l2cap_sock.c revision e0c888ad739513b9baae5c25e85dd6490595e5be
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/module.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36 37#include "smp.h" 38 39bool enable_lecoc; 40 41static struct bt_sock_list l2cap_sk_list = { 42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 43}; 44 45static const struct proto_ops l2cap_sock_ops; 46static void l2cap_sock_init(struct sock *sk, struct sock *parent); 47static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 48 int proto, gfp_t prio); 49 50bool l2cap_is_socket(struct socket *sock) 51{ 52 return sock && sock->ops == &l2cap_sock_ops; 53} 54EXPORT_SYMBOL(l2cap_is_socket); 55 56static int l2cap_validate_bredr_psm(u16 psm) 57{ 58 /* PSM must be odd and lsb of upper byte must be 0 */ 59 if ((psm & 0x0101) != 0x0001) 60 return -EINVAL; 61 62 /* Restrict usage of well-known PSMs */ 63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 64 return -EACCES; 65 66 return 0; 67} 68 69static int l2cap_validate_le_psm(u16 psm) 70{ 71 /* Valid LE_PSM ranges are defined only until 0x00ff */ 72 if (psm > 0x00ff) 73 return -EINVAL; 74 75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 77 return -EACCES; 78 79 return 0; 80} 81 82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 83{ 84 struct sock *sk = sock->sk; 85 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 86 struct sockaddr_l2 la; 87 int len, err = 0; 88 89 BT_DBG("sk %p", sk); 90 91 if (!addr || addr->sa_family != AF_BLUETOOTH) 92 return -EINVAL; 93 94 memset(&la, 0, sizeof(la)); 95 len = min_t(unsigned int, sizeof(la), alen); 96 memcpy(&la, addr, len); 97 98 if (la.l2_cid && la.l2_psm) 99 return -EINVAL; 100 101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 102 return -EINVAL; 103 104 if (la.l2_cid) { 105 /* When the socket gets created it defaults to 106 * CHAN_CONN_ORIENTED, so we need to overwrite the 107 * default here. 108 */ 109 chan->chan_type = L2CAP_CHAN_FIXED; 110 chan->omtu = L2CAP_DEFAULT_MTU; 111 } 112 113 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 114 if (!enable_lecoc && la.l2_psm) 115 return -EINVAL; 116 /* We only allow ATT user space socket */ 117 if (la.l2_cid && 118 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 119 return -EINVAL; 120 } 121 122 lock_sock(sk); 123 124 if (sk->sk_state != BT_OPEN) { 125 err = -EBADFD; 126 goto done; 127 } 128 129 if (la.l2_psm) { 130 __u16 psm = __le16_to_cpu(la.l2_psm); 131 132 if (la.l2_bdaddr_type == BDADDR_BREDR) 133 err = l2cap_validate_bredr_psm(psm); 134 else 135 err = l2cap_validate_le_psm(psm); 136 137 if (err) 138 goto done; 139 } 140 141 if (la.l2_cid) 142 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 143 else 144 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 145 146 if (err < 0) 147 goto done; 148 149 switch (chan->chan_type) { 150 case L2CAP_CHAN_CONN_LESS: 151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 152 chan->sec_level = BT_SECURITY_SDP; 153 break; 154 case L2CAP_CHAN_CONN_ORIENTED: 155 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 156 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 157 chan->sec_level = BT_SECURITY_SDP; 158 break; 159 case L2CAP_CHAN_RAW: 160 chan->sec_level = BT_SECURITY_SDP; 161 break; 162 } 163 164 bacpy(&chan->src, &la.l2_bdaddr); 165 chan->src_type = la.l2_bdaddr_type; 166 167 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 168 chan->mode = L2CAP_MODE_LE_FLOWCTL; 169 170 chan->state = BT_BOUND; 171 sk->sk_state = BT_BOUND; 172 173done: 174 release_sock(sk); 175 return err; 176} 177 178static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 179 int alen, int flags) 180{ 181 struct sock *sk = sock->sk; 182 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 183 struct sockaddr_l2 la; 184 int len, err = 0; 185 186 BT_DBG("sk %p", sk); 187 188 if (!addr || alen < sizeof(addr->sa_family) || 189 addr->sa_family != AF_BLUETOOTH) 190 return -EINVAL; 191 192 memset(&la, 0, sizeof(la)); 193 len = min_t(unsigned int, sizeof(la), alen); 194 memcpy(&la, addr, len); 195 196 if (la.l2_cid && la.l2_psm) 197 return -EINVAL; 198 199 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 200 return -EINVAL; 201 202 /* Check that the socket wasn't bound to something that 203 * conflicts with the address given to connect(). If chan->src 204 * is BDADDR_ANY it means bind() was never used, in which case 205 * chan->src_type and la.l2_bdaddr_type do not need to match. 206 */ 207 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 208 bdaddr_type_is_le(la.l2_bdaddr_type)) { 209 /* Old user space versions will try to incorrectly bind 210 * the ATT socket using BDADDR_BREDR. We need to accept 211 * this and fix up the source address type only when 212 * both the source CID and destination CID indicate 213 * ATT. Anything else is an invalid combination. 