l2cap_sock.c revision e7cafc45258c852c5176cd421615846e79a3d307
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> 5 Copyright (C) 2010 Google Inc. 6 Copyright (C) 2011 ProFUSION Embedded Systems 7 8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License version 2 as 12 published by the Free Software Foundation; 13 14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 25 SOFTWARE IS DISCLAIMED. 26*/ 27 28/* Bluetooth L2CAP sockets. */ 29 30#include <linux/module.h> 31#include <linux/export.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36 37#include "smp.h" 38 39static struct bt_sock_list l2cap_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 41}; 42 43static const struct proto_ops l2cap_sock_ops; 44static void l2cap_sock_init(struct sock *sk, struct sock *parent); 45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 46 int proto, gfp_t prio); 47 48bool l2cap_is_socket(struct socket *sock) 49{ 50 return sock && sock->ops == &l2cap_sock_ops; 51} 52EXPORT_SYMBOL(l2cap_is_socket); 53 54static int l2cap_validate_bredr_psm(u16 psm) 55{ 56 /* PSM must be odd and lsb of upper byte must be 0 */ 57 if ((psm & 0x0101) != 0x0001) 58 return -EINVAL; 59 60 /* Restrict usage of well-known PSMs */ 61 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) 62 return -EACCES; 63 64 return 0; 65} 66 67static int l2cap_validate_le_psm(u16 psm) 68{ 69 /* Valid LE_PSM ranges are defined only until 0x00ff */ 70 if (psm > 0x00ff) 71 return -EINVAL; 72 73 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ 74 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) 75 return -EACCES; 76 77 return 0; 78} 79 80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 81{ 82 struct sock *sk = sock->sk; 83 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 84 struct sockaddr_l2 la; 85 int len, err = 0; 86 87 BT_DBG("sk %p", sk); 88 89 if (!addr || addr->sa_family != AF_BLUETOOTH) 90 return -EINVAL; 91 92 memset(&la, 0, sizeof(la)); 93 len = min_t(unsigned int, sizeof(la), alen); 94 memcpy(&la, addr, len); 95 96 if (la.l2_cid && la.l2_psm) 97 return -EINVAL; 98 99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 100 return -EINVAL; 101 102 if (la.l2_cid) { 103 /* When the socket gets created it defaults to 104 * CHAN_CONN_ORIENTED, so we need to overwrite the 105 * default here. 106 */ 107 chan->chan_type = L2CAP_CHAN_FIXED; 108 chan->omtu = L2CAP_DEFAULT_MTU; 109 } 110 111 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 112 /* We only allow ATT user space socket */ 113 if (la.l2_cid && 114 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 115 return -EINVAL; 116 } 117 118 lock_sock(sk); 119 120 if (sk->sk_state != BT_OPEN) { 121 err = -EBADFD; 122 goto done; 123 } 124 125 if (la.l2_psm) { 126 __u16 psm = __le16_to_cpu(la.l2_psm); 127 128 if (la.l2_bdaddr_type == BDADDR_BREDR) 129 err = l2cap_validate_bredr_psm(psm); 130 else 131 err = l2cap_validate_le_psm(psm); 132 133 if (err) 134 goto done; 135 } 136 137 if (la.l2_cid) 138 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); 139 else 140 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm); 141 142 if (err < 0) 143 goto done; 144 145 switch (chan->chan_type) { 146 case L2CAP_CHAN_CONN_LESS: 147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP) 148 chan->sec_level = BT_SECURITY_SDP; 149 break; 150 case L2CAP_CHAN_CONN_ORIENTED: 151 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 152 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 153 chan->sec_level = BT_SECURITY_SDP; 154 break; 155 case L2CAP_CHAN_RAW: 156 chan->sec_level = BT_SECURITY_SDP; 157 break; 158 } 159 160 bacpy(&chan->src, &la.l2_bdaddr); 161 chan->src_type = la.l2_bdaddr_type; 162 163 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 164 chan->mode = L2CAP_MODE_LE_FLOWCTL; 165 166 chan->state = BT_BOUND; 167 sk->sk_state = BT_BOUND; 168 169done: 170 release_sock(sk); 171 return err; 172} 173 174static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, 175 int alen, int flags) 176{ 177 struct sock *sk = sock->sk; 178 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 179 struct sockaddr_l2 la; 180 int len, err = 0; 181 182 BT_DBG("sk %p", sk); 183 184 if (!addr || alen < sizeof(addr->sa_family) || 185 addr->sa_family != AF_BLUETOOTH) 186 return -EINVAL; 187 188 memset(&la, 0, sizeof(la)); 189 len = min_t(unsigned int, sizeof(la), alen); 190 memcpy(&la, addr, len); 191 192 if (la.l2_cid && la.l2_psm) 193 return -EINVAL; 194 195 if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) 196 return -EINVAL; 197 198 /* Check that the socket wasn't bound to something that 199 * conflicts with the address given to connect(). If chan->src 200 * is BDADDR_ANY it means bind() was never used, in which case 201 * chan->src_type and la.l2_bdaddr_type do not need to match. 