1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/module.h>
31#include <linux/export.h>
32#include <linux/sched/signal.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/l2cap.h>
37
38#include "smp.h"
39
40static struct bt_sock_list l2cap_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
42};
43
44static const struct proto_ops l2cap_sock_ops;
45static void l2cap_sock_init(struct sock *sk, struct sock *parent);
46static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
47 int proto, gfp_t prio, int kern);
48
49bool l2cap_is_socket(struct socket *sock)
50{
51 return sock && sock->ops == &l2cap_sock_ops;
52}
53EXPORT_SYMBOL(l2cap_is_socket);
54
55static int l2cap_validate_bredr_psm(u16 psm)
56{
57
58 if ((psm & 0x0101) != 0x0001)
59 return -EINVAL;
60
61
62 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
63 return -EACCES;
64
65 return 0;
66}
67
68static int l2cap_validate_le_psm(u16 psm)
69{
70
71 if (psm > L2CAP_PSM_LE_DYN_END)
72 return -EINVAL;
73
74
75 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
76 return -EACCES;
77
78 return 0;
79}
80
81static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
82{
83 struct sock *sk = sock->sk;
84 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
85 struct sockaddr_l2 la;
86 int len, err = 0;
87
88 BT_DBG("sk %p", sk);
89
90 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
91 addr->sa_family != AF_BLUETOOTH)
92 return -EINVAL;
93
94 memset(&la, 0, sizeof(la));
95 len = min_t(unsigned int, sizeof(la), alen);
96 memcpy(&la, addr, len);
97
98 if (la.l2_cid && la.l2_psm)
99 return -EINVAL;
100
101 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
102 return -EINVAL;
103
104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
105
106 if (la.l2_cid &&
107 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
108 return -EINVAL;
109 }
110
111 lock_sock(sk);
112
113 if (sk->sk_state != BT_OPEN) {
114 err = -EBADFD;
115 goto done;
116 }
117
118 if (la.l2_psm) {
119 __u16 psm = __le16_to_cpu(la.l2_psm);
120
121 if (la.l2_bdaddr_type == BDADDR_BREDR)
122 err = l2cap_validate_bredr_psm(psm);
123 else
124 err = l2cap_validate_le_psm(psm);
125
126 if (err)
127 goto done;
128 }
129
130 bacpy(&chan->src, &la.l2_bdaddr);
131 chan->src_type = la.l2_bdaddr_type;
132
133 if (la.l2_cid)
134 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
135 else
136 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
137
138 if (err < 0)
139 goto done;
140
141 switch (chan->chan_type) {
142 case L2CAP_CHAN_CONN_LESS:
143 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
144 chan->sec_level = BT_SECURITY_SDP;
145 break;
146 case L2CAP_CHAN_CONN_ORIENTED:
147 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
148 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
149 chan->sec_level = BT_SECURITY_SDP;
150 break;
151 case L2CAP_CHAN_RAW:
152 chan->sec_level = BT_SECURITY_SDP;
153 break;
154 case L2CAP_CHAN_FIXED:
155
156
157
158
159
160 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
161 break;
162 }
163
164 if (chan->psm && bdaddr_type_is_le(chan->src_type))
165 chan->mode = L2CAP_MODE_LE_FLOWCTL;
166
167 chan->state = BT_BOUND;
168 sk->sk_state = BT_BOUND;
169
170done:
171 release_sock(sk);
172 return err;
173}
174
175static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
176 int alen, int flags)
177{
178 struct sock *sk = sock->sk;
179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
180 struct sockaddr_l2 la;
181 int len, err = 0;
182
183 BT_DBG("sk %p", sk);
184
185 if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
186 addr->sa_family != AF_BLUETOOTH)
187 return -EINVAL;
188
189 memset(&la, 0, sizeof(la));
190 len = min_t(unsigned int, sizeof(la), alen);
191 memcpy(&la, addr, len);
192
193 if (la.l2_cid && la.l2_psm)
194 return -EINVAL;
195
196 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
197 return -EINVAL;
198
199
200
201
202
203
204 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
205 bdaddr_type_is_le(la.l2_bdaddr_type)) {
206
207
208
209
210
211
212 if (chan->scid != L2CAP_CID_ATT ||
213 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
214 return -EINVAL;
215
216
217
218
219
220
221
222 chan->src_type = BDADDR_LE_PUBLIC;
223 }
224
225 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
226 return -EINVAL;
227
228 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
229
230 if (la.l2_cid &&
231 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
232 return -EINVAL;
233 }
234
235 if (chan->psm && bdaddr_type_is_le(chan->src_type))
236 chan->mode = L2CAP_MODE_LE_FLOWCTL;
237
238 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