214 */ 215 if (chan->scid != L2CAP_CID_ATT || 216 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 217 return -EINVAL; 218 219 /* We don't have the hdev available here to make a 220 * better decision on random vs public, but since all 221 * user space versions that exhibit this issue anyway do 222 * not support random local addresses assuming public 223 * here is good enough. 224 */ 225 chan->src_type = BDADDR_LE_PUBLIC; 226 } 227 228 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 229 return -EINVAL; 230 231 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 232 if (!enable_lecoc && la.l2_psm) 233 return -EINVAL; 234 /* We only allow ATT user space socket */ 235 if (la.l2_cid && 236 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 237 return -EINVAL; 238 } 239 240 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 241 chan->mode = L2CAP_MODE_LE_FLOWCTL; 242 243 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 244 &la.l2_bdaddr, la.l2_bdaddr_type); 245 if (err) 246 return err; 247 248 lock_sock(sk); 249 250 err = bt_sock_wait_state(sk, BT_CONNECTED, 251 sock_sndtimeo(sk, flags & O_NONBLOCK)); 252 253 release_sock(sk); 254 255 return err; 256} 257 258static int l2cap_sock_listen(struct socket *sock, int backlog) 259{ 260 struct sock *sk = sock->sk; 261 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 262 int err = 0; 263 264 BT_DBG("sk %p backlog %d", sk, backlog); 265 266 lock_sock(sk); 267 268 if (sk->sk_state != BT_BOUND) { 269 err = -EBADFD; 270 goto done; 271 } 272 273 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 274 err = -EINVAL; 275 goto done; 276 } 277 278 switch (chan->mode) { 279 case L2CAP_MODE_BASIC: 280 case L2CAP_MODE_LE_FLOWCTL: 281 break; 282 case L2CAP_MODE_ERTM: 283 case L2CAP_MODE_STREAMING: 284 if (!disable_ertm) 285 break; 286 /* fall through */ 287 default: 288 err = -ENOTSUPP; 289 goto done; 290 } 291 292 sk->sk_max_ack_backlog = backlog; 293 sk->sk_ack_backlog = 0; 294 295 chan->state = BT_LISTEN; 296 sk->sk_state = BT_LISTEN; 297 298done: 299 release_sock(sk); 300 return err; 301} 302 303static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 304 int flags) 305{ 306 DECLARE_WAITQUEUE(wait, current); 307 struct sock *sk = sock->sk, *nsk; 308 long timeo; 309 int err = 0; 310 311 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 312 313 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 314 315 BT_DBG("sk %p timeo %ld", sk, timeo); 316 317 /* Wait for an incoming connection. (wake-one). */ 318 add_wait_queue_exclusive(sk_sleep(sk), &wait); 319 while (1) { 320 set_current_state(TASK_INTERRUPTIBLE); 321 322 if (sk->sk_state != BT_LISTEN) { 323 err = -EBADFD; 324 break; 325 } 326 327 nsk = bt_accept_dequeue(sk, newsock); 328 if (nsk) 329 break; 330 331 if (!timeo) { 332 err = -EAGAIN; 333 break; 334 } 335 336 if (signal_pending(current)) { 337 err = sock_intr_errno(timeo); 338 break; 339 } 340 341 release_sock(sk); 342 timeo = schedule_timeout(timeo); 343 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 344 } 345 __set_current_state(TASK_RUNNING); 346 remove_wait_queue(sk_sleep(sk), &wait); 347 348 if (err) 349 goto done; 350 351 newsock->state = SS_CONNECTED; 352 353 BT_DBG("new socket %p", nsk); 354 355done: 356 release_sock(sk); 357 return err; 358} 359 360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 361 int *len, int peer) 362{ 363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 364 struct sock *sk = sock->sk; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 366 367 BT_DBG("sock %p, sk %p", sock, sk); 368 369 memset(la, 0, sizeof(struct sockaddr_l2)); 370 addr->sa_family = AF_BLUETOOTH; 371 *len = sizeof(struct sockaddr_l2); 372 373 if (peer) { 374 la->l2_psm = chan->psm; 375 bacpy(&la->l2_bdaddr, &chan->dst); 376 la->l2_cid = cpu_to_le16(chan->dcid); 377 la->l2_bdaddr_type = chan->dst_type; 378 } else { 379 la->l2_psm = chan->sport; 380 bacpy(&la->l2_bdaddr, &chan->src); 381 la->l2_cid = cpu_to_le16(chan->scid); 382 la->l2_bdaddr_type = chan->src_type; 383 } 384 385 return 0; 386} 387 388static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 389 char __user *optval, int __user *optlen) 390{ 391 struct sock *sk = sock->sk; 392 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 393 struct l2cap_options opts; 394 struct l2cap_conninfo cinfo; 395 int len, err = 0; 396 u32 opt; 397 398 BT_DBG("sk %p", sk); 399 400 if (get_user(len, optlen)) 401 return -EFAULT; 402 403 lock_sock(sk); 404 405 switch (optname) { 406 case L2CAP_OPTIONS: 407 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 408 * legacy ATT code depends on getsockopt for 