l2cap_sock.c revision 0498878b18993891f7b71c75b6adcb7c157501db
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/module.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36 37#include "smp.h" 38 39static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41}; 42 43static const struct proto_ops l2cap_sock_ops; 44static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48bool l2cap_is_socket(struct socket *sock) 49{ 50 return sock && sock->ops == &l2cap_sock_ops; 51} 52EXPORT_SYMBOL(l2cap_is_socket); 53 54static int l2cap_validate_bredr_psm(u16 psm) 55{ 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65} 66 67static int l2cap_validate_le_psm(u16 psm) 68{ 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78} 79 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81{ 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (la.l2_cid) { 103 /* When the socket gets created it defaults to 104 * CHAN_CONN_ORIENTED, so we need to overwrite the 105 * default here. 106 */ 107 chan->chan_type = L2CAP_CHAN_FIXED; 108 chan->omtu = L2CAP_DEFAULT_MTU; 109 } 110 111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 112 /* We only allow ATT user space socket */ 113 if (la.l2_cid && 114 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 115 return -EINVAL; 116 } 117 118 lock_sock(sk); 119 120 if (sk->sk_state != BT_OPEN) { 121 err = -EBADFD; 122 goto done; 123 } 124 125 if (la.l2_psm) { 126 __u16 psm = __le16_to_cpu(la.l2_psm); 127 128 if (la.l2_bdaddr_type == BDADDR_BREDR) 129 err = l2cap_validate_bredr_psm(psm); 130 else 131 err = l2cap_validate_le_psm(psm); 132 133 if (err) 134 goto done; 135 } 136 137 if (la.l2_cid) 138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 139 else 140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 141 142 if (err < 0) 143 goto done; 144 145 switch (chan->chan_type) { 146 case L2CAP_CHAN_CONN_LESS: 147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 case L2CAP_CHAN_CONN_ORIENTED: 151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 153 chan->sec_level = BT_SECURITY_SDP; 154 break; 155 case L2CAP_CHAN_RAW: 156 chan->sec_level = BT_SECURITY_SDP; 157 break; 158 } 159 160 bacpy(&chan->src, &la.l2_bdaddr); 161 chan->src_type = la.l2_bdaddr_type; 162 163 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 164 chan->mode = L2CAP_MODE_LE_FLOWCTL; 165 166 chan->state = BT_BOUND; 167 sk->sk_state = BT_BOUND; 168 169done: 170 release_sock(sk); 171 return err; 172} 173 174static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 175 int alen, int flags) 176{ 177 struct sock *sk = sock->sk; 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 179 struct sockaddr_l2 la; 180 int len, err = 0; 181 182 BT_DBG("sk %p", sk); 183 184 if (!addr || alen < sizeof(addr->sa_family) || 185 addr->sa_family != AF_BLUETOOTH) 186 return -EINVAL; 187 188 memset(&la, 0, sizeof(la)); 189 len = min_t(unsigned int, sizeof(la), alen); 190 memcpy(&la, addr, len); 191 192 if (la.l2_cid && la.l2_psm) 193 return -EINVAL; 194 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 196 return -EINVAL; 197 198 /* Check that the socket wasn't bound to something that 199 * conflicts with the address given to connect(). If chan->src 200 * is BDADDR_ANY it means bind() was never used, in which case 201 * chan->src_type and la.l2_bdaddr_type do not need to match. 202 */ 203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 204 bdaddr_type_is_le(la.l2_bdaddr_type)) { 205 /* Old user space versions will try to incorrectly bind 206 * the ATT socket using BDADDR_BREDR. We need to accept 207 * this and fix up the source address type only when 208 * both the source CID and destination CID indicate 209 * ATT. Anything else is an invalid combination. 210 */ 211 if (chan->scid != L2CAP_CID_ATT || 212 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 213 return -EINVAL; 214 215 /* We don't have the hdev available here to make a 216 * better decision on random vs public, but since all 217 * user space versions that exhibit this issue anyway do 218 * not support random local addresses assuming public 219 * here is good enough. 