202 */ 203 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) && 204 bdaddr_type_is_le(la.l2_bdaddr_type)) { 205 /* Old user space versions will try to incorrectly bind 206 * the ATT socket using BDADDR_BREDR. We need to accept 207 * this and fix up the source address type only when 208 * both the source CID and destination CID indicate 209 * ATT. Anything else is an invalid combination. 210 */ 211 if (chan->scid != L2CAP_CID_ATT || 212 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 213 return -EINVAL; 214 215 /* We don't have the hdev available here to make a 216 * better decision on random vs public, but since all 217 * user space versions that exhibit this issue anyway do 218 * not support random local addresses assuming public 219 * here is good enough. 220 */ 221 chan->src_type = BDADDR_LE_PUBLIC; 222 } 223 224 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) 225 return -EINVAL; 226 227 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 228 /* We only allow ATT user space socket */ 229 if (la.l2_cid && 230 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT)) 231 return -EINVAL; 232 } 233 234 if (chan->psm && bdaddr_type_is_le(chan->src_type)) 235 chan->mode = L2CAP_MODE_LE_FLOWCTL; 236 237 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 238 &la.l2_bdaddr, la.l2_bdaddr_type); 239 if (err) 240 return err; 241 242 lock_sock(sk); 243 244 err = bt_sock_wait_state(sk, BT_CONNECTED, 245 sock_sndtimeo(sk, flags & O_NONBLOCK)); 246 247 release_sock(sk); 248 249 return err; 250} 251 252static int l2cap_sock_listen(struct socket *sock, int backlog) 253{ 254 struct sock *sk = sock->sk; 255 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 256 int err = 0; 257 258 BT_DBG("sk %p backlog %d", sk, backlog); 259 260 lock_sock(sk); 261 262 if (sk->sk_state != BT_BOUND) { 263 err = -EBADFD; 264 goto done; 265 } 266 267 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) { 268 err = -EINVAL; 269 goto done; 270 } 271 272 switch (chan->mode) { 273 case L2CAP_MODE_BASIC: 274 case L2CAP_MODE_LE_FLOWCTL: 275 break; 276 case L2CAP_MODE_ERTM: 277 case L2CAP_MODE_STREAMING: 278 if (!disable_ertm) 279 break; 280 /* fall through */ 281 default: 282 err = -ENOTSUPP; 283 goto done; 284 } 285 286 sk->sk_max_ack_backlog = backlog; 287 sk->sk_ack_backlog = 0; 288 289 chan->state = BT_LISTEN; 290 sk->sk_state = BT_LISTEN; 291 292done: 293 release_sock(sk); 294 return err; 295} 296 297static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 298 int flags) 299{ 300 DECLARE_WAITQUEUE(wait, current); 301 struct sock *sk = sock->sk, *nsk; 302 long timeo; 303 int err = 0; 304 305 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 306 307 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 308 309 BT_DBG("sk %p timeo %ld", sk, timeo); 310 311 /* Wait for an incoming connection. (wake-one). */ 312 add_wait_queue_exclusive(sk_sleep(sk), &wait); 313 while (1) { 314 set_current_state(TASK_INTERRUPTIBLE); 315 316 if (sk->sk_state != BT_LISTEN) { 317 err = -EBADFD; 318 break; 319 } 320 321 nsk = bt_accept_dequeue(sk, newsock); 322 if (nsk) 323 break; 324 325 if (!timeo) { 326 err = -EAGAIN; 327 break; 328 } 329 330 if (signal_pending(current)) { 331 err = sock_intr_errno(timeo); 332 break; 333 } 334 335 release_sock(sk); 336 timeo = schedule_timeout(timeo); 337 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 338 } 339 __set_current_state(TASK_RUNNING); 340 remove_wait_queue(sk_sleep(sk), &wait); 341 342 if (err) 343 goto done; 344 345 newsock->state = SS_CONNECTED; 346 347 BT_DBG("new socket %p", nsk); 348 349done: 350 release_sock(sk); 351 return err; 352} 353 354static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, 355 int *len, int peer) 356{ 357 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 358 struct sock *sk = sock->sk; 359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 360 361 BT_DBG("sock %p, sk %p", sock, sk); 362 363 if (peer && sk->sk_state != BT_CONNECTED && 364 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 && 365 sk->sk_state != BT_CONFIG) 366 return -ENOTCONN; 367 368 memset(la, 0, sizeof(struct sockaddr_l2)); 369 addr->sa_family = AF_BLUETOOTH; 370 *len = sizeof(struct sockaddr_l2); 371 372 la->l2_psm = chan->psm; 373 374 if (peer) { 375 bacpy(&la->l2_bdaddr, &chan->dst); 376 la->l2_cid = cpu_to_le16(chan->dcid); 377 la->l2_bdaddr_type = chan->dst_type; 378 } else { 379 bacpy(&la->l2_bdaddr, &chan->src); 380 la->l2_cid = cpu_to_le16(chan->scid); 381 la->l2_bdaddr_type = chan->src_type; 382 } 383 384 return 0; 385} 386 387static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, 388 char __user *optval, int __user *optlen) 389{ 390 struct sock *sk = sock->sk; 391 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 392 struct l2cap_options opts; 393 struct l2cap_conninfo