409 * L2CAP_OPTIONS we need to let this pass. 410 */ 411 if (bdaddr_type_is_le(chan->src_type) && 412 chan->scid != L2CAP_CID_ATT) { 413 err = -EINVAL; 414 break; 415 } 416 417 memset(&opts, 0, sizeof(opts)); 418 opts.imtu = chan->imtu; 419 opts.omtu = chan->omtu; 420 opts.flush_to = chan->flush_to; 421 opts.mode = chan->mode; 422 opts.fcs = chan->fcs; 423 opts.max_tx = chan->max_tx; 424 opts.txwin_size = chan->tx_win; 425 426 len = min_t(unsigned int, len, sizeof(opts)); 427 if (copy_to_user(optval, (char *) &opts, len)) 428 err = -EFAULT; 429 430 break; 431 432 case L2CAP_LM: 433 switch (chan->sec_level) { 434 case BT_SECURITY_LOW: 435 opt = L2CAP_LM_AUTH; 436 break; 437 case BT_SECURITY_MEDIUM: 438 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 439 break; 440 case BT_SECURITY_HIGH: 441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 442 L2CAP_LM_SECURE; 443 break; 444 case BT_SECURITY_FIPS: 445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 446 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 447 break; 448 default: 449 opt = 0; 450 break; 451 } 452 453 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 454 opt |= L2CAP_LM_MASTER; 455 456 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 457 opt |= L2CAP_LM_RELIABLE; 458 459 if (put_user(opt, (u32 __user *) optval)) 460 err = -EFAULT; 461 462 break; 463 464 case L2CAP_CONNINFO: 465 if (sk->sk_state != BT_CONNECTED && 466 !(sk->sk_state == BT_CONNECT2 && 467 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 468 err = -ENOTCONN; 469 break; 470 } 471 472 memset(&cinfo, 0, sizeof(cinfo)); 473 cinfo.hci_handle = chan->conn->hcon->handle; 474 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 475 476 len = min_t(unsigned int, len, sizeof(cinfo)); 477 if (copy_to_user(optval, (char *) &cinfo, len)) 478 err = -EFAULT; 479 480 break; 481 482 default: 483 err = -ENOPROTOOPT; 484 break; 485 } 486 487 release_sock(sk); 488 return err; 489} 490 491static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 492 char __user *optval, int __user *optlen) 493{ 494 struct sock *sk = sock->sk; 495 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 496 struct bt_security sec; 497 struct bt_power pwr; 498 int len, err = 0; 499 500 BT_DBG("sk %p", sk); 501 502 if (level == SOL_L2CAP) 503 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 504 505 if (level != SOL_BLUETOOTH) 506 return -ENOPROTOOPT; 507 508 if (get_user(len, optlen)) 509 return -EFAULT; 510 511 lock_sock(sk); 512 513 switch (optname) { 514 case BT_SECURITY: 515 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 516 chan->chan_type != L2CAP_CHAN_FIXED && 517 chan->chan_type != L2CAP_CHAN_RAW) { 518 err = -EINVAL; 519 break; 520 } 521 522 memset(&sec, 0, sizeof(sec)); 523 if (chan->conn) { 524 sec.level = chan->conn->hcon->sec_level; 525 526 if (sk->sk_state == BT_CONNECTED) 527 sec.key_size = chan->conn->hcon->enc_key_size; 528 } else { 529 sec.level = chan->sec_level; 530 } 531 532 len = min_t(unsigned int, len, sizeof(sec)); 533 if (copy_to_user(optval, (char *) &sec, len)) 534 err = -EFAULT; 535 536 break; 537 538 case BT_DEFER_SETUP: 539 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 540 err = -EINVAL; 541 break; 542 } 543 544 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 545 (u32 __user *) optval)) 546 err = -EFAULT; 547 548 break; 549 550 case BT_FLUSHABLE: 551 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 552 (u32 __user *) optval)) 553 err = -EFAULT; 554 555 break; 556 557 case BT_POWER: 558 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 559 && sk->sk_type != SOCK_RAW) { 560 err = -EINVAL; 561 break; 562 } 563 564 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 565 566 len = min_t(unsigned int, len, sizeof(pwr)); 567 if (copy_to_user(optval, (char *) &pwr, len)) 568 err = -EFAULT; 569 570 break; 571 572 case BT_CHANNEL_POLICY: 573 if (put_user(chan->chan_policy, (u32 __user *) optval)) 574 err = -EFAULT; 575 break; 576 577 case BT_SNDMTU: 578 if (!enable_lecoc) { 579 err = -EPROTONOSUPPORT; 580 break; 581 } 582 583 if (!bdaddr_type_is_le(chan->src_type)) { 584 err = -EINVAL; 585 break; 586 } 587 588 if (sk->sk_state != BT_CONNECTED) { 589 err = -ENOTCONN; 590 break; 591 } 592 593 if (put_user(chan->omtu, (u16 __user *) optval)) 594 err = -EFAULT; 595 break; 596 597 case BT_RCVMTU: 598 if (!enable_lecoc) { 599 err = -EPROTONOSUPPORT; 600 break; 601 } 602 603 if (!bdaddr_type_is_le(chan->src_type)) { 604 err = -EINVAL; 605 break; 606 } 607 608 if (put_user(chan->imtu, (u16 __user *) optval)) 609 err = -EFAULT; 610 break; 611 612 default: 613 err = -ENOPROTOOPT; 614 break; 615 } 616 617 release_sock(sk); 618 return err; 619} 620 621static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 