1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include <linux/module.h>
31#include <linux/export.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36
37#include "smp.h"
38
39static struct bt_sock_list l2cap_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
41};
42
43static const struct proto_ops l2cap_sock_ops;
44static void l2cap_sock_init(struct sock *sk, struct sock *parent);
45static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
46 int proto, gfp_t prio, int kern);
47
48bool l2cap_is_socket(struct socket *sock)
49{
50 return sock && sock->ops == &l2cap_sock_ops;
51}
52EXPORT_SYMBOL(l2cap_is_socket);
53
54static int l2cap_validate_bredr_psm(u16 psm)
55{
56
57 if ((psm & 0x0101) != 0x0001)
58 return -EINVAL;
59
60
61 if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE))
62 return -EACCES;
63
64 return 0;
65}
66
67static int l2cap_validate_le_psm(u16 psm)
68{
69
70 if (psm > L2CAP_PSM_LE_DYN_END)
71 return -EINVAL;
72
73
74 if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE))
75 return -EACCES;
76
77 return 0;
78}
79
80static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
81{
82 struct sock *sk = sock->sk;
83 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
84 struct sockaddr_l2 la;
85 int len, err = 0;
86
87 BT_DBG("sk %p", sk);
88
89 if (!addr || addr->sa_family != AF_BLUETOOTH)
90 return -EINVAL;
91
92 memset(&la, 0, sizeof(la));
93 len = min_t(unsigned int, sizeof(la), alen);
94 memcpy(&la, addr, len);
95
96 if (la.l2_cid && la.l2_psm)
97 return -EINVAL;
98
99 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
100 return -EINVAL;
101
102 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
103
104 if (la.l2_cid &&
105 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
106 return -EINVAL;
107 }
108
109 lock_sock(sk);
110
111 if (sk->sk_state != BT_OPEN) {
112 err = -EBADFD;
113 goto done;
114 }
115
116 if (la.l2_psm) {
117 __u16 psm = __le16_to_cpu(la.l2_psm);
118
119 if (la.l2_bdaddr_type == BDADDR_BREDR)
120 err = l2cap_validate_bredr_psm(psm);
121 else
122 err = l2cap_validate_le_psm(psm);
123
124 if (err)
125 goto done;
126 }
127
128 bacpy(&chan->src, &la.l2_bdaddr);
129 chan->src_type = la.l2_bdaddr_type;
130
131 if (la.l2_cid)
132 err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid));
133 else
134 err = l2cap_add_psm(chan, &la.l2_bdaddr, la.l2_psm);
135
136 if (err < 0)
137 goto done;
138
139 switch (chan->chan_type) {
140 case L2CAP_CHAN_CONN_LESS:
141 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
142 chan->sec_level = BT_SECURITY_SDP;
143 break;
144 case L2CAP_CHAN_CONN_ORIENTED:
145 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
146 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
147 chan->sec_level = BT_SECURITY_SDP;
148 break;
149 case L2CAP_CHAN_RAW:
150 chan->sec_level = BT_SECURITY_SDP;
151 break;
152 case L2CAP_CHAN_FIXED:
153
154
155
156
157
158 set_bit(FLAG_HOLD_HCI_CONN, &chan->flags);
159 break;
160 }
161
162 if (chan->psm && bdaddr_type_is_le(chan->src_type))
163 chan->mode = L2CAP_MODE_LE_FLOWCTL;
164
165 chan->state = BT_BOUND;
166 sk->sk_state = BT_BOUND;
167
168done:
169 release_sock(sk);
170 return err;
171}
172
173static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
174 int alen, int flags)
175{
176 struct sock *sk = sock->sk;
177 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
178 struct sockaddr_l2 la;
179 int len, err = 0;
180
181 BT_DBG("sk %p", sk);
182
183 if (!addr || alen < sizeof(addr->sa_family) ||
184 addr->sa_family != AF_BLUETOOTH)
185 return -EINVAL;
186
187 memset(&la, 0, sizeof(la));
188 len = min_t(unsigned int, sizeof(la), alen);
189 memcpy(&la, addr, len);
190
191 if (la.l2_cid && la.l2_psm)
192 return -EINVAL;
193
194 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
195 return -EINVAL;
196
197
198
199
200
201
202 if (chan->src_type == BDADDR_BREDR && bacmp(&chan->src, BDADDR_ANY) &&
203 bdaddr_type_is_le(la.l2_bdaddr_type)) {
204
205
206
207
208
209
210 if (chan->scid != L2CAP_CID_ATT ||
211 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
212 return -EINVAL;
213
214
215
216
217
218
219
220 chan->src_type = BDADDR_LE_PUBLIC;
221 }
222
223 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
224 return -EINVAL;
225
226 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
227
228 if (la.l2_cid &&
229 la.l2_cid != cpu_to_le16(L2CAP_CID_ATT))
230 return -EINVAL;
231 }
232
233 if (chan->psm && bdaddr_type_is_le(chan->src_type))
234 chan->mode = L2CAP_MODE_LE_FLOWCTL;
235
236 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
237 &la.l2_bdaddr, la.l2_bdaddr_type);
238 if (err)
239 return err;
240