cinfo; 394 int len, err = 0; 395 u32 opt; 396 397 BT_DBG("sk %p", sk); 398 399 if (get_user(len, optlen)) 400 return -EFAULT; 401 402 lock_sock(sk); 403 404 switch (optname) { 405 case L2CAP_OPTIONS: 406 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since 407 * legacy ATT code depends on getsockopt for 408 * L2CAP_OPTIONS we need to let this pass. 409 */ 410 if (bdaddr_type_is_le(chan->src_type) && 411 chan->scid != L2CAP_CID_ATT) { 412 err = -EINVAL; 413 break; 414 } 415 416 memset(&opts, 0, sizeof(opts)); 417 opts.imtu = chan->imtu; 418 opts.omtu = chan->omtu; 419 opts.flush_to = chan->flush_to; 420 opts.mode = chan->mode; 421 opts.fcs = chan->fcs; 422 opts.max_tx = chan->max_tx; 423 opts.txwin_size = chan->tx_win; 424 425 len = min_t(unsigned int, len, sizeof(opts)); 426 if (copy_to_user(optval, (char *) &opts, len)) 427 err = -EFAULT; 428 429 break; 430 431 case L2CAP_LM: 432 switch (chan->sec_level) { 433 case BT_SECURITY_LOW: 434 opt = L2CAP_LM_AUTH; 435 break; 436 case BT_SECURITY_MEDIUM: 437 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; 438 break; 439 case BT_SECURITY_HIGH: 440 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 441 L2CAP_LM_SECURE; 442 break; 443 case BT_SECURITY_FIPS: 444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 445 L2CAP_LM_SECURE | L2CAP_LM_FIPS; 446 break; 447 default: 448 opt = 0; 449 break; 450 } 451 452 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags)) 453 opt |= L2CAP_LM_MASTER; 454 455 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 456 opt |= L2CAP_LM_RELIABLE; 457 458 if (put_user(opt, (u32 __user *) optval)) 459 err = -EFAULT; 460 461 break; 462 463 case L2CAP_CONNINFO: 464 if (sk->sk_state != BT_CONNECTED && 465 !(sk->sk_state == BT_CONNECT2 && 466 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 467 err = -ENOTCONN; 468 break; 469 } 470 471 memset(&cinfo, 0, sizeof(cinfo)); 472 cinfo.hci_handle = chan->conn->hcon->handle; 473 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); 474 475 len = min_t(unsigned int, len, sizeof(cinfo)); 476 if (copy_to_user(optval, (char *) &cinfo, len)) 477 err = -EFAULT; 478 479 break; 480 481 default: 482 err = -ENOPROTOOPT; 483 break; 484 } 485 486 release_sock(sk); 487 return err; 488} 489 490static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, 491 char __user *optval, int __user *optlen) 492{ 493 struct sock *sk = sock->sk; 494 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 495 struct bt_security sec; 496 struct bt_power pwr; 497 int len, err = 0; 498 499 BT_DBG("sk %p", sk); 500 501 if (level == SOL_L2CAP) 502 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); 503 504 if (level != SOL_BLUETOOTH) 505 return -ENOPROTOOPT; 506 507 if (get_user(len, optlen)) 508 return -EFAULT; 509 510 lock_sock(sk); 511 512 switch (optname) { 513 case BT_SECURITY: 514 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 515 chan->chan_type != L2CAP_CHAN_FIXED && 516 chan->chan_type != L2CAP_CHAN_RAW) { 517 err = -EINVAL; 518 break; 519 } 520 521 memset(&sec, 0, sizeof(sec)); 522 if (chan->conn) { 523 sec.level = chan->conn->hcon->sec_level; 524 525 if (sk->sk_state == BT_CONNECTED) 526 sec.key_size = chan->conn->hcon->enc_key_size; 527 } else { 528 sec.level = chan->sec_level; 529 } 530 531 len = min_t(unsigned int, len, sizeof(sec)); 532 if (copy_to_user(optval, (char *) &sec, len)) 533 err = -EFAULT; 534 535 break; 536 537 case BT_DEFER_SETUP: 538 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 539 err = -EINVAL; 540 break; 541 } 542 543 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 544 (u32 __user *) optval)) 545 err = -EFAULT; 546 547 break; 548 549 case BT_FLUSHABLE: 550 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 551 (u32 __user *) optval)) 552 err = -EFAULT; 553 554 break; 555 556 case BT_POWER: 557 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 558 && sk->sk_type != SOCK_RAW) { 559 err = -EINVAL; 560 break; 561 } 562 563 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); 564 565 len = min_t(unsigned int, len, sizeof(pwr)); 566 if (copy_to_user(optval, (char *) &pwr, len)) 567 err = -EFAULT; 568 569 break; 570 571 case BT_CHANNEL_POLICY: 572 if (put_user(chan->chan_policy, (u32 __user *) optval)) 573 err = -EFAULT; 574 break; 575 576 case BT_SNDMTU: 577 if (!bdaddr_type_is_le(chan->src_type)) { 578 err = -EINVAL; 579 break; 580 } 581 582 if (sk->sk_state != BT_CONNECTED) { 583 err = -ENOTCONN; 584 break; 585 } 586 587 if (put_user(chan->omtu, (u16 __user *) optval)) 588 err = -EFAULT; 589 break; 590 591 case BT_RCVMTU: 592 if (!bdaddr_type_is_le(chan->src_type)) { 593 err = -EINVAL; 594 break; 595 } 596 597 if (put_user(chan->imtu, (u16 __user *) optval)) 598 err = -EFAULT; 599 break; 600 601 default: 602 err = -ENOPROTOOPT; 603 break; 604 } 605 606 release_sock(sk); 607 return err; 608} 609 610static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) 611{ 612 switch (chan->scid) { 613 case L2CAP_CID_ATT: 614 if (mtu < L2CAP_LE_MIN_MTU) 615 return false; 616 break; 617 618 default: 619 if (mtu < L2CAP_DEFAULT_MIN_MTU) 620 return false; 621 } 622 623 return true; 624} 625 626static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, 627 char __user *optval, unsigned int optlen) 628{ 629 struct sock *sk = sock->sk; 630 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 631 struct l2cap_options opts; 632 int len, err = 0; 633 u32 opt; 634 635 BT_DBG("sk %p", sk); 636 637 lock_sock(sk); 638 639 switch (optname) { 640 case L2CAP_OPTIONS: 641 if (bdaddr_type_is_le(chan->src_type)) { 642 err = -EINVAL; 643 break; 644 } 645 646 if (sk->sk_state == BT_CONNECTED) { 647 err = -EINVAL; 648 break; 649 } 650 651 opts.imtu = chan->imtu; 652 opts.omtu = chan->omtu; 653 opts.flush_to = chan->flush_to; 654 opts.mode = chan->mode; 655 opts.fcs = chan->fcs; 656 opts.max_tx = chan->max_tx; 657 opts.txwin_size = chan->tx_win; 658 659 len = min_t(unsigned int, sizeof(opts), optlen); 660 if (copy_from_user((char *) &opts, optval, len)) { 661 err = -EFAULT; 662 break; 663 } 664 665 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) { 666 err = -EINVAL; 667 break; 668 } 669 670 if (!l2cap_valid_mtu(chan, opts.imtu)) { 671 err = -EINVAL; 672 break; 673 } 674 675 chan->mode = opts.mode; 676 switch (chan->mode) { 677 case L2CAP_MODE_LE_FLOWCTL: 678 break; 679 case L2CAP_MODE_BASIC: 680 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 681 break; 682 case L2CAP_MODE_ERTM: 683 case L2CAP_MODE_STREAMING: 684 if (!disable_ertm) 685 break; 686 /* fall through */ 687 default: 688 err = -EINVAL; 689 break; 690 } 691 692 chan->imtu = opts.imtu; 693 chan->omtu = opts.omtu; 694 chan->fcs = opts.fcs; 695 chan->max_tx = opts.max_tx; 696 chan->tx_win = opts.txwin_size; 697 chan->flush_to = opts.flush_to; 698 break; 699 700 case L2CAP_LM: 701 if (get_user(opt, (u32 __user *) optval)) { 702 err = -EFAULT; 703 break; 704 } 705 706 if (opt & L2CAP_LM_FIPS) { 707 err = -EINVAL; 708 break; 709 } 710 711 if (opt & L2CAP_LM_AUTH) 712 chan->sec_level = BT_SECURITY_LOW; 713 if (opt & L2CAP_LM_ENCRYPT) 714 chan->sec_level = BT_SECURITY_MEDIUM; 715 if (opt & L2CAP_LM_SECURE) 716 chan->sec_level = BT_SECURITY_HIGH; 717 718 if (opt & L2CAP_LM_MASTER) 719 set_bit(FLAG_ROLE_SWITCH, &chan->flags); 720 else 721 clear_bit(FLAG_ROLE_SWITCH, &chan->flags); 722 723 if (opt & L2CAP_LM_RELIABLE) 724 set_bit(FLAG_FORCE_RELIABLE, &chan->flags); 725 else 726 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags); 727 break; 728 729 default: 730 err = -ENOPROTOOPT; 731 break; 732 } 733 734 release_sock(sk); 735 return err; 736} 737 738static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, 739 char __user *optval, unsigned int optlen) 740{ 741 struct sock *sk = sock->sk; 742 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 743 struct bt_security sec; 744 struct bt_power pwr; 745 struct l2cap_conn *conn; 746 int len, err = 0; 747 u32 opt; 748 749 BT_DBG("sk %p", sk); 750 751 if (level == SOL_L2CAP) 752 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); 753 754 if (level != SOL_BLUETOOTH) 755 return -ENOPROTOOPT; 756 757 lock_sock(sk); 758 759 switch (optname) { 760 case BT_SECURITY: 761 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 762 chan->chan_type != L2CAP_CHAN_FIXED && 763 chan->chan_type != L2CAP_CHAN_RAW) { 764 err = -EINVAL; 765 break; 766 } 767 768 sec.level = BT_SECURITY_LOW; 769 770 len = min_t(unsigned int, sizeof(sec), optlen); 771 if (copy_from_user((char *) &sec, optval, len)) { 772 err = -EFAULT; 773 break; 774 } 775 776 if (sec.level < BT_SECURITY_LOW || 777 sec.level > BT_SECURITY_HIGH) { 778 err = -EINVAL; 779 break; 780 } 781 782 chan->sec_level = sec.level; 783 784 if (!chan->conn) 785 break; 786 787 conn = chan->conn; 788 789 /*change security for LE channels */ 790 if (chan->scid == L2CAP_CID_ATT) { 791 if (smp_conn_security(conn->hcon, sec.level)) 792 break; 793 sk->sk_state = BT_CONFIG; 794 chan->state = BT_CONFIG; 795 796 /* or for ACL link */ 797 } else if ((sk->sk_state == BT_CONNECT2 && 798 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 799 sk->sk_state == BT_CONNECTED) { 800 if (!l2cap_chan_check_security(chan, true)) 801 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 802 else 803 sk->sk_state_change(sk); 804 } else { 805 err = -EINVAL; 806 } 807 break; 808 809 case BT_DEFER_SETUP: 810 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 811 err = -EINVAL; 812 break; 813 } 814 815 if (get_user(opt, (u32 __user *) optval)) { 816 err = -EFAULT; 817 break; 818 } 819 820 if (opt) { 821 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 