239 &la.l2_bdaddr, la.l2_bdaddr_type);
240 if (err)
241 return err;
242
243 lock_sock(sk);
244
245 err = bt_sock_wait_state(sk, BT_CONNECTED,
246 sock_sndtimeo(sk, flags & O_NONBLOCK));
247
248 release_sock(sk);
249
250 return err;
251}
252
253static int l2cap_sock_listen(struct socket *sock, int backlog)
254{
255 struct sock *sk = sock->sk;
256 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
257 int err = 0;
258
259 BT_DBG("sk %p backlog %d", sk, backlog);
260
261 lock_sock(sk);
262
263 if (sk->sk_state != BT_BOUND) {
264 err = -EBADFD;
265 goto done;
266 }
267
268 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
269 err = -EINVAL;
270 goto done;
271 }
272
273 switch (chan->mode) {
274 case L2CAP_MODE_BASIC:
275 case L2CAP_MODE_LE_FLOWCTL:
276 break;
277 case L2CAP_MODE_ERTM:
278 case L2CAP_MODE_STREAMING:
279 if (!disable_ertm)
280 break;
281
282 default:
283 err = -EOPNOTSUPP;
284 goto done;
285 }
286
287 sk->sk_max_ack_backlog = backlog;
288 sk->sk_ack_backlog = 0;
289
290
291
292
293
294 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
295
296 chan->state = BT_LISTEN;
297 sk->sk_state = BT_LISTEN;
298
299done:
300 release_sock(sk);
301 return err;
302}
303
304static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
305 int flags, bool kern)
306{
307 DEFINE_WAIT_FUNC(wait, woken_wake_function);
308 struct sock *sk = sock->sk, *nsk;
309 long timeo;
310 int err = 0;
311
312 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
313
314 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
315
316 BT_DBG("sk %p timeo %ld", sk, timeo);
317
318
319 add_wait_queue_exclusive(sk_sleep(sk), &wait);
320 while (1) {
321 if (sk->sk_state != BT_LISTEN) {
322 err = -EBADFD;
323 break;
324 }
325
326 nsk = bt_accept_dequeue(sk, newsock);
327 if (nsk)
328 break;
329
330 if (!timeo) {
331 err = -EAGAIN;
332 break;
333 }
334
335 if (signal_pending(current)) {
336 err = sock_intr_errno(timeo);
337 break;
338 }
339
340 release_sock(sk);
341
342 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
343
344 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
345 }
346 remove_wait_queue(sk_sleep(sk), &wait);
347
348 if (err)
349 goto done;
350
351 newsock->state = SS_CONNECTED;
352
353 BT_DBG("new socket %p", nsk);
354
355done:
356 release_sock(sk);
357 return err;
358}
359
360static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
361 int peer)
362{
363 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
364 struct sock *sk = sock->sk;
365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
366
367 BT_DBG("sock %p, sk %p", sock, sk);
368
369 if (peer && sk->sk_state != BT_CONNECTED &&
370 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
371 sk->sk_state != BT_CONFIG)
372 return -ENOTCONN;
373
374 memset(la, 0, sizeof(struct sockaddr_l2));
375 addr->sa_family = AF_BLUETOOTH;
376
377 la->l2_psm = chan->psm;
378
379 if (peer) {
380 bacpy(&la->l2_bdaddr, &chan->dst);
381 la->l2_cid = cpu_to_le16(chan->dcid);
382 la->l2_bdaddr_type = chan->dst_type;
383 } else {
384 bacpy(&la->l2_bdaddr, &chan->src);
385 la->l2_cid = cpu_to_le16(chan->scid);
386 la->l2_bdaddr_type = chan->src_type;
387 }
388
389 return sizeof(struct sockaddr_l2);
390}
391
392static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
393 char __user *optval, int __user *optlen)
394{
395 struct sock *sk = sock->sk;
396 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
397 struct l2cap_options opts;
398 struct l2cap_conninfo cinfo;
399 int len, err = 0;
400 u32 opt;
401
402 BT_DBG("sk %p", sk);
403
404 if (get_user(len, optlen))
405 return -EFAULT;
406
407 lock_sock(sk);
408
409 switch (optname) {
410 case L2CAP_OPTIONS:
411
412
413
414
415 if (bdaddr_type_is_le(chan->src_type) &&
416 chan->scid != L2CAP_CID_ATT) {
417 err = -EINVAL;
418 break;
419 }
420
421 memset(&opts, 0, sizeof(opts));
422 opts.imtu = chan->imtu;
423 opts.omtu = chan->omtu;
424 opts.flush_to = chan->flush_to;
425 opts.mode = chan->mode;
426 opts.fcs = chan->fcs;
427 opts.max_tx = chan->max_tx;
428 opts.txwin_size = chan->tx_win;
429
430 len = min_t(unsigned int, len, sizeof(opts));
431 if (copy_to_user(optval, (char *) &opts, len))
432 err = -EFAULT;
433
434 break;
435
436 case L2CAP_LM:
437 switch (chan->sec_level) {
438 case BT_SECURITY_LOW:
439 opt = L2CAP_LM_AUTH;
440 break;
441 case BT_SECURITY_MEDIUM:
442 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
443 break;
444 case BT_SECURITY_HIGH:
445 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
446 L2CAP_LM_SECURE;
447 break;
448 case BT_SECURITY_FIPS:
449 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
450 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