241 lock_sock(sk);
242
243 err = bt_sock_wait_state(sk, BT_CONNECTED,
244 sock_sndtimeo(sk, flags & O_NONBLOCK));
245
246 release_sock(sk);
247
248 return err;
249}
250
251static int l2cap_sock_listen(struct socket *sock, int backlog)
252{
253 struct sock *sk = sock->sk;
254 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
255 int err = 0;
256
257 BT_DBG("sk %p backlog %d", sk, backlog);
258
259 lock_sock(sk);
260
261 if (sk->sk_state != BT_BOUND) {
262 err = -EBADFD;
263 goto done;
264 }
265
266 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) {
267 err = -EINVAL;
268 goto done;
269 }
270
271 switch (chan->mode) {
272 case L2CAP_MODE_BASIC:
273 case L2CAP_MODE_LE_FLOWCTL:
274 break;
275 case L2CAP_MODE_ERTM:
276 case L2CAP_MODE_STREAMING:
277 if (!disable_ertm)
278 break;
279
280 default:
281 err = -EOPNOTSUPP;
282 goto done;
283 }
284
285 sk->sk_max_ack_backlog = backlog;
286 sk->sk_ack_backlog = 0;
287
288
289
290
291
292 atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
293
294 chan->state = BT_LISTEN;
295 sk->sk_state = BT_LISTEN;
296
297done:
298 release_sock(sk);
299 return err;
300}
301
302static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
303 int flags)
304{
305 DEFINE_WAIT_FUNC(wait, woken_wake_function);
306 struct sock *sk = sock->sk, *nsk;
307 long timeo;
308 int err = 0;
309
310 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
311
312 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
313
314 BT_DBG("sk %p timeo %ld", sk, timeo);
315
316
317 add_wait_queue_exclusive(sk_sleep(sk), &wait);
318 while (1) {
319 if (sk->sk_state != BT_LISTEN) {
320 err = -EBADFD;
321 break;
322 }
323
324 nsk = bt_accept_dequeue(sk, newsock);
325 if (nsk)
326 break;
327
328 if (!timeo) {
329 err = -EAGAIN;
330 break;
331 }
332
333 if (signal_pending(current)) {
334 err = sock_intr_errno(timeo);
335 break;
336 }
337
338 release_sock(sk);
339
340 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
341
342 lock_sock_nested(sk, L2CAP_NESTING_PARENT);
343 }
344 remove_wait_queue(sk_sleep(sk), &wait);
345
346 if (err)
347 goto done;
348
349 newsock->state = SS_CONNECTED;
350
351 BT_DBG("new socket %p", nsk);
352
353done:
354 release_sock(sk);
355 return err;
356}
357
358static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
359 int *len, int peer)
360{
361 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
362 struct sock *sk = sock->sk;
363 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
364
365 BT_DBG("sock %p, sk %p", sock, sk);
366
367 if (peer && sk->sk_state != BT_CONNECTED &&
368 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2 &&
369 sk->sk_state != BT_CONFIG)
370 return -ENOTCONN;
371
372 memset(la, 0, sizeof(struct sockaddr_l2));
373 addr->sa_family = AF_BLUETOOTH;
374 *len = sizeof(struct sockaddr_l2);
375
376 la->l2_psm = chan->psm;
377
378 if (peer) {
379 bacpy(&la->l2_bdaddr, &chan->dst);
380 la->l2_cid = cpu_to_le16(chan->dcid);
381 la->l2_bdaddr_type = chan->dst_type;
382 } else {
383 bacpy(&la->l2_bdaddr, &chan->src);
384 la->l2_cid = cpu_to_le16(chan->scid);
385 la->l2_bdaddr_type = chan->src_type;
386 }
387
388 return 0;
389}
390
391static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
392 char __user *optval, int __user *optlen)
393{
394 struct sock *sk = sock->sk;
395 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
396 struct l2cap_options opts;
397 struct l2cap_conninfo cinfo;
398 int len, err = 0;
399 u32 opt;
400
401 BT_DBG("sk %p", sk);
402
403 if (get_user(len, optlen))
404 return -EFAULT;
405
406 lock_sock(sk);
407
408 switch (optname) {
409 case L2CAP_OPTIONS:
410
411
412
413
414 if (bdaddr_type_is_le(chan->src_type) &&
415 chan->scid != L2CAP_CID_ATT) {
416 err = -EINVAL;
417 break;
418 }
419
420 memset(&opts, 0, sizeof(opts));
421 opts.imtu = chan->imtu;
422 opts.omtu = chan->omtu;
423 opts.flush_to = chan->flush_to;
424 opts.mode = chan->mode;
425 opts.fcs = chan->fcs;
426 opts.max_tx = chan->max_tx;
427 opts.txwin_size = chan->tx_win;
428
429 len = min_t(unsigned int, len, sizeof(opts));
430 if (copy_to_user(optval, (char *) &opts, len))
431 err = -EFAULT;
432
433 break;
434
435 case L2CAP_LM:
436 switch (chan->sec_level) {
437 case BT_SECURITY_LOW:
438 opt = L2CAP_LM_AUTH;
439 break;
440 case BT_SECURITY_MEDIUM:
441 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
442 break;
443 case BT_SECURITY_HIGH:
444 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
445 L2CAP_LM_SECURE;
446 break;
447 case BT_SECURITY_FIPS:
448 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
449 L2CAP_LM_SECURE | L2CAP_LM_FIPS;
450 break;
451 default:
452 opt = 0;
453 break;
454 }
