l2cap_sock.c revision c16900cf285ca240f0f84117bf8b88a03c55469b
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/module.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36 37#include "smp.h" 38 39static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41}; 42 43static const struct proto_ops l2cap_sock_ops; 44static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48bool l2cap_is_socket(struct socket *sock) 49{ 50 return sock && sock->ops == &l2cap_sock_ops; 51} 52EXPORT_SYMBOL(l2cap_is_socket); 53 54static int l2cap_validate_bredr_psm(u16 psm) 55{ 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65} 66 67static int l2cap_validate_le_psm(u16 psm) 68{ 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78} 79 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81{ 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 103 /* We only allow ATT user space socket */ 104 if (la.l2_cid && 105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 106 return -EINVAL; 107 } 108 109 lock_sock(sk); 110 111 if (sk->sk_state != BT_OPEN) { 112 err = -EBADFD; 113 goto done; 114 } 115 116 if (la.l2_psm) { 117 __u16 psm = __le16_to_cpu(la.l2_psm); 118 119 if (la.l2_bdaddr_type == BDADDR_BREDR) 120 err = l2cap_validate_bredr_psm(psm); 121 else 122 err = l2cap_validate_le_psm(psm); 123 124 if (err) 125 goto done; 126 } 127 128 if (la.l2_cid) 129 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 130 else 131 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 132 133 if (err < 0) 134 goto done; 135 136 switch (chan->chan_type) { 137 case L2CAP_CHAN_CONN_LESS: 138 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 139 chan->sec_level = BT_SECURITY_SDP; 140 break; 141 case L2CAP_CHAN_CONN_ORIENTED: 142 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 143 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 144 chan->sec_level = BT_SECURITY_SDP; 145 break; 146 case L2CAP_CHAN_RAW: 147 chan->sec_level = BT_SECURITY_SDP; 148 break; 149 case L2CAP_CHAN_FIXED: 150 /* Fixed channels default to the L2CAP core not holding a 151 * hci_conn reference for them. For fixed channels mapping to 152 * L2CAP sockets we do want to hold a reference so set the 153 * appropriate flag to request it. 154 */ 155 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags); 156 break; 157 } 158 159 bacpy(&chan->src, &la.l2_bdaddr); 160 chan->src_type = la.l2_bdaddr_type; 161 162 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 163 chan->mode = L2CAP_MODE_LE_FLOWCTL; 164 165 chan->state = BT_BOUND; 166 sk->sk_state = BT_BOUND; 167 168done: 169 release_sock(sk); 170 return err; 171} 172 173static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 174 int alen, int flags) 175{ 176 struct sock *sk = sock->sk; 177 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 178 struct sockaddr_l2 la; 179 int len, err = 0; 180 181 BT_DBG("sk %p", sk); 182 183 if (!addr || alen < sizeof(addr->sa_family) || 184 addr->sa_family != AF_BLUETOOTH) 185 return -EINVAL; 186 187 memset(&la, 0, sizeof(la)); 188 len = min_t(unsigned int, sizeof(la), alen); 189 memcpy(&la, addr, len); 190 191 if (la.l2_cid && la.l2_psm) 192 return -EINVAL; 193 194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 195 return -EINVAL; 196 197 /* Check that the socket wasn't bound to something that 198 * conflicts with the address given to connect(). If chan->src 199 * is BDADDR_ANY it means bind() was never used, in which case 200 * chan->src_type and la.l2_bdaddr_type do not need to match. 201 */ 202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 203 bdaddr_type_is_le(la.l2_bdaddr_type)) { 204 /* Old user space versions will try to incorrectly bind 205 * the ATT socket using BDADDR_BREDR. We need to accept 206 * this and fix up the source address type only when 207 * both the source CID and destination CID indicate 208 * ATT. Anything else is an invalid combination. 209 */ 210 if (chan->scid != L2CAP_CID_ATT || 211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 212 return -EINVAL; 213 214 /* We don't have the hdev available here to make a 215 * better decision on random vs public, but since all 216 * user space versions that exhibit this issue anyway do 217 * not support random local addresses assuming public 218 * here is good enough. 