822 set_bit(FLAG_DEFER_SETUP, &chan->flags); 823 } else { 824 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 825 clear_bit(FLAG_DEFER_SETUP, &chan->flags); 826 } 827 break; 828 829 case BT_FLUSHABLE: 830 if (get_user(opt, (u32 __user *) optval)) { 831 err = -EFAULT; 832 break; 833 } 834 835 if (opt > BT_FLUSHABLE_ON) { 836 err = -EINVAL; 837 break; 838 } 839 840 if (opt == BT_FLUSHABLE_OFF) { 841 conn = chan->conn; 842 /* proceed further only when we have l2cap_conn and 843 No Flush support in the LM */ 844 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 845 err = -EINVAL; 846 break; 847 } 848 } 849 850 if (opt) 851 set_bit(FLAG_FLUSHABLE, &chan->flags); 852 else 853 clear_bit(FLAG_FLUSHABLE, &chan->flags); 854 break; 855 856 case BT_POWER: 857 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 858 chan->chan_type != L2CAP_CHAN_RAW) { 859 err = -EINVAL; 860 break; 861 } 862 863 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; 864 865 len = min_t(unsigned int, sizeof(pwr), optlen); 866 if (copy_from_user((char *) &pwr, optval, len)) { 867 err = -EFAULT; 868 break; 869 } 870 871 if (pwr.force_active) 872 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 873 else 874 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags); 875 break; 876 877 case BT_CHANNEL_POLICY: 878 if (get_user(opt, (u32 __user *) optval)) { 879 err = -EFAULT; 880 break; 881 } 882 883 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 884 err = -EINVAL; 885 break; 886 } 887 888 if (chan->mode != L2CAP_MODE_ERTM && 889 chan->mode != L2CAP_MODE_STREAMING) { 890 err = -EOPNOTSUPP; 891 break; 892 } 893 894 chan->chan_policy = (u8) opt; 895 896 if (sk->sk_state == BT_CONNECTED && 897 chan->move_role == L2CAP_MOVE_ROLE_NONE) 898 l2cap_move_start(chan); 899 900 break; 901 902 case BT_SNDMTU: 903 if (!bdaddr_type_is_le(chan->src_type)) { 904 err = -EINVAL; 905 break; 906 } 907 908 /* Setting is not supported as it's the remote side that 909 * decides this. 910 */ 911 err = -EPERM; 912 break; 913 914 case BT_RCVMTU: 915 if (!bdaddr_type_is_le(chan->src_type)) { 916 err = -EINVAL; 917 break; 918 } 919 920 if (sk->sk_state == BT_CONNECTED) { 921 err = -EISCONN; 922 break; 923 } 924 925 if (get_user(opt, (u32 __user *) optval)) { 926 err = -EFAULT; 927 break; 928 } 929 930 chan->imtu = opt; 931 break; 932 933 default: 934 err = -ENOPROTOOPT; 935 break; 936 } 937 938 release_sock(sk); 939 return err; 940} 941 942static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 943 struct msghdr *msg, size_t len) 944{ 945 struct sock *sk = sock->sk; 946 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 947 int err; 948 949 BT_DBG("sock %p, sk %p", sock, sk); 950 951 err = sock_error(sk); 952 if (err) 953 return err; 954 955 if (msg->msg_flags & MSG_OOB) 956 return -EOPNOTSUPP; 957 958 if (sk->sk_state != BT_CONNECTED) 959 return -ENOTCONN; 960 961 lock_sock(sk); 962 err = bt_sock_wait_ready(sk, msg->msg_flags); 963 release_sock(sk); 964 if (err) 965 return err; 966 967 l2cap_chan_lock(chan); 968 err = l2cap_chan_send(chan, msg, len); 969 l2cap_chan_unlock(chan); 970 971 return err; 972} 973 974static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 975 struct msghdr *msg, size_t len, int flags) 976{ 977 struct sock *sk = sock->sk; 978 struct l2cap_pinfo *pi = l2cap_pi(sk); 979 int err; 980 981 lock_sock(sk); 982 983 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 984 &bt_sk(sk)->flags)) { 985 if (bdaddr_type_is_le(pi->chan->src_type)) { 986 sk->sk_state = BT_CONNECTED; 987 pi->chan->state = BT_CONNECTED; 988 __l2cap_le_connect_rsp_defer(pi->chan); 989 } else { 990 sk->sk_state = BT_CONFIG; 991 pi->chan->state = BT_CONFIG; 992 __l2cap_connect_rsp_defer(pi->chan); 993 } 994 995 err = 0; 996 goto done; 997 } 998 999 release_sock(sk); 1000 1001 if (sock->type == SOCK_STREAM) 1002 err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); 1003 else 1004 err = bt_sock_recvmsg(iocb, sock, msg, len, flags); 1005 1006 if (pi->chan->mode != L2CAP_MODE_ERTM) 1007 return err; 1008 1009 /* Attempt to put pending rx data in the socket buffer */ 1010 1011 lock_sock(sk); 1012 1013 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) 1014 goto done; 1015 1016 if (pi->rx_busy_skb) { 1017 if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) 1018 pi->rx_busy_skb = NULL; 1019 else 1020 goto done; 1021 } 1022 1023 /* Restore data flow when half of the receive buffer is 1024 * available. This avoids resending large numbers of 1025 * frames. 1026 */ 1027 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) 1028 l2cap_chan_busy(pi->chan, 0); 1029 1030done: 1031 release_sock(sk); 1032 return err; 1033} 1034 1035/* Kill socket (only if zapped and orphan) 1036 * Must be called on unlocked socket. 