455
456 if (test_bit(FLAG_ROLE_SWITCH, &chan->flags))
457 opt |= L2CAP_LM_MASTER;
458
459 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
460 opt |= L2CAP_LM_RELIABLE;
461
462 if (put_user(opt, (u32 __user *) optval))
463 err = -EFAULT;
464
465 break;
466
467 case L2CAP_CONNINFO:
468 if (sk->sk_state != BT_CONNECTED &&
469 !(sk->sk_state == BT_CONNECT2 &&
470 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
471 err = -ENOTCONN;
472 break;
473 }
474
475 memset(&cinfo, 0, sizeof(cinfo));
476 cinfo.hci_handle = chan->conn->hcon->handle;
477 memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
478
479 len = min_t(unsigned int, len, sizeof(cinfo));
480 if (copy_to_user(optval, (char *) &cinfo, len))
481 err = -EFAULT;
482
483 break;
484
485 default:
486 err = -ENOPROTOOPT;
487 break;
488 }
489
490 release_sock(sk);
491 return err;
492}
493
494static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
495 char __user *optval, int __user *optlen)
496{
497 struct sock *sk = sock->sk;
498 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
499 struct bt_security sec;
500 struct bt_power pwr;
501 int len, err = 0;
502
503 BT_DBG("sk %p", sk);
504
505 if (level == SOL_L2CAP)
506 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
507
508 if (level != SOL_BLUETOOTH)
509 return -ENOPROTOOPT;
510
511 if (get_user(len, optlen))
512 return -EFAULT;
513
514 lock_sock(sk);
515
516 switch (optname) {
517 case BT_SECURITY:
518 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
519 chan->chan_type != L2CAP_CHAN_FIXED &&
520 chan->chan_type != L2CAP_CHAN_RAW) {
521 err = -EINVAL;
522 break;
523 }
524
525 memset(&sec, 0, sizeof(sec));
526 if (chan->conn) {
527 sec.level = chan->conn->hcon->sec_level;
528
529 if (sk->sk_state == BT_CONNECTED)
530 sec.key_size = chan->conn->hcon->enc_key_size;
531 } else {
532 sec.level = chan->sec_level;
533 }
534
535 len = min_t(unsigned int, len, sizeof(sec));
536 if (copy_to_user(optval, (char *) &sec, len))
537 err = -EFAULT;
538
539 break;
540
541 case BT_DEFER_SETUP:
542 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
543 err = -EINVAL;
544 break;
545 }
546
547 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
548 (u32 __user *) optval))
549 err = -EFAULT;
550
551 break;
552
553 case BT_FLUSHABLE:
554 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
555 (u32 __user *) optval))
556 err = -EFAULT;
557
558 break;
559
560 case BT_POWER:
561 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
562 && sk->sk_type != SOCK_RAW) {
563 err = -EINVAL;
564 break;
565 }
566
567 pwr.force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
568
569 len = min_t(unsigned int, len, sizeof(pwr));
570 if (copy_to_user(optval, (char *) &pwr, len))
571 err = -EFAULT;
572
573 break;
574
575 case BT_CHANNEL_POLICY:
576 if (put_user(chan->chan_policy, (u32 __user *) optval))
577 err = -EFAULT;
578 break;
579
580 case BT_SNDMTU:
581 if (!bdaddr_type_is_le(chan->src_type)) {
582 err = -EINVAL;
583 break;
584 }
585
586 if (sk->sk_state != BT_CONNECTED) {
587 err = -ENOTCONN;
588 break;
589 }
590
591 if (put_user(chan->omtu, (u16 __user *) optval))
592 err = -EFAULT;
593 break;
594
595 case BT_RCVMTU:
596 if (!bdaddr_type_is_le(chan->src_type)) {
597 err = -EINVAL;
598 break;
599 }
600
601 if (put_user(chan->imtu, (u16 __user *) optval))
602 err = -EFAULT;
603 break;
604
605 default:
606 err = -ENOPROTOOPT;
607 break;
608 }
609
610 release_sock(sk);
611 return err;
612}
613
614static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
615{
616 switch (chan->scid) {
617 case L2CAP_CID_ATT:
618 if (mtu < L2CAP_LE_MIN_MTU)
619 return false;
620 break;
621
622 default:
623 if (mtu < L2CAP_DEFAULT_MIN_MTU)
624 return false;
625 }
626
627 return true;
628}
629
630static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
631 char __user *optval, unsigned int optlen)
632{
633 struct sock *sk = sock->sk;
634 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
635 struct l2cap_options opts;
636 int len, err = 0;
637 u32 opt;
638
639 BT_DBG("sk %p", sk);
640
641 lock_sock(sk);
642
643 switch (optname) {
644 case L2CAP_OPTIONS:
645 if (bdaddr_type_is_le(chan->src_type)) {
646 err = -EINVAL;
647 break;
648 }
649
650 if (sk->sk_state == BT_CONNECTED) {
651 err = -EINVAL;
652 break;
653 }
654
655 opts.imtu = chan->imtu;
656 opts.omtu = chan->omtu;
657 opts.flush_to = chan->flush_to;
658 opts.mode = chan->mode;
659 opts.fcs = chan->fcs;
660 opts.max_tx = chan->max_tx;
661 opts.txwin_size = chan->tx_win;
662
663 len = min_t(unsigned int, sizeof(opts), optlen);
664 if (copy_from_user((char *) &opts, optval, len)) {
665 err = -EFAULT;