220 */ 221 chan->src_type = BDADDR_LE_PUBLIC; 222 } 223 224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 225 return -EINVAL; 226 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 228 /* We only allow ATT user space socket */ 229 if (la.l2_cid && 230 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 231 return -EINVAL; 232 } 233 234 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 235 chan->mode = L2CAP_MODE_LE_FLOWCTL; 236 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 238 &la.l2_bdaddr, la.l2_bdaddr_type); 239 if (err) 240 return err; 241 242 lock_sock(sk); 243 244 err = bt_sock_wait_state(sk, BT_CONNECTED, 245 sock_sndtimeo(sk, flags & O_NONBLOCK)); 246 247 release_sock(sk); 248 249 return err; 250} 251 252static int l2cap_sock_listen(struct socket *sock, int backlog) 253{ 254 struct sock *sk = sock->sk; 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 256 int err = 0; 257 258 BT_DBG("sk %p backlog %d", sk, backlog); 259 260 lock_sock(sk); 261 262 if (sk->sk_state != BT_BOUND) { 263 err = -EBADFD; 264 goto done; 265 } 266 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 268 err = -EINVAL; 269 goto done; 270 } 271 272 switch (chan->mode) { 273 case L2CAP_MODE_BASIC: 274 case L2CAP_MODE_LE_FLOWCTL: 275 break; 276 case L2CAP_MODE_ERTM: 277 case L2CAP_MODE_STREAMING: 278 if (!disable_ertm) 279 break; 280 /* fall through */ 281 default: 282 err = -ENOTSUPP; 283 goto done; 284 } 285 286 sk->sk_max_ack_backlog = backlog; 287 sk->sk_ack_backlog = 0; 288 289 chan->state = BT_LISTEN; 290 sk->sk_state = BT_LISTEN; 291 292done: 293 release_sock(sk); 294 return err; 295} 296 297static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 298 int flags) 299{ 300 DECLARE_WAITQUEUE(wait, current); 301 struct sock *sk = sock->sk, *nsk; 302 long timeo; 303 int err = 0; 304 305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 306 307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 308 309 BT_DBG("sk %p timeo %ld", sk, timeo); 310 311 /* Wait for an incoming connection. (wake-one). */ 312 add_wait_queue_exclusive(sk_sleep(sk), &wait); 313 while (1) { 314 set_current_state(TASK_INTERRUPTIBLE); 315 316 if (sk->sk_state != BT_LISTEN) { 317 err = -EBADFD; 318 break; 319 } 320 321 nsk = bt_accept_dequeue(sk, newsock); 322 if (nsk) 323 break; 324 325 if (!timeo) { 326 err = -EAGAIN; 327 break; 328 } 329 330 if (signal_pending(current)) { 331 err = sock_intr_errno(timeo); 332 break; 333 } 334 335 release_sock(sk); 336 timeo = schedule_timeout(timeo); 337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 338 } 339 __set_current_state(TASK_RUNNING); 340 remove_wait_queue(sk_sleep(sk), &wait); 341 342 if (err) 343 goto done; 344 345 newsock->state = SS_CONNECTED; 346 347 BT_DBG("new socket %p", nsk); 348 349done: 350 release_sock(sk); 351 return err; 352} 353 354static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 355 int *len, int peer) 356{ 357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 358 struct sock *sk = sock->sk; 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 360 361 BT_DBG("sock %p, sk %p", sock, sk); 362 363 if (peer && sk->sk_state != BT_CONNECTED && 364 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2) 365 return -ENOTCONN; 366 367 memset(la, 0, sizeof(struct sockaddr_l2)); 368 addr->sa_family = AF_BLUETOOTH; 369 *len = sizeof(struct sockaddr_l2); 370 371 la->l2_psm = chan->psm; 372 373 if (peer) { 374 bacpy(&la->l2_bdaddr, &chan->dst); 375 la->l2_cid = cpu_to_le16(chan->dcid); 376 la->l2_bdaddr_type = chan->dst_type; 377 } else { 378 bacpy(&la->l2_bdaddr, &chan->src); 379 la->l2_cid = cpu_to_le16(chan->scid); 380 la->l2_bdaddr_type = chan->src_type; 381 } 382 383 return 0; 384} 385 386static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 387 char __user *optval, int __user *optlen) 388{ 389 struct sock *sk = sock->sk; 390 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 391 struct l2cap_options opts; 392 struct l2cap_conninfo cinfo; 393 int len, err = 0; 394 u32 opt; 395 396 BT_DBG("sk %p", sk); 397 398 if (get_user(len, optlen)) 399 return -EFAULT; 400 401 lock_sock(sk); 402 403 switch (optname) { 404 case L2CAP_OPTIONS: 405 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 406 * legacy ATT code depends on getsockopt for 407 * L2CAP_OPTIONS we need to let this pass. 408 */ 409 if (bdaddr_type_is_le(chan->src_type) && 410 chan->scid != L2CAP_CID_ATT) { 411 err = -EINVAL; 412 break; 413 } 414 415 memset(&opts, 0, sizeof(opts)); 416 opts.imtu = chan->imtu; 417 opts.omtu = chan->omtu; 418 opts.flush_to = chan->flush_to; 419 opts.mode = chan->mode; 420 opts.fcs = chan->fcs; 421 opts.max_tx = chan->max_tx; 422 opts.txwin_size = chan->tx_win; 423 424 len = min_t(unsigned int, len, sizeof(opts)); 425 if (copy_to_user(optval, (char *) &opts, len)) 426 err = -EFAULT; 427 428 break; 429 430 case L2CAP_LM: 431 switch (chan->sec_level) { 432 case BT_SECURITY_LOW: 433 opt = L2CAP_LM_AUTH; 434 break; 435 case BT_SECURITY_MEDIUM: 436 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 437 break; 438 case BT_SECURITY_HIGH: 439 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 440 L2CAP_LM_SECURE; 441 break; 442 case BT_SECURITY_FIPS: 443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 444 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 445 break; 446 default: 447 opt = 0; 448 break; 449 } 450 451 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 452 opt |= L2CAP_LM_MASTER; 453 454 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 455 opt |= L2CAP_LM_RELIABLE; 456 457 if (put_user(opt, (u32 __user *) optval)) 458 err = -EFAULT; 459 460 break; 461 462 case L2CAP_CONNINFO: 463 if (sk->sk_state != BT_CONNECTED && 464 !