219 */ 220 chan->src_type = BDADDR_LE_PUBLIC; 221 } 222 223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 224 return -EINVAL; 225 226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 227 /* We only allow ATT user space socket */ 228 if (la.l2_cid && 229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 230 return -EINVAL; 231 } 232 233 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 234 chan->mode = L2CAP_MODE_LE_FLOWCTL; 235 236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 237 &la.l2_bdaddr, la.l2_bdaddr_type); 238 if (err) 239 return err; 240 241 lock_sock(sk); 242 243 err = bt_sock_wait_state(sk, BT_CONNECTED, 244 sock_sndtimeo(sk, flags & O_NONBLOCK)); 245 246 release_sock(sk); 247 248 return err; 249} 250 251static int l2cap_sock_listen(struct socket *sock, int backlog) 252{ 253 struct sock *sk = sock->sk; 254 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 255 int err = 0; 256 257 BT_DBG("sk %p backlog %d", sk, backlog); 258 259 lock_sock(sk); 260 261 if (sk->sk_state != BT_BOUND) { 262 err = -EBADFD; 263 goto done; 264 } 265 266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 267 err = -EINVAL; 268 goto done; 269 } 270 271 switch (chan->mode) { 272 case L2CAP_MODE_BASIC: 273 case L2CAP_MODE_LE_FLOWCTL: 274 break; 275 case L2CAP_MODE_ERTM: 276 case L2CAP_MODE_STREAMING: 277 if (!disable_ertm) 278 break; 279 /* fall through */ 280 default: 281 err = -EOPNOTSUPP; 282 goto done; 283 } 284 285 sk->sk_max_ack_backlog = backlog; 286 sk->sk_ack_backlog = 0; 287 288 chan->state = BT_LISTEN; 289 sk->sk_state = BT_LISTEN; 290 291done: 292 release_sock(sk); 293 return err; 294} 295 296static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 297 int flags) 298{ 299 DECLARE_WAITQUEUE(wait, current); 300 struct sock *sk = sock->sk, *nsk; 301 long timeo; 302 int err = 0; 303 304 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 305 306 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 307 308 BT_DBG("sk %p timeo %ld", sk, timeo); 309 310 /* Wait for an incoming connection. (wake-one). */ 311 add_wait_queue_exclusive(sk_sleep(sk), &wait); 312 while (1) { 313 set_current_state(TASK_INTERRUPTIBLE); 314 315 if (sk->sk_state != BT_LISTEN) { 316 err = -EBADFD; 317 break; 318 } 319 320 nsk = bt_accept_dequeue(sk, newsock); 321 if (nsk) 322 break; 323 324 if (!timeo) { 325 err = -EAGAIN; 326 break; 327 } 328 329 if (signal_pending(current)) { 330 err = sock_intr_errno(timeo); 331 break; 332 } 333 334 release_sock(sk); 335 timeo = schedule_timeout(timeo); 336 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 337 } 338 __set_current_state(TASK_RUNNING); 339 remove_wait_queue(sk_sleep(sk), &wait); 340 341 if (err) 342 goto done; 343 344 newsock->state = SS_CONNECTED; 345 346 BT_DBG("new socket %p", nsk); 347 348done: 349 release_sock(sk); 350 return err; 351} 352 353static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 354 int *len, int peer) 355{ 356 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 357 struct sock *sk = sock->sk; 358 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 359 360 BT_DBG("sock %p, sk %p", sock, sk); 361 362 if (peer && sk->sk_state != BT_CONNECTED && 363 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 364 sk->sk_state != BT_CONFIG) 365 return -ENOTCONN; 366 367 memset(la, 0, sizeof(struct sockaddr_l2)); 368 addr->sa_family = AF_BLUETOOTH; 369 *len = sizeof(struct sockaddr_l2); 370 371 la->l2_psm = chan->psm; 372 373 if (peer) { 374 bacpy(&la->l2_bdaddr, &chan->dst); 375 la->l2_cid = cpu_to_le16(chan->dcid); 376 la->l2_bdaddr_type = chan->dst_type; 377 } else { 378 bacpy(&la->l2_bdaddr, &chan->src); 379 la->l2_cid = cpu_to_le16(chan->scid); 380 la->l2_bdaddr_type = chan->src_type; 381 } 382 383 return 0; 384} 385 386static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 387 char __user *optval, int __user *optlen) 388{ 389 struct sock *sk = sock->sk; 390 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 391 struct l2cap_options opts; 392 struct l2cap_conninfo cinfo; 393 int len, err = 0; 394 u32 opt; 395 396 BT_DBG("sk %p", sk); 397 398 if (get_user(len, optlen)) 399 return -EFAULT; 400 401 lock_sock(sk); 402 403 switch (optname) { 404 case L2CAP_OPTIONS: 405 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 406 * legacy ATT code depends on getsockopt for 407 * L2CAP_OPTIONS we need to let this pass. 408 */ 409 if (bdaddr_type_is_le(chan->src_type) && 410 chan->scid != L2CAP_CID_ATT) { 411 err = -EINVAL; 412 break; 413 } 414 415 memset(&opts, 0, sizeof(opts)); 416 opts.imtu = chan->imtu; 417 opts.omtu = chan->omtu; 418 opts.flush_to = chan->flush_to; 419 opts.mode = chan->mode; 420 opts.fcs = chan->fcs; 421 opts.max_tx = chan->max_tx; 422 opts.txwin_size = chan->tx_win; 423 424 len = min_t(unsigned int, len, sizeof(opts)); 425 if (copy_to_user(optval, (char *) &opts, len)) 426 err = -EFAULT; 427 428 break; 429 430 case L2CAP_LM: 431 switch (chan->sec_level) { 432 case BT_SECURITY_LOW: 433 opt = L2CAP_LM_AUTH; 434 break; 435 case BT_SECURITY_MEDIUM: 