666 break;
667 }
668
669 if (opts.txwin_size > L2CAP_DEFAULT_EXT_WINDOW) {
670 err = -EINVAL;
671 break;
672 }
673
674 if (!l2cap_valid_mtu(chan, opts.imtu)) {
675 err = -EINVAL;
676 break;
677 }
678
679 chan->mode = opts.mode;
680 switch (chan->mode) {
681 case L2CAP_MODE_LE_FLOWCTL:
682 break;
683 case L2CAP_MODE_BASIC:
684 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
685 break;
686 case L2CAP_MODE_ERTM:
687 case L2CAP_MODE_STREAMING:
688 if (!disable_ertm)
689 break;
690
691 default:
692 err = -EINVAL;
693 break;
694 }
695
696 chan->imtu = opts.imtu;
697 chan->omtu = opts.omtu;
698 chan->fcs = opts.fcs;
699 chan->max_tx = opts.max_tx;
700 chan->tx_win = opts.txwin_size;
701 chan->flush_to = opts.flush_to;
702 break;
703
704 case L2CAP_LM:
705 if (get_user(opt, (u32 __user *) optval)) {
706 err = -EFAULT;
707 break;
708 }
709
710 if (opt & L2CAP_LM_FIPS) {
711 err = -EINVAL;
712 break;
713 }
714
715 if (opt & L2CAP_LM_AUTH)
716 chan->sec_level = BT_SECURITY_LOW;
717 if (opt & L2CAP_LM_ENCRYPT)
718 chan->sec_level = BT_SECURITY_MEDIUM;
719 if (opt & L2CAP_LM_SECURE)
720 chan->sec_level = BT_SECURITY_HIGH;
721
722 if (opt & L2CAP_LM_MASTER)
723 set_bit(FLAG_ROLE_SWITCH, &chan->flags);
724 else
725 clear_bit(FLAG_ROLE_SWITCH, &chan->flags);
726
727 if (opt & L2CAP_LM_RELIABLE)
728 set_bit(FLAG_FORCE_RELIABLE, &chan->flags);
729 else
730 clear_bit(FLAG_FORCE_RELIABLE, &chan->flags);
731 break;
732
733 default:
734 err = -ENOPROTOOPT;
735 break;
736 }
737
738 release_sock(sk);
739 return err;
740}
741
742static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
743 char __user *optval, unsigned int optlen)
744{
745 struct sock *sk = sock->sk;
746 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
747 struct bt_security sec;
748 struct bt_power pwr;
749 struct l2cap_conn *conn;
750 int len, err = 0;
751 u32 opt;
752
753 BT_DBG("sk %p", sk);
754
755 if (level == SOL_L2CAP)
756 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
757
758 if (level != SOL_BLUETOOTH)
759 return -ENOPROTOOPT;
760
761 lock_sock(sk);
762
763 switch (optname) {
764 case BT_SECURITY:
765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
766 chan->chan_type != L2CAP_CHAN_FIXED &&
767 chan->chan_type != L2CAP_CHAN_RAW) {
768 err = -EINVAL;
769 break;
770 }
771
772 sec.level = BT_SECURITY_LOW;
773
774 len = min_t(unsigned int, sizeof(sec), optlen);
775 if (copy_from_user((char *) &sec, optval, len)) {
776 err = -EFAULT;
777 break;
778 }
779
780 if (sec.level < BT_SECURITY_LOW ||
781 sec.level > BT_SECURITY_FIPS) {
782 err = -EINVAL;
783 break;
784 }
785
786 chan->sec_level = sec.level;
787
788 if (!chan->conn)
789 break;
790
791 conn = chan->conn;
792
793
794 if (chan->scid == L2CAP_CID_ATT) {
795 if (smp_conn_security(conn->hcon, sec.level))
796 break;
797 set_bit(FLAG_PENDING_SECURITY, &chan->flags);
798 sk->sk_state = BT_CONFIG;
799 chan->state = BT_CONFIG;
800
801
802 } else if ((sk->sk_state == BT_CONNECT2 &&
803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
804 sk->sk_state == BT_CONNECTED) {
805 if (!l2cap_chan_check_security(chan, true))
806 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
807 else
808 sk->sk_state_change(sk);
809 } else {
810 err = -EINVAL;
811 }
812 break;
813
814 case BT_DEFER_SETUP:
815 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
816 err = -EINVAL;
817 break;
818 }
819
820 if (get_user(opt, (u32 __user *) optval)) {
821 err = -EFAULT;
822 break;
823 }
824
825 if (opt) {
826 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
827 set_bit(FLAG_DEFER_SETUP, &chan->flags);
828 } else {
829 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
830 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
831 }
832 break;
833
834 case BT_FLUSHABLE:
835 if (get_user(opt, (u32 __user *) optval)) {
836 err = -EFAULT;
837 break;
838 }
839
840 if (opt > BT_FLUSHABLE_ON) {
841 err = -EINVAL;
842 break;
843 }
844
845 if (opt == BT_FLUSHABLE_OFF) {
846 conn = chan->conn;
847
848
849 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
850 err = -EINVAL;
851 break;
852 }
853 }
854
855 if (opt)
856 set_bit(FLAG_FLUSHABLE, &chan->flags);
857 else
858 clear_bit(FLAG_FLUSHABLE, &chan->flags);
859 break;
860
861 case BT_POWER:
862 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
863 chan->chan_type != L2CAP_CHAN_RAW) {
864 err = -EINVAL;
865 break;
866 }
867
868 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
869
870 len = min_t(unsigned int, sizeof(pwr), optlen);
871 if (copy_from_user((char *) &pwr, optval, len)) {
872 err = -EFAULT;
873 break;
874 }
875
876 if (pwr.force_active)
877 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