622{ 623 switch (chan->scid) { 624 case L2CAP_CID_ATT: 625 if (mtu < L2CAP_LE_MIN_MTU) 626 return false; 627 break; 628 629 default: 630 if (mtu < L2CAP_DEFAULT_MIN_MTU) 631 return false; 632 } 633 634 return true; 635} 636 637static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 638 char __user *optval, unsigned int optlen) 639{ 640 struct sock *sk = sock->sk; 641 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 642 struct l2cap_options opts; 643 int len, err = 0; 644 u32 opt; 645 646 BT_DBG("sk %p", sk); 647 648 lock_sock(sk); 649 650 switch (optname) { 651 case L2CAP_OPTIONS: 652 if (bdaddr_type_is_le(chan->src_type)) { 653 err = -EINVAL; 654 break; 655 } 656 657 if (sk->sk_state == BT_CONNECTED) { 658 err = -EINVAL; 659 break; 660 } 661 662 opts.imtu = chan->imtu; 663 opts.omtu = chan->omtu; 664 opts.flush_to = chan->flush_to; 665 opts.mode = chan->mode; 666 opts.fcs = chan->fcs; 667 opts.max_tx = chan->max_tx; 668 opts.txwin_size = chan->tx_win; 669 670 len = min_t(unsigned int, sizeof(opts), optlen); 671 if (copy_from_user((char *) &opts, optval, len)) { 672 err = -EFAULT; 673 break; 674 } 675 676 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 677 err = -EINVAL; 678 break; 679 } 680 681 if (!l2cap_valid_mtu(chan, opts.imtu)) { 682 err = -EINVAL; 683 break; 684 } 685 686 chan->mode = opts.mode; 687 switch (chan->mode) { 688 case L2CAP_MODE_LE_FLOWCTL: 689 break; 690 case L2CAP_MODE_BASIC: 691 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 692 break; 693 case L2CAP_MODE_ERTM: 694 case L2CAP_MODE_STREAMING: 695 if (!disable_ertm) 696 break; 697 /* fall through */ 698 default: 699 err = -EINVAL; 700 break; 701 } 702 703 chan->imtu = opts.imtu; 704 chan->omtu = opts.omtu; 705 chan->fcs = opts.fcs; 706 chan->max_tx = opts.max_tx; 707 chan->tx_win = opts.txwin_size; 708 chan->flush_to = opts.flush_to; 709 break; 710 711 case L2CAP_LM: 712 if (get_user(opt, (u32 __user *) optval)) { 713 err = -EFAULT; 714 break; 715 } 716 717 if (opt & L2CAP_LM_FIPS) { 718 err = -EINVAL; 719 break; 720 } 721 722 if (opt & L2CAP_LM_AUTH) 723 chan->sec_level = BT_SECURITY_LOW; 724 if (opt & L2CAP_LM_ENCRYPT) 725 chan->sec_level = BT_SECURITY_MEDIUM; 726 if (opt & L2CAP_LM_SECURE) 727 chan->sec_level = BT_SECURITY_HIGH; 728 729 if (opt & L2CAP_LM_MASTER) 730 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 731 else 732 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 733 734 if (opt & L2CAP_LM_RELIABLE) 735 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 736 else 737 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 738 break; 739 740 default: 741 err = -ENOPROTOOPT; 742 break; 743 } 744 745 release_sock(sk); 746 return err; 747} 748 749static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 750 char __user *optval, unsigned int optlen) 751{ 752 struct sock *sk = sock->sk; 753 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 struct bt_security sec; 755 struct bt_power pwr; 756 struct l2cap_conn *conn; 757 int len, err = 0; 758 u32 opt; 759 760 BT_DBG("sk %p", sk); 761 762 if (level == SOL_L2CAP) 763 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 764 765 if (level != SOL_BLUETOOTH) 766 return -ENOPROTOOPT; 767 768 lock_sock(sk); 769 770 switch (optname) { 771 case BT_SECURITY: 772 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 773 chan->chan_type != L2CAP_CHAN_FIXED && 774 chan->chan_type != L2CAP_CHAN_RAW) { 775 err = -EINVAL; 776 break; 777 } 778 779 sec.level = BT_SECURITY_LOW; 780 781 len = min_t(unsigned int, sizeof(sec), optlen); 782 if (copy_from_user((char *) &sec, optval, len)) { 783 err = -EFAULT; 784 break; 785 } 786 787 if (sec.level < BT_SECURITY_LOW || 788 sec.level > BT_SECURITY_HIGH) { 789 err = -EINVAL; 790 break; 791 } 792 793 chan->sec_level = sec.level; 794 795 if (!chan->conn) 796 break; 797 798 conn = chan->conn; 799 800 /*change security for LE channels */ 801 if (chan->scid == L2CAP_CID_ATT) { 802 if (!conn->hcon->out) { 803 err = -EINVAL; 804 break; 805 } 806 807 if (smp_conn_security(conn->hcon, sec.level)) 808 break; 809 sk->sk_state = BT_CONFIG; 810 chan->state = BT_CONFIG; 811 812 /* or for ACL link */ 813 } else if ((sk->sk_state == BT_CONNECT2 && 814 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 815 sk->sk_state == BT_CONNECTED) { 816 if (!l2cap_chan_check_security(chan)) 817 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 818 else 819 sk->sk_state_change(sk); 820 } else { 821 err = -EINVAL; 822 } 823 break; 824 825 case BT_DEFER_SETUP: 826 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 827 err = -EINVAL; 828 break; 829 } 830 831 if (get_user(opt, (u32 __user *) optval)) { 832 err = -EFAULT; 833 break; 834 } 835 836 if (opt) { 