451 break;
452 default:
453 opt = 0;
454 break;
455 }
456
457 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
458 opt |= L2CAP_LM_MASTER;
459
460 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
461 opt |= L2CAP_LM_RELIABLE;
462
463 if (put_user(opt, (u32 __user *) optval))
464 err = -EFAULT;
465
466 break;
467
468 case L2CAP_CONNINFO:
469 if (sk->sk_state != BT_CONNECTED &&
470 !(sk->sk_state == BT_CONNECT2 &&
471 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
472 err = -ENOTCONN;
473 break;
474 }
475
476 memset(&cinfo, 0, sizeof(cinfo));
477 cinfo.hci_handle = chan->conn->hcon->handle;
478 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
479
480 len = min_t(unsigned int, len, sizeof(cinfo));
481 if (copy_to_user(optval, (char *) &cinfo, len))
482 err = -EFAULT;
483
484 break;
485
486 default:
487 err = -ENOPROTOOPT;
488 break;
489 }
490
491 release_sock(sk);
492 return err;
493}
494
495static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
496 char __user *optval, int __user *optlen)
497{
498 struct sock *sk = sock->sk;
499 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
500 struct bt_security sec;
501 struct bt_power pwr;
502 int len, err = 0;
503
504 BT_DBG("sk %p", sk);
505
506 if (level == SOL_L2CAP)
507 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
508
509 if (level != SOL_BLUETOOTH)
510 return -ENOPROTOOPT;
511
512 if (get_user(len, optlen))
513 return -EFAULT;
514
515 lock_sock(sk);
516
517 switch (optname) {
518 case BT_SECURITY:
519 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
520 chan->chan_type != L2CAP_CHAN_FIXED &&
521 chan->chan_type != L2CAP_CHAN_RAW) {
522 err = -EINVAL;
523 break;
524 }
525
526 memset(&sec, 0, sizeof(sec));
527 if (chan->conn) {
528 sec.level = chan->conn->hcon->sec_level;
529
530 if (sk->sk_state == BT_CONNECTED)
531 sec.key_size = chan->conn->hcon->enc_key_size;
532 } else {
533 sec.level = chan->sec_level;
534 }
535
536 len = min_t(unsigned int, len, sizeof(sec));
537 if (copy_to_user(optval, (char *) &sec, len))
538 err = -EFAULT;
539
540 break;
541
542 case BT_DEFER_SETUP:
543 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
544 err = -EINVAL;
545 break;
546 }
547
548 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
549 (u32 __user *) optval))
550 err = -EFAULT;
551
552 break;
553
554 case BT_FLUSHABLE:
555 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
556 (u32 __user *) optval))
557 err = -EFAULT;
558
559 break;
560
561 case BT_POWER:
562 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
563 && sk->sk_type != SOCK_RAW) {
564 err = -EINVAL;
565 break;
566 }
567
568 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
569
570 len = min_t(unsigned int, len, sizeof(pwr));
571 if (copy_to_user(optval, (char *) &pwr, len))
572 err = -EFAULT;
573
574 break;
575
576 case BT_CHANNEL_POLICY:
577 if (put_user(chan->chan_policy, (u32 __user *) optval))
578 err = -EFAULT;
579 break;
580
581 case BT_SNDMTU:
582 if (!bdaddr_type_is_le(chan->src_type)) {
583 err = -EINVAL;
584 break;
585 }
586
587 if (sk->sk_state != BT_CONNECTED) {
588 err = -ENOTCONN;
589 break;
590 }
591
592 if (put_user(chan->omtu, (u16 __user *) optval))
593 err = -EFAULT;
594 break;
595
596 case BT_RCVMTU:
597 if (!bdaddr_type_is_le(chan->src_type)) {
598 err = -EINVAL;
599 break;
600 }
601
602 if (put_user(chan->imtu, (u16 __user *) optval))
603 err = -EFAULT;
604 break;
605
606 default:
607 err = -ENOPROTOOPT;
608 break;
609 }
610
611 release_sock(sk);
612 return err;
613}
614
615static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
616{
617 switch (chan->scid) {
618 case L2CAP_CID_ATT:
619 if (mtu < L2CAP_LE_MIN_MTU)
620 return false;
621 break;
622
623 default:
624 if (mtu < L2CAP_DEFAULT_MIN_MTU)
625 return false;
626 }
627
628 return true;
629}
630
631static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
632 char __user *optval, unsigned int optlen)
633{
634 struct sock *sk = sock->sk;
635 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
636 struct l2cap_options opts;
637 int len, err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case L2CAP_OPTIONS:
646 if (bdaddr_type_is_le(chan->src_type)) {
647 err = -EINVAL;
648 break;
649 }
650
651 if (sk->sk_state == BT_CONNECTED) {
652 err = -EINVAL;
653 break;
654 }
655
656 opts.imtu = chan->imtu;
657 opts.omtu = chan->omtu;
658 opts.flush_to = chan->flush_to;
659 opts.mode = chan->mode;
660 opts.fcs = chan->fcs;
661 opts.max_tx = chan->max_tx;
662 opts.txwin_size = chan->tx_win;
663
664 len = min_t(unsigned int, sizeof(opts), optlen);
665 if (copy_from_user((char *) &opts, optval, len)) {