(sk->sk_state == BT_CONNECT2 && 465 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 466 err = -ENOTCONN; 467 break; 468 } 469 470 memset(&cinfo, 0, sizeof(cinfo)); 471 cinfo.hci_handle = chan->conn->hcon->handle; 472 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 473 474 len = min_t(unsigned int, len, sizeof(cinfo)); 475 if (copy_to_user(optval, (char *) &cinfo, len)) 476 err = -EFAULT; 477 478 break; 479 480 default: 481 err = -ENOPROTOOPT; 482 break; 483 } 484 485 release_sock(sk); 486 return err; 487} 488 489static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 490 char __user *optval, int __user *optlen) 491{ 492 struct sock *sk = sock->sk; 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 494 struct bt_security sec; 495 struct bt_power pwr; 496 int len, err = 0; 497 498 BT_DBG("sk %p", sk); 499 500 if (level == SOL_L2CAP) 501 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 502 503 if (level != SOL_BLUETOOTH) 504 return -ENOPROTOOPT; 505 506 if (get_user(len, optlen)) 507 return -EFAULT; 508 509 lock_sock(sk); 510 511 switch (optname) { 512 case BT_SECURITY: 513 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 514 chan->chan_type != L2CAP_CHAN_FIXED && 515 chan->chan_type != L2CAP_CHAN_RAW) { 516 err = -EINVAL; 517 break; 518 } 519 520 memset(&sec, 0, sizeof(sec)); 521 if (chan->conn) { 522 sec.level = chan->conn->hcon->sec_level; 523 524 if (sk->sk_state == BT_CONNECTED) 525 sec.key_size = chan->conn->hcon->enc_key_size; 526 } else { 527 sec.level = chan->sec_level; 528 } 529 530 len = min_t(unsigned int, len, sizeof(sec)); 531 if (copy_to_user(optval, (char *) &sec, len)) 532 err = -EFAULT; 533 534 break; 535 536 case BT_DEFER_SETUP: 537 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 538 err = -EINVAL; 539 break; 540 } 541 542 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 543 (u32 __user *) optval)) 544 err = -EFAULT; 545 546 break; 547 548 case BT_FLUSHABLE: 549 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 550 (u32 __user *) optval)) 551 err = -EFAULT; 552 553 break; 554 555 case BT_POWER: 556 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 557 && sk->sk_type != SOCK_RAW) { 558 err = -EINVAL; 559 break; 560 } 561 562 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 563 564 len = min_t(unsigned int, len, sizeof(pwr)); 565 if (copy_to_user(optval, (char *) &pwr, len)) 566 err = -EFAULT; 567 568 break; 569 570 case BT_CHANNEL_POLICY: 571 if (put_user(chan->chan_policy, (u32 __user *) optval)) 572 err = -EFAULT; 573 break; 574 575 case BT_SNDMTU: 576 if (!bdaddr_type_is_le(chan->src_type)) { 577 err = -EINVAL; 578 break; 579 } 580 581 if (sk->sk_state != BT_CONNECTED) { 582 err = -ENOTCONN; 583 break; 584 } 585 586 if (put_user(chan->omtu, (u16 __user *) optval)) 587 err = -EFAULT; 588 break; 589 590 case BT_RCVMTU: 591 if (!bdaddr_type_is_le(chan->src_type)) { 592 err = -EINVAL; 593 break; 594 } 595 596 if (put_user(chan->imtu, (u16 __user *) optval)) 597 err = -EFAULT; 598 break; 599 600 default: 601 err = -ENOPROTOOPT; 602 break; 603 } 604 605 release_sock(sk); 606 return err; 607} 608 609static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 610{ 611 switch (chan->scid) { 612 case L2CAP_CID_ATT: 613 if (mtu < L2CAP_LE_MIN_MTU) 614 return false; 615 break; 616 617 default: 618 if (mtu < L2CAP_DEFAULT_MIN_MTU) 619 return false; 620 } 621 622 return true; 623} 624 625static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 626 char __user *optval, unsigned int optlen) 627{ 628 struct sock *sk = sock->sk; 629 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 630 struct l2cap_options opts; 631 int len, err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case L2CAP_OPTIONS: 640 if (bdaddr_type_is_le(chan->src_type)) { 641 err = -EINVAL; 642 break; 643 } 644 645 if (sk->sk_state == BT_CONNECTED) { 646 err = -EINVAL; 647 break; 648 } 649 650 opts.imtu = chan->imtu; 651 