1037 */ 1038static void l2cap_sock_kill(struct sock *sk) 1039{ 1040 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 1041 return; 1042 1043 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state)); 1044 1045 /* Kill poor orphan */ 1046 1047 l2cap_chan_put(l2cap_pi(sk)->chan); 1048 sock_set_flag(sk, SOCK_DEAD); 1049 sock_put(sk); 1050} 1051 1052static int __l2cap_wait_ack(struct sock *sk) 1053{ 1054 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1055 DECLARE_WAITQUEUE(wait, current); 1056 int err = 0; 1057 int timeo = HZ/5; 1058 1059 add_wait_queue(sk_sleep(sk), &wait); 1060 set_current_state(TASK_INTERRUPTIBLE); 1061 while (chan->unacked_frames > 0 && chan->conn) { 1062 if (!timeo) 1063 timeo = HZ/5; 1064 1065 if (signal_pending(current)) { 1066 err = sock_intr_errno(timeo); 1067 break; 1068 } 1069 1070 release_sock(sk); 1071 timeo = schedule_timeout(timeo); 1072 lock_sock(sk); 1073 set_current_state(TASK_INTERRUPTIBLE); 1074 1075 err = sock_error(sk); 1076 if (err) 1077 break; 1078 } 1079 set_current_state(TASK_RUNNING); 1080 remove_wait_queue(sk_sleep(sk), &wait); 1081 return err; 1082} 1083 1084static int l2cap_sock_shutdown(struct socket *sock, int how) 1085{ 1086 struct sock *sk = sock->sk; 1087 struct l2cap_chan *chan; 1088 struct l2cap_conn *conn; 1089 int err = 0; 1090 1091 BT_DBG("sock %p, sk %p", sock, sk); 1092 1093 if (!sk) 1094 return 0; 1095 1096 chan = l2cap_pi(sk)->chan; 1097 conn = chan->conn; 1098 1099 if (conn) 1100 mutex_lock(&conn->chan_lock); 1101 1102 l2cap_chan_lock(chan); 1103 lock_sock(sk); 1104 1105 if (!sk->sk_shutdown) { 1106 if (chan->mode == L2CAP_MODE_ERTM) 1107 err = __l2cap_wait_ack(sk); 1108 1109 sk->sk_shutdown = SHUTDOWN_MASK; 1110 1111 release_sock(sk); 1112 l2cap_chan_close(chan, 0); 1113 lock_sock(sk); 1114 1115 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1116 !(current->flags & PF_EXITING)) 1117 err = bt_sock_wait_state(sk, BT_CLOSED, 1118 sk->sk_lingertime); 1119 } 1120 1121 if (!err && sk->sk_err) 1122 err = -sk->sk_err; 1123 1124 release_sock(sk); 1125 l2cap_chan_unlock(chan); 1126 1127 if (conn) 1128 mutex_unlock(&conn->chan_lock); 1129 1130 return err; 1131} 1132 1133static int l2cap_sock_release(struct socket *sock) 1134{ 1135 struct sock *sk = sock->sk; 1136 int err; 1137 1138 BT_DBG("sock %p, sk %p", sock, sk); 1139 1140 if (!sk) 1141 return 0; 1142 1143 bt_sock_unlink(&l2cap_sk_list, sk); 1144 1145 err = l2cap_sock_shutdown(sock, 2); 1146 1147 sock_orphan(sk); 1148 l2cap_sock_kill(sk); 1149 return err; 1150} 1151 1152static void l2cap_sock_cleanup_listen(struct sock *parent) 1153{ 1154 struct sock *sk; 1155 1156 BT_DBG("parent %p", parent); 1157 1158 /* Close not yet accepted channels */ 1159 while ((sk = bt_accept_dequeue(parent, NULL))) { 1160 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1161 1162 l2cap_chan_lock(chan); 1163 __clear_chan_timer(chan); 1164 l2cap_chan_close(chan, ECONNRESET); 1165 l2cap_chan_unlock(chan); 1166 1167 l2cap_sock_kill(sk); 1168 } 1169} 1170 1171static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) 1172{ 1173 struct sock *sk, *parent = chan->data; 1174 1175 lock_sock(parent); 1176 1177 /* Check for backlog size */ 1178 if (sk_acceptq_is_full(parent)) { 1179 BT_DBG("backlog full %d", parent->sk_ack_backlog); 1180 release_sock(parent); 1181 return NULL; 1182 } 1183 1184 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 1185 GFP_ATOMIC); 1186 if (!sk) { 1187 release_sock(parent); 1188 return NULL; 1189 } 1190 1191 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP); 1192 1193 l2cap_sock_init(sk, parent); 1194 1195 bt_accept_enqueue(parent, sk); 1196 1197 release_sock(parent); 1198 1199 return l2cap_pi(sk)->chan; 1200} 1201 1202static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 1203{ 1204 struct sock *sk = chan->data; 1205 int err; 1206 1207 lock_sock(sk); 1208 1209 if (l2cap_pi(sk)->rx_busy_skb) { 1210 err = -ENOMEM; 1211 goto done; 1212 } 1213 1214 err = sock_queue_rcv_skb(sk, skb); 1215 1216 /* For ERTM, handle one skb that doesn't fit into the recv 1217 * buffer. This is important to do because the data frames 1218 * have already been acked, so the skb cannot be discarded. 1219 * 1220 * Notify the l2cap core that the buffer is full, so the 1221 * LOCAL_BUSY state is entered and no more frames are 1222 * acked and reassembled until there is buffer space 1223 * available. 