837 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 838 set_bit(FLAG_DEFER_SETUP, &chan->flags); 839 } else { 840 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 841 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 842 } 843 break; 844 845 case BT_FLUSHABLE: 846 if (get_user(opt, (u32 __user *) optval)) { 847 err = -EFAULT; 848 break; 849 } 850 851 if (opt > BT_FLUSHABLE_ON) { 852 err = -EINVAL; 853 break; 854 } 855 856 if (opt == BT_FLUSHABLE_OFF) { 857 conn = chan->conn; 858 /* proceed further only when we have l2cap_conn and 859 No Flush support in the LM */ 860 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 861 err = -EINVAL; 862 break; 863 } 864 } 865 866 if (opt) 867 set_bit(FLAG_FLUSHABLE, &chan->flags); 868 else 869 clear_bit(FLAG_FLUSHABLE, &chan->flags); 870 break; 871 872 case BT_POWER: 873 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 874 chan->chan_type != L2CAP_CHAN_RAW) { 875 err = -EINVAL; 876 break; 877 } 878 879 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 880 881 len = min_t(unsigned int, sizeof(pwr), optlen); 882 if (copy_from_user((char *) &pwr, optval, len)) { 883 err = -EFAULT; 884 break; 885 } 886 887 if (pwr.force_active) 888 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 889 else 890 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 891 break; 892 893 case BT_CHANNEL_POLICY: 894 if (get_user(opt, (u32 __user *) optval)) { 895 err = -EFAULT; 896 break; 897 } 898 899 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 900 err = -EINVAL; 901 break; 902 } 903 904 if (chan->mode != L2CAP_MODE_ERTM && 905 chan->mode != L2CAP_MODE_STREAMING) { 906 err = -EOPNOTSUPP; 907 break; 908 } 909 910 chan->chan_policy = (u8) opt; 911 912 if (sk->sk_state == BT_CONNECTED && 913 chan->move_role == L2CAP_MOVE_ROLE_NONE) 914 l2cap_move_start(chan); 915 916 break; 917 918 case BT_SNDMTU: 919 if (!enable_lecoc) { 920 err = -EPROTONOSUPPORT; 921 break; 922 } 923 924 if (!bdaddr_type_is_le(chan->src_type)) { 925 err = -EINVAL; 926 break; 927 } 928 929 /* Setting is not supported as it's the remote side that 930 * decides this. 931 */ 932 err = -EPERM; 933 break; 934 935 case BT_RCVMTU: 936 if (!enable_lecoc) { 937 err = -EPROTONOSUPPORT; 938 break; 939 } 940 941 if (!bdaddr_type_is_le(chan->src_type)) { 942 err = -EINVAL; 943 break; 944 } 945 946 if (sk->sk_state == BT_CONNECTED) { 947 err = -EISCONN; 948 break; 949 } 950 951 if (get_user(opt, (u32 __user *) optval)) { 952 err = -EFAULT; 953 break; 954 } 955 956 chan->imtu = opt; 957 break; 958 959 default: 960 err = -ENOPROTOOPT; 961 break; 962 } 963 964 release_sock(sk); 965 return err; 966} 967 968static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 969 struct msghdr *msg, size_t len) 970{ 971 struct sock *sk = sock->sk; 972 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 973 int err; 974 975 BT_DBG("sock %p, sk %p", sock, sk); 976 977 err = sock_error(sk); 978 if (err) 979 return err; 980 981 if (msg->msg_flags & MSG_OOB) 982 return -EOPNOTSUPP; 983 984 if (sk->sk_state != BT_CONNECTED) 985 return -ENOTCONN; 986 987 lock_sock(sk); 988 err = bt_sock_wait_ready(sk, msg->msg_flags); 989 release_sock(sk); 990 if (err) 991 return err; 992 993 l2cap_chan_lock(chan); 994 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 995 l2cap_chan_unlock(chan); 996 997 return err; 998} 999 1000static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 1001 struct msghdr *msg, size_t len, int flags) 1002{ 1003 struct sock *sk = sock->sk; 1004 struct l2cap_pinfo *pi = l2cap_pi(sk); 1005 int err; 1006 1007 lock_sock(sk); 1008 1009 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 1010 &bt_sk(sk)->flags)) { 1011 if (bdaddr_type_is_le(pi->chan->src_type)) { 1012 sk->sk_state = BT_CONNECTED; 1013 pi->chan->state = BT_CONNECTED; 1014 __l2cap_le_connect_rsp_defer(pi->chan); 1015 } else { 1016 sk->sk_state = BT_CONFIG; 1017 pi->chan->state = BT_CONFIG; 1018 __l2cap_connect_rsp_defer(pi->chan); 1019 } 1020 1021 err = 0; 1022 goto done; 1023 } 1024 1025 release_sock(sk); 1026 1027 if (sock->type == SOCK_STREAM) 1028 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1029 else 1030 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1031 1032 if (pi->chan->mode != L2CAP_MODE_ERTM) 1033 return err; 1034 1035 /* Attempt to put pending rx data in the socket buffer */ 1036 1037 lock_sock(sk); 1038 1039 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1040 goto done; 1041 1042 if (pi->rx_busy_skb) { 1043 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1044 pi->rx_busy_skb = NULL; 1045 else 1046 goto done; 1047 } 1048 1049 /* Restore data flow when half of the receive buffer is 1050 * available. This avoids resending large numbers of 1051 * frames. 