436 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 437 break; 438 case BT_SECURITY_HIGH: 439 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 440 L2CAP_LM_SECURE; 441 break; 442 case BT_SECURITY_FIPS: 443 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 444 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 445 break; 446 default: 447 opt = 0; 448 break; 449 } 450 451 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 452 opt |= L2CAP_LM_MASTER; 453 454 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 455 opt |= L2CAP_LM_RELIABLE; 456 457 if (put_user(opt, (u32 __user *) optval)) 458 err = -EFAULT; 459 460 break; 461 462 case L2CAP_CONNINFO: 463 if (sk->sk_state != BT_CONNECTED && 464 !(sk->sk_state == BT_CONNECT2 && 465 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 466 err = -ENOTCONN; 467 break; 468 } 469 470 memset(&cinfo, 0, sizeof(cinfo)); 471 cinfo.hci_handle = chan->conn->hcon->handle; 472 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 473 474 len = min_t(unsigned int, len, sizeof(cinfo)); 475 if (copy_to_user(optval, (char *) &cinfo, len)) 476 err = -EFAULT; 477 478 break; 479 480 default: 481 err = -ENOPROTOOPT; 482 break; 483 } 484 485 release_sock(sk); 486 return err; 487} 488 489static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 490 char __user *optval, int __user *optlen) 491{ 492 struct sock *sk = sock->sk; 493 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 494 struct bt_security sec; 495 struct bt_power pwr; 496 int len, err = 0; 497 498 BT_DBG("sk %p", sk); 499 500 if (level == SOL_L2CAP) 501 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 502 503 if (level != SOL_BLUETOOTH) 504 return -ENOPROTOOPT; 505 506 if (get_user(len, optlen)) 507 return -EFAULT; 508 509 lock_sock(sk); 510 511 switch (optname) { 512 case BT_SECURITY: 513 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 514 chan->chan_type != L2CAP_CHAN_FIXED && 515 chan->chan_type != L2CAP_CHAN_RAW) { 516 err = -EINVAL; 517 break; 518 } 519 520 memset(&sec, 0, sizeof(sec)); 521 if (chan->conn) { 522 sec.level = chan->conn->hcon->sec_level; 523 524 if (sk->sk_state == BT_CONNECTED) 525 sec.key_size = chan->conn->hcon->enc_key_size; 526 } else { 527 sec.level = chan->sec_level; 528 } 529 530 len = min_t(unsigned int, len, sizeof(sec)); 531 if (copy_to_user(optval, (char *) &sec, len)) 532 err = -EFAULT; 533 534 break; 535 536 case BT_DEFER_SETUP: 537 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 538 err = -EINVAL; 539 break; 540 } 541 542 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 543 (u32 __user *) optval)) 544 err = -EFAULT; 545 546 break; 547 548 case BT_FLUSHABLE: 549 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 550 (u32 __user *) optval)) 551 err = -EFAULT; 552 553 break; 554 555 case BT_POWER: 556 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 557 && sk->sk_type != SOCK_RAW) { 558 err = -EINVAL; 559 break; 560 } 561 562 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 563 564 len = min_t(unsigned int, len, sizeof(pwr)); 565 if (copy_to_user(optval, (char *) &pwr, len)) 566 err = -EFAULT; 567 568 break; 569 570 case BT_CHANNEL_POLICY: 571 if (put_user(chan->chan_policy, (u32 __user *) optval)) 572 err = -EFAULT; 573 break; 574 575 case BT_SNDMTU: 576 if (!bdaddr_type_is_le(chan->src_type)) { 577 err = -EINVAL; 578 break; 579 } 580 581 if (sk->sk_state != BT_CONNECTED) { 582 err = -ENOTCONN; 583 break; 584 } 585 586 if (put_user(chan->omtu, (u16 __user *) optval)) 587 err = -EFAULT; 588 break; 589 590 case BT_RCVMTU: 591 if (!bdaddr_type_is_le(chan->src_type)) { 592 err = -EINVAL; 593 break; 594 } 595 596 if (put_user(chan->imtu, (u16 __user *) optval)) 597 err = -EFAULT; 598 break; 599 600 default: 601 err = -ENOPROTOOPT; 602 break; 603 } 604 605 release_sock(sk); 606 return err; 607} 608 609static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 610{ 611 switch (chan->scid) { 612 case L2CAP_CID_ATT: 613 if (mtu < L2CAP_LE_MIN_MTU) 614 return false; 615 break; 616 617 default: 618 if (mtu < L2CAP_DEFAULT_MIN_MTU) 619 return false; 620 } 621 622 return true; 623} 624 625static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 626 char __user *optval, unsigned int optlen) 627{ 628 struct sock *sk = sock->sk; 629 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 630 struct l2cap_options opts; 631 int len, err = 0; 632 u32 opt; 633 634 BT_DBG("sk %p", sk); 635 636 lock_sock(sk); 637 638 switch (optname) { 639 case L2CAP_OPTIONS: 640 if (bdaddr_type_is_le(chan->src_type)) { 641 err = -EINVAL; 642 break; 643 } 644 645 if (sk->sk_state == BT_CONNECTED) { 646 err = -EINVAL; 647 break; 