878 else
879 clear_bit(FLAG_FORCE_ACTIVE, &chan->flags);
880 break;
881
882 case BT_CHANNEL_POLICY:
883 if (get_user(opt, (u32 __user *) optval)) {
884 err = -EFAULT;
885 break;
886 }
887
888 if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) {
889 err = -EINVAL;
890 break;
891 }
892
893 if (chan->mode != L2CAP_MODE_ERTM &&
894 chan->mode != L2CAP_MODE_STREAMING) {
895 err = -EOPNOTSUPP;
896 break;
897 }
898
899 chan->chan_policy = (u8) opt;
900
901 if (sk->sk_state == BT_CONNECTED &&
902 chan->move_role == L2CAP_MOVE_ROLE_NONE)
903 l2cap_move_start(chan);
904
905 break;
906
907 case BT_SNDMTU:
908 if (!bdaddr_type_is_le(chan->src_type)) {
909 err = -EINVAL;
910 break;
911 }
912
913
914
915
916 err = -EPERM;
917 break;
918
919 case BT_RCVMTU:
920 if (!bdaddr_type_is_le(chan->src_type)) {
921 err = -EINVAL;
922 break;
923 }
924
925 if (sk->sk_state == BT_CONNECTED) {
926 err = -EISCONN;
927 break;
928 }
929
930 if (get_user(opt, (u16 __user *) optval)) {
931 err = -EFAULT;
932 break;
933 }
934
935 chan->imtu = opt;
936 break;
937
938 default:
939 err = -ENOPROTOOPT;
940 break;
941 }
942
943 release_sock(sk);
944 return err;
945}
946
947static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg,
948 size_t len)
949{
950 struct sock *sk = sock->sk;
951 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
952 int err;
953
954 BT_DBG("sock %p, sk %p", sock, sk);
955
956 err = sock_error(sk);
957 if (err)
958 return err;
959
960 if (msg->msg_flags & MSG_OOB)
961 return -EOPNOTSUPP;
962
963 if (sk->sk_state != BT_CONNECTED)
964 return -ENOTCONN;
965
966 lock_sock(sk);
967 err = bt_sock_wait_ready(sk, msg->msg_flags);
968 release_sock(sk);
969 if (err)
970 return err;
971
972 l2cap_chan_lock(chan);
973 err = l2cap_chan_send(chan, msg, len);
974 l2cap_chan_unlock(chan);
975
976 return err;
977}
978
979static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg,
980 size_t len, int flags)
981{
982 struct sock *sk = sock->sk;
983 struct l2cap_pinfo *pi = l2cap_pi(sk);
984 int err;
985
986 lock_sock(sk);
987
988 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
989 &bt_sk(sk)->flags)) {
990 if (bdaddr_type_is_le(pi->chan->src_type)) {
991 sk->sk_state = BT_CONNECTED;
992 pi->chan->state = BT_CONNECTED;
993 __l2cap_le_connect_rsp_defer(pi->chan);
994 } else {
995 sk->sk_state = BT_CONFIG;
996 pi->chan->state = BT_CONFIG;
997 __l2cap_connect_rsp_defer(pi->chan);
998 }
999
1000 err = 0;
1001 goto done;
1002 }
1003
1004 release_sock(sk);
1005
1006 if (sock->type == SOCK_STREAM)
1007 err = bt_sock_stream_recvmsg(sock, msg, len, flags);
1008 else
1009 err = bt_sock_recvmsg(sock, msg, len, flags);
1010
1011 if (pi->chan->mode != L2CAP_MODE_ERTM)
1012 return err;
1013
1014
1015
1016 lock_sock(sk);
1017
1018 if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state))
1019 goto done;
1020
1021 if (pi->rx_busy_skb) {
1022 if (!__sock_queue_rcv_skb(sk, pi->rx_busy_skb))
1023 pi->rx_busy_skb = NULL;
1024 else
1025 goto done;
1026 }
1027
1028
1029
1030
1031
1032 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1)
1033 l2cap_chan_busy(pi->chan, 0);
1034
1035done:
1036 release_sock(sk);
1037 return err;
1038}
1039
1040
1041
1042
1043static void l2cap_sock_kill(struct sock *sk)
1044{
1045 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
1046 return;
1047
1048 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
1049
1050
1051
1052 l2cap_chan_put(l2cap_pi(sk)->chan);
1053 sock_set_flag(sk, SOCK_DEAD);
1054 sock_put(sk);
1055}
1056
1057static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
1058{
1059 DECLARE_WAITQUEUE(wait, current);
1060 int err = 0;
1061 int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1062
1063 unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
1064
1065 add_wait_queue(sk_sleep(sk), &wait);
1066 set_current_state(TASK_INTERRUPTIBLE);
1067 do {
1068 BT_DBG("Waiting for %d ACKs, timeout %04d ms",
1069 chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
1070 jiffies_to_msecs(timeout - jiffies));
1071
1072 if (!timeo)
1073 timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
1074
1075 if (signal_pending(current)) {
1076 err = sock_intr_errno(timeo);
1077 break;
1078 }
1079
1080 release_sock(sk);
1081 timeo = schedule_timeout(timeo);
1082 lock_sock(sk);
1083 set_current_state(TASK_INTERRUPTIBLE);
1084
1085 err = sock_error(sk);
1086 if (err)
1087 break;
1088
1089 if (time_after(jiffies, timeout)) {
1090 err = -ENOLINK;
1091 break;
1092 }
1093
1094 } while (chan->unacked_frames > 0 &&
1095 chan->state == BT_CONNECTED);
1096
1097 set_current_state(TASK_RUNNING);
1098 remove_wait_queue(sk_sleep(sk), &wait);
