = { 1490 .name = "L2CAP", 1491 .owner = THIS_MODULE, 1492 .obj_size = sizeof(struct l2cap_pinfo) 1493 }; 1494 1495 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1496 int proto, gfp_t prio) 1497 { 1498 struct sock *sk; 1499 struct l2cap_chan *chan; 1500 1501 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1502 if (!sk) 1503 return NULL; 1504 1505 sock_init_data(sock, sk); 1506 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1507 1508 sk->sk_destruct = l2cap_sock_destruct; 1509 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1510 1511 sock_reset_flag(sk, SOCK_ZAPPED); 1512 1513 sk->sk_protocol = proto; 1514 sk->sk_state = BT_OPEN; 1515 1516 chan = l2cap_chan_create(); 1517 if (!chan) { 1518 sk_free(sk); 1519 return NULL; 1520 } 1521 1522 l2cap_chan_hold(chan); 1523 1524 l2cap_pi(sk)->chan = chan; 1525 1526 return sk; 1527 } 1528 1529 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1530 int kern) 1531 { 1532 struct sock *sk; 1533 1534 BT_DBG("sock %p", sock); 1535 1536 sock->state = SS_UNCONNECTED; 1537 1538 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1539 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1540 return -ESOCKTNOSUPPORT; 1541 1542 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1543 return -EPERM; 1544 1545 sock->ops = &l2cap_sock_ops; 1546 1547 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1548 if (!sk) 1549 return -ENOMEM; 1550 1551 l2cap_sock_init(sk, NULL); 1552 bt_sock_link(&l2cap_sk_list, sk); 1553 return 0; 1554 } 1555 1556 static const struct proto_ops l2cap_sock_ops = { 1557 .family = PF_BLUETOOTH, 1558 .owner = THIS_MODULE, 1559 .release = l2cap_sock_release, 1560 .bind = l2cap_sock_bind, 1561 .connect = l2cap_sock_connect, 1562 .listen = l2cap_sock_listen, 1563 .accept = l2cap_sock_accept, 1564 .getname = l2cap_sock_getname, 1565 .sendmsg = l2cap_sock_sendmsg, 1566 .recvmsg = l2cap_sock_recvmsg, 1567 .poll = bt_sock_poll, 1568 .ioctl = bt_sock_ioctl, 1569 .mmap = sock_no_mmap, 1570 .socketpair = sock_no_socketpair, 1571 .shutdown = l2cap_sock_shutdown, 1572 .setsockopt = l2cap_sock_setsockopt, 1573 .getsockopt = l2cap_sock_getsockopt 1574 }; 1575 1576 static const struct net_proto_family l2cap_sock_family_ops = { 1577 .family = PF_BLUETOOTH, 1578 .owner = THIS_MODULE, 1579 .create = l2cap_sock_create, 1580 }; 1581 1582 int __init l2cap_init_sockets(void) 1583 { 1584 int err; 1585 1586 err = proto_register(&l2cap_proto, 0); 1587 if (err < 0) 1588 return err; 1589 1590 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1591 if (err < 0) { 1592 BT_ERR("L2CAP socket registration failed"); 1593 goto error; 1594 } 1595 1596 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1597 NULL); 1598 if (err < 0) { 1599 BT_ERR("Failed to create L2CAP proc file"); 1600 bt_sock_unregister(BTPROTO_L2CAP); 1601 goto error; 1602 } 1603 1604 BT_INFO("L2CAP socket layer initialized"); 1605 1606 return 0; 1607 1608 error: 1609 proto_unregister(&l2cap_proto); 1610 return err; 1611 } 1612 1613 void l2cap_cleanup_sockets(void) 1614 { 1615 bt_procfs_cleanup(&init_net, "l2cap"); 1616 bt_sock_unregister(BTPROTO_L2CAP); 1617 proto_unregister(&l2cap_proto); 1618 } 1619