666 err = -EFAULT;
667 break;
668 }
669
670 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
671 err = -EINVAL;
672 break;
673 }
674
675 if (!l2cap_valid_mtu(chan, opts.imtu)) {
676 err = -EINVAL;
677 break;
678 }
679
680 chan->mode = opts.mode;
681 switch (chan->mode) {
682 case L2CAP_MODE_LE_FLOWCTL:
683 break;
684 case L2CAP_MODE_BASIC:
685 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
686 break;
687 case L2CAP_MODE_ERTM:
688 case L2CAP_MODE_STREAMING:
689 if (!disable_ertm)
690 break;
691
692 default:
693 err = -EINVAL;
694 break;
695 }
696
697 chan->imtu = opts.imtu;
698 chan->omtu = opts.omtu;
699 chan->fcs = opts.fcs;
700 chan->max_tx = opts.max_tx;
701 chan->tx_win = opts.txwin_size;
702 chan->flush_to = opts.flush_to;
703 break;
704
705 case L2CAP_LM:
706 if (get_user(opt, (u32 __user *) optval)) {
707 err = -EFAULT;
708 break;
709 }
710
711 if (opt & L2CAP_LM_FIPS) {
712 err = -EINVAL;
713 break;
714 }
715
716 if (opt & L2CAP_LM_AUTH)
717 chan->sec_level = BT_SECURITY_LOW;
718 if (opt & L2CAP_LM_ENCRYPT)
719 chan->sec_level = BT_SECURITY_MEDIUM;
720 if (opt & L2CAP_LM_SECURE)
721 chan->sec_level = BT_SECURITY_HIGH;
722
723 if (opt & L2CAP_LM_MASTER)
724 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
725 else
726 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
727
728 if (opt & L2CAP_LM_RELIABLE)
729 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
730 else
731 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
732 break;
733
734 default:
735 err = -ENOPROTOOPT;
736 break;
737 }
738
739 release_sock(sk);
740 return err;
741}
742
743static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
744 char __user *optval, unsigned int optlen)
745{
746 struct sock *sk = sock->sk;
747 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
748 struct bt_security sec;
749 struct bt_power pwr;
750 struct l2cap_conn *conn;
751 int len, err = 0;
752 u32 opt;
753
754 BT_DBG("sk %p", sk);
755
756 if (level == SOL_L2CAP)
757 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
758
759 if (level != SOL_BLUETOOTH)
760 return -ENOPROTOOPT;
761
762 lock_sock(sk);
763
764 switch (optname) {
765 case BT_SECURITY:
766 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
767 chan->chan_type != L2CAP_CHAN_FIXED &&
768 chan->chan_type != L2CAP_CHAN_RAW) {
769 err = -EINVAL;
770 break;
771 }
772
773 sec.level = BT_SECURITY_LOW;
774
775 len = min_t(unsigned int, sizeof(sec), optlen);
776 if (copy_from_user((char *) &sec, optval, len)) {
777 err = -EFAULT;
778 break;
779 }
780
781 if (sec.level < BT_SECURITY_LOW ||
782 sec.level > BT_SECURITY_FIPS) {
783 err = -EINVAL;
784 break;
785 }
786
787 chan->sec_level = sec.level;
788
789 if (!chan->conn)
790 break;
791
792 conn = chan->conn;
793
794
795 if (chan->scid == L2CAP_CID_ATT) {
796 if (smp_conn_security(conn->hcon, sec.level))
797 break;
798 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
799 sk->sk_state = BT_CONFIG;
800 chan->state = BT_CONFIG;
801
802
803 } else if ((sk->sk_state == BT_CONNECT2 &&
804 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
805 sk->sk_state == BT_CONNECTED) {
806 if (!l2cap_chan_check_security(chan, true))
807 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
808 else
809 sk->sk_state_change(sk);
810 } else {
811 err = -EINVAL;
812 }
813 break;
814
815 case BT_DEFER_SETUP:
816 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
817 err = -EINVAL;
818 break;
819 }
820
821 if (get_user(opt, (u32 __user *) optval)) {
822 err = -EFAULT;
823 break;
824 }
825
826 if (opt) {
827 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
828 set_bit(FLAG_DEFER_SETUP, &chan->flags);
829 } else {
830 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
831 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
832 }
833 break;
834
835 case BT_FLUSHABLE:
836 if (get_user(opt, (u32 __user *) optval)) {
837 err = -EFAULT;
838 break;
839 }
840
841 if (opt > BT_FLUSHABLE_ON) {
842 err = -EINVAL;
843 break;
844 }
845
846 if (opt == BT_FLUSHABLE_OFF) {
847 conn = chan->conn;
848
849
850 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
851 err = -EINVAL;
852 break;
853 }
854 }
855
856 if (opt)
857 set_bit(FLAG_FLUSHABLE, &chan->flags);
858 else
859 clear_bit(FLAG_FLUSHABLE, &chan->flags);
860 break;
861
862 case BT_POWER:
863 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
864 chan->chan_type != L2CAP_CHAN_RAW) {
865 err = -EINVAL;
866 break;
867 }
868
869 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
870
871 len = min_t(unsigned int, sizeof(pwr), optlen);
872 if (copy_from_user((char *) &pwr, optval, len)) {
873 err = -EFAULT;
874 break;
875 }
876