1099 return err;
1100}
1101
1102static int l2cap_sock_shutdown(struct socket *sock, int how)
1103{
1104 struct sock *sk = sock->sk;
1105 struct l2cap_chan *chan;
1106 struct l2cap_conn *conn;
1107 int err = 0;
1108
1109 BT_DBG("sock %p, sk %p", sock, sk);
1110
1111 if (!sk)
1112 return 0;
1113
1114 lock_sock(sk);
1115
1116 if (sk->sk_shutdown)
1117 goto shutdown_already;
1118
1119 BT_DBG("Handling sock shutdown");
1120
1121
1122 sock_hold(sk);
1123
1124 chan = l2cap_pi(sk)->chan;
1125
1126 l2cap_chan_hold(chan);
1127
1128 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1129
1130 if (chan->mode == L2CAP_MODE_ERTM &&
1131 chan->unacked_frames > 0 &&
1132 chan->state == BT_CONNECTED) {
1133 err = __l2cap_wait_ack(sk, chan);
1134
1135
1136
1137
1138
1139 if (sk->sk_shutdown)
1140 goto has_shutdown;
1141 }
1142
1143 sk->sk_shutdown = SHUTDOWN_MASK;
1144 release_sock(sk);
1145
1146 l2cap_chan_lock(chan);
1147 conn = chan->conn;
1148 if (conn)
1149
1150 l2cap_conn_get(conn);
1151 l2cap_chan_unlock(chan);
1152
1153 if (conn)
1154
1155 mutex_lock(&conn->chan_lock);
1156
1157 l2cap_chan_lock(chan);
1158 l2cap_chan_close(chan, 0);
1159 l2cap_chan_unlock(chan);
1160
1161 if (conn) {
1162 mutex_unlock(&conn->chan_lock);
1163 l2cap_conn_put(conn);
1164 }
1165
1166 lock_sock(sk);
1167
1168 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1169 !(current->flags & PF_EXITING))
1170 err = bt_sock_wait_state(sk, BT_CLOSED,
1171 sk->sk_lingertime);
1172
1173has_shutdown:
1174 l2cap_chan_put(chan);
1175 sock_put(sk);
1176
1177shutdown_already:
1178 if (!err && sk->sk_err)
1179 err = -sk->sk_err;
1180
1181 release_sock(sk);
1182
1183 BT_DBG("Sock shutdown complete err: %d", err);
1184
1185 return err;
1186}
1187
1188static int l2cap_sock_release(struct socket *sock)
1189{
1190 struct sock *sk = sock->sk;
1191 int err;
1192
1193 BT_DBG("sock %p, sk %p", sock, sk);
1194
1195 if (!sk)
1196 return 0;
1197
1198 bt_sock_unlink(&l2cap_sk_list, sk);
1199
1200 err = l2cap_sock_shutdown(sock, 2);
1201
1202 sock_orphan(sk);
1203 l2cap_sock_kill(sk);
1204 return err;
1205}
1206
1207static void l2cap_sock_cleanup_listen(struct sock *parent)
1208{
1209 struct sock *sk;
1210
1211 BT_DBG("parent %p state %s", parent,
1212 state_to_string(parent->sk_state));
1213
1214
1215 while ((sk = bt_accept_dequeue(parent, NULL))) {
1216 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1217
1218 BT_DBG("child chan %p state %s", chan,
1219 state_to_string(chan->state));
1220
1221 l2cap_chan_lock(chan);
1222 __clear_chan_timer(chan);
1223 l2cap_chan_close(chan, ECONNRESET);
1224 l2cap_chan_unlock(chan);
1225
1226 l2cap_sock_kill(sk);
1227 }
1228}
1229
1230static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
1231{
1232 struct sock *sk, *parent = chan->data;
1233
1234 lock_sock(parent);
1235
1236
1237 if (sk_acceptq_is_full(parent)) {
1238 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1239 release_sock(parent);
1240 return NULL;
1241 }
1242
1243 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
1244 GFP_ATOMIC, 0);
1245 if (!sk) {
1246 release_sock(parent);
1247 return NULL;
1248 }
1249
1250 bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
1251
1252 l2cap_sock_init(sk, parent);
1253
1254 bt_accept_enqueue(parent, sk);
1255
1256 release_sock(parent);
1257
1258 return l2cap_pi(sk)->chan;
1259}
1260
1261static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
1262{
1263 struct sock *sk = chan->data;
1264 int err;
1265
1266 lock_sock(sk);
1267
1268 if (l2cap_pi(sk)->rx_busy_skb) {
1269 err = -ENOMEM;
1270 goto done;
1271 }
1272
1273 if (chan->mode != L2CAP_MODE_ERTM &&
1274 chan->mode != L2CAP_MODE_STREAMING) {
1275
1276
1277
1278 err = sk_filter(sk, skb);
1279 if (err)
1280 goto done;
1281 }
1282
1283 err = __sock_queue_rcv_skb(sk, skb);
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
1295 l2cap_pi(sk)->rx_busy_skb = skb;
1296 l2cap_chan_busy(chan, 1);
1297 err = 0;
1298 }
1299
1300done:
1301 release_sock(sk);
1302
1303 return err;
1304}
1305
1306static void l2cap_sock_close_cb(struct l2cap_chan *chan)
1307{
1308 struct sock *sk = chan->data;
1309
1310 l2cap_sock_kill(sk);
1311}
1312
1313static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
1314{
1315 struct sock *sk = chan->data;
1316 struct sock *parent;
1317
1318 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
1319
1320
1321
1322
1323
1324
1325
1326
1327 lock_sock_nested(sk, atomic_read(&chan->nesting));
1328
1329 parent = bt_sk(sk)->parent;
1330
1331 sock_set_flag(sk, SOCK_ZAPPED);
1332
1333 switch (chan->state) {
1334 case BT_OPEN:
1335 case BT_BOUND:
1336 case BT_CLOSED:
1337 break;