opts.omtu = chan->omtu; 652 opts.flush_to = chan->flush_to; 653 opts.mode = chan->mode; 654 opts.fcs = chan->fcs; 655 opts.max_tx = chan->max_tx; 656 opts.txwin_size = chan->tx_win; 657 658 len = min_t(unsigned int, sizeof(opts), optlen); 659 if (copy_from_user((char *) &opts, optval, len)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (!l2cap_valid_mtu(chan, opts.imtu)) { 670 err = -EINVAL; 671 break; 672 } 673 674 chan->mode = opts.mode; 675 switch (chan->mode) { 676 case L2CAP_MODE_LE_FLOWCTL: 677 break; 678 case L2CAP_MODE_BASIC: 679 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 680 break; 681 case L2CAP_MODE_ERTM: 682 case L2CAP_MODE_STREAMING: 683 if (!disable_ertm) 684 break; 685 /* fall through */ 686 default: 687 err = -EINVAL; 688 break; 689 } 690 691 chan->imtu = opts.imtu; 692 chan->omtu = opts.omtu; 693 chan->fcs = opts.fcs; 694 chan->max_tx = opts.max_tx; 695 chan->tx_win = opts.txwin_size; 696 chan->flush_to = opts.flush_to; 697 break; 698 699 case L2CAP_LM: 700 if (get_user(opt, (u32 __user *) optval)) { 701 err = -EFAULT; 702 break; 703 } 704 705 if (opt & L2CAP_LM_FIPS) { 706 err = -EINVAL; 707 break; 708 } 709 710 if (opt & L2CAP_LM_AUTH) 711 chan->sec_level = BT_SECURITY_LOW; 712 if (opt & L2CAP_LM_ENCRYPT) 713 chan->sec_level = BT_SECURITY_MEDIUM; 714 if (opt & L2CAP_LM_SECURE) 715 chan->sec_level = BT_SECURITY_HIGH; 716 717 if (opt & L2CAP_LM_MASTER) 718 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 719 else 720 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 721 722 if (opt & L2CAP_LM_RELIABLE) 723 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 724 else 725 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 726 break; 727 728 default: 729 err = -ENOPROTOOPT; 730 break; 731 } 732 733 release_sock(sk); 734 return err; 735} 736 737static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 738 char __user *optval, unsigned int optlen) 739{ 740 struct sock *sk = sock->sk; 741 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 742 struct bt_security sec; 743 struct bt_power pwr; 744 struct l2cap_conn *conn; 745 int len, err = 0; 746 u32 opt; 747 748 BT_DBG("sk %p", sk); 749 750 if (level == SOL_L2CAP) 751 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 752 753 if (level != SOL_BLUETOOTH) 754 return -ENOPROTOOPT; 755 756 lock_sock(sk); 757 758 switch (optname) { 759 case BT_SECURITY: 760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 761 chan->chan_type != L2CAP_CHAN_FIXED && 762 chan->chan_type != L2CAP_CHAN_RAW) { 763 err = -EINVAL; 764 break; 765 } 766 767 sec.level = BT_SECURITY_LOW; 768 769 len = min_t(unsigned int, sizeof(sec), optlen); 770 if (copy_from_user((char *) &sec, optval, len)) { 771 err = -EFAULT; 772 break; 773 } 774 775 if (sec.level < BT_SECURITY_LOW || 776 sec.level > BT_SECURITY_HIGH) { 777 err = -EINVAL; 778 break; 779 } 780 781 chan->sec_level = sec.level; 782 783 if (!chan->conn) 784 break; 785 786 conn = chan->conn; 787 788 /*change security for LE channels */ 789 if (chan->scid == L2CAP_CID_ATT) { 790 if (smp_conn_security(conn->hcon, sec.level)) 791 break; 792 sk->sk_state = BT_CONFIG; 793 chan->state = BT_CONFIG; 794 795 /* or for ACL link */ 796 } else if ((sk->sk_state == BT_CONNECT2 && 797 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 798 sk->sk_state == BT_CONNECTED) { 799 if (!l2cap_chan_check_security(chan)) 800 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 801 else 802 sk->sk_state_change(sk); 803 } else { 804 err = -EINVAL; 805 } 806 break; 807 808 case BT_DEFER_SETUP: 809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 810 err = -EINVAL; 811 break; 812 } 813 814 if (get_user(opt, (u32 __user *) optval)) { 815 err = -EFAULT; 816 break; 817 } 818 819 if (opt) { 820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 821 set_bit(FLAG_DEFER_SETUP, &chan->flags); 822 } else { 823 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 824 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 825 } 826 break; 827 828 case BT_FLUSHABLE: 829 if (get_user(opt, (u32 __user *) optval)) { 830 err = -EFAULT; 831 break; 832 } 833 834 if (opt > BT_FLUSHABLE_ON) { 835 err = -EINVAL; 836 break; 837 } 838 839 if (opt == BT_FLUSHABLE_OFF) { 840 conn = chan->conn; 841 /* proceed further only when we have l2cap_conn and 842 No Flush support in the LM */ 843 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 844 err = -EINVAL; 845 break; 846 } 847 } 848 849 if (opt) 850 set_bit(FLAG_FLUSHABLE, &chan->flags); 851 else 852 clear_bit(FLAG_FLUSHABLE, &chan->flags); 853 break; 854 855 case