648 } 649 650 opts.imtu = chan->imtu; 651 opts.omtu = chan->omtu; 652 opts.flush_to = chan->flush_to; 653 opts.mode = chan->mode; 654 opts.fcs = chan->fcs; 655 opts.max_tx = chan->max_tx; 656 opts.txwin_size = chan->tx_win; 657 658 len = min_t(unsigned int, sizeof(opts), optlen); 659 if (copy_from_user((char *) &opts, optval, len)) { 660 err = -EFAULT; 661 break; 662 } 663 664 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 665 err = -EINVAL; 666 break; 667 } 668 669 if (!l2cap_valid_mtu(chan, opts.imtu)) { 670 err = -EINVAL; 671 break; 672 } 673 674 chan->mode = opts.mode; 675 switch (chan->mode) { 676 case L2CAP_MODE_LE_FLOWCTL: 677 break; 678 case L2CAP_MODE_BASIC: 679 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 680 break; 681 case L2CAP_MODE_ERTM: 682 case L2CAP_MODE_STREAMING: 683 if (!disable_ertm) 684 break; 685 /* fall through */ 686 default: 687 err = -EINVAL; 688 break; 689 } 690 691 chan->imtu = opts.imtu; 692 chan->omtu = opts.omtu; 693 chan->fcs = opts.fcs; 694 chan->max_tx = opts.max_tx; 695 chan->tx_win = opts.txwin_size; 696 chan->flush_to = opts.flush_to; 697 break; 698 699 case L2CAP_LM: 700 if (get_user(opt, (u32 __user *) optval)) { 701 err = -EFAULT; 702 break; 703 } 704 705 if (opt & L2CAP_LM_FIPS) { 706 err = -EINVAL; 707 break; 708 } 709 710 if (opt & L2CAP_LM_AUTH) 711 chan->sec_level = BT_SECURITY_LOW; 712 if (opt & L2CAP_LM_ENCRYPT) 713 chan->sec_level = BT_SECURITY_MEDIUM; 714 if (opt & L2CAP_LM_SECURE) 715 chan->sec_level = BT_SECURITY_HIGH; 716 717 if (opt & L2CAP_LM_MASTER) 718 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 719 else 720 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 721 722 if (opt & L2CAP_LM_RELIABLE) 723 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 724 else 725 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 726 break; 727 728 default: 729 err = -ENOPROTOOPT; 730 break; 731 } 732 733 release_sock(sk); 734 return err; 735} 736 737static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 738 char __user *optval, unsigned int optlen) 739{ 740 struct sock *sk = sock->sk; 741 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 742 struct bt_security sec; 743 struct bt_power pwr; 744 struct l2cap_conn *conn; 745 int len, err = 0; 746 u32 opt; 747 748 BT_DBG("sk %p", sk); 749 750 if (level == SOL_L2CAP) 751 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 752 753 if (level != SOL_BLUETOOTH) 754 return -ENOPROTOOPT; 755 756 lock_sock(sk); 757 758 switch (optname) { 759 case BT_SECURITY: 760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 761 chan->chan_type != L2CAP_CHAN_FIXED && 762 chan->chan_type != L2CAP_CHAN_RAW) { 763 err = -EINVAL; 764 break; 765 } 766 767 sec.level = BT_SECURITY_LOW; 768 769 len = min_t(unsigned int, sizeof(sec), optlen); 770 if (copy_from_user((char *) &sec, optval, len)) { 771 err = -EFAULT; 772 break; 773 } 774 775 if (sec.level < BT_SECURITY_LOW || 776 sec.level > BT_SECURITY_HIGH) { 777 err = -EINVAL; 778 break; 779 } 780 781 chan->sec_level = sec.level; 782 783 if (!chan->conn) 784 break; 785 786 conn = chan->conn; 787 788 /*change security for LE channels */ 789 if (chan->scid == L2CAP_CID_ATT) { 790 if (smp_conn_security(conn->hcon, sec.level)) 791 break; 792 set_bit(FLAG_PENDING_SECURITY, &chan->flags); 793 sk->sk_state = BT_CONFIG; 794 chan->state = BT_CONFIG; 795 796 /* or for ACL link */ 797 } else if ((sk->sk_state == BT_CONNECT2 && 798 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 799 sk->sk_state == BT_CONNECTED) { 800 if (!l2cap_chan_check_security(chan, true)) 801 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 802 else 803 sk->sk_state_change(sk); 804 } else { 805 err = -EINVAL; 806 } 807 break; 808 809 case BT_DEFER_SETUP: 810 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 811 err = -EINVAL; 812 break; 813 } 814 815 if (get_user(opt, (u32 __user *) optval)) { 816 err = -EFAULT; 817 break; 818 } 819 820 if (opt) { 821 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 822 set_bit(FLAG_DEFER_SETUP, &chan->flags); 823 } else { 824 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 825 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 826 } 827 break; 828 829 case BT_FLUSHABLE: 830 if (get_user(opt, (u32 __user *) optval)) { 831 err = -EFAULT; 832 break; 833 } 834 835 if (opt > BT_FLUSHABLE_ON) { 836 err = -EINVAL; 837 break; 838 } 839 840 if (opt == BT_FLUSHABLE_OFF) { 841 conn = chan->conn; 842 /* proceed further only when we have l2cap_conn and 843 No Flush support in the LM */ 844 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 845 err = -EINVAL; 846 break; 847 } 848 } 849 850 if (opt) 