877 if (pwr.force_active)
878 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
879 else
880 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
881 break;
882
883 case BT_CHANNEL_POLICY:
884 if (get_user(opt, (u32 __user *) optval)) {
885 err = -EFAULT;
886 break;
887 }
888
889 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
890 err = -EINVAL;
891 break;
892 }
893
894 if (chan->mode != L2CAP_MODE_ERTM &&
895 chan->mode != L2CAP_MODE_STREAMING) {
896 err = -EOPNOTSUPP;
897 break;
898 }
899
900 chan->chan_policy = (u8) opt;
901
902 if (sk->sk_state == BT_CONNECTED &&
903 chan->move_role == L2CAP_MOVE_ROLE_NONE)
904 l2cap_move_start(chan);
905
906 break;
907
908 case BT_SNDMTU:
909 if (!bdaddr_type_is_le(chan->src_type)) {
910 err = -EINVAL;
911 break;
912 }
913
914
915
916
917 err = -EPERM;
918 break;
919
920 case BT_RCVMTU:
921 if (!bdaddr_type_is_le(chan->src_type)) {
922 err = -EINVAL;
923 break;
924 }
925
926 if (sk->sk_state == BT_CONNECTED) {
927 err = -EISCONN;
928 break;
929 }
930
931 if (get_user(opt, (u16 __user *) optval)) {
932 err = -EFAULT;
933 break;
934 }
935
936 chan->imtu = opt;
937 break;
938
939 default:
940 err = -ENOPROTOOPT;
941 break;
942 }
943
944 release_sock(sk);
945 return err;
946}
947
948static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
949 size_t len)
950{
951 struct sock *sk = sock->sk;
952 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
953 int err;
954
955 BT_DBG("sock %p, sk %p", sock, sk);
956
957 err = sock_error(sk);
958 if (err)
959 return err;
960
961 if (msg->msg_flags & MSG_OOB)
962 return -EOPNOTSUPP;
963
964 if (sk->sk_state != BT_CONNECTED)
965 return -ENOTCONN;
966
967 lock_sock(sk);
968 err = bt_sock_wait_ready(sk, msg->msg_flags);
969 release_sock(sk);
970 if (err)
971 return err;
972
973 l2cap_chan_lock(chan);
974 err = l2cap_chan_send(chan, msg, len);
975 l2cap_chan_unlock(chan);
976
977 return err;
978}
979
980static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
981 size_t len, int flags)
982{
983 struct sock *sk = sock->sk;
984 struct l2cap_pinfo *pi = l2cap_pi(sk);
985 int err;
986
987 lock_sock(sk);
988
989 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
990 &bt_sk(sk)->flags)) {
991 if (bdaddr_type_is_le(pi->chan->src_type)) {
992 sk->sk_state = BT_CONNECTED;
993 pi->chan->state = BT_CONNECTED;
994 __l2cap_le_connect_rsp_defer(pi->chan);
995 } else {
996 sk->sk_state = BT_CONFIG;
997 pi->chan->state = BT_CONFIG;
998 __l2cap_connect_rsp_defer(pi->chan);
999 }
1000
1001 err = 0;
1002 goto done;
1003 }
1004
1005 release_sock(sk);
1006
1007 if (sock->type == SOCK_STREAM)
1008 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1009 else
1010 err = bt_sock_recvmsg(sock, msg, len, flags);
1011
1012 if (pi->chan->mode != L2CAP_MODE_ERTM)
1013 return err;
1014
1015
1016
1017 lock_sock(sk);
1018
1019 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1020 goto done;
1021
1022 if (pi->rx_busy_skb) {
1023 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1024 pi->rx_busy_skb = NULL;
1025 else
1026 goto done;
1027 }
1028
1029
1030
1031
1032
1033 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1034 l2cap_chan_busy(pi->chan, 0);
1035
1036done:
1037 release_sock(sk);
1038 return err;
1039}
1040
1041
1042
1043
1044static void l2cap_sock_kill(struct sock *sk)
1045{
1046 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1047 return;
1048
1049 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1050
1051
1052
1053 l2cap_chan_put(l2cap_pi(sk)->chan);
1054 sock_set_flag(sk, SOCK_DEAD);
1055 sock_put(sk);
1056}
1057
1058static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1059{
1060 DECLARE_WAITQUEUE(wait, current);
1061 int err = 0;
1062 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1063
1064 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1065
1066 add_wait_queue(sk_sleep(sk), &wait);
1067 set_current_state(TASK_INTERRUPTIBLE);
1068 do {
1069 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1070 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1071 jiffies_to_msecs(timeout - jiffies));
1072
1073 if (!timeo)
1074 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1075
1076 if (signal_pending(current)) {
1077 err = sock_intr_errno(timeo);
1078 break;
1079 }
1080
1081 release_sock(sk);
1082 timeo = schedule_timeout(timeo);
1083 lock_sock(sk);
1084 set_current_state(TASK_INTERRUPTIBLE);
1085
1086 err = sock_error(sk);
1087 if (err)
1088 break;
1089
1090 if (time_after(jiffies, timeout)) {
1091 err = -ENOLINK;
1092 break;
1093 }
1094
1095 } while (chan->unacked_frames > 0 &&
1096 chan->state == BT_CONNECTED);
1097
1098 set_current_state(TASK_RUNNING);