1052 */ 1053 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1054 l2cap_chan_busy(pi->chan, 0); 1055 1056done: 1057 release_sock(sk); 1058 return err; 1059} 1060 1061/* Kill socket (only if zapped and orphan) 1062 * Must be called on unlocked socket. 1063 */ 1064static void l2cap_sock_kill(struct sock *sk) 1065{ 1066 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1067 return; 1068 1069 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1070 1071 /* Kill poor orphan */ 1072 1073 l2cap_chan_put(l2cap_pi(sk)->chan); 1074 sock_set_flag(sk, SOCK_DEAD); 1075 sock_put(sk); 1076} 1077 1078static int __l2cap_wait_ack(struct sock *sk) 1079{ 1080 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1081 DECLARE_WAITQUEUE(wait, current); 1082 int err = 0; 1083 int timeo = HZ/5; 1084 1085 add_wait_queue(sk_sleep(sk), &wait); 1086 set_current_state(TASK_INTERRUPTIBLE); 1087 while (chan->unacked_frames > 0 && chan->conn) { 1088 if (!timeo) 1089 timeo = HZ/5; 1090 1091 if (signal_pending(current)) { 1092 err = sock_intr_errno(timeo); 1093 break; 1094 } 1095 1096 release_sock(sk); 1097 timeo = schedule_timeout(timeo); 1098 lock_sock(sk); 1099 set_current_state(TASK_INTERRUPTIBLE); 1100 1101 err = sock_error(sk); 1102 if (err) 1103 break; 1104 } 1105 set_current_state(TASK_RUNNING); 1106 remove_wait_queue(sk_sleep(sk), &wait); 1107 return err; 1108} 1109 1110static int l2cap_sock_shutdown(struct socket *sock, int how) 1111{ 1112 struct sock *sk = sock->sk; 1113 struct l2cap_chan *chan; 1114 struct l2cap_conn *conn; 1115 int err = 0; 1116 1117 BT_DBG("sock %p, sk %p", sock, sk); 1118 1119 if (!sk) 1120 return 0; 1121 1122 chan = l2cap_pi(sk)->chan; 1123 conn = chan->conn; 1124 1125 if (conn) 1126 mutex_lock(&conn->chan_lock); 1127 1128 l2cap_chan_lock(chan); 1129 lock_sock(sk); 1130 1131 if (!sk->sk_shutdown) { 1132 if (chan->mode == L2CAP_MODE_ERTM) 1133 err = __l2cap_wait_ack(sk); 1134 1135 sk->sk_shutdown = SHUTDOWN_MASK; 1136 1137 release_sock(sk); 1138 l2cap_chan_close(chan, 0); 1139 lock_sock(sk); 1140 1141 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1142 err = bt_sock_wait_state(sk, BT_CLOSED, 1143 sk->sk_lingertime); 1144 } 1145 1146 if (!err && sk->sk_err) 1147 err = -sk->sk_err; 1148 1149 release_sock(sk); 1150 l2cap_chan_unlock(chan); 1151 1152 if (conn) 1153 mutex_unlock(&conn->chan_lock); 1154 1155 return err; 1156} 1157 1158static int l2cap_sock_release(struct socket *sock) 1159{ 1160 struct sock *sk = sock->sk; 1161 int err; 1162 1163 BT_DBG("sock %p, sk %p", sock, sk); 1164 1165 if (!sk) 1166 return 0; 1167 1168 bt_sock_unlink(&l2cap_sk_list, sk); 1169 1170 err = l2cap_sock_shutdown(sock, 2); 1171 1172 sock_orphan(sk); 1173 l2cap_sock_kill(sk); 1174 return err; 1175} 1176 1177static void l2cap_sock_cleanup_listen(struct sock *parent) 1178{ 1179 struct sock *sk; 1180 1181 BT_DBG("parent %p", parent); 1182 1183 /* Close not yet accepted channels */ 1184 while ((sk = bt_accept_dequeue(parent, NULL))) { 1185 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1186 1187 l2cap_chan_lock(chan); 1188 __clear_chan_timer(chan); 1189 l2cap_chan_close(chan, ECONNRESET); 1190 l2cap_chan_unlock(chan); 1191 1192 l2cap_sock_kill(sk); 1193 } 1194} 1195 1196static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1197{ 1198 struct sock *sk, *parent = chan->data; 1199 1200 lock_sock(parent); 1201 1202 /* Check for backlog size */ 1203 if (sk_acceptq_is_full(parent)) { 1204 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1205 return NULL; 1206 } 1207 1208 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1209 GFP_ATOMIC); 1210 if (!sk) 1211 return NULL; 1212 1213 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1214 1215 l2cap_sock_init(sk, parent); 1216 1217 bt_accept_enqueue(parent, sk); 1218 1219 release_sock(parent); 1220 1221 return l2cap_pi(sk)->chan; 1222} 1223 1224static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1225{ 1226 struct sock *sk = chan->data; 1227 int err; 1228 1229 lock_sock(sk); 1230 1231 if (l2cap_pi(sk)->rx_busy_skb) { 1232 err = -ENOMEM; 1233 goto done; 1234 } 1235 1236 err = sock_queue_rcv_skb(sk, skb); 1237 1238 /* For ERTM, handle one skb that doesn't fit into the recv 1239 * buffer. This is important to do because the data frames 1240 * have already been acked, so the skb cannot be discarded. 1241 * 1242 * Notify the l2cap core that the buffer is full, so the 1243 * LOCAL_BUSY state is entered and no more frames are 1244 * acked and reassembled until there is buffer space 1245 * available. 