851 set_bit(FLAG_FLUSHABLE, &chan->flags); 852 else 853 clear_bit(FLAG_FLUSHABLE, &chan->flags); 854 break; 855 856 case BT_POWER: 857 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 858 chan->chan_type != L2CAP_CHAN_RAW) { 859 err = -EINVAL; 860 break; 861 } 862 863 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 864 865 len = min_t(unsigned int, sizeof(pwr), optlen); 866 if (copy_from_user((char *) &pwr, optval, len)) { 867 err = -EFAULT; 868 break; 869 } 870 871 if (pwr.force_active) 872 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 873 else 874 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 875 break; 876 877 case BT_CHANNEL_POLICY: 878 if (get_user(opt, (u32 __user *) optval)) { 879 err = -EFAULT; 880 break; 881 } 882 883 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 884 err = -EINVAL; 885 break; 886 } 887 888 if (chan->mode != L2CAP_MODE_ERTM && 889 chan->mode != L2CAP_MODE_STREAMING) { 890 err = -EOPNOTSUPP; 891 break; 892 } 893 894 chan->chan_policy = (u8) opt; 895 896 if (sk->sk_state == BT_CONNECTED && 897 chan->move_role == L2CAP_MOVE_ROLE_NONE) 898 l2cap_move_start(chan); 899 900 break; 901 902 case BT_SNDMTU: 903 if (!bdaddr_type_is_le(chan->src_type)) { 904 err = -EINVAL; 905 break; 906 } 907 908 /* Setting is not supported as it's the remote side that 909 * decides this. 910 */ 911 err = -EPERM; 912 break; 913 914 case BT_RCVMTU: 915 if (!bdaddr_type_is_le(chan->src_type)) { 916 err = -EINVAL; 917 break; 918 } 919 920 if (sk->sk_state == BT_CONNECTED) { 921 err = -EISCONN; 922 break; 923 } 924 925 if (get_user(opt, (u32 __user *) optval)) { 926 err = -EFAULT; 927 break; 928 } 929 930 chan->imtu = opt; 931 break; 932 933 default: 934 err = -ENOPROTOOPT; 935 break; 936 } 937 938 release_sock(sk); 939 return err; 940} 941 942static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 943 struct msghdr *msg, size_t len) 944{ 945 struct sock *sk = sock->sk; 946 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 947 int err; 948 949 BT_DBG("sock %p, sk %p", sock, sk); 950 951 err = sock_error(sk); 952 if (err) 953 return err; 954 955 if (msg->msg_flags & MSG_OOB) 956 return -EOPNOTSUPP; 957 958 if (sk->sk_state != BT_CONNECTED) 959 return -ENOTCONN; 960 961 lock_sock(sk); 962 err = bt_sock_wait_ready(sk, msg->msg_flags); 963 release_sock(sk); 964 if (err) 965 return err; 966 967 l2cap_chan_lock(chan); 968 err = l2cap_chan_send(chan, msg, len); 969 l2cap_chan_unlock(chan); 970 971 return err; 972} 973 974static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 975 struct msghdr *msg, size_t len, int flags) 976{ 977 struct sock *sk = sock->sk; 978 struct l2cap_pinfo *pi = l2cap_pi(sk); 979 int err; 980 981 lock_sock(sk); 982 983 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 984 &bt_sk(sk)->flags)) { 985 if (bdaddr_type_is_le(pi->chan->src_type)) { 986 sk->sk_state = BT_CONNECTED; 987 pi->chan->state = BT_CONNECTED; 988 __l2cap_le_connect_rsp_defer(pi->chan); 989 } else { 990 sk->sk_state = BT_CONFIG; 991 pi->chan->state = BT_CONFIG; 992 __l2cap_connect_rsp_defer(pi->chan); 993 } 994 995 err = 0; 996 goto done; 997 } 998 999 release_sock(sk); 1000 1001 if (sock->type == SOCK_STREAM) 1002 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1003 else 1004 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1005 1006 if (pi->chan->mode != L2CAP_MODE_ERTM) 1007 return err; 1008 1009 /* Attempt to put pending rx data in the socket buffer */ 1010 1011 lock_sock(sk); 1012 1013 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1014 goto done; 1015 1016 if (pi->rx_busy_skb) { 1017 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1018 pi->rx_busy_skb = NULL; 1019 else 1020 goto done; 1021 } 1022 1023 /* Restore data flow when half of the receive buffer is 1024 * available. This avoids resending large numbers of 1025 * frames. 1026 */ 1027 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1028 l2cap_chan_busy(pi->chan, 0); 1029 1030done: 1031 release_sock(sk); 1032 return err; 1033} 1034 1035/* Kill socket (only if zapped and orphan) 1036 * Must be called on unlocked socket. 