BT_POWER: 856 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 857 chan->chan_type != L2CAP_CHAN_RAW) { 858 err = -EINVAL; 859 break; 860 } 861 862 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 863 864 len = min_t(unsigned int, sizeof(pwr), optlen); 865 if (copy_from_user((char *) &pwr, optval, len)) { 866 err = -EFAULT; 867 break; 868 } 869 870 if (pwr.force_active) 871 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 872 else 873 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 874 break; 875 876 case BT_CHANNEL_POLICY: 877 if (get_user(opt, (u32 __user *) optval)) { 878 err = -EFAULT; 879 break; 880 } 881 882 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 883 err = -EINVAL; 884 break; 885 } 886 887 if (chan->mode != L2CAP_MODE_ERTM && 888 chan->mode != L2CAP_MODE_STREAMING) { 889 err = -EOPNOTSUPP; 890 break; 891 } 892 893 chan->chan_policy = (u8) opt; 894 895 if (sk->sk_state == BT_CONNECTED && 896 chan->move_role == L2CAP_MOVE_ROLE_NONE) 897 l2cap_move_start(chan); 898 899 break; 900 901 case BT_SNDMTU: 902 if (!bdaddr_type_is_le(chan->src_type)) { 903 err = -EINVAL; 904 break; 905 } 906 907 /* Setting is not supported as it's the remote side that 908 * decides this. 909 */ 910 err = -EPERM; 911 break; 912 913 case BT_RCVMTU: 914 if (!bdaddr_type_is_le(chan->src_type)) { 915 err = -EINVAL; 916 break; 917 } 918 919 if (sk->sk_state == BT_CONNECTED) { 920 err = -EISCONN; 921 break; 922 } 923 924 if (get_user(opt, (u32 __user *) optval)) { 925 err = -EFAULT; 926 break; 927 } 928 929 chan->imtu = opt; 930 break; 931 932 default: 933 err = -ENOPROTOOPT; 934 break; 935 } 936 937 release_sock(sk); 938 return err; 939} 940 941static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 942 struct msghdr *msg, size_t len) 943{ 944 struct sock *sk = sock->sk; 945 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 946 int err; 947 948 BT_DBG("sock %p, sk %p", sock, sk); 949 950 err = sock_error(sk); 951 if (err) 952 return err; 953 954 if (msg->msg_flags & MSG_OOB) 955 return -EOPNOTSUPP; 956 957 if (sk->sk_state != BT_CONNECTED) 958 return -ENOTCONN; 959 960 lock_sock(sk); 961 err = bt_sock_wait_ready(sk, msg->msg_flags); 962 release_sock(sk); 963 if (err) 964 return err; 965 966 l2cap_chan_lock(chan); 967 err = l2cap_chan_send(chan, msg, len); 968 l2cap_chan_unlock(chan); 969 970 return err; 971} 972 973static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 974 struct msghdr *msg, size_t len, int flags) 975{ 976 struct sock *sk = sock->sk; 977 struct l2cap_pinfo *pi = l2cap_pi(sk); 978 int err; 979 980 lock_sock(sk); 981 982 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 983 &bt_sk(sk)->flags)) { 984 if (bdaddr_type_is_le(pi->chan->src_type)) { 985 sk->sk_state = BT_CONNECTED; 986 pi->chan->state = BT_CONNECTED; 987 __l2cap_le_connect_rsp_defer(pi->chan); 988 } else { 989 sk->sk_state = BT_CONFIG; 990 pi->chan->state = BT_CONFIG; 991 __l2cap_connect_rsp_defer(pi->chan); 992 } 993 994 err = 0; 995 goto done; 996 } 997 998 release_sock(sk); 999 1000 if (sock->type == SOCK_STREAM) 1001 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1002 else 1003 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1004 1005 if (pi->chan->mode != L2CAP_MODE_ERTM) 1006 return err; 1007 1008 /* Attempt to put pending rx data in the socket buffer */ 1009 1010 lock_sock(sk); 1011 1012 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1013 goto done; 1014 1015 if (pi->rx_busy_skb) { 1016 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1017 pi->rx_busy_skb = NULL; 1018 else 1019 goto done; 1020 } 1021 1022 /* Restore data flow when half of the receive buffer is 1023 * available. This avoids resending large numbers of 1024 * frames. 1025 */ 1026 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1027 l2cap_chan_busy(pi->chan, 0); 1028 1029done: 1030 release_sock(sk); 1031 return err; 1032} 1033 1034/* Kill socket (only if zapped and orphan) 1035 * Must be called on unlocked socket. 