1338 case BT_LISTEN:
1339 l2cap_sock_cleanup_listen(sk);
1340 sk->sk_state = BT_CLOSED;
1341 chan->state = BT_CLOSED;
1342
1343 break;
1344 default:
1345 sk->sk_state = BT_CLOSED;
1346 chan->state = BT_CLOSED;
1347
1348 sk->sk_err = err;
1349
1350 if (parent) {
1351 bt_accept_unlink(sk);
1352 parent->sk_data_ready(parent);
1353 } else {
1354 sk->sk_state_change(sk);
1355 }
1356
1357 break;
1358 }
1359
1360 release_sock(sk);
1361}
1362
1363static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
1364 int err)
1365{
1366 struct sock *sk = chan->data;
1367
1368 sk->sk_state = state;
1369
1370 if (err)
1371 sk->sk_err = err;
1372}
1373
1374static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
1375 unsigned long hdr_len,
1376 unsigned long len, int nb)
1377{
1378 struct sock *sk = chan->data;
1379 struct sk_buff *skb;
1380 int err;
1381
1382 l2cap_chan_unlock(chan);
1383 skb = bt_skb_send_alloc(sk, hdr_len + len, nb, &err);
1384 l2cap_chan_lock(chan);
1385
1386 if (!skb)
1387 return ERR_PTR(err);
1388
1389 skb->priority = sk->sk_priority;
1390
1391 bt_cb(skb)->l2cap.chan = chan;
1392
1393 return skb;
1394}
1395
1396static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1397{
1398 struct sock *sk = chan->data;
1399 struct sock *parent;
1400
1401 lock_sock(sk);
1402
1403 parent = bt_sk(sk)->parent;
1404
1405 BT_DBG("sk %p, parent %p", sk, parent);
1406
1407 sk->sk_state = BT_CONNECTED;
1408 sk->sk_state_change(sk);
1409
1410 if (parent)
1411 parent->sk_data_ready(parent);
1412
1413 release_sock(sk);
1414}
1415
1416static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1417{
1418 struct sock *parent, *sk = chan->data;
1419
1420 lock_sock(sk);
1421
1422 parent = bt_sk(sk)->parent;
1423 if (parent)
1424 parent->sk_data_ready(parent);
1425
1426 release_sock(sk);
1427}
1428
1429static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1430{
1431 struct sock *sk = chan->data;
1432
1433 if (test_and_clear_bit(FLAG_PENDING_SECURITY, &chan->flags)) {
1434 sk->sk_state = BT_CONNECTED;
1435 chan->state = BT_CONNECTED;
1436 }
1437
1438 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1439 sk->sk_state_change(sk);
1440}
1441
1442static void l2cap_sock_set_shutdown_cb(struct l2cap_chan *chan)
1443{
1444 struct sock *sk = chan->data;
1445
1446 lock_sock(sk);
1447 sk->sk_shutdown = SHUTDOWN_MASK;
1448 release_sock(sk);
1449}
1450
1451static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1452{
1453 struct sock *sk = chan->data;
1454
1455 return sk->sk_sndtimeo;
1456}
1457
1458static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1459{
1460 struct sock *sk = chan->data;
1461
1462 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1463 sk->sk_state_change(sk);
1464}
1465
1466static const struct l2cap_ops l2cap_chan_ops = {
1467 .name = "L2CAP Socket Interface",
1468 .new_connection = l2cap_sock_new_connection_cb,
1469 .recv = l2cap_sock_recv_cb,
1470 .close = l2cap_sock_close_cb,
1471 .teardown = l2cap_sock_teardown_cb,
1472 .state_change = l2cap_sock_state_change_cb,
1473 .ready = l2cap_sock_ready_cb,
1474 .defer = l2cap_sock_defer_cb,
1475 .resume = l2cap_sock_resume_cb,
1476 .suspend = l2cap_sock_suspend_cb,
1477 .set_shutdown = l2cap_sock_set_shutdown_cb,
1478 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1479 .alloc_skb = l2cap_sock_alloc_skb_cb,
1480};
1481
1482static void l2cap_sock_destruct(struct sock *sk)
1483{
1484 BT_DBG("sk %p", sk);
1485
1486 if (l2cap_pi(sk)->chan)
1487 l2cap_chan_put(l2cap_pi(sk)->chan);
1488
1489 if (l2cap_pi(sk)->rx_busy_skb) {
1490 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1491 l2cap_pi(sk)->rx_busy_skb = NULL;
1492 }
1493
1494 skb_queue_purge(&sk->sk_receive_queue);
1495 skb_queue_purge(&sk->sk_write_queue);
1496}
1497
1498static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1499 int *msg_namelen)
1500{
1501 DECLARE_SOCKADDR(struct sockaddr_l2 *, la, msg_name);
1502
1503 memset(la, 0, sizeof(struct sockaddr_l2));
1504 la->l2_family = AF_BLUETOOTH;
1505 la->l2_psm = bt_cb(skb)->l2cap.psm;
1506 bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1507
1508 *msg_namelen = sizeof(struct sockaddr_l2);
1509}
1510
1511static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1512{
1513 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1514
1515 BT_DBG("sk %p", sk);
1516
1517 if (parent) {
1518 struct l2cap_chan *pchan = l2cap_pi(parent)->chan;
1519
1520 sk->sk_type = parent->sk_type;
1521 bt_sk(sk)->flags = bt_sk(parent)->flags;
1522
1523 chan->chan_type = pchan->chan_type;
1524 chan->imtu = pchan->imtu;
1525 chan->omtu = pchan->omtu;
1526 chan->conf_state = pchan->conf_state;