1037 */ 1038static void l2cap_sock_kill(struct sock *sk) 1039{ 1040 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1041 return; 1042 1043 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1044 1045 /* Kill poor orphan */ 1046 1047 l2cap_chan_put(l2cap_pi(sk)->chan); 1048 sock_set_flag(sk, SOCK_DEAD); 1049 sock_put(sk); 1050} 1051 1052static int __l2cap_wait_ack(struct sock *sk) 1053{ 1054 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1055 DECLARE_WAITQUEUE(wait, current); 1056 int err = 0; 1057 int timeo = HZ/5; 1058 1059 add_wait_queue(sk_sleep(sk), &wait); 1060 set_current_state(TASK_INTERRUPTIBLE); 1061 while (chan->unacked_frames > 0 && chan->conn) { 1062 if (!timeo) 1063 timeo = HZ/5; 1064 1065 if (signal_pending(current)) { 1066 err = sock_intr_errno(timeo); 1067 break; 1068 } 1069 1070 release_sock(sk); 1071 timeo = schedule_timeout(timeo); 1072 lock_sock(sk); 1073 set_current_state(TASK_INTERRUPTIBLE); 1074 1075 err = sock_error(sk); 1076 if (err) 1077 break; 1078 } 1079 set_current_state(TASK_RUNNING); 1080 remove_wait_queue(sk_sleep(sk), &wait); 1081 return err; 1082} 1083 1084static int l2cap_sock_shutdown(struct socket *sock, int how) 1085{ 1086 struct sock *sk = sock->sk; 1087 struct l2cap_chan *chan; 1088 struct l2cap_conn *conn; 1089 int err = 0; 1090 1091 BT_DBG("sock %p, sk %p", sock, sk); 1092 1093 if (!sk) 1094 return 0; 1095 1096 chan = l2cap_pi(sk)->chan; 1097 conn = chan->conn; 1098 1099 if (conn) 1100 mutex_lock(&conn->chan_lock); 1101 1102 l2cap_chan_lock(chan); 1103 lock_sock(sk); 1104 1105 if (!sk->sk_shutdown) { 1106 if (chan->mode == L2CAP_MODE_ERTM) 1107 err = __l2cap_wait_ack(sk); 1108 1109 sk->sk_shutdown = SHUTDOWN_MASK; 1110 1111 release_sock(sk); 1112 l2cap_chan_close(chan, 0); 1113 lock_sock(sk); 1114 1115 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1116 !(current->flags & PF_EXITING)) 1117 err = bt_sock_wait_state(sk, BT_CLOSED, 1118 sk->sk_lingertime); 1119 } 1120 1121 if (!err && sk->sk_err) 1122 err = -sk->sk_err; 1123 1124 release_sock(sk); 1125 l2cap_chan_unlock(chan); 1126 1127 if (conn) 1128 mutex_unlock(&conn->chan_lock); 1129 1130 return err; 1131} 1132 1133static int l2cap_sock_release(struct socket *sock) 1134{ 1135 struct sock *sk = sock->sk; 1136 int err; 1137 1138 BT_DBG("sock %p, sk %p", sock, sk); 1139 1140 if (!sk) 1141 return 0; 1142 1143 bt_sock_unlink(&l2cap_sk_list, sk); 1144 1145 err = l2cap_sock_shutdown(sock, 2); 1146 1147 sock_orphan(sk); 1148 l2cap_sock_kill(sk); 1149 return err; 1150} 1151 1152static void l2cap_sock_cleanup_listen(struct sock *parent) 1153{ 1154 struct sock *sk; 1155 1156 BT_DBG("parent %p", parent); 1157 1158 /* Close not yet accepted channels */ 1159 while ((sk = bt_accept_dequeue(parent, NULL))) { 1160 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1161 1162 l2cap_chan_lock(chan); 1163 __clear_chan_timer(chan); 1164 l2cap_chan_close(chan, ECONNRESET); 1165 l2cap_chan_unlock(chan); 1166 1167 l2cap_sock_kill(sk); 1168 } 1169} 1170 1171static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1172{ 1173 struct sock *sk, *parent = chan->data; 1174 1175 lock_sock(parent); 1176 1177 /* Check for backlog size */ 1178 if (sk_acceptq_is_full(parent)) { 1179 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1180 release_sock(parent); 1181 return NULL; 1182 } 1183 1184 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1185 GFP_ATOMIC); 1186 if (!sk) { 1187 release_sock(parent); 1188 return NULL; 1189 } 1190 1191 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1192 1193 l2cap_sock_init(sk, parent); 1194 1195 bt_accept_enqueue(parent, sk); 1196 1197 release_sock(parent); 1198 1199 return l2cap_pi(sk)->chan; 1200} 1201 1202static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1203{ 1204 struct sock *sk = chan->data; 1205 int err; 1206 1207 lock_sock(sk); 1208 1209 if (l2cap_pi(sk)->rx_busy_skb) { 1210 err = -ENOMEM; 1211 goto done; 1212 } 1213 1214 err = sock_queue_rcv_skb(sk, skb); 1215 1216 /* For ERTM, handle one skb that doesn't fit into the recv 1217 * buffer. This is important to do because the data frames 1218 * have already been acked, so the skb cannot be discarded. 1219 * 1220 * Notify the l2cap core that the buffer is full, so the 1221 * LOCAL_BUSY state is entered and no more frames are 1222 * acked and reassembled until there is buffer space 1223 * available. 1224 */ 1225 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1226 l2cap_pi(sk)->rx_busy_skb = skb; 1227 l2cap_chan_busy(chan, 1); 1228 err = 0; 1229 } 1230 1231done: 1232 release_sock(sk); 1233 1234 return err; 1235} 1236 1237static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1238{ 1239 struct sock *sk = chan->data; 1240 1241 l2cap_sock_kill(sk); 1242} 1243 1244static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1245{ 1246 struct sock *sk = chan->data; 1247 struct sock *parent; 1248 1249 lock_sock(sk); 1250 1251 parent = bt_sk(sk)->parent; 1252 1253 sock_set_flag(sk, SOCK_ZAPPED); 1254 1255 switch (chan->state) { 1256 case BT_OPEN: 1257 case BT_BOUND: 1258 case BT_CLOSED: 1259 break; 1260 case BT_LISTEN: 1261 l2cap_sock_cleanup_listen(sk); 1262 sk->sk_state = BT_CLOSED; 1263 chan->state = BT_CLOSED; 1264 1265 