1036 */ 1037static void l2cap_sock_kill(struct sock *sk) 1038{ 1039 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1040 return; 1041 1042 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1043 1044 /* Kill poor orphan */ 1045 1046 l2cap_chan_put(l2cap_pi(sk)->chan); 1047 sock_set_flag(sk, SOCK_DEAD); 1048 sock_put(sk); 1049} 1050 1051static int __l2cap_wait_ack(struct sock *sk) 1052{ 1053 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1054 DECLARE_WAITQUEUE(wait, current); 1055 int err = 0; 1056 int timeo = HZ/5; 1057 1058 add_wait_queue(sk_sleep(sk), &wait); 1059 set_current_state(TASK_INTERRUPTIBLE); 1060 while (chan->unacked_frames > 0 && chan->conn) { 1061 if (!timeo) 1062 timeo = HZ/5; 1063 1064 if (signal_pending(current)) { 1065 err = sock_intr_errno(timeo); 1066 break; 1067 } 1068 1069 release_sock(sk); 1070 timeo = schedule_timeout(timeo); 1071 lock_sock(sk); 1072 set_current_state(TASK_INTERRUPTIBLE); 1073 1074 err = sock_error(sk); 1075 if (err) 1076 break; 1077 } 1078 set_current_state(TASK_RUNNING); 1079 remove_wait_queue(sk_sleep(sk), &wait); 1080 return err; 1081} 1082 1083static int l2cap_sock_shutdown(struct socket *sock, int how) 1084{ 1085 struct sock *sk = sock->sk; 1086 struct l2cap_chan *chan; 1087 struct l2cap_conn *conn; 1088 int err = 0; 1089 1090 BT_DBG("sock %p, sk %p", sock, sk); 1091 1092 if (!sk) 1093 return 0; 1094 1095 chan = l2cap_pi(sk)->chan; 1096 conn = chan->conn; 1097 1098 if (conn) 1099 mutex_lock(&conn->chan_lock); 1100 1101 l2cap_chan_lock(chan); 1102 lock_sock(sk); 1103 1104 if (!sk->sk_shutdown) { 1105 if (chan->mode == L2CAP_MODE_ERTM) 1106 err = __l2cap_wait_ack(sk); 1107 1108 sk->sk_shutdown = SHUTDOWN_MASK; 1109 1110 release_sock(sk); 1111 l2cap_chan_close(chan, 0); 1112 lock_sock(sk); 1113 1114 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1115 err = bt_sock_wait_state(sk, BT_CLOSED, 1116 sk->sk_lingertime); 1117 } 1118 1119 if (!err && sk->sk_err) 1120 err = -sk->sk_err; 1121 1122 release_sock(sk); 1123 l2cap_chan_unlock(chan); 1124 1125 if (conn) 1126 mutex_unlock(&conn->chan_lock); 1127 1128 return err; 1129} 1130 1131static int l2cap_sock_release(struct socket *sock) 1132{ 1133 struct sock *sk = sock->sk; 1134 int err; 1135 1136 BT_DBG("sock %p, sk %p", sock, sk); 1137 1138 if (!sk) 1139 return 0; 1140 1141 bt_sock_unlink(&l2cap_sk_list, sk); 1142 1143 err = l2cap_sock_shutdown(sock, 2); 1144 1145 sock_orphan(sk); 1146 l2cap_sock_kill(sk); 1147 return err; 1148} 1149 1150static void l2cap_sock_cleanup_listen(struct sock *parent) 1151{ 1152 struct sock *sk; 1153 1154 BT_DBG("parent %p", parent); 1155 1156 /* Close not yet accepted channels */ 1157 while ((sk = bt_accept_dequeue(parent, NULL))) { 1158 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1159 1160 l2cap_chan_lock(chan); 1161 __clear_chan_timer(chan); 1162 l2cap_chan_close(chan, ECONNRESET); 1163 l2cap_chan_unlock(chan); 1164 1165 l2cap_sock_kill(sk); 1166 } 1167} 1168 1169static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1170{ 1171 struct sock *sk, *parent = chan->data; 1172 1173 lock_sock(parent); 1174 1175 /* Check for backlog size */ 1176 if (sk_acceptq_is_full(parent)) { 1177 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1178 release_sock(parent); 1179 return NULL; 1180 } 1181 1182 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1183 GFP_ATOMIC); 1184 if (!sk) { 1185 release_sock(parent); 1186 return NULL; 1187 } 1188 1189 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1190 1191 l2cap_sock_init(sk, parent); 1192 1193 bt_accept_enqueue(parent, sk); 1194 1195 release_sock(parent); 1196 1197 return l2cap_pi(sk)->chan; 1198} 1199 1200static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1201{ 1202 struct sock *sk = chan->data; 1203 int err; 1204 1205 lock_sock(sk); 1206 1207 if (l2cap_pi(sk)->rx_busy_skb) { 1208 err = -ENOMEM; 1209 goto done; 1210 } 1211 1212 err = sock_queue_rcv_skb(sk, skb); 1213 1214 /* For ERTM, handle one skb that doesn't fit into the recv 1215 * buffer. This is important to do because the data frames 1216 * have already been acked, so the skb cannot be discarded. 1217 * 1218 * Notify the l2cap core that the buffer is full, so the 1219 * LOCAL_BUSY state is entered and no more frames are 1220 * acked and reassembled until there is buffer space 1221 * available. 1222 */ 1223 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1224 l2cap_pi(sk)->rx_busy_skb = skb; 1225 l2cap_chan_busy(chan, 1); 1226 err = 0; 1227 } 1228 1229done: 1230 release_sock(sk); 1231 1232 return err; 1233} 1234 1235static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1236{ 1237 struct sock *sk = chan->data; 1238 1239 l2cap_sock_kill(sk); 1240} 1241 1242static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1243{ 1244 struct sock *sk = chan->data; 1245 struct sock *parent; 1246 1247 lock_sock(sk); 1248 1249 parent = bt_sk(sk)->parent; 1250 1251 sock_set_flag(sk, SOCK_ZAPPED); 1252 1253 switch (chan->state) { 1254 case BT_OPEN: 1255 case BT_BOUND: 1256 case BT_CLOSED: 1257 break; 1258 case BT_LISTEN: 1259 l2cap_sock_cleanup_listen(sk); 1260 sk->sk_state = BT_CLOSED; 1261 chan->state = BT_CLOSED; 1262 1263 break; 