1099 remove_wait_queue(sk_sleep(sk), &wait);
1100 return err;
1101}
1102
1103static int l2cap_sock_shutdown(struct socket *sock, int how)
1104{
1105 struct sock *sk = sock->sk;
1106 struct l2cap_chan *chan;
1107 struct l2cap_conn *conn;
1108 int err = 0;
1109
1110 BT_DBG("sock %p, sk %p", sock, sk);
1111
1112 if (!sk)
1113 return 0;
1114
1115 lock_sock(sk);
1116
1117 if (sk->sk_shutdown)
1118 goto shutdown_already;
1119
1120 BT_DBG("Handling sock shutdown");
1121
1122
1123 sock_hold(sk);
1124
1125 chan = l2cap_pi(sk)->chan;
1126
1127 l2cap_chan_hold(chan);
1128
1129 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1130
1131 if (chan->mode == L2CAP_MODE_ERTM &&
1132 chan->unacked_frames > 0 &&
1133 chan->state == BT_CONNECTED) {
1134 err = __l2cap_wait_ack(sk, chan);
1135
1136
1137
1138
1139
1140 if (sk->sk_shutdown)
1141 goto has_shutdown;
1142 }
1143
1144 sk->sk_shutdown = SHUTDOWN_MASK;
1145 release_sock(sk);
1146
1147 l2cap_chan_lock(chan);
1148 conn = chan->conn;
1149 if (conn)
1150
1151 l2cap_conn_get(conn);
1152 l2cap_chan_unlock(chan);
1153
1154 if (conn)
1155
1156 mutex_lock(&conn->chan_lock);
1157
1158 l2cap_chan_lock(chan);
1159 l2cap_chan_close(chan, 0);
1160 l2cap_chan_unlock(chan);
1161
1162 if (conn) {
1163 mutex_unlock(&conn->chan_lock);
1164 l2cap_conn_put(conn);
1165 }
1166
1167 lock_sock(sk);
1168
1169 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1170 !(current->flags & PF_EXITING))
1171 err = bt_sock_wait_state(sk, BT_CLOSED,
1172 sk->sk_lingertime);
1173
1174has_shutdown:
1175 l2cap_chan_put(chan);
1176 sock_put(sk);
1177
1178shutdown_already:
1179 if (!err && sk->sk_err)
1180 err = -sk->sk_err;
1181
1182 release_sock(sk);
1183
1184 BT_DBG("Sock shutdown complete err: %d", err);
1185
1186 return err;
1187}
1188
1189static int l2cap_sock_release(struct socket *sock)
1190{
1191 struct sock *sk = sock->sk;
1192 int err;
1193
1194 BT_DBG("sock %p, sk %p", sock, sk);
1195
1196 if (!sk)
1197 return 0;
1198
1199 bt_sock_unlink(&l2cap_sk_list, sk);
1200
1201 err = l2cap_sock_shutdown(sock, 2);
1202
1203 sock_orphan(sk);
1204 l2cap_sock_kill(sk);
1205 return err;
1206}
1207
1208static void l2cap_sock_cleanup_listen(struct sock *parent)
1209{
1210 struct sock *sk;
1211
1212 BT_DBG("parent %p state %s", parent,
1213 state_to_string(parent->sk_state));
1214
1215
1216 while ((sk = bt_accept_dequeue(parent, NULL))) {
1217 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1218
1219 BT_DBG("child chan %p state %s", chan,
1220 state_to_string(chan->state));
1221
1222 l2cap_chan_lock(chan);
1223 __clear_chan_timer(chan);
1224 l2cap_chan_close(chan, ECONNRESET);
1225 l2cap_chan_unlock(chan);
1226
1227 l2cap_sock_kill(sk);
1228 }
1229}
1230
1231static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1232{
1233 struct sock *sk, *parent = chan->data;
1234
1235 lock_sock(parent);
1236
1237
1238 if (sk_acceptq_is_full(parent)) {
1239 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1240 release_sock(parent);
1241 return NULL;
1242 }
1243
1244 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1245 GFP_ATOMIC, 0);
1246 if (!sk) {
1247 release_sock(parent);
1248 return NULL;
1249 }
1250
1251 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1252
1253 l2cap_sock_init(sk, parent);
1254
1255 bt_accept_enqueue(parent, sk);
1256
1257 release_sock(parent);
1258
1259 return l2cap_pi(sk)->chan;
1260}
1261
1262static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1263{
1264 struct sock *sk = chan->data;
1265 int err;
1266
1267 lock_sock(sk);
1268
1269 if (l2cap_pi(sk)->rx_busy_skb) {
1270 err = -ENOMEM;
1271 goto done;
1272 }
1273
1274 if (chan->mode != L2CAP_MODE_ERTM &&
1275 chan->mode != L2CAP_MODE_STREAMING) {
1276
1277
1278
1279 err = sk_filter(sk, skb);
1280 if (err)
1281 goto done;
1282 }
1283
1284 err = __sock_queue_rcv_skb(sk, skb);
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1296 l2cap_pi(sk)->rx_busy_skb = skb;
1297 l2cap_chan_busy(chan, 1);
1298 err = 0;
1299 }
1300
1301done:
1302 release_sock(sk);
1303
1304 return err;
1305}
1306
1307static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1308{
1309 struct sock *sk = chan->data;
1310
1311 l2cap_sock_kill(sk);
1312}
1313
1314static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1315{
1316 struct sock *sk = chan->data;
1317 struct sock *parent;
1318
1319 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1320
1321
1322
1323
1324
1325
1326
1327
1328 lock_sock_nested(sk, atomic_read(&chan->nesting));
1329
1330 parent = bt_sk(sk)->parent;
1331
1332 sock_set_flag(sk, SOCK_ZAPPED);
1333
1334 switch (chan->state) {
1335 case BT_OPEN:
1336 case BT_BOUND:
1337 case BT_CLOSED:
1338 break;
1339 case BT_LISTEN:
1340 l2cap_sock_cleanup_listen(sk);
1341 sk->sk_state = BT_CLOSED;
1342 chan->state = BT_CLOSED;
1343
1344 break;
1345 default:
1346 sk->sk_state = BT_CLOSED;
1347 chan->state = BT_CLOSED;
1348
1349 sk->sk_err = err;
1350
1351 if (parent) {
1352 bt_accept_unlink(sk);
1353 parent->sk_data_ready(parent);
1354 } else {
1355 sk->sk_state_change(sk);
1356 }
1357
1358 break;
1359 }
1360
1361 release_sock(sk);
1362}
1363
1364static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1365 int err)
1366{
1367 struct sock *sk = chan->data;
1368
1369 sk->sk_state = state;
1370
1371 if (err)
1372 sk->sk_err = err;
1373}
1374
1375static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1376 unsigned long hdr_len,
1377 unsigned long len, int nb)
1378{
1379 struct sock *sk = chan->data;
1380 struct sk_buff *skb;
1381 int err;
1382
1383 l2cap_chan_unlock(chan);
1384 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1385 l2cap_chan_lock(chan);
1386
1387 if (!skb)
1388 return ERR_PTR(err);
1389
1390 skb->priority = sk->sk_priority;
1391
1392 bt_cb(skb)->l2cap.chan = chan;
1393
1394 return skb;
1395}
1396
1397static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1398{
1399 struct sock *sk = chan->data;
1400 struct sock *parent;
1401
1402 lock_sock(sk);
1403
1404 parent = bt_sk(sk)->parent;
1405
1406 BT_DBG("sk %p, parent %p", sk, parent);
1407
1408 sk->sk_state = BT_CONNECTED;
1409 sk->sk_state_change(sk);
1410
1411 if (parent)
1412 parent->sk_data_ready(parent);
1413
1414 release_sock(sk);
1415}
1416
1417static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1418{
1419 struct sock *parent, *sk = chan->data;
1420
1421 lock_sock(sk);
1422
1423 parent = bt_sk(sk)->parent;
1424 if (parent)
1425 parent->sk_data_ready(parent);
1426
1427 release_sock(sk);
1428}
1429
1430static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1431{
1432 struct sock *sk = chan->data;
1433
1434 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1435 sk->sk_state = BT_CONNECTED;
1436 chan->state = BT_CONNECTED;
1437 }
1438
1439 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1440 sk->sk_state_change(sk);
1441}
1442
1443static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1444{
1445 struct sock *sk = chan->data;
1446
1447 lock_sock(sk);
1448 sk->sk_shutdown = SHUTDOWN_MASK;
1449 release_sock(sk);
1450}
1451
1452static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1453{
1454 struct sock *sk = chan->data;
1455
1456 return sk->sk_sndtimeo;
1457}
1458
1459static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1460{
1461 struct sock *sk = chan->data;
1462
1463 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1464 sk->sk_state_change(sk);
1465}
1466
1467static const struct l2cap_ops l2cap_chan_ops = {
1468 .name = "L2CAP Socket Interface",
1469 .new_connection = l2cap_sock_new_connection_cb,
1470 .recv = l2cap_sock_recv_cb,
1471 .close = l2cap_sock_close_cb,
1472 .teardown = l2cap_sock_teardown_cb,
1473 .state_change = l2cap_sock_state_change_cb,
1474 .ready = l2cap_sock_ready_cb,
1475 .defer = l2cap_sock_defer_cb,
1476 .resume = l2cap_sock_resume_cb,
1477 .suspend = l2cap_sock_suspend_cb,
1478 .set_shutdown = l2cap_sock_set_shutdown_cb,
1479 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1480 .alloc_skb = l2cap_sock_alloc_skb_cb,
1481};
1482
1483static void l2cap_sock_destruct(struct sock *sk)
1484{
1485 BT_DBG("sk %p", sk);
1486
1487 if (l2cap_pi(sk)->chan)
1488 l2cap_chan_put(l2cap_pi(sk)->chan);
1489
1490 if (l2cap_pi(sk)->rx_busy_skb) {
1491 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1492 l2cap_pi(sk)->rx_busy_skb = NULL;
1493 }
1494
1495 skb_queue_purge(&sk->sk_receive_queue);
1496 skb_queue_purge(&sk->sk_write_queue);
1497}
1498
1499static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1500 int *msg_namelen)
1501{
1502 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1503
1504 memset(la, 0, sizeof(struct sockaddr_l2));
1505 la->l2_family = AF_BLUETOOTH;
1506 la->l2_psm = bt_cb(skb)->l2cap.psm;
1507 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1508
1509 *msg_namelen = sizeof(struct sockaddr_l2);
1510}
1511
1512static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1513{
1514 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1515
1516 BT_DBG("sk %p", sk);
1517
1518 if (parent) {
1519 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1520
1521 sk->sk_type = parent->sk_type;
1522 bt_sk(sk)->flags = bt_sk(parent)->flags;
1523
1524 chan->chan_type = pchan->chan_type;
1525 chan->imtu = pchan->imtu;
1526 chan->omtu = pchan->omtu;
1527 chan->conf_state = pchan->conf_state;