1246 */ 1247 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1248 l2cap_pi(sk)->rx_busy_skb = skb; 1249 l2cap_chan_busy(chan, 1); 1250 err = 0; 1251 } 1252 1253done: 1254 release_sock(sk); 1255 1256 return err; 1257} 1258 1259static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1260{ 1261 struct sock *sk = chan->data; 1262 1263 l2cap_sock_kill(sk); 1264} 1265 1266static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1267{ 1268 struct sock *sk = chan->data; 1269 struct sock *parent; 1270 1271 lock_sock(sk); 1272 1273 parent = bt_sk(sk)->parent; 1274 1275 sock_set_flag(sk, SOCK_ZAPPED); 1276 1277 switch (chan->state) { 1278 case BT_OPEN: 1279 case BT_BOUND: 1280 case BT_CLOSED: 1281 break; 1282 case BT_LISTEN: 1283 l2cap_sock_cleanup_listen(sk); 1284 sk->sk_state = BT_CLOSED; 1285 chan->state = BT_CLOSED; 1286 1287 break; 1288 default: 1289 sk->sk_state = BT_CLOSED; 1290 chan->state = BT_CLOSED; 1291 1292 sk->sk_err = err; 1293 1294 if (parent) { 1295 bt_accept_unlink(sk); 1296 parent->sk_data_ready(parent, 0); 1297 } else { 1298 sk->sk_state_change(sk); 1299 } 1300 1301 break; 1302 } 1303 1304 release_sock(sk); 1305} 1306 1307static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1308 int err) 1309{ 1310 struct sock *sk = chan->data; 1311 1312 sk->sk_state = state; 1313 1314 if (err) 1315 sk->sk_err = err; 1316} 1317 1318static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1319 unsigned long len, int nb) 1320{ 1321 struct sock *sk = chan->data; 1322 struct sk_buff *skb; 1323 int err; 1324 1325 l2cap_chan_unlock(chan); 1326 skb = bt_skb_send_alloc(sk, len, nb, &err); 1327 l2cap_chan_lock(chan); 1328 1329 if (!skb) 1330 return ERR_PTR(err); 1331 1332 bt_cb(skb)->chan = chan; 1333 1334 return skb; 1335} 1336 1337static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1338{ 1339 struct sock *sk = chan->data; 1340 struct sock *parent; 1341 1342 lock_sock(sk); 1343 1344 parent = bt_sk(sk)->parent; 1345 1346 BT_DBG("sk %p, parent %p", sk, parent); 1347 1348 sk->sk_state = BT_CONNECTED; 1349 sk->sk_state_change(sk); 1350 1351 if (parent) 1352 parent->sk_data_ready(parent, 0); 1353 1354 release_sock(sk); 1355} 1356 1357static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1358{ 1359 struct sock *parent, *sk = chan->data; 1360 1361 lock_sock(sk); 1362 1363 parent = bt_sk(sk)->parent; 1364 if (parent) 1365 parent->sk_data_ready(parent, 0); 1366 1367 release_sock(sk); 1368} 1369 1370static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1371{ 1372 struct sock *sk = chan->data; 1373 1374 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1375 sk->sk_state_change(sk); 1376} 1377 1378static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1379{ 1380 struct sock *sk = chan->data; 1381 1382 lock_sock(sk); 1383 sk->sk_shutdown = SHUTDOWN_MASK; 1384 release_sock(sk); 1385} 1386 1387static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1388{ 1389 struct sock *sk = chan->data; 1390 1391 return sk->sk_sndtimeo; 1392} 1393 1394static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1395{ 1396 struct sock *sk = chan->data; 1397 1398 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1399 sk->sk_state_change(sk); 1400} 1401 1402static struct l2cap_ops l2cap_chan_ops = { 1403 .name = "L2CAP Socket Interface", 1404 .new_connection = l2cap_sock_new_connection_cb, 1405 .recv = l2cap_sock_recv_cb, 1406 .close = l2cap_sock_close_cb, 1407 .teardown = l2cap_sock_teardown_cb, 1408 .state_change = l2cap_sock_state_change_cb, 1409 .ready = l2cap_sock_ready_cb, 1410 .defer = l2cap_sock_defer_cb, 1411 .resume = l2cap_sock_resume_cb, 1412 .suspend = l2cap_sock_suspend_cb, 1413 .set_shutdown = l2cap_sock_set_shutdown_cb, 1414 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1415 .alloc_skb = l2cap_sock_alloc_skb_cb, 1416}; 1417 1418static void l2cap_sock_destruct(struct sock *sk) 1419{ 1420 BT_DBG("sk %p", sk); 1421 1422 if (l2cap_pi(sk)->chan) 1423 l2cap_chan_put(l2cap_pi(sk)->chan); 1424 1425 if (l2cap_pi(sk)->rx_busy_skb) { 1426 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1427 l2cap_pi(sk)->rx_busy_skb = NULL; 1428 } 1429 1430 skb_queue_purge(&sk->sk_receive_queue); 1431 skb_queue_purge(&sk->sk_write_queue); 1432} 1433 1434static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1435 int *msg_namelen) 1436{ 1437 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1438 1439 memset(la, 0, sizeof(struct sockaddr_l2)); 1440 la->l2_family = AF_BLUETOOTH; 1441 la->l2_psm = bt_cb(skb)->psm; 1442 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1443 1444 *msg_namelen = sizeof(struct sockaddr_l2); 1445} 1446 1447static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1448{ 1449 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1450 1451 BT_DBG("sk %p", sk); 1452 1453 if (parent) { 1454 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1455 1456 sk->sk_type = parent->sk_type; 1457 bt_sk(sk)->flags = bt_sk(parent)->flags; 1458 1459 chan->chan_type = pchan->chan_type; 1460 chan->imtu = pchan->imtu; 1461 chan->omtu = pchan->omtu; 1462 chan->conf_state = pchan->conf_state; 1463 chan->mode = pchan->mode; 1464 chan->fcs = pchan->fcs; 1465 chan->max_tx = pchan->max_tx; 1466 chan->tx_win = pchan->tx_win; 1467 chan->tx_win_max = pchan->tx_win_max; 1468 chan->sec_level = pchan->sec_level; 1469 chan->flags = pchan->flags; 1470 chan->tx_credits = pchan->tx_credits; 1471 chan->rx_credits = pchan->rx_credits; 1472 1473 security_sk_clone(parent, sk); 1474 } else { 1475 switch (sk->sk_type) { 1476 case SOCK_RAW: 1477 chan->chan_type = L2CAP_CHAN_RAW; 1478 break; 1479 case SOCK_DGRAM: 1480 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1481 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1482 break; 1483 case SOCK_SEQPACKET: 1484 case SOCK_STREAM: 1485 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1486 break; 1487 } 1488 1489 chan->imtu = L2CAP_DEFAULT_MTU; 1490 chan->omtu = 0; 1491 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1492 chan->mode = L2CAP_MODE_ERTM; 1493 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1494 } else { 1495 chan->mode = L2CAP_MODE_BASIC; 1496 } 1497 1498 l2cap_chan_set_defaults(chan); 1499 } 1500 1501 /* Default config options */ 1502 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1503 1504 chan->data = sk; 1505 chan->ops = &l2cap_chan_ops; 1506} 1507 1508static struct proto l2cap_proto = { 1509 .name = "L2CAP", 1510 .owner = THIS_MODULE, 1511 .obj_size = sizeof(struct l2cap_pinfo) 1512}; 1513 1514static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1515 int proto, gfp_t prio) 1516{ 1517 struct sock *sk; 1518 struct l2cap_chan *chan; 1519 1520 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1521 if (!sk) 1522 return NULL; 1523 1524 sock_init_data(sock, sk); 1525 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1526 1527 sk->sk_destruct = l2cap_sock_destruct; 1528 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1529 1530 sock_reset_flag(sk, SOCK_ZAPPED); 1531 1532 sk->sk_protocol = proto; 1533 sk->sk_state = BT_OPEN; 1534 1535 chan = l2cap_chan_create(); 1536 if (!chan) { 1537 sk_free(sk); 1538 return NULL; 1539 } 1540 1541 l2cap_chan_hold(chan); 1542 1543 l2cap_pi(sk)->chan = chan; 1544 1545 return sk; 1546} 1547 1548static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1549 int kern) 1550{ 1551 struct sock *sk; 1552 1553 BT_DBG("sock %p", sock); 1554 1555 sock->state = SS_UNCONNECTED; 1556 1557 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1558 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1559 return -ESOCKTNOSUPPORT; 1560 1561 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1562 return -EPERM; 1563 1564 sock->ops = &l2cap_sock_ops; 1565 1566 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1567 if (!sk) 1568 return -ENOMEM; 1569 1570 l2cap_sock_init(sk, NULL); 1571 bt_sock_link(&l2cap_sk_list, sk); 1572 return 0; 1573} 1574 1575static const struct proto_ops l2cap_sock_ops = { 1576 .family = PF_BLUETOOTH, 1577 .owner = THIS_MODULE, 1578 .release = l2cap_sock_release, 1579 .bind = l2cap_sock_bind, 1580 .connect = l2cap_sock_connect, 1581 .listen = l2cap_sock_listen, 1582 .accept = l2cap_sock_accept, 1583 .getname = l2cap_sock_getname, 1584 .sendmsg = l2cap_sock_sendmsg, 1585 .recvmsg = l2cap_sock_recvmsg, 1586 .poll = bt_sock_poll, 1587 .ioctl = bt_sock_ioctl, 1588 .mmap = sock_no_mmap, 1589 .socketpair = sock_no_socketpair, 1590 .shutdown = l2cap_sock_shutdown, 1591 .setsockopt = l2cap_sock_setsockopt, 1592 .getsockopt = l2cap_sock_getsockopt 1593}; 1594 1595static const struct net_proto_family l2cap_sock_family_ops = { 1596 .family = PF_BLUETOOTH, 1597 .owner = THIS_MODULE, 1598 .create = l2cap_sock_create, 1599}; 1600 1601int __init l2cap_init_sockets(void) 1602{ 1603 int err; 1604 1605 err = proto_register(&l2cap_proto, 0); 1606 if (err < 0) 1607 return err; 1608 1609 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1610 if (err < 0) { 1611 BT_ERR("L2CAP socket registration failed"); 1612 goto error; 1613 } 1614 1615 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1616 NULL); 1617 if (err < 0) { 1618 BT_ERR("Failed to create L2CAP proc file"); 1619 bt_sock_unregister(BTPROTO_L2CAP); 1620 goto error; 1621 } 1622 1623 BT_INFO("L2CAP socket layer initialized"); 1624 1625 return 0; 1626 1627error: 1628 proto_unregister(&l2cap_proto); 1629 return err; 1630} 1631 1632void l2cap_cleanup_sockets(void) 1633{ 1634 bt_procfs_cleanup(&init_net, "l2cap"); 1635 bt_sock_unregister(BTPROTO_L2CAP); 1636 proto_unregister(&l2cap_proto); 1637} 1638 1639module_param(enable_lecoc, bool, 0644); 1640MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC"); 1641