break; 1266 default: 1267 sk->sk_state = BT_CLOSED; 1268 chan->state = BT_CLOSED; 1269 1270 sk->sk_err = err; 1271 1272 if (parent) { 1273 bt_accept_unlink(sk); 1274 parent->sk_data_ready(parent); 1275 } else { 1276 sk->sk_state_change(sk); 1277 } 1278 1279 break; 1280 } 1281 1282 release_sock(sk); 1283} 1284 1285static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1286 int err) 1287{ 1288 struct sock *sk = chan->data; 1289 1290 sk->sk_state = state; 1291 1292 if (err) 1293 sk->sk_err = err; 1294} 1295 1296static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1297 unsigned long hdr_len, 1298 unsigned long len, int nb) 1299{ 1300 struct sock *sk = chan->data; 1301 struct sk_buff *skb; 1302 int err; 1303 1304 l2cap_chan_unlock(chan); 1305 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1306 l2cap_chan_lock(chan); 1307 1308 if (!skb) 1309 return ERR_PTR(err); 1310 1311 skb->priority = sk->sk_priority; 1312 1313 bt_cb(skb)->chan = chan; 1314 1315 return skb; 1316} 1317 1318static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan, 1319 unsigned char *kdata, 1320 struct iovec *iov, int len) 1321{ 1322 return memcpy_fromiovec(kdata, iov, len); 1323} 1324 1325static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1326{ 1327 struct sock *sk = chan->data; 1328 struct sock *parent; 1329 1330 lock_sock(sk); 1331 1332 parent = bt_sk(sk)->parent; 1333 1334 BT_DBG("sk %p, parent %p", sk, parent); 1335 1336 sk->sk_state = BT_CONNECTED; 1337 sk->sk_state_change(sk); 1338 1339 if (parent) 1340 parent->sk_data_ready(parent); 1341 1342 release_sock(sk); 1343} 1344 1345static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1346{ 1347 struct sock *parent, *sk = chan->data; 1348 1349 lock_sock(sk); 1350 1351 parent = bt_sk(sk)->parent; 1352 if (parent) 1353 parent->sk_data_ready(parent); 1354 1355 release_sock(sk); 1356} 1357 1358static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1359{ 1360 struct sock *sk = chan->data; 1361 1362 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) { 1363 sk->sk_state = BT_CONNECTED; 1364 chan->state = BT_CONNECTED; 1365 } 1366 1367 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1368 sk->sk_state_change(sk); 1369} 1370 1371static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1372{ 1373 struct sock *sk = chan->data; 1374 1375 lock_sock(sk); 1376 sk->sk_shutdown = SHUTDOWN_MASK; 1377 release_sock(sk); 1378} 1379 1380static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1381{ 1382 struct sock *sk = chan->data; 1383 1384 return sk->sk_sndtimeo; 1385} 1386 1387static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1388{ 1389 struct sock *sk = chan->data; 1390 1391 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1392 sk->sk_state_change(sk); 1393} 1394 1395static const struct l2cap_ops l2cap_chan_ops = { 1396 .name = "L2CAP Socket Interface", 1397 .new_connection = l2cap_sock_new_connection_cb, 1398 .recv = l2cap_sock_recv_cb, 1399 .close = l2cap_sock_close_cb, 1400 .teardown = l2cap_sock_teardown_cb, 1401 .state_change = l2cap_sock_state_change_cb, 1402 .ready = l2cap_sock_ready_cb, 1403 .defer = l2cap_sock_defer_cb, 1404 .resume = l2cap_sock_resume_cb, 1405 .suspend = l2cap_sock_suspend_cb, 1406 .set_shutdown = l2cap_sock_set_shutdown_cb, 1407 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1408 .alloc_skb = l2cap_sock_alloc_skb_cb, 1409 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb, 1410}; 1411 1412static void l2cap_sock_destruct(struct sock *sk) 1413{ 1414 BT_DBG("sk %p", sk); 1415 1416 if (l2cap_pi(sk)->chan) 1417 l2cap_chan_put(l2cap_pi(sk)->chan); 1418 1419 if (l2cap_pi(sk)->rx_busy_skb) { 1420 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1421 l2cap_pi(sk)->rx_busy_skb = NULL; 1422 } 1423 1424 skb_queue_purge(&sk->sk_receive_queue); 1425 skb_queue_purge(&sk->sk_write_queue); 1426} 1427 1428static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1429 int *msg_namelen) 1430{ 1431 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1432 1433 memset(la, 0, sizeof(struct sockaddr_l2)); 1434 la->l2_family = AF_BLUETOOTH; 1435 la->l2_psm = bt_cb(skb)->psm; 1436 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1437 1438 *msg_namelen = sizeof(struct sockaddr_l2); 1439} 1440 1441static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1442{ 1443 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1444 1445 BT_DBG("sk %p", sk); 1446 1447 if (parent) { 1448 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1449 1450 sk->sk_type = parent->sk_type; 1451 bt_sk(sk)->flags = bt_sk(parent)->flags; 1452 1453 chan->chan_type = pchan->chan_type; 1454 chan->imtu = pchan->imtu; 