1224 */ 1225 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) { 1226 l2cap_pi(sk)->rx_busy_skb = skb; 1227 l2cap_chan_busy(chan, 1); 1228 err = 0; 1229 } 1230 1231done: 1232 release_sock(sk); 1233 1234 return err; 1235} 1236 1237static void l2cap_sock_close_cb(struct l2cap_chan *chan) 1238{ 1239 struct sock *sk = chan->data; 1240 1241 l2cap_sock_kill(sk); 1242} 1243 1244static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err) 1245{ 1246 struct sock *sk = chan->data; 1247 struct sock *parent; 1248 1249 lock_sock(sk); 1250 1251 parent = bt_sk(sk)->parent; 1252 1253 sock_set_flag(sk, SOCK_ZAPPED); 1254 1255 switch (chan->state) { 1256 case BT_OPEN: 1257 case BT_BOUND: 1258 case BT_CLOSED: 1259 break; 1260 case BT_LISTEN: 1261 l2cap_sock_cleanup_listen(sk); 1262 sk->sk_state = BT_CLOSED; 1263 chan->state = BT_CLOSED; 1264 1265 break; 1266 default: 1267 sk->sk_state = BT_CLOSED; 1268 chan->state = BT_CLOSED; 1269 1270 sk->sk_err = err; 1271 1272 if (parent) { 1273 bt_accept_unlink(sk); 1274 parent->sk_data_ready(parent); 1275 } else { 1276 sk->sk_state_change(sk); 1277 } 1278 1279 break; 1280 } 1281 1282 release_sock(sk); 1283} 1284 1285static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state, 1286 int err) 1287{ 1288 struct sock *sk = chan->data; 1289 1290 sk->sk_state = state; 1291 1292 if (err) 1293 sk->sk_err = err; 1294} 1295 1296static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan, 1297 unsigned long hdr_len, 1298 unsigned long len, int nb) 1299{ 1300 struct sock *sk = chan->data; 1301 struct sk_buff *skb; 1302 int err; 1303 1304 l2cap_chan_unlock(chan); 1305 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err); 1306 l2cap_chan_lock(chan); 1307 1308 if (!skb) 1309 return ERR_PTR(err); 1310 1311 skb->priority = sk->sk_priority; 1312 1313 bt_cb(skb)->chan = chan; 1314 1315 return skb; 1316} 1317 1318static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan, 1319 unsigned char *kdata, 1320 struct iovec *iov, int len) 1321{ 1322 return memcpy_fromiovec(kdata, iov, len); 1323} 1324 1325static void l2cap_sock_ready_cb(struct l2cap_chan *chan) 1326{ 1327 struct sock *sk = chan->data; 1328 struct sock *parent; 1329 1330 lock_sock(sk); 1331 1332 parent = bt_sk(sk)->parent; 1333 1334 BT_DBG("sk %p, parent %p", sk, parent); 1335 1336 sk->sk_state = BT_CONNECTED; 1337 sk->sk_state_change(sk); 1338 1339 if (parent) 1340 parent->sk_data_ready(parent); 1341 1342 release_sock(sk); 1343} 1344 1345static void l2cap_sock_defer_cb(struct l2cap_chan *chan) 1346{ 1347 struct sock *parent, *sk = chan->data; 1348 1349 lock_sock(sk); 1350 1351 parent = bt_sk(sk)->parent; 1352 if (parent) 1353 parent->sk_data_ready(parent); 1354 1355 release_sock(sk); 1356} 1357 1358static void l2cap_sock_resume_cb(struct l2cap_chan *chan) 1359{ 1360 struct sock *sk = chan->data; 1361 1362 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1363 sk->sk_state_change(sk); 1364} 1365 1366static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan) 1367{ 1368 struct sock *sk = chan->data; 1369 1370 lock_sock(sk); 1371 sk->sk_shutdown = SHUTDOWN_MASK; 1372 release_sock(sk); 1373} 1374 1375static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan) 1376{ 1377 struct sock *sk = chan->data; 1378 1379 return sk->sk_sndtimeo; 1380} 1381 1382static void l2cap_sock_suspend_cb(struct l2cap_chan *chan) 1383{ 1384 struct sock *sk = chan->data; 1385 1386 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 1387 sk->sk_state_change(sk); 1388} 1389 1390static const struct l2cap_ops l2cap_chan_ops = { 1391 .name = "L2CAP Socket Interface", 1392 .new_connection = l2cap_sock_new_connection_cb, 1393 .recv = l2cap_sock_recv_cb, 1394 .close = l2cap_sock_close_cb, 1395 .teardown = l2cap_sock_teardown_cb, 1396 .state_change = l2cap_sock_state_change_cb, 1397 .ready = l2cap_sock_ready_cb, 1398 .defer = l2cap_sock_defer_cb, 1399 .resume = l2cap_sock_resume_cb, 1400 .suspend = l2cap_sock_suspend_cb, 1401 .set_shutdown = l2cap_sock_set_shutdown_cb, 1402 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1403 .alloc_skb = l2cap_sock_alloc_skb_cb, 1404 .memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb, 1405}; 1406 1407static void l2cap_sock_destruct(struct sock *sk) 1408{ 1409 BT_DBG("sk %p", sk); 1410 1411 if (l2cap_pi(sk)->chan) 1412 l2cap_chan_put(l2cap_pi(sk)->chan); 1413 1414 if (l2cap_pi(sk)->rx_busy_skb) { 1415 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1416 l2cap_pi(sk)->rx_busy_skb = NULL; 1417 } 1418 1419 skb_queue_purge(&sk->sk_receive_queue); 1420 skb_queue_purge(&sk->sk_write_queue); 1421} 1422 1423static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name, 1424 int *msg_namelen) 1425{ 1426 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name); 1427 1428 memset(la, 0, sizeof(struct sockaddr_l2)); 1429 la->l2_family = AF_BLUETOOTH; 1430 la->l2_psm = bt_cb(skb)->psm; 1431 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr); 1432 1433 *msg_namelen = sizeof(struct sockaddr_l2); 1434} 1435 1436static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1437{ 1438 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 1439 1440 BT_DBG("sk %p", sk); 1441 1442 if (parent) { 1443 struct l2cap_chan *pchan = l2cap_pi(parent)->chan; 1444 1445 sk->sk_type = parent->sk_type; 1446 bt_sk(sk)->flags = bt_sk(parent)->flags; 1447 1448 chan->chan_type = pchan->chan_type; 1449 chan->imtu = pchan->imtu; 1450 chan->omtu = pchan->omtu; 1451 chan->conf_state = pchan->conf_state; 1452 chan->mode = pchan->mode; 1453 chan->fcs = pchan->fcs; 1454 chan->max_tx = pchan->max_tx; 1455 chan->tx_win = pchan->tx_win; 1456 chan->tx_win_max = pchan->tx_win_max; 1457 chan->sec_level = pchan->sec_level; 1458 chan->flags = pchan->flags; 1459 chan->tx_credits = pchan->tx_credits; 1460 chan->rx_credits = pchan->rx_credits; 1461 1462 if (chan->chan_type == L2CAP_CHAN_FIXED) { 1463 chan->scid = pchan->scid; 1464 chan->dcid = pchan->scid; 1465 } 1466 1467 security_sk_clone(parent, sk); 1468 } else { 1469 switch (sk->sk_type) { 1470 case SOCK_RAW: 1471 chan->chan_type = L2CAP_CHAN_RAW; 1472 break; 1473 case SOCK_DGRAM: 1474 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1475 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name; 1476 break; 1477 case SOCK_SEQPACKET: 1478 case SOCK_STREAM: 1479 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; 1480 break; 1481 } 1482 1483 chan->imtu = L2CAP_DEFAULT_MTU; 1484 chan->omtu = 0; 1485 if (!disable_ertm && sk->sk_type == SOCK_STREAM) { 1486 chan->mode = L2CAP_MODE_ERTM; 1487 set_bit(CONF_STATE2_DEVICE, &chan->conf_state); 1488 } else { 1489 chan->mode = L2CAP_MODE_BASIC; 1490 } 1491 1492 l2cap_chan_set_defaults(chan); 1493 } 1494 1495 /* Default config options */ 1496 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 1497 1498 chan->data = sk; 1499 chan->ops = &l2cap_chan_ops; 1500} 1501 1502static struct proto l2cap_proto = { 1503 .name = "L2CAP", 1504 .owner = THIS_MODULE, 1505 .obj_size = sizeof(struct l2cap_pinfo) 1506}; 1507 1508static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 1509 int proto, gfp_t prio) 1510{ 1511 struct sock *sk; 1512 struct l2cap_chan *chan; 1513 1514 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); 1515 if (!sk) 1516 return NULL; 1517 1518 sock_init_data(sock, sk); 1519 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1520 1521 sk->sk_destruct = l2cap_sock_destruct; 1522 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT; 1523 1524 sock_reset_flag(sk, SOCK_ZAPPED); 1525 1526 sk->sk_protocol = proto; 1527 sk->sk_state = BT_OPEN; 1528 1529 chan = l2cap_chan_create(); 1530 if (!chan) { 1531 sk_free(sk); 1532 return NULL; 1533 } 1534 1535 l2cap_chan_hold(chan); 1536 1537 l2cap_pi(sk)->chan = chan; 1538 1539 return sk; 1540} 1541 1542static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, 1543 int kern) 1544{ 1545 struct sock *sk; 1546 1547 BT_DBG("sock %p", sock); 1548 1549 sock->state = SS_UNCONNECTED; 1550 1551 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1552 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1553 return -ESOCKTNOSUPPORT; 1554 1555 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1556 return -EPERM; 1557 1558 sock->ops = &l2cap_sock_ops; 1559 1560 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 1561 if (!sk) 1562 return -ENOMEM; 1563 1564 l2cap_sock_init(sk, NULL); 1565 bt_sock_link(&l2cap_sk_list, sk); 1566 return 0; 1567} 1568 1569static const struct proto_ops l2cap_sock_ops = { 1570 .family = PF_BLUETOOTH, 1571 .owner = THIS_MODULE, 1572 .release = l2cap_sock_release, 1573 .bind = l2cap_sock_bind, 1574 .connect = l2cap_sock_connect, 1575 .listen = l2cap_sock_listen, 1576 .accept = l2cap_sock_accept, 1577 .getname = l2cap_sock_getname, 1578 .sendmsg = l2cap_sock_sendmsg, 1579 .recvmsg = l2cap_sock_recvmsg, 1580 .poll = bt_sock_poll, 1581 .ioctl = bt_sock_ioctl, 1582 .mmap = sock_no_mmap, 1583 .socketpair = sock_no_socketpair, 1584 .shutdown = l2cap_sock_shutdown, 1585 .setsockopt = l2cap_sock_setsockopt, 1586 .getsockopt = l2cap_sock_getsockopt 1587}; 1588 1589static const struct net_proto_family l2cap_sock_family_ops = { 1590 .family = PF_BLUETOOTH, 1591 .owner = THIS_MODULE, 1592 .create = l2cap_sock_create, 1593}; 1594 1595int __init l2cap_init_sockets(void) 1596{ 1597 int err; 1598 1599 err = proto_register(&l2cap_proto, 0); 1600 if (err < 0) 1601 return err; 1602 1603 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops); 1604 if (err < 0) { 1605 BT_ERR("L2CAP socket registration failed"); 1606 goto error; 1607 } 1608 1609 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list, 1610 NULL); 1611 if (err < 0) { 1612 BT_ERR("Failed to create L2CAP proc file"); 1613 bt_sock_unregister(BTPROTO_L2CAP); 1614 goto error; 1615 } 1616 1617 BT_INFO("L2CAP socket layer initialized"); 1618 1619 return 0; 1620 1621error: 1622 proto_unregister(&l2cap_proto); 1623 return err; 1624} 1625 1626void l2cap_cleanup_sockets(void) 1627{ 1628 bt_procfs_cleanup(&init_net, "l2cap"); 1629 bt_sock_unregister(BTPROTO_L2CAP); 1630 proto_unregister(&l2cap_proto); 1631} 1632