1264 default: 1265 sk->sk_state = BT_CLOSED; 1266 chan->state = BT_CLOSED; 1267 1268 sk->sk_err = err; 1269 1270 if (parent) { 1271 bt_accept_unlink(sk); 1272 parent->sk_data_ready(parent); 1273 } else { 1274 sk->sk_state_change(sk); 1275 } 1276 1277 break; 1278 } 1279 1280 release_sock(sk); 1281} 1282 1283static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1284 int err) 1285{ 1286 struct sock *sk = chan->data; 1287 1288 sk->sk_state = state; 1289 1290 if (err) 1291 sk->sk_err = err; 1292} 1293 1294static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1295 unsigned long hdr_len, 1296 unsigned long len, int nb) 1297{ 1298 struct sock *sk = chan->data; 1299 struct sk_buff *skb; 1300 int err; 1301 1302 l2cap_chan_unlock(chan); 1303 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1304 l2cap_chan_lock(chan); 1305 1306 if (!skb) 1307 return ERR_PTR(err); 1308 1309 skb->priority = sk->sk_priority; 1310 1311 bt_cb(skb)->chan = chan; 1312 1313 return skb; 1314} 1315 1316static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan, 1317 unsigned char *kdata, 1318 struct iovec *iov, int len) 1319{ 1320 return memcpy_fromiovec(kdata, iov, len); 1321} 1322 1323static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1324{ 1325 struct sock *sk = chan->data; 1326 struct sock *parent; 1327 1328 lock_sock(sk); 1329 1330 parent = bt_sk(sk)->parent; 1331 1332 BT_DBG("sk %p, parent %p", sk, parent); 1333 1334 sk->sk_state = BT_CONNECTED; 1335 sk->sk_state_change(sk); 1336 1337 if (parent) 1338 parent->sk_data_ready(parent); 1339 1340 release_sock(sk); 1341} 1342 1343static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1344{ 1345 struct sock *parent, *sk = chan->data; 1346 1347 lock_sock(sk); 1348 1349 parent = bt_sk(sk)->parent; 1350 if (parent) 1351 parent->sk_data_ready(parent); 1352 1353 release_sock(sk); 1354} 1355 1356static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1357{ 1358 struct sock *sk = chan->data; 1359 1360 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1361 sk->sk_state_change(sk); 1362} 1363 1364static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1365{ 1366 struct sock *sk = chan->data; 1367 1368 lock_sock(sk); 1369 sk->sk_shutdown = SHUTDOWN_MASK; 1370 release_sock(sk); 1371} 1372 1373static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1374{ 1375 struct sock *sk = chan->data; 1376 1377 return sk->sk_sndtimeo; 1378} 1379 1380static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1381{ 1382 struct sock *sk = chan->data; 1383 1384 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1385 sk->sk_state_change(sk); 1386} 1387 1388static const struct l2cap_ops l2cap_chan_ops = { 1389 .name = "L2CAP Socket Interface", 1390 .new_connection = l2cap_sock_new_connection_cb, 1391 .recv = l2cap_sock_recv_cb, 1392 .close = l2cap_sock_close_cb, 1393 .teardown = l2cap_sock_teardown_cb, 1394 .state_change = l2cap_sock_state_change_cb, 1395 .ready = l2cap_sock_ready_cb, 1396 .defer = l2cap_sock_defer_cb, 1397 .resume = l2cap_sock_resume_cb, 1398 .suspend = l2cap_sock_suspend_cb, 1399 .set_shutdown = l2cap_sock_set_shutdown_cb, 1400 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1401 .alloc_skb = l2cap_sock_alloc_skb_cb, 1402 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb, 1403}; 1404 1405static void l2cap_sock_destruct(struct sock *sk) 1406{ 1407 BT_DBG("sk %p", sk); 1408 1409 if (l2cap_pi(sk)->chan) 1410 l2cap_chan_put(l2cap_pi(sk)->chan); 1411 1412 if (l2cap_pi(sk)->rx_busy_skb) { 1413 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1414 l2cap_pi(sk)->rx_busy_skb = NULL; 1415 } 1416 1417 skb_queue_purge(&sk->sk_receive_queue); 1418 skb_queue_purge(&sk->sk_write_queue); 1419} 1420 1421static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1422 int *msg_namelen) 1423{ 1424 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1425 1426 memset(la, 0, sizeof(struct sockaddr_l2)); 1427 la->l2_family = AF_BLUETOOTH; 1428 la->l2_psm = bt_cb(skb)->psm; 1429 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1430 1431 *msg_namelen = sizeof(struct sockaddr_l2); 1432} 1433 1434static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1435{ 1436 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1437 1438 BT_DBG("sk %p", sk); 1439 1440 if (parent) { 1441 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1442 1443 sk->sk_type = parent->sk_type; 1444 bt_sk(sk)->flags = bt_sk(parent)->flags; 1445 1446 chan->chan_type = pchan->chan_type; 1447 chan->imtu = pchan->imtu; 1448 chan->omtu = pchan->omtu; 1449 chan->conf_state = pchan->conf_state; 1450 