1455 chan->omtu = pchan->omtu; 1456 chan->conf_state = pchan->conf_state; 1457 chan->mode = pchan->mode; 1458 chan->fcs = pchan->fcs; 1459 chan->max_tx = pchan->max_tx; 1460 chan->tx_win = pchan->tx_win; 1461 chan->tx_win_max = pchan->tx_win_max; 1462 chan->sec_level = pchan->sec_level; 1463 chan->flags = pchan->flags; 1464 chan->tx_credits = pchan->tx_credits; 1465 chan->rx_credits = pchan->rx_credits; 1466 1467 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1468 chan->scid = pchan->scid; 1469 chan->dcid = pchan->scid; 1470 } 1471 1472 security_sk_clone(parent, sk); 1473 } else { 1474 switch (sk->sk_type) { 1475 case SOCK_RAW: 1476 chan->chan_type = L2CAP_CHAN_RAW; 1477 break; 1478 case SOCK_DGRAM: 1479 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1480 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1481 break; 1482 case SOCK_SEQPACKET: 1483 case SOCK_STREAM: 1484 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1485 break; 1486 } 1487 1488 chan->imtu = L2CAP_DEFAULT_MTU; 1489 chan->omtu = 0; 1490 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1491 chan->mode = L2CAP_MODE_ERTM; 1492 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1493 } else { 1494 chan->mode = L2CAP_MODE_BASIC; 1495 } 1496 1497 l2cap_chan_set_defaults(chan); 1498 } 1499 1500 /* Default config options */ 1501 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1502 1503 chan->data = sk; 1504 chan->ops = &l2cap_chan_ops; 1505} 1506 1507static struct proto l2cap_proto = { 1508 .name = "L2CAP", 1509 .owner = THIS_MODULE, 1510 .obj_size = sizeof(struct l2cap_pinfo) 1511}; 1512 1513static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1514 int proto, gfp_t prio) 1515{ 1516 struct sock *sk; 1517 struct l2cap_chan *chan; 1518 1519 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1520 if (!sk) 1521 return NULL; 1522 1523 sock_init_data(sock, sk); 1524 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1525 1526 sk->sk_destruct = l2cap_sock_destruct; 1527 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1528 1529 sock_reset_flag(sk, SOCK_ZAPPED); 1530 1531 sk->sk_protocol = proto; 1532 sk->sk_state = BT_OPEN; 1533 1534 chan = l2cap_chan_create(); 1535 if (!chan) { 1536 sk_free(sk); 1537 return NULL; 1538 } 1539 1540 l2cap_chan_hold(chan); 1541 1542 l2cap_pi(sk)->chan = chan; 1543 1544 return sk; 1545} 1546 1547static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1548 int kern) 1549{ 1550 struct sock *sk; 1551 1552 BT_DBG("sock %p", sock); 1553 1554 sock->state = SS_UNCONNECTED; 1555 1556 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1557 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1558 return -ESOCKTNOSUPPORT; 1559 1560 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1561 return -EPERM; 1562 1563 sock->ops = &l2cap_sock_ops; 1564 1565 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1566 if (!sk) 1567 return -ENOMEM; 1568 1569 l2cap_sock_init(sk, NULL); 1570 bt_sock_link(&l2cap_sk_list, sk); 1571 return 0; 1572} 1573 1574static const struct proto_ops l2cap_sock_ops = { 1575 .family = PF_BLUETOOTH, 1576 .owner = THIS_MODULE, 1577 .release = l2cap_sock_release, 1578 .bind = l2cap_sock_bind, 1579 .connect = l2cap_sock_connect, 1580 .listen = l2cap_sock_listen, 1581 .accept = l2cap_sock_accept, 1582 .getname = l2cap_sock_getname, 1583 .sendmsg = l2cap_sock_sendmsg, 1584 .recvmsg = l2cap_sock_recvmsg, 1585 .poll = bt_sock_poll, 1586 .ioctl = bt_sock_ioctl, 1587 .mmap = sock_no_mmap, 1588 .socketpair = sock_no_socketpair, 1589 .shutdown = l2cap_sock_shutdown, 1590 .setsockopt = l2cap_sock_setsockopt, 1591 .getsockopt = l2cap_sock_getsockopt 1592}; 1593 1594static const struct net_proto_family l2cap_sock_family_ops = { 1595 .family = PF_BLUETOOTH, 1596 .owner = THIS_MODULE, 1597 .create = l2cap_sock_create, 1598}; 1599 1600int __init l2cap_init_sockets(void) 1601{ 1602 int err; 1603 1604 err = proto_register(&l2cap_proto, 0); 1605 if (err < 0) 1606 return err; 1607 1608 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1609 if (err < 0) { 1610 BT_ERR("L2CAP socket registration failed"); 1611 goto error; 1612 } 1613 1614 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1615 NULL); 1616 if (err < 0) { 1617 BT_ERR("Failed to create L2CAP proc file"); 1618 bt_sock_unregister(BTPROTO_L2CAP); 1619 goto error; 1620 } 1621 1622 BT_INFO("L2CAP socket layer initialized"); 1623 1624 return 0; 1625 1626error: 1627 proto_unregister(&l2cap_proto); 1628 return err; 1629} 1630 1631void l2cap_cleanup_sockets(void) 1632{ 1633 bt_procfs_cleanup(&init_net, "l2cap"); 1634 bt_sock_unregister(BTPROTO_L2CAP); 1635 proto_unregister(&l2cap_proto); 1636} 1637