1527 chan->mode = pchan->mode;
1528 chan->fcs = pchan->fcs;
1529 chan->max_tx = pchan->max_tx;
1530 chan->tx_win = pchan->tx_win;
1531 chan->tx_win_max = pchan->tx_win_max;
1532 chan->sec_level = pchan->sec_level;
1533 chan->flags = pchan->flags;
1534 chan->tx_credits = pchan->tx_credits;
1535 chan->rx_credits = pchan->rx_credits;
1536
1537 if (chan->chan_type == L2CAP_CHAN_FIXED) {
1538 chan->scid = pchan->scid;
1539 chan->dcid = pchan->scid;
1540 }
1541
1542 security_sk_clone(parent, sk);
1543 } else {
1544 switch (sk->sk_type) {
1545 case SOCK_RAW:
1546 chan->chan_type = L2CAP_CHAN_RAW;
1547 break;
1548 case SOCK_DGRAM:
1549 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1550 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1551 break;
1552 case SOCK_SEQPACKET:
1553 case SOCK_STREAM:
1554 chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
1555 break;
1556 }
1557
1558 chan->imtu = L2CAP_DEFAULT_MTU;
1559 chan->omtu = 0;
1560 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
1561 chan->mode = L2CAP_MODE_ERTM;
1562 set_bit(CONF_STATE2_DEVICE, &chan->conf_state);
1563 } else {
1564 chan->mode = L2CAP_MODE_BASIC;
1565 }
1566
1567 l2cap_chan_set_defaults(chan);
1568 }
1569
1570
1571 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
1572
1573 chan->data = sk;
1574 chan->ops = &l2cap_chan_ops;
1575}
1576
1577static struct proto l2cap_proto = {
1578 .name = "L2CAP",
1579 .owner = THIS_MODULE,
1580 .obj_size = sizeof(struct l2cap_pinfo)
1581};
1582
1583static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1584 int proto, gfp_t prio, int kern)
1585{
1586 struct sock *sk;
1587 struct l2cap_chan *chan;
1588
1589 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1590 if (!sk)
1591 return NULL;
1592
1593 sock_init_data(sock, sk);
1594 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1595
1596 sk->sk_destruct = l2cap_sock_destruct;
1597 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1598
1599 sock_reset_flag(sk, SOCK_ZAPPED);
1600
1601 sk->sk_protocol = proto;
1602 sk->sk_state = BT_OPEN;
1603
1604 chan = l2cap_chan_create();
1605 if (!chan) {
1606 sk_free(sk);
1607 return NULL;
1608 }
1609
1610 l2cap_chan_hold(chan);
1611
1612 l2cap_pi(sk)->chan = chan;
1613
1614 return sk;
1615}
1616
1617static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1618 int kern)
1619{
1620 struct sock *sk;
1621
1622 BT_DBG("sock %p", sock);
1623
1624 sock->state = SS_UNCONNECTED;
1625
1626 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1627 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1628 return -ESOCKTNOSUPPORT;
1629
1630 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1631 return -EPERM;
1632
1633 sock->ops = &l2cap_sock_ops;
1634
1635 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
1636 if (!sk)
1637 return -ENOMEM;
1638
1639 l2cap_sock_init(sk, NULL);
1640 bt_sock_link(&l2cap_sk_list, sk);
1641 return 0;
1642}
1643
1644static const struct proto_ops l2cap_sock_ops = {
1645 .family = PF_BLUETOOTH,
1646 .owner = THIS_MODULE,
1647 .release = l2cap_sock_release,
1648 .bind = l2cap_sock_bind,
1649 .connect = l2cap_sock_connect,
1650 .listen = l2cap_sock_listen,
1651 .accept = l2cap_sock_accept,
1652 .getname = l2cap_sock_getname,
1653 .sendmsg = l2cap_sock_sendmsg,
1654 .recvmsg = l2cap_sock_recvmsg,
1655 .poll = bt_sock_poll,
1656 .ioctl = bt_sock_ioctl,
1657 .mmap = sock_no_mmap,
1658 .socketpair = sock_no_socketpair,
1659 .shutdown = l2cap_sock_shutdown,
1660 .setsockopt = l2cap_sock_setsockopt,
1661 .getsockopt = l2cap_sock_getsockopt
1662};
1663
1664static const struct net_proto_family l2cap_sock_family_ops = {
1665 .family = PF_BLUETOOTH,
1666 .owner = THIS_MODULE,
1667 .create = l2cap_sock_create,
1668};
1669
1670int __init l2cap_init_sockets(void)
1671{
1672 int err;
1673
1674 BUILD_BUG_ON(sizeof(struct sockaddr_l2) > sizeof(struct sockaddr));
1675
1676 err = proto_register(&l2cap_proto, 0);
1677 if (err < 0)
1678 return err;
1679
1680 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
1681 if (err < 0) {
1682 BT_ERR("L2CAP socket registration failed");
1683 goto error;
1684 }
1685
1686 err = bt_procfs_init(&init_net, "l2cap", &l2cap_sk_list,
1687 NULL);
1688 if (err < 0) {
1689 BT_ERR("Failed to create L2CAP proc file");
1690 bt_sock_unregister(BTPROTO_L2CAP);
1691 goto error;
1692 }
1693
1694 BT_INFO("L2CAP socket layer initialized");
1695
1696 return 0;
1697
1698error:
1699 proto_unregister(&l2cap_proto);
1700 return err;
1701}
1702
1703void l2cap_cleanup_sockets(void)
1704{
1705 bt_procfs_cleanup(&init_net, "l2cap");
1706 bt_sock_unregister(BTPROTO_L2CAP);
1707 proto_unregister(&l2cap_proto);
1708}
1709