chan->mode = pchan->mode; 1451 chan->fcs = pchan->fcs; 1452 chan->max_tx = pchan->max_tx; 1453 chan->tx_win = pchan->tx_win; 1454 chan->tx_win_max = pchan->tx_win_max; 1455 chan->sec_level = pchan->sec_level; 1456 chan->flags = pchan->flags; 1457 chan->tx_credits = pchan->tx_credits; 1458 chan->rx_credits = pchan->rx_credits; 1459 1460 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1461 chan->scid = pchan->scid; 1462 chan->dcid = pchan->scid; 1463 } 1464 1465 security_sk_clone(parent, sk); 1466 } else { 1467 switch (sk->sk_type) { 1468 case SOCK_RAW: 1469 chan->chan_type = L2CAP_CHAN_RAW; 1470 break; 1471 case SOCK_DGRAM: 1472 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1473 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1474 break; 1475 case SOCK_SEQPACKET: 1476 case SOCK_STREAM: 1477 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1478 break; 1479 } 1480 1481 chan->imtu = L2CAP_DEFAULT_MTU; 1482 chan->omtu = 0; 1483 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1484 chan->mode = L2CAP_MODE_ERTM; 1485 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1486 } else { 1487 chan->mode = L2CAP_MODE_BASIC; 1488 } 1489 1490 l2cap_chan_set_defaults(chan); 1491 } 1492 1493 /* Default config options */ 1494 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1495 1496 chan->data = sk; 1497 chan->ops = &l2cap_chan_ops; 1498} 1499 1500static struct proto l2cap_proto = { 1501 .name = "L2CAP", 1502 .owner = THIS_MODULE, 1503 .obj_size = sizeof(struct l2cap_pinfo) 1504}; 1505 1506static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1507 int proto, gfp_t prio) 1508{ 1509 struct sock *sk; 1510 struct l2cap_chan *chan; 1511 1512 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1513 if (!sk) 1514 return NULL; 1515 1516 sock_init_data(sock, sk); 1517 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1518 1519 sk->sk_destruct = l2cap_sock_destruct; 1520 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1521 1522 sock_reset_flag(sk, SOCK_ZAPPED); 1523 1524 sk->sk_protocol = proto; 1525 sk->sk_state = BT_OPEN; 1526 1527 chan = l2cap_chan_create(); 1528 if (!chan) { 1529 sk_free(sk); 1530 return NULL; 1531 } 1532 1533 l2cap_chan_hold(chan); 1534 1535 l2cap_pi(sk)->chan = chan; 1536 1537 return sk; 1538} 1539 1540static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1541 int kern) 1542{ 1543 struct sock *sk; 1544 1545 BT_DBG("sock %p", sock); 1546 1547 sock->state = SS_UNCONNECTED; 1548 1549 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1550 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1551 return -ESOCKTNOSUPPORT; 1552 1553 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1554 return -EPERM; 1555 1556 sock->ops = &l2cap_sock_ops; 1557 1558 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1559 if (!sk) 1560 return -ENOMEM; 1561 1562 l2cap_sock_init(sk, NULL); 1563 bt_sock_link(&l2cap_sk_list, sk); 1564 return 0; 1565} 1566 1567static const struct proto_ops l2cap_sock_ops = { 1568 .family = PF_BLUETOOTH, 1569 .owner = THIS_MODULE, 1570 .release = l2cap_sock_release, 1571 .bind = l2cap_sock_bind, 1572 .connect = l2cap_sock_connect, 1573 .listen = l2cap_sock_listen, 1574 .accept = l2cap_sock_accept, 1575 .getname = l2cap_sock_getname, 1576 .sendmsg = l2cap_sock_sendmsg, 1577 .recvmsg = l2cap_sock_recvmsg, 1578 .poll = bt_sock_poll, 1579 .ioctl = bt_sock_ioctl, 1580 .mmap = sock_no_mmap, 1581 .socketpair = sock_no_socketpair, 1582 .shutdown = l2cap_sock_shutdown, 1583 .setsockopt = l2cap_sock_setsockopt, 1584 .getsockopt = l2cap_sock_getsockopt 1585}; 1586 1587static const struct net_proto_family l2cap_sock_family_ops = { 1588 .family = PF_BLUETOOTH, 1589 .owner = THIS_MODULE, 1590 .create = l2cap_sock_create, 1591}; 1592 1593int __init l2cap_init_sockets(void) 1594{ 1595 int err; 1596 1597 err = proto_register(&l2cap_proto, 0); 1598 if (err < 0) 1599 return err; 1600 1601 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1602 if (err < 0) { 1603 BT_ERR("L2CAP socket registration failed"); 1604 goto error; 1605 } 1606 1607 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1608 NULL); 1609 if (err < 0) { 1610 BT_ERR("Failed to create L2CAP proc file"); 1611 bt_sock_unregister(BTPROTO_L2CAP); 1612 goto error; 1613 } 1614 1615 BT_INFO("L2CAP socket layer initialized"); 1616 1617 return 0; 1618 1619error: 1620 proto_unregister(&l2cap_proto); 1621 return err; 1622} 1623 1624void l2cap_cleanup_sockets(void) 1625{ 1626 bt_procfs_cleanup(&init_net, "l2cap"); 1627 bt_sock_unregister(BTPROTO_L2CAP); 1628 proto_unregister(&l2cap_proto); 1629} 1630