1528 chan->mode = pchan->mode;
1529 chan->fcs = pchan->fcs;
1530 chan->max_tx = pchan->max_tx;
1531 chan->tx_win = pchan->tx_win;
1532 chan->tx_win_max = pchan->tx_win_max;
1533 chan->sec_level = pchan->sec_level;
1534 chan->flags = pchan->flags;
1535 chan->tx_credits = pchan->tx_credits;
1536 chan->rx_credits = pchan->rx_credits;
1537
1538 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1539 chan->scid = pchan->scid;
1540 chan->dcid = pchan->scid;
1541 }
1542
1543 security_sk_clone(parent, sk);
1544 } else {
1545 switch (sk->sk_type) {
1546 case SOCK_RAW:
1547 chan->chan_type = L2CAP_CHAN_RAW;
1548 break;
1549 case SOCK_DGRAM:
1550 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1551 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1552 break;
1553 case SOCK_SEQPACKET:
1554 case SOCK_STREAM:
1555 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1556 break;
1557 }
1558
1559 chan->imtu = L2CAP_DEFAULT_MTU;
1560 chan->omtu = 0;
1561 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1562 chan->mode = L2CAP_MODE_ERTM;
1563 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1564 } else {
1565 chan->mode = L2CAP_MODE_BASIC;
1566 }
1567
1568 l2cap_chan_set_defaults(chan);
1569 }
1570
1571
1572 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1573
1574 chan->data = sk;
1575 chan->ops = &l2cap_chan_ops;
1576}
1577
1578static struct proto l2cap_proto = {
1579 .name = "L2CAP",
1580 .owner = THIS_MODULE,
1581 .obj_size = sizeof(struct l2cap_pinfo)
1582};
1583
1584static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1585 int proto, gfp_t prio, int kern)
1586{
1587 struct sock *sk;
1588 struct l2cap_chan *chan;
1589
1590 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1591 if (!sk)
1592 return NULL;
1593
1594 sock_init_data(sock, sk);
1595 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1596
1597 sk->sk_destruct = l2cap_sock_destruct;
1598 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1599
1600 sock_reset_flag(sk, SOCK_ZAPPED);
1601
1602 sk->sk_protocol = proto;
1603 sk->sk_state = BT_OPEN;
1604
1605 chan = l2cap_chan_create();
1606 if (!chan) {
1607 sk_free(sk);
1608 return NULL;
1609 }
1610
1611 l2cap_chan_hold(chan);
1612
1613 l2cap_pi(sk)->chan = chan;
1614
1615 return sk;
1616}
1617
1618static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1619 int kern)
1620{
1621 struct sock *sk;
1622
1623 BT_DBG("sock %p", sock);
1624
1625 sock->state = SS_UNCONNECTED;
1626
1627 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1628 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1629 return -ESOCKTNOSUPPORT;
1630
1631 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1632 return -EPERM;
1633
1634 sock->ops = &l2cap_sock_ops;
1635
1636 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1637 if (!sk)
1638 return -ENOMEM;
1639
1640 l2cap_sock_init(sk, NULL);
1641 bt_sock_link(&l2cap_sk_list, sk);
1642 return 0;
1643}
1644
1645static const struct proto_ops l2cap_sock_ops = {
1646 .family = PF_BLUETOOTH,
1647 .owner = THIS_MODULE,
1648 .release = l2cap_sock_release,
1649 .bind = l2cap_sock_bind,
1650 .connect = l2cap_sock_connect,
1651 .listen = l2cap_sock_listen,
1652 .accept = l2cap_sock_accept,
1653 .getname = l2cap_sock_getname,
1654 .sendmsg = l2cap_sock_sendmsg,
1655 .recvmsg = l2cap_sock_recvmsg,
1656 .poll = bt_sock_poll,
1657 .ioctl = bt_sock_ioctl,
1658 .mmap = sock_no_mmap,
1659 .socketpair = sock_no_socketpair,
1660 .shutdown = l2cap_sock_shutdown,
1661 .setsockopt = l2cap_sock_setsockopt,
1662 .getsockopt = l2cap_sock_getsockopt
1663};
1664
1665static const struct net_proto_family l2cap_sock_family_ops = {
1666 .family = PF_BLUETOOTH,
1667 .owner = THIS_MODULE,
1668 .create = l2cap_sock_create,
1669};
1670
1671int __init l2cap_init_sockets(void)
1672{
1673 int err;
1674
1675 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1676
1677 err = proto_register(&l2cap_proto, 0);
1678 if (err < 0)
1679 return err;
1680
1681 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1682 if (err < 0) {
1683 BT_ERR("L2CAP socket registration failed");
1684 goto error;
1685 }
1686
1687 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1688 NULL);
1689 if (err < 0) {
1690 BT_ERR("Failed to create L2CAP proc file");
1691 bt_sock_unregister(BTPROTO_L2CAP);
1692 goto error;
1693 }
1694
1695 BT_INFO("L2CAP socket layer initialized");
1696
1697 return 0;
1698
1699error:
1700 proto_unregister(&l2cap_proto);
1701 return err;
1702}
1703
1704void l2cap_cleanup_sockets(void)
1705{
1706 bt_procfs_cleanup(&init_net, "l2cap");
1707 bt_sock_unregister(BTPROTO_L2CAP);
1708 proto_unregister(&l2cap_proto);
1709}
1710
